From: Sylvain Desbureaux Date: Fri, 9 Oct 2020 06:18:11 +0000 (+0000) Subject: Merge "[Portal] Added Logging Compliance Specification Details" X-Git-Tag: 7.0.0~157 X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=5f858f590bcca6fa5c382bd4db0fc3f084452026;hp=ccf5f0dc68dc95c9fcfcb24c59236672ef3a9617;p=oom.git Merge "[Portal] Added Logging Compliance Specification Details" --- diff --git a/kubernetes/a1policymanagement/values.yaml b/kubernetes/a1policymanagement/values.yaml index 827a51de93..ac26f9b575 100644 --- a/kubernetes/a1policymanagement/values.yaml +++ b/kubernetes/a1policymanagement/values.yaml @@ -30,7 +30,7 @@ secrets: passwordPolicy: required repository: nexus3.onap.org:10001 -image: onap/ccsdk-oran-a1policymanagementservice:1.0.0 +image: onap/ccsdk-oran-a1policymanagementservice:1.1.0 pullPolicy: IfNotPresent replicaCount: 1 diff --git a/kubernetes/aai b/kubernetes/aai index 9449707421..628ecd0d51 160000 --- a/kubernetes/aai +++ b/kubernetes/aai @@ -1 +1 @@ -Subproject commit 944970742185cccb73110875d1b4ad9f7305337f +Subproject commit 628ecd0d519acc6b4717d05aa12fd4f7b7dfc55f diff --git a/kubernetes/clamp/components/clamp-backend/resources/config/application.properties b/kubernetes/clamp/components/clamp-backend/resources/config/application.properties index b2cee395b9..5bea37aaa3 100644 --- a/kubernetes/clamp/components/clamp-backend/resources/config/application.properties +++ b/kubernetes/clamp/components/clamp-backend/resources/config/application.properties @@ -43,7 +43,7 @@ server.ssl.trust-store-password=${cadi_truststore_password} spring.datasource.username=${MYSQL_USER} spring.datasource.password=${MYSQL_PASSWORD} spring.datasource.url=jdbc:mariadb:sequential://clampdb.{{ include "common.namespace" . }}:3306/${MYSQL_DATABASE}?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3 -spring.profiles.active=clamp-default,clamp-aaf-authentication,clamp-sdc-controller,clamp-ssl-config,clamp-policy-controller,legacy-operational-policy,default-dictionary-elements +spring.profiles.active=clamp-default,clamp-aaf-authentication,clamp-sdc-controller,clamp-ssl-config,clamp-policy-controller,default-dictionary-elements #The log folder that will be used in logback.xml file clamp.config.files.sdcController=file:/opt/clamp/sdc-controllers-config.json @@ -66,4 +66,4 @@ clamp.config.dcae.deployment.userName=none clamp.config.dcae.deployment.password=none #AAF related parameters -clamp.config.cadi.aafLocateUrl=https://aaf-locate.{{ include "common.namespace" . }}:8095 \ No newline at end of file +clamp.config.cadi.aafLocateUrl=https://aaf-locate.{{ include "common.namespace" . }}:8095 diff --git a/kubernetes/clamp/components/clamp-backend/values.yaml b/kubernetes/clamp/components/clamp-backend/values.yaml index a6d5ca0b4c..97eebeb187 100644 --- a/kubernetes/clamp/components/clamp-backend/values.yaml +++ b/kubernetes/clamp/components/clamp-backend/values.yaml @@ -66,7 +66,7 @@ flavor: small # application image repository: nexus3.onap.org:10001 -image: onap/clamp-backend:5.1.0 +image: onap/clamp-backend:5.1.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/clamp/components/clamp-dash-es/values.yaml b/kubernetes/clamp/components/clamp-dash-es/values.yaml index a4ff555e83..04580a0354 100644 --- a/kubernetes/clamp/components/clamp-dash-es/values.yaml +++ b/kubernetes/clamp/components/clamp-dash-es/values.yaml @@ -70,7 +70,7 @@ busyboxImage: library/busybox:latest # application image repository: nexus3.onap.org:10001 -image: onap/clamp-dashboard-elasticsearch:5.0.3 +image: onap/clamp-dashboard-elasticsearch:5.0.4 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/clamp/components/clamp-dash-kibana/values.yaml b/kubernetes/clamp/components/clamp-dash-kibana/values.yaml index 73cf1bdff7..37dae0ffb1 100644 --- a/kubernetes/clamp/components/clamp-dash-kibana/values.yaml +++ b/kubernetes/clamp/components/clamp-dash-kibana/values.yaml @@ -71,7 +71,7 @@ busyboxImage: library/busybox:latest # application image repository: nexus3.onap.org:10001 -image: onap/clamp-dashboard-kibana:5.0.3 +image: onap/clamp-dashboard-kibana:5.0.4 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/clamp/components/clamp-dash-logstash/resources/config/pipeline.conf b/kubernetes/clamp/components/clamp-dash-logstash/resources/config/pipeline.conf index 2364e5548a..87c8f06e42 100644 --- a/kubernetes/clamp/components/clamp-dash-logstash/resources/config/pipeline.conf +++ b/kubernetes/clamp/components/clamp-dash-logstash/resources/config/pipeline.conf @@ -221,6 +221,7 @@ output { if "error" in [tags] { elasticsearch { + ilm_enabled => false codec => "json" {{- if .Values.global.aafEnabled }} cacert => "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }}" @@ -237,6 +238,7 @@ output { } else if "event-cl-aggs" in [tags] { elasticsearch { + ilm_enabled => false codec => "json" hosts => ["${elasticsearch_base_url}"] {{- if .Values.global.aafEnabled }} @@ -255,6 +257,7 @@ output { } else { elasticsearch { + ilm_enabled => false codec => "json" hosts => ["${elasticsearch_base_url}"] {{- if .Values.global.aafEnabled }} diff --git a/kubernetes/clamp/components/clamp-dash-logstash/values.yaml b/kubernetes/clamp/components/clamp-dash-logstash/values.yaml index 8bccbcb92e..2b3c9f1712 100644 --- a/kubernetes/clamp/components/clamp-dash-logstash/values.yaml +++ b/kubernetes/clamp/components/clamp-dash-logstash/values.yaml @@ -67,7 +67,7 @@ flavor: small # application image repository: nexus3.onap.org:10001 -image: onap/clamp-dashboard-logstash:5.0.3 +image: onap/clamp-dashboard-logstash:5.0.4 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/clamp/values.yaml b/kubernetes/clamp/values.yaml index d180fbf729..7a7609955e 100644 --- a/kubernetes/clamp/values.yaml +++ b/kubernetes/clamp/values.yaml @@ -93,7 +93,7 @@ flavor: small # application image repository: nexus3.onap.org:10001 -image: onap/clamp-frontend:5.1.0 +image: onap/clamp-frontend:5.1.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/common/elasticsearch/components/data/values.yaml b/kubernetes/common/elasticsearch/components/data/values.yaml index 5624bee78b..a9e3d78ac1 100644 --- a/kubernetes/common/elasticsearch/components/data/values.yaml +++ b/kubernetes/common/elasticsearch/components/data/values.yaml @@ -46,7 +46,7 @@ service: - name: http-transport port: 9300 -image: bitnami/elasticsearch:6.8.6-debian-9-r23 +image: bitnami/elasticsearch:7.6.1 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images diff --git a/kubernetes/common/elasticsearch/components/master/values.yaml b/kubernetes/common/elasticsearch/components/master/values.yaml index 22c4987a98..23302335ea 100644 --- a/kubernetes/common/elasticsearch/components/master/values.yaml +++ b/kubernetes/common/elasticsearch/components/master/values.yaml @@ -43,7 +43,7 @@ replicaCount: 3 ## master acts as master only node, choose 'no' if no further data nodes are deployed) dedicatednode: "yes" ## dedicatednode: "no" -image: bitnami/elasticsearch:6.8.6-debian-9-r23 +image: bitnami/elasticsearch:7.6.1 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images diff --git a/kubernetes/common/elasticsearch/values.yaml b/kubernetes/common/elasticsearch/values.yaml index e6e532d168..31edcabfa1 100644 --- a/kubernetes/common/elasticsearch/values.yaml +++ b/kubernetes/common/elasticsearch/values.yaml @@ -40,7 +40,7 @@ sysctlImage: enabled: true # application image -image: bitnami/elasticsearch:6.8.6-debian-9-r23 +image: bitnami/elasticsearch:7.6.1 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images diff --git a/kubernetes/contrib/components/awx/charts/awx/templates/job.yaml b/kubernetes/contrib/components/awx/charts/awx/templates/job.yaml index 4d80c9e448..74c02bcd5f 100644 --- a/kubernetes/contrib/components/awx/charts/awx/templates/job.yaml +++ b/kubernetes/contrib/components/awx/charts/awx/templates/job.yaml @@ -37,7 +37,7 @@ spec: restartPolicy: Never initContainers: - name: {{ include "common.name" . }}-init-readiness - image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - /app/ready.py @@ -122,4 +122,4 @@ spec: name: {{ include "common.fullname" . }}-rabbitmq name: rabbitmq-config imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" \ No newline at end of file + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/contrib/components/awx/charts/awx/templates/statefulset.yaml b/kubernetes/contrib/components/awx/charts/awx/templates/statefulset.yaml index cfc517660a..6023bb4fdb 100644 --- a/kubernetes/contrib/components/awx/charts/awx/templates/statefulset.yaml +++ b/kubernetes/contrib/components/awx/charts/awx/templates/statefulset.yaml @@ -44,7 +44,7 @@ spec: initContainers: - name: {{ include "common.name" . }}-init-readiness - image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - /app/ready.py @@ -210,4 +210,4 @@ spec: name: {{ include "common.fullname" . }}-rabbitmq name: rabbitmq-config imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" \ No newline at end of file + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/contrib/components/awx/values.yaml b/kubernetes/contrib/components/awx/values.yaml index bf862b6b63..1ed35c2c23 100755 --- a/kubernetes/contrib/components/awx/values.yaml +++ b/kubernetes/contrib/components/awx/values.yaml @@ -16,6 +16,7 @@ # Global configuration defaults. ################################################################# global: + readinessRepository: nexus3.onap.org:10001 nodePortPrefixExt: 304 commonConfigPrefix: awx readinessImage: onap/oom/readiness:3.0.1 diff --git a/kubernetes/contrib/components/ejbca/values.yaml b/kubernetes/contrib/components/ejbca/values.yaml index 060dcd98a7..1a9a34bcd1 100644 --- a/kubernetes/contrib/components/ejbca/values.yaml +++ b/kubernetes/contrib/components/ejbca/values.yaml @@ -37,6 +37,7 @@ secrets: password: '{{ .Values.config.ejbca.clientIak }}' # application configuration +repository: nexus3.onap.org:10001 config: db: userName: ejbca diff --git a/kubernetes/contrib/components/netbox/charts/netbox-app/templates/job.yaml b/kubernetes/contrib/components/netbox/charts/netbox-app/templates/job.yaml index 2c4e668699..a1b8cf1aae 100644 --- a/kubernetes/contrib/components/netbox/charts/netbox-app/templates/job.yaml +++ b/kubernetes/contrib/components/netbox/charts/netbox-app/templates/job.yaml @@ -33,7 +33,7 @@ spec: restartPolicy: Never initContainers: - name: {{ include "common.name" . }}-init-readiness - image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - /app/ready.py diff --git a/kubernetes/contrib/components/netbox/values.yaml b/kubernetes/contrib/components/netbox/values.yaml index 0749d2d948..5dc4535ca3 100755 --- a/kubernetes/contrib/components/netbox/values.yaml +++ b/kubernetes/contrib/components/netbox/values.yaml @@ -16,6 +16,7 @@ # Global configuration defaults. ################################################################# global: + readinessRepository: nexus3.onap.org:10001 nodePortPrefixExt: 304 commonConfigPrefix: netbox readinessImage: onap/oom/readiness:3.0.1 diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-hv_ves-inputs.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-hv_ves-inputs.yaml index a0cbbbdba2..f571affec0 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-hv_ves-inputs.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-hv_ves-inputs.yaml @@ -1,6 +1,7 @@ #============LICENSE_START======================================================== #================================================================================= -# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2018-2019 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2020 Nokia. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,4 +20,9 @@ tag_version: {{ include "common.repository" . }}/{{ .Values.componentImages.hv_ves }} {{ end }} use_tls: true -security_ssl_disable: false \ No newline at end of file +security_ssl_disable: false +external_cert_ca_name: "RA" +external_cert_common_name: "dcae-hv-ves-collector" +external_cert_sans: "dcae-hv-ves-collector:hv-ves-collector:hv-ves" +external_cert_cert_type: "JKS" +external_cert_use_external_tls: false diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-tcagen2-inputs.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-tcagen2-inputs.yaml index 5074cb8a7f..02e4dd68fd 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-tcagen2-inputs.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-tcagen2-inputs.yaml @@ -19,4 +19,4 @@ tag_version: {{ include "common.repository" . }}/{{ .Values.componentImages.tcagen2 }} {{ end }} tca_handle_in_subscribe_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_MEASUREMENT_OUTPUT/" -tca_handle_out_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.TCAGEN2_OUTPUT/" +tca_handle_out_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.DCAE_CL_OUTPUT/" diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs-tls.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs-tls.yaml index 5a2a595ca6..4ff23b7b2d 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs-tls.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs-tls.yaml @@ -30,4 +30,13 @@ ves_fault_publish_url: "http://{{ .Values.config.address.message_router }}:3904/ ves_measurement_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_MEASUREMENT_OUTPUT/" ves_pnfRegistration_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_PNFREG_OUTPUT/" ves_notification_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_NOTIFICATION_OUTPUT/" +ves_3gpp_fault_supervision_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_FAULTSUPERVISION_OUTPUT/" +ves_3gpp_provisioning_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_PROVISIONING_OUTPUT/" +ves_3gpp_hearbeat_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_HEARTBEAT_OUTPUT/" +ves_3gpp_performance_assurance_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_PERFORMANCEASSURANCE_OUTPUT/" user_list: "sample1,$2a$10$0buh.2WeYwN868YMwnNNEuNEAMNYVU9.FSMJGyIKV3dGET/7oGOi6|demouser,$2a$10$1cc.COcqV/d3iT2N7BjPG.S6ZKv2jpb9a5MV.o7lMih/GpjJRX.Ce" +external_cert_ca_name: "RA" +external_cert_common_name: "dcae-ves-collector" +external_cert_sans: "dcae-ves-collector:ves-collector:ves" +external_cert_cert_type: "JKS" +external_cert_use_external_tls: false diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs.yaml index dda75dd874..0cbe71a224 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs.yaml @@ -31,3 +31,7 @@ ves_fault_publish_url: "http://{{ .Values.config.address.message_router }}:3904/ ves_measurement_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_MEASUREMENT_OUTPUT/" ves_pnfRegistration_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_PNFREG_OUTPUT/" ves_notification_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_NOTIFICATION_OUTPUT/" +ves_3gpp_fault_supervision_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_FAULTSUPERVISION_OUTPUT/" +ves_3gpp_provisioning_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_PROVISIONING_OUTPUT/" +ves_3gpp_hearbeat_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_HEARTBEAT_OUTPUT/" +ves_3gpp_performance_assurance_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_PERFORMANCEASSURANCE_OUTPUT/" \ No newline at end of file diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml index afacc26733..4d10bcc0c9 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml @@ -1,6 +1,6 @@ #============LICENSE_START======================================================== # ================================================================================ -# Copyright (c) 2017-2019 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2017-2020 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2018 Amdocs, Bell Canada # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); @@ -128,10 +128,7 @@ spec: - name: CMADDR value: {{ .Values.config.address.cm.host }} - name: CMPASS - valueFrom: - secretKeyRef: - name: {{ include "common.name" . }}-cmpass - key: password + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cm-pass" "key" "password") | indent 14}} - name: CMPROTO value: {{ .Values.config.address.cm.proto }} - name: CMPORT diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/secret.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/secret.yaml index 44395e48e8..6489659d86 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/secret.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/secret.yaml @@ -1,6 +1,6 @@ #============LICENSE_START======================================================== # ================================================================================ -# Copyright (c) 2017-2018 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2017-2020 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2018 Amdocs, Bell Canada # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); @@ -16,18 +16,4 @@ # limitations under the License. # ============LICENSE_END========================================================= -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.name" . }}-cmpass - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: - password: YWRtaW4= ---- {{ include "common.secretFast" . }} diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml index 6a1ed17ddf..f35a6863d4 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml @@ -36,6 +36,10 @@ secrets: externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "dcae-bootstrap-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}' password: '{{ .Values.postgres.config.pgRootpassword }}' policy: generate + - uid: 'cm-pass' + type: password + externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}' + password: '{{ .Values.config.cloudifyManagerPassword }}' config: logstashServiceName: log-ls @@ -104,7 +108,7 @@ mongo: # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:2.1.4 +image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:2.1.6 default_k8s_location: central # DCAE component images to be deployed via Cloudify Manager @@ -113,7 +117,7 @@ componentImages: holmes_rules: onap/holmes/rule-management:1.2.7 holmes_engine: onap/holmes/engine-management:1.2.6 tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.2.0 - ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.7.5 + ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.7.6 snmptrap: onap/org.onap.dcaegen2.collectors.snmptrap:1.4.0 prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.4 hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.5.0 diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml index 539d202c0f..428c7816cd 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml @@ -1,7 +1,8 @@ #============LICENSE_START======================================================== # ================================================================================ -# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2018 Amdocs, Bell Canada +# Copyright (c) 2020 J. F. Lucas. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -68,7 +69,6 @@ spec: - {{ include "common.namespace" . }} - --configmap - {{ .Values.multisiteConfigMapName }} - restartPolicy: Never - name: init-tls env: - name: POD_IP @@ -116,6 +116,7 @@ spec: port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} + timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} {{ end }} readinessProbe: exec: @@ -123,6 +124,7 @@ spec: - /scripts/readiness-check.sh initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} + timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} volumeMounts: - mountPath: /opt/onap/config.txt subPath: config.txt @@ -144,6 +146,9 @@ spec: name: cm-persistent - mountPath: /opt/onap/certs name: tls-info + - mountPath: /opt/onap/cm-secrets + name: cm-secrets + readOnly: true securityContext: privileged: True volumes: @@ -171,5 +176,8 @@ spec: {{- end }} - emptyDir: {} name: tls-info + - name: cm-secrets + secret: + secretName: {{ include "common.secret.getSecretNameFast" (dict "global" . "uid" "cm-pass") }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/namespace.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/namespace.yaml index 57cbe89cc1..960ec786b2 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/namespace.yaml +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/namespace.yaml @@ -1,3 +1,4 @@ +{{/* #============LICENSE_START======================================================== # ================================================================================ # Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. @@ -15,7 +16,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= - +*/}} {{ if .Values.dcae_ns}} # Create the namespace apiVersion: v1 diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/secret.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/secret.yaml index dee9200eff..876b971db1 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/secret.yaml +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/secret.yaml @@ -41,3 +41,5 @@ metadata: annotations: kubernetes.io/service-account.name: default type: kubernetes.io/service-account-token +--- +{{ include "common.secretFast" . }} diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml index 1010152cb7..0de6f03b72 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml @@ -1,7 +1,8 @@ #============LICENSE_START======================================================== # ================================================================================ -# Copyright (c) 2018-2019 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2018 Amdocs, Bell Canada +# Copyright (c) 2020 J. F. Lucas. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -31,7 +32,15 @@ global: user: docker password: docker +secrets: + - uid: 'cm-pass' + type: password + externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}' + password: '{{ .Values.config.cloudifyManagerPassword }}' + policy: required + config: + cloudifyManagerPassword: "override me" logstashServiceName: log-ls logstashPort: 5044 # Addresses of other ONAP entities @@ -45,7 +54,7 @@ config: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.deployments.cm-container:3.3.1 +image: onap/org.onap.dcaegen2.deployments.cm-container:3.3.3 pullPolicy: Always # name of shared ConfigMap with kubeconfig for multiple clusters @@ -61,6 +70,7 @@ cleanupImage: onap/org.onap.dcaegen2.deployments.dcae-k8s-cleanup-container:1.0. liveness: initialDelaySeconds: 10 periodSeconds: 10 + timeoutSeconds: 5 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container # liveness not desirable for Cloudify Manager container @@ -68,7 +78,13 @@ liveness: readiness: initialDelaySeconds: 60 - periodSeconds: 10 + # In some environments we see CM coming up + # properly but readiness probe timing out. + # Increasing the timeout and adjusting the + # period so it's longer than the timeout. + # (DCAEGEN2-2465) + periodSeconds: 30 + timeoutSeconds: 10 service: type: ClusterIP diff --git a/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml index 299e3ef878..e0e45c457a 100644 --- a/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml @@ -89,7 +89,7 @@ spec: port: {{ .Values.service.secure.internalPort }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} + {{ end }} readinessProbe: httpGet: scheme: "HTTPS" @@ -139,7 +139,7 @@ spec: port: {{ .Values.service.insecure.internalPort }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} + {{ end }} readinessProbe: httpGet: scheme: "HTTP" diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml index 25e595f672..404927cda8 100644 --- a/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml @@ -1,6 +1,6 @@ #============LICENSE_START======================================================== # ================================================================================ -# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -119,7 +119,7 @@ spec: - name: postgres_port value: "{{ .Values.postgres.config.pgPort }}" - name: cloudify_password - value: admin + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cm-pass" "key" "password") | indent 14 }} - name: dhandler_url value: {{ .Values.config.dhandler_url }} - name: cfy_url diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/templates/secret.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/templates/secret.yaml index b143034d8f..34932b713d 100644 --- a/kubernetes/dcaegen2/components/dcae-dashboard/templates/secret.yaml +++ b/kubernetes/dcaegen2/components/dcae-dashboard/templates/secret.yaml @@ -1,16 +1,17 @@ {{/* # Copyright © 2020 Samsung Electronics -# # -# # Licensed under the Apache License, Version 2.0 (the "License"); -# # you may not use this file except in compliance with the License. -# # You may obtain a copy of the License at -# # -# # http://www.apache.org/licenses/LICENSE-2.0 -# # -# # Unless required by applicable law or agreed to in writing, software -# # distributed under the License is distributed on an "AS IS" BASIS, -# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# # See the License for the specific language governing permissions and -# # limitations under the License. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. */}} + {{ include "common.secretFast" . }} diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml index 7aa9b68030..a86a1eed49 100644 --- a/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml @@ -34,8 +34,14 @@ secrets: login: '{{ .Values.postgres.config.pgUserName }}' password: '{{ .Values.postgres.config.pgUserPassword }}' passwordPolicy: generate + - uid: 'cm-pass' + type: password + externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}' + password: '{{ .Values.config.cloudifyManagerPassword }}' + policy: required config: + cloudifyManagerPassword: "override me" logstashServiceName: log-ls logstashPort: 5044 dhandler_url: https://deployment-handler:8443 diff --git a/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml index 1a28bc45c0..88ec5cbe66 100755 --- a/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml @@ -1,6 +1,6 @@ #============LICENSE_START======================================================== # ================================================================================ -# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2020 Nokia # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); @@ -124,7 +124,7 @@ spec: - name: CLOUDIFY_USER value: admin - name: CLOUDIFY_PASSWORD - value: admin + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cm-pass" "key" "password") | indent 14 }} - name: CONFIG_BINDING_SERVICE value: config-binding-service - name: NODE_EXTRA_CA_CERTS diff --git a/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/secrets.yaml b/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/secrets.yaml new file mode 100644 index 0000000000..34932b713d --- /dev/null +++ b/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/secrets.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml b/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml index f281f6b90f..7e340db628 100644 --- a/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml @@ -31,7 +31,15 @@ global: user: docker password: docker +secrets: + - uid: 'cm-pass' + type: password + externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}' + password: '{{ .Values.config.cloudifyManagerPassword }}' + policy: required + config: + cloudifyManagerPassword: "override me" logstashServiceName: log-ls logstashPort: 5044 # Addresses of other ONAP entities diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml index a29e334a25..61084fa26c 100644 --- a/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml @@ -1,6 +1,6 @@ #============LICENSE_START======================================================== # ================================================================================ -# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -117,7 +117,7 @@ spec: - name: CLOUDIFY_USER value: admin - name: CLOUDIFY_PASSWORD - value: admin + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cm-pass" "key" "password") | indent 14 }} - name: CONFIG_BINDING_SERVICE value: config-binding-service - name: POD_IP diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/templates/secrets.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/templates/secrets.yaml new file mode 100644 index 0000000000..34932b713d --- /dev/null +++ b/kubernetes/dcaegen2/components/dcae-policy-handler/templates/secrets.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml index 2d0930846f..4a587d82eb 100644 --- a/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml @@ -31,7 +31,15 @@ global: user: docker password: docker +secrets: + - uid: 'cm-pass' + type: password + externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}' + password: '{{ .Values.config.cloudifyManagerPassword }}' + policy: required + config: + cloudifyManagerPassword: "override me" logstashServiceName: log-ls logstashPort: 5044 # Addresses of other ONAP entities diff --git a/kubernetes/dcaegen2/templates/secrets.yaml b/kubernetes/dcaegen2/templates/secrets.yaml new file mode 100644 index 0000000000..34932b713d --- /dev/null +++ b/kubernetes/dcaegen2/templates/secrets.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/dcaegen2/values.yaml b/kubernetes/dcaegen2/values.yaml index 939bd115a4..1918a8fea7 100644 --- a/kubernetes/dcaegen2/values.yaml +++ b/kubernetes/dcaegen2/values.yaml @@ -1,5 +1,6 @@ # Copyright © 2018 Amdocs, Bell Canada # Modifications Copyright © 2018-2019 AT&T +# Modifications Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -25,22 +26,47 @@ global: busyboxRepository: docker.io busyboxImage: library/busybox:1.30 +################################################################# +# Secrets metaconfig +################################################################# +secrets: +- name: &cmPassSecretName '{{ include "common.release" . }}-dcaegen2-cm-pass' + type: password + externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}' + password: '{{ .Values.config.cloudifyManagerPassword }}' + +config: {} + +# To work around DCAEGEN2-2450, set password strength to "basic" +# to ensure password contains only alphanumerics +passwordStrengthOverride: basic + # Enable all DCAE components by default dcae-bootstrap: enabled: true + config: + cloudifyManagerPasswordExternalSecret: *cmPassSecretName dcae-cloudify-manager: enabled: true + config: + cloudifyManagerPasswordExternalSecret: *cmPassSecretName dcae-config-binding-service: enabled: true dcae-dashboard: enabled: true + config: + cloudifyManagerPasswordExternalSecret: *cmPassSecretName dcae-deployment-handler: enabled: true + config: + cloudifyManagerPasswordExternalSecret: *cmPassSecretName dcae-healthcheck: enabled: true dcae-inventory-api: enabled: true dcae-policy-handler: enabled: true + config: + cloudifyManagerPasswordExternalSecret: *cmPassSecretName dcae-servicechange-handler: enabled: true diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml index e2251e00fb..aa3e245a0b 100644 --- a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml @@ -71,7 +71,7 @@ readiness: # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.0.6 +image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.1.0 # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml index 2b4b722bfb..1e08954b66 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml @@ -24,7 +24,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/dmaap/datarouter-node:2.1.6 +image: onap/dmaap/datarouter-node:2.1.7 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml index 1cf2e583d1..3d4febcde1 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml @@ -35,7 +35,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/dmaap/datarouter-prov:2.1.6 +image: onap/dmaap/datarouter-prov:2.1.7 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml index fd4a67acfb..8a4caf6747 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml @@ -40,29 +40,12 @@ spec: prometheus.io/port: {{ .Values.prometheus.jmx.port | quote }} {{- end }} spec: - podAntiAffinity: - {{if eq .Values.podAntiAffinityType "hard" -}} - requiredDuringSchedulingIgnoredDuringExecution: - {{- else -}} - preferredDuringSchedulingIgnoredDuringExecution: - {{- end}} - - weight: 1 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: "app" - operator: In - values: - - {{ include "common.name" . }} - - key: "release" - operator: In - values: - - {{ include "common.release" . }} - topologyKey: "kubernetes.io/hostname" {{- if .Values.nodeAffinity }} nodeAffinity: {{ toYaml .Values.nodeAffinity | indent 10 }} {{- end }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" initContainers: - name: {{ include "common.name" . }}-initcontainer image: "{{ .Values.global.ubuntuInitRepository }}/{{ .Values.ubuntuInitImage }}" @@ -286,5 +269,3 @@ spec: requests: storage: {{ .Values.persistence.size | quote }} {{ end }} - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml index 169e898ca6..ad9e5319f4 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml @@ -45,25 +45,12 @@ spec: prometheus.io/port: {{ .Values.prometheus.jmx.port | quote }} {{- end }} spec: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 1 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: "app" - operator: In - values: - - {{ include "common.name" . }} - - key: "release" - operator: In - values: - - {{ include "common.release" . }} - topologyKey: "kubernetes.io/hostname" {{- if .Values.nodeAffinity }} nodeAffinity: {{ toYaml .Values.nodeAffinity | indent 10 }} {{- end }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" initContainers: - name: {{ include "common.name" . }}-permission-fixer command: @@ -234,5 +221,3 @@ spec: requests: storage: {{ .Values.persistence.size | quote }} {{ end }} - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/requirements.yaml b/kubernetes/modeling/charts/modeling-etsicatalog/requirements.yaml index 7fdc969094..7d89fefe8d 100644 --- a/kubernetes/modeling/charts/modeling-etsicatalog/requirements.yaml +++ b/kubernetes/modeling/charts/modeling-etsicatalog/requirements.yaml @@ -19,3 +19,11 @@ dependencies: - name: mariadb-galera version: ~6.x-0 repository: '@local' + condition: global.mariadbGalera.localCluster + - name: mariadb-init + version: ~6.x-0 + repository: '@local' + condition: not global.mariadbGalera.localCluster + - name: readinessCheck + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml b/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml index 91fa4830e2..014013ab7a 100644 --- a/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml +++ b/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml @@ -39,8 +39,8 @@ spec: - command: - /app/ready.py args: - - --container-name - - modeling-mariadb + - -j + - "{{ include "common.release" . }}-{{ include "common.name" . }}-config-job" env: - name: NAMESPACE valueFrom: @@ -49,7 +49,8 @@ spec: fieldPath: metadata.namespace image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness + name: {{ include "common.name" . }}-job-readiness + {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for.msb ) | indent 6 | trim }} - command: - /bin/sh - -c @@ -62,11 +63,6 @@ spec: mountPath: /service/modeling/etsicatalog/static containers: - name: {{ include "common.name" . }} - command: - - bash - args: - - -c - - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh' image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: @@ -87,15 +83,19 @@ spec: periodSeconds: {{ .Values.readiness.periodSeconds }} env: - name: MSB_PROTO - value: "{{ .Values.global.config.msbProtocol }}" + value: "{{ .Values.config.msbProtocol }}" - name: SSL_ENABLED - value: "{{ .Values.global.config.ssl_enabled }}" + value: "{{ .Values.config.ssl_enabled }}" - name: MSB_ADDR - value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - - name: MYSQL_ADDR - value: {{ (index .Values "mariadb-galera" "service" "name") }}:{{ (index .Values "mariadb-galera" "service" "internalPort") }} - - name: MYSQL_ROOT_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 12}} + value: "{{ .Values.config.msbServiceName }}:{{ .Values.config.msbPort }}" + - name: DB_IP + value: "{{ include "common.mariadbService" . }}" + - name: DB_PORT + value: "{{ include "common.mariadbPort" . }}" + - name: DB_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "modeling-db-secret" "key" "login") | indent 12 }} + - name: DB_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "modeling-db-secret" "key" "password") | indent 12 }} volumeMounts: - name: {{ include "common.fullname" . }}-etsicatalog mountPath: /service/modeling/etsicatalog/static diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/templates/secrets.yaml b/kubernetes/modeling/charts/modeling-etsicatalog/templates/secrets.yaml index b0cc27bd8d..8bfebf1679 100644 --- a/kubernetes/modeling/charts/modeling-etsicatalog/templates/secrets.yaml +++ b/kubernetes/modeling/charts/modeling-etsicatalog/templates/secrets.yaml @@ -1,4 +1,4 @@ -# Copyright (c) 2020 Samsung Electronics +{{/*# Copyright (c) 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -11,5 +11,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.secretFast" . }} diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/templates/service.yaml b/kubernetes/modeling/charts/modeling-etsicatalog/templates/service.yaml index 61aefa570c..4dbace3c0c 100644 --- a/kubernetes/modeling/charts/modeling-etsicatalog/templates/service.yaml +++ b/kubernetes/modeling/charts/modeling-etsicatalog/templates/service.yaml @@ -30,7 +30,7 @@ metadata: "url": "/api/parser/v1", "protocol": "REST", "port": "{{.Values.service.externalPort}}", - "enable_ssl": {{ .Values.global.config.ssl_enabled }}, + "enable_ssl": {{ .Values.config.ssl_enabled }}, "visualRange":"1" }, { @@ -39,7 +39,7 @@ metadata: "url": "/api/catalog/v1", "protocol": "REST", "port": "{{.Values.service.externalPort}}", - "enable_ssl": {{ .Values.global.config.ssl_enabled }}, + "enable_ssl": {{ .Values.config.ssl_enabled }}, "visualRange":"1" }, { @@ -48,7 +48,7 @@ metadata: "url": "/api/nsd/v1", "protocol": "REST", "port": "{{.Values.service.externalPort}}", - "enable_ssl": {{ .Values.global.config.ssl_enabled }}, + "enable_ssl": {{ .Values.config.ssl_enabled }}, "visualRange":"1" }, { @@ -57,7 +57,7 @@ metadata: "url": "/api/vnfpkgm/v1", "protocol": "REST", "port": "{{.Values.service.externalPort}}", - "enable_ssl": {{ .Values.global.config.ssl_enabled }}, + "enable_ssl": {{ .Values.config.ssl_enabled }}, "visualRange":"1" } ]' diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml b/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml index d4719dad5f..5926584ef9 100644 --- a/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml +++ b/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml @@ -21,29 +21,43 @@ global: loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 - config: - ssl_enabled: false - msbProtocol: https - msbServiceName: msb-iag - msbPort: 443 - persistence: mountPath: /dockerdata-nfs + mariadbGalera: + #This flag allows Modeling to instantiate its own mariadb-galera cluster + localCluster: false + service: mariadb-galera + internalPort: 3306 + nameOverride: mariadb-galera + +readinessCheck: + wait_for: + msb: + name: msb + containers: + - msb-iag + ################################################################# # Secrets metaconfig ################################################################# secrets: - - uid: "db-root-pass" - externalSecret: '{{- include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (index .Values "mariadb-galera" "nameOverride")) }}' - type: password + - uid: modeling-db-secret + name: &dbSecretName '{{ include "common.release" . }}-modeling-db-secret' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.db.userName }}' + password: '{{ .Values.config.db.userPassword }}' ################################################################# # Dependencies configuration ################################################################# mariadb-galera: - nameOverride: modeling-mariadb + config: &mariadbConfig + userCredentialsExternalSecret: *dbSecretName + mysqlDatabase: etsicatalog + nameOverride: modeling-db service: name: modeling-db portName: modeling-db @@ -54,14 +68,31 @@ mariadb-galera: enabled: true disableNfsProvisioner: true +mariadb-init: + config: *mariadbConfig + # nameOverride should be the same with common.name + nameOverride: modeling-etsicatalog + ################################################################# # Application configuration defaults. ################################################################# +config: + #application configuration about msb + ssl_enabled: false + msbProtocol: https + msbServiceName: msb-iag + msbPort: 443 + #application configuration user password about mariadb + db: + userName: etsicatalog + # userPassword: password + # userCredentialsExternalSecret: some-secret + # application image flavor: small repository: nexus3.onap.org:10001 -image: onap/modeling/etsicatalog:1.0.6 +image: onap/modeling/etsicatalog:1.0.7 initImage: busybox:latest pullPolicy: Always diff --git a/kubernetes/nbi/templates/deployment.yaml b/kubernetes/nbi/templates/deployment.yaml index 631cb7cba8..febb8a9624 100644 --- a/kubernetes/nbi/templates/deployment.yaml +++ b/kubernetes/nbi/templates/deployment.yaml @@ -51,7 +51,7 @@ spec: # so K8s doesn't restart unresponsive container {{- if .Values.global.aafEnabled }} command: - - bash + - sh args: - -c - | diff --git a/kubernetes/nbi/values.yaml b/kubernetes/nbi/values.yaml index 1fc1600374..0f3fd1a352 100644 --- a/kubernetes/nbi/values.yaml +++ b/kubernetes/nbi/values.yaml @@ -71,7 +71,7 @@ subChartsOnly: # application image repository: nexus3.onap.org:10001 -image: onap/externalapi/nbi:7.0.0 +image: onap/externalapi/nbi:7.0.2 pullPolicy: IfNotPresent sdc_authorization: Basic YWFpOktwOGJKNFNYc3pNMFdYbGhhazNlSGxjc2UyZ0F3ODR2YW9HR21KdlV5MlU= aai_authorization: Basic QUFJOkFBSQ== diff --git a/kubernetes/oof/Makefile b/kubernetes/oof/Makefile index 8af301d7ae..4628206e87 100644 --- a/kubernetes/oof/Makefile +++ b/kubernetes/oof/Makefile @@ -19,6 +19,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := dist resources templates charts docker HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) +HELM_VER := $(shell helm version --template "{{.Version}}") .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -39,7 +40,12 @@ lint-%: dep-% package-%: lint-% @mkdir -p $(PACKAGE_DIR) +ifeq "$(findstring v3,$(HELM_VER))" "v3" + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi +else @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi +endif + @helm repo index $(PACKAGE_DIR) clean: diff --git a/kubernetes/oof/components/Makefile b/kubernetes/oof/components/Makefile index 2fc0cbe4ab..02371366f6 100755 --- a/kubernetes/oof/components/Makefile +++ b/kubernetes/oof/components/Makefile @@ -19,6 +19,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) +HELM_VER := $(shell helm version --template "{{.Version}}") .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -39,7 +40,11 @@ lint-%: dep-% package-%: lint-% @mkdir -p $(PACKAGE_DIR) +ifeq "$(findstring v3,$(HELM_VER))" "v3" + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi +else @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi +endif @helm repo index $(PACKAGE_DIR) clean: diff --git a/kubernetes/oof/components/oof-cmso/Makefile b/kubernetes/oof/components/oof-cmso/Makefile index 52df18adad..48cebe96e7 100644 --- a/kubernetes/oof/components/oof-cmso/Makefile +++ b/kubernetes/oof/components/oof-cmso/Makefile @@ -19,6 +19,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := dist resources templates charts docker HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) +HELM_VER := $(shell helm version --template "{{.Version}}") .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -39,7 +40,11 @@ lint-%: dep-% package-%: lint-% @mkdir -p $(PACKAGE_DIR) +ifeq "$(findstring v3,$(HELM_VER))" "v3" + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi +else @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi +endif @helm repo index $(PACKAGE_DIR) clean: diff --git a/kubernetes/oof/components/oof-cmso/components/Makefile b/kubernetes/oof/components/oof-cmso/components/Makefile index 35be2140e1..f7a698d0ec 100755 --- a/kubernetes/oof/components/oof-cmso/components/Makefile +++ b/kubernetes/oof/components/oof-cmso/components/Makefile @@ -19,6 +19,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) +HELM_VER := $(shell helm version --template "{{.Version}}") .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -39,7 +40,11 @@ lint-%: dep-% package-%: lint-% @mkdir -p $(PACKAGE_DIR) +ifeq "$(findstring v3,$(HELM_VER))" "v3" + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi +else @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi +endif @helm repo index $(PACKAGE_DIR) clean: diff --git a/kubernetes/oof/components/oof-has/Makefile b/kubernetes/oof/components/oof-has/Makefile index 52df18adad..48cebe96e7 100644 --- a/kubernetes/oof/components/oof-has/Makefile +++ b/kubernetes/oof/components/oof-has/Makefile @@ -19,6 +19,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := dist resources templates charts docker HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) +HELM_VER := $(shell helm version --template "{{.Version}}") .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -39,7 +40,11 @@ lint-%: dep-% package-%: lint-% @mkdir -p $(PACKAGE_DIR) +ifeq "$(findstring v3,$(HELM_VER))" "v3" + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi +else @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi +endif @helm repo index $(PACKAGE_DIR) clean: diff --git a/kubernetes/oof/components/oof-has/components/Makefile b/kubernetes/oof/components/oof-has/components/Makefile index 35be2140e1..f7a698d0ec 100755 --- a/kubernetes/oof/components/oof-has/components/Makefile +++ b/kubernetes/oof/components/oof-has/components/Makefile @@ -19,6 +19,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) +HELM_VER := $(shell helm version --template "{{.Version}}") .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -39,7 +40,11 @@ lint-%: dep-% package-%: lint-% @mkdir -p $(PACKAGE_DIR) +ifeq "$(findstring v3,$(HELM_VER))" "v3" + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi +else @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi +endif @helm repo index $(PACKAGE_DIR) clean: diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/ingress.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/ingress.yaml index 0cd8cfbd36..2afc5dad2a 100644 --- a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/ingress.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/ingress.yaml @@ -1,4 +1,4 @@ -# Copyright © 2020 Samsung, Orange +{{/*# Copyright © 2020 Samsung, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -11,5 +11,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.ingress" . }} diff --git a/kubernetes/platform/Makefile b/kubernetes/platform/Makefile index 7a55c2ed59..d3fa8b70d1 100644 --- a/kubernetes/platform/Makefile +++ b/kubernetes/platform/Makefile @@ -19,6 +19,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := dist resources templates charts HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) +HELM_VER := $(shell helm version --template "{{.Version}}") .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -39,7 +40,11 @@ lint-%: dep-% package-%: lint-% @mkdir -p $(PACKAGE_DIR) +ifeq "$(findstring v3,$(HELM_VER))" "v3" + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi +else @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi +endif @helm repo index $(PACKAGE_DIR) clean: diff --git a/kubernetes/platform/components/Makefile b/kubernetes/platform/components/Makefile index 27e17db9ff..cf69fa68be 100644 --- a/kubernetes/platform/components/Makefile +++ b/kubernetes/platform/components/Makefile @@ -20,6 +20,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) +HELM_VER := $(shell helm version --template "{{.Version}}") .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -40,7 +41,11 @@ lint-%: dep-% package-%: lint-% @mkdir -p $(PACKAGE_DIR) +ifeq "$(findstring v3,$(HELM_VER))" "v3" + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi +else @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi +endif @helm repo index $(PACKAGE_DIR) clean: diff --git a/kubernetes/platform/components/oom-cert-service/templates/deployment.yaml b/kubernetes/platform/components/oom-cert-service/templates/deployment.yaml index 666e83c5f8..a6ce2825ec 100644 --- a/kubernetes/platform/components/oom-cert-service/templates/deployment.yaml +++ b/kubernetes/platform/components/oom-cert-service/templates/deployment.yaml @@ -1,4 +1,4 @@ -# Copyright © 2020, Nokia +{{/*# Copyright © 2020, Nokia # Modifications Copyright © 2020, Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,7 +11,7 @@ # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and -# limitations under the License. +# limitations under the License.*/}} {{- if .Values.global.cmpv2Enabled }} apiVersion: apps/v1 diff --git a/kubernetes/platform/components/oom-cert-service/templates/secret.yaml b/kubernetes/platform/components/oom-cert-service/templates/secret.yaml index 33056c79fd..280922a014 100644 --- a/kubernetes/platform/components/oom-cert-service/templates/secret.yaml +++ b/kubernetes/platform/components/oom-cert-service/templates/secret.yaml @@ -1,4 +1,4 @@ -# Copyright © 2020, Nokia +{{/*# Copyright © 2020, Nokia # Modifications Copyright © 2020, Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,7 +11,7 @@ # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and -# limitations under the License. +# limitations under the License.*/}} {{- if .Values.global.cmpv2Enabled }} {{ include "common.secretFast" . }} diff --git a/kubernetes/platform/components/oom-cert-service/templates/service.yaml b/kubernetes/platform/components/oom-cert-service/templates/service.yaml index 60e2afa41d..5ae6b36dad 100644 --- a/kubernetes/platform/components/oom-cert-service/templates/service.yaml +++ b/kubernetes/platform/components/oom-cert-service/templates/service.yaml @@ -1,4 +1,4 @@ -# Copyright © 2020, Nokia +{{/*# Copyright © 2020, Nokia # Modifications Copyright © 2020, Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,7 +11,7 @@ # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and -# limitations under the License. +# limitations under the License.*/}} {{- if .Values.global.cmpv2Enabled }} {{ include "common.service" . }} {{ end -}} \ No newline at end of file diff --git a/kubernetes/policy/components/policy-api/resources/config/config.json b/kubernetes/policy/components/policy-api/resources/config/config.json index 8db1f5a99f..cdc477c3e1 100755 --- a/kubernetes/policy/components/policy-api/resources/config/config.json +++ b/kubernetes/policy/components/policy-api/resources/config/config.json @@ -35,7 +35,7 @@ "persistenceUnit": "PolicyMariaDb" }, "preloadPolicyTypes": [ - "policytypes/onap.policies.monitoring.cdap.tca.hi.lo.app.yaml", + "policytypes/onap.policies.monitoring.tcagen2.yaml", "policytypes/onap.policies.monitoring.dcaegen2.collectors.datafile.datafile-app-server.yaml", "policytypes/onap.policies.Optimization.yaml", "policytypes/onap.policies.optimization.Resource.yaml", @@ -53,9 +53,10 @@ "policytypes/onap.policies.controlloop.guard.common.Blacklist.yaml", "policytypes/onap.policies.controlloop.guard.common.FrequencyLimiter.yaml", "policytypes/onap.policies.controlloop.guard.common.MinMax.yaml", + "policytypes/onap.policies.controlloop.guard.common.Filter.yaml", "policytypes/onap.policies.controlloop.guard.coordination.FirstBlocksSecond.yaml", - "policytypes/onap.policies.controlloop.Operational.yaml", "policytypes/onap.policies.Naming.yaml", + "policytypes/onap.policies.Match.yaml", "policytypes/onap.policies.native.Drools.yaml", "policytypes/onap.policies.native.Xacml.yaml", "policytypes/onap.policies.native.Apex.yaml", diff --git a/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml b/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml index a4d060ccfe..40f0fab1b5 100755 --- a/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml @@ -119,8 +119,6 @@ spec: readOnly: true - mountPath: /opt/app/policy/pdpx/etc/mounted name: pdpxconfig-processed - emptyDir: - medium: Memory resources: {{ include "common.resources" . }} {{- if .Values.nodeSelector }} diff --git a/kubernetes/portal/Makefile b/kubernetes/portal/Makefile index 8af301d7ae..248fb056ab 100644 --- a/kubernetes/portal/Makefile +++ b/kubernetes/portal/Makefile @@ -19,6 +19,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := dist resources templates charts docker HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) +HELM_VER := $(shell helm version --template "{{.Version}}") .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -39,7 +40,11 @@ lint-%: dep-% package-%: lint-% @mkdir -p $(PACKAGE_DIR) +ifeq "$(findstring v3,$(HELM_VER))" "v3" + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi +else @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi +endif @helm repo index $(PACKAGE_DIR) clean: diff --git a/kubernetes/portal/components/Makefile b/kubernetes/portal/components/Makefile index 2fc0cbe4ab..02371366f6 100644 --- a/kubernetes/portal/components/Makefile +++ b/kubernetes/portal/components/Makefile @@ -19,6 +19,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) +HELM_VER := $(shell helm version --template "{{.Version}}") .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -39,7 +40,11 @@ lint-%: dep-% package-%: lint-% @mkdir -p $(PACKAGE_DIR) +ifeq "$(findstring v3,$(HELM_VER))" "v3" + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi +else @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi +endif @helm repo index $(PACKAGE_DIR) clean: diff --git a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties index b5b4e48b97..c8a292f60b 100755 --- a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties +++ b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties @@ -16,8 +16,8 @@ #mysql db.driver = org.mariadb.jdbc.Driver db.connectionURL = jdbc:mariadb:failover://portal-db:3306/portal -db.userName =root -db.password =Aa123456 +db.userName =${PORTAL_DB_USER} +db.password =${PORTAL_DB_PASSWORD} db.hib.dialect = org.hibernate.dialect.MySQLDialect db.min_pool_size = 5 db.max_pool_size = 10 @@ -122,4 +122,4 @@ remote_centralized_system_access = {{.Values.global.aafEnabled}} ext_central_access_user_name = aaf_admin@people.osaaf.org ext_central_access_password = demo123456! ext_central_access_url = {{.Values.aafURL}} -ext_central_access_user_domain = @people.osaaf.org \ No newline at end of file +ext_central_access_user_domain = @people.osaaf.org diff --git a/kubernetes/portal/components/portal-app/templates/deployment.yaml b/kubernetes/portal/components/portal-app/templates/deployment.yaml index 0be1fdc91f..8c434c55ff 100644 --- a/kubernetes/portal/components/portal-app/templates/deployment.yaml +++ b/kubernetes/portal/components/portal-app/templates/deployment.yaml @@ -52,8 +52,23 @@ spec: - name: {{ include "common.name" . }}-portal-config image: "{{ .Values.global.envsubstImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: ["/bin/sh"] - args: [ "-c", "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"] + command: + - sh + args: + - "-c" + - | + cd /config-input && \ + for PFILE in `ls -1 *.xml` + do + cp ${PFILE} /config + chmod 0755 /config/${PFILE} + done + cd /config-input && \ + for PFILE in `ls -1 *.properties` + do + envsubst <${PFILE} >/config/${PFILE} + chmod 0755 /config/${PFILE} + done env: - name: CASSA_USER {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-cass" "key" "login") | indent 12 }} @@ -61,6 +76,10 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-cass" "key" "password") | indent 12 }} - name: CIPHER_ENC_KEY {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cipher-enc-key" "key" "password") | indent 12 }} + - name: PORTAL_DB_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "login") | indent 12 }} + - name: PORTAL_DB_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "password") | indent 12 }} volumeMounts: - mountPath: /config-input name: properties-onapportal-scrubbed diff --git a/kubernetes/portal/components/portal-app/values.yaml b/kubernetes/portal/components/portal-app/values.yaml index 55a7ccca38..bd1ed585ad 100644 --- a/kubernetes/portal/components/portal-app/values.yaml +++ b/kubernetes/portal/components/portal-app/values.yaml @@ -43,6 +43,12 @@ secrets: externalSecret: '{{ .Values.config.cipherEncKeyExternalSecret}}' password: '{{ .Values.config.cipherEncKey }}' passwordPolicy: required + - uid: portal-backend-db + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.mariadb.config.backendDbExternalSecret) . }}' + login: '{{ .Values.mariadb.config.backendUserName }}' + password: '{{ .Values.mariadb.config.backendPassword }}' + passwordPolicy: required ################################################################# # Application configuration defaults. @@ -120,6 +126,10 @@ service: mariadb: service: name: portal-db + config: + # backendDbExternalSecret: some secret + backendUserName: portal + backendPassword: portal widget: service: name: portal-widget diff --git a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh index 28fcee1551..93d2b67cc9 100644 --- a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh +++ b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh @@ -182,6 +182,13 @@ if [ "$1" = 'mysqld' -a -z "$wantHelp" ]; then echo done + file_env 'PORTAL_DB_TABLES' + for i in $(echo $PORTAL_DB_TABLES | sed "s/,/ /g") + do + echo "Granting portal user ALL PRIVILEGES for table $i" + echo "GRANT ALL ON \`$i\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}" + done + if ! kill -s TERM "$pid" || ! wait "$pid"; then echo >&2 'MySQL init process failed.' exit 1 @@ -193,4 +200,4 @@ if [ "$1" = 'mysqld' -a -z "$wantHelp" ]; then fi fi -exec "$@" \ No newline at end of file +exec "$@" diff --git a/kubernetes/portal/components/portal-mariadb/templates/deployment.yaml b/kubernetes/portal/components/portal-mariadb/templates/deployment.yaml index ec6cc50634..196a2d1ad4 100644 --- a/kubernetes/portal/components/portal-mariadb/templates/deployment.yaml +++ b/kubernetes/portal/components/portal-mariadb/templates/deployment.yaml @@ -69,6 +69,18 @@ spec: secretKeyRef: name: {{ template "common.fullname" . }} key: db-root-password + - name: MYSQL_USER + valueFrom: + secretKeyRef: + name: {{ template "common.fullname" . }} + key: backend-db-user + - name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.fullname" . }} + key: backend-db-password + - name: PORTAL_DB_TABLES + value: {{ .Values.config.backend_portal_tables }} volumeMounts: - mountPath: /var/lib/mysql name: mariadb-data diff --git a/kubernetes/portal/components/portal-mariadb/templates/secrets.yaml b/kubernetes/portal/components/portal-mariadb/templates/secrets.yaml index ad1db77298..4415c5ebd0 100644 --- a/kubernetes/portal/components/portal-mariadb/templates/secrets.yaml +++ b/kubernetes/portal/components/portal-mariadb/templates/secrets.yaml @@ -26,3 +26,6 @@ metadata: type: Opaque data: db-root-password: {{ .Values.config.mariadbRootPassword | b64enc | quote }} +stringData: + backend-db-user: {{ .Values.config.backendDbUser }} + backend-db-password: {{ .Values.config.backendDbPassword }} diff --git a/kubernetes/portal/components/portal-mariadb/values.yaml b/kubernetes/portal/components/portal-mariadb/values.yaml index 3435feb43e..fc1eca881d 100644 --- a/kubernetes/portal/components/portal-mariadb/values.yaml +++ b/kubernetes/portal/components/portal-mariadb/values.yaml @@ -35,6 +35,11 @@ mariadbInitImage: "oomk8s/mariadb-client-init:3.0.0" config: mariadbUser: root mariadbRootPassword: Aa123456 + backendDbUser: portal + backendDbPassword: portal + #backend_portal_tables is a comma delimited string listing back-end tables + #that backendDbUser needs access to, such as to portal and ecomp_sdk tables + backend_portal_tables: portal,ecomp_sdk #The directory where sql files are found in the projects gerrit repo. sqlSourceDirectory: portal/deliveries # sdc frontend assignment for port 9443 diff --git a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties index 2a2ec59d5c..1faed41b85 100755 --- a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties +++ b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties @@ -40,8 +40,8 @@ decryption_key = AGLDdG4D04BKm2IxIWEr8o== db.driver = org.mariadb.jdbc.Driver db.connectionURL = jdbc:mariadb://portal-db:3306/ecomp_sdk -db.userName = root -db.password = Aa123456 +db.userName =${PORTAL_DB_USER} +db.password =${PORTAL_DB_PASSWORD} db.min_pool_size = 5 db.max_pool_size = 10 hb.dialect = org.hibernate.dialect.MySQLDialect @@ -90,4 +90,4 @@ remote_centralized_system_access = {{.Values.global.aafEnabled}} ext_central_access_user_name = aaf_admin@people.osaaf.org ext_central_access_password = demo123456! ext_central_access_url = {{.Values.aafURL}} -ext_central_access_user_domain = @people.osaaf.org \ No newline at end of file +ext_central_access_user_domain = @people.osaaf.org diff --git a/kubernetes/portal/components/portal-sdk/templates/deployment.yaml b/kubernetes/portal/components/portal-sdk/templates/deployment.yaml index f79098fade..52bf49b972 100644 --- a/kubernetes/portal/components/portal-sdk/templates/deployment.yaml +++ b/kubernetes/portal/components/portal-sdk/templates/deployment.yaml @@ -52,8 +52,23 @@ spec: - name: {{ include "common.name" . }}-portalsdk-config image: "{{ .Values.global.envsubstImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: ["/bin/sh"] - args: [ "-c", "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"] + command: + - sh + args: + - "-c" + - | + cd /config-input && \ + for PFILE in `ls -1 *.xml` + do + cp ${PFILE} /config + chmod 0755 /config/${PFILE} + done + cd /config-input && \ + for PFILE in `ls -1 *.properties` + do + envsubst <${PFILE} >/config/${PFILE} + chmod 0755 /config/${PFILE} + done env: - name: CASSA_USER {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-cass" "key" "login") | indent 12 }} @@ -61,6 +76,10 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-cass" "key" "password") | indent 12 }} - name: CIPHER_ENC_KEY {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cipher-enc-key" "key" "password") | indent 12 }} + - name: PORTAL_DB_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "login") | indent 12 }} + - name: PORTAL_DB_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "password") | indent 12 }} volumeMounts: - mountPath: /config-input name: properties-onapportalsdk-scrubbed diff --git a/kubernetes/portal/components/portal-sdk/values.yaml b/kubernetes/portal/components/portal-sdk/values.yaml index c0f1b58c9a..4056b2aa7a 100644 --- a/kubernetes/portal/components/portal-sdk/values.yaml +++ b/kubernetes/portal/components/portal-sdk/values.yaml @@ -39,6 +39,12 @@ secrets: login: '{{ .Values.cassandra.config.cassandraUsername }}' password: '{{ .Values.cassandra.config.cassandraPassword }}' passwordPolicy: required + - uid: portal-backend-db + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.mariadb.config.backendDbExternalSecret) . }}' + login: '{{ .Values.mariadb.config.backendUserName }}' + password: '{{ .Values.mariadb.config.backendPassword }}' + passwordPolicy: required - uid: cipher-enc-key type: password externalSecret: '{{ .Values.config.cipherEncKeyExternalSecret}}' @@ -115,6 +121,10 @@ service: mariadb: service: name: portal-db + config: + # backendDbExternalSecret: some secret + backendUserName: portal + backendPassword: portal widget: service: name: portal-widget diff --git a/kubernetes/portal/values.yaml b/kubernetes/portal/values.yaml index 2a760cdd98..0d4b023b12 100644 --- a/kubernetes/portal/values.yaml +++ b/kubernetes/portal/values.yaml @@ -32,12 +32,19 @@ secrets: externalSecret: '{{ tpl (default "" .Values.config.casandraCredsExternalSecret) . }}' login: '{{ .Values.config.cassandraUsername }}' password: '{{ .Values.config.cassandraPassword }}' + - uid: portal-backend-db + name: &backendDbSecretName '{{ include "common.release" . }}-portal-backend-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.mariadb.config.backendDbExternalSecret) . }}' + login: '{{ .Values.mariadb.config.backendUserName }}' + password: '{{ .Values.mariadb.config.backendPassword }}' + passwordPolicy: required config: logstashServiceName: log-ls logstashPort: 5044 cassandraUsername: root -# cassandraPassword: Aa123456 + cassandraPassword: Aa123456 # casandraCredsExternalSecret: some secret portal-mariadb: @@ -45,6 +52,11 @@ portal-mariadb: mariadb: service: name: portal-db + config: +# backendDbExternalSecret: some secret + backendUserName: portal + backendPassword: portal + widget: service: name: portal-widget @@ -54,10 +66,16 @@ cassandra: config: cassandraExternalSecret: *dbSecretName portal-app: + mariadb: + config: + backendDbExternalSecret: *backendDbSecretName cassandra: config: cassandraExternalSecret: *dbSecretName portal-sdk: + mariadb: + config: + backendDbExternalSecret: *backendDbSecretName cassandra: config: cassandraExternalSecret: *dbSecretName diff --git a/kubernetes/robot b/kubernetes/robot index b093c77b4f..34913f2223 160000 --- a/kubernetes/robot +++ b/kubernetes/robot @@ -1 +1 @@ -Subproject commit b093c77b4faa2c4f0bfc67e481f724b6d67c7229 +Subproject commit 34913f2223539640c81ae9e7a65744a09a95c9ce diff --git a/kubernetes/sdc/components/sdc-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-be/templates/deployment.yaml index e2329d7ca5..d3a47de65b 100644 --- a/kubernetes/sdc/components/sdc-be/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-be/templates/deployment.yaml @@ -37,6 +37,13 @@ spec: fieldPath: metadata.namespace image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi - name: {{ include "common.name" . }}-job-completion image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}" @@ -51,6 +58,13 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi {{- if .Values.global.aafEnabled }} - name: {{ include "common.name" . }}-update-config image: "{{ .Values.global.envsubstImage }}" @@ -72,6 +86,13 @@ spec: envsubst <${PFILE} >/config-output/${PFILE} chmod 0755 /config-output/${PFILE} done + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} - name: {{ include "common.fullname" . }}-environments mountPath: /config-input/ @@ -154,6 +175,13 @@ spec: mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-data-filebeat mountPath: /usr/share/filebeat/data + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: {{ include "common.fullname" . }}-localtime hostPath: diff --git a/kubernetes/sdc/components/sdc-be/templates/job.yaml b/kubernetes/sdc/components/sdc-be/templates/job.yaml index d9c3e510eb..554b3c357e 100644 --- a/kubernetes/sdc/components/sdc-be/templates/job.yaml +++ b/kubernetes/sdc/components/sdc-be/templates/job.yaml @@ -39,19 +39,28 @@ spec: args: - --container-name - sdc-be + - "-t" + - "35" env: - name: NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi containers: - name: {{ include "common.name" . }}-job image: "{{ include "common.repository" . }}/{{ .Values.backendInitImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - name: {{ include "common.fullname" . }}-environments - mountPath: /home/sdc/chef-solo/environments/ + mountPath: /home/onap/chef-solo/environments/ - name: sdc-logs mountPath: /var/lib/jetty/logs env: @@ -61,6 +70,13 @@ spec: valueFrom: fieldRef: fieldPath: status.podIP + resources: + limits: + cpu: 800m + memory: 1024Mi + requests: + cpu: 200m + memory: 200Mi volumes: - name: {{ include "common.fullname" . }}-environments configMap: diff --git a/kubernetes/sdc/components/sdc-be/values.yaml b/kubernetes/sdc/components/sdc-be/values.yaml index 03894869e4..b825b703b4 100644 --- a/kubernetes/sdc/components/sdc-be/values.yaml +++ b/kubernetes/sdc/components/sdc-be/values.yaml @@ -39,8 +39,8 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-backend:1.6.7 -backendInitImage: onap/sdc-backend-init:1.6.7 +image: onap/sdc-backend-all-plugins:1.7.1 +backendInitImage: onap/sdc-backend-init:1.7.1 pullPolicy: Always # flag to enable debugging - application support required @@ -140,15 +140,15 @@ resources: small: limits: cpu: 1 - memory: 4Gi + memory: 2Gi requests: - cpu: 10m + cpu: 100m memory: 1Gi large: limits: cpu: 2 - memory: 8Gi + memory: 4Gi requests: - cpu: 20m + cpu: 200m memory: 2Gi unlimited: {} diff --git a/kubernetes/sdc/components/sdc-cs/templates/job.yaml b/kubernetes/sdc/components/sdc-cs/templates/job.yaml index 0c98d67be4..19dd11281f 100644 --- a/kubernetes/sdc/components/sdc-cs/templates/job.yaml +++ b/kubernetes/sdc/components/sdc-cs/templates/job.yaml @@ -45,12 +45,21 @@ spec: {{- else }} - cassandra {{- end }} + - "-t" + - "15" env: - name: NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi containers: - name: {{ include "common.name" . }}-job image: "{{ include "common.repository" . }}/{{ .Values.cassandraInitImage }}" @@ -78,6 +87,13 @@ spec: valueFrom: fieldRef: fieldPath: status.podIP + resources: + limits: + cpu: 800m + memory: 1024Mi + requests: + cpu: 200m + memory: 300Mi volumes: - name: {{ include "common.fullname" . }}-environments configMap: diff --git a/kubernetes/sdc/components/sdc-cs/values.yaml b/kubernetes/sdc/components/sdc-cs/values.yaml index 0738ca755d..e80f64844e 100644 --- a/kubernetes/sdc/components/sdc-cs/values.yaml +++ b/kubernetes/sdc/components/sdc-cs/values.yaml @@ -38,8 +38,8 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-cassandra:1.6.7 -cassandraInitImage: onap/sdc-cassandra-init:1.6.7 +image: onap/sdc-cassandra:1.7.1 +cassandraInitImage: onap/sdc-cassandra-init:1.7.1 pullPolicy: Always @@ -104,23 +104,3 @@ persistence: ingress: enabled: false - -# Resource Limit flavor -By Default using small -flavor: small -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - cpu: 1 - memory: 4Gi - requests: - cpu: 10m - memory: 1Gi - large: - limits: - cpu: 2 - memory: 8Gi - requests: - cpu: 20m - memory: 2Gi - unlimited: {} diff --git a/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml b/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml index 0571f4bb5d..bca3c477a1 100644 --- a/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml @@ -43,12 +43,21 @@ spec: args: - --job-name - {{ include "common.release" . }}-sdc-be-config-backend + - "-t" + - "35" env: - name: NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi {{- if .Values.global.aafEnabled }} - name: {{ include "common.name" . }}-update-config image: "{{ .Values.global.envsubstImage }}" @@ -75,6 +84,13 @@ spec: mountPath: /config-input/ - name: sdc-environments-output mountPath: /config-output/ + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi {{- end }} containers: - name: {{ include "common.name" . }} @@ -106,8 +122,7 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} - resources: -{{ include "common.resources" . | indent 12 }} + resources: {{ include "common.resources" . | nindent 12 }} env: - name: ENVNAME value: {{ .Values.env.name }} @@ -153,6 +168,13 @@ spec: mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-data-filebeat mountPath: /usr/share/filebeat/data + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: {{ include "common.fullname" . }}-localtime hostPath: diff --git a/kubernetes/sdc/components/sdc-fe/values.yaml b/kubernetes/sdc/components/sdc-fe/values.yaml index e9ff284ffe..1389d05c02 100644 --- a/kubernetes/sdc/components/sdc-fe/values.yaml +++ b/kubernetes/sdc/components/sdc-fe/values.yaml @@ -51,7 +51,7 @@ certInitializer: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-frontend:1.6.7 +image: onap/sdc-frontend:1.7.1 pullPolicy: Always config: @@ -123,16 +123,16 @@ flavor: small resources: small: limits: - cpu: 1 - memory: 4Gi + cpu: 500m + memory: 2Gi requests: - cpu: 10m + cpu: 40m memory: 1Gi large: limits: - cpu: 2 - memory: 8Gi + cpu: 1 + memory: 4Gi requests: - cpu: 20m + cpu: 80m memory: 2Gi unlimited: {} diff --git a/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml index 6f1e2a9b61..527dddef89 100644 --- a/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml @@ -49,6 +49,13 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi {{- if .Values.global.aafEnabled }} - name: {{ include "common.name" . }}-update-config image: "{{ .Values.global.envsubstImage }}" @@ -75,6 +82,13 @@ spec: mountPath: /config-input/ - name: sdc-environments-output mountPath: /config-output/ + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi {{- end }} containers: - name: {{ include "common.name" . }} @@ -99,8 +113,7 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} - resources: -{{ include "common.resources" . | indent 12 }} + resources: {{ include "common.resources" . | nindent 12 }} env: - name: ENVNAME value: {{ .Values.env.name }} @@ -155,6 +168,13 @@ spec: mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-data-filebeat mountPath: /usr/share/filebeat/data + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: {{ include "common.fullname" . }}-localtime hostPath: diff --git a/kubernetes/sdc/components/sdc-onboarding-be/templates/job.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/job.yaml index 936c7c41b5..c3003e2d1d 100644 --- a/kubernetes/sdc/components/sdc-onboarding-be/templates/job.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/job.yaml @@ -41,12 +41,21 @@ spec: args: - --job-name - {{ include "common.release" . }}-sdc-cs-config-cassandra + - "-t" + - "20" env: - name: NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi containers: - name: {{ include "common.name" . }}-job image: "{{ include "common.repository" . }}/{{ .Values.onboardingInitImage }}" @@ -72,6 +81,13 @@ spec: secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: cs_password} - name: CS_HOST_IP value: "{{ .Values.global.cassandra.serviceName }}" + resources: + limits: + cpu: 800m + memory: 1024Mi + requests: + cpu: 200m + memory: 200Mi volumes: - name: {{ include "common.fullname" . }}-environments configMap: diff --git a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml index 2e5d91e76b..6ec08db43a 100644 --- a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml @@ -63,8 +63,8 @@ certInitializer: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-onboard-backend:1.6.7 -onboardingInitImage: onap/sdc-onboard-cassandra-init:1.6.7 +image: onap/sdc-onboard-backend:1.7.1 +onboardingInitImage: onap/sdc-onboard-cassandra-init:1.7.1 pullPolicy: Always # flag to enable debugging - application support required @@ -155,16 +155,16 @@ flavor: small resources: small: limits: - cpu: 1 - memory: 4Gi + cpu: 500m + memory: 2Gi requests: - cpu: 10m + cpu: 40m memory: 1Gi large: limits: - cpu: 2 - memory: 8Gi + cpu: 1 + memory: 4Gi requests: - cpu: 20m + cpu: 80m memory: 2Gi unlimited: {} diff --git a/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml index b188cdae98..c61c41fc85 100644 --- a/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml @@ -50,6 +50,13 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi {{ end }} containers: - name: {{ include "common.name" . }} @@ -123,6 +130,7 @@ spec: - name: SERVER_SSL_TRUSTSTORE_TYPE value: "{{ .Values.config.serverSSLTrustStoreType }}" volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} + resources: {{ include "common.resources" . | nindent 12 }} volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/sdc/components/sdc-wfd-be/templates/job.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/job.yaml index 9235cb441c..be7d519924 100644 --- a/kubernetes/sdc/components/sdc-wfd-be/templates/job.yaml +++ b/kubernetes/sdc/components/sdc-wfd-be/templates/job.yaml @@ -34,37 +34,47 @@ spec: spec: restartPolicy: Never initContainers: - - name: {{ include "common.name" . }}-init-readiness - image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - /app/ready.py - args: - - --job-name - - {{ include "common.release" . }}-sdc-cs-config-cassandra - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace + - name: {{ include "common.name" . }}-init-readiness + image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /app/ready.py + args: + - --job-name + - {{ include "common.release" . }}-sdc-cs-config-cassandra + - "-t" + - "20" + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi containers: - - name: {{ include "common.name" . }}-job - image: "{{ include "common.repository" . }}/{{ .Values.configInitImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - env: - - name: CS_HOST - value: "{{ .Values.global.cassandra.serviceName }}" - - name: CS_PORT - value: "{{ .Values.config.cassandraClientPort }}" - - name: CS_AUTHENTICATE - value: "{{ .Values.config.cassandraAuthenticationEnabled }}" - - name: CS_USER - valueFrom: - secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_user} - - name: CS_PASSWORD - valueFrom: - secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_password} + - name: {{ include "common.name" . }}-job + image: "{{ include "common.repository" . }}/{{ .Values.configInitImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: CS_HOST + value: "{{ .Values.global.cassandra.serviceName }}" + - name: CS_PORT + value: "{{ .Values.config.cassandraClientPort }}" + - name: CS_AUTHENTICATE + value: "{{ .Values.config.cassandraAuthenticationEnabled }}" + - name: CS_USER + valueFrom: + secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_user} + - name: CS_PASSWORD + valueFrom: + secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_password} + resources: {{ include "common.resources" . | nindent 12 }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" {{ end }} diff --git a/kubernetes/sdc/components/sdc-wfd-be/values.yaml b/kubernetes/sdc/components/sdc-wfd-be/values.yaml index da5ae38ad5..893a1b9f31 100644 --- a/kubernetes/sdc/components/sdc-wfd-be/values.yaml +++ b/kubernetes/sdc/components/sdc-wfd-be/values.yaml @@ -62,8 +62,8 @@ certInitializer: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/workflow-backend:1.6.4 -configInitImage: onap/workflow-init:1.6.4 +image: onap/sdc-workflow-backend:1.7.0 +configInitImage: onap/sdc-workflow-init:1.7.0 pullPolicy: Always initJob: @@ -123,21 +123,22 @@ ingress: config: ssl: "redirect" -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # - # Example: - # Configure resource requests and limits - # ref: http://kubernetes.io/docs/user-guide/compute-resources/ - # Minimum memory for development is 2 CPU cores and 4GB memory - # Minimum memory for production is 4 CPU cores and 8GB memory -#resources: -# limits: -# cpu: 2 -# memory: 4Gi -# requests: -# cpu: 2 -# memory: 4Gi +# Resource Limit flavor -By Default using small +# Segregation for Different environment (Small and Large) +flavor: small +resources: + small: + limits: + cpu: 500m + memory: 2Gi + requests: + cpu: 40m + memory: 1Gi + large: + limits: + cpu: 1 + memory: 4Gi + requests: + cpu: 80m + memory: 2Gi + unlimited: {} diff --git a/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml b/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml index ad10480a3f..a5d312f308 100644 --- a/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml @@ -48,6 +48,13 @@ spec: fieldPath: metadata.namespace image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi {{- if .Values.global.aafEnabled }} - name: {{ include "common.fullname" . }}-move-cert command: @@ -63,6 +70,13 @@ spec: volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - name: sdc-certs mountPath: /sdc-certs + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi {{- end }} containers: - name: {{ include "common.name" . }} @@ -114,8 +128,8 @@ spec: readOnly: true {{- if .Values.global.aafEnabled }} - name: sdc-certs - mountPath: /sdc-certs - subpath: mycreds.prop + mountPath: /sdc-certs/mycreds.prop + subPath: mycreds.prop - name: sdc-certs mountPath: /var/lib/jetty/etc/{{ .Values.certInitializer.keystoreFile }} subPath: {{ .Values.certInitializer.keystoreFile }} @@ -123,8 +137,7 @@ spec: mountPath: /var/lib/jetty/etc/{{ .Values.certInitializer.truststoreFile }} subPath: {{ .Values.certInitializer.truststoreFile }} {{ end }} - resources: -{{ include "common.resources" . | indent 12 }} + resources: {{ include "common.resources" . | nindent 12 }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 10 }} @@ -145,6 +158,13 @@ spec: mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-data-filebeat mountPath: /usr/share/filebeat/data + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: {{ include "common.fullname" . }}-localtime hostPath: diff --git a/kubernetes/sdc/components/sdc-wfd-fe/values.yaml b/kubernetes/sdc/components/sdc-wfd-fe/values.yaml index 7bb1b24ad6..e88139832f 100644 --- a/kubernetes/sdc/components/sdc-wfd-fe/values.yaml +++ b/kubernetes/sdc/components/sdc-wfd-fe/values.yaml @@ -51,7 +51,7 @@ certInitializer: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/workflow-frontend:1.6.4 +image: onap/sdc-workflow-frontend:1.7.0 pullPolicy: Always # flag to enable debugging - application support required @@ -114,21 +114,22 @@ ingress: nginx.ingress.kubernetes.io/backend-protocol: "HTTP" nginx.ingress.kubernetes.io/rewrite-target: "/workflows/" -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # - # Example: - # Configure resource requests and limits - # ref: http://kubernetes.io/docs/user-guide/compute-resources/ - # Minimum memory for development is 2 CPU cores and 4GB memory - # Minimum memory for production is 4 CPU cores and 8GB memory -#resources: -# limits: -# cpu: 2 -# memory: 4Gi -# requests: -# cpu: 2 -# memory: 4Gi +# Resource Limit flavor -By Default using small +# Segregation for Different environment (Small and Large) +flavor: small +resources: + small: + limits: + cpu: 500m + memory: 2Gi + requests: + cpu: 40m + memory: 1Gi + large: + limits: + cpu: 1 + memory: 4Gi + requests: + cpu: 80m + memory: 2Gi + unlimited: {} diff --git a/kubernetes/sdnc/templates/service.yaml b/kubernetes/sdnc/templates/service.yaml index b434c4025f..e3be4bc46a 100644 --- a/kubernetes/sdnc/templates/service.yaml +++ b/kubernetes/sdnc/templates/service.yaml @@ -49,9 +49,9 @@ spec: targetPort: {{ .Values.service.internalPort4 }} {{ end }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort4 }} - {{ if .Values.config.sdnr.enabled }} - Session Affinity: ClientIP - {{ end }} + {{ if .Values.config.sdnr.enabled }} + sessionAffinity: ClientIP + {{ end }} selector: app.kubernetes.io/name: {{ include "common.name" . }} app.kubernetes.io/instance: {{ include "common.release" . }} diff --git a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/resources/config/logging/log.yml b/kubernetes/vfc/charts/vfc-generic-vnfm-driver/resources/config/logging/log.yml index 123bb298ab..844f993df1 100644 --- a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/resources/config/logging/log.yml +++ b/kubernetes/vfc/charts/vfc-generic-vnfm-driver/resources/config/logging/log.yml @@ -11,6 +11,9 @@ loggers: level: "DEBUG" propagate: False handlers: + console: + class: "logging.StreamHandler" + formatter: "standard" gvnfmdriverlocal_handler: level: "DEBUG" class: diff --git a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-generic-vnfm-driver/templates/deployment.yaml index c6987f14ee..a9c92ef7b3 100644 --- a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-generic-vnfm-driver/templates/deployment.yaml @@ -56,12 +56,10 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: - - name: MSB_PROTO - value: "{{ .Values.global.config.msbprotocol }}" + - name: MSB_HOST + value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: SSL_ENABLED value: "{{ .Values.global.config.ssl_enabled }}" - - name: MSB_ADDR - value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: REG_TO_MSB_WHEN_START value: "{{ .Values.global.config.reg_to_msb_when_start }}" volumeMounts: diff --git a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/values.yaml b/kubernetes/vfc/charts/vfc-generic-vnfm-driver/values.yaml index 21118603f5..96736f6c66 100644 --- a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/values.yaml +++ b/kubernetes/vfc/charts/vfc-generic-vnfm-driver/values.yaml @@ -28,7 +28,7 @@ global: flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/gvnfmdriver:1.3.9 +image: onap/vfc/gvnfmdriver:1.4.0 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/vfc/charts/vfc-nslcm/resources/config/logging/log.yml b/kubernetes/vfc/charts/vfc-nslcm/resources/config/logging/log.yml index 4ae7ab16a8..c88606239e 100644 --- a/kubernetes/vfc/charts/vfc-nslcm/resources/config/logging/log.yml +++ b/kubernetes/vfc/charts/vfc-nslcm/resources/config/logging/log.yml @@ -11,6 +11,9 @@ loggers: level: "DEBUG" propagate: False handlers: + console: + class: "logging.StreamHandler" + formatter: "standard" nslcmlocal_handler: level: "DEBUG" class: diff --git a/kubernetes/vfc/charts/vfc-nslcm/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-nslcm/templates/deployment.yaml index 9b085f8a36..544834d199 100644 --- a/kubernetes/vfc/charts/vfc-nslcm/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-nslcm/templates/deployment.yaml @@ -76,12 +76,10 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: - - name: MSB_PROTO - value: "{{ .Values.global.config.msbprotocol }}" + - name: MSB_HOST + value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: SSL_ENABLED value: "{{ .Values.global.config.ssl_enabled }}" - - name: MSB_ADDR - value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: MYSQL_ADDR value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}" - name: MYSQL_ROOT_USER diff --git a/kubernetes/vfc/charts/vfc-nslcm/values.yaml b/kubernetes/vfc/charts/vfc-nslcm/values.yaml index 547874145f..7d37810020 100644 --- a/kubernetes/vfc/charts/vfc-nslcm/values.yaml +++ b/kubernetes/vfc/charts/vfc-nslcm/values.yaml @@ -38,7 +38,7 @@ secrets: flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/nslcm:1.3.9 +image: onap/vfc/nslcm:1.4.0 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/vfc/charts/vfc-redis/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-redis/templates/deployment.yaml index 9eee5c7f81..8b32fa4e6e 100644 --- a/kubernetes/vfc/charts/vfc-redis/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-redis/templates/deployment.yaml @@ -53,11 +53,6 @@ spec: port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} - env: - - name: MSB_ADDR - value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - - name: REG_TO_MSB_WHEN_START - value: "{{ .Values.global.config.reg_to_msb_when_start }}" resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} diff --git a/kubernetes/vfc/charts/vfc-redis/values.yaml b/kubernetes/vfc/charts/vfc-redis/values.yaml index 80924a897a..2761d05999 100644 --- a/kubernetes/vfc/charts/vfc-redis/values.yaml +++ b/kubernetes/vfc/charts/vfc-redis/values.yaml @@ -28,7 +28,7 @@ global: flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/db:1.3.3 +image: onap/vfc/db:1.3.4 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/vfc/charts/vfc-vnflcm/resources/config/logging/log.yml b/kubernetes/vfc/charts/vfc-vnflcm/resources/config/logging/log.yml index 4af8faa40f..9dbf475beb 100644 --- a/kubernetes/vfc/charts/vfc-vnflcm/resources/config/logging/log.yml +++ b/kubernetes/vfc/charts/vfc-vnflcm/resources/config/logging/log.yml @@ -11,6 +11,9 @@ loggers: level: "DEBUG" propagate: False handlers: + console: + class: "logging.StreamHandler" + formatter: "standard" vnfmgrlocal_handler: level: "DEBUG" class: diff --git a/kubernetes/vfc/charts/vfc-vnflcm/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-vnflcm/templates/deployment.yaml index d61dc9ddfa..7fd74b93f0 100644 --- a/kubernetes/vfc/charts/vfc-vnflcm/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-vnflcm/templates/deployment.yaml @@ -76,12 +76,10 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: - - name: MSB_PROTO - value: "{{ .Values.global.config.msbprotocol }}" + - name: MSB_HOST + value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: SSL_ENABLED value: "{{ .Values.global.config.ssl_enabled }}" - - name: MSB_ADDR - value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: MYSQL_ADDR value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}" - name: MYSQL_ROOT_USER diff --git a/kubernetes/vfc/charts/vfc-vnflcm/values.yaml b/kubernetes/vfc/charts/vfc-vnflcm/values.yaml index 89847ca158..fafef0c5f0 100644 --- a/kubernetes/vfc/charts/vfc-vnflcm/values.yaml +++ b/kubernetes/vfc/charts/vfc-vnflcm/values.yaml @@ -38,7 +38,7 @@ secrets: flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/vnflcm:1.3.9 +image: onap/vfc/vnflcm:1.4.0 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/vfc/charts/vfc-vnfmgr/resources/config/logging/log.yml b/kubernetes/vfc/charts/vfc-vnfmgr/resources/config/logging/log.yml index 4af8faa40f..9dbf475beb 100644 --- a/kubernetes/vfc/charts/vfc-vnfmgr/resources/config/logging/log.yml +++ b/kubernetes/vfc/charts/vfc-vnfmgr/resources/config/logging/log.yml @@ -11,6 +11,9 @@ loggers: level: "DEBUG" propagate: False handlers: + console: + class: "logging.StreamHandler" + formatter: "standard" vnfmgrlocal_handler: level: "DEBUG" class: diff --git a/kubernetes/vfc/charts/vfc-vnfmgr/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-vnfmgr/templates/deployment.yaml index 3eede1904d..bd0b377f79 100644 --- a/kubernetes/vfc/charts/vfc-vnfmgr/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-vnfmgr/templates/deployment.yaml @@ -76,12 +76,10 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: - - name: MSB_PROTO - value: "{{ .Values.global.config.msbprotocol }}" + - name: MSB_HOST + value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: SSL_ENABLED value: "{{ .Values.global.config.ssl_enabled }}" - - name: MSB_ADDR - value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: MYSQL_ADDR value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}" - name: REDIS_HOST diff --git a/kubernetes/vfc/charts/vfc-vnfmgr/values.yaml b/kubernetes/vfc/charts/vfc-vnfmgr/values.yaml index 6fbc0338e5..67b087fcd0 100644 --- a/kubernetes/vfc/charts/vfc-vnfmgr/values.yaml +++ b/kubernetes/vfc/charts/vfc-vnfmgr/values.yaml @@ -38,7 +38,7 @@ secrets: flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/vnfmgr:1.3.8 +image: onap/vfc/vnfmgr:1.3.9 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/vfc/charts/vfc-vnfres/resources/config/logging/log.yml b/kubernetes/vfc/charts/vfc-vnfres/resources/config/logging/log.yml index c4cc1e3072..7644af1e1b 100644 --- a/kubernetes/vfc/charts/vfc-vnfres/resources/config/logging/log.yml +++ b/kubernetes/vfc/charts/vfc-vnfres/resources/config/logging/log.yml @@ -11,6 +11,9 @@ loggers: level: "DEBUG" propagate: False handlers: + console: + class: "logging.StreamHandler" + formatter: "standard" vnflcmlocal_handler: level: "DEBUG" class: diff --git a/kubernetes/vfc/charts/vfc-vnfres/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-vnfres/templates/deployment.yaml index 32c7cd2348..9f2a4c739b 100644 --- a/kubernetes/vfc/charts/vfc-vnfres/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-vnfres/templates/deployment.yaml @@ -76,12 +76,10 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: - - name: MSB_PROTO - value: "{{ .Values.global.config.msbprotocol }}" + - name: MSB_HOST + value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: SSL_ENABLED value: "{{ .Values.global.config.ssl_enabled }}" - - name: MSB_ADDR - value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: MYSQL_ADDR value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}" - name: REDIS_HOST diff --git a/kubernetes/vfc/charts/vfc-vnfres/values.yaml b/kubernetes/vfc/charts/vfc-vnfres/values.yaml index 82b74e08f6..1b6fc792a1 100644 --- a/kubernetes/vfc/charts/vfc-vnfres/values.yaml +++ b/kubernetes/vfc/charts/vfc-vnfres/values.yaml @@ -38,7 +38,7 @@ secrets: flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/vnfres:1.3.7 +image: onap/vfc/vnfres:1.3.8 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/resources/config/logging/log.yml b/kubernetes/vfc/charts/vfc-zte-vnfm-driver/resources/config/logging/log.yml index a0bf170fe6..6c00048ff7 100644 --- a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/resources/config/logging/log.yml +++ b/kubernetes/vfc/charts/vfc-zte-vnfm-driver/resources/config/logging/log.yml @@ -11,6 +11,9 @@ loggers: level: "DEBUG" propagate: False handlers: + console: + class: "logging.StreamHandler" + formatter: "standard" ztevnfmdriverlocal_handler: level: "DEBUG" class: diff --git a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-zte-vnfm-driver/templates/deployment.yaml index bcae4acf52..32e4133a16 100644 --- a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-zte-vnfm-driver/templates/deployment.yaml @@ -72,12 +72,10 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: - - name: MSB_PROTO - value: "{{ .Values.global.config.msbprotocol }}" + - name: MSB_HOST + value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: SSL_ENABLED value: "{{ .Values.global.config.ssl_enabled }}" - - name: MSB_ADDR - value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: REG_TO_MSB_WHEN_START value: "{{ .Values.global.config.reg_to_msb_when_start }}" volumeMounts: diff --git a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/values.yaml b/kubernetes/vfc/charts/vfc-zte-vnfm-driver/values.yaml index 18cd207051..7ebd3a5c0e 100644 --- a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/values.yaml +++ b/kubernetes/vfc/charts/vfc-zte-vnfm-driver/values.yaml @@ -28,7 +28,7 @@ global: flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/ztevnfmdriver:1.3.6 +image: onap/vfc/ztevnfmdriver:1.3.7 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/vnfsdk/resources/config/configuration.xml b/kubernetes/vnfsdk/resources/config/configuration.xml index 6bd4e1c8eb..09b6551c00 100644 --- a/kubernetes/vnfsdk/resources/config/configuration.xml +++ b/kubernetes/vnfsdk/resources/config/configuration.xml @@ -23,7 +23,7 @@ PUBLIC "//mybatis.org//DTD Config 3.0//EN" - + diff --git a/kubernetes/vnfsdk/templates/deployment.yaml b/kubernetes/vnfsdk/templates/deployment.yaml index 06ce21274e..60edcffbbf 100644 --- a/kubernetes/vnfsdk/templates/deployment.yaml +++ b/kubernetes/vnfsdk/templates/deployment.yaml @@ -73,7 +73,7 @@ spec: name: {{ include "common.name" . }} resources: {{ include "common.resources" . | indent 12 }} - volumes: + volumeMounts: - mountPath: /service/webapps/ROOT/WEB-INF/classes/mybatis/configuration/configuration.xml name: init-data subPath: configuration.xml diff --git a/kubernetes/vnfsdk/values.yaml b/kubernetes/vnfsdk/values.yaml index b72f39652c..3e0e235717 100644 --- a/kubernetes/vnfsdk/values.yaml +++ b/kubernetes/vnfsdk/values.yaml @@ -43,7 +43,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/vnfsdk/refrepo:1.5.2 +image: onap/vnfsdk/refrepo:1.6.0 postgresRepository: crunchydata postgresImage: crunchy-postgres:centos7-10.3-1.8.2 pullPolicy: Always