From: Sylvain Desbureaux Date: Wed, 20 Oct 2021 07:21:07 +0000 (+0000) Subject: Merge "[DCAEGEN2-SERVICES] Fix and resolve remote references in st. def. domain" X-Git-Tag: 9.0.0~72 X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=99b4b5996d59a4a37b1552b9775359d60266d8f0;hp=11e395ae06830ef88b57451abc1d7db57a74f35e;p=oom.git Merge "[DCAEGEN2-SERVICES] Fix and resolve remote references in st. def. domain" --- diff --git a/kubernetes/a1policymanagement/values.yaml b/kubernetes/a1policymanagement/values.yaml index 103a621f52..07d12343a8 100644 --- a/kubernetes/a1policymanagement/values.yaml +++ b/kubernetes/a1policymanagement/values.yaml @@ -63,7 +63,7 @@ certInitializer: echo "*** change ownership of certificates to targeted user" chown -R 1000 . -image: onap/ccsdk-oran-a1policymanagementservice:1.1.3 +image: onap/ccsdk-oran-a1policymanagementservice:1.2.1 userID: 1000 #Should match with image-defined user ID groupID: 999 #Should match with image-defined group ID pullPolicy: IfNotPresent diff --git a/kubernetes/aaf/components/aaf-sms/resources/config/osdf.json b/kubernetes/aaf/components/aaf-sms/resources/config/osdf.json index add0808701..3ede31dc44 100644 --- a/kubernetes/aaf/components/aaf-sms/resources/config/osdf.json +++ b/kubernetes/aaf/components/aaf-sms/resources/config/osdf.json @@ -99,6 +99,13 @@ "UserName": "${OSDF_OPT_ENGINE_USER}", "Password": "${OSDF_OPT_ENGINE_PASS}" } + }, + { + "name": "cps", + "values": { + "UserName": "${CPS_USER}", + "Password": "${CPS_PASS}" + } } ] } diff --git a/kubernetes/aaf/components/aaf-sms/templates/job.yaml b/kubernetes/aaf/components/aaf-sms/templates/job.yaml index 6e50620a99..6d9ecaa7cb 100644 --- a/kubernetes/aaf/components/aaf-sms/templates/job.yaml +++ b/kubernetes/aaf/components/aaf-sms/templates/job.yaml @@ -52,6 +52,7 @@ spec: export OSDF_OPT_ENGINE_PASS=${OSDF_OPT_ENGINE_PASS_PLAIN}; export SO_PASS=${SO_PASS_PLAIN}; export SDC_PASS=${SDC_PASS_PLAIN}; + export CPS_PASS=${CPS_PASS_PLAIN}; cd /config-input; for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; @@ -137,6 +138,11 @@ spec: - name: SDC_PASS_PLAIN {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdc-creds" "key" "password") | indent 10 }} + - name: CPS_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-creds" "key" "login") | indent 10 }} + - name: CPS_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-creds" "key" "password") | indent 10 }} + volumeMounts: - mountPath: /config-input name: {{ include "common.name" . }}-preload-input diff --git a/kubernetes/aaf/components/aaf-sms/values.yaml b/kubernetes/aaf/components/aaf-sms/values.yaml index ab7d8fb71b..cde8529cc1 100644 --- a/kubernetes/aaf/components/aaf-sms/values.yaml +++ b/kubernetes/aaf/components/aaf-sms/values.yaml @@ -197,6 +197,12 @@ secrets: login: '{{ .Values.oofCreds.sdcUsername }}' password: '{{ .Values.oofCreds.sdcPassword }}' passwordPolicy: required + - uid: cps-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.oofCreds.cpsUserExternalSecret) . }}' + login: '{{ .Values.oofCreds.cpsUsername }}' + password: '{{ .Values.oofCreds.cpsPassword }}' + passwordPolicy: required oofCreds: aaiUsername: oof@oof.onap.org aaiPassword: demo123456! @@ -246,6 +252,10 @@ oofCreds: sdcUsername: aai sdcPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U + cpsUsername: '' + cpsPassword: '' + cpsUserExternalSecret: '{{ include "common.release" . }}-cps-core-app-user-creds' + # Configure resource requests and limits resources: small: diff --git a/kubernetes/cli/requirements.yaml b/kubernetes/cli/requirements.yaml index e2ce84d0a3..2394a6700d 100644 --- a/kubernetes/cli/requirements.yaml +++ b/kubernetes/cli/requirements.yaml @@ -25,3 +25,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/cli/templates/deployment.yaml b/kubernetes/cli/templates/deployment.yaml index 735308754f..0a3f967eee 100644 --- a/kubernetes/cli/templates/deployment.yaml +++ b/kubernetes/cli/templates/deployment.yaml @@ -75,6 +75,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: lighttpd configMap: diff --git a/kubernetes/cli/values.yaml b/kubernetes/cli/values.yaml index 4dcee4568c..28d227645a 100644 --- a/kubernetes/cli/values.yaml +++ b/kubernetes/cli/values.yaml @@ -126,3 +126,9 @@ resources: cpu: 2 memory: 4Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: cli + roles: + - read diff --git a/kubernetes/common/dgbuilder/values.yaml b/kubernetes/common/dgbuilder/values.yaml index 0f91bbd882..681c6afc4f 100644 --- a/kubernetes/common/dgbuilder/values.yaml +++ b/kubernetes/common/dgbuilder/values.yaml @@ -69,7 +69,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/ccsdk-dgbuilder-image:1.1.1 +image: onap/ccsdk-dgbuilder-image:1.2.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/common/network-name-gen/values.yaml b/kubernetes/common/network-name-gen/values.yaml index daf29ccca9..c1717c3d24 100644 --- a/kubernetes/common/network-name-gen/values.yaml +++ b/kubernetes/common/network-name-gen/values.yaml @@ -74,7 +74,7 @@ mariadb-init: # Application configuration defaults. ################################################################# # application image -image: onap/ccsdk-apps-ms-neng:1.1.1 +image: onap/ccsdk-apps-ms-neng:1.2.0 pullPolicy: IfNotPresent # application configuration diff --git a/kubernetes/common/postgres-init/.helmignore b/kubernetes/common/postgres-init/.helmignore new file mode 100644 index 0000000000..f0c1319444 --- /dev/null +++ b/kubernetes/common/postgres-init/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/kubernetes/common/postgres-init/Chart.yaml b/kubernetes/common/postgres-init/Chart.yaml new file mode 100644 index 0000000000..7de0d9acb6 --- /dev/null +++ b/kubernetes/common/postgres-init/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2021 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: Chart for Postgres init job +name: postgres-init +version: 8.0.0 diff --git a/kubernetes/common/postgres-init/requirements.yaml b/kubernetes/common/postgres-init/requirements.yaml new file mode 100644 index 0000000000..1a4ab2f2cf --- /dev/null +++ b/kubernetes/common/postgres-init/requirements.yaml @@ -0,0 +1,21 @@ +# Copyright © 2021 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~8.x-0 + repository: 'file://../common' + - name: repositoryGenerator + version: ~8.x-0 + repository: 'file://../repositoryGenerator' diff --git a/kubernetes/common/postgres-init/resources/config/setup.sql b/kubernetes/common/postgres-init/resources/config/setup.sql new file mode 100644 index 0000000000..06e07245be --- /dev/null +++ b/kubernetes/common/postgres-init/resources/config/setup.sql @@ -0,0 +1,19 @@ +--- User Setup +CREATE USER "${PG_USER}" LOGIN; +ALTER USER "${PG_USER}" PASSWORD '${PG_PASSWORD}'; + +CREATE DATABASE ${PG_DATABASE}; +GRANT ALL PRIVILEGES ON DATABASE ${PG_DATABASE} TO "${PG_USER}"; + +--- PG_DATABASE Setup + +\c ${PG_DATABASE} + +CREATE EXTENSION IF NOT EXISTS pg_stat_statements; +CREATE EXTENSION IF NOT EXISTS pgaudit; + +--- Create schema for PG_USER + +\c ${PG_DATABASE} + +CREATE SCHEMA IF NOT EXISTS "${PG_USER}" AUTHORIZATION "${PG_USER}"; diff --git a/kubernetes/common/postgres-init/templates/configmap.yaml b/kubernetes/common/postgres-init/templates/configmap.yaml new file mode 100644 index 0000000000..66c28a0c69 --- /dev/null +++ b/kubernetes/common/postgres-init/templates/configmap.yaml @@ -0,0 +1,29 @@ +{{/* +# Copyright © 2021 Orange +# +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} diff --git a/kubernetes/common/postgres-init/templates/job.yaml b/kubernetes/common/postgres-init/templates/job.yaml new file mode 100644 index 0000000000..01151bb4a9 --- /dev/null +++ b/kubernetes/common/postgres-init/templates/job.yaml @@ -0,0 +1,121 @@ +{{/* +# Copyright © 2021 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "common.fullname" . }}-config-job + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + backoffLimit: 20 + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} + name: {{ include "common.name" . }} + spec: + initContainers: + - name: {{ include "common.name" . }}-readiness + command: + - /app/ready.py + args: + - --container-name + - {{ .Values.global.postgres.container.name }} + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: {{ include "repositoryGenerator.image.readiness" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + containers: + - command: + - sh + args: + - -c + - | + function prepare_password { + echo -n $1 | sed -e "s/'/''/g" + } + export PG_PASSWORD=`prepare_password $PG_PASSWORD_INPUT`; + export PG_ROOT_PASSWORD=`prepare_password $PG_ROOT_PASSWORD_INPUT`; + cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done; + psql "postgresql://postgres:$PG_ROOT_PASSWORD@$PG_HOST" < /config/setup.sql + env: + - name: PG_HOST + value: "{{ .Values.global.postgres.service.name2 }}" + - name: PG_PRIMARY_USER + value: primaryuser + - name: MODE + value: postgres + - name: PG_PRIMARY_PASSWORD_INPUT + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.postgres.secret.primaryPasswordUID" .) "key" "password") | indent 10 }} + - name: PG_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "login") | indent 10 }} + - name: PG_PASSWORD_INPUT + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "password") | indent 10 }} + - name: PG_DATABASE + value: "{{ .Values.config.pgDatabase }}" + - name: PG_ROOT_PASSWORD_INPUT + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.postgres.secret.rootPassUID" .) "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /config-input/setup.sql + name: config + subPath: setup.sql + - mountPath: /config + name: pgconf + image: {{ include "repositoryGenerator.image.postgres" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /config-input/setup.sql + name: config + subPath: setup.sql + - mountPath: /config + name: pgconf + resources: +{{ include "common.resources" . | indent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: config + configMap: + name: {{ include "common.fullname" . }} + - name: pgconf + emptyDir: + medium: Memory + restartPolicy: Never + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/common/postgres-init/templates/secrets.yaml b/kubernetes/common/postgres-init/templates/secrets.yaml new file mode 100644 index 0000000000..f3bea1ff6d --- /dev/null +++ b/kubernetes/common/postgres-init/templates/secrets.yaml @@ -0,0 +1,16 @@ +{{/* +# Copyright © 2021 Orange +# # +# # Licensed under the Apache License, Version 2.0 (the "License"); +# # you may not use this file except in compliance with the License. +# # You may obtain a copy of the License at +# # +# # http://www.apache.org/licenses/LICENSE-2.0 +# # +# # Unless required by applicable law or agreed to in writing, software +# # distributed under the License is distributed on an "AS IS" BASIS, +# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# # See the License for the specific language governing permissions and +# # limitations under the License. +*/}} +{{ include "common.secretFast" . }} diff --git a/kubernetes/common/postgres-init/values.yaml b/kubernetes/common/postgres-init/values.yaml new file mode 100644 index 0000000000..7bcd8e23b4 --- /dev/null +++ b/kubernetes/common/postgres-init/values.yaml @@ -0,0 +1,91 @@ +# Copyright © 2021 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + postgres: + service: + name: pgset + container: + name: postgres + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: '{{ include "common.postgres.secret.rootPassUID" . }}' + type: password + externalSecret: '{{ tpl (default "" .Values.config.pgRootPasswordExternalSecret) . }}' + password: '{{ .Values.config.pgRootPassword }}' + - uid: '{{ include "common.postgres.secret.userCredentialsUID" . }}' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.pgUserExternalSecret) . }}' + login: '{{ .Values.config.pgUserName }}' + password: '{{ .Values.config.pgUserPassword }}' + - uid: '{{ include "common.postgres.secret.primaryPasswordUID" . }}' + type: password + externalSecret: '{{ tpl (default "" .Values.config.pgPrimaryPasswordExternalSecret) . }}' + password: '{{ .Values.config.pgPrimaryPassword }}' + +################################################################# +# Application configuration defaults. +################################################################# + +pullPolicy: Always + +# application configuration +config: + pgUserName: testuser + pgDatabase: userdb + pgDataPath: data + pgRootPasswordExternalSecret: '{{ include "common.namespace" . }}-postgres-db-root-password' + # pgPrimaryPassword: password + # pgUserPassword: password + # pgRootPassword: password + +nodeSelector: {} + +affinity: {} + +flavor: small + +#resources: {} +# We usually recommend not to specify default resources and to leave this as a conscious +# choice for the user. This also increases chances charts run on environments with little +# resources, such as Minikube. If you do want to specify resources, uncomment the following +# lines, adjust them as necessary, and remove the curly braces after 'resources:'. +# +# Example: +# Configure resource requests and limits +# ref: http://kubernetes.io/docs/user-guide/compute-resources/ +# Minimum memory for development is 2 CPU cores and 4GB memory +# Minimum memory for production is 4 CPU cores and 8GB memory +resources: + small: + limits: + cpu: 100m + memory: 300Mi + requests: + cpu: 10m + memory: 90Mi + large: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 1 + memory: 2Gi + unlimited: {} diff --git a/kubernetes/common/postgres/templates/_deployment.tpl b/kubernetes/common/postgres/templates/_deployment.tpl index d93d401ebc..341b4c86c7 100644 --- a/kubernetes/common/postgres/templates/_deployment.tpl +++ b/kubernetes/common/postgres/templates/_deployment.tpl @@ -1,6 +1,7 @@ {{/* # Copyright © 2018 Amdocs, AT&T, Bell Canada # Copyright © 2020 Samsung Electronics +# Copyright © 2021 Orange # Modifications Copyright (C) 2021 Bell Canada. # # # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -126,9 +127,9 @@ spec: - name: PG_MODE value: {{ $pgMode }} - name: PG_PRIMARY_HOST - value: "{{ $dot.Values.container.name.primary }}" + value: "{{ $dot.Values.service.name2 }}" - name: PG_REPLICA_HOST - value: "{{ $dot.Values.container.name.replica }}" + value: "{{ $dot.Values.service.name3 }}" - name: PG_PRIMARY_PORT value: "{{ $dot.Values.service.internalPort }}" - name: PG_PRIMARY_PASSWORD diff --git a/kubernetes/common/roles-wrapper/templates/role.yaml b/kubernetes/common/roles-wrapper/templates/role.yaml index e2a84b4151..0be6c7bbd6 100644 --- a/kubernetes/common/roles-wrapper/templates/role.yaml +++ b/kubernetes/common/roles-wrapper/templates/role.yaml @@ -32,6 +32,7 @@ rules: resources: - pods - deployments + - deployments/status - jobs - jobs/status - statefulsets @@ -52,6 +53,7 @@ rules: resources: - pods - deployments + - deployments/status - jobs - jobs/status - statefulsets @@ -59,6 +61,7 @@ rules: - replicasets/status - daemonsets - secrets + - services verbs: - get - watch @@ -68,6 +71,7 @@ rules: - apps resources: - statefulsets + - configmaps verbs: - patch - apiGroups: @@ -76,6 +80,8 @@ rules: resources: - deployments - secrets + - services + - pods verbs: - create - apiGroups: @@ -85,7 +91,8 @@ rules: - pods - persistentvolumeclaims - secrets - - deployment + - deployments + - services verbs: - delete - apiGroups: @@ -95,6 +102,13 @@ rules: - pods/exec verbs: - create +- apiGroups: + - cert-manager.io + resources: + - certificates + verbs: + - create + - delete {{- else }} # if you don't match read or create, then you're not allowed to use API # except to see basic information about yourself diff --git a/kubernetes/common/timescaledb/templates/statefulset.yaml b/kubernetes/common/timescaledb/templates/statefulset.yaml index 435c925eb2..a3d942fcfa 100644 --- a/kubernetes/common/timescaledb/templates/statefulset.yaml +++ b/kubernetes/common/timescaledb/templates/statefulset.yaml @@ -29,25 +29,26 @@ spec: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . ) }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{ include "common.podSecurityContext" . | indent 10 | trim}} initContainers: - - name: chowm-mount-path + # we shouldn't need this but for unknown reason, it's fsGroup is not + # applied + - name: fix-permission command: - /bin/sh args: - -c - - chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.runAsGroup }} /var/lib/postgresql/data + - chown -R {{ .Values.securityContext.user_id }}:{{ .Values.securityContext.group_id }} /var/lib/postgresql/data image: {{ include "repositoryGenerator.image.busybox" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + securityContext: + runAsUser: 0 volumeMounts: - mountPath: /var/lib/postgresql/data name: {{ include "common.fullname" . }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }} - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} imagePullPolicy: {{ .Values.pullPolicy }} ports: {{ include "common.containerPorts" . | nindent 12 }} livenessProbe: diff --git a/kubernetes/common/timescaledb/values.yaml b/kubernetes/common/timescaledb/values.yaml index 55acd92847..258f516ff0 100644 --- a/kubernetes/common/timescaledb/values.yaml +++ b/kubernetes/common/timescaledb/values.yaml @@ -37,30 +37,45 @@ serviceAccount: roles: - read -podSecurityContext: {} - # fsGroup: 2000 - securityContext: # Uid and gid to run the entrypoint of the container process (uid 70 is postgres user and gid 70 is postgres group) - runAsUser: 70 - runAsGroup: 70 + user_id: 70 + group_id: 70 # capabilities: # drop: # - ALL # readOnlyRootFilesystem: true # runAsNonRoot: true +flavor: small + +#resources: {} +# We usually recommend not to specify default resources and to leave this as a conscious +# choice for the user. This also increases chances charts run on environments with little +# resources, such as Minikube. If you do want to specify resources, uncomment the following +# lines, adjust them as necessary, and remove the curly braces after 'resources:'. +# +# Example: +# Configure resource requests and limits +# ref: http://kubernetes.io/docs/user-guide/compute-resources/ +# Minimum memory for development is 2 CPU cores and 4GB memory +# Minimum memory for production is 4 CPU cores and 8GB memory resources: - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - limits: - cpu: 0.5 - memory: 256Mi - requests: - cpu: 20m - memory: 256Mi + small: + limits: + cpu: 100m + memory: 300Mi + requests: + cpu: 10m + memory: 90Mi + large: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 1 + memory: 2Gi + unlimited: {} nodeSelector: {} diff --git a/kubernetes/contrib/components/awx/components/awx-postgres/requirements.yaml b/kubernetes/contrib/components/awx/components/awx-postgres/requirements.yaml index d6f5f56197..b7c4d1e7f8 100755 --- a/kubernetes/contrib/components/awx/components/awx-postgres/requirements.yaml +++ b/kubernetes/contrib/components/awx/components/awx-postgres/requirements.yaml @@ -19,3 +19,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/contrib/components/awx/components/awx-postgres/templates/deployment.yaml b/kubernetes/contrib/components/awx/components/awx-postgres/templates/deployment.yaml index c0c6b914fb..3b4dad55ec 100755 --- a/kubernetes/contrib/components/awx/components/awx-postgres/templates/deployment.yaml +++ b/kubernetes/contrib/components/awx/components/awx-postgres/templates/deployment.yaml @@ -74,6 +74,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: localtime hostPath: diff --git a/kubernetes/contrib/components/awx/components/awx-postgres/values.yaml b/kubernetes/contrib/components/awx/components/awx-postgres/values.yaml index a7234caceb..4cf03b2482 100755 --- a/kubernetes/contrib/components/awx/components/awx-postgres/values.yaml +++ b/kubernetes/contrib/components/awx/components/awx-postgres/values.yaml @@ -80,3 +80,9 @@ service: externalPort: 5432 resources: {} + +#Pods Service Account +serviceAccount: + nameOverride: awx-postgres + roles: + - read diff --git a/kubernetes/contrib/components/awx/requirements.yaml b/kubernetes/contrib/components/awx/requirements.yaml index b015bd1216..222db3890e 100755 --- a/kubernetes/contrib/components/awx/requirements.yaml +++ b/kubernetes/contrib/components/awx/requirements.yaml @@ -22,3 +22,6 @@ dependencies: - name: awx-postgres version: ~8.x-0 repository: 'file://components/awx-postgres' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/contrib/components/awx/templates/serviceaccout.yaml b/kubernetes/contrib/components/awx/templates/serviceaccount.yaml similarity index 100% rename from kubernetes/contrib/components/awx/templates/serviceaccout.yaml rename to kubernetes/contrib/components/awx/templates/serviceaccount.yaml diff --git a/kubernetes/contrib/components/awx/values.yaml b/kubernetes/contrib/components/awx/values.yaml index 02642fd3fd..0a247c5743 100755 --- a/kubernetes/contrib/components/awx/values.yaml +++ b/kubernetes/contrib/components/awx/values.yaml @@ -109,3 +109,9 @@ service: externalPort: 5672 resources: {} + +#Pods Service Account +serviceAccount: + nameOverride: awx + roles: + - read diff --git a/kubernetes/contrib/components/ejbca/requirements.yaml b/kubernetes/contrib/components/ejbca/requirements.yaml index 8762d969f9..284108c256 100644 --- a/kubernetes/contrib/components/ejbca/requirements.yaml +++ b/kubernetes/contrib/components/ejbca/requirements.yaml @@ -29,3 +29,6 @@ dependencies: - name: cmpv2Config version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/contrib/components/ejbca/templates/deployment.yaml b/kubernetes/contrib/components/ejbca/templates/deployment.yaml index fc163ee2e2..6bd5b259ea 100644 --- a/kubernetes/contrib/components/ejbca/templates/deployment.yaml +++ b/kubernetes/contrib/components/ejbca/templates/deployment.yaml @@ -94,6 +94,7 @@ spec: affinity: {{ toYaml .Values.affinity | nindent 10 }} {{- end }} resources: {{ include "common.resources" . | nindent 10 }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - configMap: name: "{{ include "common.fullname" . }}-config-script" diff --git a/kubernetes/contrib/components/ejbca/values.yaml b/kubernetes/contrib/components/ejbca/values.yaml index 57d1e7848e..52e0e750a0 100644 --- a/kubernetes/contrib/components/ejbca/values.yaml +++ b/kubernetes/contrib/components/ejbca/values.yaml @@ -124,3 +124,9 @@ resources: cpu: 20m memory: 1Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: ejbca + roles: + - read diff --git a/kubernetes/contrib/components/netbox/components/netbox-app/requirements.yaml b/kubernetes/contrib/components/netbox/components/netbox-app/requirements.yaml index 50ff87c18b..1b6f2d7c93 100755 --- a/kubernetes/contrib/components/netbox/components/netbox-app/requirements.yaml +++ b/kubernetes/contrib/components/netbox/components/netbox-app/requirements.yaml @@ -19,3 +19,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/contrib/components/netbox/components/netbox-app/templates/deployment.yaml b/kubernetes/contrib/components/netbox/components/netbox-app/templates/deployment.yaml index f1209cdb56..302166fcd6 100755 --- a/kubernetes/contrib/components/netbox/components/netbox-app/templates/deployment.yaml +++ b/kubernetes/contrib/components/netbox/components/netbox-app/templates/deployment.yaml @@ -138,6 +138,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: localtime hostPath: diff --git a/kubernetes/contrib/components/netbox/components/netbox-app/values.yaml b/kubernetes/contrib/components/netbox/components/netbox-app/values.yaml index 92f97c2620..27cd811ec1 100755 --- a/kubernetes/contrib/components/netbox/components/netbox-app/values.yaml +++ b/kubernetes/contrib/components/netbox/components/netbox-app/values.yaml @@ -112,3 +112,9 @@ readiness: periodSeconds: 10 resources: {} + +#Pods Service Account +serviceAccount: + nameOverride: netbox-app + roles: + - read diff --git a/kubernetes/contrib/components/netbox/components/netbox-nginx/requirements.yaml b/kubernetes/contrib/components/netbox/components/netbox-nginx/requirements.yaml index 50ff87c18b..1b6f2d7c93 100755 --- a/kubernetes/contrib/components/netbox/components/netbox-nginx/requirements.yaml +++ b/kubernetes/contrib/components/netbox/components/netbox-nginx/requirements.yaml @@ -19,3 +19,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/contrib/components/netbox/components/netbox-nginx/templates/deployment.yaml b/kubernetes/contrib/components/netbox/components/netbox-nginx/templates/deployment.yaml index 7bdf46f252..2d115f74bf 100755 --- a/kubernetes/contrib/components/netbox/components/netbox-nginx/templates/deployment.yaml +++ b/kubernetes/contrib/components/netbox/components/netbox-nginx/templates/deployment.yaml @@ -61,6 +61,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: localtime hostPath: diff --git a/kubernetes/contrib/components/netbox/components/netbox-nginx/values.yaml b/kubernetes/contrib/components/netbox/components/netbox-nginx/values.yaml index de131d30d0..a7d0dadbf1 100755 --- a/kubernetes/contrib/components/netbox/components/netbox-nginx/values.yaml +++ b/kubernetes/contrib/components/netbox/components/netbox-nginx/values.yaml @@ -81,3 +81,9 @@ service: nodePort: 20 resources: {} + +#Pods Service Account +serviceAccount: + nameOverride: netbox-nginx + roles: + - read diff --git a/kubernetes/contrib/components/netbox/components/netbox-postgres/requirements.yaml b/kubernetes/contrib/components/netbox/components/netbox-postgres/requirements.yaml index 50ff87c18b..1b6f2d7c93 100755 --- a/kubernetes/contrib/components/netbox/components/netbox-postgres/requirements.yaml +++ b/kubernetes/contrib/components/netbox/components/netbox-postgres/requirements.yaml @@ -19,3 +19,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/contrib/components/netbox/components/netbox-postgres/templates/deployment.yaml b/kubernetes/contrib/components/netbox/components/netbox-postgres/templates/deployment.yaml index 2caddeba49..8e05524fd1 100755 --- a/kubernetes/contrib/components/netbox/components/netbox-postgres/templates/deployment.yaml +++ b/kubernetes/contrib/components/netbox/components/netbox-postgres/templates/deployment.yaml @@ -64,6 +64,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: localtime hostPath: diff --git a/kubernetes/contrib/components/netbox/components/netbox-postgres/values.yaml b/kubernetes/contrib/components/netbox/components/netbox-postgres/values.yaml index 572e23d53c..7e0a324aa1 100755 --- a/kubernetes/contrib/components/netbox/components/netbox-postgres/values.yaml +++ b/kubernetes/contrib/components/netbox/components/netbox-postgres/values.yaml @@ -80,3 +80,9 @@ service: externalPort: 5432 resources: {} + +#Pods Service Account +serviceAccount: + nameOverride: netbox-postgres + roles: + - read diff --git a/kubernetes/cps/components/cps-core/requirements.yaml b/kubernetes/cps/components/cps-core/requirements.yaml index d6b6712852..c42e72a232 100644 --- a/kubernetes/cps/components/cps-core/requirements.yaml +++ b/kubernetes/cps/components/cps-core/requirements.yaml @@ -19,6 +19,12 @@ dependencies: - name: postgres version: ~8.x-0 repository: '@local' + condition: global.postgres.localCluster + - name: postgres-init + version: ~8.x-0 + repository: '@local' + condition: not global.postgres.localCluster + #condition: global.postgres.postgresInit - name: readinessCheck version: ~8.x-0 repository: '@local' diff --git a/kubernetes/cps/components/cps-core/resources/config/application-helm.yml b/kubernetes/cps/components/cps-core/resources/config/application-helm.yml index 0bc7d5bccb..8f904efeae 100644 --- a/kubernetes/cps/components/cps-core/resources/config/application-helm.yml +++ b/kubernetes/cps/components/cps-core/resources/config/application-helm.yml @@ -2,6 +2,7 @@ # Copyright (C) 2021 Pantheon.tech # Modifications Copyright (C) 2020 Bell Canada. # Modifications Copyright (C) 2021 Nordix Foundation. +# Modifications Copyright (C) 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,7 +19,11 @@ spring: datasource: +{{- if .Values.global.postgres.localCluster }} url: jdbc:postgresql://{{ .Values.postgres.service.name2 }}:5432/{{ .Values.postgres.config.pgDatabase }} +{{- else }} + url: jdbc:postgresql://{{ .Values.global.postgres.service.name2 }}:5432/{{ .Values.postgres.config.pgDatabase }} +{{- end }} username: ${DB_USERNAME} password: ${DB_PASSWORD} driverClassName: org.postgresql.Driver diff --git a/kubernetes/cps/components/cps-core/values.yaml b/kubernetes/cps/components/cps-core/values.yaml index 4f788e7977..55d9fcde66 100644 --- a/kubernetes/cps/components/cps-core/values.yaml +++ b/kubernetes/cps/components/cps-core/values.yaml @@ -52,6 +52,16 @@ global: ingress: virtualhost: baseurl: "simpledemo.onap.org" + #Service Names of the postgres db to connect to. + #Override it to cps-postgres if localCluster is enabled. + postgres: + localCluster: false + service: + name: pgset + name2: tcp-pgset-primary + name3: tcp-pgset-replica + container: + name: postgres image: onap/cps-and-ncmp:2.0.0 containerPort: &svc_port 8080 @@ -206,9 +216,21 @@ postgres: pgUserExternalSecret: *pgUserCredsSecretName pgRootPasswordExternalSecret: *pgRootPassSecretName +postgres-init: + nameOverride: cps-postgres-init + config: + pgUserName: cps + pgDatabase: cpsdb + pgDataPath: data + pgUserExternalSecret: *pgUserCredsSecretName + + # pgPrimaryPassword: password + # pgUserPassword: password + # pgRootPassword: password + readinessCheck: wait_for: - - *postgresName + - '{{ ternary .Values.postgres.service.name "postgres" .Values.global.postgres.localCluster }}' minReadySeconds: 10 updateStrategy: diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl index 6be03de27b..dd0bf4bd48 100644 --- a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl +++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl @@ -432,6 +432,7 @@ spec: {{- end }} {{- end }} hostname: {{ include "common.name" . }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - configMap: defaultMode: 420 diff --git a/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/requirements.yaml index c6804b76b4..e267e8931a 100644 --- a/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/requirements.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/requirements.yaml @@ -27,4 +27,7 @@ dependencies: repository: '@local' - name: dcaegen2-services-common version: ~8.x-0 - repository: '@local' \ No newline at end of file + repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/values.yaml b/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/values.yaml index 9815bf7ed6..572e812cf3 100644 --- a/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/values.yaml @@ -199,3 +199,9 @@ resources: cpu: 2 memory: 2Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: dcae-bbs-eventprocessor-ms + roles: + - read diff --git a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/requirements.yaml index 9f1600ead3..540013e1db 100644 --- a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/requirements.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/requirements.yaml @@ -30,4 +30,7 @@ dependencies: repository: '@local' - name: dcaegen2-services-common version: ~8.x-0 - repository: '@local' \ No newline at end of file + repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml index be7620733b..2342470877 100644 --- a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml @@ -148,7 +148,7 @@ applicationConfig: drFeedConfig: - feedName: bulk_pm_feed owner: dcaecm - feedVersion: 0.0 + feedVersion: "0.0" asprClassification: unclassified feedDescription: DFC Feed Creation @@ -184,3 +184,9 @@ resources: cpu: 1 memory: 1Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: dcae-datafile-collector + roles: + - read diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/requirements.yaml index 8e53236787..6412c80d48 100644 --- a/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/requirements.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/requirements.yaml @@ -28,3 +28,6 @@ dependencies: - name: dcaegen2-services-common version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/values.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/values.yaml index faff44cc56..0553b52265 100644 --- a/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/values.yaml @@ -116,3 +116,9 @@ resources: cpu: 2 memory: 2Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: dcae-datalake-admin-ui + roles: + - read diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-des/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-des/requirements.yaml index 34fe22ee16..e0ac99dc5c 100644 --- a/kubernetes/dcaegen2-services/components/dcae-datalake-des/requirements.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-datalake-des/requirements.yaml @@ -28,4 +28,6 @@ dependencies: - name: dcaegen2-services-common version: ~8.x-0 repository: '@local' - + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-des/values.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-des/values.yaml index bc5fe3b88c..9373e8256a 100644 --- a/kubernetes/dcaegen2-services/components/dcae-datalake-des/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-datalake-des/values.yaml @@ -146,3 +146,9 @@ resources: cpu: 2 memory: 2Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: dcae-datalake-des + roles: + - read diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/requirements.yaml index 5ef187132e..fded2cee84 100644 --- a/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/requirements.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/requirements.yaml @@ -31,4 +31,6 @@ dependencies: - name: dcaegen2-services-common version: ~8.x-0 repository: '@local' - + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/values.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/values.yaml index 56017b7e5c..2452dc8a18 100644 --- a/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/values.yaml @@ -173,3 +173,9 @@ postgres: pgUserName: datalake pgDatabase: datalake pgUserExternalSecret: *pgUserCredsSecretName + +#Pods Service Account +serviceAccount: + nameOverride: dcae-datalake-feeder + roles: + - read diff --git a/kubernetes/dcaegen2-services/components/dcae-heartbeat/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-heartbeat/requirements.yaml index 680c0d6711..ebfdcdb08c 100644 --- a/kubernetes/dcaegen2-services/components/dcae-heartbeat/requirements.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-heartbeat/requirements.yaml @@ -30,4 +30,7 @@ dependencies: repository: '@local' - name: dcaegen2-services-common version: ~8.x-0 - repository: '@local' \ No newline at end of file + repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml b/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml index 8847f298e8..bbf815d658 100644 --- a/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml @@ -190,3 +190,9 @@ postgres: pgUserName: heartbeat pgDatabase: heartbeat pgUserExternalSecret: *pgUserCredsSecretName + +#Pods Service Account +serviceAccount: + nameOverride: dcae-heartbeat + roles: + - read diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/requirements.yaml index d45745404d..9a2dc1aa29 100644 --- a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/requirements.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/requirements.yaml @@ -30,3 +30,6 @@ dependencies: - name: certManagerCertificate version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml index 07b10614a8..650ec03920 100644 --- a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml @@ -199,3 +199,9 @@ resources: cpu: 2 memory: 2Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: dcae-hv-ves-collector + roles: + - read diff --git a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-kpi-ms/requirements.yaml index 6b37d363b6..4239867c35 100644 --- a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/requirements.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-kpi-ms/requirements.yaml @@ -28,5 +28,6 @@ dependencies: - name: dcaegen2-services-common version: ~8.x-0 repository: '@local' - - + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml b/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml index 802c830005..5d8c6d59eb 100644 --- a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml @@ -159,3 +159,9 @@ resources: cpu: 2 memory: 2Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: dcae-kpi-ms + roles: + - read diff --git a/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/requirements.yaml index 0697ceb1d6..3762a2acea 100644 --- a/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/requirements.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/requirements.yaml @@ -23,3 +23,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/values.yaml index aa6af35c5e..8ec60a7bd1 100644 --- a/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/values.yaml @@ -65,3 +65,8 @@ resources: memory: 2Gi unlimited: {} +#Pods Service Account +serviceAccount: + nameOverride: dcae-ms-healthcheck + roles: + - read diff --git a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/requirements.yaml index 5e1b36e493..c39c2092ed 100644 --- a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/requirements.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/requirements.yaml @@ -27,4 +27,7 @@ dependencies: repository: '@local' - name: dcaegen2-services-common version: ~8.x-0 - repository: 'file://../../common/dcaegen2-services-common' \ No newline at end of file + repository: 'file://../../common/dcaegen2-services-common' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml index 0dff427f49..caae1c319e 100644 --- a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml @@ -160,7 +160,7 @@ applicationConfig: drFeedConfig: - feedName: bulk_pm_feed owner: dcaecm - feedVersion: 0.0 + feedVersion: "0.0" asprClassification: unclassified feedDescription: DFC Feed Creation @@ -216,3 +216,9 @@ resources: cpu: 2 memory: 2Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: dcae-pm-mapper + roles: + - read diff --git a/kubernetes/dcaegen2-services/components/dcae-pmsh/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-pmsh/requirements.yaml index 4dfc837bf8..44c366438c 100644 --- a/kubernetes/dcaegen2-services/components/dcae-pmsh/requirements.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-pmsh/requirements.yaml @@ -31,3 +31,6 @@ dependencies: - name: dcaegen2-services-common version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml b/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml index 512bd2643a..b9005f01b8 100644 --- a/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml @@ -192,4 +192,10 @@ postgres: config: pgUserName: pmsh pgDatabase: pmsh - pgUserExternalSecret: *pgUserCredsSecretName \ No newline at end of file + pgUserExternalSecret: *pgUserCredsSecretName + +#Pods Service Account +serviceAccount: + nameOverride: dcae-pmsh + roles: + - read diff --git a/kubernetes/dcaegen2-services/components/dcae-prh/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-prh/requirements.yaml index 80e79fe28e..37ffafe9ce 100644 --- a/kubernetes/dcaegen2-services/components/dcae-prh/requirements.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-prh/requirements.yaml @@ -26,3 +26,6 @@ dependencies: - name: dcaegen2-services-common version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml b/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml index c7d4c1d82f..a7f62912b1 100644 --- a/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml @@ -168,3 +168,9 @@ resources: cpu: 2 memory: 2Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: dcae-prh + roles: + - read diff --git a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-restconf-collector/requirements.yaml index c6804b76b4..e267e8931a 100644 --- a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/requirements.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-restconf-collector/requirements.yaml @@ -27,4 +27,7 @@ dependencies: repository: '@local' - name: dcaegen2-services-common version: ~8.x-0 - repository: '@local' \ No newline at end of file + repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml index 789a807d63..ad29e33a90 100644 --- a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml @@ -159,3 +159,9 @@ resources: cpu: 2 memory: 2Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: dcae-restconf-collector + roles: + - read diff --git a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/requirements.yaml index 9cab8e92e6..c6ccf13b56 100644 --- a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/requirements.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/requirements.yaml @@ -31,4 +31,6 @@ dependencies: - name: dcaegen2-services-common version: ~8.x-0 repository: '@local' - + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml index 5974d80e81..3300306668 100644 --- a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml @@ -210,3 +210,9 @@ postgres: pgUserName: sliceanalysisms pgDatabase: sliceanalysisms pgUserExternalSecret: *pgUserCredsSecretName + +#Pods Service Account +serviceAccount: + nameOverride: dcae-slice-analysis-ms + roles: + - read diff --git a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/requirements.yaml index c6804b76b4..e267e8931a 100644 --- a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/requirements.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/requirements.yaml @@ -27,4 +27,7 @@ dependencies: repository: '@local' - name: dcaegen2-services-common version: ~8.x-0 - repository: '@local' \ No newline at end of file + repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/values.yaml index 60295b972a..266da24f7a 100644 --- a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/values.yaml @@ -145,3 +145,9 @@ resources: cpu: 2 memory: 2Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: dcae-snmptrap-collector + roles: + - read diff --git a/kubernetes/dcaegen2-services/components/dcae-son-handler/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-son-handler/requirements.yaml index 3f52d6fce8..907f8f3d26 100644 --- a/kubernetes/dcaegen2-services/components/dcae-son-handler/requirements.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-son-handler/requirements.yaml @@ -31,3 +31,6 @@ dependencies: - name: dcaegen2-services-common version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml b/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml index a0ab079e1d..420814f6c2 100644 --- a/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml @@ -242,3 +242,9 @@ postgres: pgUserName: sonhms pgDatabase: sonhms pgUserExternalSecret: *pgUserCredsSecretName + +#Pods Service Account +serviceAccount: + nameOverride: dcae-son-handler + roles: + - read diff --git a/kubernetes/dcaegen2-services/components/dcae-tcagen2/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-tcagen2/requirements.yaml index 02a2a674c3..b1d9fb2332 100644 --- a/kubernetes/dcaegen2-services/components/dcae-tcagen2/requirements.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-tcagen2/requirements.yaml @@ -26,3 +26,9 @@ dependencies: - name: dcaegen2-services-common version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml b/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml index 778f6c94ed..e7707dcdb0 100644 --- a/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml @@ -162,3 +162,9 @@ resources: cpu: 2 memory: 2Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: dcae-tcagen2 + roles: + - read diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-collector/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-collector/requirements.yaml index d45745404d..9a2dc1aa29 100644 --- a/kubernetes/dcaegen2-services/components/dcae-ves-collector/requirements.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-ves-collector/requirements.yaml @@ -30,3 +30,6 @@ dependencies: - name: certManagerCertificate version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml index bfea92aeb9..f863ff8641 100644 --- a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml @@ -200,3 +200,9 @@ resources: cpu: 2 memory: 2Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: dcae-ves-collector + roles: + - read diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-mapper/requirements.yaml index c6804b76b4..e267e8931a 100644 --- a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/requirements.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-ves-mapper/requirements.yaml @@ -27,4 +27,7 @@ dependencies: repository: '@local' - name: dcaegen2-services-common version: ~8.x-0 - repository: '@local' \ No newline at end of file + repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-mapper/values.yaml index 7bde2e99fb..a7186a4d98 100644 --- a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-ves-mapper/values.yaml @@ -189,3 +189,9 @@ resources: cpu: 2 memory: 2Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: dcae-ves-mapper + roles: + - read diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/requirements.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/requirements.yaml index 353f4eaccb..b6eeb5bb45 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/requirements.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/requirements.yaml @@ -32,3 +32,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml index d95883ab09..4addb2b863 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml @@ -136,6 +136,7 @@ spec: value: {{ .Values.dcae_ns | default "" }} - name: ONAP_NAMESPACE value: {{ include "common.namespace" . }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: {{ include "common.fullname" . }}-dcae-inputs-input configMap: diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml index f3e6c29d53..b012ee4942 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml @@ -137,3 +137,9 @@ resources: # Kubernetes namespace for components deployed via Cloudify manager # If empty, use the common namespace # dcae_ns: "onap" + +#Pods Service Account +serviceAccount: + nameOverride: dcae-bootstrap + roles: + - read diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/requirements.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/requirements.yaml index 413f997905..877839e40a 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/requirements.yaml +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/requirements.yaml @@ -24,3 +24,6 @@ dependencies: - name: cmpv2Config version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml index 204a3e27d7..f5fc9cac30 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml @@ -169,6 +169,7 @@ spec: readOnly: true securityContext: privileged: True + serviceAccountName: {{ include "common.fullname" (dict "suffix" "create" "dot" . )}} volumes: - name: {{ include "common.fullname" . }}-config configMap: diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml index e6567d9ac2..17ba5ec71e 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml @@ -127,3 +127,10 @@ persistence: mountPath: /dockerdata-nfs mountSubPath: dcae-cm/data volumeReclaimPolicy: Retain + +#Pods Service Account +serviceAccount: + nameOverride: dcae-cloudify-manager + roles: + - create + diff --git a/kubernetes/dcaegen2/components/dcae-config-binding-service/requirements.yaml b/kubernetes/dcaegen2/components/dcae-config-binding-service/requirements.yaml index be5f059ed9..f2c5b021ba 100644 --- a/kubernetes/dcaegen2/components/dcae-config-binding-service/requirements.yaml +++ b/kubernetes/dcaegen2/components/dcae-config-binding-service/requirements.yaml @@ -20,3 +20,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml index 65d0b36927..c7e1d70030 100644 --- a/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml @@ -167,6 +167,7 @@ spec: - name: {{ include "common.fullname" . }}-logs-i mountPath: /var/log/onap/config-binding-service {{ end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: {{ include "common.fullname" . }}-fb-conf configMap: diff --git a/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml b/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml index 1d421427c3..719e73f43c 100644 --- a/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml @@ -91,3 +91,9 @@ resources: # Kubernetes namespace for components deployed via Cloudify manager # If empty, use the common namespace # dcae_ns: "dcae" + +#Pods Service Account +serviceAccount: + nameOverride: dcae-config-binding-service + roles: + - read diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/requirements.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/requirements.yaml index 2fe847961d..8759678489 100644 --- a/kubernetes/dcaegen2/components/dcae-dashboard/requirements.yaml +++ b/kubernetes/dcaegen2/components/dcae-dashboard/requirements.yaml @@ -22,3 +22,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml index e93f8d8fb9..dbb6c67580 100644 --- a/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml @@ -161,6 +161,7 @@ spec: - mountPath: /usr/share/filebeat/filebeat.yml name: filebeat-conf subPath: filebeat.yml + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - emptyDir: {} name: component-log diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml index 6640f78e9a..a083b519d6 100644 --- a/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml @@ -119,3 +119,9 @@ resources: # Kubernetes namespace for components deployed via Cloudify manager # If empty, use the common namespace # dcae_ns: "dcae" + +#Pods Service Account +serviceAccount: + nameOverride: dcae-dashboard + roles: + - read diff --git a/kubernetes/dcaegen2/components/dcae-deployment-handler/requirements.yaml b/kubernetes/dcaegen2/components/dcae-deployment-handler/requirements.yaml index f19e4127c8..78bcd76a6d 100644 --- a/kubernetes/dcaegen2/components/dcae-deployment-handler/requirements.yaml +++ b/kubernetes/dcaegen2/components/dcae-deployment-handler/requirements.yaml @@ -20,3 +20,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml index 1b39dc6e2f..1ad42e02b2 100755 --- a/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml @@ -154,6 +154,7 @@ spec: - mountPath: /usr/share/filebeat/filebeat.yml name: filebeat-conf subPath: filebeat.yml + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - emptyDir: {} name: component-log diff --git a/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml b/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml index fc4d07d39d..3435462c1d 100644 --- a/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml @@ -91,3 +91,8 @@ resources: # Kubernetes namespace for components deployed via Cloudify manager # If empty, use the common namespace # dcae_ns: "dcae" + +serviceAccount: + nameOverride: dcae-deployment-handler + roles: + - read diff --git a/kubernetes/dcaegen2/components/dcae-healthcheck/requirements.yaml b/kubernetes/dcaegen2/components/dcae-healthcheck/requirements.yaml index 0697ceb1d6..3762a2acea 100644 --- a/kubernetes/dcaegen2/components/dcae-healthcheck/requirements.yaml +++ b/kubernetes/dcaegen2/components/dcae-healthcheck/requirements.yaml @@ -23,3 +23,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/dcaegen2/components/dcae-healthcheck/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-healthcheck/templates/deployment.yaml index 9514f41b86..641dfdf926 100644 --- a/kubernetes/dcaegen2/components/dcae-healthcheck/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-healthcheck/templates/deployment.yaml @@ -74,6 +74,7 @@ spec: value: {{ include "common.release" . }} - name: DEPLOY_LABEL value: cfydeployment + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: {{ include "common.fullname" . }}-expected-components configMap: diff --git a/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml b/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml index 221e579943..1c6cff0657 100644 --- a/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml @@ -67,3 +67,8 @@ resources: # If empty, use the common namespace # dcae_ns: "onap" +#Pods Service Account +serviceAccount: + nameOverride: dcae-healthcheck + roles: + - read diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/requirements.yaml b/kubernetes/dcaegen2/components/dcae-inventory-api/requirements.yaml index 63ac56cca4..32d8b5b035 100644 --- a/kubernetes/dcaegen2/components/dcae-inventory-api/requirements.yaml +++ b/kubernetes/dcaegen2/components/dcae-inventory-api/requirements.yaml @@ -23,3 +23,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml index d25d63c361..7c3746a0a3 100644 --- a/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml @@ -152,6 +152,7 @@ spec: - mountPath: /usr/share/filebeat/filebeat.yml name: filebeat-conf subPath: filebeat.yml + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - emptyDir: {} name: component-log diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml b/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml index 1bc13efc55..fe39269c27 100644 --- a/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml @@ -110,3 +110,9 @@ resources: # Kubernetes namespace for components deployed via Cloudify manager # If empty, use the common namespace # dcae_ns: "dcae" + +#Pods Service Account +serviceAccount: + nameOverride: dcae-inventory-api + roles: + - read diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/requirements.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/requirements.yaml index f19e4127c8..78bcd76a6d 100644 --- a/kubernetes/dcaegen2/components/dcae-policy-handler/requirements.yaml +++ b/kubernetes/dcaegen2/components/dcae-policy-handler/requirements.yaml @@ -20,3 +20,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml index 916c5f673f..b8c24355e6 100644 --- a/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml @@ -145,6 +145,7 @@ spec: - mountPath: /usr/share/filebeat/filebeat.yml name: filebeat-conf subPath: filebeat.yml + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - emptyDir: {} name: component-log diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml index 8f6a1a7da9..00ce47b451 100644 --- a/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml @@ -92,3 +92,9 @@ resources: # Kubernetes namespace for components deployed via Cloudify manager # If empty, use the common namespace # dcae_ns: "dcae" + +#Pods Service Account +serviceAccount: + nameOverride: dcae-policy-handler + roles: + - read diff --git a/kubernetes/dcaegen2/components/dcae-servicechange-handler/requirements.yaml b/kubernetes/dcaegen2/components/dcae-servicechange-handler/requirements.yaml index be5f059ed9..f2c5b021ba 100644 --- a/kubernetes/dcaegen2/components/dcae-servicechange-handler/requirements.yaml +++ b/kubernetes/dcaegen2/components/dcae-servicechange-handler/requirements.yaml @@ -20,3 +20,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/dcaegen2/components/dcae-servicechange-handler/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-servicechange-handler/templates/deployment.yaml index 7c55628f25..6c4e695228 100644 --- a/kubernetes/dcaegen2/components/dcae-servicechange-handler/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-servicechange-handler/templates/deployment.yaml @@ -106,6 +106,7 @@ spec: value: "/opt/cert/cacert.pem" - name: SCH_ARGS value: "prod /opt/config.json" + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: {{ include "common.fullname" . }}-sch-config configMap: diff --git a/kubernetes/dcaegen2/components/dcae-servicechange-handler/values.yaml b/kubernetes/dcaegen2/components/dcae-servicechange-handler/values.yaml index c363626666..8686db49ba 100644 --- a/kubernetes/dcaegen2/components/dcae-servicechange-handler/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-servicechange-handler/values.yaml @@ -85,4 +85,10 @@ resources: unlimited: {} # Kubernetes namespace for components deployed via Cloudify manager # If empty, use the common namespace -# dcae_ns: "dcae" \ No newline at end of file +# dcae_ns: "dcae" + +#Pods Service Account +serviceAccount: + nameOverride: dcae-servicechange-handler + roles: + - read diff --git a/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/requirements.yaml b/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/requirements.yaml index 16f38f80a8..9a3009ddec 100644 --- a/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/requirements.yaml +++ b/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/requirements.yaml @@ -24,3 +24,6 @@ dependencies: - name: readinessCheck version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/templates/deployment.yaml index f2826a77a0..1c6e3593ac 100644 --- a/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/templates/deployment.yaml @@ -52,6 +52,7 @@ spec: volumeMounts: - name: schema-map mountPath: {{ .Values.schemaMap.directory }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: schema-map configMap: diff --git a/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/values.yaml b/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/values.yaml index 2209feb729..873579ee97 100644 --- a/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/values.yaml @@ -64,4 +64,10 @@ resources: requests: cpu: 1 memory: 1Gi - unlimited: {} \ No newline at end of file + unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: dcae-ves-openapi-manager + roles: + - read diff --git a/kubernetes/dcaegen2/values.yaml b/kubernetes/dcaegen2/values.yaml index f82b410e1b..17b077b987 100644 --- a/kubernetes/dcaegen2/values.yaml +++ b/kubernetes/dcaegen2/values.yaml @@ -68,4 +68,4 @@ dcae-policy-handler: dcae-servicechange-handler: enabled: true dcae-ves-openapi-manager: - enabled: true \ No newline at end of file + enabled: true diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/requirements.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/requirements.yaml index 65867f50af..3c25c94388 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/requirements.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/requirements.yaml @@ -23,7 +23,10 @@ dependencies: version: ~8.x-0 repository: '@local' - name: mariadb-galera - alias: mariadb + version: ~8.x-0 + repository: '@local' + condition: global.mariadbGalera.localCluster + - name: mariadb-init version: ~8.x-0 repository: '@local' - name: certInitializer diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties index a7472383e2..18ab41982a 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties +++ b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties @@ -42,7 +42,7 @@ org.onap.dmaap.datarouter.provserver.isaddressauthenabled = false # Database access org.onap.dmaap.datarouter.db.driver = org.mariadb.jdbc.Driver -org.onap.dmaap.datarouter.db.url = jdbc:mariadb://{{.Values.config.dmaapDrDb.mariadbServiceName}}:{{.Values.config.dmaapDrDb.mariadbServicePort}}/{{.Values.mariadb.db.name}} +org.onap.dmaap.datarouter.db.url = jdbc:mariadb://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{index .Values "mariadb-galera" "db" "name"}} org.onap.dmaap.datarouter.db.login = ${DB_USERNAME} org.onap.dmaap.datarouter.db.password = ${DB_PASSWORD} diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml index 61678961cc..a3051eee5d 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml @@ -42,8 +42,8 @@ spec: command: - /app/ready.py args: - - --container-name - - {{ .Values.config.dmaapDrDb.mariadbContName }} + - --job-name + - {{ include "common.release" . }}-dmaap-dr-mariadb-init-config-job env: - name: NAMESPACE valueFrom: @@ -81,9 +81,9 @@ spec: periodSeconds: {{ .Values.readiness.periodSeconds }} env: - name: DB_USERNAME - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-dr-db-user-secret" "key" "login") | indent 12 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-dr-db-user-credentials" "key" "login") | indent 12 }} - name: DB_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-dr-db-user-secret" "key" "password") | indent 12 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-dr-db-user-credentials" "key" "password") | indent 12 }} volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - mountPath: /etc/localtime name: localtime diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml index 7564ccfc78..cf25468fe1 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml @@ -19,17 +19,23 @@ global: nodePortPrefix: 302 loggingDirectory: /opt/app/datartr/logs persistence: {} + mariadbGalera: &mariadbGalera + #This flag allows DMAAP-DR to instantiate its own mariadb-galera cluster + localCluster: false + service: mariadb-galera + internalPort: 3306 + nameOverride: mariadb-galera ################################################################# # Secrets metaconfig ################################################################# secrets: - - uid: dmaap-dr-db-user-secret - name: &dbSecretName '{{ include "common.release" . }}-dmaap-dr-db-user-secret' + - name: &dbUserSecretName '{{ include "common.release" . }}-dmaap-dr-db-user-credentials' + uid: 'dmaap-dr-db-user-credentials' type: basicAuth - externalSecret: '{{ tpl (default "" .Values.config.dmaapDrDb.userCredentialsExternalSecret) . }}' - login: '{{ .Values.config.dmaapDrDb.userName }}' - password: '{{ .Values.config.dmaapDrDb.userPassword }}' + externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "db" "externalSecret")) .) (hasSuffix "dmaap-dr-db-user-credentials" (index .Values "mariadb-galera" "db" "externalSecret"))}}' + login: '{{ index .Values "mariadb-galera" "db" "user" }}' + password: '{{ index .Values "mariadb-galera" "db" "password" }}' ################################################################# # Application configuration defaults. @@ -92,31 +98,29 @@ config: # and supports the following log levels: TRACE, DEBUG, INFO, WARN, ERROR, OFF logLevel: "INFO" - # dr-prov db configuration - dmaapDrDb: - mariadbServiceName: dmaap-dr-db - mariadbServicePort: 3306 - mariadbContName: &dmaap-dr-db dmaap-dr-db - userName: datarouter -# userPassword: password -# userCredentialsExternalSecret: some secret - # mariadb-galera configuration -mariadb: - name: *dmaap-dr-db - nameOverride: *dmaap-dr-db +mariadb-galera: + nameOverride: &dbServer dmaap-dr-db replicaCount: 1 db: - externalSecret: *dbSecretName - name: datarouter + name: &mysqlDbName datarouter + user: datarouter + # password: + externalSecret: *dbUserSecretName service: - name: dmaap-dr-db + name: *dbServer nfsprovisionerPrefix: dmaap-dr-db persistence: size: 1Gi mountSubPath: data-router/dr-db-data serviceAccount: - nameOverride: *dmaap-dr-db + nameOverride: *dbServer + +mariadb-init: + config: + userCredentialsExternalSecret: *dbUserSecretName + mysqlDatabase: *mysqlDbName + nameOverride: dmaap-dr-mariadb-init ################################################################# # AAF part diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/requirements.yaml b/kubernetes/holmes/components/holmes-engine-mgmt/requirements.yaml index 9366bd1e2b..ab839d0a5c 100644 --- a/kubernetes/holmes/components/holmes-engine-mgmt/requirements.yaml +++ b/kubernetes/holmes/components/holmes-engine-mgmt/requirements.yaml @@ -22,3 +22,6 @@ dependencies: - name: certInitializer version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/templates/deployment.yaml b/kubernetes/holmes/components/holmes-engine-mgmt/templates/deployment.yaml index fae06da475..45c268c6b6 100644 --- a/kubernetes/holmes/components/holmes-engine-mgmt/templates/deployment.yaml +++ b/kubernetes/holmes/components/holmes-engine-mgmt/templates/deployment.yaml @@ -115,6 +115,7 @@ spec: value: {{ .Values.config.pgConfig.dbHost }} - name: DB_PORT value: "{{ .Values.config.pgConfig.dbPort }}" + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: {{ include "common.fullname" . }}-config configMap: diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml b/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml index bbdc3e09cd..1bdf35da21 100644 --- a/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml +++ b/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml @@ -128,3 +128,9 @@ resources: cpu: 250m memory: 1Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: holmes-engine-mgmt + roles: + - read diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/requirements.yaml b/kubernetes/holmes/components/holmes-rule-mgmt/requirements.yaml index 9366bd1e2b..ab839d0a5c 100644 --- a/kubernetes/holmes/components/holmes-rule-mgmt/requirements.yaml +++ b/kubernetes/holmes/components/holmes-rule-mgmt/requirements.yaml @@ -22,3 +22,6 @@ dependencies: - name: certInitializer version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/templates/deployment.yaml b/kubernetes/holmes/components/holmes-rule-mgmt/templates/deployment.yaml index e03c6cbb9c..d757b75d68 100644 --- a/kubernetes/holmes/components/holmes-rule-mgmt/templates/deployment.yaml +++ b/kubernetes/holmes/components/holmes-rule-mgmt/templates/deployment.yaml @@ -114,6 +114,7 @@ spec: value: {{ .Values.config.pgConfig.dbHost }} - name: DB_PORT value: "{{ .Values.config.pgConfig.dbPort }}" + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: {{ include "common.fullname" . }}-config configMap: diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml b/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml index 4f4849a5a4..6261b4ebd7 100644 --- a/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml +++ b/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml @@ -132,3 +132,9 @@ resources: cpu: 500m memory: 2Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: holmes-rule-mgmt + roles: + - read diff --git a/kubernetes/modeling/components/modeling-etsicatalog/requirements.yaml b/kubernetes/modeling/components/modeling-etsicatalog/requirements.yaml index b9e4a44df1..6070b0c468 100644 --- a/kubernetes/modeling/components/modeling-etsicatalog/requirements.yaml +++ b/kubernetes/modeling/components/modeling-etsicatalog/requirements.yaml @@ -30,3 +30,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/modeling/components/modeling-etsicatalog/templates/deployment.yaml b/kubernetes/modeling/components/modeling-etsicatalog/templates/deployment.yaml index 1a303ff7aa..8e28071ba6 100644 --- a/kubernetes/modeling/components/modeling-etsicatalog/templates/deployment.yaml +++ b/kubernetes/modeling/components/modeling-etsicatalog/templates/deployment.yaml @@ -138,7 +138,7 @@ spec: mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-data-filebeat mountPath: /usr/share/filebeat/data - + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: {{ include "common.fullname" . }}-etsicatalog {{- if .Values.persistence.enabled }} diff --git a/kubernetes/modeling/components/modeling-etsicatalog/values.yaml b/kubernetes/modeling/components/modeling-etsicatalog/values.yaml index 1672b6d3df..3af4bae554 100644 --- a/kubernetes/modeling/components/modeling-etsicatalog/values.yaml +++ b/kubernetes/modeling/components/modeling-etsicatalog/values.yaml @@ -177,3 +177,9 @@ resources: cpu: 200m memory: 500Mi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: modeling-etsicatalog + roles: + - read diff --git a/kubernetes/msb/components/msb-eag/values.yaml b/kubernetes/msb/components/msb-eag/values.yaml index ef36b13742..5faae36fb0 100644 --- a/kubernetes/msb/components/msb-eag/values.yaml +++ b/kubernetes/msb/components/msb-eag/values.yaml @@ -52,7 +52,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/msb/msb_apigateway:1.3.0 +image: onap/msb/msb_apigateway:1.3.1 pullPolicy: Always istioSidecar: true diff --git a/kubernetes/msb/components/msb-iag/values.yaml b/kubernetes/msb/components/msb-iag/values.yaml index 4610232e7b..9b9f805802 100644 --- a/kubernetes/msb/components/msb-iag/values.yaml +++ b/kubernetes/msb/components/msb-iag/values.yaml @@ -52,7 +52,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/msb/msb_apigateway:1.3.0 +image: onap/msb/msb_apigateway:1.3.1 pullPolicy: Always istioSidecar: true diff --git a/kubernetes/multicloud/components/multicloud-k8s/values.yaml b/kubernetes/multicloud/components/multicloud-k8s/values.yaml index ec3b9567c3..30319683a2 100644 --- a/kubernetes/multicloud/components/multicloud-k8s/values.yaml +++ b/kubernetes/multicloud/components/multicloud-k8s/values.yaml @@ -24,7 +24,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/multicloud/k8s:0.9.0 +image: onap/multicloud/k8s:0.9.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/onap/requirements.yaml b/kubernetes/onap/requirements.yaml index 61d4314be4..0a1e769921 100755 --- a/kubernetes/onap/requirements.yaml +++ b/kubernetes/onap/requirements.yaml @@ -1,6 +1,7 @@ # Copyright © 2019 Amdocs, Bell Canada # Copyright (c) 2020 Nordix Foundation, Modifications # Modifications Copyright © 2020 Nokia +# Modifications Copyright © 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -110,6 +111,10 @@ dependencies: version: ~8.x-0 repository: '@local' condition: portal.enabled + - name: postgres + version: ~8.x-0 + repository: '@local' + condition: postgres.enabled - name: oof version: ~8.x-0 repository: '@local' @@ -169,3 +174,7 @@ dependencies: version: ~8.x-0 repository: '@local' condition: roles-wrapper.enabled + - name: timescaledb + version: ~8.x-0 + repository: '@local' + condition: timescaledb.enabled diff --git a/kubernetes/onap/resources/overrides/onap-all.yaml b/kubernetes/onap/resources/overrides/onap-all.yaml index 91e0157aea..229717a990 100644 --- a/kubernetes/onap/resources/overrides/onap-all.yaml +++ b/kubernetes/onap/resources/overrides/onap-all.yaml @@ -1,6 +1,7 @@ # Copyright © 2019 Amdocs, Bell Canada # Copyright (c) 2020 Nordix Foundation, Modifications # Modifications Copyright © 2020 Nokia +# Modifications Copyright © 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -24,6 +25,8 @@ cassandra: enabled: true mariadb-galera: enabled: true +postgres: + enabled: true aaf: enabled: true aai: diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml index 63461d9c83..fb402143c6 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml @@ -16,7 +16,7 @@ global: # global defaults nodePortPrefix: 302 image: - optf_has: onap/optf-has:2.2.0 + optf_has: onap/optf-has:2.2.1 ################################################################# # secrets metaconfig diff --git a/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml index 9e799e1045..aa5b8fca2e 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml @@ -14,7 +14,7 @@ global: image: - optf_has: onap/optf-has:2.2.0 + optf_has: onap/optf-has:2.2.1 ################################################################# # Secrets metaconfig diff --git a/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml index 915ffc019f..666818da73 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml @@ -14,7 +14,7 @@ global: image: - optf_has: onap/optf-has:2.2.0 + optf_has: onap/optf-has:2.2.1 ################################################################# # secrets metaconfig diff --git a/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml index 915ffc019f..666818da73 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml @@ -14,7 +14,7 @@ global: image: - optf_has: onap/optf-has:2.2.0 + optf_has: onap/optf-has:2.2.1 ################################################################# # secrets metaconfig diff --git a/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml index 915ffc019f..666818da73 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml @@ -14,7 +14,7 @@ global: image: - optf_has: onap/optf-has:2.2.0 + optf_has: onap/optf-has:2.2.1 ################################################################# # secrets metaconfig diff --git a/kubernetes/oof/components/oof-has/values.yaml b/kubernetes/oof/components/oof-has/values.yaml index 9a8b60574e..248d3afd57 100755 --- a/kubernetes/oof/components/oof-has/values.yaml +++ b/kubernetes/oof/components/oof-has/values.yaml @@ -19,7 +19,7 @@ global: commonConfigPrefix: onap-oof-has image: - optf_has: onap/optf-has:2.2.0 + optf_has: onap/optf-has:2.2.1 persistence: enabled: true diff --git a/kubernetes/oof/resources/config/conf/osdf_config.yaml b/kubernetes/oof/resources/config/conf/osdf_config.yaml index aff63428eb..441a77ab5a 100755 --- a/kubernetes/oof/resources/config/conf/osdf_config.yaml +++ b/kubernetes/oof/resources/config/conf/osdf_config.yaml @@ -43,11 +43,18 @@ aaf_sms_timeout: {{ .Values.config.aaf_sms_timeout }} secret_domain: {{ .Values.config.secret_domain }} aaf_ca_certs: {{ .Values.config.aaf_ca_certs }} +configClientType: {{ .Values.config.configClientType }} + # config db api configDbUrl: {{ .Values.config.configDbUrl }} configDbGetCellListUrl: {{ .Values.config.configDbGetCellListUrl }} configDbGetNbrListUrl: {{ .Values.config.configDbGetNbrListUrl }} +# cps api +cpsUrl: {{ .Values.config.cps.Url }} +cpsCellListUrl: {{ .Values.config.cps.cellListUrl }} +cpsNbrListUrl: {{ .Values.config.cps.nbrListUrl }} + # AAI api aaiUrl: {{ .Values.config.aaiUrl }} aaiGetLinksUrl: {{ .Values.config.aaiGetLinksUrl }} diff --git a/kubernetes/oof/templates/deployment.yaml b/kubernetes/oof/templates/deployment.yaml index 2b1eeba747..0b19678e1f 100644 --- a/kubernetes/oof/templates/deployment.yaml +++ b/kubernetes/oof/templates/deployment.yaml @@ -82,7 +82,7 @@ spec: - | grep -v '^$' /opt/osdf/osaaf/local/org.onap.oof.crt > /tmp/oof.crt cat /tmp/oof.crt /opt/app/ssl_cert/intermediate_root_ca.pem /opt/app/ssl_cert/aaf_root_ca.cer >> /opt/osdf/org.onap.oof.crt - ./osdfapp.sh -x osdfapp.py + python osdfapp.py ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger diff --git a/kubernetes/oof/values.yaml b/kubernetes/oof/values.yaml index c7400e860f..64c3e0ad29 100644 --- a/kubernetes/oof/values.yaml +++ b/kubernetes/oof/values.yaml @@ -35,7 +35,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/optf-osdf:3.0.4 +image: onap/optf-osdf:3.0.6 pullPolicy: Always # flag to enable debugging - application support required @@ -83,10 +83,17 @@ config: aaf_sms_timeout: 30 secret_domain: osdf aaf_ca_certs: /opt/app/ssl_cert/aaf_root_ca.cer + configClientType: cps # config db api configDbUrl: http://configdb:8080 configDbGetCellListUrl: 'api/sdnc-config-db/v3/getCellList' configDbGetNbrListUrl: 'api/sdnc-config-db/v3/getNbrList' + # cps api + cps: + url: cps-tbdmt:8080/execute + cellListUrl: 'ran-network/getCellList' + nbrListUrl: 'ran-network/getNbrList' + #aai api aaiUrl: https://aai:8443 aaiGetLinksUrl: /aai/v16/network/logical-links diff --git a/kubernetes/platform/components/oom-cert-service/values.yaml b/kubernetes/platform/components/oom-cert-service/values.yaml index fbd545c12e..6cabde79da 100644 --- a/kubernetes/platform/components/oom-cert-service/values.yaml +++ b/kubernetes/platform/components/oom-cert-service/values.yaml @@ -79,7 +79,7 @@ tls: selfsigning: name: &selfSigningIssuer cmpv2-selfsigning-issuer ca: - name: &caIssuer cmpv2-ca-issuer + name: &caIssuer cmpv2-issuer-onap secret: name: &caKeyPairSecret cmpv2-ca-key-pair server: diff --git a/kubernetes/policy/components/policy-clamp-cl-runtime/Chart.yaml b/kubernetes/policy/components/policy-clamp-cl-runtime/Chart.yaml new file mode 100644 index 0000000000..b7c44d7c3b --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-cl-runtime/Chart.yaml @@ -0,0 +1,22 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +apiVersion: v1 +description: ONAP Policy Clamp Controlloop Runtime +name: policy-clamp-cl-runtime +version: 8.0.0 diff --git a/kubernetes/policy/components/policy-clamp-cl-runtime/requirements.yaml b/kubernetes/policy/components/policy-clamp-cl-runtime/requirements.yaml new file mode 100644 index 0000000000..7878f91d48 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-cl-runtime/requirements.yaml @@ -0,0 +1,31 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +dependencies: + - name: common + version: ~8.x-0 + repository: '@local' + - name: certInitializer + version: ~8.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~8.x-0 + repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/policy/components/policy-clamp-cl-runtime/resources/config/clRuntimeParameters.yaml b/kubernetes/policy/components/policy-clamp-cl-runtime/resources/config/clRuntimeParameters.yaml new file mode 100644 index 0000000000..250e91213c --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-cl-runtime/resources/config/clRuntimeParameters.yaml @@ -0,0 +1,79 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +spring: + security: + user: + name: ${RUNTIME_USER} + password: ${RUNTIME_PASSWORD} + http: + converters: + preferred-json-mapper: gson + +security: + enable-csrf: false + +server: + port: 6969 + servlet: + context-path: /onap/controlloop + error: + path: /error + + +runtime: + supervisionScannerIntervalSec: 1000 + participantClUpdateIntervalSec: 1000 + participantClStateChangeIntervalSec: 1000 + participantParameters: + heartBeatMs: 120000 + maxMessageAgeMs: 600000 + maxStatusWaitMs: 100000 + updateParameters: + maxRetryCount: 3 + maxWaitMs: 100000 + databaseProviderParameters: + name: PolicyProviderParameterGroup + implementation: org.onap.policy.models.provider.impl.DatabasePolicyModelsProviderImpl + databaseDriver: org.mariadb.jdbc.Driver + databaseUrl: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/controlloop + databaseUser: ${SQL_USER} + databasePassword: ${SQL_PASSWORD} + persistenceUnit: CommissioningMariaDb + topicParameterGroup: + topicSources: + - + topic: POLICY-CLRUNTIME-PARTICIPANT + servers: + - ${topicServer:message-router} + topicCommInfrastructure: dmaap + useHttps: true + fetchTimeout: 15000 + topicSinks: + - + topic: POLICY-CLRUNTIME-PARTICIPANT + servers: + - ${topicServer:message-router} + topicCommInfrastructure: dmaap + useHttps: true + +management: + endpoints: + web: + exposure: + include: health, metrics, prometheus diff --git a/kubernetes/policy/components/policy-clamp-cl-runtime/resources/config/logback.xml b/kubernetes/policy/components/policy-clamp-cl-runtime/resources/config/logback.xml new file mode 100644 index 0000000000..43cea65306 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-cl-runtime/resources/config/logback.xml @@ -0,0 +1,103 @@ + + + + + + /var/log/onap/policy/pap/error.log + + /var/log/onap/policy/policy-clamp-cl-runtime/error.%d{yyyy-MM-dd}.%i.log.zip + + 50MB + 30 + 10GB + + + WARN + + + [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n + + + + + + + + + /var/log/onap/policy/pap/debug.log + + /var/log/onap/policy/policy-clamp-cl-runtime/debug.%d{yyyy-MM-dd}.%i.log.zip + + 50MB + 30 + 10GB + + + [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n + + + + + + + + + /var/log/onap/policy/policy-clamp-cl-runtime/network.log + + /var/log/onap/policy/policy-clamp-cl-runtime/network.%d{yyyy-MM-dd}.%i.log.zip + + 50MB + 30 + 10GB + + + [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n + + + + + + + + + + [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/kubernetes/policy/components/policy-clamp-cl-runtime/templates/configmap.yaml b/kubernetes/policy/components/policy-clamp-cl-runtime/templates/configmap.yaml new file mode 100644 index 0000000000..66c096d439 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-cl-runtime/templates/configmap.yaml @@ -0,0 +1,38 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +{{- with .Files.Glob "resources/config/*store" }} +binaryData: +{{- range $path, $bytes := . }} + {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }} +{{- end }} +{{- end }} +data: +{{ tpl (.Files.Glob "resources/config/*.{json,xml,yaml}").AsConfig . | indent 2 }} diff --git a/kubernetes/policy/components/policy-clamp-cl-runtime/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-cl-runtime/templates/deployment.yaml new file mode 100644 index 0000000000..92e5c9e6c8 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-cl-runtime/templates/deployment.yaml @@ -0,0 +1,131 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ .Values.replicaCount }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + initContainers: + - command: + - /app/ready.py + args: + - --job-name + - {{ include "common.release" . }}-policy-galera-config + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: {{ include "repositoryGenerator.image.readiness" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-readiness + - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: SQL_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} + - name: SQL_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} + - name: RUNTIME_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-secret" "key" "login") | indent 10 }} + - name: RUNTIME_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-secret" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /config-input + name: cl-runtime-config + - mountPath: /config + name: cl-runtime-config-processed + image: {{ include "repositoryGenerator.image.envsubst" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config +{{ include "common.certInitializer.initContainer" . | indent 6 }} + containers: + - name: {{ include "common.name" . }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} +{{- if .Values.global.aafEnabled }} + command: ["sh","-c"] + args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\ + /opt/app/policy/clamp/bin/controlloop-runtime.sh /opt/app/policy/clamp/etc/mounted/clRuntimeParameters.yaml"] +{{- else }} + command: ["/opt/app/policy/clamp/bin/controlloop-runtime.sh"] + args: ["/opt/app/policy/clamp/etc/mounted/clRuntimeParameters.yaml"] + env: + - name: KEYSTORE_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }} + - name: TRUSTSTORE_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }} +{{- end }} + ports: {{ include "common.containerPorts" . | nindent 12 }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.liveness.port }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + tcpSocket: + port: {{ .Values.readiness.port }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + volumeMounts: +{{ include "common.certInitializer.volumeMount" . | indent 10 }} + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/policy/clamp/etc/mounted + name: cl-runtime-config-processed + resources: +{{ include "common.resources" . }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} + volumes: +{{ include "common.certInitializer.volumes" . | indent 8 }} + - name: localtime + hostPath: + path: /etc/localtime + - name: cl-runtime-config + configMap: + name: {{ include "common.fullname" . }}-configmap + defaultMode: 0755 + - name: cl-runtime-config-processed + emptyDir: + medium: Memory + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/components/policy-clamp-cl-runtime/templates/secrets.yaml b/kubernetes/policy/components/policy-clamp-cl-runtime/templates/secrets.yaml new file mode 100644 index 0000000000..abbfa3fdba --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-cl-runtime/templates/secrets.yaml @@ -0,0 +1,21 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/policy/components/policy-clamp-cl-runtime/templates/service.yaml b/kubernetes/policy/components/policy-clamp-cl-runtime/templates/service.yaml new file mode 100644 index 0000000000..be2449f890 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-cl-runtime/templates/service.yaml @@ -0,0 +1,21 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +{{ include "common.service" . }} diff --git a/kubernetes/policy/components/policy-clamp-cl-runtime/values.yaml b/kubernetes/policy/components/policy-clamp-cl-runtime/values.yaml new file mode 100644 index 0000000000..4cf9e67c99 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-cl-runtime/values.yaml @@ -0,0 +1,154 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefixExt: 304 + persistence: {} + aafEnabled: true + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}' + login: '{{ .Values.db.user }}' + password: '{{ .Values.db.password }}' + passwordPolicy: required + - uid: keystore-password + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.keyStorePassword }}' + passwordPolicy: required + - uid: truststore-password + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.trustStorePassword }}' + passwordPolicy: required + - uid: runtime-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.appUserExternalSecret) . }}' + login: '{{ .Values.config.policyAppUserName }}' + password: '{{ .Values.config.policyAppUserPassword }}' + passwordPolicy: required + +certStores: + keyStorePassword: Pol1cy_0nap + trustStorePassword: Pol1cy_0nap + +certInitializer: + nameOverride: policy-clamp-cl-runtime-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: policy + fqi: policy@policy.onap.org + public_fqdn: policy.onap.org + cadi_latitude: "0.0" + cadi_longitude: "0.0" + credsPath: /opt/app/osaaf/local + app_ns: org.osaaf.aaf + uid: 100 + gid: 101 + aaf_add_config: > + echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci; + echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci; + chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }}); + + +################################################################# +# Application configuration defaults. +################################################################# +# application image +image: onap/policy-clamp-cl-runtime:6.1.2 +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +# application configuration +config: + policyAppUserName: runtimeUser + policyAppUserPassword: none + +db: + user: policy_user + password: policy_user + service: + name: policy-mariadb + internalPort: 3306 + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 20 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + port: http-api + +readiness: + initialDelaySeconds: 20 + periodSeconds: 10 + port: http-api + +service: + type: ClusterIP + name: policy-clamp-cl-runtime + useNodePortExt: true + ports: + - name: http-api + port: 6969 + nodePort: 42 + +ingress: + enabled: false + +flavor: small +resources: + small: + limits: + cpu: 1 + memory: 4Gi + requests: + cpu: 100m + memory: 1Gi + large: + limits: + cpu: 2 + memory: 8Gi + requests: + cpu: 200m + memory: 2Gi + unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: policy-clamp-cl-runtime + roles: + - read diff --git a/kubernetes/policy/components/policy-gui/Chart.yaml b/kubernetes/policy/components/policy-gui/Chart.yaml new file mode 100644 index 0000000000..58ece9943c --- /dev/null +++ b/kubernetes/policy/components/policy-gui/Chart.yaml @@ -0,0 +1,22 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +apiVersion: v1 +description: ONAP Policy GUI +name: policy-gui +version: 8.0.0 diff --git a/kubernetes/policy/components/policy-gui/requirements.yaml b/kubernetes/policy/components/policy-gui/requirements.yaml new file mode 100644 index 0000000000..c9b17cbd06 --- /dev/null +++ b/kubernetes/policy/components/policy-gui/requirements.yaml @@ -0,0 +1,28 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +dependencies: + - name: certInitializer + version: ~8.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~8.x-0 + repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/policy/components/policy-gui/resources/config/default.conf b/kubernetes/policy/components/policy-gui/resources/config/default.conf new file mode 100644 index 0000000000..98417cd822 --- /dev/null +++ b/kubernetes/policy/components/policy-gui/resources/config/default.conf @@ -0,0 +1,32 @@ +server { + + listen 2443 default ssl; + ssl_protocols TLSv1.2; + {{ if .Values.global.aafEnabled }} + ssl_certificate {{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.clamp_pem}}; + ssl_certificate_key {{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.clamp_key}}; + {{ else }} + ssl_certificate /etc/ssl/clamp.pem; + ssl_certificate_key /etc/ssl/clamp.key; + {{ end }} + + ssl_verify_client optional_no_ca; + absolute_redirect off; + + location / { + root /usr/share/nginx/html; + index index.html index.htm; + try_files $uri $uri/ =404; + } + + location /clamp/restservices/clds/ { + proxy_pass https://policy-clamp-be:8443/restservices/clds/; + proxy_set_header X-SSL-Cert $ssl_client_escaped_cert; + } + + location = /50x.html { + root /var/lib/nginx/html; + } + error_page 500 502 503 504 /50x.html; + error_log /var/log/nginx/error.log warn; +} diff --git a/kubernetes/policy/components/policy-gui/resources/config/log/filebeat/filebeat.yml b/kubernetes/policy/components/policy-gui/resources/config/log/filebeat/filebeat.yml new file mode 100644 index 0000000000..0b3951726b --- /dev/null +++ b/kubernetes/policy/components/policy-gui/resources/config/log/filebeat/filebeat.yml @@ -0,0 +1,59 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} +filebeat.prospectors: +#it is mandatory, in our case it's log +- input_type: log + #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory. + paths: + - /var/log/onap/*/*/*/*.log + - /var/log/onap/*/*/*.log + - /var/log/onap/*/*.log + #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive + ignore_older: 48h + # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit + clean_inactive: 96h + +# Name of the registry file. If a relative path is used, it is considered relative to the +# data path. Else full qualified file name. +#filebeat.registry_file: ${path.data}/registry + + +output.logstash: + #List of logstash server ip addresses with port number. + #But, in our case, this will be the loadbalancer IP address. + #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately. + hosts: ["{{.Values.config.log.logstashServiceName}}:{{.Values.config.log.logstashPort}}"] + #If enable will do load balancing among availabe Logstash, automatically. + loadbalance: true + + #The list of root certificates for server verifications. + #If certificate_authorities is empty or not set, the trusted + #certificate authorities of the host system are used. + #ssl.certificate_authorities: $ssl.certificate_authorities + + #The path to the certificate for SSL client authentication. If the certificate is not specified, + #client authentication is not available. + #ssl.certificate: $ssl.certificate + + #The client certificate key used for client authentication. + #ssl.key: $ssl.key + + #The passphrase used to decrypt an encrypted key stored in the configured key file + #ssl.key_passphrase: $ssl.key_passphrase diff --git a/kubernetes/policy/components/policy-gui/templates/NOTES.txt b/kubernetes/policy/components/policy-gui/templates/NOTES.txt new file mode 100644 index 0000000000..e44f333e11 --- /dev/null +++ b/kubernetes/policy/components/policy-gui/templates/NOTES.txt @@ -0,0 +1,38 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range .Values.ingress.hosts }} + http://{{ . }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.service.externalPort }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit https://127.0.0.1:8443 to use your application" + kubectl port-forward $POD_NAME 8443:{{ .Values.service.internalPort }} +{{- end }} diff --git a/kubernetes/policy/components/policy-gui/templates/configmap.yaml b/kubernetes/policy/components/policy-gui/templates/configmap.yaml new file mode 100644 index 0000000000..4f600882e9 --- /dev/null +++ b/kubernetes/policy/components/policy-gui/templates/configmap.yaml @@ -0,0 +1,34 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} + +{{ include "common.log.configMap" . }} diff --git a/kubernetes/policy/components/policy-gui/templates/deployment.yaml b/kubernetes/policy/components/policy-gui/templates/deployment.yaml new file mode 100644 index 0000000000..b67fa273de --- /dev/null +++ b/kubernetes/policy/components/policy-gui/templates/deployment.yaml @@ -0,0 +1,109 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ include "common.name" . }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} + spec: + initContainers: + - command: + - /app/ready.py + args: + - --container-name + - policy-clamp-be + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: {{ include "repositoryGenerator.image.readiness" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-readiness +{{ include "common.certInitializer.initContainer" . | nindent 6 }} + containers: + # side car containers + {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.sidecar" . | nindent 8 }}{{ end }} + # main container + - name: {{ include "common.name" . }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + ports: + - containerPort: {{ .Values.service.internalPort }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} + - name: logs + mountPath: {{ .Values.log.path }} + - mountPath: /etc/nginx/conf.d/default.conf + name: {{ include "common.fullname" . }}-config + subPath: default.conf + resources: +{{ include "common.resources" . | indent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} + volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} + - name: {{ include "common.fullname" . }}-config + configMap: + name: {{ include "common.fullname" . }} + items: + - key: default.conf + path: default.conf + - name: logs + emptyDir: {} + {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.volumes" . | nindent 8 }}{{ end }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/components/policy-gui/templates/ingress.yaml b/kubernetes/policy/components/policy-gui/templates/ingress.yaml new file mode 100644 index 0000000000..e3dd7cb0f6 --- /dev/null +++ b/kubernetes/policy/components/policy-gui/templates/ingress.yaml @@ -0,0 +1,21 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +{{ include "common.ingress" . }} diff --git a/kubernetes/policy/components/policy-gui/templates/secrets.yaml b/kubernetes/policy/components/policy-gui/templates/secrets.yaml new file mode 100644 index 0000000000..2af7fae2d9 --- /dev/null +++ b/kubernetes/policy/components/policy-gui/templates/secrets.yaml @@ -0,0 +1,21 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/policy/components/policy-gui/templates/service.yaml b/kubernetes/policy/components/policy-gui/templates/service.yaml new file mode 100644 index 0000000000..44e66b8680 --- /dev/null +++ b/kubernetes/policy/components/policy-gui/templates/service.yaml @@ -0,0 +1,46 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.service.name }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + {{- end}} + selector: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} +--- diff --git a/kubernetes/policy/components/policy-gui/values.yaml b/kubernetes/policy/components/policy-gui/values.yaml new file mode 100644 index 0000000000..460a83d9b2 --- /dev/null +++ b/kubernetes/policy/components/policy-gui/values.yaml @@ -0,0 +1,156 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +################################################################# +# Global configuration defaults. +################################################################# +global: # global defaults + nodePortPrefix: 304 + centralizedLoggingEnabled: true + #AAF service + aafEnabled: true + +################################################################# +# AAF part +################################################################# +certInitializer: + permission_user: 1000 + permission_group: 999 + addconfig: true + keystoreFile: "org.onap.clamp.p12" + truststoreFile: "org.onap.clamp.trust.jks" + keyFile: "org.onap.clamp.keyfile" + truststoreFileONAP: "truststoreONAPall.jks" + clamp_key: "clamp.key" + clamp_pem: "clamp.pem" + clamp_ca_certs_pem: "clamp-ca-certs.pem" + nameOverride: policy-gui-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: clamp + fqi: clamp@clamp.onap.org + public_fqdn: clamp.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + aaf_add_config: > + cd {{ .Values.credsPath }}; + openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }}; + openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }}; + openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }}; + chmod a+rx *; + +subChartsOnly: + enabled: true + +flavor: small + +# application image +image: onap/policy-gui:2.1.0 +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +# log configuration +log: + path: /var/log/nginx/ + +################################################################# +# Application configuration defaults. +################################################################# +config: + log: + logstashServiceName: log-ls + logstashPort: 5044 + dataRootDir: /dockerdata-nfs + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 120 + periodSeconds: 10 + timeoutSeconds: 3 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 3 + +service: + type: NodePort + name: policy-gui + portName: policy-gui + internalPort: 2443 + nodePort: 43 + + # see https://wiki.onap.org/display/DW/OOM+NodePort+List + +ingress: + enabled: false + service: + - baseaddr: "policygui.api" + name: "policygui" + port: 2443 + config: + ssl: "redirect" + +#resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # + # Example: + # Configure resource requests and limits + # ref: http://kubernetes.io/docs/user-guide/compute-resources/ + # Minimum memory for development is 2 CPU cores and 4GB memory + # Minimum memory for production is 4 CPU cores and 8GB memory +resources: + small: + limits: + cpu: 1 + memory: 200Mi + requests: + cpu: 1m + memory: 50Mi + large: + limits: + cpu: 1 + memory: 500Mi + requests: + cpu: 10m + memory: 50Mi + unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: policy-gui + roles: + - read diff --git a/kubernetes/policy/requirements.yaml b/kubernetes/policy/requirements.yaml index 1bf1053689..0ba1535346 100755 --- a/kubernetes/policy/requirements.yaml +++ b/kubernetes/policy/requirements.yaml @@ -1,5 +1,6 @@ # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018, 2020 AT&T +# Modifications Copyright (C) 2021 Nordix Foundation. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -60,6 +61,14 @@ dependencies: version: ~8.x-0 repository: 'file://components/policy-clamp-cl-k8s-ppnt' condition: policy-clamp-cl-k8s-ppnt.enabled + - name: policy-clamp-cl-runtime + version: ~8.x-0 + repository: 'file://components/policy-clamp-cl-runtime' + condition: policy-clamp-cl-runtime.enabled + - name: policy-gui + version: ~8.x-0 + repository: 'file://components/policy-gui' + condition: policy-gui.enabled - name: repositoryGenerator version: ~8.x-0 repository: '@local' diff --git a/kubernetes/policy/resources/config/db.sh b/kubernetes/policy/resources/config/db.sh index 7b9437217d..787ec0adbe 100755 --- a/kubernetes/policy/resources/config/db.sh +++ b/kubernetes/policy/resources/config/db.sh @@ -2,6 +2,7 @@ {{/* # Copyright © 2017 Amdocs, Bell Canada, AT&T # Modifications Copyright © 2018, 2020 AT&T Intellectual Property +# Modifications Copyright (C) 2021 Nordix Foundation. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,7 +19,7 @@ mysql() { /usr/bin/mysql -h ${MYSQL_HOST} -P ${MYSQL_USER} "$@"; }; -for db in migration pooling policyadmin policyclamp operationshistory +for db in migration pooling policyadmin policyclamp operationshistory controlloop do mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "CREATE DATABASE IF NOT EXISTS ${db};" mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "GRANT ALL PRIVILEGES ON \`${db}\`.* TO '${MYSQL_USER}'@'%' ;" diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml index fba2d04fed..29603690b8 100755 --- a/kubernetes/policy/values.yaml +++ b/kubernetes/policy/values.yaml @@ -45,6 +45,13 @@ secrets: login: '{{ index .Values "mariadb-galera" "db" "user" }}' password: '{{ index .Values "mariadb-galera" "db" "password" }}' passwordPolicy: generate + - uid: policy-app-user-creds + name: &policyAppCredsSecret '{{ include "common.release" . }}-policy-app-user-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.policyAppUserExternalSecret) . }}' + login: '{{ .Values.config.policyAppUserName }}' + password: '{{ .Values.config.policyAppUserPassword }}' + passwordPolicy: generate db: &dbSecretsHook credsExternalSecret: *dbSecretName @@ -70,12 +77,21 @@ policy-distribution: policy-clamp-be: enabled: true db: *dbSecretsHook + config: + appUserExternalSecret: *policyAppCredsSecret policy-clamp-fe: enabled: true policy-clamp-cl-k8s-ppnt: enabled: true policy-nexus: enabled: false +policy-clamp-cl-runtime: + enabled: true + db: *dbSecretsHook + config: + appUserExternalSecret: *policyAppCredsSecret +policy-gui: + enabled: true ################################################################# # DB configuration defaults. @@ -117,6 +133,10 @@ readiness: initialDelaySeconds: 10 periodSeconds: 10 + +config: + policyAppUserName: runtimeUser + mariadb-galera: # mariadb-galera.config and global.mariadb.config must be equals db: diff --git a/kubernetes/sdc/components/sdc-be/values.yaml b/kubernetes/sdc/components/sdc-be/values.yaml index 070583bfc2..d769f628eb 100644 --- a/kubernetes/sdc/components/sdc-be/values.yaml +++ b/kubernetes/sdc/components/sdc-be/values.yaml @@ -35,8 +35,8 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/sdc-backend-all-plugins:1.9.0 -backendInitImage: onap/sdc-backend-init:1.9.0 +image: onap/sdc-backend-all-plugins:1.9.3 +backendInitImage: onap/sdc-backend-init:1.9.3 pullPolicy: Always diff --git a/kubernetes/sdc/components/sdc-cs/values.yaml b/kubernetes/sdc/components/sdc-cs/values.yaml index fed4769202..223e023b28 100644 --- a/kubernetes/sdc/components/sdc-cs/values.yaml +++ b/kubernetes/sdc/components/sdc-cs/values.yaml @@ -38,8 +38,8 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-cassandra:1.9.0 -cassandraInitImage: onap/sdc-cassandra-init:1.9.0 +image: onap/sdc-cassandra:1.9.3 +cassandraInitImage: onap/sdc-cassandra-init:1.9.3 pullPolicy: Always config: diff --git a/kubernetes/sdc/components/sdc-fe/values.yaml b/kubernetes/sdc/components/sdc-fe/values.yaml index e9b2eee8db..d563e80f42 100644 --- a/kubernetes/sdc/components/sdc-fe/values.yaml +++ b/kubernetes/sdc/components/sdc-fe/values.yaml @@ -47,7 +47,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/sdc-frontend:1.9.0 +image: onap/sdc-frontend:1.9.3 pullPolicy: Always config: diff --git a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml index aa7d535db3..1bce6b17af 100644 --- a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml @@ -59,8 +59,8 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/sdc-onboard-backend:1.9.0 -onboardingInitImage: onap/sdc-onboard-cassandra-init:1.9.0 +image: onap/sdc-onboard-backend:1.9.3 +onboardingInitImage: onap/sdc-onboard-cassandra-init:1.9.3 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/components/dmaap-listener/values.yaml b/kubernetes/sdnc/components/dmaap-listener/values.yaml index 0d180ec029..95aba913a3 100644 --- a/kubernetes/sdnc/components/dmaap-listener/values.yaml +++ b/kubernetes/sdnc/components/dmaap-listener/values.yaml @@ -49,7 +49,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/sdnc-dmaap-listener-image:2.1.6 +image: onap/sdnc-dmaap-listener-image:2.2.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/components/sdnc-ansible-server/templates/deployment.yaml b/kubernetes/sdnc/components/sdnc-ansible-server/templates/deployment.yaml index 1f0dbdeced..51263cf410 100644 --- a/kubernetes/sdnc/components/sdnc-ansible-server/templates/deployment.yaml +++ b/kubernetes/sdnc/components/sdnc-ansible-server/templates/deployment.yaml @@ -67,7 +67,7 @@ spec: containers: - name: {{ include "common.name" . }} command: ["/bin/bash"] - args: ["-c", "cd /opt/onap/ccsdk && ./startAnsibleServer.sh"] + args: ["-c", "cd /opt/ansible-server && ./startAnsibleServer.sh"] image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} diff --git a/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml b/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml index 13c53d3fe1..7294dbccc7 100644 --- a/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml +++ b/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml @@ -49,7 +49,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/sdnc-ansible-server-image:2.1.6 +image: onap/sdnc-ansible-server-image:2.2.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/components/sdnc-web/values.yaml b/kubernetes/sdnc/components/sdnc-web/values.yaml index 3d9f86192f..803488b054 100644 --- a/kubernetes/sdnc/components/sdnc-web/values.yaml +++ b/kubernetes/sdnc/components/sdnc-web/values.yaml @@ -23,7 +23,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: "onap/sdnc-web-image:2.1.6" +image: "onap/sdnc-web-image:2.2.0" pullPolicy: Always config: diff --git a/kubernetes/sdnc/components/ueb-listener/values.yaml b/kubernetes/sdnc/components/ueb-listener/values.yaml index c35095c158..b58154fd1a 100644 --- a/kubernetes/sdnc/components/ueb-listener/values.yaml +++ b/kubernetes/sdnc/components/ueb-listener/values.yaml @@ -55,7 +55,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/sdnc-ueb-listener-image:2.1.6 +image: onap/sdnc-ueb-listener-image:2.2.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml index 1c9a422bab..785435a478 100644 --- a/kubernetes/sdnc/values.yaml +++ b/kubernetes/sdnc/values.yaml @@ -206,7 +206,7 @@ certificates: # application images pullPolicy: Always -image: onap/sdnc-image:2.1.6 +image: onap/sdnc-image:2.2.0 # flag to enable debugging - application support required debugEnabled: false diff --git a/kubernetes/so/components/so-bpmn-infra/values.yaml b/kubernetes/so/components/so-bpmn-infra/values.yaml index 405017c400..d4333ef630 100755 --- a/kubernetes/so/components/so-bpmn-infra/values.yaml +++ b/kubernetes/so/components/so-bpmn-infra/values.yaml @@ -63,7 +63,7 @@ secrets: ################################################################# # Application configuration defaults. ################################################################# -image: onap/so/bpmn-infra:1.9.0 +image: onap/so/bpmn-infra:1.9.2 pullPolicy: Always db: diff --git a/kubernetes/so/components/so-catalog-db-adapter/values.yaml b/kubernetes/so/components/so-catalog-db-adapter/values.yaml index c3b615147c..57c4902167 100755 --- a/kubernetes/so/components/so-catalog-db-adapter/values.yaml +++ b/kubernetes/so/components/so-catalog-db-adapter/values.yaml @@ -62,7 +62,7 @@ secrets: ################################################################# # Application configuration defaults. ################################################################# -image: onap/so/catalog-db-adapter:1.9.0 +image: onap/so/catalog-db-adapter:1.9.2 pullPolicy: Always db: diff --git a/kubernetes/so/components/so-cnf-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-cnf-adapter/resources/config/overrides/override.yaml index 922643404c..c99465b690 100755 --- a/kubernetes/so/components/so-cnf-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-cnf-adapter/resources/config/overrides/override.yaml @@ -17,6 +17,7 @@ aai: auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.server.aai.auth ) }} endpoint: https://aai.{{ include "common.namespace" . }}:8443 + enabled: {{ .Values.global.aai.enabled }} logging: path: logs spring: diff --git a/kubernetes/so/components/so-cnf-adapter/values.yaml b/kubernetes/so/components/so-cnf-adapter/values.yaml index f3d53c974c..b7e8dd9098 100755 --- a/kubernetes/so/components/so-cnf-adapter/values.yaml +++ b/kubernetes/so/components/so-cnf-adapter/values.yaml @@ -26,6 +26,8 @@ global: aaf: auth: header: ${AAF_AUTH} + aai: + enabled: true ################################################################# # Secrets metaconfig ################################################################# @@ -74,7 +76,7 @@ secrets: ################################################################# # Application configuration defaults. ################################################################# -image: onap/so/so-cnf-adapter:1.8.3 +image: onap/so/so-cnf-adapter:1.9.1 pullPolicy: Always readinessCheck: diff --git a/kubernetes/so/components/so-openstack-adapter/values.yaml b/kubernetes/so/components/so-openstack-adapter/values.yaml index 82b4061f4b..2ac829592c 100755 --- a/kubernetes/so/components/so-openstack-adapter/values.yaml +++ b/kubernetes/so/components/so-openstack-adapter/values.yaml @@ -58,7 +58,7 @@ secrets: ################################################################# # Application configuration defaults. ################################################################# -image: onap/so/openstack-adapter:1.9.0 +image: onap/so/openstack-adapter:1.9.2 pullPolicy: Always db: diff --git a/kubernetes/so/components/so-request-db-adapter/values.yaml b/kubernetes/so/components/so-request-db-adapter/values.yaml index 9461974a13..d49210fe37 100755 --- a/kubernetes/so/components/so-request-db-adapter/values.yaml +++ b/kubernetes/so/components/so-request-db-adapter/values.yaml @@ -58,7 +58,7 @@ secrets: ################################################################# # Application configuration defaults. ################################################################# -image: onap/so/request-db-adapter:1.9.0 +image: onap/so/request-db-adapter:1.9.2 pullPolicy: Always db: diff --git a/kubernetes/so/components/so-sdc-controller/values.yaml b/kubernetes/so/components/so-sdc-controller/values.yaml index 9151468502..6f9885650d 100755 --- a/kubernetes/so/components/so-sdc-controller/values.yaml +++ b/kubernetes/so/components/so-sdc-controller/values.yaml @@ -58,7 +58,7 @@ secrets: ################################################################# # Application configuration defaults. ################################################################# -image: onap/so/sdc-controller:1.9.0 +image: onap/so/sdc-controller:1.9.2 pullPolicy: Always db: diff --git a/kubernetes/so/components/so-sdnc-adapter/values.yaml b/kubernetes/so/components/so-sdnc-adapter/values.yaml index b5352b09f9..6cb019c378 100755 --- a/kubernetes/so/components/so-sdnc-adapter/values.yaml +++ b/kubernetes/so/components/so-sdnc-adapter/values.yaml @@ -72,7 +72,7 @@ secrets: ################################################################# # Application configuration defaults. ################################################################# -image: onap/so/sdnc-adapter:1.9.0 +image: onap/so/sdnc-adapter:1.9.2 pullPolicy: Always org: diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml index 064415927f..988b8ef585 100755 --- a/kubernetes/so/values.yaml +++ b/kubernetes/so/values.yaml @@ -181,7 +181,7 @@ dbCreds: userName: so_user adminName: so_admin -image: onap/so/api-handler-infra:1.9.0 +image: onap/so/api-handler-infra:1.9.2 server: aaf: diff --git a/kubernetes/uui/components/uui-server/values.yaml b/kubernetes/uui/components/uui-server/values.yaml index 980e462b47..6017f2640e 100644 --- a/kubernetes/uui/components/uui-server/values.yaml +++ b/kubernetes/uui/components/uui-server/values.yaml @@ -25,7 +25,7 @@ flavor: small # application image repository: nexus3.onap.org:10001 -image: onap/usecase-ui-server:4.0.3 +image: onap/usecase-ui-server:4.0.5 pullPolicy: Always # application configuration diff --git a/kubernetes/uui/values.yaml b/kubernetes/uui/values.yaml index ddac84eca3..32b8449240 100644 --- a/kubernetes/uui/values.yaml +++ b/kubernetes/uui/values.yaml @@ -24,7 +24,7 @@ subChartsOnly: flavor: small # application image -image: onap/usecase-ui:4.0.3 +image: onap/usecase-ui:4.0.5 pullPolicy: Always # application configuration diff --git a/kubernetes/vfc/components/vfc-generic-vnfm-driver/values.yaml b/kubernetes/vfc/components/vfc-generic-vnfm-driver/values.yaml index ce52a3b0fe..dcdcef82ba 100644 --- a/kubernetes/vfc/components/vfc-generic-vnfm-driver/values.yaml +++ b/kubernetes/vfc/components/vfc-generic-vnfm-driver/values.yaml @@ -26,7 +26,7 @@ global: # application image flavor: small -image: onap/vfc/gvnfmdriver:1.4.1 +image: onap/vfc/gvnfmdriver:1.4.3 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/vfc/components/vfc-nslcm/templates/deployment.yaml b/kubernetes/vfc/components/vfc-nslcm/templates/deployment.yaml index 40ca646e0f..17d8cc263e 100644 --- a/kubernetes/vfc/components/vfc-nslcm/templates/deployment.yaml +++ b/kubernetes/vfc/components/vfc-nslcm/templates/deployment.yaml @@ -42,7 +42,7 @@ spec: - /app/ready.py args: - --container-name - - {{ .Values.config.mariadbService }} + - '{{ ternary (index .Values "mariadb-galera" "nameOverride") .Values.global.mariadbGalera.service .Values.global.mariadbGalera.localCluster }}' env: - name: NAMESPACE valueFrom: @@ -83,7 +83,7 @@ spec: - name: SSL_ENABLED value: "{{ .Values.global.config.ssl_enabled }}" - name: MYSQL_ADDR - value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}" + value: '{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}' - name: MYSQL_ROOT_USER value: "{{ .Values.global.config.mariadb_admin }}" - name: MYSQL_ROOT_PASSWORD diff --git a/kubernetes/vfc/components/vfc-nslcm/values.yaml b/kubernetes/vfc/components/vfc-nslcm/values.yaml index 5854a370a2..be7820006c 100644 --- a/kubernetes/vfc/components/vfc-nslcm/values.yaml +++ b/kubernetes/vfc/components/vfc-nslcm/values.yaml @@ -19,15 +19,20 @@ global: nodePortPrefix: 302 config: ssl_enabled: false + mariadbGalera: + localCluster: false + service: mariadb-galera + internalPort: 3306 + nameOverride: mariadb-galera ################################################################# # Secrets metaconfig ################################################################# secrets: - - uid: "db-root-pass" - externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}' + - uid: db-root-pass + externalSecret: '{{ ternary (index .Values "mariadb-galera" "rootUser" "externalSecret") (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (default "mariadb-galera" .Values.global.mariadbGalera.nameOverride))) .Values.global.mariadbGalera.localCluster }}' type: password - password: '{{ .Values.config.mariadbRootPassword }}' + password: '{{ index .Values "mariadb-galera" "rootUser" "password" }}' policy: required ################################################################# @@ -36,7 +41,7 @@ secrets: # application image flavor: small -image: onap/vfc/nslcm:1.4.3 +image: onap/vfc/nslcm:1.4.4 pullPolicy: Always #Istio sidecar injection policy @@ -45,13 +50,11 @@ istioSidecar: true # flag to enable debugging - application support required debugEnabled: false -# application configuration -config: - mariadbService: vfc-mariadb - mariadbPort: 3306 - mariadbRootPassword: secretpassword - # mariadbRootPasswordExternalSecret: some secret - +# Local mariadb galera instance default name +mariadb-galera: + rootUser: + externalSecret: '{{ include "common.release" . }}-vfc-db-root-pass' + nameOverride: vfc-mariadb # default number of instances replicaCount: 1 diff --git a/kubernetes/vfc/components/vfc-redis/values.yaml b/kubernetes/vfc/components/vfc-redis/values.yaml index 6ea05d72a6..0bbb395938 100644 --- a/kubernetes/vfc/components/vfc-redis/values.yaml +++ b/kubernetes/vfc/components/vfc-redis/values.yaml @@ -24,7 +24,7 @@ global: # application image flavor: small -image: onap/vfc/db:1.3.4 +image: onap/vfc/db:1.3.5 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/vfc/components/vfc-vnflcm/templates/deployment.yaml b/kubernetes/vfc/components/vfc-vnflcm/templates/deployment.yaml index b93d7af02b..75968b2ffe 100644 --- a/kubernetes/vfc/components/vfc-vnflcm/templates/deployment.yaml +++ b/kubernetes/vfc/components/vfc-vnflcm/templates/deployment.yaml @@ -42,7 +42,7 @@ spec: - /app/ready.py args: - --container-name - - {{ .Values.config.mariadbService }} + - '{{ ternary (index .Values "mariadb-galera" "nameOverride") .Values.global.mariadbGalera.service .Values.global.mariadbGalera.localCluster }}' env: - name: NAMESPACE valueFrom: @@ -58,7 +58,7 @@ spec: - sh args: - -c - - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh' + - 'MYSQL_AUTH=${MYSQL_ROOT_USER}:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh' image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: @@ -83,7 +83,7 @@ spec: - name: SSL_ENABLED value: "{{ .Values.global.config.ssl_enabled }}" - name: MYSQL_ADDR - value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}" + value: '{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}' - name: MYSQL_ROOT_USER value: "{{ .Values.global.config.mariadb_admin }}" - name: MYSQL_ROOT_PASSWORD diff --git a/kubernetes/vfc/components/vfc-vnflcm/values.yaml b/kubernetes/vfc/components/vfc-vnflcm/values.yaml index acdf006992..9098b4468b 100644 --- a/kubernetes/vfc/components/vfc-vnflcm/values.yaml +++ b/kubernetes/vfc/components/vfc-vnflcm/values.yaml @@ -19,15 +19,20 @@ global: nodePortPrefix: 302 config: ssl_enabled: false + mariadbGalera: + localCluster: false + service: mariadb-galera + internalPort: 3306 + nameOverride: mariadb-galera ################################################################# # Secrets metaconfig ################################################################# secrets: - - uid: "db-root-pass" - externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}' + - uid: db-root-pass + externalSecret: '{{ ternary (index .Values "mariadb-galera" "rootUser" "externalSecret") (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (default "mariadb-galera" .Values.global.mariadbGalera.nameOverride))) .Values.global.mariadbGalera.localCluster }}' type: password - password: '{{ .Values.config.mariadbRootPassword }}' + password: '{{ index .Values "mariadb-galera" "rootUser" "password" }}' policy: required ################################################################# @@ -36,7 +41,7 @@ secrets: # application image flavor: small -image: onap/vfc/vnflcm:1.4.1 +image: onap/vfc/vnflcm:1.4.2 pullPolicy: Always #Istio sidecar injection policy @@ -45,13 +50,11 @@ istioSidecar: true # flag to enable debugging - application support required debugEnabled: false -# application configuration -config: - mariadbService: vfc-mariadb - mariadbPort: 3306 - mariadbRootPassword: secretpassword - # mariadbRootPasswordExternalSecret: some secret - +# Local mariadb galera instance default name +mariadb-galera: + rootUser: + externalSecret: '{{ include "common.release" . }}-vfc-db-root-pass' + nameOverride: vfc-mariadb # default number of instances replicaCount: 1 diff --git a/kubernetes/vfc/components/vfc-vnfmgr/templates/deployment.yaml b/kubernetes/vfc/components/vfc-vnfmgr/templates/deployment.yaml index 9c8430c9fc..f9a8ba71f2 100644 --- a/kubernetes/vfc/components/vfc-vnfmgr/templates/deployment.yaml +++ b/kubernetes/vfc/components/vfc-vnfmgr/templates/deployment.yaml @@ -42,7 +42,7 @@ spec: - /app/ready.py args: - --container-name - - {{ .Values.config.mariadbService }} + - '{{ ternary (index .Values "mariadb-galera" "nameOverride") .Values.global.mariadbGalera.service .Values.global.mariadbGalera.localCluster }}' env: - name: NAMESPACE valueFrom: @@ -58,7 +58,7 @@ spec: - sh args: - -c - - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh' + - 'MYSQL_AUTH=${MYSQL_ROOT_USER}:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh' image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: @@ -83,7 +83,7 @@ spec: - name: SSL_ENABLED value: "{{ .Values.global.config.ssl_enabled }}" - name: MYSQL_ADDR - value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}" + value: '{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}' - name: REDIS_HOST value: "{{ .Values.global.config.redisServiceName }}" - name: REDIS_PORT diff --git a/kubernetes/vfc/components/vfc-vnfmgr/values.yaml b/kubernetes/vfc/components/vfc-vnfmgr/values.yaml index aa327792b3..f8a5b28065 100644 --- a/kubernetes/vfc/components/vfc-vnfmgr/values.yaml +++ b/kubernetes/vfc/components/vfc-vnfmgr/values.yaml @@ -19,15 +19,20 @@ global: nodePortPrefix: 302 config: ssl_enabled: false + mariadbGalera: + localCluster: false + service: mariadb-galera + internalPort: 3306 + nameOverride: mariadb-galera ################################################################# # Secrets metaconfig ################################################################# secrets: - - uid: "db-root-pass" - externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}' + - uid: db-root-pass + externalSecret: '{{ ternary (index .Values "mariadb-galera" "rootUser" "externalSecret") (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (default "mariadb-galera" .Values.global.mariadbGalera.nameOverride))) .Values.global.mariadbGalera.localCluster }}' type: password - password: '{{ .Values.config.mariadbRootPassword }}' + password: '{{ index .Values "mariadb-galera" "rootUser" "password" }}' policy: required ################################################################# @@ -36,7 +41,7 @@ secrets: # application image flavor: small -image: onap/vfc/vnfmgr:1.4.0 +image: onap/vfc/vnfmgr:1.4.1 pullPolicy: Always #Istio sidecar injection policy @@ -45,12 +50,11 @@ istioSidecar: true # flag to enable debugging - application support required debugEnabled: false -# application configuration -config: - mariadbService: vfc-mariadb - mariadbPort: 3306 - mariadbRootPassword: secretpassword - # mariadbRootPasswordExternalSecret: some secret +# Local mariadb galera instance default name +mariadb-galera: + rootUser: + externalSecret: '{{ include "common.release" . }}-vfc-db-root-pass' + nameOverride: vfc-mariadb # default number of instances replicaCount: 1 diff --git a/kubernetes/vfc/components/vfc-vnfres/templates/deployment.yaml b/kubernetes/vfc/components/vfc-vnfres/templates/deployment.yaml index 2577887523..06258a0d7e 100644 --- a/kubernetes/vfc/components/vfc-vnfres/templates/deployment.yaml +++ b/kubernetes/vfc/components/vfc-vnfres/templates/deployment.yaml @@ -42,7 +42,7 @@ spec: - /app/ready.py args: - --container-name - - {{ .Values.config.mariadbService }} + - '{{ ternary (index .Values "mariadb-galera" "nameOverride") .Values.global.mariadbGalera.service .Values.global.mariadbGalera.localCluster }}' env: - name: NAMESPACE valueFrom: @@ -58,7 +58,7 @@ spec: - sh args: - -c - - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh' + - 'MYSQL_AUTH=${MYSQL_ROOT_USER}:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh' image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: @@ -83,7 +83,7 @@ spec: - name: SSL_ENABLED value: "{{ .Values.global.config.ssl_enabled }}" - name: MYSQL_ADDR - value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}" + value: '{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}' - name: REDIS_HOST value: "{{ .Values.global.config.redisServiceName }}" - name: REDIS_PORT diff --git a/kubernetes/vfc/components/vfc-vnfres/values.yaml b/kubernetes/vfc/components/vfc-vnfres/values.yaml index 7683912aa2..74e5b21faf 100644 --- a/kubernetes/vfc/components/vfc-vnfres/values.yaml +++ b/kubernetes/vfc/components/vfc-vnfres/values.yaml @@ -19,15 +19,20 @@ global: nodePortPrefix: 302 config: ssl_enabled: false + mariadbGalera: + localCluster: false + service: mariadb-galera + internalPort: 3306 + nameOverride: mariadb-galera ################################################################# # Secrets metaconfig ################################################################# secrets: - - uid: "db-root-pass" - externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}' + - uid: db-root-pass + externalSecret: '{{ ternary (index .Values "mariadb-galera" "rootUser" "externalSecret") (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (default "mariadb-galera" .Values.global.mariadbGalera.nameOverride))) .Values.global.mariadbGalera.localCluster }}' type: password - password: '{{ .Values.config.mariadbRootPassword }}' + password: '{{ index .Values "mariadb-galera" "rootUser" "password" }}' policy: required ################################################################# @@ -36,7 +41,7 @@ secrets: # application image flavor: small -image: onap/vfc/vnfres:1.3.9 +image: onap/vfc/vnfres:1.4.0 pullPolicy: Always #Istio sidecar injection policy @@ -45,13 +50,11 @@ istioSidecar: true # flag to enable debugging - application support required debugEnabled: false -# application configuration -config: - mariadbService: vfc-mariadb - mariadbPort: 3306 - mariadbRootPassword: secretpassword - # mariadbRootPasswordExternalSecret: some secret - +# Local mariadb galera instance default name +mariadb-galera: + rootUser: + externalSecret: '{{ include "common.release" . }}-vfc-db-root-pass' + nameOverride: vfc-mariadb # default number of instances replicaCount: 1 diff --git a/kubernetes/vfc/components/vfc-zte-vnfm-driver/values.yaml b/kubernetes/vfc/components/vfc-zte-vnfm-driver/values.yaml index 9edcfbf5e1..643c3fbd84 100644 --- a/kubernetes/vfc/components/vfc-zte-vnfm-driver/values.yaml +++ b/kubernetes/vfc/components/vfc-zte-vnfm-driver/values.yaml @@ -26,7 +26,7 @@ global: # application image flavor: small -image: onap/vfc/ztevnfmdriver:1.4.0 +image: onap/vfc/ztevnfmdriver:1.4.1 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/vfc/requirements.yaml b/kubernetes/vfc/requirements.yaml index ab3f4ae979..7f65b021f9 100644 --- a/kubernetes/vfc/requirements.yaml +++ b/kubernetes/vfc/requirements.yaml @@ -19,6 +19,7 @@ dependencies: - name: mariadb-galera version: ~8.x-0 repository: '@local' + condition: global.mariadbGalera.localCluster - name: repositoryGenerator version: ~8.x-0 repository: '@local' diff --git a/kubernetes/vfc/values.yaml b/kubernetes/vfc/values.yaml index 0560832a5f..64bd029bd1 100644 --- a/kubernetes/vfc/values.yaml +++ b/kubernetes/vfc/values.yaml @@ -26,42 +26,47 @@ global: # we use this flag to determine who is responbile for serice registeration # and it can reduce duplicate registration. reg_to_msb_when_start: False - mariadb_admin: root + mariadb_admin: &mariadbAdmin root persistence: mountPath: /dockerdata-nfs + mariadbGalera: &mariadbGalera + #This flag allows VFC to instantiate its own mariadb-galera cluster + localCluster: false + service: mariadb-galera + internalPort: 3306 + nameOverride: mariadb-galera ################################################################# # Secrets metaconfig ################################################################# secrets: - - uid: "db-root-pass" + - uid: db-root-pass name: &dbRootPassSecret '{{ include "common.release" . }}-vfc-db-root-pass' + externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .) (hasSuffix "db-root-pass" (index .Values "mariadb-galera" "rootUser" "externalSecret"))}}' + login: '{{ index .Values "mariadb-galera" "rootUser" "user" }}' + password: '{{ index .Values "mariadb-galera" "rootUser" "password" }}' type: password - password: '{{ .Values.config.mariadbRootPassword }}' # application configuration config: logstashServiceName: log-ls logstashPort: 5044 -mariadb-galera: +mariadb-galera: &localMariadb rootUser: + user: *mariadbAdmin + # password: externalSecret: *dbRootPassSecret - nameOverride: &vfc-mariadb vfc-mariadb + nameOverride: &dbServer vfc-mariadb nfsprovisionerPrefix: vfc persistence: mountSubPath: vfc/data enabled: true disableNfsProvisioner: true serviceAccount: - nameOverride: *vfc-mariadb + nameOverride: *dbServer replicaCount: 1 -db: &dbConfig - mariadbService: vfc-mariadb - mariadbPort: 3306 - mariadbRootPasswordExternalSecret: *dbRootPassSecret - vfc-generic-vnfm-driver: enabled: true @@ -70,26 +75,22 @@ vfc-huawei-vnfm-driver: vfc-nslcm: enabled: true - config: - << : *dbConfig + mariadb-galera: *localMariadb vfc-redis: enabled: true vfc-vnflcm: enabled: true - config: - << : *dbConfig + mariadb-galera: *localMariadb vfc-vnfmgr: enabled: true - config: - << : *dbConfig + mariadb-galera: *localMariadb vfc-vnfres: enabled: true - config: - << : *dbConfig + mariadb-galera: *localMariadb # sub-chart configuration vfc-workflow: