[SO] move subcharts to components folder
Move subcharts to components folder in order to be able to
enable/disable them one by one.
Also use certInitializer to retrieve truststore in order to be able to
discuss with other ONAP components.
Issue-ID: SO-2046
Change-Id: Ia5c2a590a2ad75e4b69be0748e9d79fda996af37
Signed-off-by: seshukm <seshu.kumar.m@huawei.com>
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
diff --git a/kubernetes/so/components/so-catalog-db-adapter/Chart.yaml b/kubernetes/so/components/so-catalog-db-adapter/Chart.yaml
new file mode 100755
index 0000000..8c5a846
--- /dev/null
+++ b/kubernetes/so/components/so-catalog-db-adapter/Chart.yaml
@@ -0,0 +1,17 @@
+# Copyright © 2018 AT&T USA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: v1
+description: A Helm chart for so-catalog-db-adapter
+name: so-catalog-db-adapter
+version: 6.0.0
\ No newline at end of file
diff --git a/kubernetes/so/components/so-catalog-db-adapter/requirements.yaml b/kubernetes/so/components/so-catalog-db-adapter/requirements.yaml
new file mode 100755
index 0000000..1feea23
--- /dev/null
+++ b/kubernetes/so/components/so-catalog-db-adapter/requirements.yaml
@@ -0,0 +1,23 @@
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+dependencies:
+ - name: common
+ version: ~6.x-0
+ # local reference to common chart, as it is
+ # a part of this chart's package and will not
+ # be published independently to a repo (at this point)
+ repository: '@local'
+ - name: soHelpers
+ version: ~6.x-0
+ repository: 'file://../soHelpers'
diff --git a/kubernetes/so/components/so-catalog-db-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-catalog-db-adapter/resources/config/overrides/override.yaml
new file mode 100755
index 0000000..f267d86
--- /dev/null
+++ b/kubernetes/so/components/so-catalog-db-adapter/resources/config/overrides/override.yaml
@@ -0,0 +1,101 @@
+# Copyright © 2018 AT&T USA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+server:
+ port: {{ index .Values.containerPort }}
+ tomcat:
+ max-threads: 50
+ssl-enable: false
+mso:
+ logPath: logs
+ site-name: onapheat
+ config:
+ cadi: {{ include "so.cadi.keys" . | nindent 8}}
+ catalog:
+ db:
+ spring:
+ endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082
+ db:
+ auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.db.auth )}}
+spring:
+ datasource:
+ hikari:
+ jdbcUrl: jdbc:mariadb://${DB_HOST}:${DB_PORT}/catalogdb
+ username: ${DB_USERNAME}
+ password: ${DB_PASSWORD}
+ driver-class-name: org.mariadb.jdbc.Driver
+ pool-name: catdb-pool
+ registerMbeans: true
+ security:
+ usercredentials:
+ -
+ username: bpel
+ password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
+ role: BPEL-Client
+ -
+ username: mso_admin
+ password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
+ role: ACTUATOR
+#Actuator
+management:
+ context-path: /manage
+cloud_config:
+ identity_services:
+ RAX_KEYSTONE:
+ identity_url: "https://identity.api.rackspacecloud.com/v2.0"
+ mso_id: "RACKSPACE_ACCOUNT_ID"
+ mso_pass: "RACKSPACE_ACCOUNT_APIKEY"
+ admin_tenant: "{{ .Values.config.openStackServiceTenantName }}"
+ member_role: "admin"
+ tenant_metadata: true
+ identity_server_type: "KEYSTONE"
+ identity_authentication_type: "RACKSPACE_APIKEY"
+ project_domain_name: "PROJECT_DOMAIN_NAME"
+ user_domain_name: "USER_DOMAIN_NAME"
+ DEFAULT_KEYSTONE:
+ identity_url: "{{ .Values.config.openStackKeyStoneUrl }}"
+ mso_id: "{{ .Values.config.openStackUserName }}"
+ mso_pass: "{{ .Values.config.openStackEncryptedPasswordHere }}"
+ admin_tenant: "{{ .Values.config.openStackServiceTenantName }}"
+ member_role: "admin"
+ tenant_metadata: true
+ identity_server_type: "{{ .Values.config.openStackKeystoneVersion }}"
+ identity_authentication_type: "USERNAME_PASSWORD"
+ project_domain_name: "{{ .Values.config.openStackProjectDomainName }}"
+ user_domain_name: "{{ .Values.config.openStackUserDomainName }}"
+ cloud_sites:
+ Dallas:
+ region_id: "DFW"
+ clli: "DFW"
+ aic_version: "2.5"
+ identity_service_id: "RAX_KEYSTONE"
+ Northern Virginia:
+ region_id: "IAD"
+ clli: "IAD"
+ aic_version: "2.5"
+ identity_service_id: "RAX_KEYSTONE"
+ Chicago:
+ region_id: "ORD"
+ clli: "ORD"
+ aic_version: "2.5"
+ identity_service_id: "RAX_KEYSTONE"
+ RegionOne:
+ region_id: "RegionOne"
+ clli: "RegionOne"
+ aic_version: "2.5"
+ identity_service_id: "DEFAULT_KEYSTONE"
+ DEFAULT:
+ region_id: "{{ .Values.config.openStackRegion }}"
+ clli: "{{ .Values.config.openStackRegion }}"
+ aic_version: "2.5"
+ identity_service_id: "DEFAULT_KEYSTONE"
diff --git a/kubernetes/so/components/so-catalog-db-adapter/templates/configmap.yaml b/kubernetes/so/components/so-catalog-db-adapter/templates/configmap.yaml
new file mode 100755
index 0000000..d351be3
--- /dev/null
+++ b/kubernetes/so/components/so-catalog-db-adapter/templates/configmap.yaml
@@ -0,0 +1,40 @@
+# Copyright © 2018 AT&T USA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: v1
+data:
+ LOG_PATH: {{ index .Values.logPath }}
+ APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-app-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/so/components/so-catalog-db-adapter/templates/deployment.yaml b/kubernetes/so/components/so-catalog-db-adapter/templates/deployment.yaml
new file mode 100755
index 0000000..159d2e7
--- /dev/null
+++ b/kubernetes/so/components/so-catalog-db-adapter/templates/deployment.yaml
@@ -0,0 +1,114 @@
+# Copyright © 2018 AT&T USA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.fullname" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ replicas: {{ index .Values.replicaCount }}
+ minReadySeconds: {{ index .Values.minReadySeconds }}
+ strategy:
+ type: {{ index .Values.updateStrategy.type }}
+ rollingUpdate:
+ maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ index .Values.updateStrategy.maxSurge }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
+ - command:
+ - /app/ready.py
+ args:
+ - --job-name
+ - {{ include "common.release" . }}-so-mariadb-config-job
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "common.repository" . }}/{{ .Values.image }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ {{- if .Values.global.aafEnabled }}
+ command:
+ - sh
+ args:
+ - -c
+ - |
+ export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ {{- if .Values.global.security.aaf.enabled }}
+ export KEYSTORE_PASSWORD="${cadi_keystore_password}"
+ {{- end }}
+ /app/start-app.sh
+ {{- end }}
+ env:
+ - name: DB_HOST
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.release" . }}-so-db-secrets
+ key: mariadb.readwrite.host
+ - name: DB_PORT
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.release" . }}-so-db-secrets
+ key: mariadb.readwrite.port
+ - name: DB_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
+ - name: DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
+ - name: DB_ADMIN_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
+ - name: DB_ADMIN_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
+ {{ include "so.certificates.env" . | indent 8 | trim }}
+ envFrom:
+ - configMapRef:
+ name: {{ include "common.fullname" . }}-configmap
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
+ - name: logs
+ mountPath: /app/logs
+ - name: config
+ mountPath: /app/config
+ readOnly: true
+{{ include "so.helpers.livenessProbe" .| indent 8 }}
+ ports:
+ - containerPort: {{ index .Values.containerPort }}
+ name: {{ .Values.service.portName }}
+ protocol: TCP
+ volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
+ - name: logs
+ emptyDir: {}
+ - name: config
+ configMap:
+ name: {{ include "common.fullname" . }}-app-configmap
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/so/components/so-catalog-db-adapter/templates/secret.yaml b/kubernetes/so/components/so-catalog-db-adapter/templates/secret.yaml
new file mode 100644
index 0000000..bd7eb8e
--- /dev/null
+++ b/kubernetes/so/components/so-catalog-db-adapter/templates/secret.yaml
@@ -0,0 +1,15 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/so/components/so-catalog-db-adapter/templates/service.yaml b/kubernetes/so/components/so-catalog-db-adapter/templates/service.yaml
new file mode 100755
index 0000000..6711c3b
--- /dev/null
+++ b/kubernetes/so/components/so-catalog-db-adapter/templates/service.yaml
@@ -0,0 +1,38 @@
+# Copyright © 2018 AT&T USA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
diff --git a/kubernetes/so/components/so-catalog-db-adapter/values.yaml b/kubernetes/so/components/so-catalog-db-adapter/values.yaml
new file mode 100755
index 0000000..2fadf41
--- /dev/null
+++ b/kubernetes/so/components/so-catalog-db-adapter/values.yaml
@@ -0,0 +1,148 @@
+# Copyright © 2018 AT&T USA
+# Copyright © 2020 Huawei
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+ repository: nexus3.onap.org:10001
+ readinessImage: onap/oom/readiness:3.0.1
+ aafAgentImage: onap/aaf/aaf_agent:2.1.20
+ envsubstImage: dibi/envsubst
+ persistence:
+ mountPath: /dockerdata-nfs
+ security:
+ aaf:
+ enabled: false
+ aaf:
+ auth:
+ header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
+ app:
+ msoKey: 07a7159d3bf51a0e53be7a8f89699be7
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-user-creds
+ name: '{{ include "common.release" . }}-so-catalog-db-adapter-db-user-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ passwordPolicy: required
+ - uid: db-admin-creds
+ name: '{{ include "common.release" . }}-so-catalog-db-adapter-db-admin-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ passwordPolicy: required
+
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+repository: nexus3.onap.org:10001
+image: onap/so/catalog-db-adapter:1.6.4
+pullPolicy: Always
+
+db:
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
+
+mso:
+ adapters:
+ db:
+ auth: Basic YnBlbDpwYXNzd29yZDEk
+
+replicaCount: 1
+minReadySeconds: 10
+containerPort: &containerPort 8082
+logPath: ./logs/catdb/
+app: catalog-db-adapter
+service:
+ type: ClusterIP
+ internalPort: *containerPort
+ externalPort: *containerPort
+ portName: so-catdb-port
+updateStrategy:
+ type: RollingUpdate
+ maxUnavailable: 1
+ maxSurge: 1
+
+#################################################################
+# soHelper part
+#################################################################
+soHelpers:
+ nameOverride: so-catalogdb-cert-init
+ certInitializer:
+ nameOverride: so-catalogdb-cert-init
+ credsPath: /opt/app/osaaf/local
+ cadi:
+ apiEnforcement: org.onap.so.catalogDbAdapterPerm
+ containerPort: *containerPort
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ memory: 4Gi
+ cpu: 2000m
+ requests:
+ memory: 1Gi
+ cpu: 500m
+ large:
+ limits:
+ memory: 8Gi
+ cpu: 4000m
+ requests:
+ memory: 2Gi
+ cpu: 1000m
+ unlimited: {}
+livenessProbe:
+ path: /manage/health
+ port: 8082
+ scheme: HTTP
+ initialDelaySeconds: 600
+ periodSeconds: 60
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+ingress:
+ enabled: false
+config:
+ openStackUserName: "vnf_user"
+ openStackRegion: "RegionOne"
+ openStackKeyStoneUrl: "http://1.2.3.4:5000/v2.0"
+ openStackServiceTenantName: "service"
+ openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e"
+ openStackTenantId: "d570c718cbc545029f40e50b75eb13df"
+ openStackProjectDomainName: "openStackProjectDomainName"
+ openStackUserDomainName: "openStackUserDomainName"
+ # "KEYSTONE" for keystone v2, "KEYSTONE_V3" for keystone v3
+ openStackKeystoneVersion: "KEYSTONE"
+nodeSelector: {}
+tolerations: []
+affinity: {}