casablanca 1.11.5 2.9.1 1.11.5 17.03.x
dublin 1.13.5 2.12.3 1.13.5 18.09.5
el alto 1.15.2 2.14.2 1.15.2 18.09.x
+ frankfurt 1.15.9 2.16.3 1.15.9 18.09.x
============== =========== ====== ======== ========
Minimum Hardware Configuration
To prepare your system for an installation of ONAP, you'll need to::
- > git clone -b casablanca http://gerrit.onap.org/r/oom
+ > git clone -b frankfurt http://gerrit.onap.org/r/oom
> cd oom/kubernetes
To deploy ONAP with this environment file, enter::
- > helm deploy local/onap -n casablanca -f environments/onap-production.yaml
+ > helm deploy local/onap -n onap -f environments/onap-production.yaml
.. include:: environments_onap_demo.yaml
:code: yaml
For example, to upgrade a container by changing configuration, specifically an
environment value::
- > helm deploy casablanca onap/so --version 2.0.1 --set enableDebug=true
+ > helm deploy onap onap/so --version 2.0.1 --set enableDebug=true
Issuing this command will result in the appropriate container being stopped by
Kubernetes and replaced with a new container with the new environment value.
To upgrade a component to a new version with a new configuration file enter::
- > helm deploy casablanca onap/so --version 2.0.2 -f environments/demo.yaml
+ > helm deploy onbap onap/so --version 2.0.2 -f environments/demo.yaml
To fetch release history enter::
what will happen with a given command prior to actually deleting anything. For
example::
- > helm undeploy casablanca --dry-run
+ > helm undeploy onap --dry-run
-will display the outcome of deleting the 'casablanca' release from the
+will display the outcome of deleting the 'onap' release from the
deployment.
To completely delete a release and remove it from the internal store enter::
- > helm undeploy casablanca --purge
+ > helm undeploy onap --purge
One can also remove individual components from a deployment by changing the
ONAP configuration values. For example, to remove `so` from a running
deployment enter::
- > helm undeploy casablanca-so --purge
+ > helm undeploy onap-so --purge
will remove `so` as the configuration indicates it's no longer part of the
deployment. This might be useful if a one wanted to replace just `so` by
# https://wiki.onap.org/display/DW/OOM+RKE+Kubernetes+Deployment
# source from https://jira.onap.org/browse/OOM-1598
#
-# master/dublin
+# master/dublin
# RKE 0.1.16 Kubernetes 1.11.6, kubectl 1.11.6, Helm 2.9.1, Docker 18.06
# 20190428 RKE 0.2.1, Kubernetes 1.13.5, kubectl 1.13.5, Helm 2.12.3, Docker 18.09.5
# single node install, HA pending
cat <<EOF
Usage: $0 [PARAMs]
example
-sudo ./rke_setup.sh -b dublin -s rke.onap.cloud -e onap -l amdocs -v true
+sudo ./rke_setup.sh -b master -s rke.onap.cloud -e onap -l amdocs -v true
-u : Display usage
-b [branch] : branch = master or dublin (required)
-s [server] : server = IP or DNS name (required)
KUBECTL_VERSION=1.13.5
HELM_VERSION=2.12.3
DOCKER_VERSION=18.09
-
+
# copy your private ssh key and cluster.yml file to the vm
# on your dev machine
#sudo cp ~/.ssh/onap_rsa .
- #sudo chmod 777 onap_rsa
+ #sudo chmod 777 onap_rsa
#scp onap_rsa ubuntu@192.168.241.132:~/
# on this vm
- #sudo chmod 400 onap_rsa
+ #sudo chmod 400 onap_rsa
#sudo cp onap_rsa ~/.ssh
- # make sure public key is insetup correctly in
+ # make sure public key is insetup correctly in
# sudo vi ~/.ssh/authorized_keys
echo "please supply your ssh key as provided by the -k keyname - it must be be chmod 400 and chown user:user in ~/.ssh/"
echo "specifically"
echo "address: $SERVER"
echo "user: $USERNAME"
- echo "ssh_key_path: $SSHPATH_PREFIX/$SSHKEY"
-
+ echo "ssh_key_path: $SSHPATH_PREFIX/$SSHKEY"
+
RKETOOLS=
HYPERCUBE=
POD_INFRA_CONTAINER=
# * Licensed under the Apache License, Version 2.0 (the "License");
# * you may not use this file except in compliance with the License.
# * You may obtain a copy of the License at
-# *
+# *
# * http://www.apache.org/licenses/LICENSE-2.0
-# *
+# *
# * Unless required by applicable law or agreed to in writing, software
# * distributed under the License is distributed on an "AS IS" BASIS,
# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# Database access
org.onap.dmaap.datarouter.db.driver = org.mariadb.jdbc.Driver
-org.onap.dmaap.datarouter.db.url = jdbc:mariadb://{{.Values.config.dmaapDrDb.mariadbServiceName}}:{{.Values.config.dmaapDrDb.mariadbServicePort}}/datarouter
-org.onap.dmaap.datarouter.db.login = datarouter
-org.onap.dmaap.datarouter.db.password = datarouter
+org.onap.dmaap.datarouter.db.url = jdbc:mariadb://{{.Values.config.dmaapDrDb.mariadbServiceName}}:{{.Values.config.dmaapDrDb.mariadbServicePort}}/{{.Values.mariadb.config.mysqlDatabase}}
+org.onap.dmaap.datarouter.db.login = ${DB_USERNAME}
+org.onap.dmaap.datarouter.db.password = ${DB_PASSWORD}
# PROV - DEFAULT ENABLED TLS PROTOCOLS
org.onap.dmaap.datarouter.provserver.https.include.protocols = TLSv1.1|TLSv1.2
org.onap.dmaap.datarouter.provserver.aaf.instance = legacy
org.onap.dmaap.datarouter.provserver.aaf.action.publish = publish
org.onap.dmaap.datarouter.provserver.aaf.action.subscribe = subscribe
-
port: {{ .Values.config.dmaapDrProv.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ - name: DB_USERNAME
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "dmaap-dr-db-user-secret" "key" "login") | indent 12 }}
+ - name: DB_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "dmaap-dr-db-user-secret" "key" "password") | indent 12 }}
volumeMounts:
{{- if .Values.global.aafEnabled }}
- mountPath: {{ .Values.persistence.aafCredsPath }}
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secret" . }}
nodePortPrefix: 302
loggingDirectory: /opt/app/datartr/logs
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: dmaap-dr-db-user-secret
+ name: '{{ include "common.release" . }}-dmaap-dr-db-user-secret'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.dmaapDrDb.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.dmaapDrDb.userName }}'
+ password: '{{ .Values.config.dmaapDrDb.userPassword }}'
+
#################################################################
# Application configuration defaults.
#################################################################
mariadbServiceName: dmaap-dr-db-svc
mariadbServicePort: 3306
mariadbContName: dmaap-dr-db
+ userName: datarouter
+# userPassword: password
+# userCredentialsExternalSecret: some secret
# mariadb-galera configuration
mariadb:
nameOverride: dmaap-dr-db
replicaCount: 2
config:
- mariadbRootPassword: datarouter
- userName: datarouter
- userPassword: datarouter
+ userCredentialsExternalSecret: '{{ include "common.release" . }}-dmaap-dr-db-user-secret'
mysqlDatabase: datarouter
service:
name: dmaap-dr-db-svc
requests:
cpu: 1000m
memory: 2Gi
- unlimited: {}
\ No newline at end of file
+ unlimited: {}
passwordPolicy: required
- uid: odl-creds
type: basicAuth
- externalSecret: '{{ .Values.config.odlCredsExternalSecret }}'
+ externalSecret: '{{ tpl (default "" .Values.config.odlCredsExternalSecret) . }}'
login: '{{ .Values.config.odlUser }}'
password: '{{ .Values.config.odlPassword }}'
passwordPolicy: required
passwordPolicy: required
- uid: rest-creds
type: basicAuth
- externalSecret: '{{ .Values.config.restCredsExternalSecret }}'
+ externalSecret: '{{ tpl (default "" .Values.config.restCredsExternalSecret) . }}'
login: '{{ .Values.config.restUser }}'
password: '{{ .Values.config.restPassword }}'
passwordPolicy: required
},
"svclogicPropertiesDb01": "{{.Values.config.configDir}}/svclogic.properties.sdnctldb01",
"databases": [
- "{{.Values.config.mariadbGalera.serviceName}}.{{.Release.Namespace}}|sdnc-sdnctldb01.{{.Release.Namespace}}"
+ "{{include "common.mariadbService" $}}|sdnc-sdnctldb01.{{.Release.Namespace}}"
],
"dbFabricServer": "localhost",
"dbFabricPort": "32275",
"dbFabricGroupId": "hagroup1",
- "dbFabricUser": "admin",
- "dbFabricPassword": "admin",
- "dbFabricDB": "mysql",
- "dbUser": "sdnctl",
- "dbPassword": "{{.Values.config.dbSdnctlPassword}}",
- "dbName": "sdnctl",
+ "dbFabricUser": "${DB_FABRIC_USER}",
+ "dbFabricPassword": "${DB_FABRIC_PASSWORD",
+ "dbFabricDB": "{{.Values.config.dbFabricDB}}",
+ "dbUser": "${SDNC_DB_USER}",
+ "dbPassword": "${SDNC_DB_PASSWORD}",
+ "dbName": "{{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}",
"odlProtocol": "http",
"odlHost": "sdnc.{{.Release.Namespace}}",
"odlConexusHost": "sdnc.{{.Release.Namespace}}",
"odlPort": "8181",
"odlConexusPort": "8181",
- "odlUser": "admin",
- "odlPasswd": "{{.Values.config.odlPassword}}",
+ "odlUser": "${ODL_USER}",
+ "odlPasswd": "${ODL_PASSWORD}",
"ConexusNetwork_sslCert": "{{.Values.config.storesDir}}/org.onap.sdnc.p12",
- "ConexusNetwork_sslKey": "{{.Values.config.keystorePwd}}",
+ "ConexusNetwork_sslKey": "${KEYSTORE_PASSWORD}",
"AppNetwork_sslCert": "",
"AppNetwork_sslKey": "",
"hostnameList": [
###
# ============LICENSE_START=======================================================
-# Copyright (C) 2018 ONAP Intellectual Property. All rights
-# reserved.
+# Copyright (C) 2018 ONAP Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
###
org.onap.ccsdk.sli.dbtype=jdbc
org.onap.ccsdk.sli.jdbc.hosts=sdnctldb01
-org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.mariadbGalera.serviceName}}.{{.Release.Namespace}}:{{.Values.config.mariadbGalera.internalPort}}/sdnctl
+org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{include "common.mariadbService" $}}:{{include "common.mariadbPort" $}}/{{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
org.onap.ccsdk.sli.jdbc.driver=org.mariadb.jdbc.Driver
-org.onap.ccsdk.sli.jdbc.database=sdnctl
-org.onap.ccsdk.sli.jdbc.user=sdnctl
-org.onap.ccsdk.sli.jdbc.password={{.Values.config.dbSdnctlPassword}}
+org.onap.ccsdk.sli.jdbc.database={{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
+org.onap.ccsdk.sli.jdbc.user=${SDNC_DB_USER}
+org.onap.ccsdk.sli.jdbc.password=${SDNC_DB_PASSWORD}
org.onap.ccsdk.sli.jdbc.connection.name=sdnctldb01
org.onap.ccsdk.sli.jdbc.connection.timeout=50
org.onap.ccsdk.sli.jdbc.request.timeout=100
org.openecomp.sdnctl.sli.dbtype = jdbc
-org.openecomp.sdnctl.sli.jdbc.url = jdbc:mysql://sdnc-sdnctldb01:3306/sdnctl
-org.openecomp.sdnctl.sli.jdbc.database = sdnctl
-org.openecomp.sdnctl.sli.jdbc.user = sdnctl
-org.openecomp.sdnctl.sli.jdbc.password = {{.Values.config.dbSdnctlPassword}}
\ No newline at end of file
+org.openecomp.sdnctl.sli.jdbc.url = jdbc:mysql://sdnc-sdnctldb01:3306/{{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
+org.openecomp.sdnctl.sli.jdbc.database = {{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
+org.openecomp.sdnctl.sli.jdbc.user = ${SDNC_DB_USER}
+org.openecomp.sdnctl.sli.jdbc.password = ${SDNC_DB_PASSWORD}
org.openecomp.sdnctl.sli.dbtype = jdbc
-org.openecomp.sdnctl.sli.jdbc.url = jdbc:mysql://sdnc-sdnctldb02:3306/sdnctl
-org.openecomp.sdnctl.sli.jdbc.database = sdnctl
-org.openecomp.sdnctl.sli.jdbc.user = sdnctl
-org.openecomp.sdnctl.sli.jdbc.password = {{.Values.config.dbSdnctlPassword}}
\ No newline at end of file
+org.openecomp.sdnctl.sli.jdbc.url = jdbc:mysql://sdnc-sdnctldb02:3306/{{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
+org.openecomp.sdnctl.sli.jdbc.database = {{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
+org.openecomp.sdnctl.sli.jdbc.user = ${SDNC_DB_USER}
+org.openecomp.sdnctl.sli.jdbc.password = ${SDNC_DB_PASSWORD}
release: {{ include "common.release" . }}
spec:
initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: SDNC_DB_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ - name: SDNC_DB_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ - name: DB_FABRIC_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "fabric-db-creds" "key" "login") | indent 10 }}
+ - name: DB_FABRIC_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "fabric-db-creds" "key" "password") | indent 10 }}
+ - name: ODL_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "login") | indent 10 }}
+ - name: ODL_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "password") | indent 10 }}
+ - name: KEYSTORE_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "keystore-password" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: config-input
+ - mountPath: /config
+ name: properties
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+
- command:
- /root/ready.py
args:
- --container-name
- - {{ .Values.config.mariadbGalera.chartName }}
+ - {{ include "common.mariadbService" . }}
- --container-name
- {{ .Values.config.sdncChartName }}
env:
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- name: MYSQL_ROOT_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}
- key: db-root-password
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-password" "key" "password") | indent 14 }}
- name: SDNC_CONFIG_DIR
value: "{{ .Values.config.configDir }}"
volumeMounts:
- name: localtime
hostPath:
path: /etc/localtime
- - name: properties
+ - name: config-input
configMap:
name: {{ include "common.fullname" . }}
defaultMode: 0644
+ - name: properties
+ emptyDir:
+ medium: Memory
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
- db-root-password: {{ .Values.config.dbRootPassword | b64enc | quote }}
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secret" . }}
readinessImage: readiness-check:2.0.2
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ # envsusbt
+ envsubstImage: dibi/envsubst
+
+ mariadbGalera:
+ #This flag allows SO to instantiate its own mariadb-galera cluster
+ #If shared instance is used, this chart assumes that DB already exists
+ localCluster: false
+ service: mariadb-galera
+ internalPort: 3306
+ nameOverride: mariadb-galera
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-root-password
+ type: password
+ externalSecret: '{{ .Values.global.mariadbGalera.localCluster | ternary (default (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (index .Values "mariadb-galera" "nameOverride"))) (index .Values "mariadb-galera" "config" "mariadbRootPasswordExternalSecret")) (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) }}'
+ password: '{{ (index .Values "mariadb-galera" "config" "mariadbRootPassword" }}'
+ passwordPolicy: required
+ - uid: db-secret
+ name: &dbSecretName '{{ include "common.release" . }}-sdnc-portal-db-secret'
+ type: basicAuth
+ # This is a nasty trick that allows you override this secret using external one
+ # with the same field that is used to pass this to subchart
+ externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "sdnc-portal-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}'
+ login: '{{ index .Values "mariadb-galera" "config" "userName" }}'
+ password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}'
+ passwordPolicy: required
+ - uid: odl-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.odlCredsExternalSecret) . }}'
+ login: '{{ .Values.config.odlUser }}'
+ password: '{{ .Values.config.odlPassword }}'
+ passwordPolicy: required
+ - uid: fabric-db-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.odlCredsExternalSecret) . }}'
+ login: '{{ .Values.config.dbFabricUser }}'
+ password: '{{ .Values.config.dbFabricPassword }}'
+ passwordPolicy: required
+ - uid: keystore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.config.KeyStorePwdExternalSecret) . }}'
+ password: '{{ .Values.config.keystorePwd }}'
+ passwordPolicy: required
#################################################################
# Application configuration defaults.
repository: nexus3.onap.org:10001
image: onap/admportal-sdnc-image:1.7.6
config:
- dbRootPassword: secretpassword
- dbSdnctlPassword: gamma
+ dbFabricDB: mysql
+ dbFabricUser: admin
+ dbFabricPassword: admin
+ # dbFabricDBCredsExternalSecret: some secret
sdncChartName: sdnc
configDir: /opt/onap/sdnc/data/properties
storesDir: /opt/onap/sdnc/data/stores
+ odlUser: admin
odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+ # odlCredsExternalSecret: some secret
keystorePwd: ff^G9D]yf&r}Ktum@BJ0YB?N
- mariadbGalera:
- chartName: mariadb-galera
- serviceName: mariadb-galera
+ # keystorePwdExternalSecret: some secret
+
+mariadb-galera:
+ config:
+ userCredentialsExternalSecret: *dbSecretName
+ userName: sdnctl
+ userPassword: gamma
+ mysqlDatabase: sdnctl
+ nameOverride: sdnc-portal-galera
+ service:
+ name: sdnc-portal-galera
+ portName: sdnc-portal-galera
internalPort: 3306
+ replicaCount: 1
+ persistence:
+ enabled: true
+ mountSubPath: sdnc-portal/maria/data
# default number of instances
replicaCount: 0
passwordPolicy: required
- uid: odl-creds
type: basicAuth
- externalSecret: '{{ .Values.config.odlCredsExternalSecret }}'
+ externalSecret: '{{ tpl (default "" .Values.config.odlCredsExternalSecret) . }}'
login: '{{ .Values.config.odlUser }}'
password: '{{ .Values.config.odlPassword }}'
passwordPolicy: required
- uid: ueb-creds
type: basicAuth
- externalSecret: '{{ .Values.config.odlCredsExternalSecret }}'
+ externalSecret: '{{ tpl (default "" .Values.config.odlCredsExternalSecret) . }}'
login: '{{ .Values.config.uebUser }}'
password: '{{ .Values.config.uebPassword }}'
passwordPolicy: required
Code Review / oom.git / commitdiff