Merge "[SDC] use of certInitializer template"
diff --git a/kubernetes/aai b/kubernetes/aai
index 1990a02..5a01a09 160000
--- a/kubernetes/aai
+++ b/kubernetes/aai
@@ -1 +1 @@
-Subproject commit 1990a02ce9295df7c94009401c24fa226a10f8e8
+Subproject commit 5a01a0953803b3d1b140a77c779a3b942e293228
diff --git a/kubernetes/clamp/charts/mariadb/resources/config/init/docker-entrypoint.sh b/kubernetes/clamp/charts/mariadb/resources/config/init/docker-entrypoint.sh
index 6c69694..71f32e2 100755
--- a/kubernetes/clamp/charts/mariadb/resources/config/init/docker-entrypoint.sh
+++ b/kubernetes/clamp/charts/mariadb/resources/config/init/docker-entrypoint.sh
@@ -18,6 +18,11 @@
esac
done
+prepare_password()
+{
+ echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g"
+}
+
# usage: file_env VAR [DEFAULT]
# ie: file_env 'XYZ_DB_PASSWORD' 'example'
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
@@ -36,7 +41,7 @@
elif [ "${!fileVar:-}" ]; then
val="$(< "${!fileVar}")"
fi
- val=`echo -n $val | sed -e "s/'/''/g"`
+ val=`prepare_password $val`
export "$var"="$val"
unset "$fileVar"
}
diff --git a/kubernetes/common/common/templates/_createPassword.tpl b/kubernetes/common/common/templates/_createPassword.tpl
index 8b2f1e2..bfa96da 100644
--- a/kubernetes/common/common/templates/_createPassword.tpl
+++ b/kubernetes/common/common/templates/_createPassword.tpl
@@ -37,6 +37,18 @@
{{ end }}
{{- end -}}
+{{- define "common._defaultPasswordStrength" -}}
+ {{ if .Values.passwordStrengthOverride }}
+ {{- printf "%s" .Values.passwordStrengthOverride -}}
+ {{ else if .Values.global.passwordStrength }}
+ {{- printf "%s" .Values.global.passwordStrength -}}
+ {{ else if .Values.passwordStrength }}
+ {{- printf "%s" .Values.passwordStrength -}}
+ {{ else }}
+ {{- printf "long" }}
+ {{ end }}
+{{- end -}}
+
{{/*
Generate a new password based on masterPassword. The new password is not
random, it is derived from masterPassword, fully qualified chart name and
@@ -59,7 +71,8 @@
{{- define "common.createPassword" -}}
{{- $dot := default . .dot -}}
{{- $uid := default "onap" .uid -}}
- {{- $strength := default "long" .strength -}}
+ {{- $defaultStrength := include "common._defaultPasswordStrength" $dot | trim -}}
+ {{- $strength := default $defaultStrength .strength -}}
{{- $mp := include "common.masterPassword" $dot -}}
{{- derivePassword 1 $strength $mp (include "common.fullname" $dot) $uid -}}
{{- end -}}
diff --git a/kubernetes/common/elasticsearch/components/curator/hooks/job.install.yaml b/kubernetes/common/elasticsearch/components/curator/hooks/job.install.yaml
index 7e73420..9e826ae 100644
--- a/kubernetes/common/elasticsearch/components/curator/hooks/job.install.yaml
+++ b/kubernetes/common/elasticsearch/components/curator/hooks/job.install.yaml
@@ -45,7 +45,7 @@
{{- end }}
containers:
- name: {{ template "common.fullname" . }}-curator
- image: {{printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }}
+ image: {{printf "%s/%s" (include "common.repository" .) .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- name: config-volume
diff --git a/kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml b/kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml
index 901c0a5..ea769d1 100644
--- a/kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml
+++ b/kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml
@@ -74,7 +74,7 @@
{{- end }}
containers:
- name: {{ template "common.fullname" . }}-curator
- image: {{printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }}
+ image: {{printf "%s/%s" (include "common.repository" .) .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- name: config-volume
diff --git a/kubernetes/common/elasticsearch/components/curator/values.yaml b/kubernetes/common/elasticsearch/components/curator/values.yaml
index 5e0d966..addd528 100644
--- a/kubernetes/common/elasticsearch/components/curator/values.yaml
+++ b/kubernetes/common/elasticsearch/components/curator/values.yaml
@@ -31,16 +31,14 @@
##
enabled: false
name: curator
-image:
- imageName: bitnami/elasticsearch-curator
- tag: 5.8.1-debian-9-r74
- pullPolicy: IfNotPresent
- ## Optionally specify an array of imagePullSecrets.
- ## Secrets must be manually created in the namespace.
- ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
- ##
- # pullSecrets:
- # - myRegistryKeySecretName
+image: bitnami/elasticsearch-curator:5.8.1-debian-9-r74
+pullPolicy: IfNotPresent
+## Optionally specify an array of imagePullSecrets.
+## Secrets must be manually created in the namespace.
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+##
+# pullSecrets:
+# - myRegistryKeySecretName
service:
port: 9200
cronjob:
diff --git a/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml b/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml
index e1a56e3..aeb14a1 100644
--- a/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml
+++ b/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml
@@ -86,7 +86,7 @@
{{- end }}
containers:
- name: {{ include "common.name" . }}-data
- image: {{ printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }}
+ image: {{ printf "%s/%s" (include "common.repository" .) .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
{{- if .Values.securityContext.enabled }}
securityContext:
@@ -94,7 +94,7 @@
{{- end }}
env:
- name: BITNAMI_DEBUG
- value: {{ ternary "true" "false" .Values.image.debug | quote }}
+ value: {{ ternary "true" "false" .Values.debug | quote }}
- name: ELASTICSEARCH_CLUSTER_NAME
value: {{include "elasticsearch.clustername" .}}
- name: ELASTICSEARCH_CLUSTER_HOSTS
diff --git a/kubernetes/common/elasticsearch/components/data/values.yaml b/kubernetes/common/elasticsearch/components/data/values.yaml
index cfb7f51..5624bee 100644
--- a/kubernetes/common/elasticsearch/components/data/values.yaml
+++ b/kubernetes/common/elasticsearch/components/data/values.yaml
@@ -46,24 +46,22 @@
- name: http-transport
port: 9300
-image:
- imageName: bitnami/elasticsearch
- tag: 6.8.6-debian-9-r23
- ## Specify a imagePullPolicy
- ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
- ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
- ##
- pullPolicy: IfNotPresent
- ## Optionally specify an array of imagePullSecrets.
- ## Secrets must be manually created in the namespace.
- ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
- ##
- # pullSecrets:
- # - myRegistryKeySecretName
- ## Set to true if you would like to see extra information on logs
- ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
- ##
- debug: false
+image: bitnami/elasticsearch:6.8.6-debian-9-r23
+## Specify a imagePullPolicy
+## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+##
+pullPolicy: IfNotPresent
+## Optionally specify an array of imagePullSecrets.
+## Secrets must be manually created in the namespace.
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+##
+# pullSecrets:
+# - myRegistryKeySecretName
+## Set to true if you would like to see extra information on logs
+## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
+##
+debug: false
## updateStrategy for ElasticSearch Data statefulset
diff --git a/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml b/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml
index 1b5e305..626747f 100644
--- a/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml
+++ b/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml
@@ -84,7 +84,7 @@
{{- end }}
containers:
- name: {{ include "common.name" . }}-master
- image: {{ printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }}
+ image: {{ printf "%s/%s" (include "common.repository" .) .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
{{- if .Values.securityContext.enabled }}
securityContext:
@@ -92,7 +92,7 @@
{{- end }}
env:
- name: BITNAMI_DEBUG
- value: {{ ternary "true" "false" .Values.image.debug | quote }}
+ value: {{ ternary "true" "false" .Values.debug | quote }}
- name: ELASTICSEARCH_CLUSTER_NAME
value: {{ include "elasticsearch.clustername" . }}
- name: ELASTICSEARCH_CLUSTER_HOSTS
diff --git a/kubernetes/common/elasticsearch/components/master/values.yaml b/kubernetes/common/elasticsearch/components/master/values.yaml
index 2862692..22c4987 100644
--- a/kubernetes/common/elasticsearch/components/master/values.yaml
+++ b/kubernetes/common/elasticsearch/components/master/values.yaml
@@ -43,24 +43,22 @@
## master acts as master only node, choose 'no' if no further data nodes are deployed)
dedicatednode: "yes"
## dedicatednode: "no"
-image:
- imageName: bitnami/elasticsearch
- tag: 6.8.6-debian-9-r23
- ## Specify a imagePullPolicy
- ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
- ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
- ##
- pullPolicy: IfNotPresent
- ## Optionally specify an array of imagePullSecrets.
- ## Secrets must be manually created in the namespace.
- ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
- ##
- # pullSecrets:
- # - myRegistryKeySecretName
- ## Set to true if you would like to see extra information on logs
- ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
- ##
- debug: false
+image: bitnami/elasticsearch:6.8.6-debian-9-r23
+## Specify a imagePullPolicy
+## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+##
+pullPolicy: IfNotPresent
+## Optionally specify an array of imagePullSecrets.
+## Secrets must be manually created in the namespace.
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+##
+# pullSecrets:
+# - myRegistryKeySecretName
+## Set to true if you would like to see extra information on logs
+## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
+##
+debug: false
## String to partially override common.fullname template (will maintain the release name)
##
diff --git a/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml b/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml
index 1ab5b59..8ec3862 100644
--- a/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml
+++ b/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml
@@ -85,7 +85,7 @@
{{- include "common.certInitializer.volumeMount" . | nindent 10 }}
- name: {{ include "common.name" . }}-elasticsearch
- image: {{ printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }}
+ image: {{ printf "%s/%s" (include "common.repository" .) .Values.image }}
{{- if .Values.securityContext.enabled }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
securityContext:
@@ -93,7 +93,7 @@
{{- end }}
env:
- name: BITNAMI_DEBUG
- value: {{ ternary "true" "false" .Values.image.debug | quote }}
+ value: {{ ternary "true" "false" .Values.debug | quote }}
- name: ELASTICSEARCH_CLUSTER_NAME
value: {{ include "elasticsearch.clustername" .}}
- name: ELASTICSEARCH_CLUSTER_HOSTS
diff --git a/kubernetes/common/elasticsearch/values.yaml b/kubernetes/common/elasticsearch/values.yaml
index f8b3be5..e6e532d 100644
--- a/kubernetes/common/elasticsearch/values.yaml
+++ b/kubernetes/common/elasticsearch/values.yaml
@@ -40,24 +40,22 @@
enabled: true
# application image
-image:
- imageName: bitnami/elasticsearch
- tag: 6.8.6-debian-9-r23
- ## Specify a imagePullPolicy
- ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
- ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
- ##
- pullPolicy: IfNotPresent
- ## Optionally specify an array of imagePullSecrets.
- ## Secrets must be manually created in the namespace.
- ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
- ##
- # pullSecrets:
- # - myRegistryKeySecretName
- ## Set to true if you would like to see extra information on logs
- ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
- ##
- debug: false
+image: bitnami/elasticsearch:6.8.6-debian-9-r23
+## Specify a imagePullPolicy
+## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+##
+pullPolicy: IfNotPresent
+## Optionally specify an array of imagePullSecrets.
+## Secrets must be manually created in the namespace.
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+##
+# pullSecrets:
+# - myRegistryKeySecretName
+## Set to true if you would like to see extra information on logs
+## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
+##
+debug: false
## String to partially override common.fullname template (will maintain the release name)
##
diff --git a/kubernetes/common/mariadb-galera/resources/config/configure-mysql.sh b/kubernetes/common/mariadb-galera/resources/config/configure-mysql.sh
index 42c5c89..6787617 100755
--- a/kubernetes/common/mariadb-galera/resources/config/configure-mysql.sh
+++ b/kubernetes/common/mariadb-galera/resources/config/configure-mysql.sh
@@ -32,8 +32,9 @@
mysql_tzinfo_to_sql /usr/share/zoneinfo | sed 's/Local time zone must be set--see zic manual page/FCTY/' | "${mysql[@]}" mysql
fi
-function prepare_password {
- echo -n $1 | sed -e "s/'/''/g"
+prepare_password()
+{
+ echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g"
}
mysql_root_password=`prepare_password $MYSQL_ROOT_PASSWORD`
diff --git a/kubernetes/common/mariadb-init/templates/_mariadb.tpl b/kubernetes/common/mariadb-init/templates/_mariadb.tpl
index af9a4f5..5563fe7 100644
--- a/kubernetes/common/mariadb-init/templates/_mariadb.tpl
+++ b/kubernetes/common/mariadb-init/templates/_mariadb.tpl
@@ -1,5 +1,6 @@
{{/*
# Copyright © 2019 Orange
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -20,3 +21,15 @@
{{- define "mariadbInit.mariadbClusterSecret" -}}
{{- include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (default "mariadb-galera" .Values.global.mariadbGalera.nameOverride)) -}}
{{- end -}}
+
+{{- define "mariadbInit._updateSecrets" -}}
+ {{- if not .Values.secretsUpdated }}
+ {{- $global := . }}
+ {{- range $db, $dbInfos := .Values.config.mysqlAdditionalDatabases }}
+ {{- $item := dict "uid" $db "type" "basicAuth" "externalSecret" (default "" $dbInfos.externalSecret) "login" (default "" $dbInfos.user) "password" (default "" $dbInfos.password) "passwordPolicy" "required" }}
+ {{- $newList := append $global.Values.secrets $item }}
+ {{- $_ := set $global.Values "secrets" $newList }}
+ {{- end -}}
+ {{ $_ := set $global.Values "secretsUpdated" true }}
+ {{- end -}}
+{{- end -}}
diff --git a/kubernetes/common/mariadb-init/templates/job.yaml b/kubernetes/common/mariadb-init/templates/job.yaml
index 3149f94..7de0a91 100644
--- a/kubernetes/common/mariadb-init/templates/job.yaml
+++ b/kubernetes/common/mariadb-init/templates/job.yaml
@@ -13,6 +13,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+{{ include "mariadbInit._updateSecrets" . -}}
+
apiVersion: batch/v1
kind: Job
metadata:
@@ -38,7 +40,7 @@
- /app/ready.py
args:
- --container-name
- - {{ .Values.global.mariadbGalera.nameOverride }}
+ - {{ default .Values.global.mariadbGalera.nameOverride .Values.mariadbGalera.containerName }}
env:
- name: NAMESPACE
valueFrom:
@@ -56,21 +58,21 @@
- /db_init/db_init.sh
env:
- name: DB_HOST
- value: "{{ .Values.global.mariadbGalera.nameOverride }}"
+ value: "{{ default .Values.global.mariadbGalera.nameOverride .Values.mariadbGalera.serviceName }}"
- name: DB_PORT
- value: "{{ .Values.global.mariadbGalera.servicePort }}"
+ value: "{{ default .Values.global.mariadbGalera.servicePort .Values.mariadbGalera.servicePort }}"
- name: MYSQL_ROOT_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "root-password" "key" (default "password" .Values.global.mariadbGalera.userRootSecretKey)) | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "root-password" "key" (default "password" .Values.global.mariadbGalera.userRootSecretKey)) | indent 10 }}
- name: {{ printf "MYSQL_USER_%s" .Values.config.mysqlDatabase | upper }}
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" .Values.config.mysqlDatabase "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" .Values.config.mysqlDatabase "key" "login") | indent 10 }}
- name: {{ printf "MYSQL_PASSWORD_%s" .Values.config.mysqlDatabase | upper }}
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" .Values.config.mysqlDatabase "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" .Values.config.mysqlDatabase "key" "password") | indent 10 }}
{{- $root := . }}
{{ range $db, $_values := .Values.config.mysqlAdditionalDatabases }}
- name: {{ printf "MYSQL_USER_%s" $db | upper }}
- {{- include "common.secret.envFromSecret" (dict "global" $root "uid" $db "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" $root "uid" $db "key" "login") | indent 10 }}
- name: {{ printf "MYSQL_PASSWORD_%s" $db | upper }}
- {{- include "common.secret.envFromSecret" (dict "global" $root "uid" $db "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" $root "uid" $db "key" "password") | indent 10 }}
{{ end }}
volumeMounts:
- mountPath: /etc/localtime
diff --git a/kubernetes/common/mariadb-init/templates/secret.yaml b/kubernetes/common/mariadb-init/templates/secret.yaml
index 71a89d0..2db326f 100644
--- a/kubernetes/common/mariadb-init/templates/secret.yaml
+++ b/kubernetes/common/mariadb-init/templates/secret.yaml
@@ -1,4 +1,5 @@
# Copyright © 2017 Amdocs, Bell Canada, Orange
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -12,26 +13,6 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-{{- define "mariadb-init._update-secrets" -}}
- {{ range $db, $dbInfos := .Values.config.mysqlAdditionalDatabases }}
-{{ printf "- uid: %s" $db }}
-{{ printf " type: basicAuth" }}
- {{- if $dbInfos.externalSecret }}
-{{ printf " externalSecret: %s" $dbInfos.externalSecret }}
- {{- end }}
-{{ printf " login: %s" $dbInfos.user }}
-{{ printf " password: %s" $dbInfos.password }}
-{{ printf " passwordPolicy: required" }}
- {{- end -}}
-{{- end -}}
+{{ include "mariadbInit._updateSecrets" . -}}
-{{ $global := . }}
-{{ $secretsString := .Values.secrets | toYaml | indent 2 }}
-{{ $additionalSecretsString := (include "mariadb-init._update-secrets" .) | indent 2 }}
-{{ $finalSecretsString := (cat "\nsecrets:\n" $secretsString $additionalSecretsString) | replace " -" " -" }}
-{{ $finalSecrets := ($finalSecretsString | fromYaml).secrets }}
-
-{{ $newValues := set $global.Values "secrets" $finalSecrets }}
-{{ $tmpGlobal := set $global "Values" $newValues }}
-
-{{ include "common.secret" $tmpGlobal }}
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/common/mariadb-init/values.yaml b/kubernetes/common/mariadb-init/values.yaml
index 0f6d4f8..dd5d208 100644
--- a/kubernetes/common/mariadb-init/values.yaml
+++ b/kubernetes/common/mariadb-init/values.yaml
@@ -32,8 +32,8 @@
secrets:
- uid: root-password
type: password
- externalSecret: '{{ tpl (default (include "mariadbInit.mariadbClusterSecret" .) .Values.global.mariadbGalera.userRootSecret) . }}'
- password: '{{ tpl (default "" .global.mariadbGalera.userRootPassword) . }}'
+ externalSecret: '{{ tpl (ternary (default "" .Values.mariadbGalera.userRootSecret) (default (include "mariadbInit.mariadbClusterSecret" .) .Values.global.mariadbGalera.userRootSecret) (not (empty (default "" .Values.mariadbGalera.serviceName)))) . }}'
+ password: '{{ tpl (ternary (default "" .Values.mariadbGalera.userRootPassword) (default "" .Values.global.mariadbGalera.userRootPassword) (not (empty (default "" .Values.mariadbGalera.serviceName)))) . }}'
- uid: '{{ .Values.config.mysqlDatabase }}'
type: basicAuth
externalSecret: '{{ tpl (default "" .Values.config.userCredentialsExternalSecret) . }}'
@@ -51,6 +51,15 @@
# Set it if you want to change the name of the different components
# nameOverride:
+mariadbGalera: {}
+# serviceName: some-name
+# containerName: some-name
+# servicePort: 3306
+# userRootPassword: some-password
+# userRootSecret: some-secret-name
+# userRootSecretKey: password
+
+
config:
userPassword: Ci@shsOd3pky1Vji
userName: u5WZ1GMSIS1wHZF
diff --git a/kubernetes/common/mongo/templates/statefulset.yaml b/kubernetes/common/mongo/templates/statefulset.yaml
index 111bc80..abc71b3 100644
--- a/kubernetes/common/mongo/templates/statefulset.yaml
+++ b/kubernetes/common/mongo/templates/statefulset.yaml
@@ -36,10 +36,15 @@
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
+{{ include "common.podSecurityContext" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: "{{ .Values.dockerHubRepository }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - docker-entrypoint.sh
+ args:
+ - --nounixsocket
env:
- name: MONGO_INITDB_DATABASE
value: "{{ .Values.config.dbName }}"
@@ -68,6 +73,7 @@
mountPath: /var/lib/mongo
resources:
{{ include "common.resources" . | indent 12 }}
+{{ include "common.containerSecurityContext" . | indent 10 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
diff --git a/kubernetes/common/mongo/values.yaml b/kubernetes/common/mongo/values.yaml
index d272f70..d8988c3 100644
--- a/kubernetes/common/mongo/values.yaml
+++ b/kubernetes/common/mongo/values.yaml
@@ -83,6 +83,10 @@
rpcbindPort: 111
rpcbindUdpPort: 111
+securityContext:
+ user_id: 999
+ group_id: 999
+
ingress:
enabled: false
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/logback.xml b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/logback.xml
index 8756d57..8b8c16c 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/logback.xml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/logback.xml
@@ -217,6 +217,7 @@
<appender-ref ref="asyncDebug" />
<appender-ref ref="asyncError" />
<appender-ref ref="asyncJettyLog" />
+ <appender-ref ref="STDOUT" />
</root>
</configuration>
\ No newline at end of file
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/logback.xml b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/logback.xml
index dba613c..73446ee 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/logback.xml
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/logback.xml
@@ -402,6 +402,7 @@
<appender-ref ref="asyncEELFError" />
<appender-ref ref="asyncEELFjettylog" />
<appender-ref ref="asyncEELFDebug" />
+ <appender-ref ref="STDOUT" />
</root>
</configuration>
\ No newline at end of file
diff --git a/kubernetes/dmaap/components/message-router/resources/config/dmaap/logback.xml b/kubernetes/dmaap/components/message-router/resources/config/dmaap/logback.xml
index f02a2db..ad2ce2b 100644
--- a/kubernetes/dmaap/components/message-router/resources/config/dmaap/logback.xml
+++ b/kubernetes/dmaap/components/message-router/resources/config/dmaap/logback.xml
@@ -20,11 +20,6 @@
<jmxConfigurator />
<property name="logDirectory" value="${AJSC_HOME}/log" />
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
- <filter class="ch.qos.logback.classic.filter.LevelFilter">
- <level>ERROR</level>
- <onMatch>ACCEPT</onMatch>
- <onMismatch>DENY</onMismatch>
- </filter>
<encoder>
<pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n
</pattern>
diff --git a/kubernetes/esr/charts/esr-server/resources/config/logback.xml b/kubernetes/esr/charts/esr-server/resources/config/logback.xml
index c647f3d..fcc9f25 100644
--- a/kubernetes/esr/charts/esr-server/resources/config/logback.xml
+++ b/kubernetes/esr/charts/esr-server/resources/config/logback.xml
@@ -15,35 +15,38 @@
# limitations under the License.
-->
-<configuration scan="false" debug="true">
- <property name="p_tim" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}"/>
- <property name="p_lvl" value="%level"/>
- <property name="p_log" value="%logger"/>
- <property name="p_mdc" value="%replace(%replace(%mdc){'\t','\\\\t'}){'\n', '\\\\n'}"/>
- <property name="p_msg" value="%replace(%replace(%msg){'\t', '\\\\t'}){'\n','\\\\n'}"/>
- <property name="p_exc" value="%replace(%replace(%rootException){'\t', '\\\\t'}){'\n','\\\\n'}"/>
- <property name="p_mak" value="%replace(%replace(%marker){'\t', '\\\\t'}){'\n','\\\\n'}"/>
- <property name="p_thr" value="%thread"/>
- <property name="pattern" value="%nopexception${p_tim}\t${p_thr}\t${p_lvl}\t${p_log}\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n"/>
+<configuration scan="{{ .Values.log.scan.enabled }}" debug="{{ .Values.log.debug }}">
- <property name="logDir" value="/var/log/onap" />
- <property name="debugDir" value="/var/log/onap" />
+ <property name="componentName" value='{{default "UNSET_COMPONENT" .Values.log.componentName}}'/>
+ <property name="subcomponentName" value='{{default "UNSET_SUBCOMPONENT" .Values.log.subcomponentName}}'/>
- <property name="componentName" value="esr"></property>
- <property name="subComponentName" value="esr-server"></property>
+ <property name="logDir" value="{{ .Values.log.logDir }}" />
+ <property name="queueSize" value="{{ .Values.log.queueSize }}"/>
+
+ <property name="p_tim" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}"/>
+ <property name="p_lvl" value="%level"/>
+ <property name="p_log" value="%logger"/>
+ <property name="p_mdc" value="%replace(%replace(%mdc){'\t','\\\\t'}){'\n', '\\\\n'}"/>
+ <property name="p_msg" value="%replace(%replace(%msg){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+ <property name="p_exc" value="%replace(%replace(%rootException){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+ <property name="p_mak" value="%replace(%replace(%marker){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+ <property name="p_thr" value="%thread"/>
+ <property name="pattern" value="%nopexception${p_tim}\t${p_thr}\t${p_lvl}\t${p_log}\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n"/>
<property name="errorLogName" value="error" />
<property name="metricsLogName" value="metrics" />
<property name="auditLogName" value="audit" />
<property name="debugLogName" value="debug" />
- <property name="errorPattern" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%.-5level|%X{ErrorCode}|%X{ErrorDesc}|%msg%n\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n" />
- <property name="debugPattern" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}|%X{RequestId}|%msg%n\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n" />
-
+ <property name="errorPattern" value="${p_tim}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%.-5level|%X{ErrorCode}|%X{ErrorDesc}|%msg%n\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n" />
+ <property name="debugPattern" value="${p_tim}|%X{RequestId}|%msg%n\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n" />
<property name="auditPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread||%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{RemoteHost}||||||||%msg%n" />
<property name="metricPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread||%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{RemoteHost}||||%X{TargetVirtualEntity}|||||%msg%n" />
+
<property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
- <property name="debugLogDirectory" value="${debugDir}/${componentName}/${subComponentName}" />
+
+ <!-- Console (human-readable) logging -->
+ <property name="consolePattern" value="%nopexception${p_log}\t${p_tim}\t${p_lvl}\t%message\t${p_mdc}\t%rootException\t${p_mak}\t${p_thr}%n"/>
<appender name="EELFAudit"
class="ch.qos.logback.core.rolling.RollingFileAppender">
@@ -57,7 +60,7 @@
</appender>
<appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize>
+ <queueSize>${queueSize}</queueSize>
<appender-ref ref="EELFAudit" />
</appender>
@@ -73,7 +76,7 @@
</appender>
<appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize>
+ <queueSize>${queueSize}</queueSize>
<appender-ref ref="EELFMetrics"/>
</appender>
@@ -93,16 +96,16 @@
</appender>
<appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize>
+ <queueSize>${queueSize}</queueSize>
<appender-ref ref="EELFError"/>
</appender>
<appender name="EELFDebug"
class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${debugLogDirectory}/${debugLogName}.log</file>
+ <file>${logDirectory}/${debugLogName}.log</file>
<rollingPolicy
class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${debugLogDirectory}/${debugLogName}.log.%d</fileNamePattern>
+ <fileNamePattern>${logDirectory}/${debugLogName}.log.%d</fileNamePattern>
</rollingPolicy>
<encoder>
<pattern>${debugPattern}</pattern>
@@ -110,11 +113,17 @@
</appender>
<appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize>
+ <queueSize>${queueSize}</queueSize>
<appender-ref ref="EELFDebug" />
<includeCallerData>true</includeCallerData>
</appender>
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <pattern>${consolePattern}</pattern>
+ </encoder>
+ </appender>
+
<logger name="com.att.eelf.audit" level="info" additivity="false">
<appender-ref ref="asyncEELFAudit" />
</logger>
@@ -127,9 +136,9 @@
<appender-ref ref="asyncEELFError" />
</logger>
- <root level="INFO">
+ <root level="{{ .Values.log.root.level }}">
<appender-ref ref="asyncEELFDebug" />
+ <appender-ref ref="STDOUT" />
</root>
-</configuration>
-
+</configuration>
\ No newline at end of file
diff --git a/kubernetes/esr/charts/esr-server/values.yaml b/kubernetes/esr/charts/esr-server/values.yaml
index 6008f1f..0177690 100644
--- a/kubernetes/esr/charts/esr-server/values.yaml
+++ b/kubernetes/esr/charts/esr-server/values.yaml
@@ -64,6 +64,17 @@
ingress:
enabled: false
+log:
+ componentName: esr
+ subcomponentName: esr-server
+ debug: true
+ scan:
+ enabled: false
+ logDir: /var/log/onap
+ queueSize: 256
+ root:
+ level: INFO
+
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
diff --git a/kubernetes/msb/charts/msb-discovery/resources/config/logback.xml b/kubernetes/msb/charts/msb-discovery/resources/config/logback.xml
index af0b2b9..3781d96 100644
--- a/kubernetes/msb/charts/msb-discovery/resources/config/logback.xml
+++ b/kubernetes/msb/charts/msb-discovery/resources/config/logback.xml
@@ -41,6 +41,12 @@
<property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
<property name="debugLogDirectory" value="${debugDir}/${componentName}/${subComponentName}" />
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <pattern>${errorPattern}</pattern>
+ </encoder>
+ </appender>
+
<appender name="EELFAudit"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${auditLogName}.log</file>
@@ -125,6 +131,7 @@
<root level="INFO">
<appender-ref ref="asyncEELFDebug" />
+ <appender-ref ref="STDOUT" />
</root>
</configuration>
diff --git a/kubernetes/msb/charts/msb-eag/resources/config/logback.xml b/kubernetes/msb/charts/msb-eag/resources/config/logback.xml
index 49d5e64..6dc4443 100644
--- a/kubernetes/msb/charts/msb-eag/resources/config/logback.xml
+++ b/kubernetes/msb/charts/msb-eag/resources/config/logback.xml
@@ -41,6 +41,12 @@
<property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
<property name="debugLogDirectory" value="${debugDir}/${componentName}/${subComponentName}" />
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <pattern>${errorPattern}</pattern>
+ </encoder>
+ </appender>
+
<appender name="EELFAudit"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${auditLogName}.log</file>
@@ -125,6 +131,7 @@
<root level="INFO">
<appender-ref ref="asyncEELFDebug" />
+ <appender-ref ref="STDOUT" />
</root>
</configuration>
diff --git a/kubernetes/msb/charts/msb-iag/resources/config/logback.xml b/kubernetes/msb/charts/msb-iag/resources/config/logback.xml
index bceefc5..65ff434 100644
--- a/kubernetes/msb/charts/msb-iag/resources/config/logback.xml
+++ b/kubernetes/msb/charts/msb-iag/resources/config/logback.xml
@@ -41,6 +41,12 @@
<property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
<property name="debugLogDirectory" value="${debugDir}/${componentName}/${subComponentName}" />
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <pattern>${errorPattern}</pattern>
+ </encoder>
+ </appender>
+
<appender name="EELFAudit"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${auditLogName}.log</file>
@@ -125,6 +131,7 @@
<root level="INFO">
<appender-ref ref="asyncEELFDebug" />
+ <appender-ref ref="STDOUT" />
</root>
</configuration>
diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml
index 394c0b4..9928e93 100755
--- a/kubernetes/onap/values.yaml
+++ b/kubernetes/onap/values.yaml
@@ -89,6 +89,11 @@
# flag to enable debugging - application support required
debugEnabled: false
+ # default password complexity
+ # available options: phrase, name, pin, basic, short, medium, long, maximum security
+ # More datails: https://masterpassword.app/masterpassword-algorithm.pdf
+ passwordStrength: long
+
# configuration to set log level to all components (the one that are using
# "common.log.level" to set this)
# can be overrided per components by setting logConfiguration.logLevelOverride
diff --git a/kubernetes/oof/Makefile b/kubernetes/oof/Makefile
index e27258a..a116386 100644
--- a/kubernetes/oof/Makefile
+++ b/kubernetes/oof/Makefile
@@ -15,3 +15,7 @@
make-has:
cd charts && helm dep up oof-has
cd charts && helm dep up oof-cmso
+
+clean:
+ @find . -type f -name '*.tgz' -delete
+ @find . -type f -name '*.lock' -delete
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml
index 15ce71b..2f12eec 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml
+++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml
@@ -1,4 +1,5 @@
# Copyright © 2018 AT&T
+# Copyright (C) 2020 Wipro Limited.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -48,6 +49,20 @@
image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+ - name: {{ include "common.name" . }}-db-config-readiness
+ command:
+ - /app/ready.py
+ args:
+ - -j
+ - "{{ include "common.release" . }}-cmso-db-config-config-job"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-chown
command: ["/bin/sh", "-c", "chown -Rf 1000:1000 /share/"]
image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}"
@@ -64,11 +79,11 @@
- name: DB_PORT
value: {{ .Values.config.db.port | quote}}
- name: DB_USERNAME
- value: {{ .Values.config.db.root }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}}
- name: DB_SCHEMA
value: {{ .Values.config.db.mysqlDatabase }}
- name: DB_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}}
terminationMessagePolicy: File
volumeMounts:
- name: {{ include "common.fullname" . }}-config
@@ -85,11 +100,11 @@
- name: DB_PORT
value: {{ .Values.config.db.port | quote}}
- name: DB_USERNAME
- value: {{ .Values.config.db.root }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}}
- name: DB_SCHEMA
value: {{ .Values.config.db.mysqlDatabase }}
- name: DB_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}}
- name: JAVA_TRUSTSTORE
value: /share/etc/certs/{{ .Values.global.truststoreFile }}
- name: SSL_KEYSTORE
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/values.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/values.yaml
index 5de87f5..e511728 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/values.yaml
+++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/values.yaml
@@ -1,4 +1,5 @@
# Copyright © 2019 AT&T
+# Copyright (C) 2020 Wipro Limited.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -39,11 +40,6 @@
# Secrets metaconfig
#################################################################
secrets:
- - uid: cmso-db-root-password
- type: password
- password: '{{ .Values.config.db.rootPassword }}'
- externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}'
- policy: required
- uid: cmso-db-user-secret
type: basicAuth
externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
@@ -88,7 +84,6 @@
config:
db:
port: 3306
- root: root
# rootPassword: pass
# rootPasswordExternalSecret: some secret
# user: cmso-admin
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml
index ff37e8f..cb7a76f 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml
+++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml
@@ -1,4 +1,5 @@
# Copyright (c) 2018 AT&T
+# Copyright (C) 2020 Wipro Limited.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -48,6 +49,20 @@
image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+ - name: {{ include "common.name" . }}-db-config-readiness
+ command:
+ - /app/ready.py
+ args:
+ - -j
+ - "{{ include "common.release" . }}-cmso-db-config-config-job"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-chown
command: ["/bin/sh", "-c", "chown -Rf 1000:1000 /share/"]
image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}"
@@ -64,11 +79,11 @@
- name: DB_PORT
value: {{ .Values.config.db.port | quote}}
- name: DB_USERNAME
- value: {{ .Values.config.db.root }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}}
- name: DB_SCHEMA
value: {{ .Values.config.db.mysqlDatabase }}
- name: DB_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}}
terminationMessagePolicy: File
volumeMounts:
- name: {{ include "common.fullname" . }}-config
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml
index f832627..d086411 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml
+++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml
@@ -1,4 +1,5 @@
# Copyright © 2018-2019 AT&T
+# Copyright (C) 2020 Wipro Limited.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -39,11 +40,6 @@
# Secrets metaconfig
#################################################################
secrets:
- - uid: cmso-db-root-password
- type: password
- password: '{{ .Values.config.db.rootPassword }}'
- externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}'
- policy: required
- uid: cmso-db-user-secret
type: basicAuth
externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
@@ -88,7 +84,6 @@
config:
db:
port: 3306
- root: root
# rootPassword: pass
# rootPasswordExternalSecret: some secret
# user: cmso-admin
diff --git a/kubernetes/oof/charts/oof-cmso/requirements.yaml b/kubernetes/oof/charts/oof-cmso/requirements.yaml
index d95b2e7..e631333 100644
--- a/kubernetes/oof/charts/oof-cmso/requirements.yaml
+++ b/kubernetes/oof/charts/oof-cmso/requirements.yaml
@@ -1,4 +1,5 @@
# Copyright © 2018 AT&T
+# Copyright (C) 2020 Wipro Limited.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -22,3 +23,6 @@
- name: mariadb-galera
version: ~6.x-0
repository: '@local'
+ - name: mariadb-init
+ version: ~6.x-0
+ repository: '@local'
diff --git a/kubernetes/oof/charts/oof-cmso/values.yaml b/kubernetes/oof/charts/oof-cmso/values.yaml
index b1c3561..d712965 100644
--- a/kubernetes/oof/charts/oof-cmso/values.yaml
+++ b/kubernetes/oof/charts/oof-cmso/values.yaml
@@ -1,4 +1,5 @@
# Copyright © 2018 AT&T
+# Copyright (C) 2020 Wipro Limited.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -17,24 +18,31 @@
#################################################################
secrets:
- uid: cmso-db-root-password
- name: '{{ include "common.release" . }}-cmso-db-root-password'
+ name: &rootPassword '{{ include "common.release" . }}-cmso-db-root-password'
type: password
password: ''
policy: generate
- - uid: cmso-db-secret
- name: '{{ include "common.release" . }}-cmso-db-secret'
+ - uid: cmso-service-db-secret
+ name: &serviceDbCreds '{{ include "common.release" . }}-cmso-service-db-secret'
type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
- login: '{{ .Values.config.db.userName }}'
- password: '{{ .Values.config.db.userPassword }}'
+ externalSecret: '{{ tpl (default "" .Values.config.db.service.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.db.service.userName }}'
+ password: '{{ .Values.config.db.service.userPassword }}'
+ passwordPolicy: generate
+ - uid: cmso-db-secret
+ name: &optimizerDbCreds '{{ include "common.release" . }}-cmso-optimizer-db-secret'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.db.optimizer.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.db.optimizer.userName }}'
+ password: '{{ .Values.config.db.optimizer.userPassword }}'
passwordPolicy: generate
mariadb-galera:
replicaCount: 1
- nameOverride: cmso-db
+ nameOverride: &containerName cmso-db
service:
type: ClusterIP
- name: oof-cmso-dbhost
+ name: &serviceName oof-cmso-dbhost
portName: cmso-dbhost
nfsprovisionerPrefix: cmso
sdnctlPrefix: cmso
@@ -43,9 +51,9 @@
enabled: true
disableNfsProvisioner: true
config:
- mariadbRootPasswordExternalSecret: '{{ include "common.release" . }}-cmso-db-root-password'
- userCredentialsExternalSecret: '{{ include "common.release" . }}-cmso-db-secret'
- mysqlDatabase: cmso
+ mariadbRootPasswordExternalSecret: *rootPassword
+ # userCredentialsExternalSecret: *dbCreds
+ # mysqlDatabase: cmso
externalConfig: |
[mysqld]
lower_case_table_names = 1
@@ -62,6 +70,20 @@
busyBoxImage: busybox:1.30
busyBoxRepository: docker.io
+mariadb-init:
+ mariadbGalera:
+ containerName: *containerName
+ serviceName: *serviceName
+ servicePort: 3306
+ userRootSecret: *rootPassword
+ config:
+ userCredentialsExternalSecret: *serviceDbCreds
+ mysqlDatabase: cmso
+ mysqlAdditionalDatabases:
+ optimizer:
+ externalSecret: *optimizerDbCreds
+ nameOverride: cmso-db-config
+
flavor: small
config:
@@ -69,15 +91,17 @@
logstashServiceName: log-ls
logstashPort: 5044
db:
- # userCredentialsExternalsecret: some secret
- userName: cmso-admin
- # userPassword: password
+ service:
+ # userCredentialsExternalsecret: some secret
+ userName: cmso-admin
+ # userPassword: password
+ optimizer:
+ userName: cmso-optimizer
oof-cmso-service:
config:
db:
- userCredentialsExternalSecret: '{{ include "common.release" . }}-cmso-db-secret'
- rootPasswordExternalSecret: '{{ include "common.release" . }}-cmso-db-root-password'
+ userCredentialsExternalSecret: *serviceDbCreds
host: oof-cmso-dbhost
container: cmso-db
mysqlDatabase: cmso
@@ -85,8 +109,7 @@
oof-cmso-optimizer:
config:
db:
- userCredentialsExternalSecret: '{{ include "common.release" . }}-cmso-db-secret'
- rootPasswordExternalSecret: '{{ include "common.release" . }}-cmso-db-root-password'
+ userCredentialsExternalSecret: *optimizerDbCreds
host: oof-cmso-dbhost
container: cmso-db
mysqlDatabase: optimizer
diff --git a/kubernetes/pomba/charts/pomba-search-data/resources/config/log/logback.xml b/kubernetes/pomba/charts/pomba-search-data/resources/config/log/logback.xml
index bfca544..f84d1bb 100644
--- a/kubernetes/pomba/charts/pomba-search-data/resources/config/log/logback.xml
+++ b/kubernetes/pomba/charts/pomba-search-data/resources/config/log/logback.xml
@@ -163,6 +163,7 @@
<root>
<appender-ref ref="asyncEELF" />
+ <appender-ref ref="STDOUT" />
<!-- <appender-ref ref="asyncEELFDebug" /> -->
</root>
diff --git a/kubernetes/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-RANSlice.properties b/kubernetes/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-RANSlice.properties
new file mode 100644
index 0000000..f114a9c
--- /dev/null
+++ b/kubernetes/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-RANSlice.properties
@@ -0,0 +1,35 @@
+TransportType=HTTPNOAUTH
+Latitude =50.000000
+Longitude =-100.000000
+Version =1.0
+ServiceName=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}/events
+Environment =TEST
+Partner =
+routeOffer=MR1
+SubContextPath =/
+Protocol =http
+MethodType =GET
+username =UNUSED
+password =UNUSED
+contenttype =application/json
+authKey=UNUSED
+authDate=UNUSED
+host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}
+topic=RAN-Slice-Mgmt
+group=users
+id=sdnc1
+timeout=15000
+limit=1000
+filter=
+AFT_DME2_EXCHANGE_REQUEST_HANDLERS=com.att.nsa.test.PreferredRouteRequestHandler
+AFT_DME2_EXCHANGE_REPLY_HANDLERS=com.att.nsa.test.PreferredRouteReplyHandler
+AFT_DME2_REQ_TRACE_ON=true
+AFT_ENVIRONMENT=AFTUAT
+AFT_DME2_EP_CONN_TIMEOUT=15000
+AFT_DME2_ROUNDTRIP_TIMEOUT_MS=240000
+AFT_DME2_EP_READ_TIMEOUT_MS=50000
+sessionstickinessrequired=NO
+DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt
+sdnc.odl.user=${ODL_USER}
+sdnc.odl.password=${ODL_PASSWORD}
+sdnc.odl.url-base=http://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations
diff --git a/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml b/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml
index 4c288b2..e3dfa86 100644
--- a/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml
+++ b/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml
@@ -104,6 +104,9 @@
- mountPath: {{ .Values.config.configDir }}/dmaap-consumer-oofpcipoc.properties
name: properties
subPath: dmaap-consumer-oofpcipoc.properties
+ - mountPath: {{ .Values.config.configDir }}/dmaap-consumer-RANSlice.properties
+ name: properties
+ subPath: dmaap-consumer-RANSlice.properties
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
diff --git a/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/values.yaml b/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/values.yaml
index 20f5de8..12bc8d3 100644
--- a/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/values.yaml
+++ b/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/values.yaml
@@ -18,8 +18,7 @@
global:
nodePortPrefixExt: 304
repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
persistence:
mountPath: /dockerdata-nfs