From: Sylvain Desbureaux Date: Thu, 9 Sep 2021 12:54:16 +0000 (+0000) Subject: Merge "[OOM] Update Linux SSL Truststore /etc/ssl" X-Git-Tag: 9.0.0~137 X-Git-Url: https://gerrit.onap.org/r/gitweb?p=oom.git;a=commitdiff_plain;h=c52cc3078f5efacc06a240c07cd7caf55da1afd1;hp=3dc8cc2b34ad03b027a07c65e2ed39b3162f9a1f Merge "[OOM] Update Linux SSL Truststore /etc/ssl" --- diff --git a/TOSCA/ONAP_TOSCA/onap_tosca.yaml b/TOSCA/ONAP_TOSCA/onap_tosca.yaml index a48f4bc246..e63901d35f 100644 --- a/TOSCA/ONAP_TOSCA/onap_tosca.yaml +++ b/TOSCA/ONAP_TOSCA/onap_tosca.yaml @@ -50,7 +50,7 @@ node_templates: chart-version: { get_input: chart-version } namespace: { get_input: namespace } stable-repo-url: { get_input: stable-repo-url} - config: '{ "aaf": {"enabled": false}, "aai": {"enabled": false}, "appc": {"enabled": false}, "clamp": {"enabled": false}, "cli": {"enabled": false}, "consul": {"enabled": false}, "dcaegen2": {"enabled": false}, "dmaap": {"enabled": false}, "esr": {"enabled": false}, "log": {"enabled": false}, "sniro-emulator": {"enabled": false}, "msb": {"enabled": false}, "multicloud": {"enabled": false}, "nbi": {"enabled": false}, "oof": {"enabled": false}, "policy": {"enabled": false}, "pomba": {"enabled": false}, "portal": {"enabled": false}, "robot": {"enabled": false}, "sdc": {"enabled": false}, "sdnc": {"enabled": false}, "so": {"enabled": false}, "uui": {"enabled": false}, "vfc": {"enabled": false}, "vid": {"enabled": false}, "vnfsdk": {"enabled": false} }' + config: '{ "aaf": {"enabled": false}, "aai": {"enabled": false}, "appc": {"enabled": false}, "clamp": {"enabled": false}, "cli": {"enabled": false}, "consul": {"enabled": false}, "dcaegen2": {"enabled": false}, "dmaap": {"enabled": false}, "log": {"enabled": false}, "sniro-emulator": {"enabled": false}, "msb": {"enabled": false}, "multicloud": {"enabled": false}, "nbi": {"enabled": false}, "oof": {"enabled": false}, "policy": {"enabled": false}, "pomba": {"enabled": false}, "portal": {"enabled": false}, "robot": {"enabled": false}, "sdc": {"enabled": false}, "sdnc": {"enabled": false}, "so": {"enabled": false}, "uui": {"enabled": false}, "vfc": {"enabled": false}, "vid": {"enabled": false}, "vnfsdk": {"enabled": false} }' aaf: type: onap.nodes.component @@ -179,20 +179,6 @@ node_templates: - type: cloudify.relationships.connected_to target: onap_env - esr: - type: onap.nodes.component - properties: - tiller-server-ip: { get_input: tiller-server-ip } - tiller-server-port: { get_input: tiller-server-port } - component-name: esr - chart-repo-url: { get_input: chart-repo-url } - chart-version: { get_input: chart-version } - namespace: { get_input: namespace } - stable-repo-url: { get_input: stable-repo-url} - relationships: - - type: cloudify.relationships.connected_to - target: onap_env - log: type: onap.nodes.component properties: @@ -429,4 +415,4 @@ node_templates: stable-repo-url: { get_input: stable-repo-url} relationships: - type: cloudify.relationships.connected_to - target: onap_env \ No newline at end of file + target: onap_env diff --git a/docs/environments_onap_demo.yaml b/docs/environments_onap_demo.yaml index 9862ceab6c..8b697cbda2 100644 --- a/docs/environments_onap_demo.yaml +++ b/docs/environments_onap_demo.yaml @@ -48,8 +48,6 @@ cps: enabled: false dcaegen2: enabled: false -esr: - enabled: false log: enabled: false message-router: diff --git a/docs/helm-search.txt b/docs/helm-search.txt index 4d23cc0c4f..7fa7621e30 100644 --- a/docs/helm-search.txt +++ b/docs/helm-search.txt @@ -14,7 +14,6 @@ local/cps 8.0.0 ONAP Configuration Persistene S local/dcaegen2 8.0.0 ONAP DCAE Gen2 local/dgbuilder 8.0.0 D.G. Builder application local/dmaap 8.0.0 ONAP DMaaP components -local/esr 8.0.0 ONAP External System Register local/log 8.0.0 ONAP Logging ElasticStack local/mariadb-galera 8.0.0 Chart for MariaDB Galera cluster local/mongo 8.0.0 MongoDB Server diff --git a/docs/release-notes-honolulu.rst b/docs/release-notes-honolulu.rst new file mode 100644 index 0000000000..0c8d81f164 --- /dev/null +++ b/docs/release-notes-honolulu.rst @@ -0,0 +1,162 @@ +.. This work is licensed under a Creative Commons Attribution 4.0 + International License. +.. http://creativecommons.org/licenses/by/4.0 +.. (c) ONAP Project and its contributors +.. _release_notes_honolulu: + +:orphan: + +************************************* +ONAP Operations Manager Release Notes +************************************* + +Previous Release Notes +====================== + +- :ref:`Guilin ` +- :ref:`Frankfurt ` +- :ref:`El Alto ` +- :ref:`Dublin ` +- :ref:`Casablanca ` +- :ref:`Beijing ` +- :ref:`Amsterdam ` + +Abstract +======== + +This document provides the release notes for the Honolulu release. + +Summary +======= + +The focus of this release is to strengthen the foundation of OOM installer. + +Release Data +============ + ++--------------------------------------+--------------------------------------+ +| **Project** | OOM | +| | | ++--------------------------------------+--------------------------------------+ +| **Docker images** | N/A | +| | | ++--------------------------------------+--------------------------------------+ +| **Release designation** | Honolulu | +| | | ++--------------------------------------+--------------------------------------+ +| **Release date** | 2021/04/29 | +| | | ++--------------------------------------+--------------------------------------+ + +New features +------------ + +* Kubernetes support for version up to 1.20 +* Helm support for version up to 3.5 +* Limits are set for most of the components +* Portal-Cassandra image updated to Bitnami, supporting IPv4/IPv6 Dual Stack +* CMPv2 external issuer implemented which extends Cert-Manager with ability to + enroll X.509 certificates from CMPv2 servers +* New version for mariadb galera using Bitnami image, supporting IPv4/IPv6 Dual + Stack +* Bump version of common PostgreSQL and ElasticSearch +* Move to automatic certificates retrieval for 80% of the components +* Consistent retrieval of docker images, with ability to configure proxy for + the 4 repositories used by ONAP + +**Bug fixes** + +A list of issues resolved in this release can be found here: +https://jira.onap.org/projects/OOM/versions/11073 + +major issues solved: + +* Better handling of persistence on PostgreSQL +* Better Ingress templating +* Better Service templating + +**Known Issues** + +- `OOM-2554 `_ Common pods have java 8 +- `OOM-2435 `_ SDNC karaf shell: + log:list: Error executing command: Unrecognized configuration +- `OOM-2629 `_ NetBox demo entry setup + not complete +- `OOM-2706 `_ CDS Blueprint Processor + does not work with local DB +- `OOM-2713 `_ Problem on onboarding + custom cert to SDNC ONAP during deployment +- `OOM-2698 `_ SO helm override fails in + for value with multi-level replacement +- `OOM-2697 `_ SO with local MariaDB + deployment fails +- `OOM-2538 `_ strange error with + CertInitializer template +- `OOM-2547 `_ Health Check failures + seen after bringing down/up control plane & worker node VM instances on which + ONAP hosted +- `OOM-2699 `_ SO so-mariadb + readinessCheck fails for local MariaDB instance +- `OOM-2705 `_ SDNC DB installation fails + on local MariaDB instance +- `OOM-2603 `_ [SDNC] allign password for + scaleoutUser/restconfUser/odlUser + +Deliverables +------------ + +Software Deliverables +~~~~~~~~~~~~~~~~~~~~~ + +OOM provides `Helm charts `_ that needs to be +"compiled" into Helm package. see step 6 in +:doc:`quickstart guide `. + +Documentation Deliverables +~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- :doc:`Project Description ` +- :doc:`Cloud Setup Guide ` +- :doc:`Quick Start Guide ` +- :doc:`Setup Ingress Controller ` +- :doc:`Developer Guide ` +- :doc:`Hardcoded Certificates ` + +Known Limitations, Issues and Workarounds +========================================= + +Known Vulnerabilities +--------------------- + +- Hard coded password used for all OOM deployments + [`OJSI-188 `_] +- :doc:`Hard coded certificates ` in Helm packages + +Workarounds +----------- + +- ``_ + Workaround is to generate a password with "short" strenght or pregenerate + passwords without single quote in it. Default deployment is using "short" + password generation for mariadb. + +Security Notes +-------------- + +**Fixed Security Issues** + +References +========== + +For more information on the ONAP Frankfurt release, please see: + +#. `ONAP Home Page`_ +#. `ONAP Documentation`_ +#. `ONAP Release Downloads`_ +#. `ONAP Wiki Page`_ + + +.. _`ONAP Home Page`: https://www.onap.org +.. _`ONAP Wiki Page`: https://wiki.onap.org +.. _`ONAP Documentation`: https://docs.onap.org +.. _`ONAP Release Downloads`: https://git.onap.org diff --git a/docs/release-notes.rst b/docs/release-notes.rst index ae0ea457f5..730acd5eea 100644 --- a/docs/release-notes.rst +++ b/docs/release-notes.rst @@ -11,6 +11,7 @@ ONAP Operations Manager Release Notes Previous Release Notes ====================== +- :ref:`Honolulu ` - :ref:`Guilin ` - :ref:`Frankfurt ` - :ref:`El Alto ` @@ -22,12 +23,12 @@ Previous Release Notes Abstract ======== -This document provides the release notes for the Honolulu release. +This document provides the release notes for the Istanbul release. Summary ======= -The focus of this release is to strengthen the foundation of OOM installer. + Release Data ============ @@ -39,66 +40,25 @@ Release Data | **Docker images** | N/A | | | | +--------------------------------------+--------------------------------------+ -| **Release designation** | Honolulu | +| **Release designation** | Istanbul | | | | +--------------------------------------+--------------------------------------+ -| **Release date** | 2021/04/29 | +| **Release date** | | | | | +--------------------------------------+--------------------------------------+ New features ------------ -* Kubernetes support for version up to 1.20 -* Helm support for version up to 3.5 -* Limits are set for most of the components -* Portal-Cassandra image updated to Bitnami, supporting IPv4/IPv6 Dual Stack -* CMPv2 external issuer implemented which extends Cert-Manager with ability to - enroll X.509 certificates from CMPv2 servers -* New version for mariadb galera using Bitnami image, supporting IPv4/IPv6 Dual - Stack -* Bump version of common PostgreSQL and ElasticSearch -* Move to automatic certificates retrieval for 80% of the components -* Consistent retrieval of docker images, with ability to configure proxy for - the 4 repositories used by ONAP **Bug fixes** A list of issues resolved in this release can be found here: -https://jira.onap.org/projects/OOM/versions/11073 - -major issues solved: +https://jira.onap.org/projects/OOM/versions/11074 -* Better handling of persistence on PostgreSQL -* Better Ingress templating -* Better Service templating **Known Issues** -- `OOM-2554 `_ Common pods have java 8 -- `OOM-2435 `_ SDNC karaf shell: - log:list: Error executing command: Unrecognized configuration -- `OOM-2629 `_ NetBox demo entry setup - not complete -- `OOM-2706 `_ CDS Blueprint Processor - does not work with local DB -- `OOM-2713 `_ Problem on onboarding - custom cert to SDNC ONAP during deployment -- `OOM-2698 `_ SO helm override fails in - for value with multi-level replacement -- `OOM-2697 `_ SO with local MariaDB - deployment fails -- `OOM-2538 `_ strange error with - CertInitializer template -- `OOM-2547 `_ Health Check failures - seen after bringing down/up control plane & worker node VM instances on which - ONAP hosted -- `OOM-2699 `_ SO so-mariadb - readinessCheck fails for local MariaDB instance -- `OOM-2705 `_ SDNC DB installation fails - on local MariaDB instance -- `OOM-2603 `_ [SDNC] allign password for - scaleoutUser/restconfUser/odlUser Deliverables ------------ @@ -126,17 +86,25 @@ Known Limitations, Issues and Workarounds Known Vulnerabilities --------------------- -- Hard coded password used for all OOM deployments - [`OJSI-188 `_] -- :doc:`Hard coded certificates ` in Helm packages Workarounds ----------- -- ``_ - Workaround is to generate a password with "short" strenght or pregenerate - passwords without single quote in it. Default deployment is using "short" - password generation for mariadb. +- `OOM-2754 `_ + Because of *updateEndpoint* property added to *cmpv2issuer* CRD + it is impossible to upgrade platform component from Honolulu to Istanbul + release without manual steps. Actions that should be performed: + + #. Update the CRD definition:: + + > kubectl -n onap apply -f cmpv2-cert-provider/crds/cmpv2issuer.yaml + #. Upgrade the component + #. Make sure that *cmpv2issuer* contains correct value for + *spec.updateEndpoint*. The value should be: *v1/certificate-update*. + If it's not, edit the resource:: + + > kubectl -n onap edit cmpv2issuer cmpv2-issuer-onap + Security Notes -------------- @@ -146,7 +114,7 @@ Security Notes References ========== -For more information on the ONAP Frankfurt release, please see: +For more information on the ONAP Istanbul release, please see: #. `ONAP Home Page`_ #. `ONAP Documentation`_ diff --git a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml index 791bf61004..45e4802ede 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml @@ -32,6 +32,12 @@ metadata: heritage: {{ .Release.Service }} spec: replicas: {{ .Values.replicaCount }} + minReadySeconds: {{ .Values.minReadySeconds }} + strategy: + type: {{ .Values.updateStrategy.type }} + rollingUpdate: + maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }} + maxSurge: {{ .Values.updateStrategy.maxSurge }} selector: matchLabels: app: {{ include "common.name" . }} @@ -45,6 +51,7 @@ spec: checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} spec: hostname: aai-graphadmin + terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }} {{ if .Values.global.initContainers.enabled }} initContainers: - command: @@ -89,6 +96,10 @@ spec: value: {{ .Values.global.config.userId | quote }} - name: LOCAL_GROUP_ID value: {{ .Values.global.config.groupId | quote }} + - name: INTERNAL_PORT_1 + value: {{ .Values.service.internalPort | quote }} + - name: INTERNAL_PORT_2 + value: {{ .Values.service.internalPort2 | quote }} volumeMounts: - mountPath: /etc/localtime name: localtime @@ -125,6 +136,18 @@ spec: ports: - containerPort: {{ .Values.service.internalPort }} - containerPort: {{ .Values.service.internalPort2 }} + lifecycle: + # wait for active requests (long-running tasks) to be finished + # Before the SIGTERM is invoked, Kubernetes exposes a preStop hook in the Pod. + preStop: + exec: + command: + - sh + - -c + - | + while (netstat -an | grep ESTABLISHED | grep -e $INTERNAL_PORT_1 -e $INTERNAL_PORT_2) + do sleep 10 + done # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container {{ if .Values.liveness.enabled }} diff --git a/kubernetes/aai/components/aai-graphadmin/values.yaml b/kubernetes/aai/components/aai-graphadmin/values.yaml index 03d034bf05..c29004e837 100644 --- a/kubernetes/aai/components/aai-graphadmin/values.yaml +++ b/kubernetes/aai/components/aai-graphadmin/values.yaml @@ -125,6 +125,14 @@ flavor: small flavorOverride: small # default number of instances replicaCount: 1 +# the minimum number of seconds that a newly created Pod should be ready +minReadySeconds: 30 +updateStrategy: + type: RollingUpdate + # The number of pods that can be unavailable during the update process + maxUnavailable: 0 + # The number of pods that can be created above the desired amount of pods during an update + maxSurge: 1 # Configuration for the graphadmin deployment config: @@ -204,6 +212,7 @@ service: internalPort: 8449 portName2: aai-graphadmin-5005 internalPort2: 5005 + terminationGracePeriodSeconds: 120 ingress: enabled: false diff --git a/kubernetes/aai/components/aai-resources/templates/deployment.yaml b/kubernetes/aai/components/aai-resources/templates/deployment.yaml index 501a706f47..fd4b1c3dc1 100644 --- a/kubernetes/aai/components/aai-resources/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-resources/templates/deployment.yaml @@ -29,6 +29,12 @@ metadata: heritage: {{ .Release.Service }} spec: replicas: {{ .Values.replicaCount }} + minReadySeconds: {{ .Values.minReadySeconds }} + strategy: + type: {{ .Values.updateStrategy.type }} + rollingUpdate: + maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }} + maxSurge: {{ .Values.updateStrategy.maxSurge }} selector: matchLabels: app: {{ include "common.name" . }} @@ -72,6 +78,7 @@ spec: {{- end }} spec: hostname: aai-resources + terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }} initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} - name: {{ include "common.name" . }}-readiness command: @@ -125,6 +132,10 @@ spec: value: '-Djavax.net.ssl.trustStore={{ .Values.certInitializer.credsPath }}/truststoreONAPall.jks -Djavax.net.ssl.trustStorePassword={{ .Values.certInitializer.truststorePassword }}' - name: TRUSTORE_ALL_PASSWORD value: {{ .Values.certInitializer.truststorePassword }} + - name: INTERNAL_PORT_1 + value: {{ .Values.service.internalPort | quote }} + - name: INTERNAL_PORT_2 + value: {{ .Values.service.internalPort2 | quote }} volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} - mountPath: /etc/localtime name: localtime @@ -173,6 +184,18 @@ spec: ports: - containerPort: {{ .Values.service.internalPort }} - containerPort: {{ .Values.service.internalPort2 }} + lifecycle: + # wait for active requests (long-running tasks) to be finished + # Before the SIGTERM is invoked, Kubernetes exposes a preStop hook in the Pod. + preStop: + exec: + command: + - sh + - -c + - | + while (netstat -an | grep ESTABLISHED | grep -e $INTERNAL_PORT_1 -e $INTERNAL_PORT_2) + do sleep 10 + done # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container {{- if .Values.liveness.enabled }} diff --git a/kubernetes/aai/components/aai-resources/values.yaml b/kubernetes/aai/components/aai-resources/values.yaml index c2658a5503..2ec78c57c4 100644 --- a/kubernetes/aai/components/aai-resources/values.yaml +++ b/kubernetes/aai/components/aai-resources/values.yaml @@ -161,6 +161,14 @@ flavor: small flavorOverride: small # default number of instances replicaCount: 1 +# the minimum number of seconds that a newly created Pod should be ready +minReadySeconds: 30 +updateStrategy: + type: RollingUpdate + # The number of pods that can be unavailable during the update process + maxUnavailable: 0 + # The number of pods that can be created above the desired amount of pods during an update + maxSurge: 1 # Configuration for the resources deployment config: @@ -220,6 +228,7 @@ service: internalPort: 8447 portName2: aai-resources-5005 internalPort2: 5005 + terminationGracePeriodSeconds: 120 ingress: enabled: false diff --git a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml index 037f811f44..277fb4bfbb 100644 --- a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml @@ -29,6 +29,12 @@ metadata: heritage: {{ .Release.Service }} spec: replicas: {{ .Values.replicaCount }} + minReadySeconds: {{ .Values.minReadySeconds }} + strategy: + type: {{ .Values.updateStrategy.type }} + rollingUpdate: + maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }} + maxSurge: {{ .Values.updateStrategy.maxSurge }} selector: matchLabels: app: {{ include "common.name" . }} @@ -91,6 +97,7 @@ spec: {{- end }} spec: hostname: aai-traversal + terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }} initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} - command: - /app/ready.py @@ -144,6 +151,10 @@ spec: value: {{ .Values.global.config.userId | quote }} - name: LOCAL_GROUP_ID value: {{ .Values.global.config.groupId | quote }} + - name: INTERNAL_PORT_1 + value: {{ .Values.service.internalPort | quote }} + - name: INTERNAL_PORT_2 + value: {{ .Values.service.internalPort2 | quote }} volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} - mountPath: /etc/localtime name: localtime @@ -194,6 +205,18 @@ spec: ports: - containerPort: {{ .Values.service.internalPort }} - containerPort: {{ .Values.service.internalPort2 }} + lifecycle: + # wait for active requests (long-running tasks) to be finished + # Before the SIGTERM is invoked, Kubernetes exposes a preStop hook in the Pod. + preStop: + exec: + command: + - sh + - -c + - | + while (netstat -an | grep ESTABLISHED | grep -e $INTERNAL_PORT_1 -e $INTERNAL_PORT_2) + do sleep 10 + done # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container {{ if .Values.liveness.enabled }} diff --git a/kubernetes/aai/components/aai-traversal/values.yaml b/kubernetes/aai/components/aai-traversal/values.yaml index 297de15308..7ad96005ad 100644 --- a/kubernetes/aai/components/aai-traversal/values.yaml +++ b/kubernetes/aai/components/aai-traversal/values.yaml @@ -145,6 +145,14 @@ pullPolicy: Always restartPolicy: Always flavor: small flavorOverride: small +# the minimum number of seconds that a newly created Pod should be ready +minReadySeconds: 30 +updateStrategy: + type: RollingUpdate + # The number of pods that can be unavailable during the update process + maxUnavailable: 0 + # The number of pods that can be created above the desired amount of pods during an update + maxSurge: 1 api_list: - 11 @@ -245,6 +253,7 @@ service: internalPort: 8446 portName2: aai-traversal-5005 internalPort2: 5005 + terminationGracePeriodSeconds: 120 ingress: enabled: false diff --git a/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh b/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh index 0667ae214e..fa3de03ece 100755 --- a/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh +++ b/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh @@ -38,10 +38,10 @@ for f in $CERTS_DIR/*; do # Dont use onap truststore when aaf is disabled continue fi - if [ ${f: -3} = ".sh" ]; then + if echo $f | grep '\.sh$' >/dev/null; then continue fi - if [ ${f: -4} = ".b64" ] + if echo $f | grep '\.b64$' >/dev/null; then then base64 -d $f > $WORK_DIR/`basename $f .b64` else @@ -50,8 +50,7 @@ for f in $CERTS_DIR/*; do done for f in $MORE_CERTS_DIR/*; do - if [ ${f: -4} == ".pem" ] - then + if echo $f | grep '\.pem$' >/dev/null; then cp $f $WORK_DIR/. fi done @@ -68,7 +67,7 @@ fi # Import Custom Certificates for f in $WORK_DIR/*; do - if [ ${f: -4} = ".pem" ]; then + if echo $f | grep '\.pem$' >/dev/null; then echo "importing certificate: $f" keytool -import -file $f -alias `basename $f` -keystore $WORK_DIR/$TRUSTSTORE_OUTPUT_FILENAME -storepass $TRUSTSTORE_PASSWORD -noprompt if [ $? != 0 ]; then diff --git a/kubernetes/common/cmpv2Config/values.yaml b/kubernetes/common/cmpv2Config/values.yaml index 02595b348d..4b8438ace2 100644 --- a/kubernetes/common/cmpv2Config/values.yaml +++ b/kubernetes/common/cmpv2Config/values.yaml @@ -35,5 +35,5 @@ global: truststorePasswordSecretName: oom-cert-service-truststore-password truststorePasswordSecretKey: password certPostProcessor: - image: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.3.3 + image: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.4.0 diff --git a/kubernetes/common/common/templates/_serviceMonitor.tpl b/kubernetes/common/common/templates/_serviceMonitor.tpl new file mode 100644 index 0000000000..eb6c047c2f --- /dev/null +++ b/kubernetes/common/common/templates/_serviceMonitor.tpl @@ -0,0 +1,166 @@ +{{/* +# Copyright © 2021 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{/* + Resolve the name of a chart's serviceMonitor. + + The default will be the chart name (or $dot.Values.nameOverride if set). + And the use of .Values.metrics.serviceMonitor.name overrides all. + + - .Values.metrics.serviceMonitor.name: override default serviceMonitor (ie. chart) name + Example values file addition: + metrics: + serviceMonitor: + enabled: true + port: blueprints-processor-http + ## specify target port if name is not given to the port in the service definition + ## + # targetPort: 8080 + path: /metrics + basicAuth: + enabled: false + externalSecretName: mysecretname + externalSecretUserKey: login + externalSecretPasswordKey: password + + ## Namespace in which Prometheus is running + ## + # namespace: monitoring + + ## Interval at which metrics should be scraped. + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + # interval: 60s + + ## Timeout after which the scrape is ended + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + # scrapeTimeout: 10s + + ## ServiceMonitor selector labels + ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration + ## + selector: + app: '{{ include "common.name" . }}' + chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' + release: '{{ include "common.release" . }}' + heritage: '{{ .Release.Service }}' + + ## RelabelConfigs to apply to samples before scraping + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig + ## Value is evalued as a template + ## + relabelings: [] + + ## MetricRelabelConfigs to apply to samples before ingestion + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig + ## Value is evalued as a template + ## + metricRelabelings: [] + # - sourceLabels: + # - "__name__" + # targetLabel: "__name__" + # action: replace + # regex: '(.*)' + # replacement: 'example_prefix_$1' + +*/}} +{{/* + Expand the serviceMonitor name for a chart. +*/}} +{{- define "common.serviceMonitorName" -}} + {{- $name := default .Chart.Name .Values.nameOverride -}} + {{- default $name .Values.metrics.serviceMonitor.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* Define the metadata of serviceMonitor + The function takes from one to four arguments (inside a dictionary): + - .dot : environment (.) + - .suffix : a string which will be added at the end of the name (with a '-'). + - .annotations: the annotations to add + - .labels : labels to add + Usage example: + {{ include "common.serviceMonitorMetadata" ( dict "suffix" "myService" "dot" .) }} + {{ include "common.serviceMonitorMetadata" ( dict "annotations" .Values.metrics.serviceMonitor.annotation "dot" .) }} +*/}} + +{{- define "common.serviceMonitorMetadata" -}} +{{- $dot := default . .dot -}} +{{- $annotations := default "" .annotations -}} +{{- $labels := default (dict) .labels -}} +{{- if $annotations -}} +annotations: +{{ include "common.tplValue" (dict "value" $annotations "context" $dot) | indent 2 }} +{{- end }} +name: {{ include "common.serviceMonitorName" $dot }} +{{- if $dot.Values.metrics.serviceMonitor.namespace }} +namespace: {{ $dot.Values.metrics.serviceMonitor.namespace }} +{{- else }} +namespace: {{ include "common.namespace" $dot }} +{{- end }} +labels: {{- include "common.labels" (dict "labels" $labels "dot" $dot) | nindent 2 }} +{{- end -}} + +{{/* + Create service monitor template +*/}} +{{- define "common.serviceMonitor" -}} +{{- $dot := default . .dot -}} +{{- $labels := default (dict) .labels -}} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: +{{- include "common.serviceMonitorMetadata" $dot | nindent 2 }} +spec: + endpoints: + - path: {{ default "/metrics" $dot.Values.metrics.serviceMonitor.path }} + {{- if $dot.Values.metrics.serviceMonitor.port }} + port: {{ $dot.Values.metrics.serviceMonitor.port }} + {{- else if $dot.Values.metrics.serviceMonitor.targetPort }} + targetPort: {{ $dot.Values.metrics.serviceMonitor.targetPort }} + {{- else }} + port: metrics + {{- end }} + {{- if $dot.Values.metrics.serviceMonitor.basicAuth.enabled }} + basicAuth: + username: + key: {{ $dot.Values.metrics.serviceMonitor.basicAuth.externalSecretUserKey }} + name: {{ $dot.Values.metrics.serviceMonitor.basicAuth.externalSecretName }} + password: + key: {{ $dot.Values.metrics.serviceMonitor.basicAuth.externalSecretPasswordKey }} + name: {{ $dot.Values.metrics.serviceMonitor.basicAuth.externalSecretName }} + {{- end }} + {{- if $dot.Values.metrics.serviceMonitor.interval }} + interval: {{ $dot.Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if $dot.Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ $dot.Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if $dot.Values.metrics.serviceMonitor.relabelings }} + relabelings: {{- include "common.tplValue" ( dict "value" $dot.Values.metrics.serviceMonitor.relabelings "context" $dot) | nindent 6 }} + {{- end }} + {{- if $dot.Values.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- include "common.tplValue" ( dict "value" $dot.Values.metrics.serviceMonitor.metricRelabelings "context" $dot) | nindent 6 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ include "common.namespace" $dot }} + selector: + {{- if $dot.Values.metrics.serviceMonitor.selector }} + matchLabels: {{- include "common.tplValue" ( dict "value" $dot.Values.metrics.serviceMonitor.selector "context" $dot) | nindent 6 }} + {{- else }} + matchLabels: {{- include "common.labels" (dict "labels" $labels "dot" $dot) | nindent 6 }} + {{- end }} +{{- end -}} diff --git a/kubernetes/common/mariadb-galera/templates/servicemonitor.yaml b/kubernetes/common/mariadb-galera/templates/servicemonitor.yaml index 6c3b41f5a5..6d1ed40e13 100644 --- a/kubernetes/common/mariadb-galera/templates/servicemonitor.yaml +++ b/kubernetes/common/mariadb-galera/templates/servicemonitor.yaml @@ -1,5 +1,5 @@ {{/* -# Copyright © 2020 Bitnami, Orange +# Copyright © 2021 Bitnami, Orange, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,38 +14,6 @@ # limitations under the License. */}} -{{- if default false (and .Values.global.metrics.enabled .Values.global.metrics.custom_resources) }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "common.fullname" . }} - {{- if .Values.metrics.serviceMonitor.namespace }} - namespace: {{ .Values.metrics.serviceMonitor.namespace }} - {{- else }} - namespace: {{ include "common.namespace" . }} - {{- end }} - labels: {{- include "common.labels" . | nindent 4 }} - {{- range $key, $value := .Values.metrics.serviceMonitor.selector }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - selector: - matchLabels: {{- include "common.matchLabels" . | nindent 6 }} - endpoints: - - port: metrics - {{- if .Values.metrics.serviceMonitor.interval }} - interval: {{ .Values.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.relabelings }} - relabelings: {{- include "common.tplValue" ( dict "value" .Values.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.metricRelabelings }} - metricRelabelings: {{- include "common.tplValue" ( dict "value" .Values.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }} - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} +{{- if .Values.metrics.serviceMonitor.enabled }} +{{ include "common.serviceMonitor" . }} {{- end }} diff --git a/kubernetes/config/prepull_docker.sh b/kubernetes/config/prepull_docker.sh index 590d651f87..efd0bd14d3 100755 --- a/kubernetes/config/prepull_docker.sh +++ b/kubernetes/config/prepull_docker.sh @@ -102,7 +102,7 @@ do for line in `parse_yaml $filename` do #skiping commented line - if [ "${line:0:1}" != '#' ]; then + if echo "$line" | grep -v '^#' >/dev/null; then #find all image subtag inside converted values.yaml file's lines if echo $line | grep -q $IMAGE_TEXT ; then #find imageName inside line diff --git a/kubernetes/esr/Makefile b/kubernetes/consul/Makefile similarity index 96% rename from kubernetes/esr/Makefile rename to kubernetes/consul/Makefile index 4c79718d02..92102d2dfc 100644 --- a/kubernetes/esr/Makefile +++ b/kubernetes/consul/Makefile @@ -1,4 +1,4 @@ -# Copyright © 2020 Samsung Electronics +# Copyright © 2020 Samsung Electronics, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/kubernetes/esr/components/Makefile b/kubernetes/consul/components/Makefile similarity index 96% rename from kubernetes/esr/components/Makefile rename to kubernetes/consul/components/Makefile index bf267b7720..e9159f32a9 100644 --- a/kubernetes/esr/components/Makefile +++ b/kubernetes/consul/components/Makefile @@ -1,4 +1,4 @@ -# Copyright © 2020 Samsung Electronics +# Copyright © 2020 Samsung Electronics, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/kubernetes/consul/components/consul-server/requirements.yaml b/kubernetes/consul/components/consul-server/requirements.yaml index 7afdbc936e..e43236def8 100644 --- a/kubernetes/consul/components/consul-server/requirements.yaml +++ b/kubernetes/consul/components/consul-server/requirements.yaml @@ -20,3 +20,9 @@ dependencies: # a part of this chart's package and will not # be published independently to a repo (at this point) repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/consul/components/consul-server/templates/statefulset.yaml b/kubernetes/consul/components/consul-server/templates/statefulset.yaml index 16fda3a510..8e872b9c87 100644 --- a/kubernetes/consul/components/consul-server/templates/statefulset.yaml +++ b/kubernetes/consul/components/consul-server/templates/statefulset.yaml @@ -74,3 +74,4 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} resources: {{ include "common.resources" . | nindent 10 }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} diff --git a/kubernetes/consul/components/consul-server/values.yaml b/kubernetes/consul/components/consul-server/values.yaml index 48a26effd7..d4e649444a 100644 --- a/kubernetes/consul/components/consul-server/values.yaml +++ b/kubernetes/consul/components/consul-server/values.yaml @@ -92,3 +92,9 @@ securityContext: fsGroup: 1000 runAsUser: 100 runAsGroup: 1000 + +#Pods Service Account +serviceAccount: + nameOverride: consul-server + roles: + - read diff --git a/kubernetes/consul/requirements.yaml b/kubernetes/consul/requirements.yaml index 4d43035d04..1312294f29 100644 --- a/kubernetes/consul/requirements.yaml +++ b/kubernetes/consul/requirements.yaml @@ -26,4 +26,7 @@ dependencies: - name: consul-server version: ~8.x-0 repository: 'file://components/consul-server' - condition: cds-command-executor.enabled + condition: consul-server.enabled + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/consul/templates/deployment.yaml b/kubernetes/consul/templates/deployment.yaml index 31546abd49..c5d12a4693 100644 --- a/kubernetes/consul/templates/deployment.yaml +++ b/kubernetes/consul/templates/deployment.yaml @@ -83,6 +83,7 @@ spec: - mountPath: /consul/certs name: consul-agent-certs-config resources: {{ include "common.resources" . | nindent 10 }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: consul-agent-config-dir emptyDir: {} diff --git a/kubernetes/consul/values.yaml b/kubernetes/consul/values.yaml index 0f5d2861cc..e2aa181efb 100644 --- a/kubernetes/consul/values.yaml +++ b/kubernetes/consul/values.yaml @@ -109,3 +109,9 @@ securityContext: fsGroup: 1000 runAsUser: 100 runAsGroup: 1000 + +#Pods Service Account +serviceAccount: + nameOverride: consul + roles: + - read diff --git a/kubernetes/contrib/components/ejbca/requirements.yaml b/kubernetes/contrib/components/ejbca/requirements.yaml index 31db08aa3a..8762d969f9 100644 --- a/kubernetes/contrib/components/ejbca/requirements.yaml +++ b/kubernetes/contrib/components/ejbca/requirements.yaml @@ -26,3 +26,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: cmpv2Config + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh b/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh index ad10240b94..2c672e2f07 100755 --- a/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh +++ b/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh @@ -8,16 +8,31 @@ waitForEjbcaToStart() { } configureEjbca() { + ejbca.sh ca init \ + --caname ManagementCA \ + --dn "O=EJBCA Container Quickstart,CN=ManagementCA,UID=12345" \ + --tokenType soft \ + --keyspec 3072 \ + --keytype RSA \ + -v 3652 \ + --policy null \ + -s SHA256WithRSA \ + -type "x509" ejbca.sh config cmp addalias --alias cmpRA ejbca.sh config cmp updatealias --alias cmpRA --key operationmode --value ra ejbca.sh ca editca --caname ManagementCA --field cmpRaAuthSecret --value ${RA_IAK} - ejbca.sh config cmp updatealias --alias cmpRA --key responseprotection --value pbe + ejbca.sh config cmp updatealias --alias cmpRA --key responseprotection --value signature + ejbca.sh config cmp updatealias --alias cmpRA --key authenticationmodule --value 'HMAC;EndEntityCertificate' + ejbca.sh config cmp updatealias --alias cmpRA --key authenticationparameters --value '-;ManagementCA' + ejbca.sh config cmp updatealias --alias cmpRA --key allowautomatickeyupdate --value true #Custom EJBCA cert profile and endentity are imported to allow issuing certificates with correct extended usage (containing serverAuth) ejbca.sh ca importprofiles -d /opt/primekey/custom_profiles #Profile name taken from certprofile filename (certprofile_-.xml) ejbca.sh config cmp updatealias --alias cmpRA --key ra.certificateprofile --value CUSTOM_ENDUSER #ID taken from entityprofile filename (entityprofile_-.xml) ejbca.sh config cmp updatealias --alias cmpRA --key ra.endentityprofileid --value 1356531849 + caSubject=$(ejbca.sh ca getcacert --caname ManagementCA -f /dev/stdout | grep 'Subject' | sed -e "s/^Subject: //" | sed -n '1p') + ejbca.sh config cmp updatealias --alias cmpRA --key defaultca --value "$caSubject" ejbca.sh config cmp dumpalias --alias cmpRA ejbca.sh config cmp addalias --alias cmp ejbca.sh config cmp updatealias --alias cmp --key allowautomatickeyupdate --value true @@ -27,6 +42,13 @@ configureEjbca() { ejbca.sh config cmp updatealias --alias cmp --key extractusernamecomponent --value CN ejbca.sh config cmp dumpalias --alias cmp ejbca.sh ca getcacert --caname ManagementCA -f /dev/stdout > cacert.pem + #Add "Certificate Update Admin" role to allow performing KUR/CR for certs within specific organization (e.g. Linux-Foundation) + ejbca.sh roles addrole "Certificate Update Admin" + ejbca.sh roles changerule "Certificate Update Admin" /ca/ManagementCA/ ACCEPT + ejbca.sh roles changerule "Certificate Update Admin" /ca_functionality/create_certificate/ ACCEPT + ejbca.sh roles changerule "Certificate Update Admin" /endentityprofilesrules/Custom_EndEntity/ ACCEPT + ejbca.sh roles changerule "Certificate Update Admin" /ra_functionality/edit_end_entity/ ACCEPT + ejbca.sh roles addrolemember "Certificate Update Admin" ManagementCA WITH_ORGANIZATION --value "{{ .Values.cmpv2Config.global.certificate.default.subject.organization }}" } diff --git a/kubernetes/contrib/components/ejbca/templates/deployment.yaml b/kubernetes/contrib/components/ejbca/templates/deployment.yaml index 46f7d3521c..fc163ee2e2 100644 --- a/kubernetes/contrib/components/ejbca/templates/deployment.yaml +++ b/kubernetes/contrib/components/ejbca/templates/deployment.yaml @@ -61,6 +61,8 @@ spec: env: - name: INITIAL_ADMIN value: ";PublicAccessAuthenticationToken:TRANSPORT_ANY;" + - name: NO_CREATE_CA + value: "true" - name: DATABASE_JDBC_URL value: jdbc:mariadb://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{ .Values.mysqlDatabase }} - name: DATABASE_USER diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_job.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_job.tpl index 6d52b2a087..f3c09161cc 100644 --- a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_job.tpl +++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_job.tpl @@ -55,7 +55,8 @@ spec: - name: dcae-config-delete image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.consulLoaderImage }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /opt/app/delete_key.sh args: - - --delete-key - {{ include "common.name" . }} {{ end -}} diff --git a/kubernetes/dcaegen2-services/components/Makefile b/kubernetes/dcaegen2-services/components/Makefile index 98dfb97f8f..284f99de6b 100644 --- a/kubernetes/dcaegen2-services/components/Makefile +++ b/kubernetes/dcaegen2-services/components/Makefile @@ -26,7 +26,7 @@ HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.) .PHONY: $(EXCLUDES) $(HELM_CHARTS) -all: $(HELM_CHARTS) +all: $(HELM_CHARTS) helm-repo-update $(HELM_CHARTS): @echo "\n[$@]" @@ -50,5 +50,11 @@ clean: @rm -f */requirements.lock @rm -f *tgz */charts/*tgz @rm -rf $(PACKAGE_DIR) + +helm-repo-update: +ifeq "$(findstring v3,$(HELM_VER))" "v3" + @$(HELM_BIN) repo update +endif + %: @: diff --git a/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/templates/job.yaml b/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/templates/job.yaml new file mode 100644 index 0000000000..c7722ea098 --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/templates/job.yaml @@ -0,0 +1,20 @@ +{{/* +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +*/}} + +{{ include "dcaegen2-services-common.consulDeleteJob" . }} diff --git a/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/values.yaml b/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/values.yaml index 77dcaba761..2eb3e5ae00 100644 --- a/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/values.yaml @@ -49,7 +49,7 @@ secrets: # InitContainer Images. ################################################################# tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 -consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0 +consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1 ################################################################# # Application Configuration Defaults. diff --git a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/templates/job.yaml b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/templates/job.yaml new file mode 100644 index 0000000000..177cc03347 --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/templates/job.yaml @@ -0,0 +1,19 @@ +{{/* +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +*/}} +{{ include "dcaegen2-services-common.consulDeleteJob" . }} \ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml index a768489771..670e6c17dc 100644 --- a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml @@ -33,8 +33,8 @@ filebeatConfig: # InitContainer Images. ################################################################# tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 -consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0 -certPostProcessorImage: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.3.3 +consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1 +certPostProcessorImage: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.4.0 ################################################################# # Application Configuration Defaults. diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/templates/job.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/templates/job.yaml new file mode 100644 index 0000000000..177cc03347 --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/templates/job.yaml @@ -0,0 +1,19 @@ +{{/* +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +*/}} +{{ include "dcaegen2-services-common.consulDeleteJob" . }} \ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/values.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/values.yaml index 7677db9e9b..d092b83937 100644 --- a/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/values.yaml @@ -43,7 +43,7 @@ secrets: # InitContainer Images. ################################################################# tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 -consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0 +consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1 ################################################################# # Application Configuration Defaults. diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-des/templates/job.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-des/templates/job.yaml new file mode 100644 index 0000000000..177cc03347 --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-datalake-des/templates/job.yaml @@ -0,0 +1,19 @@ +{{/* +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +*/}} +{{ include "dcaegen2-services-common.consulDeleteJob" . }} \ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-des/values.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-des/values.yaml index 598d52be1b..bc5fe3b88c 100644 --- a/kubernetes/dcaegen2-services/components/dcae-datalake-des/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-datalake-des/values.yaml @@ -49,7 +49,7 @@ secrets: # InitContainer Images. ################################################################# tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 -consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0 +consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1 ################################################################# # Application Configuration Defaults. diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/templates/job.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/templates/job.yaml new file mode 100644 index 0000000000..177cc03347 --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/templates/job.yaml @@ -0,0 +1,19 @@ +{{/* +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +*/}} +{{ include "dcaegen2-services-common.consulDeleteJob" . }} \ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/values.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/values.yaml index f0f420a3bb..56017b7e5c 100644 --- a/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/values.yaml @@ -50,7 +50,7 @@ secrets: # InitContainer Images. ################################################################# tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 -consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0 +consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1 ################################################################# # Application Configuration Defaults. diff --git a/kubernetes/dcaegen2-services/components/dcae-heartbeat/templates/job.yaml b/kubernetes/dcaegen2-services/components/dcae-heartbeat/templates/job.yaml new file mode 100644 index 0000000000..177cc03347 --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-heartbeat/templates/job.yaml @@ -0,0 +1,19 @@ +{{/* +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +*/}} +{{ include "dcaegen2-services-common.consulDeleteJob" . }} \ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml b/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml index 9c9d3092cf..09637c5cfc 100644 --- a/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml @@ -50,7 +50,7 @@ secrets: # InitContainer Images. ################################################################# tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 -consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0 +consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1 ################################################################# # Application Configuration Defaults. diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/templates/job.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/templates/job.yaml new file mode 100644 index 0000000000..177cc03347 --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/templates/job.yaml @@ -0,0 +1,19 @@ +{{/* +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +*/}} +{{ include "dcaegen2-services-common.consulDeleteJob" . }} \ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml index 2108d009e6..7f17532cb2 100644 --- a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml @@ -34,8 +34,8 @@ filebeatConfig: # initContainer images. ################################################################# tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 -consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0 -certPostProcessorImage: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.3.3 +consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1 +certPostProcessorImage: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.4.0 ################################################################# # Application configuration defaults. diff --git a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/templates/job.yaml b/kubernetes/dcaegen2-services/components/dcae-kpi-ms/templates/job.yaml new file mode 100644 index 0000000000..177cc03347 --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-kpi-ms/templates/job.yaml @@ -0,0 +1,19 @@ +{{/* +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +*/}} +{{ include "dcaegen2-services-common.consulDeleteJob" . }} \ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml b/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml index 026efd8851..425016878c 100644 --- a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml @@ -43,7 +43,7 @@ secrets: # InitContainer Images. ################################################################# tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 -consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0 +consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1 ################################################################# # Application Configuration Defaults. diff --git a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/templates/job.yaml b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/templates/job.yaml new file mode 100644 index 0000000000..177cc03347 --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/templates/job.yaml @@ -0,0 +1,19 @@ +{{/* +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +*/}} +{{ include "dcaegen2-services-common.consulDeleteJob" . }} \ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml index 469c36648e..d18e8d64eb 100644 --- a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml @@ -48,7 +48,7 @@ secrets: # InitContainer Images. ################################################################# tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 -consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0 +consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1 ################################################################# # Application Configuration Defaults. diff --git a/kubernetes/dcaegen2-services/components/dcae-pmsh/templates/job.yaml b/kubernetes/dcaegen2-services/components/dcae-pmsh/templates/job.yaml new file mode 100644 index 0000000000..177cc03347 --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-pmsh/templates/job.yaml @@ -0,0 +1,19 @@ +{{/* +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +*/}} +{{ include "dcaegen2-services-common.consulDeleteJob" . }} \ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml b/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml index 0e79e5e554..0efcf2eb3d 100644 --- a/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml @@ -50,7 +50,7 @@ secrets: # InitContainer Images. ################################################################# tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 -consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0 +consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1 ################################################################# # Application Configuration Defaults. diff --git a/kubernetes/dcaegen2-services/components/dcae-prh/templates/job.yaml b/kubernetes/dcaegen2-services/components/dcae-prh/templates/job.yaml new file mode 100644 index 0000000000..177cc03347 --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-prh/templates/job.yaml @@ -0,0 +1,19 @@ +{{/* +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +*/}} +{{ include "dcaegen2-services-common.consulDeleteJob" . }} \ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml b/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml index 043a7b09a8..3fa5faf8c5 100644 --- a/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml @@ -33,13 +33,13 @@ filebeatConfig: # initContainer images. ################################################################# tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 -consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0 +consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1 ################################################################# # Application configuration defaults. ################################################################# # application image -image: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.7.0 +image: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.7.1 pullPolicy: Always # log directory where logging sidecar should look for log files @@ -148,6 +148,9 @@ applicationConfig: dmaap_info: topic_url: http://message-router.onap.svc.cluster.local:3904/events/unauthenticated.VES_PNFREG_OUTPUT +applicationEnv: + CBS_CLIENT_CONFIG_PATH: '/app-config-input/application_config.yaml' + # Resource Limit flavor -By Default using small flavor: small # Segregation for Different environment (Small and Large) diff --git a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/templates/job.yaml b/kubernetes/dcaegen2-services/components/dcae-restconf-collector/templates/job.yaml new file mode 100644 index 0000000000..177cc03347 --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-restconf-collector/templates/job.yaml @@ -0,0 +1,19 @@ +{{/* +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +*/}} +{{ include "dcaegen2-services-common.consulDeleteJob" . }} \ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml index 17c3694c1d..789a807d63 100644 --- a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml @@ -44,7 +44,7 @@ secrets: # InitContainer Images. ################################################################# tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 -consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0 +consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1 ################################################################# # Application Configuration Defaults. diff --git a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/templates/job.yaml b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/templates/job.yaml new file mode 100644 index 0000000000..177cc03347 --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/templates/job.yaml @@ -0,0 +1,19 @@ +{{/* +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +*/}} +{{ include "dcaegen2-services-common.consulDeleteJob" . }} \ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml index 6790541bd9..35d108d000 100644 --- a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml @@ -50,7 +50,7 @@ secrets: # InitContainer Images. ################################################################# tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 -consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0 +consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1 ################################################################# # Application Configuration Defaults. diff --git a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/templates/job.yaml b/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/templates/job.yaml new file mode 100644 index 0000000000..177cc03347 --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/templates/job.yaml @@ -0,0 +1,19 @@ +{{/* +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +*/}} +{{ include "dcaegen2-services-common.consulDeleteJob" . }} \ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/values.yaml index 8cf650877e..60295b972a 100644 --- a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/values.yaml @@ -34,7 +34,7 @@ filebeatConfig: # InitContainer Images. ################################################################# tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 -consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0 +consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1 ################################################################# # Application Configuration Defaults. diff --git a/kubernetes/dcaegen2-services/components/dcae-son-handler/templates/job.yaml b/kubernetes/dcaegen2-services/components/dcae-son-handler/templates/job.yaml new file mode 100644 index 0000000000..177cc03347 --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-son-handler/templates/job.yaml @@ -0,0 +1,19 @@ +{{/* +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +*/}} +{{ include "dcaegen2-services-common.consulDeleteJob" . }} \ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml b/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml index 78c6144979..31c6b46e95 100644 --- a/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml @@ -50,7 +50,7 @@ secrets: # InitContainer Images. ################################################################# tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 -consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0 +consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1 ################################################################# # Application Configuration Defaults. diff --git a/kubernetes/dcaegen2-services/components/dcae-tcagen2/templates/job.yaml b/kubernetes/dcaegen2-services/components/dcae-tcagen2/templates/job.yaml new file mode 100644 index 0000000000..177cc03347 --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-tcagen2/templates/job.yaml @@ -0,0 +1,19 @@ +{{/* +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +*/}} +{{ include "dcaegen2-services-common.consulDeleteJob" . }} \ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml b/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml index 09529c8bb8..fa85c7de60 100644 --- a/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml @@ -34,7 +34,7 @@ filebeatConfig: # initContainer images. ################################################################# tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 -consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0 +consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1 ################################################################# diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-collector/templates/job.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-collector/templates/job.yaml new file mode 100644 index 0000000000..177cc03347 --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-ves-collector/templates/job.yaml @@ -0,0 +1,19 @@ +{{/* +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +*/}} +{{ include "dcaegen2-services-common.consulDeleteJob" . }} \ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml index 4050129f6a..bfea92aeb9 100644 --- a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml @@ -34,14 +34,14 @@ filebeatConfig: # initContainer images. ################################################################# tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 -consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0 -certPostProcessorImage: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.3.3 +consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1 +certPostProcessorImage: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.4.0 ################################################################# # Application configuration defaults. ################################################################# # application image -image: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.10.0 +image: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.10.1 pullPolicy: Always # log directory where logging sidecar should look for log files @@ -104,6 +104,10 @@ service: nodePort: 17 useNodePortExt: true +# application environments +applicationEnv: + CBS_CLIENT_CONFIG_PATH: '/app-config-input/application_config.yaml' + # initial application configuration applicationConfig: collector.dmaap.streamid: fault=ves-fault|syslog=ves-syslog|heartbeat=ves-heartbeat|measurement=ves-measurement|measurementsForVfScaling=ves-measurement|mobileFlow=ves-mobileflow|other=ves-other|stateChange=ves-statechange|thresholdCrossingAlert=ves-thresholdCrossingAlert|voiceQuality=ves-voicequality|sipSignaling=ves-sipsignaling|notification=ves-notification|pnfRegistration=ves-pnfRegistration|3GPP-FaultSupervision=ves-3gpp-fault-supervision|3GPP-Heartbeat=ves-3gpp-heartbeat|3GPP-Provisioning=ves-3gpp-provisioning|3GPP-PerformanceAssurance=ves-3gpp-performance-assurance diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/templates/job.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-mapper/templates/job.yaml new file mode 100644 index 0000000000..177cc03347 --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-ves-mapper/templates/job.yaml @@ -0,0 +1,19 @@ +{{/* +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +*/}} +{{ include "dcaegen2-services-common.consulDeleteJob" . }} \ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-mapper/values.yaml index 528e93d88b..7bde2e99fb 100644 --- a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-ves-mapper/values.yaml @@ -33,13 +33,13 @@ filebeatConfig: # InitContainer Images. ################################################################# tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 -consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0 +consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1 ################################################################# # Application Configuration Defaults. ################################################################# # Application Image -image: onap/org.onap.dcaegen2.services.mapper.vesadapter.universalvesadaptor:1.2.0 +image: onap/org.onap.dcaegen2.services.mapper.vesadapter.universalvesadaptor:1.3.0 pullPolicy: Always # Log directory where logging sidecar should look for log files diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml index ec322dd61f..10338728e3 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml @@ -24,7 +24,7 @@ global: nodePortPrefix: 302 nodePortPrefixExt: 304 tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 - consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0 + consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1 secrets: - uid: pg-root-pass @@ -104,15 +104,15 @@ mongo: disableNfsProvisioner: true # application image -image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:3.3.3 +image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:3.3.4 default_k8s_location: central # DCAE component images to be deployed via Cloudify Manager # Use to override default setting in blueprints componentImages: tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.3.0 - ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.10.0 - prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.7.0 + ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.10.1 + prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.7.1 hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.9.0 # Resource Limit flavor -By Default using small diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml index 10fb4430ea..e6567d9ac2 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml @@ -24,7 +24,7 @@ global: nodePortPrefix: 302 persistence: {} tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 - consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0 + consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1 repositoryCred: user: docker password: docker @@ -53,7 +53,7 @@ config: # Application configuration defaults. ################################################################# # application image -image: onap/org.onap.dcaegen2.deployments.cm-container:4.6.0 +image: onap/org.onap.dcaegen2.deployments.cm-container:4.6.1 pullPolicy: Always # name of shared ConfigMap with kubeconfig for multiple clusters diff --git a/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml b/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml index 7b9431c46d..fc4d07d39d 100644 --- a/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml @@ -21,7 +21,7 @@ global: nodePortPrefix: 302 tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 - consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0 + consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1 secrets: - uid: 'cm-pass' diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml index baeda67bdf..8f6a1a7da9 100644 --- a/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml @@ -22,7 +22,7 @@ global: nodePortPrefix: 302 tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 - consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0 + consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1 secrets: - uid: 'cm-pass' type: password diff --git a/kubernetes/dcaegen2/values.yaml b/kubernetes/dcaegen2/values.yaml index 340c159a2f..f82b410e1b 100644 --- a/kubernetes/dcaegen2/values.yaml +++ b/kubernetes/dcaegen2/values.yaml @@ -21,7 +21,7 @@ global: nodePortPrefix: 302 tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 - consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0 + consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1 ################################################################# # Secrets metaconfig diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml index 90bc0989d0..22c4cdb3b2 100644 --- a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml @@ -35,7 +35,7 @@ config: importCloudify: https://www.getcloudify.org/spec/cloudify/4.5.5/types.yaml importK8S: plugin:k8splugin?version=>=3.5.1,<4.0.0 importPostgres: plugin:pgaas?version=1.3.0 - importClamp: plugin:clamppolicyplugin?version=1.1.0 + importClamp: plugin:clamppolicyplugin?version=1.1.1 importDMaaP: plugin:dmaap?version=>=1.5.1,<2.0.0 useDmaapPlugin: false bpResourcesCpuLimit: 250m diff --git a/kubernetes/esr/.helmignore b/kubernetes/esr/.helmignore deleted file mode 100644 index 7ddbad7ef4..0000000000 --- a/kubernetes/esr/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -components/ diff --git a/kubernetes/esr/Chart.yaml b/kubernetes/esr/Chart.yaml deleted file mode 100644 index 79b287505e..0000000000 --- a/kubernetes/esr/Chart.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -description: ONAP External System Register -name: esr -version: 8.0.0 diff --git a/kubernetes/esr/components/esr-gui/.helmignore b/kubernetes/esr/components/esr-gui/.helmignore deleted file mode 100644 index f0c1319444..0000000000 --- a/kubernetes/esr/components/esr-gui/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/kubernetes/esr/components/esr-gui/Chart.yaml b/kubernetes/esr/components/esr-gui/Chart.yaml deleted file mode 100644 index 9f08c59485..0000000000 --- a/kubernetes/esr/components/esr-gui/Chart.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -description: ONAP External System Register GUI -name: esr-gui -version: 8.0.0 diff --git a/kubernetes/esr/components/esr-gui/requirements.yaml b/kubernetes/esr/components/esr-gui/requirements.yaml deleted file mode 100644 index 343812db25..0000000000 --- a/kubernetes/esr/components/esr-gui/requirements.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -dependencies: - - name: common - version: ~8.x-0 - # local reference to common chart, as it is - # a part of this chart's package and will not - # be published independently to a repo (at this point) - repository: '@local' - - name: repositoryGenerator - version: ~8.x-0 - repository: '@local' diff --git a/kubernetes/esr/components/esr-gui/templates/NOTES.txt b/kubernetes/esr/components/esr-gui/templates/NOTES.txt deleted file mode 100644 index e2b067fde4..0000000000 --- a/kubernetes/esr/components/esr-gui/templates/NOTES.txt +++ /dev/null @@ -1,29 +0,0 @@ -# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ .Chart.Name }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/esr/components/esr-gui/templates/deployment.yaml b/kubernetes/esr/components/esr-gui/templates/deployment.yaml deleted file mode 100644 index 74f933572f..0000000000 --- a/kubernetes/esr/components/esr-gui/templates/deployment.yaml +++ /dev/null @@ -1,102 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - selector: - matchLabels: - app: {{ include "common.name" . }} - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - securityContext: - runAsUser: 1000 - runAsGroup: 1001 - fsGroup: 1001 - initContainers: - - command: - - cp - args: - - -r - - -T - - /home/esr/tomcat - - /opt/tomcat - securityContext: - privileged: true - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: create-tomcat-dir - volumeMounts: - - name: tomcat-workdir - mountPath: /opt/tomcat - - containers: - - name: {{ include "common.name" . }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{ .Values.service.internalPort }} - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} - readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - env: - - name: MSB_ADDR - value: {{ tpl .Values.msbaddr . }} - volumeMounts: - - name: tomcat-workdir - mountPath: /home/esr/tomcat/ - resources: -{{ include "common.resources" . | indent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - - volumes: - - name: tomcat-workdir - emptyDir: {} - - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/esr/components/esr-gui/templates/service.yaml b/kubernetes/esr/components/esr-gui/templates/service.yaml deleted file mode 100644 index b020257873..0000000000 --- a/kubernetes/esr/components/esr-gui/templates/service.yaml +++ /dev/null @@ -1,46 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: - msb.onap.org/service-info: '[ - { - "serviceName": "aai-esr-gui", - "version": "v1", - "url": "/esr-gui", - "protocol": "UI", - "port": "{{ .Values.service.internalPort }}", - "visualRange":"1", - "path":"/iui/aai-esr-gui" - } - ]' -spec: - ports: - - port: {{ .Values.service.internalPort }} - name: {{ .Values.service.name }} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/esr/components/esr-gui/values.yaml b/kubernetes/esr/components/esr-gui/values.yaml deleted file mode 100644 index 417ace5ab4..0000000000 --- a/kubernetes/esr/components/esr-gui/values.yaml +++ /dev/null @@ -1,73 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - persistence: {} -################################################################# -# Application configuration defaults. -################################################################# -# application image -image: onap/aai/esr-gui:1.4.0 -pullPolicy: Always -msbaddr: msb-iag.{{ include "common.namespace" . }}:443 - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 10 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 10 - periodSeconds: 10 - -service: - name: esr-gui - internalPort: 8080 - -ingress: - enabled: false - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # - # Example: - # Configure resource requests and limits - # ref: http://kubernetes.io/docs/user-guide/compute-resources/ - # Minimum memory for development is 2 CPU cores and 4GB memory - # Minimum memory for production is 4 CPU cores and 8GB memory -#resources: -# limits: -# cpu: 2 -# memory: 4Gi -# requests: -# cpu: 2 -# memory: 4Gi diff --git a/kubernetes/esr/components/esr-server/Chart.yaml b/kubernetes/esr/components/esr-server/Chart.yaml deleted file mode 100644 index 38a51cd771..0000000000 --- a/kubernetes/esr/components/esr-server/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright © 2018 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -description: ONAP External System Register GUI -name: esr-server -version: 8.0.0 diff --git a/kubernetes/esr/components/esr-server/requirements.yaml b/kubernetes/esr/components/esr-server/requirements.yaml deleted file mode 100644 index 343812db25..0000000000 --- a/kubernetes/esr/components/esr-server/requirements.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -dependencies: - - name: common - version: ~8.x-0 - # local reference to common chart, as it is - # a part of this chart's package and will not - # be published independently to a repo (at this point) - repository: '@local' - - name: repositoryGenerator - version: ~8.x-0 - repository: '@local' diff --git a/kubernetes/esr/components/esr-server/resources/config/log/filebeat/filebeat.yml b/kubernetes/esr/components/esr-server/resources/config/log/filebeat/filebeat.yml deleted file mode 100644 index a60fb95795..0000000000 --- a/kubernetes/esr/components/esr-server/resources/config/log/filebeat/filebeat.yml +++ /dev/null @@ -1,56 +0,0 @@ -{{/* -# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} -filebeat.prospectors: -#it is mandatory, in our case it's log -- input_type: log - #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory. - paths: - - /var/log/onap/*/*/*/*.log - - /var/log/onap/*/*/*.log - - /var/log/onap/*/*.log - #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive - ignore_older: 48h - # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit - clean_inactive: 96h - - -# Name of the registry file. If a relative path is used, it is considered relative to the -# data path. Else full qualified file name. -#filebeat.registry_file: ${path.data}/registry - - -output.logstash: - #List of logstash server ip addresses with port number. - #But, in our case, this will be the loadbalancer IP address. - #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately. - hosts: ["{{.Values.config.logstashServiceName}}.{{.Release.Namespace}}:{{.Values.config.logstashPort}}"] - #If enable will do load balancing among availabe Logstash, automatically. - loadbalance: true - - #The list of root certificates for server verifications. - #If certificate_authorities is empty or not set, the trusted - #certificate authorities of the host system are used. - #ssl.certificate_authorities: $ssl.certificate_authorities - - #The path to the certificate for SSL client authentication. If the certificate is not specified, - #client authentication is not available. - #ssl.certificate: $ssl.certificate - - #The client certificate key used for client authentication. - #ssl.key: $ssl.key - - #The passphrase used to decrypt an encrypted key stored in the configured key file - #ssl.key_passphrase: $ssl.key_passphrase diff --git a/kubernetes/esr/components/esr-server/resources/config/logback.xml b/kubernetes/esr/components/esr-server/resources/config/logback.xml deleted file mode 100644 index fcc9f250d9..0000000000 --- a/kubernetes/esr/components/esr-server/resources/config/logback.xml +++ /dev/null @@ -1,144 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ${logDirectory}/${auditLogName}.log - - ${logDirectory}/${auditLogName}.log.%d - - - ${auditPattern} - - - - - ${queueSize} - - - - - ${logDirectory}/${metricsLogName}.log - - ${logDirectory}/${metricsLogName}.log.%d - - - ${metricPattern} - - - - - ${queueSize} - - - - - ${logDirectory}/${errorLogName}.log - - ${logDirectory}/${errorLogName}.log.%d - - - INFO - - - ${errorPattern} - - - - - ${queueSize} - - - - - ${logDirectory}/${debugLogName}.log - - ${logDirectory}/${debugLogName}.log.%d - - - ${debugPattern} - - - - - ${queueSize} - - true - - - - - ${consolePattern} - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/kubernetes/esr/components/esr-server/templates/NOTES.txt b/kubernetes/esr/components/esr-server/templates/NOTES.txt deleted file mode 100644 index 5da4ade3a5..0000000000 --- a/kubernetes/esr/components/esr-server/templates/NOTES.txt +++ /dev/null @@ -1,30 +0,0 @@ -# Copyright © 2018 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ .Chart.Name }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/esr/components/esr-server/templates/configmap.yaml b/kubernetes/esr/components/esr-server/templates/configmap.yaml deleted file mode 100644 index 6861a8bdf0..0000000000 --- a/kubernetes/esr/components/esr-server/templates/configmap.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-log - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-esr-filebeat-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/log/filebeat/filebeat.yml").AsConfig . | indent 2 }} diff --git a/kubernetes/esr/components/esr-server/templates/deployment.yaml b/kubernetes/esr/components/esr-server/templates/deployment.yaml deleted file mode 100644 index 03bcaa09d4..0000000000 --- a/kubernetes/esr/components/esr-server/templates/deployment.yaml +++ /dev/null @@ -1,137 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - selector: - matchLabels: - app: {{ include "common.name" . }} - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - securityContext: - runAsUser: 1000 - runAsGroup: 1001 - fsGroup: 1001 - initContainers: - - command: - - cp - args: - - -r - - -T - - /home/esr/conf - - /opt/conf - securityContext: - privileged: true - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: create-conf-dir - volumeMounts: - - name: conf-dir - mountPath: /opt/conf - - containers: - - name: {{ .Chart.Name }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{ .Values.service.internalPort }} - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} - readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - env: - - name: MSB_ADDR - value: {{ tpl .Values.msbaddr . }} - volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /home/esr/works/logs - name: {{ include "common.fullname" . }}-logs - - mountPath: /home/esr/conf - name: conf-dir - resources: -{{ include "common.resources" . | indent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - # Filebeat sidecar container - - name: {{ include "common.name" . }}-filebeat-onap - securityContext: - runAsUser: 1000 - runAsGroup: 1000 - image: {{ include "repositoryGenerator.image.logging" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - name: {{ include "common.fullname" . }}-filebeat-conf - mountPath: /usr/share/filebeat/filebeat.yml - subPath: filebeat.yml - - name: {{ include "common.fullname" . }}-data-filebeat - mountPath: /usr/share/filebeat/data - - name: {{ include "common.fullname" . }}-logs - mountPath: /var/log/onap/esr/esr-server - - mountPath: /opt/ajsc/etc/config/logback.xml - name: {{ include "common.fullname" . }}-log-conf - subPath: logback.xml - volumes: - - name: localtime - hostPath: - path: /etc/localtime - - name: {{ include "common.fullname" . }}-log-conf - configMap: - name: {{ include "common.fullname" . }}-log - - name: {{ include "common.fullname" . }}-filebeat-conf - configMap: - name: {{ include "common.fullname" . }}-esr-filebeat-configmap - - name: {{ include "common.fullname" . }}-data-filebeat - emptyDir: {} - - name: {{ include "common.fullname" . }}-logs - emptyDir: {} - - name: conf-dir - emptyDir: {} - - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/esr/components/esr-server/templates/service.yaml b/kubernetes/esr/components/esr-server/templates/service.yaml deleted file mode 100644 index 9fb6e93a7b..0000000000 --- a/kubernetes/esr/components/esr-server/templates/service.yaml +++ /dev/null @@ -1,55 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: - msb.onap.org/service-info: '[ - { - "serviceName": "aai-esr-server", - "version": "v1", - "url": "/api/aai-esr-server/v1", - "protocol": "REST", - "port": "{{.Values.service.internalPort}}", - "enable_ssl": true, - "visualRange":"1" - } - ]' -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/esr/components/esr-server/values.yaml b/kubernetes/esr/components/esr-server/values.yaml deleted file mode 100644 index a3fb6862a6..0000000000 --- a/kubernetes/esr/components/esr-server/values.yaml +++ /dev/null @@ -1,91 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - -subChartsOnly: - enabled: true - -# application image -image: onap/aai/esr-server:1.5.2 -pullPolicy: Always -msbaddr: msb-iag.{{ include "common.namespace" . }}:443 - -# application configuration -config: - logstashServiceName: log-ls - logstashPort: 5044 - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 10 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 10 - periodSeconds: 10 - -service: - type: ClusterIP - name: esr-server - portName: esr-server - externalPort: 9518 - internalPort: 9518 - -ingress: - enabled: false - -log: - componentName: esr - subcomponentName: esr-server - debug: true - scan: - enabled: false - logDir: /var/log/onap - queueSize: 256 - root: - level: INFO - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # - # Example: - # Configure resource requests and limits - # ref: http://kubernetes.io/docs/user-guide/compute-resources/ - # Minimum memory for development is 2 CPU cores and 4GB memory - # Minimum memory for production is 4 CPU cores and 8GB memory -#resources: -# limits: -# cpu: 2 -# memory: 4Gi -# requests: -# cpu: 2 -# memory: 4Gi diff --git a/kubernetes/esr/requirements.yaml b/kubernetes/esr/requirements.yaml deleted file mode 100644 index a2bf902284..0000000000 --- a/kubernetes/esr/requirements.yaml +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -dependencies: - - name: esr-gui - version: ~8.x-0 - repository: 'file://components/esr-gui' - condition: esr-gui.enabled - - name: esr-server - version: ~8.x-0 - repository: 'file://components/esr-server' diff --git a/kubernetes/esr/values.yaml b/kubernetes/esr/values.yaml deleted file mode 100644 index 5b2f776dfe..0000000000 --- a/kubernetes/esr/values.yaml +++ /dev/null @@ -1,26 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# - -# application configuration -config: - logstashServiceName: log-ls - logstashPort: 5044 - -esr-gui: - enabled: true \ No newline at end of file diff --git a/kubernetes/helm/plugins/deploy/deploy.sh b/kubernetes/helm/plugins/deploy/deploy.sh index d863a152a5..536be7b4a9 100755 --- a/kubernetes/helm/plugins/deploy/deploy.sh +++ b/kubernetes/helm/plugins/deploy/deploy.sh @@ -96,9 +96,9 @@ deploy() { RELEASE=$1 CHART_URL=$2 - FLAGS=${@:3} - CHART_REPO="$(echo "$CHART_URL" |cut -d'/' -f1)" - CHART_NAME="$(echo "$CHART_URL" |cut -d'/' -f2)" + FLAGS=$(echo ${@} | sed 's/^ *[^ ]* *[^ ]* *//') + CHART_REPO="$(echo "$CHART_URL" | cut -d'/' -f1)" + CHART_NAME="$(echo "$CHART_URL" | cut -d'/' -f2)" if expr "$HELM_VER" : "v3\..*" ; then CACHE_DIR=~/.local/share/helm/plugins/deploy/cache else @@ -287,7 +287,7 @@ case "${1:-"help"}" in usage ;; *) - deploy $1 $2 ${@:3} + deploy $1 $2 $(echo ${@} | sed 's/^ *[^ ]* *[^ ]* *//') ;; esac diff --git a/kubernetes/helm/plugins/undeploy/undeploy.sh b/kubernetes/helm/plugins/undeploy/undeploy.sh index 35fc4ca251..72c64244c0 100755 --- a/kubernetes/helm/plugins/undeploy/undeploy.sh +++ b/kubernetes/helm/plugins/undeploy/undeploy.sh @@ -45,7 +45,7 @@ case "${1:-"help"}" in usage ;; *) - undeploy $1 ${@:2} + undeploy $1 $(echo ${@} | sed 's/^ *[^ ]* *//') ;; esac diff --git a/kubernetes/msb/components/msb-consul/resources/docker-entrypoint.sh b/kubernetes/msb/components/msb-consul/resources/docker-entrypoint.sh index 0cd46167e4..cbcbf7a8bf 100755 --- a/kubernetes/msb/components/msb-consul/resources/docker-entrypoint.sh +++ b/kubernetes/msb/components/msb-consul/resources/docker-entrypoint.sh @@ -53,7 +53,7 @@ fi # If the user is trying to run Consul directly with some arguments, then # pass them to Consul. -if [ "${1:0:1}" = '-' ]; then +if echo "$1" | grep '^-' >/dev/null; then set -- consul "$@" fi diff --git a/kubernetes/onap/requirements.yaml b/kubernetes/onap/requirements.yaml index fa3efd3b40..61d4314be4 100755 --- a/kubernetes/onap/requirements.yaml +++ b/kubernetes/onap/requirements.yaml @@ -78,10 +78,6 @@ dependencies: version: ~8.x-0 repository: '@local' condition: dmaap.enabled - - name: esr - version: ~8.x-0 - repository: '@local' - condition: esr.enabled - name: log version: ~8.x-0 repository: '@local' diff --git a/kubernetes/onap/resources/environments/core-onap.yaml b/kubernetes/onap/resources/environments/core-onap.yaml index 24678e6680..de448084ee 100644 --- a/kubernetes/onap/resources/environments/core-onap.yaml +++ b/kubernetes/onap/resources/environments/core-onap.yaml @@ -77,8 +77,6 @@ holmes: enabled: false dmaap: enabled: true -esr: - enabled: false log: enabled: false mariadb-galera: diff --git a/kubernetes/onap/resources/environments/dev.yaml b/kubernetes/onap/resources/environments/dev.yaml index df333455d8..b5951b25d2 100644 --- a/kubernetes/onap/resources/environments/dev.yaml +++ b/kubernetes/onap/resources/environments/dev.yaml @@ -81,8 +81,6 @@ holmes: enabled: false dmaap: enabled: false -esr: - enabled: false log: enabled: false log-logstash: diff --git a/kubernetes/onap/resources/environments/disable-allcharts.yaml b/kubernetes/onap/resources/environments/disable-allcharts.yaml index af3c11a17e..0f93b94983 100644 --- a/kubernetes/onap/resources/environments/disable-allcharts.yaml +++ b/kubernetes/onap/resources/environments/disable-allcharts.yaml @@ -51,8 +51,6 @@ holmes: enabled: false dmaap: enabled: false -esr: - enabled: false log: enabled: false sniro-emulator: diff --git a/kubernetes/onap/resources/environments/minimal-onap.yaml b/kubernetes/onap/resources/environments/minimal-onap.yaml index 56ed2fef85..670a55ae8d 100644 --- a/kubernetes/onap/resources/environments/minimal-onap.yaml +++ b/kubernetes/onap/resources/environments/minimal-onap.yaml @@ -72,8 +72,6 @@ holmes: enabled: false dmaap: enabled: true -esr: - enabled: false log: enabled: false mariadb-galera: diff --git a/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml b/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml index 7f23899c98..8c9babb99a 100644 --- a/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml +++ b/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml @@ -104,8 +104,6 @@ holmes: enabled: false dmaap: enabled: true -esr: - enabled: true log: enabled: true sniro-emulator: diff --git a/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml b/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml index f3358d007d..528cd2c687 100644 --- a/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml +++ b/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml @@ -46,8 +46,6 @@ holmes: enabled: true dmaap: enabled: true -esr: - enabled: true oof: enabled: true msb: diff --git a/kubernetes/onap/resources/overrides/onap-all.yaml b/kubernetes/onap/resources/overrides/onap-all.yaml index ad002cc385..91e0157aea 100644 --- a/kubernetes/onap/resources/overrides/onap-all.yaml +++ b/kubernetes/onap/resources/overrides/onap-all.yaml @@ -55,8 +55,6 @@ holmes: enabled: true dmaap: enabled: true -esr: - enabled: true oof: enabled: true msb: diff --git a/kubernetes/onap/resources/overrides/sm-onap.yaml b/kubernetes/onap/resources/overrides/sm-onap.yaml index ca98011484..312fc4b65f 100644 --- a/kubernetes/onap/resources/overrides/sm-onap.yaml +++ b/kubernetes/onap/resources/overrides/sm-onap.yaml @@ -74,8 +74,6 @@ dcaegen2-services: enabled: false holmes: enabled: false -esr: - enabled: false log: enabled: false mariadb-galera: diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index 028b43aef2..133e59fb01 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -298,8 +298,6 @@ holmes: enabled: false dmaap: enabled: false -esr: - enabled: false # Today, "logging" chart that perform the central part of logging must also be # enabled in order to make it work. So `logging.enabled` must have the same # value than centralizedLoggingEnabled diff --git a/kubernetes/platform/components/cmpv2-cert-provider/crds/cmpv2issuer.yaml b/kubernetes/platform/components/cmpv2-cert-provider/crds/cmpv2issuer.yaml index 0bc24afe86..e8418355d3 100644 --- a/kubernetes/platform/components/cmpv2-cert-provider/crds/cmpv2issuer.yaml +++ b/kubernetes/platform/components/cmpv2-cert-provider/crds/cmpv2issuer.yaml @@ -56,7 +56,10 @@ spec: description: Path of health check endpoint. type: string certEndpoint: - description: Path of cerfificate signing enpoint. + description: Path of cerfificate signing endpoint. + type: string + updateEndpoint: + description: Path of certificate update endpoint. type: string caName: description: Name of the external CA server configured on CertService API side. diff --git a/kubernetes/platform/components/cmpv2-cert-provider/templates/configuration.yaml b/kubernetes/platform/components/cmpv2-cert-provider/templates/configuration.yaml index ae4ae81f02..52e35375d3 100644 --- a/kubernetes/platform/components/cmpv2-cert-provider/templates/configuration.yaml +++ b/kubernetes/platform/components/cmpv2-cert-provider/templates/configuration.yaml @@ -25,6 +25,7 @@ spec: url: {{ .Values.cmpv2issuer.url }} healthEndpoint: {{ .Values.cmpv2issuer.healthcheckEndpoint }} certEndpoint: {{ .Values.cmpv2issuer.certEndpoint }} + updateEndpoint: {{ .Values.cmpv2issuer.updateEndpoint }} caName: {{ .Values.cmpv2issuer.caName }} certSecretRef: name: {{ .Values.cmpv2issuer.certSecretRef.name }} diff --git a/kubernetes/platform/components/cmpv2-cert-provider/values.yaml b/kubernetes/platform/components/cmpv2-cert-provider/values.yaml index 38bddfbdc3..2237811465 100644 --- a/kubernetes/platform/components/cmpv2-cert-provider/values.yaml +++ b/kubernetes/platform/components/cmpv2-cert-provider/values.yaml @@ -28,7 +28,7 @@ namespace: onap # Deployment configuration deployment: name: oom-certservice-cmpv2issuer - image: onap/org.onap.oom.platform.cert-service.oom-certservice-k8s-external-provider:2.3.2 + image: onap/org.onap.oom.platform.cert-service.oom-certservice-k8s-external-provider:2.4.0 proxyImage: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.0 # fol local development use IfNotPresent pullPolicy: Always @@ -50,6 +50,7 @@ cmpv2issuer: url: https://oom-cert-service:8443 healthcheckEndpoint: actuator/health certEndpoint: v1/certificate + updateEndpoint: v1/certificate-update caName: RA certSecretRef: name: oom-cert-service-client-tls-secret diff --git a/kubernetes/platform/components/oom-cert-service/resources/test/cmpServers.json b/kubernetes/platform/components/oom-cert-service/resources/test/cmpServers.json index 06e1087f60..5a967f0405 100644 --- a/kubernetes/platform/components/oom-cert-service/resources/test/cmpServers.json +++ b/kubernetes/platform/components/oom-cert-service/resources/test/cmpServers.json @@ -3,7 +3,7 @@ { "caName": "CLIENT", "url": "http://ejbca:8080/ejbca/publicweb/cmp/cmp", - "issuerDN": "CN=ManagementCA", + "issuerDN": "O=EJBCA Container Quickstart,CN=ManagementCA,UID=12345", "caMode": "CLIENT", "authentication": { "iak": "${CLIENT_IAK}", @@ -13,7 +13,7 @@ { "caName": "RA", "url": "http://ejbca:8080/ejbca/publicweb/cmp/cmpRA", - "issuerDN": "CN=ManagementCA", + "issuerDN": "O=EJBCA Container Quickstart,CN=ManagementCA,UID=12345", "caMode": "RA", "authentication": { "iak": "${RA_IAK}", @@ -21,4 +21,4 @@ } } ] -} \ No newline at end of file +} diff --git a/kubernetes/platform/components/oom-cert-service/values.yaml b/kubernetes/platform/components/oom-cert-service/values.yaml index 2e149683d7..fbd545c12e 100644 --- a/kubernetes/platform/components/oom-cert-service/values.yaml +++ b/kubernetes/platform/components/oom-cert-service/values.yaml @@ -34,7 +34,7 @@ service: # Deployment configuration repository: "nexus3.onap.org:10001" -image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.3.3 +image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.4.0 pullPolicy: Always replicaCount: 1 diff --git a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh index 3d5e13ff5a..f5dcbff6bf 100644 --- a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh +++ b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh @@ -106,7 +106,7 @@ docker_temp_server_start() { "$@" --skip-networking --socket="${SOCKET}" & mysql_note "Waiting for server startup" local i - for i in {30..0}; do + for i in $(seq 30 -1 0); do # only use the root password if the database has already been initializaed # so that it won't try to fill in a password file when it hasn't been set yet extraArgs="" @@ -164,7 +164,7 @@ docker_init_database_dir() { installArgs=${installArgs}" --auth-root-authentication-method=normal" fi # "Other options are passed to mysqld." (so we pass all "mysqld" arguments directly here) - mysql_install_db ${installArgs} "${@:2}" + mysql_install_db ${installArgs} "$(echo ${@} | sed 's/^ *[^ ]* *//')" mysql_note "Database files initialized" } @@ -278,10 +278,10 @@ docker_setup_db() { if [ -n "$MYSQL_DATABASE" ]; then mysql_note "Giving user ${MYSQL_USER} access to schema ${MYSQL_DATABASE}" - echo "GRANT ALL ON \`${MYSQL_DATABASE//_/\\_}\`.* TO '$MYSQL_USER'@'%' ;" |docker_process_sql --database=mysql + echo "GRANT ALL ON \`$(echo $MYSQL_DATABASE | sed 's@_@\\_@g')\`.* TO '$MYSQL_USER'@'%' ;" | docker_process_sql --database=mysql fi - echo "FLUSH PRIVILEGES ;" |docker_process_sql --database=mysql + echo "FLUSH PRIVILEGES ;" | docker_process_sql --database=mysql fi } @@ -313,7 +313,7 @@ _mysql_want_help() { _main() { # if command starts with an option, prepend mysqld - if [ "${1:0:1}" = '-' ]; then + if echo "$1" | grep '^-' >/dev/null; then set -- mysqld "$@" fi diff --git a/kubernetes/robot/scripts/etescript/hvves-etescript.sh b/kubernetes/robot/scripts/etescript/hvves-etescript.sh index b47051f7e2..63e90cdec6 100755 --- a/kubernetes/robot/scripts/etescript/hvves-etescript.sh +++ b/kubernetes/robot/scripts/etescript/hvves-etescript.sh @@ -49,21 +49,21 @@ create_pkcs12_ca_and_server () { } copy_server_certs_to_hvves () { - for f in {ca.p12,server.p12} + for f in ca.p12 server.p12 do kubectl cp $1/$f $2/$3:$4 done } copy_client_certs_to_robot () { - for f in {ca.pem,client.key,client.pem} + for f in ca.pem client.key client.pem do kubectl cp $1/$f $2/$3:$4 done } cleanup () { - rm -f $1/{ca,server,client}.??? + rm -f $1/ca.??? $1/server.??? s$1/client.??? } diff --git a/kubernetes/uui/values.yaml b/kubernetes/uui/values.yaml index 0fa4748e3d..61a0b5097a 100644 --- a/kubernetes/uui/values.yaml +++ b/kubernetes/uui/values.yaml @@ -24,7 +24,7 @@ subChartsOnly: flavor: small # application image -image: onap/usecase-ui:4.0.1 +image: onap/usecase-ui:4.0.2 pullPolicy: Always # application configuration