COMMON_CHARTS_DIR := common
EXCLUDES :=
-PROCESSED_LAST := cert-wrapper
-TO_FILTER := $(EXCLUDES) $(PROCESSED_LAST)
+PROCESSED_LAST := cert-wrapper repository-wrapper
+PROCESSED_FIRST := repositoryGenerator certInitializer
+TO_FILTER := $(PROCESSED_FIRST) $(EXCLUDES) $(PROCESSED_LAST)
HELM_BIN := helm
-HELM_CHARTS := $(filter-out $(TO_FILTER), $(sort $(patsubst %/.,%,$(wildcard */.)))) $(PROCESSED_LAST)
+HELM_CHARTS := $(PROCESSED_FIRST) $(filter-out $(TO_FILTER), $(sort $(patsubst %/.,%,$(wildcard */.)))) $(PROCESSED_LAST)
HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
.PHONY: $(HELM_CHARTS) $(TO_FILTER)
+----------------------------------------------------+-----------------------+
| `common.repository` | `_repository.tpl` |
+----------------------------------------------------+-----------------------+
- | `common.repository.secret` | `_repository.tpl` |
- +----------------------------------------------------+-----------------------+
| `common.flavor` | `_resources.tpl` |
+----------------------------------------------------+-----------------------+
| `common.resources` | `_resources.tpl` |
...
containers:
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
...
Namespace
*/}}
{{/*
+ /!\ DEPRECATED /!\
+ Will be removed when transition to "repositoryGenerator" is finished.
Resolve the name of the common image repository.
The value for .Values.repository is used by default,
unless either override mechanism is used.
{{- default .Values.repository .Values.global.repository -}}
{{end}}
{{- end -}}
-
-
-{{/*
- Resolve the image repository secret token.
- The value for .Values.global.repositoryCred is used:
- repositoryCred:
- user: user
- password: password
- mail: email (optional)
-*/}}
-{{- define "common.repository.secret" -}}
- {{- $repo := include "common.repository" . }}
- {{- $repo := default "nexus3.onap.org:10001" $repo }}
- {{- $cred := .Values.global.repositoryCred }}
- {{- $mail := default "@" $cred.mail }}
- {{- $auth := printf "%s:%s" $cred.user $cred.password | b64enc }}
- {{- printf "{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}}" $repo $cred.user $cred.password $mail $auth | b64enc -}}
-{{- end -}}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: Wrapper chart to allow docker secret to be shared all instances
+name: repository-wrapper
+version: 6.0.0
--- /dev/null
+# Copyright © 2018 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: 'file://../common'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: 'file://../repositoryGenerator'
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
data:
- .dockercfg: {{ include "common.repository.secret" . }}
+ .dockercfg: {{ include "repositoryGenerator.secret" . }}
type: kubernetes.io/dockercfg
--- /dev/null
+# Copyright © 2020 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+global: {}
\ No newline at end of file
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: Template used to generate the right repository link
+name: repositoryGenerator
+version: 6.0.0
--- /dev/null
+# Copyright © 2018 Amdocs, Bell Canada
+# Copyright © 2020 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- define "repositoryGenerator._repositoryHelper" -}}
+ {{- $dot := default . .dot -}}
+ {{- $initRoot := default $dot.Values.repositoryGenerator .initRoot -}}
+ {{- $repoName := .repoName }}
+ {{- $overrideName := printf "%s%s" $repoName "Override" }}
+ {{- if (hasKey $dot.Values $overrideName) -}}
+ {{- printf "%s" (first (pluck $overrideName $dot.Values)) -}}
+ {{- else -}}
+ {{- first (pluck $repoName $dot.Values.global $initRoot.global) -}}
+ {{- end }}
+{{- end -}}
+
+{{/*
+ Resolve the name of the common image repository.
+
+ - .Values.global.repository : default image repository for all ONAP images
+ - .Values.repositoryOverride : override global repository on a per chart basis
+*/}}
+{{- define "repositoryGenerator.repository" -}}
+ {{- include "repositoryGenerator._repositoryHelper" (merge (dict "repoName" "repository") .) }}
+{{- end -}}
+
+{{/*
+ Resolve the name of the dockerHub image repository.
+
+ - .Values.global.dockerHubRepository : default image dockerHubRepository for all dockerHub images
+ - .Values.dockerHubRepositoryOverride : override global dockerHub repository on a per chart basis
+*/}}
+{{- define "repositoryGenerator.dockerHubRepository" -}}
+ {{- include "repositoryGenerator._repositoryHelper" (merge (dict "repoName" "dockerHubRepository") .) }}
+{{- end -}}
+
+{{/*
+ Resolve the name of the elasticRepository image repository.
+
+ - .Values.global.elasticRepository : default image elasticRepository for all images using elastic repository
+ - .Values.elasticRepositoryOverride : override global elasticRepository repository on a per chart basis
+*/}}
+{{- define "repositoryGenerator.elasticRepository" -}}
+ {{- include "repositoryGenerator._repositoryHelper" (merge (dict "repoName" "elasticRepository") .) }}
+{{- end -}}
+
+{{/*
+ Resolve the name of the googleK8sRepository image repository.
+
+ - .Values.global.googleK8sRepository : default image dockerHubRepository for all dockerHub images
+ - .Values.googleK8sRepositoryOverride : override global dockerHub repository on a per chart basis
+*/}}
+{{- define "repositoryGenerator.googleK8sRepository" -}}
+ {{- include "repositoryGenerator._repositoryHelper" (merge (dict "repoName" "googleK8sRepository") .) }}
+{{- end -}}
+
+{{- define "repositoryGenerator.image._helper" -}}
+ {{- $dot := default . .dot -}}
+ {{- $initRoot := default $dot.Values.repositoryGenerator .initRoot -}}
+ {{- $image := .image }}
+ {{- $repoName := first (pluck $image $initRoot.imageRepoMapping) }}
+ {{- include "repositoryGenerator._repositoryHelper" (merge (dict "repoName" $repoName ) .) }}/{{- first (pluck $image $dot.Values.global $initRoot.global) -}}
+{{- end -}}
+
+{{- define "repositoryGenerator.image.busybox" -}}
+ {{- include "repositoryGenerator.image._helper" (merge (dict "image" "busyboxImage") .) }}
+{{- end -}}
+
+{{- define "repositoryGenerator.image.curl" -}}
+ {{- include "repositoryGenerator.image._helper" (merge (dict "image" "curlImage") .) }}
+{{- end -}}
+
+{{- define "repositoryGenerator.image.envsubst" -}}
+ {{- include "repositoryGenerator.image._helper" (merge (dict "image" "envsubstImage") .) }}
+{{- end -}}
+
+{{- define "repositoryGenerator.image.htpasswd" -}}
+ {{- include "repositoryGenerator.image._helper" (merge (dict "image" "htpasswdImage") .) }}
+{{- end -}}
+
+{{- define "repositoryGenerator.image.kubectl" -}}
+ {{- include "repositoryGenerator.image._helper" (merge (dict "image" "kubectlImage") .) }}
+{{- end -}}
+
+{{- define "repositoryGenerator.image.logging" -}}
+ {{- include "repositoryGenerator.image._helper" (merge (dict "image" "loggingImage") .) }}
+{{- end -}}
+
+{{- define "repositoryGenerator.image.mariadb" -}}
+ {{- include "repositoryGenerator.image._helper" (merge (dict "image" "mariadbImage") .) }}
+{{- end -}}
+
+{{- define "repositoryGenerator.image.nginx" -}}
+ {{- include "repositoryGenerator.image._helper" (merge (dict "image" "nginxImage") .) }}
+{{- end -}}
+
+{{- define "repositoryGenerator.image.postgres" -}}
+ {{- include "repositoryGenerator.image._helper" (merge (dict "image" "postgresImage") .) }}
+{{- end -}}
+
+{{- define "repositoryGenerator.image.readiness" -}}
+ {{- include "repositoryGenerator.image._helper" (merge (dict "image" "readinessImage") .) }}
+{{- end -}}
+
+{{/*
+ Resolve the image repository secret token.
+ The value for .Values.global.repositoryCred is used if provided:
+ repositoryCred:
+ user: user
+ password: password
+ mail: email (optional)
+ You can also set the same things for dockerHub, elastic and googleK8s if
+ needed.
+*/}}
+{{- define "repositoryGenerator.secret" -}}
+ {{- $dot := default . .dot -}}
+ {{- $initRoot := default $dot.Values.repositoryGenerator .initRoot -}}
+ {{/* Our version of helm doesn't support deepCopy so we need this nasty trick */}}
+ {{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
+ {{- $repoCreds := "" }}
+ {{- if $subchartDot.Values.global.dockerHubRepositoryCred }}
+ {{- $repo := $subchartDot.Values.global.repository }}
+ {{- $cred := $subchartDot.Values.global.repositoryCred }}
+ {{- $mail := default "@" $cred.mail }}
+ {{- $auth := printf "%s:%s" $cred.user $cred.password | b64enc }}
+ {{- $repoCreds = printf "\"%s\": {\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}" $repo $cred.user $cred.password $mail $auth }}
+ {{- end }}
+ {{- if $subchartDot.Values.global.dockerHubRepositoryCred }}
+ {{- $dhRepo := $subchartDot.Values.global.dockerHubRepository }}
+ {{- $dhCred := $subchartDot.Values.global.dockerHubRepositoryCred }}
+ {{- $dhMail := default "@" $dhCred.mail }}
+ {{- $dhAuth := printf "%s:%s" $dhCred.user $dhCred.password | b64enc }}
+ {{- $dhRepoCreds := printf "\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}" $dhRepo $dhCred.user $dhCred.password $dhMail $dhAuth }}
+ {{- if eq "" $repoCreds }}
+ {{- $repoCreds = $dhRepoCreds }}
+ {{- else }}
+ {{- $repoCreds = printf "%s, %s" $repoCreds $dhRepoCreds }}
+ {{- end }}
+ {{- end }}
+ {{- if $subchartDot.Values.global.elasticRepositoryCred }}
+ {{- $eRepo := $subchartDot.Values.global.elasticRepository }}
+ {{- $eCred := $subchartDot.Values.global.elasticRepositoryCred }}
+ {{- $eMail := default "@" $eCred.mail }}
+ {{- $eAuth := printf "%s:%s" $eCred.user $eCred.password | b64enc }}
+ {{- $eRepoCreds := printf "\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}" $eRepo $eCred.user $eCred.password $eMail $eAuth }}
+ {{- if eq "" $repoCreds }}
+ {{- $repoCreds = $eRepoCreds }}
+ {{- else }}
+ {{- $repoCreds = printf "%s, %s" $repoCreds $eRepoCreds }}
+ {{- end }}
+ {{- end }}
+ {{- if $subchartDot.Values.global.googleK8sRepositoryCred }}
+ {{- $gcrRepo := $subchartDot.Values.global.googleK8sRepository }}
+ {{- $gcrCred := $subchartDot.Values.global.googleK8sRepositoryCred }}
+ {{- $gcrMail := default "@" $gcrCred.mail }}
+ {{- $gcrAuth := printf "%s:%s" $gcrCred.user $gcrCred.password | b64enc }}
+ {{- $gcrRepoCreds := printf "\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}" $gcrRepo $gcrCred.user $gcrCred.password $gcrMail $gcrAuth }}
+ {{- if eq "" $repoCreds }}
+ {{- $repoCreds = $gcrRepoCreds }}
+ {{- else }}
+ {{- $repoCreds = printf "%s, %s" $repoCreds $gcrRepoCreds }}
+ {{- end }}
+ {{- end }}
+ {{- printf "{%s}" $repoCreds | b64enc -}}
+{{- end -}}
--- /dev/null
+# Copyright © 2020 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+global:
+ # Repositories used
+ repository: nexus3.onap.org:10001
+ dockerHubRepository: docker.io
+ elasticRepository: docker.elastic.co
+ googleK8sRepository: k8s.gcr.io
+
+ # common global images
+ busyboxImage: busybox:1.32
+ curlImage: curlimages/curl:7.69.1
+ envsubstImage: dibi/envsubst:1
+ # there's only latest image for htpasswd
+ htpasswdImage: xmartlabs/htpasswd:latest
+ kubectlImage: bitnami/kubectl:1.19
+ loggingImage: beats/filebeat:5.5.0
+ mariadbImage: mariadb:10.1.48
+ nginxImage: bitnami/nginx:1.18-debian-10
+ postgresImage: crunchydata/crunchy-postgres:centos7-10.11-4.2.1
+ readinessImage: onap/oom/readiness:3.0.1
+
+ # Default credentials
+ # they're optional. If the target repository doesn't need them, comment them
+ repositoryCred:
+ user: docker
+ password: docker
+ # If you want / need authentication on the repositories, please set
+ # Don't set them if the target repo is the same than others
+ # dockerHubCred:
+ # user: myuser
+ # password: mypassord
+ # elasticCred:
+ # user: myuser
+ # password: mypassord
+ # googleK8sCred:
+ # user: myuser
+ # password: mypassord
+
+imageRepoMapping:
+ busyboxImage: dockerHubRepository
+ curlImage: dockerHubRepository
+ envsubstImage: dockerHubRepository
+ htpasswdImage: dockerHubRepository
+ kubectlImage: dockerHubRepository
+ loggingImage: elasticRepository
+ mariadbImage: dockerHubRepository
+ nginxImage: dockerHubRepository
+ postgresImage: dockerHubRepository
+ readinessImage: repository
version: ~6.x-0
repository: '@local'
condition: oof.enabled
+ - name: repository-wrapper
+ version: ~6.x-0
+ repository: '@local'
- name: robot
version: ~6.x-0
repository: '@local'
addTestingComponents: &testing false
# ONAP Repository
- # Uncomment the following to enable the use of a single docker
- # repository but ONLY if your repository mirrors all ONAP
- # docker images. This includes all images from dockerhub and
- # any other repository that hosts images for ONAP components.
- #repository: nexus3.onap.org:10001
+ # Four different repositories are used
+ # You can change individually these repositories to ones that will serve the
+ # right images. If credentials are needed for one of them, see below.
+ repository: nexus3.onap.org:10001
+ dockerHubRepository: &dockerHubRepository docker.io
+ elasticRepository: &elasticRepository docker.elastic.co
+ googleK8sRepository: k8s.gcr.io
+
+
+ #/!\ DEPRECATED /!\
+ # Legacy repositories which will be removed at the end of migration.
+ # Please don't use
+ loggingRepository: *elasticRepository
+ busyboxRepository: *dockerHubRepository
+
+ # Default credentials
+ # they're optional. If the target repository doesn't need them, comment them
repositoryCred:
user: docker
password: docker
- dockerHubRepository: docker.io
-
- # readiness check
- readinessImage: onap/oom/readiness:3.0.1
+ # If you want / need authentication on the repositories, please set
+ # Don't set them if the target repo is the same than others
+ # so id you've set repository to value `my.private.repo` and same for
+ # dockerHubRepository, you'll have to configure only repository (exclusive) OR
+ # dockerHubCred.
+ # dockerHubCred:
+ # user: myuser
+ # password: mypassord
+ # elasticCred:
+ # user: myuser
+ # password: mypassord
+ # googleK8sCred:
+ # user: myuser
+ # password: mypassord
+
+
+ # common global images
+ # Busybox for simple shell manipulation
+ busyboxImage: busybox:1.32
# curl image
curlImage: curlimages/curl:7.69.1
- # logging agent - temporary repo until images migrated to nexus3
- loggingRepository: docker.elastic.co
+ # env substitution image
+ envsubstImage: dibi/envsubst:1
+
+ # generate htpasswd files image
+ # there's only latest image for htpasswd
+ htpasswdImage: xmartlabs/htpasswd:latest
+
+ # kubenretes client image
+ kubectlImage: bitnami/kubectl:1.19
- # dockerHub main repository
- dockerHubRepository: docker.io
+ # logging agent
+ loggingImage: beats/filebeat:5.5.0
- # busybox repo and image
- busyboxRepository: docker.io
- busyboxImage: busybox:1.30
+ # mariadb client image
+ mariadbImage: mariadb:10.1.48
- # kubeclt image
- kubectlImage: "bitnami/kubectl:1.15"
+ # nginx server image
+ nginxImage: bitnami/nginx:1.18-debian-10
+
+ # postgreSQL client and server image
+ postgresImage: crunchydata/crunchy-postgres:centos7-10.11-4.2.1
+
+ # readiness check image
+ readinessImage: onap/oom/readiness:3.0.1
# image pull policy
pullPolicy: Always
cert-wrapper:
enabled: true
+repository-wrapper:
+ enabled: true