oof@oof.onap.org|oof.api.simpledemo.onap.org|local|/opt/app/osaaf/local||mailto:jflood@att.com|org.onap.oof|root|30|{'cmso-onap', 'cmso.api.simpledemo.onap.org', 'cmso.onap', 'oof-has-api', 'oof-has-api.onap', 'oof-onap', 'oof-opteng', 'oof-opteng.onap', 'oof-osdf', 'oof-osdf.onap', 'oof.api.simpledemo.onap.org', 'oof.onap'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
oof@oof.onap.org|oof|local|/opt/app/osaaf/local||mailto:jflood@att.com|org.onap.oof|root|30|{'cmso-onap', 'cmso.api.simpledemo.onap.org', 'cmso.onap', 'oof-has-api', 'oof-has-api.onap', 'oof-onap', 'oof-osdf', 'oof-osdf.onap', 'oof.api.simpledemo.onap.org', 'oof.onap'}|aaf_admin@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
oof@oof.onap.org|oof.onap|local|/opt/app/osaaf/local||mailto:jflood@att.com|org.onap.oof|root|30|{'cmso-onap', 'cmso.api.simpledemo.onap.org', 'cmso.onap', 'oof-cmso', 'oof-cmso-optimizer', 'oof-cmso-ticketmgt', 'oof-cmso-topology', 'oof-has-api', 'oof-has-api.onap', 'oof-onap', 'oof-opteng', 'oof-opteng.onap', 'oof-osdf', 'oof-osdf.onap', 'oof.api.simpledemo.onap.org', 'oof.onap'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
-policy@policy.onap.org|policy|local|/opt/app/osaaf/local||mailto:|org.onap.policy|root|60|{'*.pdp', '*.pdp.onap.svc.cluster.local', 'brmsgw', 'brmsgw.onap', 'drools', 'drools.onap', 'pap', 'pap.onap', 'pdp', 'pdp.onap', 'policy', 'policy-apex-pdp', 'policy-apex-pdp.onap', 'policy-api', 'policy-api.onap', 'policy-distribution', 'policy-distribution.onap', 'policy-pap', 'policy-pap.onap', 'policy-xacml-pdp', 'policy-xacml-pdp.onap', 'policy.api.simpledemo.onap.org'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
-policy@policy.onap.org|policy_onap|local|/opt/app/osaaf/local||mailto:|org.onap.policy|root|30|{'*.pdp', '*.pdp.onap.svc.cluster.local', 'brmsgw', 'brmsgw.onap', 'drools', 'drools.onap', 'pap', 'pap.onap', 'pdp', 'pdp.onap', 'policy', 'policy-apex-pdp', 'policy-apex-pdp.onap', 'policy-distribution', 'policy-distribution.onap', 'policy.api.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'pkcs12'}
+policy@policy.onap.org|policy|local|/opt/app/osaaf/local||mailto:|org.onap.policy|root|60|{'policy-drools-pdp', 'policy-drools-pdp.onap', 'policy', 'policy-apex-pdp', 'policy-apex-pdp.onap', 'policy-api', 'policy-api.onap', 'policy-distribution', 'policy-distribution.onap', 'policy-pap', 'policy-pap.onap', 'policy-xacml-pdp', 'policy-xacml-pdp.onap', 'policy.api.simpledemo.onap.org'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
pomba@pomba.onap.org|onap.pomba|local|/opt/app/osaaf/local||mailto:|org.onap.pomba|root|30|{'onap.pomba', 'onap_pomba', 'pomba', 'pomba.api.simpledemo.onap.org', 'pomba.onap', 'pomba_onap'}|aaf_admin@osaaf.org|{'jks', 'pkcs12', 'script'}
portal@portal.onap.org|portal|local|/opt/app/osaaf/local||mailto:|org.onap.portal|root|30|{'onap.portal', 'onap_portal', 'portal', 'portal-app', 'portal.api.simpledemo.onap.org', 'portal.onap', 'portal_onap'}|aaf_admin@osaaf.org|{'pkcs12', 'script'}
refrepo@refrepo.onap.org|refrepo|local|/opt/app/osaaf/local||mailto:|org.onap.refrepo|root|30|{'refrepo', 'refrepo.api.simpledemo.onap.org', 'refrepo.onap'}|aaf_admin@osaaf.org|{'file', 'pkcs12'}
print_usage
fi
-while [[ $# -gt 0 ]]
+while [ $# -gt 0 ]
do
key="$1"
shift
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
--- /dev/null
+# Copyright (C) 2021 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: Chart for etcd init job
+name: etcd-init
+version: 8.0.0
--- /dev/null
+# Copyright (C) 2021 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~8.x-0
+ repository: 'file://../common'
+ - name: repositoryGenerator
+ version: ~8.x-0
+ repository: 'file://../repositoryGenerator'
--- /dev/null
+{{/*
+# Copyright (C) 2021 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ include "common.fullname" . }}-job
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ backoffLimit: {{ .Values.backoffLimit }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ name: {{ include "common.name" . }}
+ spec:
+ initContainers:
+ - name: {{ include "common.name" . }}-readiness
+ command:
+ - /app/ready.py
+ args:
+ - --container-name
+ - {{ .Values.etcd.containerName }}
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /bin/sh
+ - -ec
+ - |
+ # Create users
+ export ETCDCTL_ENDPOINTS=http://${ETCD_HOST}:${ETCD_PORT}
+ export ETCDCTL_API=3
+ echo "${ROOT_PASSWORD}" | etcdctl user add root --interactive=false
+ echo "${APP_PASSWORD}" | etcdctl user add ${APP_USER} --interactive=false
+
+ # Create roles
+ etcdctl role add ${APP_ROLE}
+ etcdctl role grant-permission ${APP_ROLE} --prefix=true readwrite ${KEY_PREFIX}
+
+ etcdctl user grant-role ${APP_USER} ${APP_ROLE}
+ etcdctl auth enable
+ env:
+ - name: ALLOW_NONE_AUTHENTICATION
+ value: "yes"
+ - name: ETCD_HOST
+ value: "{{ .Values.etcd.serviceName }}.{{ include "common.namespace" . }}"
+ - name: ETCD_PORT
+ value: "{{ .Values.etcd.port }}"
+ - name: ROOT_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "root-password" "key" "password" ) | indent 10 }}
+ - name: APP_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-creds" "key" "login") | indent 10 }}
+ - name: APP_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-creds" "key" "password") | indent 10 }}
+ - name: APP_ROLE
+ value: "{{ .Values.config.appRole }}"
+ - name: KEY_PREFIX
+ value: "{{ .Values.config.keyPrefix }}"
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ resources: {{ include "common.resources" . | nindent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity: {{ toYaml .Values.affinity | nindent 10 }}
+ {{- end }}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ restartPolicy: Never
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright (C) 2021 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
--- /dev/null
+# Copyright (C) 2021 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global: {}
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: root-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.config.userRootSecret) . }}'
+ password: '{{ .Values.config.userRootPassword }}'
+ - uid: app-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.appUser }}'
+ password: '{{ .Values.config.appPassword }}'
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+
+image: bitnami/etcd:3.3.15
+pullPolicy: Always
+backoffLimit: 20
+
+nodeSelector: {}
+
+affinity: {}
+
+etcd:
+ serviceName: k8s-etcd
+ port : 2379
+ containerName: k8s-etcd
+
+config:
+ userRootSecret: root
+# userCredentialsExternalSecret:
+ appUser: user
+ appRole: role
+ keyPrefix: key
+
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 100m
+ memory: 500Mi
+ requests:
+ cpu: 10m
+ memory: 10Mi
+ large:
+ limits:
+ cpu: 200m
+ memory: 500Mi
+ requests:
+ cpu: 20m
+ memory: 20Mi
+ unlimited: {}
{{ toYaml .Values.tolerations | indent 8 }}
{{- end }}
containers:
- - name: {{ include "common.fullname" . }}
+ - name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.googleK8sRepository" . }}/{{ .Values.image }}
imagePullPolicy: "{{ .Values.pullPolicy }}"
ports:
for line in `parse_yaml $filename`
do
#skiping commented line
- if [[ ${line:0:1} != '#' ]]; then
+ if [ "${line:0:1}" != '#' ]; then
#find all image subtag inside converted values.yaml file's lines
if echo $line | grep -q $IMAGE_TEXT ; then
#find imageName inside line
target_machine_notice_info
}
-if [[ $# -eq 1 ]] && [[ $1 = "-h" || $1 = "--help" ]]; then
+if [ $# -eq 1 ] && [ "$1" = "-h" ]; then
usage
-elif [[ $# -eq 1 ]] && [[ $1 = "--info" ]]; then
+elif [ $# -eq 1 ] && [Â "$1" = "--help" ]; then
+ usage
+elif [ $# -eq 1 ] && [ "$1" = "--info" ]; then
target_machine_notice_info
else
deploy $@
generate_config_map $@
}
-if [[ $# -eq 1 ]] && [[ $1 = "-h" || $1 = "--help" ]]; then
+if [ $# -eq 1 ] && [ "$1" = "-h" ]; then
usage
-elif [[ $# -eq 0 ]]; then
+if [ $# -eq 1 ] && [ "$1" = "--help" ]; then
+ usage
+elif [ $# -eq 0 ]; then
automatic_configuration
else
manual_configuration $@
esac
done
-if [[ -z $BRANCH ]]; then
+if [ -z $BRANCH ]; then
usage
exit 1
fi
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}
env:
+ {{- range $cred := .Values.credentials }}
+ - name: {{ $cred.name }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" $ "uid" $cred.uid "key" $cred.key) | indent 10 }}
+ {{- end }}
{{- if $certDir }}
- name: DCAE_CA_CERTPATH
value: {{ $certDir }}/cacert.pem
volumeMounts:
- mountPath: /app-config
name: app-config
+ - mountPath: /app-config-input
+ name: app-config-input
{{- if $logDir }}
- mountPath: {{ $logDir}}
name: component-log
{{- if $certDir }}
- mountPath: {{ $certDir }}
name: tls-info
- {{- if and .Values.certificates .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration -}}
+ {{- if (include "dcaegen2-services-common.shouldUseCmpv2Certificates" .) -}}
{{- include "common.certManager.volumeMountsReadOnly" . | nindent 8 -}}
{{- end -}}
{{- end }}
{{- if $certDir }}
- emptyDir: {}
name: tls-info
- {{ if and .Values.certificates .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration -}}
+ {{ if (include "dcaegen2-services-common.shouldUseCmpv2Certificates" .) -}}
{{ include "common.certManager.volumesReadOnly" . | nindent 6 }}
{{- end }}
{{- end }}
*/}}
{{- define "dcaegen2-services-common._certPostProcessor" -}}
{{- $certDir := default "" .Values.certDirectory . -}}
- {{- if and $certDir .Values.certificates .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration -}}
+ {{- if (include "dcaegen2-services-common.shouldUseCmpv2Certificates" .) -}}
{{- $cmpv2Certificate := (index .Values.certificates 0) -}}
{{- $cmpv2CertificateDir := $cmpv2Certificate.mountPath -}}
{{- $certType := "pem" -}}
value: {{ $keystoreDestinationPaths | quote }}
{{- end }}
{{- end -}}
+
+{{/*
+ Template returns string "true" if CMPv2 certificates should be used and nothing (so it can be used in with statements)
+ when they shouldn't. Example use:
+ {{- if (include "dcaegen2-services-common.shouldUseCmpv2Certificates" .) -}}
+
+*/}}
+{{- define "dcaegen2-services-common.shouldUseCmpv2Certificates" -}}
+ {{- $certDir := default "" .Values.certDirectory . -}}
+ {{- if (and $certDir .Values.certificates .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration .Values.useCmpv2Certificates) -}}
+ true
+ {{- end -}}
+{{- end -}}
# limitations under the License.
*/}}
-{{ if and .Values.certDirectory .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration }}
+{{- if (include "dcaegen2-services-common.shouldUseCmpv2Certificates" .) -}}
{{ include "certManagerCertificate.certificate" . }}
{{ end }}
passwordPolicy: required
# CMPv2 certificate
-# It is used only when global parameter cmpv2Enabled is true
+# It is used only when:
+# - certDirectory is set
+# - global cmpv2Enabled flag is set to true
+# - global CertManagerIntegration flag is set to true
+# - flag useCmpv2Certificates is set to true
# Disabled by default
+useCmpv2Certificates: false
certificates:
- mountPath: /etc/ves-hv/ssl/external
commonName: dcae-hv-ves-collector
# Application configuration defaults.
#################################################################
# application image
-image: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.2.1
+image: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.3.0
pullPolicy: Always
# log directory where logging sidecar should look for log files
# limitations under the License.
*/}}
-{{ if and .Values.certDirectory .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration }}
+{{- if (include "dcaegen2-services-common.shouldUseCmpv2Certificates" .) -}}
{{ include "certManagerCertificate.certificate" . }}
{{ end }}
tlsServer: true
# CMPv2 certificate
-# It is used only when global parameter cmpv2Enabled is true
+# It is used only when:
+# - certDirectory is set
+# - global cmpv2Enabled flag is set to true
+# - global CertManagerIntegration flag is set to true
+# - flag useCmpv2Certificates is set to true
# Disabled by default
+useCmpv2Certificates: false
certificates:
- mountPath: /opt/app/dcae-certificate/external
commonName: dcae-ves-collector
# DCAE component images to be deployed via Cloudify Manager
# Use to override default setting in blueprints
componentImages:
- tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.2.1
+ tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.3.0
ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.9.2
prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.6
hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.8.0
for index in "${!SUBCHART_NAMES[@]}"; do
START=${SUBCHART_NAMES[index]}
END=${SUBCHART_NAMES[index+1]}
- if [[ $START = "global:" ]]; then
+ if [ "$START" = "global:" ]; then
echo "global:" > $GLOBAL_OVERRIDES
cat $COMPUTED_OVERRIDES | sed '/common:/,/consul:/d' \
| sed -n '/^'"$START"'/,/'log:'/p' | sed '1d;$d' >> $GLOBAL_OVERRIDES
else
SUBCHART_DIR="$CACHE_SUBCHART_DIR/$(echo "$START" |cut -d':' -f1)"
- if [[ -d "$SUBCHART_DIR" ]]; then
- if [[ -z "$END" ]]; then
+ if [ -d "$SUBCHART_DIR" ]; then
+ if [ -z "$END" ]; then
cat $COMPUTED_OVERRIDES | sed -n '/^'"$START"'/,/'"$END"'/p' \
| sed '1d;$d' | cut -c3- > $SUBCHART_DIR/subchart-overrides.yaml
else
n=${#flags[*]}
i=0 ; while [ "$i" -lt "$n" ]; do
PARAM=${flags[i]}
- if [[ $PARAM = "-f" || \
- $PARAM = "--values" || \
- $PARAM = "--set" || \
- $PARAM = "--set-string" || \
- $PARAM = "--version" ]]; then
+ if [ "$PARAM" = "-f" ] || \
+ [ "$PARAM" = "--values" ] || \
+ [ "$PARAM" = "--set" ] || \
+ [ "$PARAM" = "--set-string" ] || \
+ [ "$PARAM" = "--version" ]; then
# skip param and its value
i=$((i + 1))
else
deploy() {
# validate params
- if [[ -z "$1" || -z "$2" ]]; then
+ if [ -z "$1" ] || [Â -z "$2" ]; then
usage
exit 0
fi
FLAGS=${@:3}
CHART_REPO="$(echo "$CHART_URL" |cut -d'/' -f1)"
CHART_NAME="$(echo "$CHART_URL" |cut -d'/' -f2)"
- if [[ $HELM_VER = "v3."* ]]; then
+ if expr "$HELM_VER" : "v3\..*" ; then
CACHE_DIR=~/.local/share/helm/plugins/deploy/cache
else
CACHE_DIR=~/.helm/plugins/deploy/cache
# determine if verbose output is enabled
VERBOSE="false"
- if [[ $FLAGS = *"--verbose"* ]]; then
+ if expr "$FLAGS" : ".*--verbose.*" ; then
FLAGS="$(echo $FLAGS| sed -n 's/--verbose//p')"
VERBOSE="true"
fi
# determine if delay for deployment is enabled
DELAY="false"
- if [[ $FLAGS = *"--delay"* ]]; then
+ if expr "$FLAGS" : ".*--delay.*" ; then
FLAGS="$(echo $FLAGS| sed -n 's/--delay//p')"
DELAY="true"
fi
# determine if set-last-applied flag is enabled
SET_LAST_APPLIED="false"
- if [[ $FLAGS = *"--set-last-applied"* ]]; then
+ if expr"$FLAGS" : ".*--set-last-applied.*" ; then
FLAGS="$(echo $FLAGS| sed -n 's/--set-last-applied//p')"
SET_LAST_APPLIED="true"
fi
- if [[ $FLAGS = *"--dry-run"* ]]; then
+ if expr "$FLAGS" : ".*--dry-run.*" ; then
VERBOSE="true"
FLAGS="$FLAGS --debug"
fi
SUBCHART_RELEASE="$(echo "$RELEASE" |cut -d'-' -f2)"
# update specified subchart without parent
RELEASE="$(echo "$RELEASE" |cut -d'-' -f1)"
- if [[ $SUBCHART_RELEASE = $RELEASE ]]; then
+ if [ "$SUBCHART_RELEASE" = "$RELEASE" ]; then
SUBCHART_RELEASE=
fi
rm -rf $CACHE_DIR
# fetch umbrella chart (parent chart containing subcharts)
- if [[ -d "$CHART_URL" ]]; then
+ if [ -d "$CHART_URL" ]; then
mkdir -p $CHART_DIR
cp -R $CHART_URL/* $CHART_DIR/
generate_overrides $COMPUTED_OVERRIDES $GLOBAL_OVERRIDES
# upgrade/install parent chart first
- if [[ -z "$SUBCHART_RELEASE" ]]; then
+ if [ -z "$SUBCHART_RELEASE" ]; then
LOG_FILE=$LOG_DIR/${RELEASE}.log
:> $LOG_FILE
helm upgrade -i $RELEASE $CHART_DIR $DEPLOY_FLAGS -f $COMPUTED_OVERRIDES \
> $LOG_FILE.log 2>&1
- if [[ $VERBOSE = "true" ]]; then
+ if [ "$VERBOSE" = "true" ]; then
cat $LOG_FILE
else
echo "release \"$RELEASE\" deployed"
fi
# Add annotation last-applied-configuration if set-last-applied flag is set
- if [[ $SET_LAST_APPLIED = "true" ]]; then
+ if [ "$SET_LAST_APPLIED" = "true" ]; then
helm get manifest ${RELEASE} \
| kubectl apply set-last-applied --create-annotation -n onap -f - \
> $LOG_FILE.log 2>&1
SUBCHART_OVERRIDES=$CACHE_SUBCHART_DIR/$subchart/subchart-overrides.yaml
SUBCHART_ENABLED=0
- if [[ -f $SUBCHART_OVERRIDES ]]; then
+ if [ -f $SUBCHART_OVERRIDES ]; then
SUBCHART_ENABLED=$(cat $SUBCHART_OVERRIDES | grep -c "^enabled: true")
fi
- if [[ $SUBCHART_ENABLED -eq 1 ]]; then
- if [[ -z "$SUBCHART_RELEASE" || $SUBCHART_RELEASE = "$subchart" ]]; then
+ if [ $SUBCHART_ENABLED -eq 1 ]; then
+ if [ -z "$SUBCHART_RELEASE" ] || [ "$SUBCHART_RELEASE" = "$subchart" ]; then
LOG_FILE=$LOG_DIR/"${RELEASE}-${subchart}".log
:> $LOG_FILE
$DEPLOY_FLAGS -f $GLOBAL_OVERRIDES -f $SUBCHART_OVERRIDES \
> $LOG_FILE 2>&1
- if [[ $VERBOSE = "true" ]]; then
+ if [ "$VERBOSE" = "true" ]; then
cat $LOG_FILE
else
echo "release \"${RELEASE}-${subchart}\" deployed"
fi
# Add annotation last-applied-configuration if set-last-applied flag is set
- if [[ $SET_LAST_APPLIED = "true" ]]; then
+ if [ "$SET_LAST_APPLIED" = "true" ]; then
helm get manifest "${RELEASE}-${subchart}" \
| kubectl apply set-last-applied --create-annotation -n onap -f - \
> $LOG_FILE.log 2>&1
fi
fi
- if [[ $DELAY = "true" ]]; then
+ if [ "$DELAY" = "true" ]; then
echo sleep 3m
sleep 3m
fi
array=($(echo "$ALL_HELM_RELEASES" | grep "${RELEASE}-${subchart}"))
n=${#array[*]}
for i in $(seq $(($n-1)) -1 0); do
- if [[ $HELM_VER = "v3."* ]]; then
+ if expr "$HELM_VER" : "v3\..*" ; then
helm del "${array[i]}"
else
helm del "${array[i]}" --purge
done
# report on success/failures of installs/upgrades
- if [[ $HELM_VER = "v3."* ]]; then
+ if expr "$HELM_VER" : "v3\..*" ; then
helm ls --all-namespaces | grep -i FAILED | grep $RELEASE
else
helm ls | grep FAILED | grep $RELEASE
done
}
-if [[ $# < 1 ]]; then
+if [ $# < 1 ]; then
echo "Error: command 'undeploy' requires a release name"
exit 0
fi
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- - name: {{ include "common.name" . }}-onboard-readiness
- command:
- - /app/ready.py
- args:
- - -j
- - "{{ include "common.release" . }}-oof-has-onboard"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-
- name: {{ include "common.name" . }}-has-sms-readiness
command:
- sh
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.image.optf_has }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["/bin/bash","-c"]
+ command: ["/bin/sh","-c"]
args: ["/usr/local/bin/uwsgi -s /run/conductor/uwsgi.sock --chmod-socket=777 --wsgi-file /etc/nginx/conductor.wsgi --callable application --set port={{ .Values.uwsgi.internalPort }} --die-on-term --exit-on-reload --pidfile /run/conductor/conductor-uwsgi.pid --enable-threads --workers 6 --master --vacuum --single-interpreter --socket-timeout 10 --max-worker-lifetime 300 --max-requests 100 --no-defer-accept --protocol=uwsgi --socket 0.0.0.0:{{ .Values.uwsgi.internalPort }}"]
ports:
- containerPort: {{ .Values.uwsgi.internalPort }}
port: {{ .Values.uwsgi.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
+ env: {{ include "oof.etcd.env" . | nindent 10 }}
volumeMounts:
- mountPath: /etc/localtime
name: localtime
global: # global defaults
nodePortPrefix: 302
image:
- optf_has: onap/optf-has:2.1.5
+ optf_has: onap/optf-has:2.2.0
#################################################################
# secrets metaconfig
externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
type: generic
filePaths: '{{ .Values.secretsFilePaths }}'
+ - uid: oof-has-etcd-secret
+ name: &user-creds '{{ include "common.release" . }}-oof-has-etcd-secret'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.etcd.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.etcd.appUser }}'
+ password: '{{ .Values.config.etcd.appPassword }}'
+ passwordPolicy: required
+
+config:
+ etcd:
+ appUser: user
+ appPassword: pass
service:
type: NodePort
command:
- /app/ready.py
args:
- - --container-name
- - music-springboot
+ - --job-name
+ - {{ include "common.release" . }}-{{ .Values.config.etcd.configJobNameOverride }}-job
- --container-name
- aaf-sms
env:
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- - name: {{ include "common.name" . }}-onboard-readiness
- command:
- - /app/ready.py
- args:
- - -j
- - "{{ include "common.release" . }}-oof-has-onboard"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-
- name: {{ include "common.name" . }}-cont-sms-readiness
command:
- sh
- /usr/local/bin/healthy.sh
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
+ env: {{ include "oof.etcd.env" . | nindent 10 }}
volumeMounts:
- mountPath: /etc/localtime
name: localtime
global:
image:
- optf_has: onap/optf-has:2.1.5
+ optf_has: onap/optf-has:2.2.0
#################################################################
# Secrets metaconfig
externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
type: generic
filePaths: '{{ .Values.secretsFilePaths }}'
+ - uid: oof-has-etcd-secret
+ name: &user-creds '{{ include "common.release" . }}-oof-has-etcd-secret'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.etcd.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.etcd.appUser }}'
+ password: '{{ .Values.config.etcd.appPassword }}'
+ passwordPolicy: required
+
+config:
+ etcd:
+ appUser: user
+ appPassword: pass
ingress:
enabled: false
command:
- /app/ready.py
args:
- - --container-name
- - music-springboot
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-
- - name: {{ include "common.name" . }}-onboard-readiness
- command:
- - /app/ready.py
- args:
- - -j
- - "{{ include "common.release" . }}-oof-has-onboard"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-
- - name: {{ include "common.name" . }}-health-readiness
- command:
- - /app/ready.py
- args:
- - -j
- - "{{ include "common.release" . }}-oof-has-healthcheck"
+ - --job-name
+ - {{ include "common.release" . }}-{{ .Values.config.etcd.configJobNameOverride }}-job
env:
- name: NAMESPACE
valueFrom:
- /usr/local/bin/healthy.sh
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
+ env: {{ include "oof.etcd.env" . | nindent 10 }}
volumeMounts:
- mountPath: /etc/localtime
name: localtime
global:
image:
- optf_has: onap/optf-has:2.1.5
+ optf_has: onap/optf-has:2.2.0
#################################################################
# secrets metaconfig
externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
type: generic
filePaths: '{{ .Values.secretsFilePaths }}'
+ - uid: oof-has-etcd-secret
+ name: &user-creds '{{ include "common.release" . }}-oof-has-etcd-secret'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.etcd.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.etcd.appUser }}'
+ password: '{{ .Values.config.etcd.appPassword }}'
+ passwordPolicy: required
+
+config:
+ etcd:
+ appUser: user
+ appPassword: pass
ingress:
enabled: false
command:
- /app/ready.py
args:
- - --container-name
- - music-springboot
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-
- - name: {{ include "common.name" . }}-onboard-readiness
- command:
- - /app/ready.py
- args:
- - -j
- - "{{ include "common.release" . }}-oof-has-onboard"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-
- - name: {{ include "common.name" . }}-health-readiness
- command:
- - /app/ready.py
- args:
- - -j
- - "{{ include "common.release" . }}-oof-has-healthcheck"
+ - --job-name
+ - {{ include "common.release" . }}-{{ .Values.config.etcd.configJobNameOverride }}-job
env:
- name: NAMESPACE
valueFrom:
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
{{ end -}}
- env:
+ env: {{ include "oof.etcd.env" . | nindent 10 }}
volumeMounts:
- mountPath: /etc/localtime
name: localtime
global:
image:
- optf_has: onap/optf-has:2.1.5
+ optf_has: onap/optf-has:2.2.0
#################################################################
# secrets metaconfig
externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
type: generic
filePaths: '{{ .Values.secretsFilePaths }}'
+ - uid: oof-has-etcd-secret
+ name: &user-creds '{{ include "common.release" . }}-oof-has-etcd-secret'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.etcd.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.etcd.appUser }}'
+ password: '{{ .Values.config.etcd.appPassword }}'
+ passwordPolicy: required
+
+config:
+ etcd:
+ appUser: user
+ appPassword: pass
ingress:
enabled: false
command:
- /app/ready.py
args:
- - --container-name
- - music-springboot
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-
- - name: {{ include "common.name" . }}-onboard-readiness
- command:
- - /app/ready.py
- args:
- - -j
- - "{{ include "common.release" . }}-oof-has-onboard"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-
- - name: {{ include "common.name" . }}-health-readiness
- command:
- - /app/ready.py
- args:
- - -j
- - "{{ include "common.release" . }}-oof-has-healthcheck"
+ - --job-name
+ - {{ include "common.release" . }}-{{ .Values.config.etcd.configJobNameOverride }}-job
env:
- name: NAMESPACE
valueFrom:
- /usr/local/bin/healthy.sh
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
+ env: {{ include "oof.etcd.env" . | nindent 10 }}
volumeMounts:
- mountPath: /etc/localtime
name: localtime
global:
image:
- optf_has: onap/optf-has:2.1.5
+ optf_has: onap/optf-has:2.2.0
#################################################################
# secrets metaconfig
externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
type: generic
filePaths: '{{ .Values.secretsFilePaths }}'
+ - uid: oof-has-etcd-secret
+ name: &user-creds '{{ include "common.release" . }}-oof-has-etcd-secret'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.etcd.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.etcd.appUser }}'
+ password: '{{ .Values.config.etcd.appPassword }}'
+ passwordPolicy: required
+
+config:
+ etcd:
+ appUser: user
+ appPassword: pass
ingress:
enabled: false
- name: music
version: ~8.x-0
repository: '@local'
+ condition: music.enabled
+ - name: etcd
+ version: ~8.x-0
+ repository: '@local'
+ condition: etcd.enabled
+ - name: etcd-init
+ version: ~8.x-0
+ repository: '@local'
+ condition: etcd-init.enabled
- name: oof-has-api
version: ~8.x-0
repository: 'file://components/oof-has-api'
#server_url_version = v0
+[db_options]
+
+# db_backend to use
+db_backend = {{.Values.config.dbBackend}}
+
+# Use music mock api
+music_mock = False
+
+
+[etcd_api]
+
+# host/ip address of etcd server
+host = {{.Values.config.etcd.serviceName}}.{{ include "common.namespace" . }}
+
+# port of etcd server
+port = {{.Values.config.etcd.port}}
+
+# username for etcd authentication
+username =
+
+# password for etcd authentication
+password =
+
+
[music_api]
#
+++ /dev/null
-{
- "consistencyInfo": {
- "type": "eventual"
- },
- "values": {
- "id": "healthcheck",
- "created": 1479482603641,
- "message": "",
- "name": "foo",
- "recommend_max": 1,
- "solution": "{\"healthcheck\": \" healthcheck\"}",
- "status": "solved",
- "template": "{\"healthcheck\": \"healthcheck\"}",
- "timeout": 3600,
- "translation": "{\"healthcheck\": \" healthcheck\"}",
- "updated": 1484324150629
- }
-}
+++ /dev/null
-{
- "appname": "conductor",
- "userId": "conductor",
- "isAAF": "false",
- "password": "c0nduct0r"
-}
+++ /dev/null
-{{/*
-# Copyright 2018 Intel Corporation, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: batch/v1
-kind: Job
-metadata:
- name: {{ include "common.fullname" . }}-healthcheck
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- command:
- - /app/ready.py
- args:
- - --container-name
- - oof-has-api
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- containers:
- - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.image.optf_has }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-healthcheck
- command:
- - "/bin/sh"
- - "-c"
- - |
- echo "INSERT HEALTHCHECK PLAN";
- sleep 15;
- resp="FAILURE";
- until [ $resp = "200" ]; do
- resp=$(curl -k -s -o /dev/null --write-out %{http_code} -X POST https://{{.Values.config.music.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.music.port}}/MUSIC/rest/v2/keyspaces/conductor/tables/plans/rows?id=healthcheck \
- -H "Content-Type: application/json" \
- -H "ns: conductor" \
- -H "Authorization: Basic Y29uZHVjdG9yOmMwbmR1Y3Qwcg==" \
- --data @healthcheck.json);
- echo $resp;
- sleep 2;
- done;
- workingDir: /has
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /has/healthcheck.json
- name: {{ .Values.global.commonConfigPrefix }}-config
- subPath: healthcheck.json
- resources:
-{{ include "common.resources" . | indent 10 }}
- nodeSelector:
- {{- if .Values.nodeSelector }}
-{{ toYaml .Values.nodeSelector | indent 8 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 8 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ .Values.global.commonConfigPrefix }}-config
- configMap:
- name: {{ .Values.global.commonConfigPrefix }}-configmap
- items:
- - key: healthcheck.json
- path: healthcheck.json
- restartPolicy: OnFailure
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-{{/*
-# Copyright 2018 Intel Corporation, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: batch/v1
-kind: Job
-metadata:
- name: {{ include "common.fullname" . }}-onboard
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- command:
- - /app/ready.py
- args:
- - --container-name
- - "music-springboot"
- - --container-name
- - "music-cassandra"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- - command:
- - /app/ready.py
- args:
- - -j
- - "{{ include "common.release" . }}-music-cassandra-config"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-music-db-readiness
- containers:
- - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.image.optf_has }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-onboard
- command:
- - "/bin/sh"
- - "-c"
- - |
- echo "job-onboard"
- workingDir: /has
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /has/onboard.json
- name: {{ .Values.global.commonConfigPrefix }}-config
- subPath: onboard.json
- resources:
-{{ include "common.resources" . | indent 10 }}
- nodeSelector:
- {{- if .Values.nodeSelector }}
-{{ toYaml .Values.nodeSelector | indent 8 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 8 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ .Values.global.commonConfigPrefix }}-config
- configMap:
- name: {{ .Values.global.commonConfigPrefix }}-configmap
- items:
- - key: onboard.json
- path: onboard.json
- restartPolicy: OnFailure
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
global:
commonConfigPrefix: onap-oof-has
image:
- optf_has: onap/optf-has:2.1.5
+ optf_has: onap/optf-has:2.2.0
persistence:
enabled: true
externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
type: generic
filePaths: '{{ .Values.secretsFilePaths }}'
+ - uid: oof-has-etcd-root-password
+ name: &root-password '{{ include "common.release" . }}-has-etcd-root-password'
+ type: password
+ password: '{{ .Values.config.etcd.rootPassword }}'
+ policy: generate
+ - uid: oof-has-etcd-secret
+ name: &user-creds '{{ include "common.release" . }}-oof-has-etcd-secret'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.etcd.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.etcd.appUser }}'
+ password: '{{ .Values.config.etcd.appPassword }}'
+ passwordPolicy: generate
pullPolicy: Always
nodePortPrefix: 302
dataRootDir: /dockerdata-nfs
config:
+ dbBackend: etcd
aaf:
serviceName: aaf-service
port: 8100
cps:
service: cps-tbdmt
port: 8080
+ etcd:
+ serviceName: &etcd-service oof-has-etcd
+ port: 2379
+ appUser: conductor
+# rootPassword:
+# appPassword:
+# userCredentialsExternalSecret:
# Resource Limit flavor -By Default using small
flavor: small
# Segregation for Different environment (Small and Large)
unlimited: {}
#component overrides
-oof-has-api:
+oof-has-api: &has-config
enabled: true
certSecret: *oof-certs
-oof-has-controller:
- enabled: true
- certSecret: *oof-certs
-oof-has-data:
- enabled: true
- certSecret: *oof-certs
-oof-has-reservation:
- enabled: true
- certSecret: *oof-certs
-oof-has-solver:
+ config:
+ etcd:
+ userCredentialsExternalSecret: *user-creds
+ configJobNameOverride: &job-name oof-has-etcd-config
+oof-has-controller: *has-config
+oof-has-data: *has-config
+oof-has-reservation: *has-config
+oof-has-solver: *has-config
+music:
+ enabled: false
+
+#etcd subchart configurations
+etcd:
enabled: true
- certSecret: *oof-certs
+ replicaCount: 3
+ nameOverride: &etcd-container oof-has-etcd
+ service:
+ name: *etcd-service
+ persistence:
+ mountSubPath: oof/etcd/data
+ enabled: true
+ flavor: &etcd-flavor large
+ resources: &etcd-resources
+ small:
+ limits:
+ cpu: 100m
+ memory: 300Mi
+ requests:
+ cpu: 10m
+ memory: 75Mi
+ large:
+ limits:
+ cpu: 200m
+ memory: 1Gi
+ requests:
+ cpu: 50m
+ memory: 300Mi
+ unlimited: {}
+etcd-init:
+ enabled: true
+ nameOverride: *job-name
+ etcd:
+ serviceName: *etcd-service
+ port : 2379
+ containerName: *etcd-container
+ config:
+ userRootSecret: *root-password
+ userCredentialsExternalSecret: *user-creds
+ appRole: conductor
+ keyPrefix: conductor
+ flavor: *etcd-flavor
+ resources: *etcd-resources
--- /dev/null
+{{- define "oof.etcd.env" -}}
+- name: OS_ETCD_API__USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "oof-has-etcd-secret" "key" "login") | indent 2 }}
+- name: OS_ETCD_API__PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "oof-has-etcd-secret" "key" "password") | indent 2 }}
+{{- end -}}
\ No newline at end of file
SQL_DEST_DIR=${SQL_DEST_DIR:-/tmp/sql}
DB_PORT=${DB_PORT:-3306}
-[[ -z "$SQL_SRC_DIR" ]] && { echo "Error: SQL_SRC_DIR must be provided as an environment variable"; exit 1; }
-[[ -z "$DB_USER" ]] && { echo "Error: DB_USER must be provided as an environment variable"; exit 1; }
-[[ -z "$DB_PASS" ]] && { echo "Error: DB_PASS must be provided as an environment variable"; exit 1; }
-[[ -z "$DB_HOST" ]] && { echo "Error: DB_HOST must be provided as an environment variable"; exit 1; }
+[ -z "$SQL_SRC_DIR" ] && { echo "Error: SQL_SRC_DIR must be provided as an environment variable"; exit 1; }
+[ -z "$DB_USER" ] && { echo "Error: DB_USER must be provided as an environment variable"; exit 1; }
+[ -z "$DB_PASS" ] && { echo "Error: DB_PASS must be provided as an environment variable"; exit 1; }
+[ -z "$DB_HOST" ] && { echo "Error: DB_HOST must be provided as an environment variable"; exit 1; }
mkdir -p $SQL_DEST_DIR
# Check if execscript flag is used and drop it from input arguments
-if [[ "${!#}" = "execscript" ]]; then
+if [ "${!#}" = "execscript" ]; then
set -- "${@:1:$#-1}"
execscript=true
fi
ETEHOME=/var/opt/ONAP
-if [[ "${!#}" = "execscript" ]]; then
+if [ "${!#}" = "execscript" ]; then
for script in $(ls -1 "$DIR/$SCRIPTDIR"); do
[ -f "$DIR/$SCRIPTDIR/$script" ] && [ -x "$DIR/$SCRIPTDIR/$script" ] && source "$DIR/$SCRIPTDIR/$script"
done
ETEHOME=/var/opt/ONAP
-if [[ "${!#}" = "execscript" ]]; then
+if [ "${!#}" = "execscript" ]; then
for script in $(ls -1 "$DIR/$SCRIPTDIR"); do
[ -f "$DIR/$SCRIPTDIR/$script" ] && [ -x "$DIR/$SCRIPTDIR/$script" ] && source "$DIR/$SCRIPTDIR/$script"
done
mkdir "$DIR/$SCRIPTDIR/tmp"
cd "$DIR/$SCRIPTDIR/tmp"
-if [[ -f rootCA-robot-$SDCVALID.cert && -f package-robot-$SDCVALID.cert && -f package-robot-$SDCINVALID.cert && -f package-private-robot-$SDCVALID.key && -f package-private-robot-$SDCINVALID.key ]]; then
+if [ -f rootCA-robot-$SDCVALID.cert ] && [ -f package-robot-$SDCVALID.cert ] && [ -f package-robot-$SDCINVALID.cert ] && [ -f package-private-robot-$SDCVALID.key ] && [ -f package-private-robot-$SDCINVALID.key ]; then
echo "All files are present";
else
generate_ca_key_cert_and_package_cert_issued_by_CA $SDCVALID
livenessProbe:
httpGet:
path: /sdc2/rest/healthCheck
- port: {{ .Values.liveness.port }}
- scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
failureThreshold: {{ .Values.liveness.failureThreshold }}
{{ end }}
readinessProbe:
- exec:
- command:
- - "/var/lib/jetty/ready-probe.sh"
+ httpGet:
+ path: /sdc2/rest/healthCheck
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
failureThreshold: {{ .Values.readiness.failureThreshold }}
resources: {{ include "common.resources" . | nindent 12 }}
startupProbe:
- exec:
- command:
- - "/var/lib/jetty/ready-probe.sh"
+ httpGet:
+ path: /sdc2/rest/healthCheck
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.startup.initialDelaySeconds }}
periodSeconds: {{ .Values.startup.periodSeconds }}
timeoutSeconds: {{ .Values.startup.timeoutSeconds }}
fieldPath: status.podIP
volumeMounts:
- name: sdc-environments-output
- mountPath: /var/lib/jetty/chef-solo/environments/
+ mountPath: /app/jetty/chef-solo/environments/
- name: sdc-environments-output
- mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.p12
+ mountPath: /app/jetty/chef-solo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.p12
subPath: org.onap.sdc.p12
- name: sdc-environments-output
- mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.trust.jks
+ mountPath: /app/jetty/chef-solo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.trust.jks
subPath: org.onap.sdc.trust.jks
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
lifecycle:
postStart:
exec:
- command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/var/lib/jetty/config/catalog-be/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"]
+ command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/app/jetty/config/catalog-be/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"]
# side car containers
- name: {{ include "common.name" . }}-filebeat-onap
image: {{ include "repositoryGenerator.image.logging" . }}
- name: {{ include "common.fullname" . }}-environments
mountPath: /home/onap/chef-solo/environments/
- name: sdc-logs
- mountPath: /var/lib/jetty/logs
+ mountPath: /home/onap/logs
env:
- name: ENVNAME
value: {{ .Values.env.name }}
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdc-backend-all-plugins:1.8.5
-backendInitImage: onap/sdc-backend-init:1.8.5
+image: onap/sdc-backend-all-plugins:1.9.0
+backendInitImage: onap/sdc-backend-init:1.9.0
pullPolicy: Always
failureThreshold: 3
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
- port: api
enabled: true
readiness:
type: NodePort
name: sdc-be
both_tls_and_plain: true
+ internalPort: 8080
msb:
- port: 8443
url: "/sdc/v1"
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-cassandra:1.8.5
-cassandraInitImage: onap/sdc-cassandra-init:1.8.5
+image: onap/sdc-cassandra:1.9.0
+cassandraInitImage: onap/sdc-cassandra-init:1.9.0
pullPolicy: Always
config:
value: {{ .Values.config.javaOptions }}
volumeMounts:
- name: sdc-environments-output
- mountPath: /var/lib/jetty/chef-solo/environments/
+ mountPath: /app/jetty/chef-solo/environments/
- name: sdc-environments-output
- mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.p12
+ mountPath: /app/jetty/chef-solo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.p12
subPath: org.onap.sdc.p12
- name: sdc-environments-output
- mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.trust.jks
+ mountPath: /app/jetty/chef-solo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.trust.jks
subPath: org.onap.sdc.trust.jks
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
- name: {{ include "common.fullname" . }}-logs
mountPath: /var/log/onap
- name: {{ include "common.fullname" . }}-configs
- mountPath: /var/lib/jetty/config/catalog-fe/plugins-configuration.yaml
+ mountPath: /app/jetty/config/catalog-fe/plugins-configuration.yaml
subPath: plugins-configuration.yaml
- name: {{ include "common.fullname" . }}-logback
mountPath: /tmp/logback.xml
lifecycle:
postStart:
exec:
- command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/var/lib/jetty/config/catalog-fe/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"]
+ command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/app/jetty/config/catalog-fe/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"]
# side car containers
- name: {{ include "common.name" . }}-filebeat-onap
image: {{ include "repositoryGenerator.image.logging" . }}
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdc-frontend:1.8.5
+image: onap/sdc-frontend:1.9.0
pullPolicy: Always
config:
- containerPort: {{ .Values.service.internalPort2 }}
{{ if eq .Values.liveness.enabled true }}
livenessProbe:
- exec:
- command:
- - "/var/lib/jetty/ready-probe.sh"
+ httpGet:
+ path: /onboarding-api/v1.0/healthcheck
+ port: {{ .Values.service.internalPort2 }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
failureThreshold: {{ .Values.liveness.failureThreshold }}
{{ end }}
readinessProbe:
- exec:
- command:
- - "/var/lib/jetty/ready-probe.sh"
+ httpGet:
+ path: /onboarding-api/v1.0/healthcheck
+ port: {{ .Values.service.internalPort2 }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
successThreshold: {{ .Values.readiness.successThreshold }}
failureThreshold: {{ .Values.readiness.failureThreshold }}
startupProbe:
- exec:
- command:
- - "/var/lib/jetty/ready-probe.sh"
+ httpGet:
+ path: /onboarding-api/v1.0/healthcheck
+ port: {{ .Values.service.internalPort2 }}
initialDelaySeconds: {{ .Values.startup.initialDelaySeconds }}
periodSeconds: {{ .Values.startup.periodSeconds }}
timeoutSeconds: {{ .Values.startup.timeoutSeconds }}
value: {{ .Values.cert.certDir }}
volumeMounts:
- name: sdc-environments-output
- mountPath: /var/lib/jetty/chef-solo/environments/
+ mountPath: /app/jetty/chef-solo/environments/
- name: sdc-environments-output
- mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.p12
+ mountPath: /app/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.p12
subPath: org.onap.sdc.p12
- name: sdc-environments-output
- mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.trust.jks
+ mountPath: /app/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.trust.jks
subPath: org.onap.sdc.trust.jks
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
lifecycle:
postStart:
exec:
- command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/var/lib/jetty/config/onboarding-be/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"]
+ command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/app/jetty/config/onboarding-be/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"]
# side car containers
- name: {{ include "common.name" . }}-filebeat-onap
image: {{ include "repositoryGenerator.image.logging" . }}
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdc-onboard-backend:1.8.5
-onboardingInitImage: onap/sdc-onboard-cassandra-init:1.8.5
+image: onap/sdc-onboard-backend:1.9.0
+onboardingInitImage: onap/sdc-onboard-cassandra-init:1.9.0
pullPolicy: Always
# flag to enable debugging - application support required
##Certificate storage persistence
##This is temporary solution for SDC-1980
cert:
- certDir: /var/lib/jetty/cert
+ certDir: /app/jetty/cert
persistence:
enabled: true
size: 10Mi
- name: sdc-helm-validator
version: ~8.x-0
repository: 'file://components/sdc-helm-validator'
- condition: sdc-helm-validator.enabled
+ condition: sdcHelmValidator.enabled
"VnfRepo": {
"vnfRepoPort": "{{.Values.config.environment.vnfRepoPort}}",
"vnfRepoHost": "refrepo.{{include "common.namespace" .}}"
+ },
+ "HelmValidator": {
+ "validator_enabled": "{{.Values.sdcHelmValidator.enabled}}",
+ "helm_version": "{{.Values.sdcHelmValidator.helmVersion}}",
+ "deployable": "{{.Values.sdcHelmValidator.deployable}}",
+ "lintable": "{{.Values.sdcHelmValidator.lintable}}",
+ "strict_lintable": "{{.Values.sdcHelmValidator.strictLintable}}",
+ "validator_url": "{{.Values.sdcHelmValidator.url}}"
}
},
"override_attributes": {
# dependency / sub-chart configuration
sdc-wfd:
enabled: true
-sdc-helm-validator:
+sdcHelmValidator:
enabled: true
+ helmVersion: 3.5.2
+ deployable: true
+ lintable: false
+ strictLintable: false
+ url: http://sdc-helm-validator:8080/validate
Code Review / oom.git / commitdiff