From: Sylvain Desbureaux Date: Wed, 30 Jun 2021 06:24:19 +0000 (+0000) Subject: Merge "[DCAEGEN2] Deploy son-handler-ms via Helm" X-Git-Tag: 9.0.0~211 X-Git-Url: https://gerrit.onap.org/r/gitweb?p=oom.git;a=commitdiff_plain;h=28103082346daf96770626e7b3fcb6bd4ee59fef;hp=9709775682da1942424f81a6cb13bf293cd55bb8 Merge "[DCAEGEN2] Deploy son-handler-ms via Helm" --- diff --git a/kubernetes/appc/values.yaml b/kubernetes/appc/values.yaml index e3f88b1c37..f59a64f3d2 100644 --- a/kubernetes/appc/values.yaml +++ b/kubernetes/appc/values.yaml @@ -131,6 +131,132 @@ mariadb-galera: nameOverride: *appc-db replicaCount: 1 + mariadbConfiguration: |- + [client] + port=3306 + socket=/opt/bitnami/mariadb/tmp/mysql.sock + plugin_dir=/opt/bitnami/mariadb/plugin + + [mysqld] + lower_case_table_names = 1 + default_storage_engine=InnoDB + basedir=/opt/bitnami/mariadb + datadir=/bitnami/mariadb/data + plugin_dir=/opt/bitnami/mariadb/plugin + tmpdir=/opt/bitnami/mariadb/tmp + socket=/opt/bitnami/mariadb/tmp/mysql.sock + pid_file=/opt/bitnami/mariadb/tmp/mysqld.pid + bind_address=0.0.0.0 + + ## Character set + collation_server=utf8_unicode_ci + init_connect='SET NAMES utf8' + character_set_server=utf8 + + ## MyISAM + key_buffer_size=32M + myisam_recover_options=FORCE,BACKUP + + ## Safety + skip_host_cache + skip_name_resolve + max_allowed_packet=16M + max_connect_errors=1000000 + sql_mode=STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_AUTO_VALUE_ON_ZERO,NO_ENGINE_SUBSTITUTION,NO_ZERO_DATE,NO_ZERO_IN_DATE + sysdate_is_now=1 + + ## Binary Logging + log_bin=mysql-bin + expire_logs_days=14 + # Disabling for performance per http://severalnines.com/blog/9-tips-going-production-galera-cluster-mysql + sync_binlog=0 + # Required for Galera + binlog_format=row + + ## Caches and Limits + tmp_table_size=32M + max_heap_table_size=32M + # Re-enabling as now works with Maria 10.1.2 + query_cache_type=1 + query_cache_limit=4M + query_cache_size=256M + max_connections=500 + thread_cache_size=50 + open_files_limit=65535 + table_definition_cache=4096 + table_open_cache=4096 + + ## InnoDB + innodb=FORCE + innodb_strict_mode=1 + # Mandatory per https://github.com/codership/documentation/issues/25 + innodb_autoinc_lock_mode=2 + # Per https://www.percona.com/blog/2006/08/04/innodb-double-write/ + innodb_doublewrite=1 + innodb_flush_method=O_DIRECT + innodb_log_files_in_group=2 + innodb_log_file_size=128M + innodb_flush_log_at_trx_commit=1 + innodb_file_per_table=1 + # 80% Memory is default reco. + # Need to re-evaluate when DB size grows + innodb_buffer_pool_size=2G + innodb_file_format=Barracuda + + ## Logging + log_error=/opt/bitnami/mariadb/logs/mysqld.log + slow_query_log_file=/opt/bitnami/mariadb/logs/mysqld.log + log_queries_not_using_indexes=1 + slow_query_log=1 + + ## SSL + ## Use extraVolumes and extraVolumeMounts to mount /certs filesystem + # ssl_ca=/certs/ca.pem + # ssl_cert=/certs/server-cert.pem + # ssl_key=/certs/server-key.pem + + [galera] + wsrep_on=ON + wsrep_provider=/opt/bitnami/mariadb/lib/libgalera_smm.so + wsrep_sst_method=mariabackup + wsrep_slave_threads=4 + wsrep_cluster_address=gcomm:// + wsrep_cluster_name=galera + wsrep_sst_auth="root:" + # Enabled for performance per https://mariadb.com/kb/en/innodb-system-variables/#innodb_flush_log_at_trx_commit + innodb_flush_log_at_trx_commit=2 + # MYISAM REPLICATION SUPPORT # + wsrep_replicate_myisam=ON + binlog_format=row + default_storage_engine=InnoDB + innodb_autoinc_lock_mode=2 + transaction-isolation=READ-COMMITTED + wsrep_causal_reads=1 + wsrep_sync_wait=7 + + [mariadb] + plugin_load_add=auth_pam + + ## Data-at-Rest Encryption + ## Use extraVolumes and extraVolumeMounts to mount /encryption filesystem + # plugin_load_add=file_key_management + # file_key_management_filename=/encryption/keyfile.enc + # file_key_management_filekey=FILE:/encryption/keyfile.key + # file_key_management_encryption_algorithm=AES_CTR + # encrypt_binlog=ON + # encrypt_tmp_files=ON + + ## InnoDB/XtraDB Encryption + # innodb_encrypt_tables=ON + # innodb_encrypt_temporary_tables=ON + # innodb_encrypt_log=ON + # innodb_encryption_threads=4 + # innodb_encryption_rotate_key_age=1 + + ## Aria Encryption + # aria_encrypt_tables=ON + # encrypt_tmp_disk_tables=ON + dgbuilder: nameOverride: appc-dgbuilder certInitializer: diff --git a/kubernetes/common/repositoryGenerator/templates/_repository.tpl b/kubernetes/common/repositoryGenerator/templates/_repository.tpl index 488db054a0..211cf1c599 100644 --- a/kubernetes/common/repositoryGenerator/templates/_repository.tpl +++ b/kubernetes/common/repositoryGenerator/templates/_repository.tpl @@ -67,6 +67,15 @@ {{- include "repositoryGenerator._repositoryHelper" (merge (dict "repoName" "googleK8sRepository") .) }} {{- end -}} +{{/* + Resolve the name of the GithubContainer registry + - .Values.global.githubContainerRegistry : default image githubContainerRegistry for all dockerHub images + - .Values.githubContainerRegistryOverride : override global githubContainerRegistry on a per chart basis +*/}} +{{- define "repositoryGenerator.githubContainerRegistry" -}} + {{- include "repositoryGenerator._repositoryHelper" (merge (dict "repoName" "githubContainerRegistry") .) }} +{{- end -}} + {{- define "repositoryGenerator.image._helper" -}} {{- $dot := default . .dot -}} {{- $initRoot := default $dot.Values.repositoryGenerator .initRoot -}} @@ -182,5 +191,17 @@ {{- $repoCreds = printf "%s, %s" $repoCreds $gcrRepoCreds }} {{- end }} {{- end }} + {{- if $subchartDot.Values.global.githubContainerRegistryCred }} + {{- $ghcrRepo := $subchartDot.Values.global.githubContainerRegistry }} + {{- $ghcrCred := $subchartDot.Values.global.githubContainerRegistryCred }} + {{- $ghcrMail := default "@" $ghcrCred.mail }} + {{- $ghcrAuth := printf "%s:%s" $ghcrCred.user $ghcrCred.password | b64enc }} + {{- $ghcrRepoCreds := printf "\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}" $ghcrRepo $ghcrCred.user $ghcrCred.password $ghcrMail $ghcrAuth }} + {{- if eq "" $repoCreds }} + {{- $repoCreds = $ghcrRepoCreds }} + {{- else }} + {{- $repoCreds = printf "%s, %s" $repoCreds $ghcrRepoCreds }} + {{- end }} + {{- end }} {{- printf "{%s}" $repoCreds | b64enc -}} {{- end -}} diff --git a/kubernetes/common/repositoryGenerator/values.yaml b/kubernetes/common/repositoryGenerator/values.yaml index bf21e2da08..2a01112ce6 100644 --- a/kubernetes/common/repositoryGenerator/values.yaml +++ b/kubernetes/common/repositoryGenerator/values.yaml @@ -19,6 +19,7 @@ global: dockerHubRepository: docker.io elasticRepository: docker.elastic.co googleK8sRepository: k8s.gcr.io + githubContainerRegistry: ghcr.io # common global images busyboxImage: busybox:1.32 diff --git a/kubernetes/contrib/tools/registry-initialize.sh b/kubernetes/contrib/tools/registry-initialize.sh new file mode 100755 index 0000000000..75b36bbc52 --- /dev/null +++ b/kubernetes/contrib/tools/registry-initialize.sh @@ -0,0 +1,118 @@ +#!/bin/sh -x + +# Copyright (c) 2021 AT&T. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Pre-requisite +# 1. Chart packages available under local directory provided as input/argument +# 2. helm client installed with push plugin +# 3. ONAP chartmuseum service deployed + +usage() +{ + echo "Chart Base directory must be provided as input!!" + echo "Usage: registry-initialize.sh -d chartdirectory \ +<-n namespace override> <-r helmrelease override>" + exit 1 +} + +if [ $# -eq 0 ]; then + usage +fi + +# defaults +NAMESPACE=onap +RLS_NAME=onap +LOGIN="" +PASSWORD="" + +while getopts ":d:n:r:" opt; do + case $opt in + d) BASEDIR="$OPTARG" + ;; + n) NAMESPACE="$OPTARG" + ;; + r) RLS_NAME="$OPTARG" + ;; + \?) echo "Invalid option -$OPTARG" >&2 + usage + ;; + esac +done + +if [ -z "$BASEDIR" ]; then + exit "Chart base directory provided $BASEDIR is empty" +fi + +if [ "$(find $BASEDIR -maxdepth 1 -name '*tgz' -print -quit)" ]; then + echo "$BASEDIR valid" +else + exit "No chart package on $BASEDIR provided" +fi + +LOGIN=$(kubectl -n "$NAMESPACE" get secret \ + "${RLS_NAME}-chartmuseum-registrycred" \ + -o jsonpath='{.data.login}' | base64 -d) + +PASSWORD=$(kubectl -n "$NAMESPACE" get secret \ + "${RLS_NAME}-chartmuseum-registrycred" \ + -o jsonpath='{.data.password}' | base64 -d) + +if [ -z "$LOGIN" ] || [ -z "$PASSWORD" ]; then + echo "Login/Password credential for target registry cannot be retrieved" + exit 1 +fi + +# Expose cluster port via port-forwarding +kubectl -n $NAMESPACE port-forward service/chart-museum 27017:80 & +if [ $? -ne 0 ]; then + echo "Error in portforwarding; registry cannot be added!!" + exit 1 +fi + +sleep 5 + +# Add chartmuseum repo as helm repo +# Credentials should match config defined in +# oom\kubernetes\platform\components\chartmuseum\values.yaml +helm repo add k8s-registry http://127.0.0.1:27017 --username "$LOGIN" \ + --password "$PASSWORD" +if [ $? -ne 0 ]; then + echo "registry cannot be added!!" + pkill -f "port-forward service/chart-museum" + exit 1 +fi + +# Initial scope is pushing only dcae charts +# can be expanded to include all onap charts if required +for file in $BASEDIR/dcae*tgz; do + # use helm plugin to push charts + helm push $file k8s-registry + if [ $? -eq 0 ]; then + echo "$file uploaded to registry successfully" + else + echo "registry upload failed!!" + pkill -f "port-forward service/chart-museum" + helm repo remove k8s-registry + exit 1 + fi +done + +echo "All Helm charts successfully uploaded into internal repository" + +# Remove the port-forwarding process +pkill -f "port-forward service/chart-museum" + +# Remove helm registry from local +helm repo remove k8s-registry diff --git a/kubernetes/dcaegen2-services/common/Makefile b/kubernetes/dcaegen2-services/common/Makefile index 4a6491d8cc..db8704c2ca 100644 --- a/kubernetes/dcaegen2-services/common/Makefile +++ b/kubernetes/dcaegen2-services/common/Makefile @@ -22,11 +22,18 @@ HELM_REPO := local EXCLUDES := HELM_BIN := helm +# Helm v2 and helm v3 uses different version format so we first try in helm v3 format +# and if it fails then we fallback to helm v2 one +HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}" 2>/dev/null) +ifneq "$(findstring v3,$(HELM_VER))" "v3" + HELM_VER := $(shell $(HELM_BIN) version -c --template "{{.Client.SemVer}}") +endif + HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) .PHONY: $(EXCLUDES) $(HELM_CHARTS) -all: $(HELM_CHARTS) +all: $(HELM_CHARTS) helm-repo-update $(HELM_CHARTS): @echo "\n[$@]" @@ -50,5 +57,11 @@ clean: @rm -f */requirements.lock @rm -f *tgz */charts/*tgz @rm -rf $(PACKAGE_DIR) + +helm-repo-update: +ifeq "$(findstring v3,$(HELM_VER))" "v3" + @$(HELM_BIN) repo update +endif + %: @: diff --git a/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml b/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml index f4516ed7e8..a26c66366b 100644 --- a/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml @@ -87,8 +87,7 @@ service: name: http # Policy configuraiton properties -# if present, policy-sync side car will be deployed - +# if enabled, policy-sync side car will be deployed #dcaePolicySyncImage: onap/org.onap.dcaegen2.deployments.dcae-services-policy-sync:1.0.1 #policies: # duration: 300 diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml index df0e270db5..a82eef85d4 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml @@ -105,7 +105,7 @@ config: mariadb: name: *dmaap-dr-db nameOverride: *dmaap-dr-db - replicaCount: 3 + replicaCount: 1 db: externalSecret: *dbSecretName name: datarouter diff --git a/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/statefulset.yaml index c16500e787..48a2eb197e 100644 --- a/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/statefulset.yaml @@ -230,11 +230,6 @@ spec: - name: docker-socket hostPath: path: /var/run/docker.sock - {{- if .Values.global.aafEnabled }} - - name: cadi - configMap: - name: {{ include "common.fullname" . }}-cadi-prop-configmap - {{ end }} - name: jaas configMap: name: {{ include "common.fullname" . }}-jaas-configmap diff --git a/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml b/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml index ea286b09c1..f3358d007d 100644 --- a/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml +++ b/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml @@ -25,7 +25,7 @@ aaf: aai: enabled: true appc: - enabled: true + enabled: false cds: enabled: true clamp: diff --git a/kubernetes/onap/resources/overrides/onap-all.yaml b/kubernetes/onap/resources/overrides/onap-all.yaml index 521cf2ff8b..ad002cc385 100644 --- a/kubernetes/onap/resources/overrides/onap-all.yaml +++ b/kubernetes/onap/resources/overrides/onap-all.yaml @@ -29,7 +29,7 @@ aaf: aai: enabled: true appc: - enabled: true + enabled: false cds: enabled: true clamp: diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index 0e2b13b473..028b43aef2 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -47,7 +47,7 @@ global: dockerHubRepository: &dockerHubRepository docker.io elasticRepository: &elasticRepository docker.elastic.co googleK8sRepository: k8s.gcr.io - + githubContainerRegistry: ghcr.io #/!\ DEPRECATED /!\ # Legacy repositories which will be removed at the end of migration. diff --git a/kubernetes/platform/components/chartmuseum/Chart.yaml b/kubernetes/platform/components/chartmuseum/Chart.yaml new file mode 100644 index 0000000000..1aa8d929d5 --- /dev/null +++ b/kubernetes/platform/components/chartmuseum/Chart.yaml @@ -0,0 +1,21 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 AT&T. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: v1 +description: ONAP Chart Museum +name: chartmuseum +version: 8.0.0 diff --git a/kubernetes/platform/components/chartmuseum/requirements.yaml b/kubernetes/platform/components/chartmuseum/requirements.yaml new file mode 100644 index 0000000000..07ac4b4224 --- /dev/null +++ b/kubernetes/platform/components/chartmuseum/requirements.yaml @@ -0,0 +1,29 @@ +#============LICENSE_START======================================================== +# Copyright (c) 2021 AT&T. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +dependencies: + - name: common + version: ~8.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~8.x-0 + repository: '@local' + - name: readinessCheck + version: ~8.x-0 + repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' \ No newline at end of file diff --git a/kubernetes/platform/components/chartmuseum/templates/deployment.yaml b/kubernetes/platform/components/chartmuseum/templates/deployment.yaml new file mode 100644 index 0000000000..cc07f27bb1 --- /dev/null +++ b/kubernetes/platform/components/chartmuseum/templates/deployment.yaml @@ -0,0 +1,83 @@ +{{/* +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 AT&T. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + replicas: 1 + selector: {{- include "common.selectors" . | nindent 4 }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + {{ include "common.podSecurityContext" . | indent 7 | trim}} + initContainers: + - name: volume-permissions + image: {{ include "repositoryGenerator.image.busybox" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - sh + args: + - "-c" + - | + chown -R {{ .Values.securityContext.user_id }}:{{ .Values.securityContext.group_id }} //chartmuseum-persist + securityContext: + runAsUser: 0 + volumeMounts: + - name: chart-persistent + mountPath: "/chartmuseum-persist" + containers: + - name: {{ include "common.name" . }} + image: {{ include "repositoryGenerator.githubContainerRegistry" . }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{ include "common.containerSecurityContext" . | indent 12 | trim }} + resources: {{ include "common.resources" . | nindent 12 }} + ports: {{ include "common.containerPorts" . | nindent 12 }} + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + httpGet: + path: {{ .Values.liveness.path }} + port: {{ .Values.liveness.port }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end }} + env: + - name: STORAGE + value: local + - name: STORAGE_LOCAL_ROOTDIR + value: "/chartmuseum-persist" + - name: BASIC_AUTH_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "registrycred" "key" "login") | indent 14 }} + - name: BASIC_AUTH_PASS + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "registrycred" "key" "password") | indent 14 }} + volumeMounts: + - mountPath: /chartmuseum-persist + name: chart-persistent + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} + volumes: + - name: chart-persistent + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ include "common.fullname" . }} + {{- else }} + emptyDir: {} + {{- end }} + + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" \ No newline at end of file diff --git a/kubernetes/platform/components/chartmuseum/templates/pv.yaml b/kubernetes/platform/components/chartmuseum/templates/pv.yaml new file mode 100644 index 0000000000..a05ebfb207 --- /dev/null +++ b/kubernetes/platform/components/chartmuseum/templates/pv.yaml @@ -0,0 +1,20 @@ +{{/* +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +*/}} + +{{ include "common.PV" . }} \ No newline at end of file diff --git a/kubernetes/platform/components/chartmuseum/templates/pvc.yaml b/kubernetes/platform/components/chartmuseum/templates/pvc.yaml new file mode 100644 index 0000000000..2bd21dde5c --- /dev/null +++ b/kubernetes/platform/components/chartmuseum/templates/pvc.yaml @@ -0,0 +1,19 @@ +{{/* +################################################################################ +# Copyright (c) 2021 AT&T # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ +*/}} + +{{ include "common.PVC" . }} \ No newline at end of file diff --git a/kubernetes/platform/components/chartmuseum/templates/secret.yaml b/kubernetes/platform/components/chartmuseum/templates/secret.yaml new file mode 100644 index 0000000000..c8fbd04150 --- /dev/null +++ b/kubernetes/platform/components/chartmuseum/templates/secret.yaml @@ -0,0 +1,21 @@ +{{/* +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2017-2020 AT&T Intellectual Property. All rights reserved. +# Modifications Copyright © 2018 Amdocs, Bell Canada +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/platform/components/chartmuseum/templates/service.yaml b/kubernetes/platform/components/chartmuseum/templates/service.yaml new file mode 100644 index 0000000000..40aaa735e2 --- /dev/null +++ b/kubernetes/platform/components/chartmuseum/templates/service.yaml @@ -0,0 +1,20 @@ +{{/* +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 AT&T. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +*/}} + +{{ include "common.service" . }} diff --git a/kubernetes/platform/components/chartmuseum/values.yaml b/kubernetes/platform/components/chartmuseum/values.yaml new file mode 100644 index 0000000000..05a8b1537b --- /dev/null +++ b/kubernetes/platform/components/chartmuseum/values.yaml @@ -0,0 +1,97 @@ +#============LICENSE_START======================================================== +#================================================================================= +# Copyright (c) 2021 AT&T. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +# Global values +global: + pullPolicy: Always + persistence: {} + githubContainerRegistry: ghcr.io +image: helm/chartmuseum:v0.13.1 +containerPort: &cont_port 8080 + + +# Secrets Configuration. +secrets: + - uid: registrycred + type: basicAuth + login: '{{ .Values.registryCred.username }}' + password: '{{ .Values.registryCred.password }}' + passwordPolicy: required + + +# service configuration +service: + type: ClusterIP + name: chart-museum + ports: + - port: 80 + internal_port: *cont_port + name: &port http + +chartsMap: + directory: "/charts/components/" + +liveness: + initialDelaySeconds: 30 + periodSeconds: 30 + path: /health + port: *port + enabled: true + +# Below parameter should match setting in all clients +# including contrib\tools\registry-initialize.sh +# which does preload +registryCred: + username: onapinitializer + password: demo123456! + +# Parameters for persistent storage +persistence: + enabled: true + accessMode: ReadWriteOnce + size: 4Gi + mountPath: /dockerdata-nfs + mountSubPath: chartmuseum/data + volumeReclaimPolicy: Retain + + +serviceAccount: + nameOverride: chartmuseum + roles: + - read + +securityContext: + user_id: 2000 + group_id: 3000 + +flavor: small +resources: + small: + limits: + cpu: 1 + memory: 1Gi + requests: + cpu: 0.5 + memory: 512Mi + large: + limits: + cpu: 2 + memory: 2Gi + requests: + cpu: 1 + memory: 1Gi + unlimited: {} \ No newline at end of file diff --git a/kubernetes/platform/requirements.yaml b/kubernetes/platform/requirements.yaml index 84ad7f8699..ce3310151f 100644 --- a/kubernetes/platform/requirements.yaml +++ b/kubernetes/platform/requirements.yaml @@ -22,3 +22,6 @@ dependencies: - name: cmpv2-cert-provider version: ~8.x-0 repository: 'file://components/cmpv2-cert-provider' + - name: chartmuseum + version: ~8.x-0 + repository: 'file://components/chartmuseum' \ No newline at end of file diff --git a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh index 65b9636891..40341bec11 100644 --- a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh +++ b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh @@ -109,11 +109,11 @@ docker_temp_server_start() { for i in {30..0}; do # only use the root password if the database has already been initializaed # so that it won't try to fill in a password file when it hasn't been set yet - extraArgs=() + extraArgs="" if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - extraArgs=${extraArgs}( '--dont-use-mysql-root-password' ) + extraArgs=${extraArgs}" --dont-use-mysql-root-password" fi - if echo 'SELECT 1' |docker_process_sql "${extraArgs[@]}" --database=mysql >/dev/null 2>&1; then + if echo 'SELECT 1' |docker_process_sql ${extraArgs} --database=mysql >/dev/null 2>&1; then break fi sleep 1 @@ -156,15 +156,15 @@ docker_create_db_directories() { # initializes the database directory docker_init_database_dir() { mysql_note "Initializing database files" - installArgs=( --datadir="$DATADIR" --rpm ) + installArgs=" --datadir=$DATADIR --rpm " if { mysql_install_db --help || :; } | grep -q -- '--auth-root-authentication-method'; then # beginning in 10.4.3, install_db uses "socket" which only allows system user root to connect, switch back to "normal" to allow mysql root without a password # see https://github.com/MariaDB/server/commit/b9f3f06857ac6f9105dc65caae19782f09b47fb3 # (this flag doesn't exist in 10.0 and below) - installArgs=${installArgs}( --auth-root-authentication-method=normal ) + installArgs=${installArgs}" --auth-root-authentication-method=normal" fi # "Other options are passed to mysqld." (so we pass all "mysqld" arguments directly here) - mysql_install_db "${installArgs[@]}" "${@:2}" + mysql_install_db ${installArgs} "${@:2}" mysql_note "Database files initialized" } @@ -195,9 +195,9 @@ docker_setup_env() { # ie: docker_process_sql --database=mydb <<<'INSERT ...' # ie: docker_process_sql --dont-use-mysql-root-password --database=mydb