[SDNC] Use common secret template in sdnc

author Krzysztof Opasiak <k.opasiak@samsung.com>

Tue, 25 Feb 2020 22:31:20 +0000 (23:31 +0100)

committer Krzysztof Opasiak <k.opasiak@samsung.com>

Wed, 4 Mar 2020 20:00:24 +0000 (21:00 +0100)
author Krzysztof Opasiak <k.opasiak@samsung.com>
Tue, 25 Feb 2020 22:31:20 +0000 (23:31 +0100)
committer Krzysztof Opasiak <k.opasiak@samsung.com>
Wed, 4 Mar 2020 20:00:24 +0000 (21:00 +0100)
diff --git a/kubernetes/sdnc/charts/ueb-listener/values.yaml b/kubernetes/sdnc/charts/ueb-listener/values.yaml

index 9b7dcb0..254d76a 100644 (file)
--- a/kubernetes/sdnc/charts/ueb-listener/values.yaml
+++ b/kubernetes/sdnc/charts/ueb-listener/values.yaml
@@ -52,7 +52,7 @@ secrets:
      passwordPolicy: required
    - uid: ueb-creds
      type: basicAuth
-    externalSecret: '{{ tpl (default "" .Values.config.odlCredsExternalSecret) . }}'
+    externalSecret: '{{ tpl (default "" .Values.config.uebCredsExternalSecret) . }}'
      login: '{{ .Values.config.uebUser }}'
      password: '{{ .Values.config.uebPassword }}'
      passwordPolicy: required
diff --git a/kubernetes/sdnc/requirements.yaml b/kubernetes/sdnc/requirements.yaml

index c3b757a..58db6ad 100644 (file)
--- a/kubernetes/sdnc/requirements.yaml
+++ b/kubernetes/sdnc/requirements.yaml
@@ -29,5 +29,4 @@ dependencies:
    - name: mariadb-galera
      version: ~5.x-0
      repository: '@local'
-    condition: config.localDBCluster
-
+    condition: .global.mariadbGalera.localCluster
diff --git a/kubernetes/sdnc/resources/config/bin/installSdncDb.sh b/kubernetes/sdnc/resources/config/bin/installSdncDb.sh

old mode 100644 (file)

new mode 100755 (executable)

index 455cb83..754ff2c
--- a/kubernetes/sdnc/resources/config/bin/installSdncDb.sh
+++ b/kubernetes/sdnc/resources/config/bin/installSdncDb.sh
@@ -25,11 +25,11 @@ SDNC_HOME=${SDNC_HOME:-/opt/onap/sdnc}
  ETC_DIR=${ETC_DIR:-${SDNC_HOME}/data}
  BIN_DIR=${BIN_DIR-${SDNC_HOME}/bin}
  MYSQL_HOST=${MYSQL_HOST:-dbhost}
-MYSQL_PASSWORD=${MYSQL_PASSWORD:-openECOMP1.0}
+MYSQL_PASSWORD=${MYSQL_ROOT_PASSWORD}
  
-SDNC_DB_USER=${SDNC_DB_USER:-sdnctl}
-SDNC_DB_PASSWORD=${SDNC_DB_PASSWORD:-gamma}
-SDNC_DB_DATABASE=${SDN_DB_DATABASE:-sdnctl}
+SDNC_DB_USER=${SDNC_DB_USER}
+SDNC_DB_PASSWORD=${SDNC_DB_PASSWORD}
+SDNC_DB_DATABASE=${SDNC_DB_DATABASE}
  
  
  # Create tablespace and user account
@@ -46,12 +46,12 @@ END
  # load schema
  if [ -f ${ETC_DIR}/sdnctl.dump ]
  then
-  mysql -h ${MYSQL_HOST} -u root -p${MYSQL_PASSWORD} sdnctl < ${ETC_DIR}/sdnctl.dump
+  mysql -h ${MYSQL_HOST} -u root -p${MYSQL_PASSWORD} ${SDNC_DB_DATABASE} < ${ETC_DIR}/sdnctl.dump
  fi
  
  for datafile in ${ETC_DIR}/*.data.dump
  do
-  mysql -h ${MYSQL_HOST} -u root -p${MYSQL_PASSWORD} sdnctl < $datafile
+  mysql -h ${MYSQL_HOST} -u root -p${MYSQL_PASSWORD} ${SDNC_DB_DATABASE} < $datafile
  done
  
  # Create VNIs 100-199
diff --git a/kubernetes/sdnc/resources/config/bin/startODL.sh b/kubernetes/sdnc/resources/config/bin/startODL.sh

index 5f5f811..af5c362 100755 (executable)
--- a/kubernetes/sdnc/resources/config/bin/startODL.sh
+++ b/kubernetes/sdnc/resources/config/bin/startODL.sh
@@ -65,7 +65,7 @@ function enable_odl_cluster(){
    addToFeatureBoot odl-jolokia
    #${ODL_HOME}/bin/client feature:install odl-mdsal-clustering
    #${ODL_HOME}/bin/client feature:install odl-jolokia
-  
+
  
    echo "Update cluster information statically"
    hm=$(hostname)
@@ -113,8 +113,8 @@ function enable_odl_cluster(){
  # Install SDN-C platform components if not already installed and start container
  
  ODL_HOME=${ODL_HOME:-/opt/opendaylight/current}
-ODL_ADMIN_USERNAME=${ODL_ADMIN_USERNAME:-admin}
-ODL_ADMIN_PASSWORD=${ODL_ADMIN_PASSWORD:-Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U}
+ODL_ADMIN_USERNAME=${ODL_ADMIN_USERNAME}
+ODL_ADMIN_PASSWORD=${ODL_ADMIN_PASSWORD}
  SDNC_HOME=${SDNC_HOME:-/opt/onap/sdnc}
  SDNC_BIN=${SDNC_BIN:-/opt/onap/sdnc/bin}
  CCSDK_HOME=${CCSDK_HOME:-/opt/onap/ccsdk}
@@ -166,4 +166,3 @@ nohup python ${SDNC_BIN}/installCerts.py &
  
  
  exec ${ODL_HOME}/bin/karaf server
-
diff --git a/kubernetes/sdnc/resources/config/conf/aaiclient.properties b/kubernetes/sdnc/resources/config/conf/aaiclient.properties

index 035942b..5d4473c 100755 (executable)
--- a/kubernetes/sdnc/resources/config/conf/aaiclient.properties
+++ b/kubernetes/sdnc/resources/config/conf/aaiclient.properties
@@ -2,8 +2,7 @@
  # ============LICENSE_START=======================================================
  # openECOMP : SDN-C
  # ================================================================================
-# Copyright (C) 2018 ONAP Intellectual Property. All rights
-#                                              reserved.
+# Copyright (C) 2018 ONAP Intellectual Property. All rights reserved.
  # ================================================================================
  # Licensed under the Apache License, Version 2.0 (the "License");
  # you may not use this file except in compliance with the License.
@@ -30,8 +29,8 @@ org.onap.ccsdk.sli.adaptors.aai.ssl.trust=/opt/onap/sdnc/data/stores/truststoreO
  org.onap.ccsdk.sli.adaptors.aai.ssl.trust.psswd=changeit
  org.onap.ccsdk.sli.adaptors.aai.host.certificate.ignore=true
  
-org.onap.ccsdk.sli.adaptors.aai.client.name=sdnc@sdnc.onap.org
-org.onap.ccsdk.sli.adaptors.aai.client.psswd=demo123456!
+org.onap.ccsdk.sli.adaptors.aai.client.name=${AAI_CLIENT_NAME}
+org.onap.ccsdk.sli.adaptors.aai.client.psswd=${AAI_CLIENT_PASSWORD}
  
  org.onap.ccsdk.sli.adaptors.aai.application=openECOMP
  #
diff --git a/kubernetes/sdnc/resources/config/conf/blueprints-processor-adaptor.properties b/kubernetes/sdnc/resources/config/conf/blueprints-processor-adaptor.properties

index 3a6b5a0..224e84b 100644 (file)
--- a/kubernetes/sdnc/resources/config/conf/blueprints-processor-adaptor.properties
+++ b/kubernetes/sdnc/resources/config/conf/blueprints-processor-adaptor.properties
@@ -24,12 +24,12 @@ org.onap.ccsdk.features.blueprints.adaptors.envtype=solo
  org.onap.ccsdk.features.blueprints.adaptors.modelservice.type=generic
  org.onap.ccsdk.features.blueprints.adaptors.modelservice.enable=true
  org.onap.ccsdk.features.blueprints.adaptors.modelservice.url=http://controller-blueprints:8080/api/v1/
-org.onap.ccsdk.features.blueprints.adaptors.modelservice.user=ccsdkapps
-org.onap.ccsdk.features.blueprints.adaptors.modelservice.passwd=ccsdkapps
+org.onap.ccsdk.features.blueprints.adaptors.modelservice.user=${MODELSERVICE_USER}
+org.onap.ccsdk.features.blueprints.adaptors.modelservice.passwd=${MODELSERVICE_PASSWORD}
  
  # Generic RESTCONF Adaptor
  org.onap.ccsdk.features.blueprints.adaptors.restconf.type=generic
  org.onap.ccsdk.features.blueprints.adaptors.restconf.enable=true
-org.onap.ccsdk.features.blueprints.adaptors.restconf.user=admin
-org.onap.ccsdk.features.blueprints.adaptors.restconf.passwd={{ .Values.config.odlPassword}}
+org.onap.ccsdk.features.blueprints.adaptors.restconf.user=${RESTCONF_USER}
+org.onap.ccsdk.features.blueprints.adaptors.restconf.passwd=${RESTCONF_PASSWORD}
  org.onap.ccsdk.features.blueprints.adaptors.restconf.url=http://sdnc:8282/restconf/
diff --git a/kubernetes/sdnc/resources/config/conf/dblib.properties b/kubernetes/sdnc/resources/config/conf/dblib.properties

index 1849053..1fb6fb8 100644 (file)
--- a/kubernetes/sdnc/resources/config/conf/dblib.properties
+++ b/kubernetes/sdnc/resources/config/conf/dblib.properties
@@ -1,7 +1,6 @@
  ###
  # ============LICENSE_START=======================================================
-# Copyright (C) 2018 AT&T Intellectual Property. All rights
-#                                              reserved.
+# Copyright (C) 2018 AT&T Intellectual Property. All rights reserved.
  # ================================================================================
  # Licensed under the Apache License, Version 2.0 (the "License");
  # you may not use this file except in compliance with the License.
@@ -18,11 +17,11 @@
  ###
  org.onap.ccsdk.sli.dbtype=jdbc
  org.onap.ccsdk.sli.jdbc.hosts=sdnctldb01
-org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.mariadbGalera.serviceName}}.{{.Release.Namespace}}:{{.Values.config.mariadbGalera.internalPort}}/sdnctl
+org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{include "common.mariadbService" $}}:{{include "common.mariadbPort" $}}/{{$.Values.config.dbSdnctlDatabase}}
  org.onap.ccsdk.sli.jdbc.driver=org.mariadb.jdbc.Driver
-org.onap.ccsdk.sli.jdbc.database=sdnctl
-org.onap.ccsdk.sli.jdbc.user=sdnctl
-org.onap.ccsdk.sli.jdbc.password={{.Values.config.dbSdnctlPassword}}
+org.onap.ccsdk.sli.jdbc.database={{$.Values.config.dbSdnctlDatabase}}
+org.onap.ccsdk.sli.jdbc.user=${SDNC_DB_USER}
+org.onap.ccsdk.sli.jdbc.password=${SDNC_DB_PASSWORD}
  org.onap.ccsdk.sli.jdbc.connection.name=sdnctldb01
  org.onap.ccsdk.sli.jdbc.connection.timeout=50
  org.onap.ccsdk.sli.jdbc.request.timeout=100
diff --git a/kubernetes/sdnc/resources/config/conf/lcm-dg.properties b/kubernetes/sdnc/resources/config/conf/lcm-dg.properties

index f91c62c..44ee0b9 100644 (file)
--- a/kubernetes/sdnc/resources/config/conf/lcm-dg.properties
+++ b/kubernetes/sdnc/resources/config/conf/lcm-dg.properties
@@ -1,7 +1,7 @@
  #ANSIBLE
  ansible.agenturl=http://{{.Values.config.ansibleServiceName}}:{{.Values.config.ansiblePort}}/Dispatch
-ansible.user=sdnc
-ansible.password=sdnc
+ansible.user=${ANSIBLE_USER}
+ansible.password=${ANSIBLE_PASSWORD}
  ansible.lcm.localparameters=
  ansible.nodelist=
  ansible.timeout=60
@@ -23,10 +23,10 @@ restapi.templateDir=/opt/onap/sdnc/restapi/templates
  lcm.restconf.configscaleout.templatefile=lcm-restconf-configscaleout.json
  lcm.restconf.configscaleout.urlpath=/restconf/config/vlb-business-vnf-onap-plugin:vlb-business-vnf-onap-plugin/vdns-instances/vdns-instance/
  lcm.restconf.configscaleout.geturlpath=/restconf/operational/health-vnf-onap-plugin:health-vnf-onap-plugin-state/health-check
-lcm.restconf.configscaleout.user=admin
-lcm.restconf.configscaleout.password=admin
-lcm.restconf.user=admin
-lcm.restconf.password=admin
+lcm.restconf.configscaleout.user=${SCALEOUT_USER}
+lcm.restconf.configscaleout.password=${SCALEOUT_PASSWORD}
+lcm.restconf.user=${RESTCONF_USER}
+lcm.restconf.password=${RESTCONF_PASSWORD}
  lcm.restconf.port=8183
  
  #DMAAP
diff --git a/kubernetes/sdnc/resources/config/conf/netbox.properties b/kubernetes/sdnc/resources/config/conf/netbox.properties

index 9cd3880..a768041 100755 (executable)
--- a/kubernetes/sdnc/resources/config/conf/netbox.properties
+++ b/kubernetes/sdnc/resources/config/conf/netbox.properties
@@ -16,4 +16,4 @@
  
  # Configuration file for Netbox client
  org.onap.ccsdk.sli.adaptors.netbox.url=http://netbox-app.{{.Release.Namespace}}:8001
-org.onap.ccsdk.sli.adaptors.netbox.apikey=onceuponatimeiplayedwithnetbox20180814
-\ No newline at end of file
+org.onap.ccsdk.sli.adaptors.netbox.apikey=${NETBOX_API_KEY}
+\ No newline at end of file
diff --git a/kubernetes/sdnc/resources/config/conf/svclogic.properties b/kubernetes/sdnc/resources/config/conf/svclogic.properties

index 55ef8e7..adbba66 100644 (file)
--- a/kubernetes/sdnc/resources/config/conf/svclogic.properties
+++ b/kubernetes/sdnc/resources/config/conf/svclogic.properties
@@ -2,8 +2,7 @@
  # ============LICENSE_START=======================================================
  # openECOMP : SDN-C
  # ================================================================================
-# Copyright (C) 2017 AT&T Intellectual Property. All rights
-#                                                       reserved.
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
  # ================================================================================
  # Licensed under the Apache License, Version 2.0 (the "License");
  # you may not use this file except in compliance with the License.
@@ -20,8 +19,7 @@
  ###
  
  org.onap.ccsdk.sli.dbtype = jdbc
-org.onap.ccsdk.sli.jdbc.url = jdbc:mysql://{{.Values.config.mariadbGalera.serviceName}}.{{.Release.Namespace}}:{{.Values.config.mariadbGalera.internalPort}}/sdnctl
-org.onap.ccsdk.sli.jdbc.database = sdnctl
-org.onap.ccsdk.sli.jdbc.user = sdnctl
-org.onap.ccsdk.sli.jdbc.password = {{.Values.config.dbSdnctlPassword}}
-
+org.onap.ccsdk.sli.jdbc.url = jdbc:mysql://{{include "common.mariadbService" $}}:{{include "common.mariadbPort" $}}/{{$.Values.config.dbSdnctlDatabase}}
+org.onap.ccsdk.sli.jdbc.database = {{$.Values.config.dbSdnctlDatabase}}
+org.onap.ccsdk.sli.jdbc.user = ${SDNC_DB_USER}
+org.onap.ccsdk.sli.jdbc.password = ${SDNC_DB_PASSWORD}
diff --git a/kubernetes/sdnc/templates/job.yaml b/kubernetes/sdnc/templates/job.yaml

index dc77006..0cd0eae 100755 (executable)
--- a/kubernetes/sdnc/templates/job.yaml
+++ b/kubernetes/sdnc/templates/job.yaml
@@ -36,12 +36,53 @@ spec:
        name: {{ include "common.name" . }}
      spec:
        initContainers:
+      - command:
+        - sh
+        args:
+        - -c
+        - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
+        env:
+        - name: AAI_CLIENT_NAME
+          {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aai-user-creds" "key" "login") | indent 10 }}
+        - name: AAI_CLIENT_PASSWORD
+          {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aai-user-creds" "key" "password") | indent 10 }}
+        - name: MODELSERVICE_USER
+          {{- include "common.secret.envFromSecret" (dict "global" . "uid" "modeling-user-creds" "key" "login") | indent 10 }}
+        - name: MODELSERVICE_PASSWORD
+          {{- include "common.secret.envFromSecret" (dict "global" . "uid" "modeling-user-creds" "key" "password") | indent 10 }}
+        - name: RESTCONF_USER
+          {{- include "common.secret.envFromSecret" (dict "global" . "uid" "restconf-creds" "key" "login") | indent 10 }}
+        - name: RESTCONF_PASSWORD
+          {{- include "common.secret.envFromSecret" (dict "global" . "uid" "restconf-creds" "key" "password") | indent 10 }}
+        - name: ANSIBLE_USER
+          {{- include "common.secret.envFromSecret" (dict "global" . "uid" "ansible-creds" "key" "login") | indent 10 }}
+        - name: ANSIBLE_PASSWORD
+          {{- include "common.secret.envFromSecret" (dict "global" . "uid" "ansible-creds" "key" "password") | indent 10 }}
+        - name: SCALEOUT_USER
+          {{- include "common.secret.envFromSecret" (dict "global" . "uid" "scaleout-creds" "key" "login") | indent 10 }}
+        - name: SCALEOUT_PASSWORD
+          {{- include "common.secret.envFromSecret" (dict "global" . "uid" "scaleout-creds" "key" "password") | indent 10 }}
+        - name: NETBOX_APIKEY
+          {{- include "common.secret.envFromSecret" (dict "global" . "uid" "netbox-apikey" "key" "password") | indent 10 }}
+        - name: SDNC_DB_USER
+          {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+        - name: SDNC_DB_PASSWORD
+          {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+        volumeMounts:
+        - mountPath: /config-input
+          name: config-input
+        - mountPath: /config
+          name: properties
+        image: "{{ .Values.global.envsubstImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        name: {{ include "common.name" . }}-update-config
+
        - name: {{ include "common.name" . }}-readiness
          command:
          - /root/ready.py
          args:
          - --container-name
-        - {{ .Values.config.mariadbGalera.chartName }}
+        - {{ include "common.mariadbService" . }}
          env:
          - name: NAMESPACE
            valueFrom:
@@ -55,31 +96,24 @@ spec:
          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
          env:
-          - name: MYSQL_PASSWORD
-            valueFrom:
-              secretKeyRef:
-                name: {{ template "common.fullname" . }}
-                key: db-root-password
+          - name: MYSQL_ROOT_PASSWORD
+            {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-password" "key" "password") | indent 12 }}
+          - name: ODL_ADMIN_USERNAME
+            {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "login") | indent 12 }}
            - name: ODL_ADMIN_PASSWORD
-            valueFrom:
-              secretKeyRef:
-                name: {{ template "common.fullname" . }}-odl
-                key: odl-password
+            {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "password") | indent 12 }}
+          - name: SDNC_DB_USER
+            {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
            - name: SDNC_DB_PASSWORD
-            valueFrom:
-              secretKeyRef:
-                name: {{ template "common.fullname" . }}-sdnctl
-                key: db-sdnctl-password
+            {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
            - name: MYSQL_HOST
-            value: "{{.Values.config.mariadbGalera.serviceName}}.{{.Release.Namespace}}"
+            value: {{ include "common.mariadbService" . }}
            - name: SDNC_HOME
              value: "{{.Values.config.sdncHome}}"
            - name: ETC_DIR
              value: "{{.Values.config.etcDir}}"
            - name: BIN_DIR
              value: "{{.Values.config.binDir}}"
-          - name: SDNC_DB_USER
-            value: "{{.Values.config.dbSdnctlUser}}"
            - name: SDNC_DB_DATABASE
              value: "{{.Values.config.dbSdnctlDatabase}}"
          volumeMounts:
@@ -119,11 +153,13 @@ spec:
          configMap:
            name: {{ include "common.fullname" . }}-bin
            defaultMode: 0755
-      - name: properties
+      - name: config-input
          configMap:
            name: {{ include "common.fullname" . }}-properties
            defaultMode: 0644
+      - name: properties
+        emptyDir:
+          medium: Memory
        restartPolicy: Never
        imagePullSecrets:
        - name: "{{ include "common.namespace" . }}-docker-registry-key"
-
diff --git a/kubernetes/sdnc/templates/secret-aaf.yaml b/kubernetes/sdnc/templates/secret-aaf.yaml

deleted file mode 100644 (file)

index cd2e539..0000000
--- a/kubernetes/sdnc/templates/secret-aaf.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-{{ if .Values.global.aafEnabled }}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ include "common.fullname" . }}-aaf
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.fullname" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-type: Opaque
-data:
- aaf-password: {{ .Values.aaf_init.deploy_pass | b64enc | quote }}
-{{ end }}
diff --git a/kubernetes/sdnc/templates/secrets.yaml b/kubernetes/sdnc/templates/secrets.yaml

index e8cb336..dee311c 100644 (file)
--- a/kubernetes/sdnc/templates/secrets.yaml
+++ b/kubernetes/sdnc/templates/secrets.yaml
@@ -1,41 +1,15 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ include "common.fullname" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.fullname" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-type: Opaque
-data:
-  db-root-password: {{ .Values.config.dbRootPassword | b64enc | quote }}
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ include "common.fullname" . }}-odl
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.fullname" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-type: Opaque
-data:
-  odl-password: {{ .Values.config.odlPassword | b64enc | quote }}
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ include "common.fullname" . }}-sdnctl
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.fullname" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-type: Opaque
-data:
-  db-sdnctl-password: {{ .Values.config.dbSdnctlPassword | b64enc | quote }}
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secret" . }}
diff --git a/kubernetes/sdnc/templates/statefulset.yaml b/kubernetes/sdnc/templates/statefulset.yaml

index 1611449..6054546 100644 (file)
--- a/kubernetes/sdnc/templates/statefulset.yaml
+++ b/kubernetes/sdnc/templates/statefulset.yaml
@@ -33,11 +33,52 @@ spec:
          release: {{ include "common.release" . }}
      spec:
        initContainers:
+      - command:
+        - sh
+        args:
+        - -c
+        - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
+        env:
+        - name: AAI_CLIENT_NAME
+          {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aai-user-creds" "key" "login") | indent 10 }}
+        - name: AAI_CLIENT_PASSWORD
+          {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aai-user-creds" "key" "password") | indent 10 }}
+        - name: MODELSERVICE_USER
+          {{- include "common.secret.envFromSecret" (dict "global" . "uid" "modeling-user-creds" "key" "login") | indent 10 }}
+        - name: MODELSERVICE_PASSWORD
+          {{- include "common.secret.envFromSecret" (dict "global" . "uid" "modeling-user-creds" "key" "password") | indent 10 }}
+        - name: RESTCONF_USER
+          {{- include "common.secret.envFromSecret" (dict "global" . "uid" "restconf-creds" "key" "login") | indent 10 }}
+        - name: RESTCONF_PASSWORD
+          {{- include "common.secret.envFromSecret" (dict "global" . "uid" "restconf-creds" "key" "password") | indent 10 }}
+        - name: ANSIBLE_USER
+          {{- include "common.secret.envFromSecret" (dict "global" . "uid" "ansible-creds" "key" "login") | indent 10 }}
+        - name: ANSIBLE_PASSWORD
+          {{- include "common.secret.envFromSecret" (dict "global" . "uid" "ansible-creds" "key" "password") | indent 10 }}
+        - name: SCALEOUT_USER
+          {{- include "common.secret.envFromSecret" (dict "global" . "uid" "scaleout-creds" "key" "login") | indent 10 }}
+        - name: SCALEOUT_PASSWORD
+          {{- include "common.secret.envFromSecret" (dict "global" . "uid" "scaleout-creds" "key" "password") | indent 10 }}
+        - name: NETBOX_APIKEY
+          {{- include "common.secret.envFromSecret" (dict "global" . "uid" "netbox-apikey" "key" "password") | indent 10 }}
+        - name: SDNC_DB_USER
+          {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+        - name: SDNC_DB_PASSWORD
+          {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+        volumeMounts:
+        - mountPath: /config-input
+          name: config-input
+        - mountPath: /config
+          name: properties
+        image: "{{ .Values.global.envsubstImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        name: {{ include "common.name" . }}-update-config
+
        - command:
          - /root/ready.py
          args:
          - --container-name
-        - {{ .Values.config.mariadbGalera.chartName }}
+        - {{ include "common.mariadbService" . }}
          env:
          - name: NAMESPACE
            valueFrom:
@@ -89,12 +130,9 @@ spec:
            - name: aaf_locator_app_ns
              value: "{{ .Values.aaf_init.app_ns }}"
            - name: DEPLOY_FQI
-            value: "{{ .Values.aaf_init.deploy_fqi }}"
+            {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aaf-creds" "key" "login") | indent 12 }}
            - name: DEPLOY_PASSWORD
-            valueFrom:
-              secretKeyRef:
-                name: {{ template "common.fullname" .}}-aaf
-                key: aaf-password
+            {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aaf-creds" "key" "password") | indent 12 }}
            - name: cadi_longitude
              value: "{{ .Values.aaf_init.cadi_longitude }}"
            - name: cadi_latitude
@@ -125,41 +163,36 @@ spec:
              initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
              periodSeconds: {{ .Values.readiness.periodSeconds }}
            env:
-            - name: MYSQL_ROOT_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: {{ template "common.fullname" . }}
-                  key: db-root-password
-            - name: ODL_ADMIN_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: {{ template "common.fullname" . }}-odl
-                  key: odl-password
-            - name: SDNC_DB_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: {{ template "common.fullname" . }}-sdnctl
-                  key: db-sdnctl-password
-            - name: SDNC_CONFIG_DIR
-              value: "{{ .Values.config.configDir }}"
-            - name: ENABLE_ODL_CLUSTER
-              value: "{{ .Values.config.enableClustering }}"
-            - name: MY_ODL_CLUSTER
-              value: "{{ .Values.config.myODLCluster }}"
-            - name: PEER_ODL_CLUSTER
-              value: "{{ .Values.config.peerODLCluster }}"
-            - name: IS_PRIMARY_CLUSTER
-              value: "{{ .Values.config.isPrimaryCluster }}"
-            - name: GEO_ENABLED
-              value: "{{ .Values.config.geoEnabled}}"
-            - name: SDNC_AAF_ENABLED
-              value: "{{ .Values.global.aafEnabled}}"
-            - name: SDNC_REPLICAS
-              value: "{{ .Values.replicaCount }}"
-            - name: MYSQL_HOST
-              value: "{{.Values.config.mariadbGalera.serviceName}}.{{.Release.Namespace}}"
-            - name: JAVA_HOME
-              value: "{{ .Values.config.javaHome}}"
+          - name: MYSQL_ROOT_PASSWORD
+            {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-password" "key" "password") | indent 12 }}
+          - name: ODL_ADMIN_USERNAME
+            {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "login") | indent 12 }}
+          - name: ODL_ADMIN_PASSWORD
+            {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "password") | indent 12 }}
+          - name: SDNC_DB_USER
+            {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
+          - name: SDNC_DB_PASSWORD
+            {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
+          - name: SDNC_CONFIG_DIR
+            value: "{{ .Values.config.configDir }}"
+          - name: ENABLE_ODL_CLUSTER
+            value: "{{ .Values.config.enableClustering }}"
+          - name: MY_ODL_CLUSTER
+            value: "{{ .Values.config.myODLCluster }}"
+          - name: PEER_ODL_CLUSTER
+            value: "{{ .Values.config.peerODLCluster }}"
+          - name: IS_PRIMARY_CLUSTER
+            value: "{{ .Values.config.isPrimaryCluster }}"
+          - name: GEO_ENABLED
+            value: "{{ .Values.config.geoEnabled}}"
+          - name: SDNC_AAF_ENABLED
+            value: "{{ .Values.global.aafEnabled}}"
+          - name: SDNC_REPLICAS
+            value: "{{ .Values.replicaCount }}"
+          - name: MYSQL_HOST
+            value: {{ include "common.mariadbService" . }}
+          - name: JAVA_HOME
+            value: "{{ .Values.config.javaHome}}"
            volumeMounts:
            - mountPath: /etc/localtime
              name: localtime
@@ -252,10 +285,13 @@ spec:
            configMap:
              name: {{ include "common.fullname" . }}-bin
              defaultMode: 0755
-        - name: properties
+        - name: config-input
            configMap:
              name: {{ include "common.fullname" . }}-properties
              defaultMode: 0644
+        - name: properties
+          emptyDir:
+            medium: Memory
          - name: {{ include "common.fullname" . }}-certs
    {{ if .Values.certpersistence.enabled }}
            persistentVolumeClaim:
diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml

index 4447a7d..8fd7590 100644 (file)
--- a/kubernetes/sdnc/values.yaml
+++ b/kubernetes/sdnc/values.yaml
@@ -26,6 +26,83 @@ global:
    persistence:
      mountPath: /dockerdata-nfs
    aafEnabled: true
+  # envsusbt
+  envsubstImage: dibi/envsubst
+  mariadbGalera:
+    #This flag allows SO to instantiate its own mariadb-galera cluster
+    #If shared instance is used, this chart assumes that DB already exists
+    localCluster: false
+    service: mariadb-galera
+    internalPort: 3306
+    nameOverride: mariadb-galera
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+  - uid: db-root-password
+    name: '{{ include "common.release" . }}-sdnc-db-root-password'
+    type: password
+    externalSecret: '{{ .Values.global.mariadbGalera.localCluster | ternary (default (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (index .Values "mariadb-galera" "nameOverride"))) (index .Values "mariadb-galera" "config" "mariadbRootPasswordExternalSecret")) (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) }}'
+    password: '{{ (index .Values "mariadb-galera" "config" "mariadbRootPassword" }}'
+  - uid: db-secret
+    name: &dbSecretName '{{ include "common.release" . }}-sdnc-db-secret'
+    type: basicAuth
+    # This is a nasty trick that allows you override this secret using external one
+    # with the same field that is used to pass this to subchart
+    externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "sdnc-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}'
+    login: '{{ index .Values "mariadb-galera" "config" "userName" }}'
+    password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}'
+  - uid: odl-creds
+    name: &odlCredsSecretName '{{ include "common.release" . }}-sdnc-odl-creds'
+    type: basicAuth
+    externalSecret: '{{ .Values.config.odlCredsExternalSecret }}'
+    login: '{{ .Values.config.odlUser }}'
+    password: '{{ .Values.config.odlPassword }}'
+    # For now this is left hardcoded but should be revisited in a future
+    passwordPolicy: required
+  - uid: aaf-creds
+    type: basicAuth
+    externalSecret: '{{ ternary (tpl (default "" .Values.aaf_init.aafDeployCredsExternalSecret) .) "aafIsDiabled" .Values.global.aafEnabled }}'
+    login: '{{ .Values.aaf_init.deploy_fqi }}'
+    password: '{{ .Values.aaf_init.deploy_pass }}'
+    passwordPolicy: required
+  - uid: netbox-apikey
+    type: password
+    externalSecret: '{{ .Values.config.netboxApikeyExternalSecret }}'
+    password: '{{ .Values.config.netboxApikey }}'
+    passwordPolicy: required
+  - uid: aai-user-creds
+    type: basicAuth
+    externalSecret: '{{ .Values.config.aaiCredsExternalSecret}}'
+    login: '{{ .Values.config.aaiUser }}'
+    password: '{{ .Values.config.aaiPassword }}'
+    passwordPolicy: required
+  - uid: modeling-user-creds
+    type: basicAuth
+    externalSecret: '{{ .Values.config.modelingCredsExternalSecret}}'
+    login: '{{ .Values.config.modelingUser }}'
+    password: '{{ .Values.config.modelingPassword }}'
+    passwordPolicy: required
+  - uid: restconf-creds
+    type: basicAuth
+    externalSecret: '{{ .Values.config.restconfCredsExternalSecret}}'
+    login: '{{ .Values.config.restconfUser }}'
+    password: '{{ .Values.config.restconfPassword }}'
+    passwordPolicy: required
+  - uid: ansible-creds
+    name: &ansibleSecretName '{{ include "common.release" . }}-sdnc-ansible-creds'
+    type: basicAuth
+    externalSecret: '{{ .Values.config.ansibleCredsExternalSecret}}'
+    login: '{{ .Values.config.ansibleUser }}'
+    password: '{{ .Values.config.ansiblePassword }}'
+    passwordPolicy: required
+  - uid: scaleout-creds
+    type: basicAuth
+    externalSecret: '{{ .Values.config.scaleoutCredsExternalSecret}}'
+    login: '{{ .Values.config.scaleoutUser }}'
+    password: '{{ .Values.config.scaleoutPassword }}'
+    passwordPolicy: required
  
  #################################################################
  # Application configuration defaults.
@@ -43,11 +120,27 @@ debugEnabled: false
  config:
    odlUid: 100
    odlGid: 101
+  odlUser: admin
    odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
-  dbRootPassword: secretpassword
-  dbSdnctlUser: sdnctl
-  dbSdnctlDatabase: sdnctl
-  dbSdnctlPassword: gamma
+  # odlCredsExternalSecret: some secret
+  netboxApikey: onceuponatimeiplayedwithnetbox20180814
+  # netboxApikeyExternalSecret: some secret
+  aaiUser: sdnc@sdnc.onap.org
+  aaiPassword: demo123456!
+  # aaiCredsExternalSecret: some secret
+  modelingUser: ccsdkapps
+  modelingPassword: ccsdkapps
+  # modelingCredsExternalSecret: some secret
+  restconfUser: admin
+  restconfPassword: admin
+  # restconfCredsExternalSecret: some secret
+  scaleoutUser: admin
+  scaleoutPassword: admin
+  # scaleoutExternalSecret: some secret
+  ansibleUser: sdnc
+  ansiblePassword: sdnc
+  # ansibleCredsExternalSecret: some secret
+  dbSdnctlDatabase: &sdncDbName sdnctl
    enableClustering: true
    sdncHome: /opt/onap/sdnc
    binDir: /opt/onap/sdnc/bin
@@ -91,17 +184,6 @@ config:
        parallelGCThreads : 3
        numberGGLogFiles: 10
  
-
-
-  #local Mariadb-galera cluster
-  localDBCluster: false
-
-  #Shared mariadb-galera details
-  mariadbGalera:
-    chartName: mariadb-galera
-    serviceName: mariadb-galera
-    internalPort: 3306
-
  # dependency / sub-chart configuration
  aaf_init:
    agentImage: onap/aaf/aaf_agent:2.1.15
@@ -114,63 +196,82 @@ aaf_init:
    cadi_latitude: "38.0"
    cadi_longitude: "-72.0"
  
+mariadb-galera: &mariadbGalera
+  nameOverride: sdnc-db
+  config:
+    rootPasswordExternalSecret: '{{ ternary (include "common.release" .)-sdnc-db-root-password "" .Values.global.mariadbGalera.localCluster }}'
+    userName: sdnctl
+    userCredentialsExternalSecret: *dbSecretName
+  service:
+    name: sdnc-dbhost
+    internalPort: 3306
+  sdnctlPrefix: sdnc
+  persistence:
+    mountSubPath: sdnc/mariadb-galera
+    enabled: true
+  replicaCount: 1
+
  cds:
    enabled: false
  
  dmaap-listener:
    nameOverride: sdnc-dmaap-listener
+  mariadb-galera:
+    << : *mariadbGalera
+    config:
+      mysqlDatabase: *sdncDbName
    config:
      sdncChartName: sdnc
-    mysqlChartName: mariadb-galera
      dmaapPort: 3904
      sdncPort: 8282
      configDir: /opt/onap/sdnc/data/properties
-    odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+    odlCredsExternalSecret: *odlCredsSecretName
  
  ueb-listener:
+  mariadb-galera:
+    << : *mariadbGalera
+    config:
+      mysqlDatabase: *sdncDbName
    nameOverride: sdnc-ueb-listener
    config:
      sdncPort: 8282
      sdncChartName: sdnc
-    mysqlChartName: mariadb-galera
      configDir: /opt/onap/sdnc/data/properties
-    odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+    odlCredsExternalSecret: *odlCredsSecretName
  
  sdnc-portal:
+  mariadb-galera:
+    << : *mariadbGalera
+    config:
+      mysqlDatabase: *sdncDbName
    config:
      sdncChartName: sdnc
-    mysqlChartName: mariadb-galera
      configDir: /opt/onap/sdnc/data/properties
-    dbRootPassword: secretpassword
-    dbSdnctlPassword: gamma
-    odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+    odlCredsExternalSecret: *odlCredsSecretName
  
  sdnc-ansible-server:
+  config:
+    restCredsExternalSecret: *ansibleSecretName
+  mariadb-galera:
+    << : *mariadbGalera
+    config:
+      mysqlDatabase: ansible
    service:
      name: sdnc-ansible-server
      internalPort: 8000
-  config:
-    mysqlServiceName: mariadb-galera
-
-mariadb-galera:
-  nameOverride: sdnc-db
-  service:
-    name: sdnc-dbhost
-    internalPort: 3306
-  sdnctlPrefix: sdnc
-  persistence:
-    mountSubPath: sdnc/mariadb-galera
-    enabled: true
-  replicaCount: 1
  
  dgbuilder:
    nameOverride: sdnc-dgbuilder
    config:
+    db:
+      dbName: *sdncDbName
+      rootPasswordExternalSecret: '{{ ternary (printf "%s-sdnc-db-root-password" (include "common.release" .)) (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" "mariadb-galera")) .Values.global.mariadbGalera.localCluster }}'
+      userCredentialsExternalSecret: *dbSecretName
      dbPodName: mariadb-galera
      dbServiceName: mariadb-galera
-    dbRootPassword: secretpassword
-    dbSdnctlPassword: gamma
+    # This should be revisited and changed to plain text
      dgUserPassword: cc03e747a6afbbcbf8be7668acfebee5
+  mariadb-galera:
    service:
      name: sdnc-dgbuilder
      nodePort: "03"
author	Krzysztof Opasiak <k.opasiak@samsung.com>
	Tue, 25 Feb 2020 22:31:20 +0000 (23:31 +0100)
committer	Krzysztof Opasiak <k.opasiak@samsung.com>
	Wed, 4 Mar 2020 20:00:24 +0000 (21:00 +0100)
kubernetes/sdnc/charts/ueb-listener/values.yaml		patch \| blob \| history
kubernetes/sdnc/requirements.yaml		patch \| blob \| history
kubernetes/sdnc/resources/config/bin/installSdncDb.sh	[changed mode: 0644->0755]	patch \| blob \| history
kubernetes/sdnc/resources/config/bin/startODL.sh		patch \| blob \| history
kubernetes/sdnc/resources/config/conf/aaiclient.properties		patch \| blob \| history
kubernetes/sdnc/resources/config/conf/blueprints-processor-adaptor.properties		patch \| blob \| history
kubernetes/sdnc/resources/config/conf/dblib.properties		patch \| blob \| history
kubernetes/sdnc/resources/config/conf/lcm-dg.properties		patch \| blob \| history
kubernetes/sdnc/resources/config/conf/netbox.properties		patch \| blob \| history
kubernetes/sdnc/resources/config/conf/svclogic.properties		patch \| blob \| history
kubernetes/sdnc/templates/job.yaml		patch \| blob \| history
kubernetes/sdnc/templates/secret-aaf.yaml	[deleted file]	patch \| blob \| history
kubernetes/sdnc/templates/secrets.yaml		patch \| blob \| history
kubernetes/sdnc/templates/statefulset.yaml		patch \| blob \| history
kubernetes/sdnc/values.yaml		patch \| blob \| history