[submodule "kubernetes/aai"]
- path = kubernetes/aai
- url = ../aai/oom
- branch = master
- ignore = dirty
+ path = kubernetes/aai
+ url = ../aai/oom
+ branch = frankfurt
+ ignore = dirty
[submodule "kubernetes/robot"]
- path = kubernetes/robot
- url = ../testsuite/oom
- branch = .
- ignore = dirty
-
\ No newline at end of file
+ path = kubernetes/robot
+ url = ../testsuite/oom
+ branch = frankfurt
+ ignore = dirty
+
SUBMODS := robot aai
EXCLUDES := config oneclick readiness test dist helm $(PARENT_CHART) dcae $(SUBMODS)
-HELM_CHARTS := $(filter-out $(EXCLUDES), $(patsubst %/.,%,$(wildcard */.))) $(PARENT_CHART)
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) $(PARENT_CHART)
-.PHONY: $(EXCLUDES) $(HELM_CHARTS) $(SUBMODS)
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
all: $(COMMON_CHARTS_DIR) $(SUBMODS) $(HELM_CHARTS) plugins
# Configure resource requests and limits
resources:
- small:
- limits:
- cpu: 100m
- memory: 320Mi
- requests:
- cpu: 1m
- memory: 210Mi
- large:
- limits:
- cpu: 400m
- memory: 1Gi
- requests:
- cpu: 40m
- memory: 500Mi
- unlimited: {}
+ small:
+ limits:
+ cpu: 500m
+ memory: 320Mi
+ requests:
+ cpu: 1m
+ memory: 210Mi
+ large:
+ limits:
+ cpu: 400m
+ memory: 1Gi
+ requests:
+ cpu: 40m
+ memory: 500Mi
+ unlimited: {}
resources:
small:
limits:
- cpu: 20m
- memory: 50Mi
+ cpu: 50m
+ memory: 100Mi
requests:
cpu: 10m
memory: 10Mi
# processor-db endpoint
blueprintsprocessor.db.processor-db.type=maria-db
-blueprintsprocessor.db.processor-db.url=jdbc:mysql://{{.Values.config.cdsDB.dbServer}}:{{.Values.config.cdsDB.dbPort}}/{{.Values.config.cdsDB.dbName}}
-blueprintsprocessor.db.processor-db.username=root
-blueprintsprocessor.db.processor-db.password=${CDS_DB_ROOT_PASSWORD}
+blueprintsprocessor.db.processor-db.url=jdbc:mysql://{{ .Values.config.sdncDB.dbService }}:{{ .Values.config.sdncDB.dbPort }}/{{.Values.config.sdncDB.dbName}}
+blueprintsprocessor.db.processor-db.username=${SDNC_DB_USERNAME}
+blueprintsprocessor.db.processor-db.password=${SDNC_DB_PASSWORD}
# Python executor
blueprints.processor.functions.python.executor.executionPath=/opt/app/onap/scripts/jython/ccsdk_blueprints
- sh
args:
- -c
- - "cd /config-input && for PFILE in `ls -1 .`; do envsubst '${CDS_DB_USERNAME},${CDS_DB_PASSWORD},${CDS_DB_ROOT_PASSWORD}' <${PFILE} >/config/${PFILE}; done"
+ - "cd /config-input && for PFILE in `ls -1 .`; do envsubst '${CDS_DB_USERNAME},${CDS_DB_PASSWORD},${SDNC_DB_USERNAME},${SDNC_DB_PASSWORD}' <${PFILE} >/config/${PFILE}; done"
env:
- name: CDS_DB_USERNAME
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cds-db-user-creds" "key" "login") | indent 10}}
- name: CDS_DB_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cds-db-user-creds" "key" "password") | indent 10}}
- - name: CDS_DB_ROOT_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cds-db-root-pass" "key" "password") | indent 10}}
-
+ - name: SDNC_DB_USERNAME
+ value: root
+ - name: SDNC_DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdnc-db-root-pass" "key" "password") | indent 10}}
volumeMounts:
- mountPath: /config-input/application.properties
name: {{ include "common.fullname" . }}-config
login: '{{ .Values.config.cdsDB.dbUser }}'
password: '{{ .Values.config.cdsDB.dbPassword }}'
passwordPolicy: required
- - uid: 'cds-db-root-pass'
+ - uid: 'sdnc-db-root-pass'
type: password
- externalSecret: '{{ tpl (default "" .Values.config.cdsDB.dbRootPassExternalSecret) . }}'
- password: '{{ .Values.config.cdsDB.dbRootPassword }}'
+ externalSecret: '{{ tpl (default "" .Values.config.sdncDB.dbRootPassExternalSecret) . }}'
+ password: '{{ .Values.config.sdncDB.dbRootPass }}'
passwordPolicy: required
#################################################################
config:
appConfigDir: /opt/app/onap/config
useScriptCompileCache: true
+ sdncDB:
+ dbService: mariadb-galera
+ dbPort: 3306
+ dbName: sdnctl
+ #dbRootPass: Custom root password
+ dbRootPassExternalSecret: '{{ include "common.mariadb.secret.rootPassSecretName" ( dict "dot" . "chartName" .Values.config.sdncDB.dbService ) }}'
cdsDB:
dbServer: cds-db
dbPort: 3306
--- /dev/null
+# Copyright (c) 2020 Bell Canada, Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP CDS Py Executor
+name: cds-py-executor
+version: 6.0.0
\ No newline at end of file
--- /dev/null
+# Copyright (c) 2020 Bell Canada, Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
\ No newline at end of file
--- /dev/null
+# Copyright (c) 2020 Bell Canada, Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ command:
+ - bash
+ args:
+ - '-c'
+ - 'AUTH_TOKEN=`echo -n $API_USERNAME:$API_PASSWORD | base64` /opt/app/onap/python/start.sh'
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports: {{- include "common.containerPorts" . | nindent 12 }}
+ {{ if .Values.liveness.enabled }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.liveness.port }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
+ {{ end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.liveness.port }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
+ env:
+ - name: APP_PORT
+ value: {{ .Values.config.appPort }}
+ - name: AUTH_TYPE
+ value: {{ .Values.config.authType }}
+ - name: API_USERNAME
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "api-credentials" "key" "login") | nindent 12 }}
+ - name: API_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "api-credentials" "key" "password") | nindent 12 }}
+ - name: LOG_FILE
+ value: {{ .Values.config.logFile }}
+ - name: ARTIFACT_MANAGER_PORT
+ value: {{ .Values.config.artifactManagerPort }}
+ - name: ARTIFACT_MANAGER_SERVER_LOG_FILE
+ value: {{ .Values.config.artifactManagerLogFile }}
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: {{ .Values.persistence.deployedBlueprint }}
+ name: {{ include "common.fullname" . }}-blueprints
+ resources:
+{{ include "common.resources" . | nindent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | nindent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | nindent 10 }}
+ {{- end }}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ # Py executor shares the blueprintsprocessor storage (for now) to
+ # share uploaded CBA files. In the future it will be deprecated
+ # when all parts of the CDS will make use of Artifact Manager
+ - name: {{ include "common.fullname" . }}-blueprints
+ persistentVolumeClaim:
+ claimName: {{ include "common.release" . }}-cds-blueprints
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright (c) 2020 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
\ No newline at end of file
--- /dev/null
+# Copyright (c) 2020 Bell Canada, Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.service" . }}
\ No newline at end of file
--- /dev/null
+# Copyright (c) 2020 Bell Canada, Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific lan`guage governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ # Change to an unused port prefix range to prevent port conflicts
+ # with other instances running within the same k8s cluster
+ nodePortPrefix: 302
+
+ # image repositories
+ repository: nexus3.onap.org:10001
+
+ # readiness check
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
+
+ # image pull policy
+ pullPolicy: Always
+
+ persistence:
+ mountPath: /dockerdata-nfs
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: nexus3.onap.org:10001
+image: onap/ccsdk-py-executor:0.7.2
+pullPolicy: Always
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ port: 50052
+ initialDelaySeconds: 20
+ periodSeconds: 20
+ timeoutSeconds: 20
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ port: 50052
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ timeoutSeconds: 20
+
+service:
+ type: ClusterIP
+ ports:
+ - port: 50052
+ name: executor-grpc
+ - port: 50053
+ name: manager-grpc
+
+secrets:
+ - uid: api-credentials
+ externalSecret: '{{ tpl (default "" .Values.config.authCredentialsExternalSecret) . }}'
+ type: basicAuth
+ login: '{{ .Values.config.apiUsername }}'
+ password: '{{ .Values.config.apiPassword }}'
+ passwordPolicy: required
+
+config:
+ # the api credentials below are used to authenticate communication with blueprint
+ # processor API. Py executor in this context is a client of the blueprint processor
+ apiUsername: ccsdkapps
+ apiPassword: ccsdkapps
+ env:
+ appPort: 50052
+ authType: tls-auth
+ logFile: /dev/stdout
+ artifactManagerPort: 50053
+ artifactManagerLogFile: /dev/stdout
+
+persistence:
+ enabled: true
+ mountSubPath: cds/blueprints/deploy
+ deployedBlueprint: /opt/app/onap/blueprints/deploy
+
+ingress:
+ enabled: false
+
+flavor: small
+
+resources:
+ small:
+ limits:
+ cpu: 2
+ memory: 4Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 4
+ memory: 8Gi
+ requests:
+ cpu: 2
+ memory: 4Gi
+ unlimited: {}
externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "cds-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}'
login: '{{ index .Values "mariadb-galera" "config" "userName" }}'
password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}'
- - name: &dbRootPasswordSecretName '{{ include "common.release" . }}-cds-db-root-pass'
- uid: 'cds-db-root-pass'
- type: password
- externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "mariadbRootPasswordExternalSecret")) .) (hasSuffix "cds-db-root-pass" (index .Values "mariadb-galera" "config" "mariadbRootPasswordExternalSecret"))}}'
- password: '{{ index .Values "mariadb-galera" "config" "mariadbRootPassword" }}'
#################################################################
# Application configuration defaults.
userName: sdnctl
# userPassword: sdnctl
userCredentialsExternalSecret: *dbUserSecretName
- mariadbRootPasswordExternalSecret: *dbRootPasswordSecretName
mysqlDatabase: &mysqlDbName sdnctl
nameOverride: &dbServer cds-db
service:
dbPort: 3306
dbName: *mysqlDbName
dbCredsExternalSecret: *dbUserSecretName
- dbRootPassExternalSecret: *dbRootPasswordSecretName
#Resource Limit flavor -By Default using small
flavor: small
COMMON_CHARTS_DIR := common
EXCLUDES :=
-HELM_CHARTS := $(filter-out $(EXCLUDES), $(patsubst %/.,%,$(wildcard */.)))
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
@rm -f *tgz */charts/*tgz
@rm -rf $(PACKAGE_DIR)
%:
- @:
\ No newline at end of file
+ @:
dependencies:
- name: common
version: ~6.x-0
- repository: '@local'
+ repository: 'file://../common'
dependencies:
- name: common
version: ~6.x-0
- repository: '@local'
\ No newline at end of file
+ repository: 'file://../common'
dependencies:
- name: common
version: ~6.x-0
- repository: '@local'
\ No newline at end of file
+ repository: 'file://../../../common'
dependencies:
- name: common
version: ~6.x-0
- repository: '@local'
\ No newline at end of file
+ repository: 'file://../../../common'
dependencies:
- name: common
version: ~6.x-0
- repository: '@local'
\ No newline at end of file
+ repository: 'file://../../../common'
dependencies:
- name: common
version: ~6.x-0
- repository: '@local'
+ repository: 'file://../common'
- name: master
version: ~6.x-0
repository: 'file://components/master'
version: ~6.x-0
repository: 'file://components/curator'
condition: elasticsearch.curator.enabled,curator.enabled
-
dependencies:
- name: common
version: ~6.x-0
- repository: '@local'
+ repository: 'file://../common'
## Configure MariaDB-Galera with a custom my.cnf file
## ref: https://mariadb.com/kb/en/mariadb/configuring-mariadb-with-mycnf/#example-of-configuration-file
##
-externalConfig: {}
+externalConfig: ""
# externalConfig: |-
# [mysqld]
# innodb_buffer_pool_size=2G
dependencies:
- name: common
version: ~6.x-0
- repository: '@local'
+ repository: 'file://../common'
dependencies:
- name: common
version: ~6.x-0
- repository: '@local'
\ No newline at end of file
+ repository: 'file://../../../common'
dependencies:
- name: common
version: ~6.x-0
- repository: '@local'
+ repository: 'file://../common'
dependencies:\r
- name: common\r
version: ~6.x-0\r
- repository: '@local'\r
+ repository: 'file://../common'\r
- name: mariadb-galera\r
version: ~6.x-0\r
- repository: '@local'\r
+ repository: 'file://../mariadb-galera'\r
condition: global.mariadbGalera.localCluster\r
- name: mariadb-init\r
version: ~6.x-0\r
- repository: '@local'\r
+ repository: 'file://../mariadb-init'\r
condition: not global.mariadbGalera.localCluster\r
dependencies:
- name: common
version: ~6.x-0
- repository: '@local'
+ repository: 'file://../common'
config:
pgUserName: testuser
pgDatabase: userdb
- pgPrimaryPassword: password
- pgUserPassword: password
- pgRootPassword: password
+ # pgPrimaryPassword: password
+ # pgUserPassword: password
+ # pgRootPassword: password
container:
name:
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.12.5
+image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.12.6
default_k8s_location: central
# DCAE component images to be deployed via Cloudify Manager
volumeMounts:
- mountPath: /opt/app/osaaf
name: tls-info
+ {{- if .Values.persistence.enabled }}
+ - name: remove-lost-found
+ image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /cfy-persist
+ name: cm-persistent
+ command:
+ - /bin/sh
+ args:
+ - -c
+ - "rm -rf '/cfy-persist/lost+found';"
+ {{- end }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
consulLoaderRepository: nexus3.onap.org:10001
consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
+ busyboxRepository: docker.io
+ busyboxImage: library/busybox:1.30
redis:
replicaCount: 6
type: NodePort
name: dmaap-dr-node
useNodePortExt: true
+ both_tls_and_plain: true
annotations:
service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
ports:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
+ securityContext:
+ runAsUser: 1000
+ runAsGroup: 1001
+ fsGroup: 1001
+ initContainers:
+ - command:
+ - cp
+ args:
+ - -r
+ - -T
+ - /home/esr/tomcat
+ - /opt/tomcat
+ securityContext:
+ privileged: true
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: create-tomcat-dir
+ volumeMounts:
+ - name: tomcat-workdir
+ mountPath: /opt/tomcat
+
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
env:
- name: MSB_ADDR
value: {{ tpl .Values.msbaddr . }}
+ volumeMounts:
+ - name: tomcat-workdir
+ mountPath: /home/esr/tomcat/
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
- nodeSelector:
+ nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
{{- end -}}
{{- if .Values.affinity }}
- affinity:
+ affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+
+ volumes:
+ - name: tomcat-workdir
+ emptyDir: {}
+
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
+ securityContext:
+ runAsUser: 1000
+ runAsGroup: 1001
+ fsGroup: 1001
+ initContainers:
+ - command:
+ - cp
+ args:
+ - -r
+ - -T
+ - /home/esr/conf
+ - /opt/conf
+ securityContext:
+ privileged: true
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: create-conf-dir
+ volumeMounts:
+ - name: conf-dir
+ mountPath: /opt/conf
+
containers:
- name: {{ .Chart.Name }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
readOnly: true
- mountPath: /home/esr/works/logs
name: {{ include "common.fullname" . }}-logs
+ - mountPath: /home/esr/conf
+ name: conf-dir
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
{{- end }}
# Filebeat sidecar container
- name: {{ include "common.name" . }}-filebeat-onap
+ securityContext:
+ runAsUser: 1000
+ runAsGroup: 1000
image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
emptyDir: {}
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
+ - name: conf-dir
+ emptyDir: {}
+
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
# clear previously cached charts
rm -rf $CACHE_DIR
- # create log driectory
- mkdir -p $LOG_DIR
-
# fetch umbrella chart (parent chart containing subcharts)
if [[ -d "$CHART_URL" ]]; then
mkdir -p $CHART_DIR
helm fetch $CHART_URL --untar --untardir $CACHE_DIR $VERSION
fi
+ # create log driectory
+ mkdir -p $LOG_DIR
+
# move out subcharts to process separately
mkdir -p $CACHE_SUBCHART_DIR
mv $CHART_DIR/charts/* $CACHE_SUBCHART_DIR/
flavor: small
repository: nexus3.onap.org:10001
-image: onap/modeling/etsicatalog:1.0.5
+image: onap/modeling/etsicatalog:1.0.6
pullPolicy: Always
#Istio sidecar injection policy
# Default installation values to be overridden
server:
- jvmOpts: -server -Xms1024m -Xmx2048m
+ jvmOpts: -server -XshowSettings:vm
aaf:
enabled: "false"
"restServerParameters":{
"host":"0.0.0.0",
"port":6969,
- "userName":"healthcheck",
- "password":"zb!XztG34",
+ "userName":"${RESTSERVER_USER}",
+ "password":"${RESTSERVER_PASSWORD}",
"https":true
},
"receptionHandlerParameters":{
"messageBusAddress": [
"message-router"
],
- "user": "policy",
- "password": "Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U",
+ "user": "${SDCBE_USER}",
+ "password": "${SDCBE_PASSWORD}",
"pollingInterval":20,
"pollingTimeout":30,
"consumerId": "policy-id",
"apiParameters": {
"hostName": "policy-api",
"port": 6969,
- "userName": "healthcheck",
- "password": "zb!XztG34"
+ "userName": "${API_USER}",
+ "password": "${API_PASSWORD}"
},
"papParameters": {
"hostName": "policy-pap",
"port": 6969,
- "userName": "healthcheck",
- "password": "zb!XztG34"
+ "userName": "${PAP_USER}",
+ "password": "${PAP_PASSWORD}"
},
"isHttps": true,
"deployPolicies": true
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
+ initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: RESTSERVER_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }}
+ - name: RESTSERVER_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "password") | indent 10 }}
+ - name: API_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "apiparameters-creds" "key" "login") | indent 10 }}
+ - name: API_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "apiparameters-creds" "key" "password") | indent 10 }}
+ - name: PAP_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "papparameters-creds" "key" "login") | indent 10 }}
+ - name: PAP_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "papparameters-creds" "key" "password") | indent 10 }}
+ - name: SDCBE_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdcbe-creds" "key" "login") | indent 10 }}
+ - name: SDCBE_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdcbe-creds" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: distributionconfig-input
+ - mountPath: /config
+ name: distributionconfig
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- name: localtime
hostPath:
path: /etc/localtime
- - name: distributionconfig
+ - name: distributionconfig-input
configMap:
name: {{ include "common.fullname" . }}-configmap
defaultMode: 0755
+ - name: distributionconfig
+ emptyDir:
+ medium: Memory
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
# SPDX-License-Identifier: Apache-2.0
# ============LICENSE_END=========================================================
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: restserver-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}'
+ login: '{{ .Values.restServer.user }}'
+ password: '{{ .Values.restServer.password }}'
+ passwordPolicy: required
+ - uid: apiparameters-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.apiParameters.credsExternalSecret) . }}'
+ login: '{{ .Values.apiParameters.user }}'
+ password: '{{ .Values.apiParameters.password }}'
+ passwordPolicy: required
+ - uid: papparameters-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.papParameters.credsExternalSecret) . }}'
+ login: '{{ .Values.papParameters.user }}'
+ password: '{{ .Values.papParameters.password }}'
+ passwordPolicy: required
+ - uid: sdcbe-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.sdcBe.credsExternalSecret) . }}'
+ login: '{{ .Values.sdcBe.user }}'
+ password: '{{ .Values.sdcBe.password }}'
+ passwordPolicy: required
+
#################################################################
# Global configuration defaults.
#################################################################
global:
persistence: {}
+ envsubstImage: dibi/envsubst
#################################################################
# Application configuration defaults.
# application configuration
+restServer:
+ user: healthcheck
+ password: zb!XztG34
+apiParameters:
+ user: healthcheck
+ password: zb!XztG34
+papParameters:
+ user: healthcheck
+ password: zb!XztG34
+sdcBe:
+ user: policy
+ password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+
# default number of instances
replicaCount: 1
javax.persistence.jdbc.driver=org.mariadb.jdbc.Driver
javax.persistence.jdbc.url=jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/operationshistory
javax.persistence.jdbc.user=${SQL_USER}
-javax.persistence.jdbc.password=${SQL_PASSWORD}
+javax.persistence.jdbc.password=${SQL_PASSWORD_BASE64}
- sh
args:
- -c
- - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ - "export SQL_PASSWORD_BASE64=`echo -n ${SQL_PASSWORD} | base64`; cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
env:
- name: RESTSERVER_USER
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }}
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-creds" "key" "login") | indent 10 }}
- name: API_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-creds" "key" "password") | indent 10 }}
+ - name: SQL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ - name: SQL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
volumeMounts:
- mountPath: /config-input
name: pdpxconfig
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["/opt/app/policy/pdpx/bin/policy-pdpx.sh"]
args: ["/opt/app/policy/pdpx/etc/mounted/config.json"]
- env:
- - name: SQL_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
- - name: SQL_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
# application image
repository: nexus3.onap.org:10001
-image: onap/portal-app:3.2.0
+image: onap/portal-app:3.2.1
pullPolicy: Always
#AAF local config
/*
Replace spaces with underscores for role names to match AAF role names
*/
-UPDATE fn_role SET role_name= REPLACE(role_name, ' ', '_') WHERE active_yn= 'Y';
+UPDATE fn_role SET role_name= REPLACE(role_name, ' ', '_') WHERE active_yn= 'Y' AND role_id NOT IN (999);
/*
-Subproject commit c81062626b69160145baac5e6a5d670cb67211fa
+Subproject commit fc6143a31ef4a55d649f8e5384f661671274331c
PACKAGE_DIR := $(OUTPUT_DIR)/packages
SECRET_DIR := $(OUTPUT_DIR)/secrets
-EXCLUDES :=
-HELM_CHARTS := $(filter-out $(EXCLUDES), $(patsubst %/.,%,$(wildcard */.)))
+EXCLUDES := dist resources templates charts
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
@rm -f *tgz */charts/*tgz
@rm -rf $(PACKAGE_DIR)
%:
- @:
\ No newline at end of file
+ @:
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# FIXME OOM-765
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES :=
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+ @helm repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/bpmn-infra:1.6.0
+image: onap/so/bpmn-infra:1.6.1
pullPolicy: Always
db:
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/catalog-db-adapter:1.6.0
+image: onap/so/catalog-db-adapter:1.6.1
pullPolicy: Always
db:
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/so-monitoring:1.6.0
+image: onap/so/so-monitoring:1.6.1
pullPolicy: Always
db:
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/nssmf-adapter:1.6.0
+image: onap/so/nssmf-adapter:1.6.1
pullPolicy: Always
db:
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/openstack-adapter:1.6.0
+image: onap/so/openstack-adapter:1.6.1
pullPolicy: Always
repository: nexus3.onap.org:10001
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/request-db-adapter:1.6.0
+image: onap/so/request-db-adapter:1.6.1
pullPolicy: Always
db:
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/sdc-controller:1.6.0
+image: onap/so/sdc-controller:1.6.1
pullPolicy: Always
db:
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/sdnc-adapter:1.6.0
+image: onap/so/sdnc-adapter:1.6.1
pullPolicy: Always
db:
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/ve-vnfm-adapter:1.6.0
+image: onap/so/ve-vnfm-adapter:1.6.1
pullPolicy: Always
replicaCount: 1
service:
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/vfc-adapter:1.6.0
+image: onap/so/vfc-adapter:1.6.1
pullPolicy: Always
db:
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/vnfm-adapter:1.6.0
+image: onap/so/vnfm-adapter:1.6.1
pullPolicy: Always
replicaCount: 1
adminName: so_admin
repository: nexus3.onap.org:10001
-image: onap/so/api-handler-infra:1.6.0
+image: onap/so/api-handler-infra:1.6.1
pullPolicy: Always
replicaCount: 1
minReadySeconds: 10
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Copyright 2017 Huawei Technologies Co., Ltd.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<!DOCTYPE configuration
+PUBLIC "//mybatis.org//DTD Config 3.0//EN"
+"http://mybatis.org/dtd/mybatis-3-config.dtd">
+<configuration>
+ <environments default="development">
+ <environment id="development">
+ <transactionManager type="JDBC" />
+ <dataSource type="UNPOOLED">
+ <property name="driver" value="org.postgresql.Driver" />
+ <property name="url" value="jdbc:postgresql://{{ .Values.postgres.service.name }}:{{ .Values.postgres.service.externalPort }}/marketplaceDB" />
+ <property name="username" value="${PG_USER}" />
+ <property name="password" value="${PG_PASSWORD}" />
+ </dataSource>
+ </environment>
+ </environments>
+ <mappers>
+ <mapper resource="mybatis/sql/MarketplaceMapper.xml" />
+ </mappers>
+</configuration>
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
data:
-{{ tpl (.Files.Glob "resources/config/marketplace_tables_postgres.sql").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
name: {{ include "common.name" . }}
spec:
initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: PG_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 10 }}
+ - name: PG_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: init-data-input
+ - mountPath: /config
+ name: init-data
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+
- command:
- /root/ready.py
args:
name: {{ include "common.name" . }}
resources:
{{ include "common.resources" . | indent 12 }}
- env:
- - name: POSTGRES_SERVICE_HOST
- value: "$(VNFSDK_DBSET_SERVICE_HOST)"
+ volumes:
+ - mountPath: /service/webapps/ROOT/WEB-INF/classes/mybatis/configuration/configuration.xml
+ name: init-data
+ subPath: configuration.xml
readinessProbe:
tcpSocket:
port: {{ .Values.service.internalPort }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
+ volumes:
+ - name: init-data-input
+ configMap:
+ name: {{ include "common.fullname" . }}
+ - name: init-data
+ emptyDir:
+ medium: Memory
image: "{{ .Values.postgresRepository }}/{{ .Values.postgresImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
+ - name: PGUSER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 10 }}
- name: PGPASSWORD
- value: "{{ .Values.postgres.config.pgUserPassword }}"
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }}
command:
- /bin/sh
- -c
- |
- psql -U {{ .Values.postgres.config.pgUserName }} -h $(VNFSDK_DBPRI_SERVICE_HOST) -f /aaa/init/marketplace_tables_postgres.sql
+ psql -h $(VNFSDK_DBPRI_SERVICE_HOST) -f /aaa/init/marketplace_tables_postgres.sql
volumeMounts:
- name: init-data
mountPath: /aaa/init/marketplace_tables_postgres.sql
--- /dev/null
+{{/*
+# Copyright © 2020 Samsung Electronics
+# #
+# # Licensed under the Apache License, Version 2.0 (the "License");
+# # you may not use this file except in compliance with the License.
+# # You may obtain a copy of the License at
+# #
+# # http://www.apache.org/licenses/LICENSE-2.0
+# #
+# # Unless required by applicable law or agreed to in writing, software
+# # distributed under the License is distributed on an "AS IS" BASIS,
+# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# # See the License for the specific language governing permissions and
+# # limitations under the License.
+*/}}
+{{ include "common.secretFast" . }}
readinessImage: readiness-check:2.0.0
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ envsubstImage: dibi/envsubst
+
+secrets:
+ - uid: pg-root-pass
+ name: &pgRootPassSecretName '{{ include "common.release" . }}-vnfsdk-pg-root-pass'
+ type: password
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "vnfsdk-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}'
+ password: '{{ .Values.postgres.config.pgRootpassword }}'
+ policy: generate
+ - uid: pg-user-creds
+ name: &pgUserCredsSecretName '{{ include "common.release" . }}-vnfsdk-pg-user-creds'
+ type: basicAuth
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "vnfsdk-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
+ login: '{{ .Values.postgres.config.pgUserName }}'
+ password: '{{ .Values.postgres.config.pgUserPassword }}'
+ passwordPolicy: generate
#################################################################
# Application configuration defaults.
config:
pgUserName: postgres
pgDatabase: postgres
- pgPrimaryPassword: postgres
- pgUserPassword: postgres
- pgRootPassword: postgres
+ pgUserExternalSecret: *pgUserCredsSecretName
+ pgRootPasswordExternalSecret: *pgRootPassSecretName
# flag to enable debugging - application support required
debugEnabled: false
Code Review / oom.git / commitdiff