From: Sylvain Desbureaux Date: Tue, 31 Mar 2020 11:54:32 +0000 (+0000) Subject: Merge "use ODL aaa-app-config when AAF disabled" X-Git-Tag: 6.0.0~226 X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=8b0a6c11bb7c82411efdea28615320c1fbf24019;hp=9a94fefcb96dd67230ec7de1f920b4e096be10f4;p=oom.git Merge "use ODL aaa-app-config when AAF disabled" --- diff --git a/docs/oom_hardcoded_certificates.rst b/docs/oom_hardcoded_certificates.rst index 84ca2d0eed..eb53a2d848 100644 --- a/docs/oom_hardcoded_certificates.rst +++ b/docs/oom_hardcoded_certificates.rst @@ -11,8 +11,18 @@ ONAP Hardcoded certificates ONAP current installation have hardcoded certificates. Here's the list of these certificates: - +----------------------------------------------------------------------------------+ - | Project | ONAP Certificate | Own Certificate | Path | - +============+==================+==================+===============================+ - | VID | No | Yes | kubernetes/vid/resources/cert | - +------------+------------------+------------------+-------------------------------+ + +-----------------------------------------------------------------------------------------------------------------------------+ + | Project | ONAP Certificate | Own Certificate | Path | + +============+==================+==================+==========================================================================+ + | VID | No | Yes | kubernetes/vid/resources/cert | + +------------+------------------+------------------+--------------------------------------------------------------------------+ + | AAI | Yes | No | aai/oom/resources/config/haproxy/aai.pem | + +------------+------------------+------------------+--------------------------------------------------------------------------+ + | AAI | Yes | No | aai/oom/resources/config/aai/aai_keystore | + +------------+------------------+------------------+--------------------------------------------------------------------------+ + | AAI | Yes | No | aai/oom/components/aai-search-data/resources/config/auth/tomcat_keystore | + +------------+------------------+------------------+--------------------------------------------------------------------------+ + | AAI | No | Yes | aai/oom/components/aai-babel/resources/config/auth/tomcat_keystore | + +------------+------------------+------------------+--------------------------------------------------------------------------+ + | AAI | Yes | Yes | aai/oom/components/aai-model-loaderresources/config/auth/tomcat_keystore | + +------------+------------------+------------------+--------------------------------------------------------------------------+ diff --git a/kubernetes/aai b/kubernetes/aai index 3d1bbe894f..40aacd4952 160000 --- a/kubernetes/aai +++ b/kubernetes/aai @@ -1 +1 @@ -Subproject commit 3d1bbe894ff20bc8b1512591c6d8993b4d2009b1 +Subproject commit 40aacd4952fc1d8a37f4ad44c89bef093762b81c diff --git a/kubernetes/appc/templates/secrets.yaml b/kubernetes/appc/templates/secrets.yaml index 65a6b24eb7..075c24a064 100644 --- a/kubernetes/appc/templates/secrets.yaml +++ b/kubernetes/appc/templates/secrets.yaml @@ -12,4 +12,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -{{ include "common.secret" . }} +{{ include "common.secretFast" . }} diff --git a/kubernetes/appc/templates/statefulset.yaml b/kubernetes/appc/templates/statefulset.yaml index e219c45fe6..68e108d9b7 100644 --- a/kubernetes/appc/templates/statefulset.yaml +++ b/kubernetes/appc/templates/statefulset.yaml @@ -40,13 +40,13 @@ spec: - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; chmod 0755 /config/${PFILE}; done" env: - name: APPC_DB_USER - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "appcdb-user-creds" "key" "login") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "appcdb-user-creds" "key" "login") | indent 10 }} - name: APPC_DB_PASSWD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "appcdb-user-creds" "key" "password") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "appcdb-user-creds" "key" "password") | indent 10 }} - name: SDNC_DB_USER - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "sdncdb-user-creds" "key" "login") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdncdb-user-creds" "key" "login") | indent 10 }} - name: SDNC_DB_PASSWD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "sdncdb-user-creds" "key" "password") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdncdb-user-creds" "key" "password") | indent 10 }} volumeMounts: - mountPath: /config-input/appc-data-properties name: onap-appc-data-properties-input @@ -104,15 +104,15 @@ spec: periodSeconds: {{ .Values.readiness.periodSeconds }} env: - name: MYSQL_ROOT_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}} - name: APPC_DB_USER - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "appcdb-user-creds" "key" "login") | indent 14 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "appcdb-user-creds" "key" "login") | indent 14 }} - name: APPC_DB_PASSWD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "appcdb-user-creds" "key" "password") | indent 14 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "appcdb-user-creds" "key" "password") | indent 14 }} - name: SDNC_DB_USER - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "sdncdb-user-creds" "key" "login") | indent 14 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdncdb-user-creds" "key" "login") | indent 14 }} - name: SDNC_DB_PASSWD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "sdncdb-user-creds" "key" "password") | indent 14 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdncdb-user-creds" "key" "password") | indent 14 }} - name: SDNC_CONFIG_DIR value: "{{ .Values.config.configDir }}" - name: APPC_CONFIG_DIR diff --git a/kubernetes/cds/charts/cds-blueprints-processor/templates/deployment.yaml b/kubernetes/cds/charts/cds-blueprints-processor/templates/deployment.yaml index 3a887f193e..ab7245e56a 100755 --- a/kubernetes/cds/charts/cds-blueprints-processor/templates/deployment.yaml +++ b/kubernetes/cds/charts/cds-blueprints-processor/templates/deployment.yaml @@ -51,11 +51,11 @@ spec: - "cd /config-input && for PFILE in `ls -1 .`; do envsubst '${CDS_DB_USERNAME},${CDS_DB_PASSWORD},${CDS_DB_ROOT_PASSWORD}' <${PFILE} >/config/${PFILE}; done" env: - name: CDS_DB_USERNAME - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cds-db-user-creds" "key" "login") | indent 10}} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cds-db-user-creds" "key" "login") | indent 10}} - name: CDS_DB_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cds-db-user-creds" "key" "password") | indent 10}} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cds-db-user-creds" "key" "password") | indent 10}} - name: CDS_DB_ROOT_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cds-db-root-pass" "key" "password") | indent 10}} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cds-db-root-pass" "key" "password") | indent 10}} volumeMounts: - mountPath: /config-input/application.properties diff --git a/kubernetes/cds/charts/cds-blueprints-processor/templates/secrets.yaml b/kubernetes/cds/charts/cds-blueprints-processor/templates/secrets.yaml index 87edb92a4b..bd7eb8ea40 100644 --- a/kubernetes/cds/charts/cds-blueprints-processor/templates/secrets.yaml +++ b/kubernetes/cds/charts/cds-blueprints-processor/templates/secrets.yaml @@ -11,4 +11,5 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -{{ include "common.secret" . }} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/cds/templates/secrets.yaml b/kubernetes/cds/templates/secrets.yaml index 87edb92a4b..bd7eb8ea40 100644 --- a/kubernetes/cds/templates/secrets.yaml +++ b/kubernetes/cds/templates/secrets.yaml @@ -11,4 +11,5 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -{{ include "common.secret" . }} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/clamp/charts/clamp-backend/values.yaml b/kubernetes/clamp/charts/clamp-backend/values.yaml index 498149412a..153f1e7e2e 100644 --- a/kubernetes/clamp/charts/clamp-backend/values.yaml +++ b/kubernetes/clamp/charts/clamp-backend/values.yaml @@ -27,7 +27,7 @@ flavor: small # application image repository: nexus3.onap.org:10001 -image: onap/clamp-backend:4.1.3 +image: onap/clamp-backend:5.0.1 pullPolicy: Always # flag to enable debugging - application support required @@ -45,12 +45,7 @@ config: springApplicationJson: > { "spring.datasource.cldsdb.url": "jdbc:mariadb:sequential://clampdb.{{ include "common.namespace" . }}:3306/cldsdb4?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3", - "spring.profiles.active": "clamp-default,clamp-default-user,clamp-sdc-controller-new", - "clamp.config.sdc.catalog.url": "http://sdc-be.{{ include "common.namespace" . }}:8080/sdc/v1/catalog/", - "clamp.config.sdc.hostUrl": "http://sdc-be.{{ include "common.namespace" . }}:8080/", - "clamp.config.sdc.serviceUrl": "http://sdc-be.{{ include "common.namespace" . }}:8080/sdc/v1/catalog/services", - "clamp.config.sdc.serviceUsername": "clamp", - "clamp.config.sdc.servicePassword": "b7acccda32b98c5bb7acccda32b98c5b05D511BD6D93626E90D18E9D24D9B78CD34C7EE8012F0A189A28763E82271E50A5D4EC10C7D93E06E0A2D27CAE66B981", + "spring.profiles.active": "clamp-default,clamp-aaf-authentication,clamp-sdc-controller,clamp-ssl-config,clamp-policy-controller,legacy-operational-policy,default-dictionary-elements", "clamp.config.files.sdcController": "file:/opt/clamp/sdc-controllers-config.json", "clamp.config.dcae.inventory.url": "https4://inventory.{{ include "common.namespace" . }}:8080", "clamp.config.dcae.dispatcher.url": "https4://deployment-handler.{{ include "common.namespace" . }}:8443", @@ -63,10 +58,6 @@ config: "clamp.config.policy.pap.url": "https4://policy-pap.{{ include "common.namespace" . }}:6969", "clamp.config.policy.pap.userName": "healthcheck", "clamp.config.policy.pap.password": "zb!XztG34", - "clamp.config.policy.pdpUrl1": "https://pdp.{{ include "common.namespace" . }}:8081/pdp/ , testpdp, alpha123", - "clamp.config.policy.pdpUrl2": "https://pdp.{{ include "common.namespace" . }}:8081/pdp/ , testpdp, alpha123", - "clamp.config.policy.papUrl": "https://pap.{{ include "common.namespace" . }}:9091/pap/ , testpap, alpha123", - "clamp.config.policy.clientKey": "dGVzdA==", "clamp.config.cadi.aafLocateUrl": "https://aaf-locate.{{ include "common.namespace" . }}:8095", "com.att.eelf.logging.path": "/opt/clamp", "com.att.eelf.logging.file": "logback.xml" diff --git a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bulkload/create-tables.sql b/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bulkload/create-tables.sql index 0e15d4d3a2..1f153bce04 100644 --- a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bulkload/create-tables.sql +++ b/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bulkload/create-tables.sql @@ -1,10 +1,53 @@ + create table dictionary ( + name varchar(255) not null, + created_by varchar(255), + created_timestamp datetime(6) not null, + updated_by varchar(255), + updated_timestamp datetime(6) not null, + dictionary_second_level integer, + dictionary_type varchar(255), + primary key (name) + ) engine=InnoDB; + + create table dictionary_elements ( + short_name varchar(255) not null, + created_by varchar(255), + created_timestamp datetime(6) not null, + updated_by varchar(255), + updated_timestamp datetime(6) not null, + description varchar(255) not null, + name varchar(255) not null, + subdictionary_name varchar(255), + type varchar(255) not null, + primary key (short_name) + ) engine=InnoDB; + + create table dictionary_to_dictionaryelements ( + dictionary_name varchar(255) not null, + dictionary_element_short_name varchar(255) not null, + primary key (dictionary_name, dictionary_element_short_name) + ) engine=InnoDB; + create table hibernate_sequence ( next_val bigint ) engine=InnoDB; insert into hibernate_sequence values ( 1 ); + create table loop_element_models ( + name varchar(255) not null, + created_by varchar(255), + created_timestamp datetime(6) not null, + updated_by varchar(255), + updated_timestamp datetime(6) not null, + blueprint_yaml MEDIUMTEXT, + dcae_blueprint_id varchar(255), + loop_element_type varchar(255) not null, + short_name varchar(255), + primary key (name) + ) engine=InnoDB; + create table loop_logs ( id bigint not null, log_component varchar(255) not null, @@ -15,59 +58,200 @@ primary key (id) ) engine=InnoDB; - create table loops ( + create table loop_templates ( name varchar(255) not null, - blueprint_yaml MEDIUMTEXT not null, + created_by varchar(255), + created_timestamp datetime(6) not null, + updated_by varchar(255), + updated_timestamp datetime(6) not null, + allowed_loop_type varchar(255), + blueprint_yaml MEDIUMTEXT, dcae_blueprint_id varchar(255), + maximum_instances_allowed integer, + svg_representation MEDIUMTEXT, + unique_blueprint boolean default false, + service_uuid varchar(255), + primary key (name) + ) engine=InnoDB; + + create table loopelementmodels_to_policymodels ( + loop_element_name varchar(255) not null, + policy_model_type varchar(255) not null, + policy_model_version varchar(255) not null, + primary key (loop_element_name, policy_model_type, policy_model_version) + ) engine=InnoDB; + + create table loops ( + name varchar(255) not null, + created_by varchar(255), + created_timestamp datetime(6) not null, + updated_by varchar(255), + updated_timestamp datetime(6) not null, dcae_deployment_id varchar(255), dcae_deployment_status_url varchar(255), global_properties_json json, last_computed_state varchar(255) not null, - model_properties_json json, - operational_policy_schema json, svg_representation MEDIUMTEXT, + loop_template_name varchar(255) not null, + service_uuid varchar(255), primary key (name) ) engine=InnoDB; - create table loops_microservicepolicies ( - loop_id varchar(255) not null, - microservicepolicy_id varchar(255) not null, - primary key (loop_id, microservicepolicy_id) + create table loops_to_microservicepolicies ( + loop_name varchar(255) not null, + microservicepolicy_name varchar(255) not null, + primary key (loop_name, microservicepolicy_name) + ) engine=InnoDB; + + create table looptemplates_to_loopelementmodels ( + loop_element_model_name varchar(255) not null, + loop_template_name varchar(255) not null, + flow_order integer not null, + primary key (loop_element_model_name, loop_template_name) ) engine=InnoDB; create table micro_service_policies ( name varchar(255) not null, + created_by varchar(255), + created_timestamp datetime(6) not null, + updated_by varchar(255), + updated_timestamp datetime(6) not null, + configurations_json json, json_representation json not null, - model_type varchar(255) not null, - policy_tosca MEDIUMTEXT not null, - properties json, + pdp_group varchar(255), + pdp_sub_group varchar(255), + context varchar(255), + dcae_blueprint_id varchar(255), + dcae_deployment_id varchar(255), + dcae_deployment_status_url varchar(255), + device_type_scope varchar(255), shared bit not null, + loop_element_model_id varchar(255), + policy_model_type varchar(255), + policy_model_version varchar(255), primary key (name) ) engine=InnoDB; create table operational_policies ( name varchar(255) not null, + created_by varchar(255), + created_timestamp datetime(6) not null, + updated_by varchar(255), + updated_timestamp datetime(6) not null, configurations_json json, + json_representation json not null, + pdp_group varchar(255), + pdp_sub_group varchar(255), + loop_element_model_id varchar(255), + policy_model_type varchar(255), + policy_model_version varchar(255), loop_id varchar(255) not null, primary key (name) ) engine=InnoDB; - alter table loop_logs - add constraint FK1j0cda46aickcaoxqoo34khg2 - foreign key (loop_id) + create table policy_models ( + policy_model_type varchar(255) not null, + version varchar(255) not null, + created_by varchar(255), + created_timestamp datetime(6) not null, + updated_by varchar(255), + updated_timestamp datetime(6) not null, + policy_acronym varchar(255), + policy_tosca MEDIUMTEXT, + policy_pdp_group json, + primary key (policy_model_type, version) + ) engine=InnoDB; + + create table services ( + service_uuid varchar(255) not null, + name varchar(255) not null, + resource_details json, + service_details json, + version varchar(255), + primary key (service_uuid) + ) engine=InnoDB; + + alter table dictionary_to_dictionaryelements + add constraint FK68hjjinnm8nte2owstd0xwp23 + foreign key (dictionary_element_short_name) + references dictionary_elements (short_name); + + alter table dictionary_to_dictionaryelements + add constraint FKtqfxg46gsxwlm2gkl6ne3cxfe + foreign key (dictionary_name) + references dictionary (name); + + alter table loop_logs + add constraint FK1j0cda46aickcaoxqoo34khg2 + foreign key (loop_id) references loops (name); - alter table loops_microservicepolicies - add constraint FKem7tp1cdlpwe28av7ef91j1yl - foreign key (microservicepolicy_id) + alter table loop_templates + add constraint FKn692dk6281wvp1o95074uacn6 + foreign key (service_uuid) + references services (service_uuid); + + alter table loopelementmodels_to_policymodels + add constraint FK23j2q74v6kaexefy0tdabsnda + foreign key (policy_model_type, policy_model_version) + references policy_models (policy_model_type, version); + + alter table loopelementmodels_to_policymodels + add constraint FKjag1iu0olojfwryfkvb5o0rk5 + foreign key (loop_element_name) + references loop_element_models (name); + + alter table loops + add constraint FK844uwy82wt0l66jljkjqembpj + foreign key (loop_template_name) + references loop_templates (name); + + alter table loops + add constraint FK4b9wnqopxogwek014i1shqw7w + foreign key (service_uuid) + references services (service_uuid); + + alter table loops_to_microservicepolicies + add constraint FKle255jmi7b065fwbvmwbiehtb + foreign key (microservicepolicy_name) references micro_service_policies (name); - alter table loops_microservicepolicies - add constraint FKsvx91jekgdkfh34iaxtjfgebt - foreign key (loop_id) + alter table loops_to_microservicepolicies + add constraint FK8avfqaf7xl71l7sn7a5eri68d + foreign key (loop_name) references loops (name); - alter table operational_policies - add constraint FK1ddoggk9ni2bnqighv6ecmuwu - foreign key (loop_id) + alter table looptemplates_to_loopelementmodels + add constraint FK1k7nbrbugvqa0xfxkq3cj1yn9 + foreign key (loop_element_model_name) + references loop_element_models (name); + + alter table looptemplates_to_loopelementmodels + add constraint FKj29yxyw0x7ue6mwgi6d3qg748 + foreign key (loop_template_name) + references loop_templates (name); + + alter table micro_service_policies + add constraint FKqvvdypacbww07fuv8xvlvdjgl + foreign key (loop_element_model_id) + references loop_element_models (name); + + alter table micro_service_policies + add constraint FKn17j9ufmyhqicb6cvr1dbjvkt + foreign key (policy_model_type, policy_model_version) + references policy_models (policy_model_type, version); + + alter table operational_policies + add constraint FKi9kh7my40737xeuaye9xwbnko + foreign key (loop_element_model_id) + references loop_element_models (name); + + alter table operational_policies + add constraint FKlsyhfkoqvkwj78ofepxhoctip + foreign key (policy_model_type, policy_model_version) + references policy_models (policy_model_type, version); + + alter table operational_policies + add constraint FK1ddoggk9ni2bnqighv6ecmuwu + foreign key (loop_id) references loops (name); diff --git a/kubernetes/clamp/charts/mariadb/templates/configmap.yaml b/kubernetes/clamp/charts/mariadb/templates/configmap.yaml index b21f052ce3..705c38fa19 100644 --- a/kubernetes/clamp/charts/mariadb/templates/configmap.yaml +++ b/kubernetes/clamp/charts/mariadb/templates/configmap.yaml @@ -29,19 +29,6 @@ data: --- apiVersion: v1 kind: ConfigMap -metadata: - name: clamp-entrypoint-drop-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/mariadb/docker-entrypoint-initdb.d/drop/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap metadata: name: clamp-entrypoint-bulkload-configmap namespace: {{ include "common.namespace" . }} diff --git a/kubernetes/clamp/charts/mariadb/templates/deployment.yaml b/kubernetes/clamp/charts/mariadb/templates/deployment.yaml index 490ff18522..be46f89433 100644 --- a/kubernetes/clamp/charts/mariadb/templates/deployment.yaml +++ b/kubernetes/clamp/charts/mariadb/templates/deployment.yaml @@ -58,14 +58,12 @@ spec: name: {{ template "common.fullname" . }} key: db-root-password volumeMounts: - - mountPath: /docker-entrypoint-initdb.d/load-sql-files-tests-automation.sh + - mountPath: /docker-entrypoint-initdb.d/bootstrap-database.sh name: docker-entrypoint-initdb - subPath: load-sql-files-tests-automation.sh + subPath: bootstrap-database.sh - mountPath: /etc/localtime name: localtime readOnly: true - - mountPath: /docker-entrypoint-initdb.d/drop/ - name: docker-entrypoint-clds-drop - mountPath: /docker-entrypoint-initdb.d/bulkload/ name: docker-entrypoint-bulkload - mountPath: /etc/mysql/conf.d/conf1/ @@ -93,9 +91,6 @@ spec: - name: docker-entrypoint-initdb configMap: name: clamp-entrypoint-initdb-configmap - - name: docker-entrypoint-clds-drop - configMap: - name: clamp-entrypoint-drop-configmap - name: docker-entrypoint-bulkload configMap: name: clamp-entrypoint-bulkload-configmap diff --git a/kubernetes/clamp/resources/config/nginx.conf b/kubernetes/clamp/resources/config/default.conf similarity index 95% rename from kubernetes/clamp/resources/config/nginx.conf rename to kubernetes/clamp/resources/config/default.conf index da7978ad01..84beff8d5a 100644 --- a/kubernetes/clamp/resources/config/nginx.conf +++ b/kubernetes/clamp/resources/config/default.conf @@ -1,6 +1,6 @@ server { - listen 443 default ssl; + listen 2443 default ssl; ssl_protocols TLSv1.2; ssl_certificate /etc/ssl/clamp.pem; ssl_certificate_key /etc/ssl/clamp.key; diff --git a/kubernetes/clamp/templates/deployment.yaml b/kubernetes/clamp/templates/deployment.yaml index cc6440050f..e4ac4723da 100644 --- a/kubernetes/clamp/templates/deployment.yaml +++ b/kubernetes/clamp/templates/deployment.yaml @@ -81,9 +81,9 @@ spec: volumeMounts: - name: {{ include "common.fullname" . }}-logs mountPath: /var/log/nginx/ - - mountPath: /etc/nginx/conf.d/nginx.conf + - mountPath: /etc/nginx/conf.d/default.conf name: {{ include "common.fullname" . }}-config - subPath: nginx.conf + subPath: default.conf resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -99,8 +99,8 @@ spec: configMap: name: {{ include "common.fullname" . }} items: - - key: nginx.conf - path: nginx.conf + - key: default.conf + path: default.conf - name: {{ include "common.fullname" . }}-filebeat-conf configMap: name: {{ include "common.release" . }}-clamp-filebeat-configmap @@ -110,3 +110,4 @@ spec: emptyDir: {} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" + diff --git a/kubernetes/clamp/values.yaml b/kubernetes/clamp/values.yaml index d66273dce1..1839633196 100644 --- a/kubernetes/clamp/values.yaml +++ b/kubernetes/clamp/values.yaml @@ -30,7 +30,7 @@ flavor: small # application image repository: nexus3.onap.org:10001 -image: onap/clamp-frontend:4.1.3 +image: onap/clamp-frontend:5.0.1 pullPolicy: Always # flag to enable debugging - application support required @@ -69,7 +69,7 @@ service: type: NodePort name: clamp-external portName: clamp-external - internalPort: 443 + internalPort: 2443 nodePort: 58 # as of 20180904 port 58 is reserved for clamp from log/logdemonode @@ -78,7 +78,7 @@ service: type2: ClusterIP name2: clamp portName2: clamp-internal - internalPort2: 443 + internalPort2: 2443 externalPort2: 8443 ingress: @@ -86,7 +86,7 @@ ingress: service: - baseaddr: "clamp" name: "clamp" - port: 443 + port: 2443 config: ssl: "redirect" diff --git a/kubernetes/common/common/templates/_labels.tpl b/kubernetes/common/common/templates/_labels.tpl index 854019c197..66727629ef 100644 --- a/kubernetes/common/common/templates/_labels.tpl +++ b/kubernetes/common/common/templates/_labels.tpl @@ -63,10 +63,13 @@ app.kubernetes.io/instance: {{ include "common.release" $dot }} {{- $dot := default . .dot -}} {{- $suffix := default "" .suffix -}} {{- $labels := default (dict) .labels -}} - +{{- $annotations := default (dict) .annotations -}} name: {{ include "common.fullname" (dict "suffix" $suffix "dot" $dot )}} namespace: {{ include "common.namespace" $dot }} labels: {{- include "common.labels" (dict "labels" $labels "dot" $dot ) | nindent 2 }} +{{- if $annotations }} +annotations: {{- include "common.tplValue" (dict "value" $annotations "context" $dot) | nindent 2}} +{{- end -}} {{- end -}} {{/* diff --git a/kubernetes/common/common/templates/_secret.tpl b/kubernetes/common/common/templates/_secret.tpl index a89ab6dfc7..78e94eab91 100644 --- a/kubernetes/common/common/templates/_secret.tpl +++ b/kubernetes/common/common/templates/_secret.tpl @@ -189,12 +189,15 @@ type: Opaque {{- $entry := dict }} {{- $uid := tpl (default "" $secret.uid) $global }} {{- $keys := keys $secret }} - {{- range $key := (without $keys "annotations" )}} + {{- range $key := (without $keys "annotations" "filePaths" )}} {{- $_ := set $entry $key (tpl (index $secret $key) $global) }} {{- end }} {{- if $secret.annotations }} {{- $_ := set $entry "annotations" $secret.annotations }} {{- end }} + {{- if $secret.filePaths }} + {{- $_ := set $entry "filePaths" $secret.filePaths }} + {{- end }} {{- $realName := default (include "common.secret.genNameFast" (dict "global" $global "uid" $uid "name" $entry.name) ) $entry.externalSecret }} {{- $_ := set $entry "realName" $realName }} {{- $_ := set $secretCache $uid $entry }} diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml index a4200c3fd1..c2261d1ded 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml @@ -109,7 +109,7 @@ mongo: # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.12.2 +image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.12.3 default_k8s_location: central # DCAE component images to be deployed via Cloudify Manager @@ -118,7 +118,7 @@ componentImages: holmes_rules: onap/holmes/rule-management:1.2.7 holmes_engine: onap/holmes/engine-management:1.2.6 tca: onap/org.onap.dcaegen2.deployments.tca-cdap-container:1.2.2 - tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.0.0 + tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.0.1 ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.5.4 snmptrap: onap/org.onap.dcaegen2.collectors.snmptrap:1.4.0 prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.2 diff --git a/kubernetes/dcaegen2/components/dcae-servicechange-handler/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-servicechange-handler/templates/deployment.yaml index eb2068394e..3d7b24226e 100644 --- a/kubernetes/dcaegen2/components/dcae-servicechange-handler/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-servicechange-handler/templates/deployment.yaml @@ -65,7 +65,7 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} resources: {} volumeMounts: - - mountPath: /opt/tls/shared + - mountPath: /opt/app/osaaf name: tls-info containers: - name: {{ include "common.name" . }} diff --git a/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/deployment.yaml index 17ca948ade..7ba2a1202d 100644 --- a/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/deployment.yaml +++ b/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/deployment.yaml @@ -64,9 +64,9 @@ spec: - name: NIFI_REGISTRY_DB_URL value: {{ .Values.config.dbURL }} - name: NIFI_REGISTRY_DB_USER - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "dbsecret" "key" "login") | indent 12 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dbsecret" "key" "login") | indent 12 }} - name: NIFI_REGISTRY_DB_PASS - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "dbsecret" "key" "password") | indent 12 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dbsecret" "key" "password") | indent 12 }} volumes: - name: flow-storage persistentVolumeClaim: diff --git a/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/secrets.yaml b/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/secrets.yaml index 3c2bb3300f..45ac464cbe 100644 --- a/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/secrets.yaml +++ b/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/secrets.yaml @@ -14,4 +14,4 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= -{{ include "common.secret" . }} \ No newline at end of file +{{ include "common.secretFast" . }} diff --git a/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/deployment.yaml index 2a7a6c14ee..df531162bc 100644 --- a/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/deployment.yaml +++ b/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/deployment.yaml @@ -71,7 +71,7 @@ spec: - name: PG_USER value: postgres - name: PG_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14 }} - name: PG_PORT value: "5432" - name: PG_DB_NAME diff --git a/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/secret.yaml b/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/secret.yaml index dee311c336..bd7eb8ea40 100644 --- a/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/secret.yaml +++ b/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/secret.yaml @@ -12,4 +12,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -{{ include "common.secret" . }} +{{ include "common.secretFast" . }} diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/deployment.yaml index 8b885895e0..5a52e10d6e 100644 --- a/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/deployment.yaml +++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/deployment.yaml @@ -46,9 +46,9 @@ spec: - name: DASHBOARD_URL value: {{ .Values.config.dashboardURL }} - name: DASHBOARD_USERNAME - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "dashsecret" "key" "login") | indent 14 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dashsecret" "key" "login") | indent 14 }} - name: DASHBOARD_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "dashsecret" "key" "password") | indent 14 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dashsecret" "key" "password") | indent 14 }} - name: ONAP_TOPICURL value: {{ .Values.config.mrTopicURL }} - name: ONAP_IMPORT_CLOUDIFYPLUGIN diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/secrets.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/secrets.yaml index 3c2bb3300f..0a0475c889 100644 --- a/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/secrets.yaml +++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/secrets.yaml @@ -14,4 +14,5 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= -{{ include "common.secret" . }} \ No newline at end of file + +{{ include "common.secretFast" . }} diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml index 592def272f..a56552e6c0 100644 --- a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml @@ -72,7 +72,7 @@ readiness: # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.0.0 +image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.0.1 # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml index 104fcdc54a..adbdb688c2 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml @@ -122,9 +122,9 @@ spec: periodSeconds: {{ .Values.readiness.periodSeconds }} env: - name: DB_USERNAME - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "dmaap-dr-db-user-secret" "key" "login") | indent 12 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-dr-db-user-secret" "key" "login") | indent 12 }} - name: DB_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "dmaap-dr-db-user-secret" "key" "password") | indent 12 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-dr-db-user-secret" "key" "password") | indent 12 }} volumeMounts: {{- if .Values.global.aafEnabled }} - mountPath: {{ .Values.persistence.aafCredsPath }} diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/secret.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/secret.yaml index dee311c336..bd7eb8ea40 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/secret.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/secret.yaml @@ -12,4 +12,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -{{ include "common.secret" . }} +{{ include "common.secretFast" . }} diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/cadi.properties b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/cadi.properties index 977699d83a..2bee404c0b 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/cadi.properties +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/cadi.properties @@ -3,16 +3,15 @@ aaf_env=DEV aaf_lur=org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm cadi_truststore=/etc/kafka/secrets/cert/org.onap.dmaap.mr.trust.jks -cadi_truststore_password=enc:gvXm0E9p-_SRNw5_feOUE7wqXBxgxV3S_bdAyB08Sq9F35cCUZHWgQyKIDtTAbEw +cadi_truststore_password=enc:mN6GiIzFQxKGDzAXDOs7b4j8DdIX02QrZ9QOWNRpxV3rD6whPCfizSMZkJwxi_FJ cadi_keyfile=/etc/kafka/secrets/cert/org.onap.dmaap.mr.keyfile cadi_alias=dmaapmr@mr.dmaap.onap.org cadi_keystore=/etc/kafka/secrets/cert/org.onap.dmaap.mr.p12 -cadi_keystore_password=enc:pLMCzQzk-OP7IpYNi0TPtQSkNcraFAdarZG8HbdOKq4BycW6g_7mfhphLhOZo6ht +cadi_keystore_password=enc:_JJT2gAEkRzXla5xfDIHal8pIoIB5iIos3USvZQT6sL-l14LpI5fRFR_QIGUCh5W cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US - cadi_loglevel=INFO cadi_protocols=TLSv1.1,TLSv1.2 cadi_latitude=37.78187 diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/configmap.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/configmap.yaml index 50398987d2..1a86f18e77 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/configmap.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/configmap.yaml @@ -38,8 +38,8 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/jaas/kafka_server_jaas.conf").AsConfig . | indent 2 }} - -{{ else }} +--- +{{- else }} apiVersion: v1 kind: ConfigMap @@ -53,7 +53,7 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/jaas/zk_client_jaas.conf").AsConfig . | indent 2 }} - +--- {{- end }} {{- if .Values.prometheus.jmx.enabled }} @@ -68,6 +68,6 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} data: -{{ (.Files.Glob "resources/config/jmx-kafka-prometheus.yml").AsConfig | indent 2 }} +{{ tpl (.Files.Glob "resources/config/jmx-kafka-prometheus.yml").AsConfig . | indent 2 }} --- {{- end }} \ No newline at end of file diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/secrets.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/secrets.yaml index 58a10662e8..428eebcc3e 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/secrets.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/secrets.yaml @@ -12,4 +12,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -{{ include "common.secret" . }} \ No newline at end of file +{{ include "common.secretFast" . }} diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml index ab3a6bf852..4ba11ec8c7 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml @@ -96,13 +96,13 @@ spec: - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/etc/kafka/secrets/jaas/${PFILE}; done" env: - name: ZK_ADMIN - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "zk-client" "key" "login") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "zk-client" "key" "login") | indent 10 }} - name: ZK_PSWD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "zk-client" "key" "password") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "zk-client" "key" "password") | indent 10 }} - name: KAFKA_ADMIN - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "kafka-admin" "key" "login") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "kafka-admin" "key" "login") | indent 10 }} - name: KAFKA_PSWD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "kafka-admin" "key" "password") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "kafka-admin" "key" "password") | indent 10 }} volumeMounts: - mountPath: /etc/kafka/secrets/jaas name: jaas-config @@ -201,7 +201,7 @@ spec: - name: KAFKA_AUTHORIZER_CLASS_NAME value: "{{ .Values.kafka.authorizer }}" {{ else }} - - name: KAFKA_OPTS + - name: KAFKA_OPTS value: "{{ .Values.kafka.jaasOptions }}" - name: KAFKA_LISTENER_SECURITY_PROTOCOL_MAP value: "{{ .Values.kafka.protocolMap }}" @@ -283,4 +283,4 @@ spec: storage: {{ .Values.persistence.size | quote }} {{ end }} imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" \ No newline at end of file + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/values.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/values.yaml index 0399c3aefb..45dc30e4ee 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/values.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/values.yaml @@ -31,7 +31,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/dmaap/kafka111:1.0.3 +image: onap/dmaap/kafka111:1.0.4 pullPolicy: Always ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 busyBoxImage: busybox:1.30 @@ -70,6 +70,7 @@ configurationOverrides: "log.retention.hours": "168" "zookeeper.connection.timeout.ms": "6000" "default.replication.factor": "3" + "zookeeper.set.acl": "true" jmx: port: 5555 diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/configmap.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/configmap.yaml index 907111d898..50091bd387 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/configmap.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/configmap.yaml @@ -24,7 +24,7 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} data: -{{ (.Files.Glob "resources/config/jmx-zookeeper-prometheus.yml").AsConfig | indent 2 }} +{{ tpl (.Files.Glob "resources/config/jmx-zookeeper-prometheus.yml").AsConfig . | indent 2 }} --- {{ end }} diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/secrets.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/secrets.yaml index 729cad4cac..428eebcc3e 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/secrets.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/secrets.yaml @@ -12,4 +12,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -{{ include "common.secret" . }} +{{ include "common.secretFast" . }} diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml index e98e614d93..e48982319f 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml @@ -80,9 +80,9 @@ spec: - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/etc/zookeeper/secrets/jaas/${PFILE}; done" env: - name: ZK_ADMIN - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "zk-admin" "key" "login") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "zk-admin" "key" "login") | indent 10 }} - name: ZK_PSWD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "zk-admin" "key" "password") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "zk-admin" "key" "password") | indent 10 }} volumeMounts: - mountPath: /etc/zookeeper/secrets/jaas name: jaas-config @@ -171,8 +171,6 @@ spec: value: "{{ .Values.zkConfig.clientPort }}" - name: KAFKA_OPTS value: "{{ .Values.zkConfig.kafkaOpts }}" - - name: EXTRA_ARGS - value: "{{ .Values.zkConfig.extraArgs }}" - name: ZOOKEEPER_SERVER_ID valueFrom: fieldRef: @@ -210,7 +208,7 @@ spec: name: {{ include "common.fullname" . }}-jaas-configmap {{- if .Values.prometheus.jmx.enabled }} - name: jmx-config - configMap: + configMap: name: {{ include "common.fullname" . }}-prometheus-configmap {{- end }} {{ if not .Values.persistence.enabled }} @@ -234,4 +232,4 @@ spec: storage: {{ .Values.persistence.size | quote }} {{ end }} imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" \ No newline at end of file + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/values.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/values.yaml index 4abb6e3c4a..4f861f8789 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/values.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/values.yaml @@ -31,7 +31,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/dmaap/zookeeper:6.0.2 +image: onap/dmaap/zookeeper:6.0.3 pullPolicy: Always ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 busyBoxImage: busybox:1.30 @@ -75,8 +75,7 @@ zkConfig: autoPurgeSnapRetainCount: 3 autoPurgePurgeInterval: 24 heapOptions: -Xmx2G -Xms2G - kafkaOpts: -Dzookeeper.authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider - extraArgs: -Djava.security.auth.login.config=/etc/zookeeper/secrets/jaas/zk_server_jaas.conf + kafkaOpts: -Djava.security.auth.login.config=/etc/zookeeper/secrets/jaas/zk_server_jaas.conf -Dzookeeper.kerberos.removeHostFromPrincipal=true -Dzookeeper.kerberos.removeRealmFromPrincipal=true -Dzookeeper.authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider -Dzookeeper.requireClientAuthScheme=sasl clientPort: 2181 jmx: diff --git a/kubernetes/dmaap/components/message-router/resources/config/dmaap/cadi.properties b/kubernetes/dmaap/components/message-router/resources/config/dmaap/cadi.properties index 36dafce986..dca56c823d 100755 --- a/kubernetes/dmaap/components/message-router/resources/config/dmaap/cadi.properties +++ b/kubernetes/dmaap/components/message-router/resources/config/dmaap/cadi.properties @@ -4,17 +4,16 @@ aaf_env=DEV aaf_lur=org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm cadi_truststore=/appl/dmaapMR1/etc/org.onap.dmaap.mr.trust.jks -cadi_truststore_password=enc:gvXm0E9p-_SRNw5_feOUE7wqXBxgxV3S_bdAyB08Sq9F35cCUZHWgQyKIDtTAbEw +cadi_truststore_password=enc:mN6GiIzFQxKGDzAXDOs7b4j8DdIX02QrZ9QOWNRpxV3rD6whPCfizSMZkJwxi_FJ cadi_keyfile=/appl/dmaapMR1/etc/org.onap.dmaap.mr.keyfile cadi_alias=dmaapmr@mr.dmaap.onap.org cadi_keystore=/appl/dmaapMR1/etc/org.onap.dmaap.mr.p12 -cadi_keystore_password=enc:pLMCzQzk-OP7IpYNi0TPtQSkNcraFAdarZG8HbdOKq4BycW6g_7mfhphLhOZo6ht +cadi_keystore_password=enc:_JJT2gAEkRzXla5xfDIHal8pIoIB5iIos3USvZQT6sL-l14LpI5fRFR_QIGUCh5W cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US - cadi_loglevel=INFO cadi_protocols=TLSv1.1,TLSv1.2 cadi_latitude=37.78187 -cadi_longitude=-122.26147 +cadi_longitude=-122.26147 \ No newline at end of file diff --git a/kubernetes/dmaap/components/message-router/resources/config/dmaap/jmx-mrservice-prometheus.yml b/kubernetes/dmaap/components/message-router/resources/config/dmaap/jmx-mrservice-prometheus.yml new file mode 100644 index 0000000000..3ee9fc5fe6 --- /dev/null +++ b/kubernetes/dmaap/components/message-router/resources/config/dmaap/jmx-mrservice-prometheus.yml @@ -0,0 +1,4 @@ +jmxUrl: service:jmx:rmi:///jndi/rmi://localhost:{{ .Values.prometheus.jmx.targetPort }}/jmxrmi +lowercaseOutputName: true +lowercaseOutputLabelNames: true +ssl: false \ No newline at end of file diff --git a/kubernetes/dmaap/components/message-router/templates/configmap.yaml b/kubernetes/dmaap/components/message-router/templates/configmap.yaml index 9a2dea88e8..f981d6f7a6 100644 --- a/kubernetes/dmaap/components/message-router/templates/configmap.yaml +++ b/kubernetes/dmaap/components/message-router/templates/configmap.yaml @@ -12,7 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - apiVersion: v1 kind: ConfigMap metadata: @@ -79,4 +78,21 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/topics/*.json").AsConfig . | indent 2 }} +--- +{{- if .Values.prometheus.jmx.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-prometheus-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/dmaap/jmx-mrservice-prometheus.yml").AsConfig . | indent 2 }} +--- +{{ end }} + diff --git a/kubernetes/dmaap/components/message-router/templates/post-install-job.yaml b/kubernetes/dmaap/components/message-router/templates/post-install-job.yaml index 4b45352ed0..26f38c9a4f 100644 --- a/kubernetes/dmaap/components/message-router/templates/post-install-job.yaml +++ b/kubernetes/dmaap/components/message-router/templates/post-install-job.yaml @@ -1,3 +1,17 @@ +{{- if .Values.global.aafEnabled }} +# Copyright © 2020 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. apiVersion: batch/v1 kind: Job metadata: @@ -73,3 +87,4 @@ spec: name: {{ include "common.fullname" . }}-dbc-topics imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" +{{- end }} \ No newline at end of file diff --git a/kubernetes/dmaap/components/message-router/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/templates/statefulset.yaml index c17fda1108..695a816693 100644 --- a/kubernetes/dmaap/components/message-router/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/message-router/templates/statefulset.yaml @@ -41,6 +41,27 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness containers: + {{- if .Values.prometheus.jmx.enabled }} + - name: prometheus-jmx-exporter + image: "{{ .Values.prometheus.jmx.imageRepository }}/{{ .Values.prometheus.jmx.image }}:{{ .Values.prometheus.jmx.imageTag }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - java + - -XX:+UnlockExperimentalVMOptions + - -XX:+UseCGroupMemoryLimitForHeap + - -XX:MaxRAMFraction=1 + - -XshowSettings:vm + - -jar + - jmx_prometheus_httpserver.jar + - {{ .Values.prometheus.jmx.port | quote }} + - /etc/jmx-kafka/jmx-mrservice-prometheus.yml + ports: + - containerPort: {{ .Values.prometheus.jmx.port }} + resources: + volumeMounts: + - name: jmx-config + mountPath: /etc/jmx-kafka + {{- end }} - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} @@ -92,6 +113,11 @@ spec: - name: cadi configMap: name: {{ include "common.fullname" . }}-cadi-prop-configmap + {{- if .Values.prometheus.jmx.enabled }} + - name: jmx-config + configMap: + name: {{ include "common.fullname" . }}-prometheus-configmap + {{- end }} - name: mykey secret: secretName: {{ include "common.fullname" . }}-secret diff --git a/kubernetes/dmaap/components/message-router/values.yaml b/kubernetes/dmaap/components/message-router/values.yaml index b14c35f183..da9e41eebf 100644 --- a/kubernetes/dmaap/components/message-router/values.yaml +++ b/kubernetes/dmaap/components/message-router/values.yaml @@ -28,7 +28,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/dmaap/dmaap-mr:1.1.17 +image: onap/dmaap/dmaap-mr:1.1.18 pullPolicy: Always kafka: @@ -84,6 +84,15 @@ service: port_protocol: http nodePort: 26 +prometheus: + jmx: + enabled: false + image: solsson/kafka-prometheus-jmx-exporter@sha256 + imageTag: 6f82e2b0464f50da8104acd7363fb9b995001ddff77d248379f8788e78946143 + imageRepository: docker.io + port: 5556 + targetPort: 5555 + ingress: enabled: false diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml b/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml index fb31b8b65e..00c2661391 100644 --- a/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml +++ b/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml @@ -78,7 +78,7 @@ spec: - name: MYSQL_ADDR value: {{ (index .Values "mariadb-galera" "service" "name") }}:{{ (index .Values "mariadb-galera" "service" "internalPort") }} - name: MYSQL_ROOT_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 12}} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 12}} volumeMounts: - name: {{ include "common.fullname" . }}-etsicatalog mountPath: /service/modeling/etsicatalog/static diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/templates/secrets.yaml b/kubernetes/modeling/charts/modeling-etsicatalog/templates/secrets.yaml index d053c484be..b0cc27bd8d 100644 --- a/kubernetes/modeling/charts/modeling-etsicatalog/templates/secrets.yaml +++ b/kubernetes/modeling/charts/modeling-etsicatalog/templates/secrets.yaml @@ -12,4 +12,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -{{ include "common.secret" . }} +{{ include "common.secretFast" . }} diff --git a/kubernetes/nbi/templates/deployment.yaml b/kubernetes/nbi/templates/deployment.yaml index 1fad1fc5aa..528a3f7e76 100644 --- a/kubernetes/nbi/templates/deployment.yaml +++ b/kubernetes/nbi/templates/deployment.yaml @@ -56,9 +56,9 @@ spec: - name: SPRING_DATASOURCE_URL value: jdbc:mariadb://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{ index .Values "mariadb-galera" "config" "mysqlDatabase" }} - name: SPRING_DATASOURCE_USERNAME - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "nbi-db-secret" "key" "login") | indent 14 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nbi-db-secret" "key" "login") | indent 14 }} - name: SPRING_DATASOURCE_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "nbi-db-secret" "key" "password") | indent 14 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nbi-db-secret" "key" "password") | indent 14 }} - name: SPRING_DATA_MONGODB_HOST value: {{ .Values.mongo.service.name }}.{{ include "common.namespace" . }} - name: SPRING_DATA_MONGODB_PORT diff --git a/kubernetes/nbi/templates/secret.yaml b/kubernetes/nbi/templates/secret.yaml index dee311c336..bd7eb8ea40 100644 --- a/kubernetes/nbi/templates/secret.yaml +++ b/kubernetes/nbi/templates/secret.yaml @@ -12,4 +12,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -{{ include "common.secret" . }} +{{ include "common.secretFast" . }} diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml index f623496537..c2d6f8c7ef 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml @@ -58,7 +58,7 @@ spec: - name: DB_SCHEMA value: {{ .Values.config.db.mysqlDatabase }} - name: DB_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}} terminationMessagePolicy: File volumeMounts: - name: {{ include "common.fullname" . }}-config @@ -79,7 +79,7 @@ spec: - name: DB_SCHEMA value: {{ .Values.config.db.mysqlDatabase }} - name: DB_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}} - name: JAVA_TRUSTSTORE value: /share/etc/certs/{{ .Values.global.truststoreFile }} - name: SSL_KEYSTORE diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/secret.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/secret.yaml index dee311c336..bd7eb8ea40 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/secret.yaml +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/secret.yaml @@ -12,4 +12,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -{{ include "common.secret" . }} +{{ include "common.secretFast" . }} diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml index b0afb6e285..b41b840fde 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml @@ -58,7 +58,7 @@ spec: - name: DB_SCHEMA value: {{ .Values.config.db.mysqlDatabase }} - name: DB_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}} terminationMessagePolicy: File volumeMounts: - name: {{ include "common.fullname" . }}-config @@ -99,11 +99,11 @@ spec: - name: DB_PORT value: {{ .Values.config.db.port | quote}} - name: DB_USERNAME - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}} - name: DB_SCHEMA value: {{ .Values.config.db.mysqlDatabase }} - name: DB_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}} - name: JAVA_TRUSTSTORE value: /share/etc/certs/{{ .Values.global.truststoreFile }} - name: SSL_KEYSTORE diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/secret.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/secret.yaml index dee311c336..bd7eb8ea40 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/secret.yaml +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/secret.yaml @@ -12,4 +12,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -{{ include "common.secret" . }} +{{ include "common.secretFast" . }} diff --git a/kubernetes/oof/charts/oof-cmso/templates/secret.yaml b/kubernetes/oof/charts/oof-cmso/templates/secret.yaml index 3c61bf3bdc..3dbdd31b1f 100644 --- a/kubernetes/oof/charts/oof-cmso/templates/secret.yaml +++ b/kubernetes/oof/charts/oof-cmso/templates/secret.yaml @@ -13,7 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -{{ include "common.secret" . }} +{{ include "common.secretFast" . }} --- apiVersion: v1 kind: Secret diff --git a/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf b/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf index 0989a02e2e..7c58b3da54 100644 --- a/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf +++ b/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf @@ -63,5 +63,5 @@ BRMS_UEB_API_KEY= BRMS_UEB_API_SECRET= #Dependency.json file version -BRMS_DEPENDENCY_VERSION=1.5.3 -BRMS_MODELS_DEPENDENCY_VERSION=2.1.4 +BRMS_DEPENDENCY_VERSION=1.6.0 +BRMS_MODELS_DEPENDENCY_VERSION=2.2.2 diff --git a/kubernetes/policy/charts/brmsgw/values.yaml b/kubernetes/policy/charts/brmsgw/values.yaml index 03b3a3c2af..9e8bf7324b 100644 --- a/kubernetes/policy/charts/brmsgw/values.yaml +++ b/kubernetes/policy/charts/brmsgw/values.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018-2019 AT&T +# Modifications Copyright © 2018-2020 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -26,7 +26,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-pe:1.5.2 +image: onap/policy-pe:1.6.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/charts/drools/resources/configmaps/amsterdam.pre.sh b/kubernetes/policy/charts/drools/resources/configmaps/amsterdam.pre.sh deleted file mode 100644 index 5949db4dc4..0000000000 --- a/kubernetes/policy/charts/drools/resources/configmaps/amsterdam.pre.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash -# ============LICENSE_START======================================================= -# ONAP -# ================================================================================ -# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= - - -docker-entrypoint.sh nexus \ No newline at end of file diff --git a/kubernetes/policy/charts/drools/resources/configmaps/base.conf b/kubernetes/policy/charts/drools/resources/configmaps/base.conf index 0b982fd7d0..c996d13e27 100644 --- a/kubernetes/policy/charts/drools/resources/configmaps/base.conf +++ b/kubernetes/policy/charts/drools/resources/configmaps/base.conf @@ -1,5 +1,5 @@ # Copyright © 2017-2018 Amdocs, Bell Canada. -# Modifications Copyright (C) 2018-2019 AT&T Intellectual Property. +# Modifications Copyright (C) 2018-2020 AT&T Intellectual Property. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,7 +21,6 @@ JVM_OPTIONS={{.Values.server.jvmOpts}} POLICY_HOME=/opt/app/policy POLICY_LOGS=/var/log/onap/policy/pdpd -JAVA_HOME=/usr/lib/jvm/java-1.8-openjdk # Telemetry credentials @@ -34,6 +33,7 @@ SNAPSHOT_REPOSITORY_ID=policy-nexus-snapshots SNAPSHOT_REPOSITORY_URL=http://{{.Values.global.nexus.nameOverride}}:{{.Values.nexus.port}}/nexus/content/repositories/snapshots/ RELEASE_REPOSITORY_ID=policy-nexus-releases RELEASE_REPOSITORY_URL=http://{{.Values.global.nexus.nameOverride}}:{{.Values.nexus.port}}/nexus/content/repositories/releases/ +REPOSITORY_OFFLINE={{.Values.nexus.offline}} # Relational (SQL) DB access @@ -56,6 +56,7 @@ PDPD_CONFIGURATION_PARTITION_KEY= # PAP-PDP configuration channel POLICY_PDP_PAP_TOPIC=POLICY-PDP-PAP +POLICY_PDP_PAP_GROUP=defaultGroup # Symmetric Key for encoded sensitive data @@ -68,6 +69,9 @@ PAP_HOST=policy-pap # PDP-X PDP_HOST=policy-xacml-pdp +PDP_PORT=6969 +PDP_CONTEXT_URI=policy/pdpx/v1/ +GUARD_DISABLED=false # DCAE DMaaP @@ -81,19 +85,28 @@ DMAAP_SERVERS=message-router # AAI -AAI_URL=https://aai.{{.Release.Namespace}}:8443 +AAI_HOST=aai.{{.Release.Namespace}} +AAI_PORT=8443 +AAI_CONTEXT_URI= # MSO -SO_URL=http://so.{{.Release.Namespace}}:8080/onap/so/infra +SO_HOST=so.{{.Release.Namespace}} +SO_PORT=8080 +SO_CONTEXT_URI=onap/so/infra/ +SO_URL=https://so.{{.Release.Namespace}}:8080/onap/so/infra # VFC -VFC_URL= +VFC_HOST= +VFC_PORT= +VFC_CONTEXT_URI=api/nslcm/v1/ # SDNC -SDNC_URL=http://sdnc.{{.Release.Namespace}}:8282/restconf/operations +SDNC_HOST=sdnc.{{.Release.Namespace}} +SDNC_PORT=8282 +SDNC_CONTEXT_URI=restconf/operations/ # CDS diff --git a/kubernetes/policy/charts/drools/resources/configmaps/settings.xml b/kubernetes/policy/charts/drools/resources/configmaps/settings.xml new file mode 100644 index 0000000000..3777d27044 --- /dev/null +++ b/kubernetes/policy/charts/drools/resources/configmaps/settings.xml @@ -0,0 +1,151 @@ + + + + + + + {{.Values.nexus.offline}} + + + + + policy-local + + + + file-repository + file:${user.home}/.m2/file-repository + + true + always + + + true + always + + + + + + + + policy-releases + + + + ${env.RELEASE_REPOSITORY_ID} + ${env.RELEASE_REPOSITORY_URL} + + true + always + + + false + + + + + + + + policy-snapshots + + + + ${env.SNAPSHOT_REPOSITORY_ID} + ${env.SNAPSHOT_REPOSITORY_URL} + + false + + + true + always + + + + + + + + onap-releases + + + + onap-releases + onap-releases + https://nexus.onap.org/content/repositories/releases/ + + true + + + false + + + + + + + + + onap-snapshots + + + + onap-snapshots + onap-snapshots + https://nexus.onap.org/content/repositories/snapshots/ + + false + + + true + + + + + + + + + + policy-local + policy-releases + policy-snapshots + onap-releases + onap-snapshots + + + + + ${env.SNAPSHOT_REPOSITORY_ID} + ${env.REPOSITORY_USERNAME} + ${env.REPOSITORY_PASSWORD} + + + ${env.RELEASE_REPOSITORY_ID} + ${env.REPOSITORY_USERNAME} + ${env.REPOSITORY_PASSWORD} + + + + diff --git a/kubernetes/policy/charts/drools/resources/secrets/credentials.conf b/kubernetes/policy/charts/drools/resources/secrets/credentials.conf index 57269c18af..ee2acc40f2 100644 --- a/kubernetes/policy/charts/drools/resources/secrets/credentials.conf +++ b/kubernetes/policy/charts/drools/resources/secrets/credentials.conf @@ -25,9 +25,6 @@ TELEMETRY_PASSWORD={{.Values.telemetry.password}} REPOSITORY_USERNAME={{.Values.nexus.user}} REPOSITORY_PASSWORD={{.Values.nexus.password}} -SQL_USER={{.Values.db.user}} -SQL_PASSWORD={{.Values.db.password}} - PDPD_CONFIGURATION_API_KEY={{.Values.dmaap.brmsgw.key}} PDPD_CONFIGURATION_API_SECRET={{.Values.dmaap.brmsgw.secret}} diff --git a/kubernetes/policy/charts/drools/templates/secrets.yaml b/kubernetes/policy/charts/drools/templates/secrets.yaml index 47e0b8cfb0..7fb84b5ddc 100644 --- a/kubernetes/policy/charts/drools/templates/secrets.yaml +++ b/kubernetes/policy/charts/drools/templates/secrets.yaml @@ -13,6 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +{{ include "common.secret" . }} +--- apiVersion: v1 kind: Secret metadata: diff --git a/kubernetes/policy/charts/drools/templates/statefulset.yaml b/kubernetes/policy/charts/drools/templates/statefulset.yaml index 047a77afef..e2463aa2c2 100644 --- a/kubernetes/policy/charts/drools/templates/statefulset.yaml +++ b/kubernetes/policy/charts/drools/templates/statefulset.yaml @@ -74,6 +74,10 @@ spec: env: - name: REPLICAS value: "{{ .Values.replicaCount }}" + - name: SQL_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} + - name: SQL_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} volumeMounts: - mountPath: /etc/localtime name: localtime diff --git a/kubernetes/policy/charts/drools/values.yaml b/kubernetes/policy/charts/drools/values.yaml index fbb4211920..b62772d57f 100644 --- a/kubernetes/policy/charts/drools/values.yaml +++ b/kubernetes/policy/charts/drools/values.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018-2019 AT&T +# Modifications Copyright © 2018-2020 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -24,12 +24,23 @@ global: loggingImage: beats/filebeat:5.5.0 ubuntuImage: ubuntu:16.04 +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}' + login: '{{ .Values.db.user }}' + password: '{{ .Values.db.password }}' + passwordPolicy: required + ################################################################# # Application configuration defaults. ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-pdpd-cl:1.5.3 +image: onap/policy-pdpd-cl:1.6.0 pullPolicy: Always # flag to enable debugging - application support required @@ -90,6 +101,7 @@ nexus: user: admin password: admin123 port: 8081 + offline: true db: user: policy_user diff --git a/kubernetes/policy/charts/pap/resources/config/config.json b/kubernetes/policy/charts/pap/resources/config/config.json index 48065aeb4b..e4517c7a5d 100644 --- a/kubernetes/policy/charts/pap/resources/config/config.json +++ b/kubernetes/policy/charts/pap/resources/config/config.json @@ -49,17 +49,38 @@ "topicSources" : [{ "topic" : "POLICY-PDP-PAP", "servers" : [ "message-router" ], + "useHttps": true, "topicCommInfrastructure" : "dmaap" }], "topicSinks" : [{ "topic" : "POLICY-PDP-PAP", "servers" : [ "message-router" ], + "useHttps" : true, "topicCommInfrastructure" : "dmaap" }, { "topic" : "POLICY-NOTIFICATION", "servers" : [ "message-router" ], + "useHttps" : true, "topicCommInfrastructure" : "dmaap" }] - } + }, + "healthCheckRestClientParameters":[{ + "clientName": "api", + "hostname": "policy-api", + "port": 6969, + "userName": "healthcheck", + "password": "zb!XztG34", + "useHttps": true, + "basePath": "policy/api/v1/healthcheck" + }, + { + "clientName": "distribution", + "hostname": "policy-distribution", + "port": 6969, + "userName": "healthcheck", + "password": "zb!XztG34", + "useHttps": true, + "basePath": "healthcheck" + }] } diff --git a/kubernetes/policy/charts/pap/values.yaml b/kubernetes/policy/charts/pap/values.yaml index bcf08f20e8..05f43d66e0 100644 --- a/kubernetes/policy/charts/pap/values.yaml +++ b/kubernetes/policy/charts/pap/values.yaml @@ -1,6 +1,6 @@ # ============LICENSE_START======================================================= # Copyright (C) 2019 Nordix Foundation. -# Modifications Copyright (C) 2019 AT&T Intellectual Property. +# Modifications Copyright (C) 2019-2020 AT&T Intellectual Property. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -28,7 +28,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-pap:2.1.2 +image: onap/policy-pap:2.2.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/charts/pdp/values.yaml b/kubernetes/policy/charts/pdp/values.yaml index af5bb9e383..8b3b9d4a3b 100644 --- a/kubernetes/policy/charts/pdp/values.yaml +++ b/kubernetes/policy/charts/pdp/values.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T +# Modifications Copyright © 2018,2019 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -28,7 +28,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-pe:1.5.2 +image: onap/policy-pe:1.6.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/charts/policy-apex-pdp/resources/config/OnapPfConfig.json b/kubernetes/policy/charts/policy-apex-pdp/resources/config/OnapPfConfig.json index f26f35a9f4..3b6813d3e3 100644 --- a/kubernetes/policy/charts/policy-apex-pdp/resources/config/OnapPfConfig.json +++ b/kubernetes/policy/charts/policy-apex-pdp/resources/config/OnapPfConfig.json @@ -8,20 +8,36 @@ "https": true }, "pdpStatusParameters":{ + "pdpGroup": "defaultGroup", "timeIntervalMs": 120000, "pdpType":"apex", "description":"Pdp Heartbeat", - "supportedPolicyTypes":[{"name":"onap.policies.controlloop.operational.Apex","version":"1.0.0"}] + "supportedPolicyTypes": [ + { + "name": "onap.policies.controlloop.operational.Apex", + "version": "1.0.0" + }, + { + "name": "onap.policies.native.Apex", + "version": "1.0.0" + }, + { + "name": "onap.policies.controlloop.operational.common.Apex", + "version": "1.0.0" + } + ] }, "topicParameterGroup": { "topicSources" : [{ "topic" : "POLICY-PDP-PAP", "servers" : [ "message-router" ], + "useHttps" : true, "topicCommInfrastructure" : "dmaap" }], "topicSinks" : [{ "topic" : "POLICY-PDP-PAP", "servers" : [ "message-router" ], + "useHttps" : true, "topicCommInfrastructure" : "dmaap" }] } diff --git a/kubernetes/policy/charts/policy-apex-pdp/values.yaml b/kubernetes/policy/charts/policy-apex-pdp/values.yaml index 1dd1d18409..b149c17c48 100644 --- a/kubernetes/policy/charts/policy-apex-pdp/values.yaml +++ b/kubernetes/policy/charts/policy-apex-pdp/values.yaml @@ -1,6 +1,6 @@ # ============LICENSE_START======================================================= # Copyright (C) 2018 Ericsson. All rights reserved. -# Modifications Copyright (C) 2019 AT&T Intellectual Property. +# Modifications Copyright (C) 2019-2020 AT&T Intellectual Property. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -29,7 +29,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-apex-pdp:2.2.2 +image: onap/policy-apex-pdp:2.3.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/charts/policy-api/resources/config/config.json b/kubernetes/policy/charts/policy-api/resources/config/config.json index 8952ae86d8..ccfc07ae67 100644 --- a/kubernetes/policy/charts/policy-api/resources/config/config.json +++ b/kubernetes/policy/charts/policy-api/resources/config/config.json @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. +# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -33,5 +33,37 @@ "databaseUser": "{{ .Values.global.mariadb.config.userName }}", "databasePassword": "{{ .Values.global.mariadb.config.userPassword | b64enc }}", "persistenceUnit": "PolicyMariaDb" - } + }, + "preloadPolicyTypes": [ + "policytypes/onap.policies.monitoring.cdap.tca.hi.lo.app.yaml", + "policytypes/onap.policies.monitoring.dcaegen2.collectors.datafile.datafile-app-server.yaml", + "policytypes/onap.policies.Optimization.yaml", + "policytypes/onap.policies.optimization.Resource.yaml", + "policytypes/onap.policies.optimization.Service.yaml", + "policytypes/onap.policies.optimization.resource.AffinityPolicy.yaml", + "policytypes/onap.policies.optimization.resource.DistancePolicy.yaml", + "policytypes/onap.policies.optimization.resource.HpaPolicy.yaml", + "policytypes/onap.policies.optimization.resource.OptimizationPolicy.yaml", + "policytypes/onap.policies.optimization.resource.PciPolicy.yaml", + "policytypes/onap.policies.optimization.service.QueryPolicy.yaml", + "policytypes/onap.policies.optimization.service.SubscriberPolicy.yaml", + "policytypes/onap.policies.optimization.resource.Vim_fit.yaml", + "policytypes/onap.policies.optimization.resource.VnfPolicy.yaml", + "policytypes/onap.policies.controlloop.guard.Common.yaml", + "policytypes/onap.policies.controlloop.guard.common.Blacklist.yaml", + "policytypes/onap.policies.controlloop.guard.common.FrequencyLimiter.yaml", + "policytypes/onap.policies.controlloop.guard.common.MinMax.yaml", + "policytypes/onap.policies.controlloop.guard.coordination.FirstBlocksSecond.yaml", + "policytypes/onap.policies.controlloop.Operational.yaml", + "policytypes/onap.policies.Naming.yaml", + "policytypes/onap.policies.native.Drools.yaml", + "policytypes/onap.policies.native.Xacml.yaml", + "policytypes/onap.policies.native.Apex.yaml", + "policytypes/onap.policies.controlloop.operational.Common.yaml", + "policytypes/onap.policies.controlloop.operational.common.Apex.yaml", + "policytypes/onap.policies.controlloop.operational.common.Drools.yaml" + ], + "preloadPolicies" : [ + "policies/sdnc.policy.naming.input.tosca.yaml" + ] } diff --git a/kubernetes/policy/charts/policy-api/values.yaml b/kubernetes/policy/charts/policy-api/values.yaml index 3a55227d81..b5e10493dc 100644 --- a/kubernetes/policy/charts/policy-api/values.yaml +++ b/kubernetes/policy/charts/policy-api/values.yaml @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. +# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -28,7 +28,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-api:2.1.2 +image: onap/policy-api:2.2.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/charts/policy-common/resources/config/pe/base.conf b/kubernetes/policy/charts/policy-common/resources/config/pe/base.conf index 571104491e..93b02e76bc 100644 --- a/kubernetes/policy/charts/policy-common/resources/config/pe/base.conf +++ b/kubernetes/policy/charts/policy-common/resources/config/pe/base.conf @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -JAVA_HOME=/usr/lib/jvm/java-1.8-openjdk +JAVA_HOME=/usr/local/openjdk-11 POLICY_HOME=/opt/app/policy POLICY_LOGS=/var/log/onap KEYSTORE_PASSWD=Pol1cy_0nap diff --git a/kubernetes/policy/charts/policy-distribution/resources/config/config.json b/kubernetes/policy/charts/policy-distribution/resources/config/config.json index 5e1c80f80a..906263343a 100644 --- a/kubernetes/policy/charts/policy-distribution/resources/config/config.json +++ b/kubernetes/policy/charts/policy-distribution/resources/config/config.json @@ -1,5 +1,6 @@ # ============LICENSE_START======================================================= # Copyright (C) 2018 Ericsson. All rights reserved. +# Modifications Copyright (C) 2020 AT&T Intellectual Property. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -31,28 +32,18 @@ "receptionHandlerConfigurationName":"sdcConfiguration", "pluginHandlerParameters":{ "policyDecoders":{ - "CsarDecoder":{ - "decoderType":"CsarDecoder", - "decoderClassName":"org.onap.policy.distribution.reception.decoding.pdpx.PolicyDecoderCsarPdpx", + "HpaDecoder":{ + "decoderType":"HpaDecoder", + "decoderClassName":"org.onap.policy.distribution.reception.decoding.hpa.PolicyDecoderCsarHpa", "decoderConfigurationName": "csarToOptimizationPolicyConfiguration" }, - "ApexDecoder":{ - "decoderType":"ApexDecoder", + "ToscaPolicyDecoder":{ + "decoderType":"ToscaPolicyDecoder", "decoderClassName":"org.onap.policy.distribution.reception.decoding.policy.file.PolicyDecoderFileInCsarToPolicy", - "decoderConfigurationName": "apexDecoderConfiguration" + "decoderConfigurationName": "toscaPolicyDecoderConfiguration" } }, "policyForwarders":{ - "PAPEngineForwarder":{ - "forwarderType":"PAPEngine", - "forwarderClassName":"org.onap.policy.distribution.forwarding.xacml.pdp.XacmlPdpPolicyForwarder", - "forwarderConfigurationName": "xacmlPdpConfiguration" - }, - "ApexForwarder":{ - "forwarderType":"ApexForwarder", - "forwarderClassName":"org.onap.policy.distribution.forwarding.apex.pdp.ApexPdpPolicyForwarder", - "forwarderConfigurationName": "apexForwarderConfiguration" - }, "LifeCycleApiForwarder":{ "forwarderType":"LifeCycleAPI", "forwarderClassName":"org.onap.policy.distribution.forwarding.lifecycle.api.LifecycleApiPolicyForwarder", @@ -85,13 +76,13 @@ "keystorePassword": "null", "activeserverTlsAuth": false, "isFilterinEmptyResources": true, - "isUseHttpsWithDmaap": false + "isUseHttpsWithDmaap": true } } }, "policyDecoderConfigurationParameters":{ "csarToOptimizationPolicyConfiguration":{ - "parameterClassName":"org.onap.policy.distribution.reception.decoding.pdpx.PolicyDecoderCsarPdpxConfigurationParameterGroup", + "parameterClassName": "org.onap.policy.distribution.reception.decoding.hpa.PolicyDecoderCsarHpaParameters", "parameters":{ "policyNamePrefix": "oofCasablanca", "onapName": "OOF", @@ -101,37 +92,15 @@ "riskLevel": "2" } }, - "apexDecoderConfiguration":{ + "toscaPolicyDecoderConfiguration":{ "parameterClassName":"org.onap.policy.distribution.reception.decoding.policy.file.PolicyDecoderFileInCsarToPolicyParameterGroup", "parameters":{ - "policyFileName": "apex_policy", - "policyTypeFileName": "apex_policy_type" + "policyFileName": "tosca_policy", + "policyTypeFileName": "tosca_policy_type" } } }, "policyForwarderConfigurationParameters":{ - "xacmlPdpConfiguration":{ - "parameterClassName":"org.onap.policy.distribution.forwarding.xacml.pdp.XacmlPdpPolicyForwarderParameterGroup", - "parameters":{ - "useHttps": true, - "hostname": "pdp", - "port": 8081, - "userName": "testpdp", - "password": "alpha123", - "clientAuth": "cHl0aG9uOnRlc3Q=", - "isManaged": true, - "pdpGroup": "default" - } - }, - "apexForwarderConfiguration":{ - "parameterClassName":"org.onap.policy.distribution.forwarding.apex.pdp.ApexPdpPolicyForwarderParameterGroup", - "parameters":{ - "hostname":"policy-apex-pdp", - "port":"12345", - "ignoreConflicts": true, - "forceUpdate": true - } - }, "lifecycleApiConfiguration":{ "parameterClassName":"org.onap.policy.distribution.forwarding.lifecycle.api.LifecycleApiForwarderParameters", "parameters":{ diff --git a/kubernetes/policy/charts/policy-distribution/values.yaml b/kubernetes/policy/charts/policy-distribution/values.yaml index 04257a4725..2d62d1b571 100644 --- a/kubernetes/policy/charts/policy-distribution/values.yaml +++ b/kubernetes/policy/charts/policy-distribution/values.yaml @@ -1,6 +1,6 @@ # ============LICENSE_START======================================================= # Copyright (C) 2018 Ericsson. All rights reserved. -# Modifications Copyright (C) 2019 AT&T Intellectual Property. +# Modifications Copyright (C) 2019-2020 AT&T Intellectual Property. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -28,7 +28,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-distribution:2.2.1 +image: onap/policy-distribution:2.3.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/config.json b/kubernetes/policy/charts/policy-xacml-pdp/resources/config/config.json index 7fd8572c1f..a52cc0f6d4 100644 --- a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/config.json +++ b/kubernetes/policy/charts/policy-xacml-pdp/resources/config/config.json @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. +# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -39,11 +39,13 @@ "topicSources" : [{ "topic" : "POLICY-PDP-PAP", "servers" : [ "message-router" ], + "useHttps" : true, "topicCommInfrastructure" : "dmaap" }], "topicSinks" : [{ "topic" : "POLICY-PDP-PAP", "servers" : [ "message-router" ], + "useHttps" : true, "topicCommInfrastructure" : "dmaap" }] } diff --git a/kubernetes/policy/charts/policy-xacml-pdp/values.yaml b/kubernetes/policy/charts/policy-xacml-pdp/values.yaml index 161722b585..5c062a0e7a 100644 --- a/kubernetes/policy/charts/policy-xacml-pdp/values.yaml +++ b/kubernetes/policy/charts/policy-xacml-pdp/values.yaml @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. +# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -27,7 +27,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-xacml-pdp:2.1.2 +image: onap/policy-xacml-pdp:2.2.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml index ba2073994e..1ac00c760a 100644 --- a/kubernetes/policy/values.yaml +++ b/kubernetes/policy/values.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018-2019 AT&T +# Modifications Copyright © 2018-2020 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -51,7 +51,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-pe:1.5.2 +image: onap/policy-pe:1.6.1 mariadb_image: library/mariadb:10 pullPolicy: Always diff --git a/kubernetes/portal/charts/portal-sdk/templates/deployment.yaml b/kubernetes/portal/charts/portal-sdk/templates/deployment.yaml index 09080fca94..8465d06ad8 100644 --- a/kubernetes/portal/charts/portal-sdk/templates/deployment.yaml +++ b/kubernetes/portal/charts/portal-sdk/templates/deployment.yaml @@ -88,9 +88,9 @@ spec: - name: aaf_locator_app_ns value: "{{ .Values.global.aafAppNs }}" - name: DEPLOY_FQI - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aaf-deploy-creds" "key" "login") | indent 12 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aaf-deploy-creds" "key" "login") | indent 12 }} - name: DEPLOY_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aaf-deploy-creds" "key" "password") | indent 12 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aaf-deploy-creds" "key" "password") | indent 12 }} - name: cadi_longitude value: "{{ .Values.aafConfig.cadiLongitude }}" - name: cadi_latitude diff --git a/kubernetes/portal/charts/portal-sdk/templates/secrets.yaml b/kubernetes/portal/charts/portal-sdk/templates/secrets.yaml index b79179bc6b..61fc2f8037 100644 --- a/kubernetes/portal/charts/portal-sdk/templates/secrets.yaml +++ b/kubernetes/portal/charts/portal-sdk/templates/secrets.yaml @@ -12,4 +12,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -{{ include "common.secret" . }} +{{ include "common.secretFast" . }} diff --git a/kubernetes/robot b/kubernetes/robot index ac2783f70a..a8e1918a02 160000 --- a/kubernetes/robot +++ b/kubernetes/robot @@ -1 +1 @@ -Subproject commit ac2783f70a211de9642de744a0a1d3c3dbe920c6 +Subproject commit a8e1918a02156ecec86409948d400669c2e67bb7 diff --git a/kubernetes/sdnc/charts/dmaap-listener/templates/configmap.yaml b/kubernetes/sdnc/charts/dmaap-listener/templates/configmap.yaml index 0c39e6e685..c41c3ef0d6 100644 --- a/kubernetes/sdnc/charts/dmaap-listener/templates/configmap.yaml +++ b/kubernetes/sdnc/charts/dmaap-listener/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/sdnc/charts/dmaap-listener/templates/deployment.yaml b/kubernetes/sdnc/charts/dmaap-listener/templates/deployment.yaml index 7ef5ca4998..af78a12d09 100644 --- a/kubernetes/sdnc/charts/dmaap-listener/templates/deployment.yaml +++ b/kubernetes/sdnc/charts/dmaap-listener/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: extensions/v1beta1 kind: Deployment @@ -38,13 +40,13 @@ spec: - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" env: - name: SDNC_DB_USER - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} - name: SDNC_DB_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} - name: ODL_USER - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "login") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "login") | indent 10 }} - name: ODL_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "password") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "password") | indent 10 }} volumeMounts: - mountPath: /config-input name: config-input diff --git a/kubernetes/sdnc/charts/dmaap-listener/templates/secret.yaml b/kubernetes/sdnc/charts/dmaap-listener/templates/secret.yaml index dee311c336..34932b713d 100644 --- a/kubernetes/sdnc/charts/dmaap-listener/templates/secret.yaml +++ b/kubernetes/sdnc/charts/dmaap-listener/templates/secret.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} -{{ include "common.secret" . }} +{{ include "common.secretFast" . }} diff --git a/kubernetes/sdnc/charts/dmaap-listener/templates/service.yaml b/kubernetes/sdnc/charts/dmaap-listener/templates/service.yaml index 993f472d9a..728ba05046 100644 --- a/kubernetes/sdnc/charts/dmaap-listener/templates/service.yaml +++ b/kubernetes/sdnc/charts/dmaap-listener/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/sdnc/charts/sdnc-ansible-server/templates/configmap.yaml b/kubernetes/sdnc/charts/sdnc-ansible-server/templates/configmap.yaml index 0c39e6e685..c41c3ef0d6 100644 --- a/kubernetes/sdnc/charts/sdnc-ansible-server/templates/configmap.yaml +++ b/kubernetes/sdnc/charts/sdnc-ansible-server/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/sdnc/charts/sdnc-ansible-server/templates/deployment.yaml b/kubernetes/sdnc/charts/sdnc-ansible-server/templates/deployment.yaml index d353adaf58..031bb7ef35 100644 --- a/kubernetes/sdnc/charts/sdnc-ansible-server/templates/deployment.yaml +++ b/kubernetes/sdnc/charts/sdnc-ansible-server/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: extensions/v1beta1 kind: Deployment @@ -38,13 +40,13 @@ spec: - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" env: - name: DB_USER - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} - name: DB_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} - name: REST_USER - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "rest-creds" "key" "login") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "rest-creds" "key" "login") | indent 10 }} - name: REST_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "rest-creds" "key" "password") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "rest-creds" "key" "password") | indent 10 }} volumeMounts: - mountPath: /config-input name: config-input diff --git a/kubernetes/sdnc/charts/sdnc-ansible-server/templates/secret.yaml b/kubernetes/sdnc/charts/sdnc-ansible-server/templates/secret.yaml index dee311c336..34932b713d 100644 --- a/kubernetes/sdnc/charts/sdnc-ansible-server/templates/secret.yaml +++ b/kubernetes/sdnc/charts/sdnc-ansible-server/templates/secret.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} -{{ include "common.secret" . }} +{{ include "common.secretFast" . }} diff --git a/kubernetes/sdnc/charts/sdnc-ansible-server/templates/service.yaml b/kubernetes/sdnc/charts/sdnc-ansible-server/templates/service.yaml index 5a79d5b093..85f3840002 100644 --- a/kubernetes/sdnc/charts/sdnc-ansible-server/templates/service.yaml +++ b/kubernetes/sdnc/charts/sdnc-ansible-server/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service @@ -30,4 +32,4 @@ spec: name: {{ .Values.service.name }} selector: app: {{ include "common.name" . }} - release: {{ include "common.release" . }} \ No newline at end of file + release: {{ include "common.release" . }} diff --git a/kubernetes/sdnc/charts/sdnc-portal/templates/configmap.yaml b/kubernetes/sdnc/charts/sdnc-portal/templates/configmap.yaml index 0c39e6e685..c41c3ef0d6 100644 --- a/kubernetes/sdnc/charts/sdnc-portal/templates/configmap.yaml +++ b/kubernetes/sdnc/charts/sdnc-portal/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml b/kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml index 3a728ad92f..9f8cdf2cc0 100644 --- a/kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml +++ b/kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: extensions/v1beta1 kind: Deployment @@ -38,19 +40,19 @@ spec: - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" env: - name: SDNC_DB_USER - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} - name: SDNC_DB_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} - name: DB_FABRIC_USER - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "fabric-db-creds" "key" "login") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "fabric-db-creds" "key" "login") | indent 10 }} - name: DB_FABRIC_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "fabric-db-creds" "key" "password") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "fabric-db-creds" "key" "password") | indent 10 }} - name: ODL_USER - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "login") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "login") | indent 10 }} - name: ODL_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "password") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "password") | indent 10 }} - name: KEYSTORE_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "keystore-password" "key" "password") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 10 }} volumeMounts: - mountPath: /config-input name: config-input @@ -100,7 +102,7 @@ spec: periodSeconds: {{ .Values.readiness.periodSeconds }} env: - name: MYSQL_ROOT_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-password" "key" "password") | indent 14 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-password" "key" "password") | indent 14 }} - name: SDNC_CONFIG_DIR value: "{{ .Values.config.configDir }}" volumeMounts: diff --git a/kubernetes/sdnc/charts/sdnc-portal/templates/secrets.yaml b/kubernetes/sdnc/charts/sdnc-portal/templates/secrets.yaml index dee311c336..34932b713d 100644 --- a/kubernetes/sdnc/charts/sdnc-portal/templates/secrets.yaml +++ b/kubernetes/sdnc/charts/sdnc-portal/templates/secrets.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} -{{ include "common.secret" . }} +{{ include "common.secretFast" . }} diff --git a/kubernetes/sdnc/charts/sdnc-portal/templates/service.yaml b/kubernetes/sdnc/charts/sdnc-portal/templates/service.yaml index 9a356caacd..815035292b 100644 --- a/kubernetes/sdnc/charts/sdnc-portal/templates/service.yaml +++ b/kubernetes/sdnc/charts/sdnc-portal/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/sdnc/charts/sdnc-portal/values.yaml b/kubernetes/sdnc/charts/sdnc-portal/values.yaml index 94ea5d75fc..8165af23ae 100644 --- a/kubernetes/sdnc/charts/sdnc-portal/values.yaml +++ b/kubernetes/sdnc/charts/sdnc-portal/values.yaml @@ -39,7 +39,7 @@ secrets: - uid: db-root-password type: password externalSecret: '{{ .Values.global.mariadbGalera.localCluster | ternary (default (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (index .Values "mariadb-galera" "nameOverride"))) (index .Values "mariadb-galera" "config" "mariadbRootPasswordExternalSecret")) (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) }}' - password: '{{ (index .Values "mariadb-galera" "config" "mariadbRootPassword" }}' + password: '{{ index .Values "mariadb-galera" "config" "mariadbRootPassword" }}' passwordPolicy: required - uid: db-secret name: &dbSecretName '{{ include "common.release" . }}-sdnc-portal-db-secret' diff --git a/kubernetes/sdnc/charts/ueb-listener/templates/configmap.yaml b/kubernetes/sdnc/charts/ueb-listener/templates/configmap.yaml index 0c39e6e685..c41c3ef0d6 100644 --- a/kubernetes/sdnc/charts/ueb-listener/templates/configmap.yaml +++ b/kubernetes/sdnc/charts/ueb-listener/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/sdnc/charts/ueb-listener/templates/deployment.yaml b/kubernetes/sdnc/charts/ueb-listener/templates/deployment.yaml index da72e1e558..2c0f799b1e 100644 --- a/kubernetes/sdnc/charts/ueb-listener/templates/deployment.yaml +++ b/kubernetes/sdnc/charts/ueb-listener/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: extensions/v1beta1 kind: Deployment @@ -38,17 +40,17 @@ spec: - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" env: - name: SDNC_DB_USER - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} - name: SDNC_DB_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} - name: UEB_USER - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "ueb-creds" "key" "login") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ueb-creds" "key" "login") | indent 10 }} - name: UEB_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "ueb-creds" "key" "password") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ueb-creds" "key" "password") | indent 10 }} - name: ODL_USER - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "login") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "login") | indent 10 }} - name: ODL_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "password") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "password") | indent 10 }} volumeMounts: - mountPath: /config-input name: config-input diff --git a/kubernetes/sdnc/charts/ueb-listener/templates/secret.yaml b/kubernetes/sdnc/charts/ueb-listener/templates/secret.yaml index dee311c336..34932b713d 100644 --- a/kubernetes/sdnc/charts/ueb-listener/templates/secret.yaml +++ b/kubernetes/sdnc/charts/ueb-listener/templates/secret.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} -{{ include "common.secret" . }} +{{ include "common.secretFast" . }} diff --git a/kubernetes/sdnc/charts/ueb-listener/templates/service.yaml b/kubernetes/sdnc/charts/ueb-listener/templates/service.yaml index 993f472d9a..728ba05046 100644 --- a/kubernetes/sdnc/charts/ueb-listener/templates/service.yaml +++ b/kubernetes/sdnc/charts/ueb-listener/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/sdnc/sdnc-prom/templates/configmap.yaml b/kubernetes/sdnc/sdnc-prom/templates/configmap.yaml index 144cb93a5f..927bb1e5be 100644 --- a/kubernetes/sdnc/sdnc-prom/templates/configmap.yaml +++ b/kubernetes/sdnc/sdnc-prom/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/sdnc/sdnc-prom/templates/deployment.yaml b/kubernetes/sdnc/sdnc-prom/templates/deployment.yaml index ecd6024e1b..7492b5501e 100644 --- a/kubernetes/sdnc/sdnc-prom/templates/deployment.yaml +++ b/kubernetes/sdnc/sdnc-prom/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: extensions/v1beta1 kind: Deployment diff --git a/kubernetes/sdnc/templates/configmap.yaml b/kubernetes/sdnc/templates/configmap.yaml index f537834474..087ed30055 100644 --- a/kubernetes/sdnc/templates/configmap.yaml +++ b/kubernetes/sdnc/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/sdnc/templates/job.yaml b/kubernetes/sdnc/templates/job.yaml index 0cd0eae610..bce94f3008 100755 --- a/kubernetes/sdnc/templates/job.yaml +++ b/kubernetes/sdnc/templates/job.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada, AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: batch/v1 kind: Job @@ -43,31 +45,31 @@ spec: - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" env: - name: AAI_CLIENT_NAME - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aai-user-creds" "key" "login") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aai-user-creds" "key" "login") | indent 10 }} - name: AAI_CLIENT_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aai-user-creds" "key" "password") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aai-user-creds" "key" "password") | indent 10 }} - name: MODELSERVICE_USER - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "modeling-user-creds" "key" "login") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "modeling-user-creds" "key" "login") | indent 10 }} - name: MODELSERVICE_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "modeling-user-creds" "key" "password") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "modeling-user-creds" "key" "password") | indent 10 }} - name: RESTCONF_USER - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "restconf-creds" "key" "login") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restconf-creds" "key" "login") | indent 10 }} - name: RESTCONF_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "restconf-creds" "key" "password") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restconf-creds" "key" "password") | indent 10 }} - name: ANSIBLE_USER - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "ansible-creds" "key" "login") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ansible-creds" "key" "login") | indent 10 }} - name: ANSIBLE_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "ansible-creds" "key" "password") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ansible-creds" "key" "password") | indent 10 }} - name: SCALEOUT_USER - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "scaleout-creds" "key" "login") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "scaleout-creds" "key" "login") | indent 10 }} - name: SCALEOUT_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "scaleout-creds" "key" "password") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "scaleout-creds" "key" "password") | indent 10 }} - name: NETBOX_APIKEY - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "netbox-apikey" "key" "password") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "netbox-apikey" "key" "password") | indent 10 }} - name: SDNC_DB_USER - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} - name: SDNC_DB_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} volumeMounts: - mountPath: /config-input name: config-input @@ -97,15 +99,15 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: MYSQL_ROOT_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-password" "key" "password") | indent 12 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-password" "key" "password") | indent 12 }} - name: ODL_ADMIN_USERNAME - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "login") | indent 12 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "login") | indent 12 }} - name: ODL_ADMIN_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "password") | indent 12 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "password") | indent 12 }} - name: SDNC_DB_USER - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} - name: SDNC_DB_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} - name: MYSQL_HOST value: {{ include "common.mariadbService" . }} - name: SDNC_HOME diff --git a/kubernetes/sdnc/templates/pv-certs.yaml b/kubernetes/sdnc/templates/pv-certs.yaml index 1b2cf88a0b..8aa9af4bf1 100644 --- a/kubernetes/sdnc/templates/pv-certs.yaml +++ b/kubernetes/sdnc/templates/pv-certs.yaml @@ -13,6 +13,7 @@ # # See the License for the specific language governing permissions and # # limitations under the License. */}} + {{ if .Values.certpersistence.enabled }} --- kind: PersistentVolume diff --git a/kubernetes/sdnc/templates/secrets.yaml b/kubernetes/sdnc/templates/secrets.yaml index dee311c336..34932b713d 100644 --- a/kubernetes/sdnc/templates/secrets.yaml +++ b/kubernetes/sdnc/templates/secrets.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} -{{ include "common.secret" . }} +{{ include "common.secretFast" . }} diff --git a/kubernetes/sdnc/templates/service.yaml b/kubernetes/sdnc/templates/service.yaml index 0bbda1a364..741a15ae53 100644 --- a/kubernetes/sdnc/templates/service.yaml +++ b/kubernetes/sdnc/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/sdnc/templates/statefulset.yaml b/kubernetes/sdnc/templates/statefulset.yaml index 6054546d58..da5d8f30d4 100644 --- a/kubernetes/sdnc/templates/statefulset.yaml +++ b/kubernetes/sdnc/templates/statefulset.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1beta1 kind: StatefulSet @@ -40,31 +42,31 @@ spec: - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" env: - name: AAI_CLIENT_NAME - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aai-user-creds" "key" "login") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aai-user-creds" "key" "login") | indent 10 }} - name: AAI_CLIENT_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aai-user-creds" "key" "password") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aai-user-creds" "key" "password") | indent 10 }} - name: MODELSERVICE_USER - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "modeling-user-creds" "key" "login") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "modeling-user-creds" "key" "login") | indent 10 }} - name: MODELSERVICE_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "modeling-user-creds" "key" "password") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "modeling-user-creds" "key" "password") | indent 10 }} - name: RESTCONF_USER - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "restconf-creds" "key" "login") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restconf-creds" "key" "login") | indent 10 }} - name: RESTCONF_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "restconf-creds" "key" "password") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restconf-creds" "key" "password") | indent 10 }} - name: ANSIBLE_USER - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "ansible-creds" "key" "login") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ansible-creds" "key" "login") | indent 10 }} - name: ANSIBLE_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "ansible-creds" "key" "password") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ansible-creds" "key" "password") | indent 10 }} - name: SCALEOUT_USER - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "scaleout-creds" "key" "login") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "scaleout-creds" "key" "login") | indent 10 }} - name: SCALEOUT_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "scaleout-creds" "key" "password") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "scaleout-creds" "key" "password") | indent 10 }} - name: NETBOX_APIKEY - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "netbox-apikey" "key" "password") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "netbox-apikey" "key" "password") | indent 10 }} - name: SDNC_DB_USER - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} - name: SDNC_DB_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} volumeMounts: - mountPath: /config-input name: config-input @@ -130,9 +132,9 @@ spec: - name: aaf_locator_app_ns value: "{{ .Values.aaf_init.app_ns }}" - name: DEPLOY_FQI - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aaf-creds" "key" "login") | indent 12 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aaf-creds" "key" "login") | indent 12 }} - name: DEPLOY_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aaf-creds" "key" "password") | indent 12 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aaf-creds" "key" "password") | indent 12 }} - name: cadi_longitude value: "{{ .Values.aaf_init.cadi_longitude }}" - name: cadi_latitude @@ -164,15 +166,15 @@ spec: periodSeconds: {{ .Values.readiness.periodSeconds }} env: - name: MYSQL_ROOT_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-password" "key" "password") | indent 12 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-password" "key" "password") | indent 12 }} - name: ODL_ADMIN_USERNAME - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "login") | indent 12 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "login") | indent 12 }} - name: ODL_ADMIN_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "password") | indent 12 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "password") | indent 12 }} - name: SDNC_DB_USER - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} - name: SDNC_DB_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} - name: SDNC_CONFIG_DIR value: "{{ .Values.config.configDir }}" - name: ENABLE_ODL_CLUSTER diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml index 0e7d97f3ad..6cf671ac2d 100644 --- a/kubernetes/sdnc/values.yaml +++ b/kubernetes/sdnc/values.yaml @@ -43,8 +43,15 @@ secrets: - uid: db-root-password name: '{{ include "common.release" . }}-sdnc-db-root-password' type: password - externalSecret: '{{ .Values.global.mariadbGalera.localCluster | ternary (default (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (index .Values "mariadb-galera" "nameOverride"))) (index .Values "mariadb-galera" "config" "mariadbRootPasswordExternalSecret")) (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) }}' - password: '{{ (index .Values "mariadb-galera" "config" "mariadbRootPassword" }}' + externalSecret: '{{ .Values.global.mariadbGalera.localCluster | + ternary (default (include "common.mariadb.secret.rootPassSecretName" + (dict "dot" . "chartName" + (index .Values "mariadb-galera" "nameOverride"))) + (index .Values "mariadb-galera" "config" + "mariadbRootPasswordExternalSecret")) + (include "common.mariadb.secret.rootPassSecretName" + (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) }}' + password: '{{ (index .Values "mariadb-galera" "config" "mariadbRootPassword") }}' - uid: db-secret name: &dbSecretName '{{ include "common.release" . }}-sdnc-db-secret' type: basicAuth diff --git a/kubernetes/so/charts/so-bpmn-infra/values.yaml b/kubernetes/so/charts/so-bpmn-infra/values.yaml index 357a8fd62c..4c64caf304 100755 --- a/kubernetes/so/charts/so-bpmn-infra/values.yaml +++ b/kubernetes/so/charts/so-bpmn-infra/values.yaml @@ -30,14 +30,14 @@ secrets: - uid: db-user-creds name: '{{ include "common.release" . }}-so-bpmn-infra-db-user-creds' type: basicAuth - externalSecret: '{{ .Values.db.userCredsExternalSecret }}' + externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}' login: '{{ .Values.db.userName }}' password: '{{ .Values.db.userPassword }}' passwordPolicy: required - uid: db-admin-creds name: '{{ include "common.release" . }}-so-bpmn-infra-db-admin-creds' type: basicAuth - externalSecret: '{{ .Values.db.adminCredsExternalSecret }}' + externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}' login: '{{ .Values.db.adminName }}' password: '{{ .Values.db.adminPassword }}' passwordPolicy: required diff --git a/kubernetes/so/charts/so-catalog-db-adapter/values.yaml b/kubernetes/so/charts/so-catalog-db-adapter/values.yaml index 889f2e83ec..c276649a02 100755 --- a/kubernetes/so/charts/so-catalog-db-adapter/values.yaml +++ b/kubernetes/so/charts/so-catalog-db-adapter/values.yaml @@ -30,14 +30,14 @@ secrets: - uid: db-user-creds name: '{{ include "common.release" . }}-so-catalog-db-adapter-db-user-creds' type: basicAuth - externalSecret: '{{ .Values.db.userCredsExternalSecret }}' + externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}' login: '{{ .Values.db.userName }}' password: '{{ .Values.db.userPassword }}' passwordPolicy: required - uid: db-admin-creds name: '{{ include "common.release" . }}-so-catalog-db-adapter-db-admin-creds' type: basicAuth - externalSecret: '{{ .Values.db.adminCredsExternalSecret }}' + externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}' login: '{{ .Values.db.adminName }}' password: '{{ .Values.db.adminPassword }}' passwordPolicy: required diff --git a/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/01-create-camundabpmn.sh b/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/01-create-camundabpmn.sh index b6d30e405b..08adb4a407 100755 --- a/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/01-create-camundabpmn.sh +++ b/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/01-create-camundabpmn.sh @@ -23,12 +23,12 @@ echo "Creating camundabpmn database . . ." 1>/tmp/mariadb-camundabpmn.log 2>&1 -mysql -uroot -p$MYSQL_ROOT_PASSWORD << 'EOF' || exit 1 -DROP DATABASE IF EXISTS `camundabpmn`; -CREATE DATABASE `camundabpmn`; -DROP USER IF EXISTS 'camundauser'; -CREATE USER 'camundauser'; -GRANT ALL on camundabpmn.* to 'camundauser' identified by 'camunda123' with GRANT OPTION; +mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1 +DROP DATABASE IF EXISTS camundabpmn; +CREATE DATABASE camundabpmn; +DROP USER IF EXISTS '${CAMUNDA_DB_USER}'; +CREATE USER '${CAMUNDA_DB_USER}'; +GRANT ALL on camundabpmn.* to '${CAMUNDA_DB_USER}' identified by '${CAMUNDA_DB_PASSWORD}' with GRANT OPTION; FLUSH PRIVILEGES; EOF diff --git a/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/02-create-requestdb.sh b/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/02-create-requestdb.sh index b27760552d..0f404466ca 100755 --- a/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/02-create-requestdb.sh +++ b/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/02-create-requestdb.sh @@ -23,12 +23,12 @@ echo "Creating requestdb database . . ." 1>/tmp/mariadb-requestdb.log 2>&1 -mysql -uroot -p$MYSQL_ROOT_PASSWORD << 'EOF' || exit 1 -DROP DATABASE IF EXISTS `requestdb`; -CREATE DATABASE /*!32312 IF NOT EXISTS*/ `requestdb` /*!40100 DEFAULT CHARACTER SET latin1 */; -DROP USER IF EXISTS 'requestuser'; -CREATE USER 'requestuser'; -GRANT ALL on requestdb.* to 'requestuser' identified by 'request123' with GRANT OPTION; +mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1 +DROP DATABASE IF EXISTS requestdb; +CREATE DATABASE /*!32312 IF NOT EXISTS*/ requestdb /*!40100 DEFAULT CHARACTER SET latin1 */; +DROP USER IF EXISTS '${REQUEST_DB_USER}'; +CREATE USER '${REQUEST_DB_USER}'; +GRANT ALL on requestdb.* to '${REQUEST_DB_USER}' identified by '${REQUEST_DB_PASSWORD}' with GRANT OPTION; FLUSH PRIVILEGES; EOF diff --git a/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/03-create-catalogdb.sh b/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/03-create-catalogdb.sh index 10fb4b18db..3115ec6199 100755 --- a/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/03-create-catalogdb.sh +++ b/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/03-create-catalogdb.sh @@ -23,12 +23,12 @@ echo "Creating catalogdb database . . ." 1>/tmp/mariadb-catalogdb.log 2>&1 -mysql -uroot -p$MYSQL_ROOT_PASSWORD << 'EOF' || exit 1 -DROP DATABASE IF EXISTS `catalogdb`; -CREATE DATABASE /*!32312 IF NOT EXISTS*/ `catalogdb` /*!40100 DEFAULT CHARACTER SET latin1 */; -DROP USER IF EXISTS 'cataloguser'; -CREATE USER 'cataloguser'; -GRANT ALL on catalogdb.* to 'cataloguser' identified by 'catalog123' with GRANT OPTION; +mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1 +DROP DATABASE IF EXISTS catalogdb; +CREATE DATABASE /*!32312 IF NOT EXISTS*/ catalogdb /*!40100 DEFAULT CHARACTER SET latin1 */; +DROP USER IF EXISTS '${CATALOG_DB_USER}'; +CREATE USER '${CATALOG_DB_USER}'; +GRANT ALL on catalogdb.* to '${CATALOG_DB_USER}' identified by '${CATALOG_DB_PASSWORD}' with GRANT OPTION; FLUSH PRIVILEGES; EOF diff --git a/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/04-create-so-user.sh b/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/04-create-so-user.sh index 9c96720775..c4048002cf 100755 --- a/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/04-create-so-user.sh +++ b/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/04-create-so-user.sh @@ -23,13 +23,13 @@ echo "Creating so user . . ." 1>/tmp/mariadb-so-user.log 2>&1 -mysql -uroot -p$MYSQL_ROOT_PASSWORD << 'EOF' || exit 1 -DROP USER IF EXISTS 'so_user'; -CREATE USER 'so_user'; -GRANT USAGE ON *.* TO 'so_user'@'%' IDENTIFIED BY 'so_User123'; -GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON `requestdb`.* TO 'so_user'@'%'; -GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON `catalogdb`.* TO 'so_user'@'%'; -GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON `camundabpmn`.* TO 'so_user'@'%'; +mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1 +DROP USER IF EXISTS '${DB_USER}'; +CREATE USER '${DB_USER}'; +GRANT USAGE ON *.* TO '${DB_USER}'@'%' IDENTIFIED BY '${DB_PASSWORD}'; +GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON requestdb.* TO '${DB_USER}'@'%'; +GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON catalogdb.* TO '${DB_USER}'@'%'; +GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON camundabpmn.* TO '${DB_USER}'@'%'; FLUSH PRIVILEGES; EOF diff --git a/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/05-create-so-admin.sh b/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/05-create-so-admin.sh index 6eb3baaffa..e9d7c6fefa 100755 --- a/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/05-create-so-admin.sh +++ b/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/05-create-so-admin.sh @@ -23,13 +23,13 @@ echo "Creating so admin user . . ." 1>/tmp/mariadb-so-admin.log 2>&1 -mysql -uroot -p$MYSQL_ROOT_PASSWORD << 'EOF' || exit 1 -DROP USER IF EXISTS 'so_admin'; -CREATE USER 'so_admin'; -GRANT USAGE ON *.* TO 'so_admin'@'%' IDENTIFIED BY 'so_Admin123'; -GRANT ALL PRIVILEGES ON `camundabpmn`.* TO 'so_admin'@'%' WITH GRANT OPTION; -GRANT ALL PRIVILEGES ON `requestdb`.* TO 'so_admin'@'%' WITH GRANT OPTION; -GRANT ALL PRIVILEGES ON `catalogdb`.* TO 'so_admin'@'%' WITH GRANT OPTION; +mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1 +DROP USER IF EXISTS '${DB_ADMIN}'; +CREATE USER '${DB_ADMIN}'; +GRANT USAGE ON *.* TO '${DB_ADMIN}'@'%' IDENTIFIED BY '${DB_ADMIN_PASSWORD}'; +GRANT ALL PRIVILEGES ON camundabpmn.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION; +GRANT ALL PRIVILEGES ON requestdb.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION; +GRANT ALL PRIVILEGES ON catalogdb.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION; FLUSH PRIVILEGES; EOF diff --git a/kubernetes/so/charts/so-mariadb/templates/job.yaml b/kubernetes/so/charts/so-mariadb/templates/job.yaml index 31868bd8af..ec589ea33e 100644 --- a/kubernetes/so/charts/so-mariadb/templates/job.yaml +++ b/kubernetes/so/charts/so-mariadb/templates/job.yaml @@ -136,6 +136,26 @@ spec: key: mariadb.readwrite.port - name: MYSQL_ROOT_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 10 }} + - name: DB_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }} + - name: DB_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }} + - name: DB_ADMIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }} + - name: DB_ADMIN_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }} + - name: CAMUNDA_DB_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "camunda-db-creds" "key" "login") | indent 10 }} + - name: CAMUNDA_DB_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "camunda-db-creds" "key" "password") | indent 10 }} + - name: REQUEST_DB_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "request-db-creds" "key" "login") | indent 10 }} + - name: REQUEST_DB_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "request-db-creds" "key" "password") | indent 10 }} + - name: CATALOG_DB_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "catalog-db-creds" "key" "login") | indent 10 }} + - name: CATALOG_DB_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "catalog-db-creds" "key" "password") | indent 10 }} volumeMounts: - mountPath: /etc/localtime name: localtime diff --git a/kubernetes/so/charts/so-mariadb/values.yaml b/kubernetes/so/charts/so-mariadb/values.yaml index a5586c6665..5e7b2fef76 100755 --- a/kubernetes/so/charts/so-mariadb/values.yaml +++ b/kubernetes/so/charts/so-mariadb/values.yaml @@ -32,13 +32,13 @@ secrets: - uid: db-root-pass name: '{{ include "common.release" . }}-so-mariadb-root-pass' type: password - externalSecret: '{{ .Values.db.rootPasswordExternalSecret }}' + externalSecret: '{{ tpl (default "" .Values.db.rootPasswordExternalSecret) . }}' password: '{{ .Values.db.rootPassword }}' passwordPolicy: required - uid: db-backup-creds name: '{{ include "common.release" . }}-so-mariadb-backup-creds' type: basicAuth - externalSecret: '{{ .Values.db.backupCredsExternalSecret }}' + externalSecret: '{{ tpl (default "" .Values.db.backupCredsExternalSecret) . }}' login: '{{ .Values.db.backupUser }}' password: '{{ .Values.db.backupPassword }}' passwordPolicy: required @@ -46,6 +46,33 @@ secrets: helm.sh/hook: pre-upgrade,pre-install helm.sh/hook-weight: "0" helm.sh/hook-delete-policy: before-hook-creation + - uid: db-user-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}' + login: '{{ .Values.db.userName }}' + password: '{{ .Values.db.userPassword }}' + - uid: db-admin-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}' + login: '{{ .Values.db.adminName }}' + password: '{{ .Values.db.adminPassword }}' + - uid: camunda-db-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.camunda.dbCredsExternalSecret) . }}' + login: '{{ .Values.db.camunda.userName }}' + password: '{{ .Values.db.camunda.password }}' + - uid: request-db-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.request.dbCredsExternalSecret) . }}' + login: '{{ .Values.db.request.userName }}' + password: '{{ .Values.db.request.password }}' + - uid: catalog-db-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.catalog.dbCredsExternalSecret) . }}' + login: '{{ .Values.db.catalog.userName }}' + password: '{{ .Values.db.catalog.password }}' + + ################################################################# # Application configuration defaults. @@ -63,6 +90,25 @@ db: backupPassword: secretpassword backupUser: root # backupCredsExternalSecret: some secret + userName: so_user + userPassword: so_User123 + # userCredsExternalSecret: some secret + adminName: so_admin + adminPassword: so_Admin123 + # adminCredsExternalSecret: some secret + camunda: + userName: camundauser + password: camunda123 + # dbCredsExternalSecret: some secret + request: + userName: requestuser + password: request123 + # dbCredsExternalSecret: some secret + catalog: + userName: cataloguser + password: catalog123 + # dbCredsExternalSecret: some secret + # application configuration config: # gerrit branch where the latest heat code is checked in diff --git a/kubernetes/so/charts/so-monitoring/values.yaml b/kubernetes/so/charts/so-monitoring/values.yaml index d3904234e2..357c61cc45 100644 --- a/kubernetes/so/charts/so-monitoring/values.yaml +++ b/kubernetes/so/charts/so-monitoring/values.yaml @@ -34,13 +34,13 @@ global: secrets: - uid: db-user-creds type: basicAuth - externalSecret: '{{ .Values.db.userCredsExternalSecret }}' + externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}' login: '{{ .Values.db.userName }}' password: '{{ .Values.db.userPassword }}' passwordPolicy: required - uid: db-admin-creds type: basicAuth - externalSecret: '{{ .Values.db.adminCredsExternalSecret }}' + externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}' login: '{{ .Values.db.adminName }}' password: '{{ .Values.db.adminPassword }}' passwordPolicy: required diff --git a/kubernetes/so/charts/so-openstack-adapter/values.yaml b/kubernetes/so/charts/so-openstack-adapter/values.yaml index 13556c6ee4..6a0b04b4d1 100755 --- a/kubernetes/so/charts/so-openstack-adapter/values.yaml +++ b/kubernetes/so/charts/so-openstack-adapter/values.yaml @@ -29,13 +29,13 @@ global: secrets: - uid: db-user-creds type: basicAuth - externalSecret: '{{ .Values.db.userCredsExternalSecret }}' + externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}' login: '{{ .Values.db.userName }}' password: '{{ .Values.db.userPassword }}' passwordPolicy: required - uid: db-admin-creds type: basicAuth - externalSecret: '{{ .Values.db.adminCredsExternalSecret }}' + externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}' login: '{{ .Values.db.adminName }}' password: '{{ .Values.db.adminPassword }}' passwordPolicy: required diff --git a/kubernetes/so/charts/so-request-db-adapter/values.yaml b/kubernetes/so/charts/so-request-db-adapter/values.yaml index f15b7c27c6..6324cab35a 100755 --- a/kubernetes/so/charts/so-request-db-adapter/values.yaml +++ b/kubernetes/so/charts/so-request-db-adapter/values.yaml @@ -29,13 +29,13 @@ global: secrets: - uid: db-user-creds type: basicAuth - externalSecret: '{{ .Values.db.userCredsExternalSecret }}' + externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}' login: '{{ .Values.db.userName }}' password: '{{ .Values.db.userPassword }}' passwordPolicy: required - uid: db-admin-creds type: basicAuth - externalSecret: '{{ .Values.db.adminCredsExternalSecret }}' + externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}' login: '{{ .Values.db.adminName }}' password: '{{ .Values.db.adminPassword }}' passwordPolicy: required diff --git a/kubernetes/so/charts/so-sdc-controller/templates/deployment.yaml b/kubernetes/so/charts/so-sdc-controller/templates/deployment.yaml index c0ac078039..ca6be72273 100755 --- a/kubernetes/so/charts/so-sdc-controller/templates/deployment.yaml +++ b/kubernetes/so/charts/so-sdc-controller/templates/deployment.yaml @@ -66,25 +66,13 @@ spec: name: {{ include "common.release" . }}-so-db-secrets key: mariadb.readwrite.port - name: DB_USERNAME - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.rolename + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }} - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.password + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }} - name: DB_ADMIN_USERNAME - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.admin.rolename + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }} - name: DB_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.admin.password + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }} {{- if eq .Values.global.security.aaf.enabled true }} - name: TRUSTSTORE value: /app/org.onap.so.trust.jks diff --git a/kubernetes/so/charts/so-sdc-controller/templates/secret.yaml b/kubernetes/so/charts/so-sdc-controller/templates/secret.yaml new file mode 100644 index 0000000000..bd7eb8ea40 --- /dev/null +++ b/kubernetes/so/charts/so-sdc-controller/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/so/charts/so-sdc-controller/values.yaml b/kubernetes/so/charts/so-sdc-controller/values.yaml index 2cce8bb2dd..6d8adf7338 100755 --- a/kubernetes/so/charts/so-sdc-controller/values.yaml +++ b/kubernetes/so/charts/so-sdc-controller/values.yaml @@ -23,6 +23,23 @@ global: persistence: mountPath: /dockerdata-nfs +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-user-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}' + login: '{{ .Values.db.userName }}' + password: '{{ .Values.db.userPassword }}' + passwordPolicy: required + - uid: db-admin-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}' + login: '{{ .Values.db.adminName }}' + password: '{{ .Values.db.adminPassword }}' + passwordPolicy: required + ################################################################# # Application configuration defaults. ################################################################# @@ -30,6 +47,14 @@ repository: nexus3.onap.org:10001 image: onap/so/sdc-controller:1.5.3 pullPolicy: Always +db: + userName: so_user + userPassword: so_User123 + # userCredsExternalSecret: some secret + adminName: so_admin + adminPassword: so_Admin123 + # adminCredsExternalSecret: some secret + replicaCount: 1 minReadySeconds: 10 containerPort: 8085 diff --git a/kubernetes/so/charts/so-sdnc-adapter/templates/deployment.yaml b/kubernetes/so/charts/so-sdnc-adapter/templates/deployment.yaml index 3b3d189190..c5336cff3f 100755 --- a/kubernetes/so/charts/so-sdnc-adapter/templates/deployment.yaml +++ b/kubernetes/so/charts/so-sdnc-adapter/templates/deployment.yaml @@ -51,25 +51,13 @@ spec: name: {{ include "common.release" . }}-so-db-secrets key: mariadb.readwrite.port - name: DB_USERNAME - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.rolename + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }} - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.password + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }} - name: DB_ADMIN_USERNAME - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.admin.rolename + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }} - name: DB_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.admin.password + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }} {{- if eq .Values.global.security.aaf.enabled true }} - name: TRUSTSTORE value: /app/org.onap.so.trust.jks diff --git a/kubernetes/so/charts/so-sdnc-adapter/templates/secret.yaml b/kubernetes/so/charts/so-sdnc-adapter/templates/secret.yaml new file mode 100644 index 0000000000..bd7eb8ea40 --- /dev/null +++ b/kubernetes/so/charts/so-sdnc-adapter/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/so/charts/so-sdnc-adapter/values.yaml b/kubernetes/so/charts/so-sdnc-adapter/values.yaml index d1be03b541..b736253f56 100755 --- a/kubernetes/so/charts/so-sdnc-adapter/values.yaml +++ b/kubernetes/so/charts/so-sdnc-adapter/values.yaml @@ -23,6 +23,23 @@ global: persistence: mountPath: /dockerdata-nfs +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-user-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}' + login: '{{ .Values.db.userName }}' + password: '{{ .Values.db.userPassword }}' + passwordPolicy: required + - uid: db-admin-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}' + login: '{{ .Values.db.adminName }}' + password: '{{ .Values.db.adminPassword }}' + passwordPolicy: required + ################################################################# # Application configuration defaults. ################################################################# @@ -30,6 +47,14 @@ repository: nexus3.onap.org:10001 image: onap/so/sdnc-adapter:1.5.3 pullPolicy: Always +db: + userName: so_user + userPassword: so_User123 + # userCredsExternalSecret: some secret + adminName: so_admin + adminPassword: so_Admin123 + # adminCredsExternalSecret: some secret + replicaCount: 1 minReadySeconds: 10 containerPort: 8086 diff --git a/kubernetes/so/charts/so-vfc-adapter/values.yaml b/kubernetes/so/charts/so-vfc-adapter/values.yaml index 028f2b51b5..f442860ab3 100755 --- a/kubernetes/so/charts/so-vfc-adapter/values.yaml +++ b/kubernetes/so/charts/so-vfc-adapter/values.yaml @@ -29,13 +29,13 @@ global: secrets: - uid: db-user-creds type: basicAuth - externalSecret: '{{ .Values.db.userCredsExternalSecret }}' + externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}' login: '{{ .Values.db.userName }}' password: '{{ .Values.db.userPassword }}' passwordPolicy: required - uid: db-admin-creds type: basicAuth - externalSecret: '{{ .Values.db.adminCredsExternalSecret }}' + externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}' login: '{{ .Values.db.adminName }}' password: '{{ .Values.db.adminPassword }}' passwordPolicy: required diff --git a/kubernetes/so/templates/deployment.yaml b/kubernetes/so/templates/deployment.yaml index c0ac078039..ca6be72273 100755 --- a/kubernetes/so/templates/deployment.yaml +++ b/kubernetes/so/templates/deployment.yaml @@ -66,25 +66,13 @@ spec: name: {{ include "common.release" . }}-so-db-secrets key: mariadb.readwrite.port - name: DB_USERNAME - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.rolename + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }} - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.password + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }} - name: DB_ADMIN_USERNAME - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.admin.rolename + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }} - name: DB_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.admin.password + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }} {{- if eq .Values.global.security.aaf.enabled true }} - name: TRUSTSTORE value: /app/org.onap.so.trust.jks diff --git a/kubernetes/so/templates/secret.yaml b/kubernetes/so/templates/secret.yaml new file mode 100644 index 0000000000..bd7eb8ea40 --- /dev/null +++ b/kubernetes/so/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml index 807d2a6c7e..b2a8b681b3 100755 --- a/kubernetes/so/values.yaml +++ b/kubernetes/so/values.yaml @@ -26,7 +26,8 @@ global: nameOverride: mariadb-galera serviceName: mariadb-galera servicePort: "3306" - mariadbRootPassword: secretpassword + # mariadbRootPassword: secretpassword + # rootPasswordExternalSecret: some secret #This flag allows SO to instantiate its own mariadb-galera cluster, #serviceName and nameOverride should be so-mariadb-galera if this flag is enabled localCluster: false @@ -40,6 +41,7 @@ global: dbPort: 3306 dbUser: root dbPassword: secretpassword + # dbCredsExternalSecret: some secret msbEnabled: true security: aaf: @@ -69,9 +71,55 @@ global: certs: trustStorePassword: b25hcDRzbw== keyStorePassword: c280b25hcA== + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-root-pass + name: &dbRootPassSecretName '{{ include "common.release" . }}-so-db-root-pass' + type: password + externalSecret: '{{ ternary .Values.global.mariadbGalera.rootPasswordExternalSecret (default (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) .Values.global.mariadbGalera.rootPasswordExternalSecret) .Values.global.mariadbGalera.localCluster }}' + password: '{{ .Values.global.mariadbGalera.mariadbRootpassword }}' + - uid: db-backup-creds + name: &dbBackupCredsSecretName '{{ include "common.release" . }}-so-db-backup-creds' + type: basicAuth + externalSecret: '{{ ternary .Values.global.migration.dbCredsExternalSecret "migrationDisabled" .Values.global.migration.enabled }}' + login: '{{ ternary .Values.global.migration.dbUser "migrationDisabled" .Values.global.migration.enabled }}' + password: '{{ ternary .Values.global.migration.dbPassword "migrationDisabled" .Values.global.migration.enabled }}' + passwordPolicy: required + annotations: + helm.sh/hook: pre-upgrade,pre-install + helm.sh/hook-weight: "0" + helm.sh/hook-delete-policy: before-hook-creation + - uid: db-user-creds + name: &dbUserCredsSecretName '{{ include "common.release" . }}-so-db-user-creds' + type: basicAuth + externalSecret: '{{ .Values.dbCreds.userCredsExternalSecret }}' + login: '{{ .Values.dbCreds.userName }}' + password: '{{ .Values.dbCreds.userPassword }}' + passwordPolicy: generate + - uid: db-admin-creds + name: &dbAdminCredsSecretName '{{ include "common.release" . }}-so-db-admin-creds' + type: basicAuth + externalSecret: '{{ .Values.dbCreds.adminCredsExternalSecret }}' + login: '{{ .Values.dbCreds.adminName }}' + password: '{{ .Values.dbCreds.adminPassword }}' + passwordPolicy: generate + ################################################################# # Application configuration defaults. ################################################################# + +dbSecrets: &dbSecrets + userCredsExternalSecret: *dbUserCredsSecretName + adminCredsExternalSecret: *dbAdminCredsSecretName + +# unused in this, just to pass to subcharts +dbCreds: + userName: so_user + adminName: so_admin + repository: nexus3.onap.org:10001 image: onap/so/api-handler-infra:1.5.3 pullPolicy: Always @@ -133,6 +181,8 @@ config: # --set so.global.mariadbGalera.nameOverride=so-mariadb-galera \ # --set so.global.mariadbGalera.serviceName=so-mariadb-galera mariadb-galera: + config: + mariadbRootPasswordExternalSecret: *dbRootPassSecretName nameOverride: so-mariadb-galera replicaCount: 1 service: @@ -172,7 +222,10 @@ mso: auth: 51EA5414022D7BE536E7516C4D1A6361416921849B72C0D6FC1C7F262FD9F2BBC2AD124190A332D9845A188AD80955567A4F975C84C221EEA8243BFD92FFE6896CDD1EA16ADD34E1E3D47D4A health: auth: basic bXNvX2FkbWlufHBhc3N3b3JkMSQ= + so-bpmn-infra: + db: + <<: *dbSecrets cds: auth: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw== aai: @@ -204,7 +257,10 @@ so-bpmn-infra: vnfm: adapter: auth: Basic dm5mbTpwYXNzd29yZDEk + so-catalog-db-adapter: + db: + <<: *dbSecrets mso: config: cadi: @@ -215,7 +271,10 @@ so-catalog-db-adapter: adapters: db: auth: Basic YnBlbDpwYXNzd29yZDEk + so-openstack-adapter: + db: + <<: *dbSecrets aaf: auth: encrypted: 7F182B0C05D58A23A1C4966B9CDC9E0B8BC5CD53BC8C7B4083D869F8D53E9BDC3EFD55C94B1D3F @@ -240,7 +299,10 @@ so-openstack-adapter: noAuthn: /manage/health db: auth: Basic YnBlbDpwYXNzd29yZDEk + so-request-db-adapter: + db: + <<: *dbSecrets mso: config: cadi: @@ -251,7 +313,10 @@ so-request-db-adapter: adapters: requestDb: auth: Basic YnBlbDpwYXNzd29yZDEk + so-sdc-controller: + db: + <<: *dbSecrets aai: auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586 mso: @@ -271,6 +336,8 @@ so-sdc-controller: asdc-controller1: password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F so-sdnc-adapter: + db: + <<: *dbSecrets org: onap: so: @@ -292,7 +359,10 @@ so-sdnc-adapter: auth: Basic YnBlbDpwYXNzd29yZDEk rest: aafEncrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456 + so-vfc-adapter: + db: + <<: *dbSecrets mso: config: cadi: @@ -322,3 +392,15 @@ so-vnfm-adapter: aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9 apiEnforcement: org.onap.so.vnfmAdapterPerm noAuthn: /manage/health + +so-monitoring: + db: + <<: *dbSecrets + +so-mariadb: + db: + rootPasswordExternalSecretLocalDb: *dbRootPassSecretName + rootPasswordExternalSecret: '{{ ternary .Values.db.rootPasswordExternalSecretLocalDb (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) .Values.global.mariadbGalera.localCluster }}' + backupCredsExternalSecret: *dbBackupCredsSecretName + userCredsExternalSecret: *dbUserCredsSecretName + adminCredsExternalSecret: *dbAdminCredsSecretName diff --git a/kubernetes/uui/charts/uui-server/values.yaml b/kubernetes/uui/charts/uui-server/values.yaml index b83180757b..567baabbdf 100644 --- a/kubernetes/uui/charts/uui-server/values.yaml +++ b/kubernetes/uui/charts/uui-server/values.yaml @@ -25,7 +25,7 @@ flavor: small # application image repository: nexus3.onap.org:10001 -image: onap/usecase-ui-server:2.0.2 +image: onap/usecase-ui-server:3.0.1 pullPolicy: Always # application configuration diff --git a/kubernetes/uui/values.yaml b/kubernetes/uui/values.yaml index e76e46c64f..ca45b68727 100644 --- a/kubernetes/uui/values.yaml +++ b/kubernetes/uui/values.yaml @@ -25,7 +25,7 @@ flavor: small # application image repository: nexus3.onap.org:10001 -image: onap/usecase-ui:2.0.5 +image: onap/usecase-ui:3.0.1 pullPolicy: Always # application configuration diff --git a/kubernetes/vfc/charts/vfc-nslcm/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-nslcm/templates/deployment.yaml index 395eedcb84..0f148d7dd4 100644 --- a/kubernetes/vfc/charts/vfc-nslcm/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-nslcm/templates/deployment.yaml @@ -84,7 +84,7 @@ spec: - name: MYSQL_ROOT_USER value: "{{ .Values.global.config.mariadb_admin }}" - name: MYSQL_ROOT_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}} - name: REDIS_ADDR value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}" - name: REG_TO_MSB_WHEN_START diff --git a/kubernetes/vfc/charts/vfc-nslcm/templates/secrets.yaml b/kubernetes/vfc/charts/vfc-nslcm/templates/secrets.yaml index d053c484be..b0cc27bd8d 100644 --- a/kubernetes/vfc/charts/vfc-nslcm/templates/secrets.yaml +++ b/kubernetes/vfc/charts/vfc-nslcm/templates/secrets.yaml @@ -12,4 +12,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -{{ include "common.secret" . }} +{{ include "common.secretFast" . }} diff --git a/kubernetes/vfc/charts/vfc-nslcm/values.yaml b/kubernetes/vfc/charts/vfc-nslcm/values.yaml index 30bcc7bde0..023ec59104 100644 --- a/kubernetes/vfc/charts/vfc-nslcm/values.yaml +++ b/kubernetes/vfc/charts/vfc-nslcm/values.yaml @@ -39,7 +39,7 @@ secrets: flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/nslcm:1.3.7 +image: onap/vfc/nslcm:1.3.8 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/vfc/charts/vfc-vnflcm/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-vnflcm/templates/deployment.yaml index 93320147a9..888b80844e 100644 --- a/kubernetes/vfc/charts/vfc-vnflcm/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-vnflcm/templates/deployment.yaml @@ -84,7 +84,7 @@ spec: - name: MYSQL_ROOT_USER value: "{{ .Values.global.config.mariadb_admin }}" - name: MYSQL_ROOT_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}} - name: REDIS_ADDR value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}" - name: REG_TO_MSB_WHEN_START diff --git a/kubernetes/vfc/charts/vfc-vnflcm/templates/secrets.yaml b/kubernetes/vfc/charts/vfc-vnflcm/templates/secrets.yaml index d053c484be..b0cc27bd8d 100644 --- a/kubernetes/vfc/charts/vfc-vnflcm/templates/secrets.yaml +++ b/kubernetes/vfc/charts/vfc-vnflcm/templates/secrets.yaml @@ -12,4 +12,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -{{ include "common.secret" . }} +{{ include "common.secretFast" . }} diff --git a/kubernetes/vfc/charts/vfc-vnflcm/values.yaml b/kubernetes/vfc/charts/vfc-vnflcm/values.yaml index 60a6abcb7b..76eebe5090 100644 --- a/kubernetes/vfc/charts/vfc-vnflcm/values.yaml +++ b/kubernetes/vfc/charts/vfc-vnflcm/values.yaml @@ -39,7 +39,7 @@ secrets: flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/vnflcm:1.3.7 +image: onap/vfc/vnflcm:1.3.8 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/vfc/charts/vfc-vnfmgr/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-vnfmgr/templates/deployment.yaml index 61adba88e8..a9e657769d 100644 --- a/kubernetes/vfc/charts/vfc-vnfmgr/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-vnfmgr/templates/deployment.yaml @@ -86,7 +86,7 @@ spec: - name: MYSQL_ROOT_USER value: "{{ .Values.global.config.mariadb_admin }}" - name: MYSQL_ROOT_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}} - name: REG_TO_MSB_WHEN_START value: "{{ .Values.global.config.reg_to_msb_when_start }}" volumeMounts: diff --git a/kubernetes/vfc/charts/vfc-vnfmgr/templates/secrets.yaml b/kubernetes/vfc/charts/vfc-vnfmgr/templates/secrets.yaml index d053c484be..b0cc27bd8d 100644 --- a/kubernetes/vfc/charts/vfc-vnfmgr/templates/secrets.yaml +++ b/kubernetes/vfc/charts/vfc-vnfmgr/templates/secrets.yaml @@ -12,4 +12,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -{{ include "common.secret" . }} +{{ include "common.secretFast" . }} diff --git a/kubernetes/vfc/charts/vfc-vnfres/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-vnfres/templates/deployment.yaml index ee9ff9cb45..ca056857d5 100644 --- a/kubernetes/vfc/charts/vfc-vnfres/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-vnfres/templates/deployment.yaml @@ -86,7 +86,7 @@ spec: - name: MYSQL_ROOT_USER value: "{{ .Values.global.config.mariadb_admin }}" - name: MYSQL_ROOT_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}} - name: REG_TO_MSB_WHEN_START value: "{{ .Values.global.config.reg_to_msb_when_start }}" volumeMounts: diff --git a/kubernetes/vfc/charts/vfc-vnfres/templates/secrets.yaml b/kubernetes/vfc/charts/vfc-vnfres/templates/secrets.yaml index d053c484be..b0cc27bd8d 100644 --- a/kubernetes/vfc/charts/vfc-vnfres/templates/secrets.yaml +++ b/kubernetes/vfc/charts/vfc-vnfres/templates/secrets.yaml @@ -12,4 +12,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -{{ include "common.secret" . }} +{{ include "common.secretFast" . }} diff --git a/kubernetes/vfc/templates/secrets.yaml b/kubernetes/vfc/templates/secrets.yaml index d053c484be..b0cc27bd8d 100644 --- a/kubernetes/vfc/templates/secrets.yaml +++ b/kubernetes/vfc/templates/secrets.yaml @@ -12,4 +12,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -{{ include "common.secret" . }} +{{ include "common.secretFast" . }} diff --git a/kubernetes/vid/templates/deployment.yaml b/kubernetes/vid/templates/deployment.yaml index d449da1140..a031dbcede 100644 --- a/kubernetes/vid/templates/deployment.yaml +++ b/kubernetes/vid/templates/deployment.yaml @@ -106,9 +106,9 @@ spec: - name: VID_MYSQL_DBNAME value: {{ index .Values "mariadb-galera" "config" "mysqlDatabase" }} - name: VID_MYSQL_USER - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "vid-db-user-secret" "key" "login") | indent 14 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "vid-db-user-secret" "key" "login") | indent 14 }} - name: VID_MYSQL_PASS - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "vid-db-user-secret" "key" "password") | indent 14 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "vid-db-user-secret" "key" "password") | indent 14 }} - name: VID_MYSQL_MAXCONNECTIONS value: "{{ .Values.config.vidmysqlmaxconnections }}" volumeMounts: diff --git a/kubernetes/vid/templates/job.yaml b/kubernetes/vid/templates/job.yaml index 75e40a1201..724b4e11a6 100644 --- a/kubernetes/vid/templates/job.yaml +++ b/kubernetes/vid/templates/job.yaml @@ -61,11 +61,11 @@ spec: - /dbcmd-config/db_cmd.sh env: - name: MYSQL_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "vid-db-user-secret" "key" "password") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "vid-db-user-secret" "key" "password") | indent 10 }} - name: MYSQL_HOST value: {{ index .Values "mariadb-galera" "service" "name" }} - name: MYSQL_USER - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "vid-db-user-secret" "key" "login") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "vid-db-user-secret" "key" "login") | indent 10 }} - name: MYSQL_PORT value: "{{ index .Values "mariadb-galera" "service" "internalPort" }}" restartPolicy: Never diff --git a/kubernetes/vid/templates/secrets.yaml b/kubernetes/vid/templates/secrets.yaml index 44a9b3e9e0..9be979bba5 100644 --- a/kubernetes/vid/templates/secrets.yaml +++ b/kubernetes/vid/templates/secrets.yaml @@ -13,7 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -{{ include "common.secret" . }} +{{ include "common.secretFast" . }} --- apiVersion: v1 kind: Secret diff --git a/kubernetes/vid/values.yaml b/kubernetes/vid/values.yaml index f22ea19e56..ebac50bc51 100644 --- a/kubernetes/vid/values.yaml +++ b/kubernetes/vid/values.yaml @@ -39,7 +39,7 @@ subChartsOnly: # application image repository: nexus3.onap.org:10001 -image: onap/vid:6.0.3 +image: onap/vid:6.0.4 pullPolicy: Always # mariadb image for initializing