Merge "[COMMON] Update Ingress API"

diff --git a/kubernetes/common/certInitializer/templates/_certInitializer.yaml b/kubernetes/common/certInitializer/templates/_certInitializer.yaml
index b1e85c0..1312d98 100644 (file)
--- a/kubernetes/common/certInitializer/templates/_certInitializer.yaml
+++ b/kubernetes/common/certInitializer/templates/_certInitializer.yaml
@@ -47,6 +47,8 @@
 - name: {{ include "common.name" $dot }}-aaf-config
   image: {{ include "repositoryGenerator.repository" $subchartDot }}/{{ $subchartDot.Values.global.aafAgentImage }}
   imagePullPolicy: {{ $subchartDot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }}
+  securityContext:
+    runAsUser: 0
   volumeMounts:
   - mountPath: {{ $initRoot.mountPath }}
     name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }}

diff --git a/kubernetes/common/mariadb-galera/templates/statefulset.yaml b/kubernetes/common/mariadb-galera/templates/statefulset.yaml
index bb3af76..22832c9 100644 (file)
--- a/kubernetes/common/mariadb-galera/templates/statefulset.yaml
+++ b/kubernetes/common/mariadb-galera/templates/statefulset.yaml
@@ -78,7 +78,7 @@ spec:
             - -ec
             - |
                 {{- if (not (empty (.Values.galera.bootstrap.bootstrapFromNode | quote)))}}
-                {{- $fullname := include "common.names.fullname" . }}
+                {{- $fullname := include "common.fullname" . }}
                 {{- $bootstrapFromNode := int .Values.galera.bootstrap.bootstrapFromNode }}
                 # Bootstrap from the indicated node
                 NODE_ID="${MY_POD_NAME#"{{ $fullname }}-"}"

diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
index ef49f8c..ef84603 100644 (file)
--- a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
+++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
@@ -1,7 +1,7 @@
 {{/*
 #============LICENSE_START========================================================
 # ================================================================================
-# Copyright (c) 2021 J. F. Lucas. All rights reserved.
+# Copyright (c) 2021-2022 J. F. Lucas. All rights reserved.
 # Copyright (c) 2021 AT&T Intellectual Property. All rights reserved.
 # Copyright (c) 2021 Nokia. All rights reserved.
 # Copyright (c) 2021 Nordix Foundation.
@@ -176,7 +176,7 @@ The Deployment always includes a single Pod, with a container that uses
 the DCAE microservice image.
 
 The Deployment Pod may also include a logging sidecar container.
-The sidecar is included if .Values.logDirectory is set.  The
+The sidecar is included if .Values.log.path is set.  The
 logging sidecar and the DCAE microservice container share a
 volume where the microservice logs are written.
 
@@ -222,7 +222,8 @@ policies:
 */}}
 
 {{- define "dcaegen2-services-common.microserviceDeployment" -}}
-{{- $logDir :=  default "" .Values.log.path -}}
+{{- $log := default dict .Values.log -}}
+{{- $logDir :=  default "" $log.path -}}
 {{- $certDir := default "" .Values.certDirectory . -}}
 {{- $tlsServer := default "" .Values.tlsServer -}}
 {{- $commonRelease :=  print (include "common.release" .) -}}

diff --git a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml
index 2ce6c89..d53a83d 100644 (file)
--- a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml
@@ -1,6 +1,7 @@
 # ================================ LICENSE_START ==========================
 # =========================================================================
 #  Copyright (c) 2021 Nordix Foundation.
+#  Copyright (c) 2022 Nokia.  All rights reserved.
 # =========================================================================
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -51,7 +52,7 @@ certPostProcessorImage: onap/org.onap.oom.platform.cert-service.oom-certservice-
 # Application Configuration Defaults.
 #################################################################
 # Application Image
-image: onap/org.onap.dcaegen2.collectors.datafile.datafile-app-server:1.6.1
+image: onap/org.onap.dcaegen2.collectors.datafile.datafile-app-server:1.7.1
 pullPolicy: Always
 
 # Log directory where logging sidecar should look for log files
@@ -96,7 +97,6 @@ certificates:
 readinessCheck:
   wait_for:
     containers:
-      - dcae-config-binding-service
       - aaf-cm
       - dmaap-bc
       - dmaap-provisioning-job
@@ -120,12 +120,6 @@ service:
       plain_port: 8100
       port_protocol: http
 
-# Environment variables
-applicationEnv:
-# Empty path forces DFC to use Consul configuration, which allows app runtime reconfiguration.
-# It's a workaround because DMAAP specific env variables are not available in main container.
-  CBS_CLIENT_CONFIG_PATH: ''
-
 # Data Router Publisher Credentials
 drPubscriberCreds:
   username: username

diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/values.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/values.yaml
index 07306e1..ec320eb 100644 (file)
--- a/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/values.yaml
@@ -79,7 +79,6 @@ tlsServer: true
 # Dependencies
 readinessCheck:
   wait_for:
-    - dcae-config-binding-service
     - aaf-cm
     - &postgresName dcae-datalake-postgres
 

diff --git a/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml b/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml
index 4ed0a83..c325569 100644 (file)
--- a/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml
@@ -79,7 +79,6 @@ tlsServer: true
 # Dependencies
 readinessCheck:
   wait_for:
-    - dcae-config-binding-service
     - aaf-cm
     - &postgresName dcae-heartbeat-postgres
 

diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml
index 65a5d04..a8a30f4 100644 (file)
--- a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml
@@ -93,7 +93,6 @@ certificates:
 # dependencies
 readinessCheck:
   wait_for:
-    - dcae-config-binding-service
     - aaf-cm
 
 # probe configuration

diff --git a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml b/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml
index 037dd0a..8425024 100644 (file)
--- a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml
@@ -78,7 +78,6 @@ policies:
 # Dependencies
 readinessCheck:
   wait_for:
-    - dcae-config-binding-service
     - aaf-cm
 
 # Probe Configuration

diff --git a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml
index 39c4a8e..0d28683 100644 (file)
--- a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml
@@ -1,6 +1,7 @@
 # ================================ LICENSE_START ==========================
 # =========================================================================
 #  Copyright (C) 2021 Nordix Foundation.
+#  Copyright (c) 2022 Nokia.  All rights reserved.
 # =========================================================================
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -55,7 +56,7 @@ consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.
 # Application Configuration Defaults.
 #################################################################
 # Application Image
-image: onap/org.onap.dcaegen2.services.pm-mapper:1.7.2
+image: onap/org.onap.dcaegen2.services.pm-mapper:1.8.0
 pullPolicy: Always
 
 # Log directory where logging sidecar should look for log files
@@ -78,7 +79,6 @@ tlsServer: true
 readinessCheck:
   wait_for:
     containers:
-      - dcae-config-binding-service
       - aaf-cm
       - dmaap-bc
       - dmaap-provisioning-job
@@ -131,14 +131,14 @@ credentials:
 # Initial Application Configuration
 applicationConfig:
   enable_tls: true
-  enable_http: false
-  aaf_identity: ${AAF_IDENTITY}
-  aaf_password: ${AAF_PASSWORD}
+  enable_http: true
+  aaf_identity: ""
+  aaf_password: ""
   pm-mapper-filter: "{ \"filters\":[] }"
-  key_store_path: /opt/app/pm-mapper/etc/cert/cert.jks
-  key_store_pass_path: /opt/app/pm-mapper/etc/cert/jks.pass
-  trust_store_path: /opt/app/pm-mapper/etc/cert/trust.jks
-  trust_store_pass_path: /opt/app/pm-mapper/etc/cert/trust.pass
+  key_store_path: ""
+  key_store_pass_path: ""
+  trust_store_path: ""
+  trust_store_pass_path: ""
   dmaap_dr_delete_endpoint: https://dmaap-dr-node:8443/delete
   streams_publishes:
     dmaap_publisher:
@@ -147,7 +147,7 @@ applicationConfig:
         client_id: ${MR_FILES_PUBLISHER_CLIENT_ID_0}
         location: san-francisco
         client_role: org.onap.dcae.pmPublisher
-        topic_url: http://message-router:3904/events/org.onap.dmaap.mr.PERFORMANCE_MEASUREMENTS
+        topic_url: http://message-router:3904/events/unauthenticated.PERFORMANCE_MEASUREMENTS
   streams_subscribes:
     dmaap_subscriber:
       type: data_router

diff --git a/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml b/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml
index 4bdd2b8..80014e7 100644 (file)
--- a/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml
@@ -57,7 +57,7 @@ consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.
 # Application Configuration Defaults.
 #################################################################
 # Application Image
-image: onap/org.onap.dcaegen2.services.pmsh:1.3.2
+image: onap/org.onap.dcaegen2.services.pmsh:2.0.0
 pullPolicy: Always
 
 # Log directory where logging sidecar should look for log files
@@ -79,7 +79,6 @@ tlsServer: true
 # Dependencies
 readinessCheck:
   wait_for:
-    - dcae-config-binding-service
     - aaf-cm
     - &postgresName dcae-pmsh-postgres
 

diff --git a/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml b/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml
index a4ed699..7886ed7 100644 (file)
--- a/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml
@@ -1,6 +1,7 @@
 #============LICENSE_START========================================================
 # ================================================================================
 # Copyright (c) 2021 J. F. Lucas. All rights reserved.
+# Copyright (c) 2022 Nokia.  All rights reserved.
 # ================================================================================
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -40,7 +41,7 @@ consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.
 # Application configuration defaults.
 #################################################################
 # application image
-image: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.7.1
+image: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.8.0
 pullPolicy: Always
 
 # log directory where logging sidecar should look for log files
@@ -69,7 +70,6 @@ secrets:
 # dependencies
 readinessCheck:
   wait_for:
-    - dcae-config-binding-service
     - aaf-cm
 
 # probe configuration

diff --git a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml
index 543b79b..4c736c4 100644 (file)
--- a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml
@@ -51,7 +51,7 @@ consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.
 # Application Configuration Defaults.
 #################################################################
 # Application Image
-image: onap/org.onap.dcaegen2.collectors.restconfcollector:1.2.7
+image: onap/org.onap.dcaegen2.collectors.restconfcollector:1.3.2
 pullPolicy: Always
 
 # Log directory where logging sidecar should look for log files
@@ -73,7 +73,6 @@ tlsServer: true
 # Dependencies
 readinessCheck:
   wait_for:
-    - dcae-config-binding-service
     - aaf-cm
 
 # Probe Configuration

diff --git a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml
index 6cebca6..cf9e84b 100644 (file)
--- a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml
@@ -78,7 +78,6 @@ tlsServer: true
 # Dependencies
 readinessCheck:
   wait_for:
-    - dcae-config-binding-service
     - aaf-cm
     - &postgresName dcae-sliceanalysisms-postgres
 

diff --git a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/values.yaml
index 51ec337..25f0c3b 100644 (file)
--- a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/values.yaml
@@ -57,10 +57,11 @@ logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
 # and key from AAF and mount them in certDirectory.
 tlsServer: true
 
+
 # Dependencies
 readinessCheck:
   wait_for:
-    - dcae-config-binding-service
+  - message-router
 
 # Probe Configuration
 readiness:

diff --git a/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml b/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml
index 94c4d88..a99623b 100644 (file)
--- a/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml
@@ -91,7 +91,6 @@ policies:
 # Dependencies
 readinessCheck:
   wait_for:
-    - dcae-config-binding-service
     - aaf-cm
     - &postgresName dcae-sonhms-postgres
 

diff --git a/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml b/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml
index a65fa7c..cb03d89 100644 (file)
--- a/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml
@@ -71,7 +71,6 @@ secrets:
 # dependencies
 readinessCheck:
   wait_for:
-    - dcae-config-binding-service
     - aaf-cm
 
 # probe configuration

diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml
index 508cea4..13b71ec 100644 (file)
--- a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml
@@ -1,7 +1,7 @@
 #============LICENSE_START========================================================
 # ================================================================================
 # Copyright (c) 2021 J. F. Lucas. All rights reserved.
-# Copyright (c) 2021 Nokia.  All rights reserved.
+# Copyright (c) 2021-2022 Nokia.  All rights reserved.
 # Copyright (c) 2022 AT&T Intellectual Property. All rights reserved.
 # ================================================================================
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -43,7 +43,7 @@ certPostProcessorImage: onap/org.onap.oom.platform.cert-service.oom-certservice-
 # Application configuration defaults.
 #################################################################
 # application image
-image: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.10.3
+image: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.11.0
 pullPolicy: Always
 
 # log directory where logging sidecar should look for log files
@@ -87,7 +87,6 @@ certificates:
 # dependencies
 readinessCheck:
   wait_for:
-    - dcae-config-binding-service
     - aaf-cm
 
 # probe configuration

diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-mapper/values.yaml
index d11f167..c9ee185 100644 (file)
--- a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-ves-mapper/values.yaml
@@ -40,7 +40,7 @@ consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.
 # Application Configuration Defaults.
 #################################################################
 # Application Image
-image: onap/org.onap.dcaegen2.services.mapper.vesadapter.universalvesadaptor:1.3.2
+image: onap/org.onap.dcaegen2.services.mapper.vesadapter.universalvesadaptor:1.3.3
 pullPolicy: Always
 
 # Log directory where logging sidecar should look for log files
@@ -62,7 +62,6 @@ logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
 # Dependencies
 readinessCheck:
   wait_for:
-    - dcae-config-binding-service
     - aaf-cm
 
 # Service Configuration
@@ -77,6 +76,9 @@ service:
 # application environments
 applicationEnv:
   LOG4J_FORMAT_MSG_NO_LOOKUPS: 'true'
+  CONFIG_BINDING_SERVICE_SERVICE_PORT: '10000' # Workaround until DCAEGEN2-3098 is addressed
+  CBS_CLIENT_CONFIG_PATH: '/app-config-input/application_config.yaml'
+
 
 # Initial Application Configuration
 applicationConfig:

diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
index b1671f0..417d968 100644 (file)
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
@@ -98,8 +98,8 @@ default_k8s_location: central
 # Use to override default setting in blueprints
 componentImages:
   tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.3.1
-  ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.10.1
-  prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.7.1
+  ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.11.0
+  prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.8.0
   hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.10.0
 
 # Resource Limit flavor -By Default using small

diff --git a/kubernetes/dcaegen2/values.yaml b/kubernetes/dcaegen2/values.yaml
index 2c276a7..d445248 100644 (file)
--- a/kubernetes/dcaegen2/values.yaml
+++ b/kubernetes/dcaegen2/values.yaml
@@ -48,7 +48,7 @@ dcae-cloudify-manager:
   config:
     cloudifyManagerPasswordExternalSecret: *cmPassSecretName
 dcae-config-binding-service:
-  enabled: true
+  enabled: false
 dcae-dashboard:
   enabled: false
   config:
@@ -58,7 +58,7 @@ dcae-deployment-handler:
   config:
     cloudifyManagerPasswordExternalSecret: *cmPassSecretName
 dcae-healthcheck:
-  enabled: true
+  enabled: false
 dcae-inventory-api:
   enabled: false
 dcae-policy-handler:

diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml b/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml
index a0b6fda..c9b6800 100644 (file)
--- a/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml
+++ b/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml
@@ -23,6 +23,7 @@ spec:
   template:
     metadata: {{- include "common.templateMetadata" . | nindent 6 }}
     spec:
+      {{ include "common.podSecurityContext" . | indent 6 | trim}}
 {{- if or .Values.global.aafEnabled .Values.PG.enabled }}
       initContainers:
       - command:
@@ -45,6 +46,8 @@ spec:
         name: {{ include "common.name" . }}-update-config
 {{ include "common.certInitializer.initContainer" . | nindent 6 }}
       - name: {{ include "common.name" . }}-permission-fixer
+        securityContext:
+          runAsUser: 0
         image: {{ include "repositoryGenerator.image.busybox" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
@@ -60,6 +63,9 @@ spec:
         command: ["/bin/sh"]
         args: [ "-c", "sed -i -e '/cadi_keystore_password=/d' -e '/cadi_keystore_password_jks/p' -e 's/cadi_keystore_password_jks/cadi_keystore_password/' -e 's/dmaap-bc.p12/dmaap-bc.jks/' /opt/app/osaaf/local/org.onap.dmaap-bc.cred.props" ]
       - name: {{ include "common.name" . }}-postgres-readiness
+        securityContext:
+          runAsUser: 100
+          runAsGroup: 65533
         command:
         - /app/ready.py
         args:

diff --git a/kubernetes/dmaap/components/dmaap-bc/values.yaml b/kubernetes/dmaap/components/dmaap-bc/values.yaml
index a8e7cf9..cc86082 100644 (file)
--- a/kubernetes/dmaap/components/dmaap-bc/values.yaml
+++ b/kubernetes/dmaap/components/dmaap-bc/values.yaml
@@ -146,6 +146,11 @@ ingress:
 
 # Resource Limit flavor -By Default using small
 flavor: small
+
+securityContext:
+  user_id: 1000
+  group_id: 101
+
 # Segregation for Different environment (Small and Large)
 resources:
   small:

diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml
index 2bfa496..69f6fc1 100644 (file)
--- a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml
@@ -23,8 +23,12 @@ spec:
   template:
     metadata: {{- include "common.templateMetadata" . | nindent 6 }}
     spec:
+      {{ include "common.podSecurityContext" . | indent 6 | trim}}
       initContainers: {{ include "common.certInitializer.initContainer" . | nindent 8 }}
         - name: {{ include "common.name" . }}-readiness
+          securityContext:
+            runAsUser: 100
+            runAsGroup: 65533
           image: {{ include "repositoryGenerator.image.readiness" . }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           command:
@@ -39,6 +43,8 @@ spec:
                 apiVersion: v1
                 fieldPath: metadata.namespace
         - name: {{ include "common.name" . }}-permission-fixer
+          securityContext:
+            runAsUser: 0
           image: {{ include "repositoryGenerator.image.busybox" . }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}

diff --git a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml
index e34bc00..6ad3e45 100644 (file)
--- a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml
@@ -113,6 +113,11 @@ ingress:
 
 # Resource Limit flavor -By Default using small
 flavor: small
+
+securityContext:
+  user_id: 1000
+  group_id: 1000
+
 # Segregation for Different environment (Small and Large)
 resources:
   small:

diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml
index b7acbc9..325ca9f 100644 (file)
--- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml
@@ -34,9 +34,13 @@ spec:
         app: {{ include "common.name" . }}
         release: {{ include "common.release" . }}
     spec:
+      {{ include "common.podSecurityContext" . | indent 6 | trim}}
       hostname: {{ .Values.global.dmaapDrProvName }}
       initContainers:
         - name: {{ include "common.name" . }}-readiness
+          securityContext:
+            runAsUser: 100
+            runAsGroup: 65533
           image: {{ include "repositoryGenerator.image.readiness" . }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           command:
@@ -55,6 +59,8 @@ spec:
         {{ include "common.certInitializer.initContainer" . | nindent 8 }}
 
         - name: {{ include "common.name" . }}-permission-fixer
+          securityContext:
+            runAsUser: 0
           image: {{ include "repositoryGenerator.image.busybox" . }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}

diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml
index 1d9432a..9e6effa 100644 (file)
--- a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml
@@ -142,6 +142,11 @@ certInitializer:
 
 # Resource Limit flavor -By Default using small
 flavor: small
+
+securityContext:
+  user_id: 1000
+  group_id: 1000
+
 # Segregation for Different environment (Small and Large)
 resources:
   small:

diff --git a/kubernetes/onap/resources/overrides/onap-all.yaml b/kubernetes/onap/resources/overrides/onap-all.yaml
index f92bfa7..9306985 100644 (file)
--- a/kubernetes/onap/resources/overrides/onap-all.yaml
+++ b/kubernetes/onap/resources/overrides/onap-all.yaml
@@ -87,7 +87,7 @@ uui:
 vfc:
   enabled: true
 vid:
-  enabled: true
+  enabled: false
 vnfsdk:
   enabled: true
 modeling:

diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml
index 73f96d3..f5b5c8e 100755 (executable)
--- a/kubernetes/onap/values.yaml
+++ b/kubernetes/onap/values.yaml
@@ -135,7 +135,7 @@ global:
 
   # default password complexity
   # available options: phrase, name, pin, basic, short, medium, long, maximum security
-  # More datails: https://masterpassword.app/masterpassword-algorithm.pdf
+  # More datails: https://www.masterpasswordapp.com/masterpassword-algorithm.pdf
   passwordStrength: long
 
   # configuration to set log level to all components (the one that are using

diff --git a/kubernetes/oof/components/oof-has/values.yaml b/kubernetes/oof/components/oof-has/values.yaml
index 248d3af..bc129be 100755 (executable)
--- a/kubernetes/oof/components/oof-has/values.yaml
+++ b/kubernetes/oof/components/oof-has/values.yaml
@@ -155,3 +155,6 @@ etcd-init:
     keyPrefix: conductor
   flavor: *etcd-flavor
   resources: *etcd-resources
+
+# Python doesn't support well dollar sign in password
+passwordStrengthOverride: basic
\ No newline at end of file