Merge "[COMMON] Allow to include filePaths as a reference to variable"
diff --git a/kubernetes/aai b/kubernetes/aai
index 40aacd4..ed29232 160000
--- a/kubernetes/aai
+++ b/kubernetes/aai
@@ -1 +1 @@
-Subproject commit 40aacd4952fc1d8a37f4ad44c89bef093762b81c
+Subproject commit ed292323735ea0b366960474d15fcfa23b209d0e
diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh
index 6aad591..512f380 100755
--- a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh
+++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh
@@ -139,8 +139,6 @@
if $ENABLE_AAF
then
cp ${APPC_HOME}/data/properties/aaa-app-config.xml ${ODL_HOME}/etc/opendaylight/datastore/initial/config/aaa-app-config.xml
- else
- cp ${APPC_HOME}/data/aaa-app-config.xml ${ODL_HOME}/etc/opendaylight/datastore/initial/config/aaa-app-config.xml
fi
fi
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
index a4200c3..c2261d1 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
@@ -109,7 +109,7 @@
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.12.2
+image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.12.3
default_k8s_location: central
# DCAE component images to be deployed via Cloudify Manager
@@ -118,7 +118,7 @@
holmes_rules: onap/holmes/rule-management:1.2.7
holmes_engine: onap/holmes/engine-management:1.2.6
tca: onap/org.onap.dcaegen2.deployments.tca-cdap-container:1.2.2
- tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.0.0
+ tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.0.1
ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.5.4
snmptrap: onap/org.onap.dcaegen2.collectors.snmptrap:1.4.0
prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.2
diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml
index 592def2..a56552e 100644
--- a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml
@@ -72,7 +72,7 @@
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.0.0
+image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.0.1
# Resource Limit flavor -By Default using small
flavor: small
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/values.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/values.yaml
index 4d87c06..45dc30e 100644
--- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/values.yaml
+++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/values.yaml
@@ -70,6 +70,7 @@
"log.retention.hours": "168"
"zookeeper.connection.timeout.ms": "6000"
"default.replication.factor": "3"
+ "zookeeper.set.acl": "true"
jmx:
port: 5555
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml
index 30f4abd..e489823 100644
--- a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml
+++ b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml
@@ -171,8 +171,6 @@
value: "{{ .Values.zkConfig.clientPort }}"
- name: KAFKA_OPTS
value: "{{ .Values.zkConfig.kafkaOpts }}"
- - name: EXTRA_ARGS
- value: "{{ .Values.zkConfig.extraArgs }}"
- name: ZOOKEEPER_SERVER_ID
valueFrom:
fieldRef:
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/values.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/values.yaml
index 4abb6e3..4f861f8 100644
--- a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/values.yaml
+++ b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/values.yaml
@@ -31,7 +31,7 @@
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/dmaap/zookeeper:6.0.2
+image: onap/dmaap/zookeeper:6.0.3
pullPolicy: Always
ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
busyBoxImage: busybox:1.30
@@ -75,8 +75,7 @@
autoPurgeSnapRetainCount: 3
autoPurgePurgeInterval: 24
heapOptions: -Xmx2G -Xms2G
- kafkaOpts: -Dzookeeper.authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider
- extraArgs: -Djava.security.auth.login.config=/etc/zookeeper/secrets/jaas/zk_server_jaas.conf
+ kafkaOpts: -Djava.security.auth.login.config=/etc/zookeeper/secrets/jaas/zk_server_jaas.conf -Dzookeeper.kerberos.removeHostFromPrincipal=true -Dzookeeper.kerberos.removeRealmFromPrincipal=true -Dzookeeper.authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider -Dzookeeper.requireClientAuthScheme=sasl
clientPort: 2181
jmx:
diff --git a/kubernetes/dmaap/values.yaml b/kubernetes/dmaap/values.yaml
index ecc5689..f9f20a3 100644
--- a/kubernetes/dmaap/values.yaml
+++ b/kubernetes/dmaap/values.yaml
@@ -42,7 +42,7 @@
#AAF global config overrides
aafEnabled: true
- aafAgentImage: onap/aaf/aaf_agent:2.1.15
+ aafAgentImage: onap/aaf/aaf_agent:2.1.20
aafAppNs: org.osaaf.aaf
aafLocatorContainer: oom
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml
index f623496..c2d6f8c 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml
+++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml
@@ -58,7 +58,7 @@
- name: DB_SCHEMA
value: {{ .Values.config.db.mysqlDatabase }}
- name: DB_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}}
terminationMessagePolicy: File
volumeMounts:
- name: {{ include "common.fullname" . }}-config
@@ -79,7 +79,7 @@
- name: DB_SCHEMA
value: {{ .Values.config.db.mysqlDatabase }}
- name: DB_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}}
- name: JAVA_TRUSTSTORE
value: /share/etc/certs/{{ .Values.global.truststoreFile }}
- name: SSL_KEYSTORE
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/secret.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/secret.yaml
index dee311c..bd7eb8e 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/secret.yaml
+++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/secret.yaml
@@ -12,4 +12,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-{{ include "common.secret" . }}
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml
index b0afb6e..b41b840 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml
+++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml
@@ -58,7 +58,7 @@
- name: DB_SCHEMA
value: {{ .Values.config.db.mysqlDatabase }}
- name: DB_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}}
terminationMessagePolicy: File
volumeMounts:
- name: {{ include "common.fullname" . }}-config
@@ -99,11 +99,11 @@
- name: DB_PORT
value: {{ .Values.config.db.port | quote}}
- name: DB_USERNAME
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}}
- name: DB_SCHEMA
value: {{ .Values.config.db.mysqlDatabase }}
- name: DB_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}}
- name: JAVA_TRUSTSTORE
value: /share/etc/certs/{{ .Values.global.truststoreFile }}
- name: SSL_KEYSTORE
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/secret.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/secret.yaml
index dee311c..bd7eb8e 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/secret.yaml
+++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/secret.yaml
@@ -12,4 +12,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-{{ include "common.secret" . }}
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/oof/charts/oof-cmso/templates/secret.yaml b/kubernetes/oof/charts/oof-cmso/templates/secret.yaml
index 3c61bf3..3dbdd31 100644
--- a/kubernetes/oof/charts/oof-cmso/templates/secret.yaml
+++ b/kubernetes/oof/charts/oof-cmso/templates/secret.yaml
@@ -13,7 +13,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-{{ include "common.secret" . }}
+{{ include "common.secretFast" . }}
---
apiVersion: v1
kind: Secret
diff --git a/kubernetes/policy/charts/pdp/templates/secrets.yaml b/kubernetes/policy/charts/pdp/templates/secrets.yaml
new file mode 100644
index 0000000..bd7eb8e
--- /dev/null
+++ b/kubernetes/policy/charts/pdp/templates/secrets.yaml
@@ -0,0 +1,15 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/policy/charts/pdp/templates/statefulset.yaml b/kubernetes/policy/charts/pdp/templates/statefulset.yaml
index 127c400..16d5fb5 100644
--- a/kubernetes/policy/charts/pdp/templates/statefulset.yaml
+++ b/kubernetes/policy/charts/pdp/templates/statefulset.yaml
@@ -58,6 +58,11 @@
name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: JDBC_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ - name: JDBC_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
resources:
{{ include "common.resources" . | indent 12 }}
ports:
diff --git a/kubernetes/policy/charts/pdp/values.yaml b/kubernetes/policy/charts/pdp/values.yaml
index 8b3b9d4..7b9c561 100644
--- a/kubernetes/policy/charts/pdp/values.yaml
+++ b/kubernetes/policy/charts/pdp/values.yaml
@@ -24,6 +24,17 @@
loggingImage: beats/filebeat:5.5.0
#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
+ login: '{{ .Values.db.user }}'
+ password: '{{ .Values.db.password }}'
+ passwordPolicy: required
+
+#################################################################
# Application configuration defaults.
#################################################################
# application image
@@ -35,6 +46,11 @@
debugEnabled: false
# application configuration
+
+db:
+ user: policy_user
+ password: policy_user
+
config:
papPort: 9091
diff --git a/kubernetes/policy/charts/policy-common/resources/config/scripts/do-start.sh b/kubernetes/policy/charts/policy-common/resources/config/scripts/do-start.sh
index 052b6f2..0e47310 100644
--- a/kubernetes/policy/charts/policy-common/resources/config/scripts/do-start.sh
+++ b/kubernetes/policy/charts/policy-common/resources/config/scripts/do-start.sh
@@ -78,8 +78,17 @@
# wait for DB up
# now that DB is up, invoke database upgrade
# (which does nothing if the db is already up-to-date)
- dbuser=$(echo $(grep '^JDBC_USER=' base.conf | cut -f2 -d=))
- dbpw=$(echo $(grep '^JDBC_PASSWORD=' base.conf | cut -f2 -d=))
+ if [[ -v JDBC_USER ]]; then
+ dbuser=${JDBC_USER};
+ else
+ dbuser=$(echo $(grep '^JDBC_USER=' base.conf | cut -f2 -d=))
+ fi
+
+ if [[ -v JDBC_PASSWORD ]]; then
+ dbpw=${JDBC_PASSWORD}
+ else
+ dbpw=$(echo $(grep '^JDBC_PASSWORD=' base.conf | cut -f2 -d=))
+ fi
db_upgrade_remote.sh $dbuser $dbpw {{.Values.global.mariadb.service.name}}
fi
diff --git a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties b/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties
index 29feeb6..f2c2cd7 100644
--- a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties
+++ b/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties
@@ -49,5 +49,5 @@
#
javax.persistence.jdbc.driver=org.mariadb.jdbc.Driver
javax.persistence.jdbc.url=jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/operationshistory
-javax.persistence.jdbc.user={{ .Values.global.mariadb.config.userName }}
-javax.persistence.jdbc.password={{ .Values.global.mariadb.config.userPassword | b64enc }}
+javax.persistence.jdbc.user=${SQL_USER}
+javax.persistence.jdbc.password=${SQL_PASSWORD}
diff --git a/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml b/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml
index 57e7c78..5b02c17 100644
--- a/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml
+++ b/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml
@@ -37,6 +37,11 @@
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["/opt/app/policy/pdpx/bin/policy-pdpx.sh"]
args: ["/opt/app/policy/pdpx/etc/mounted/config.json"]
+ env:
+ - name: SQL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
+ - name: SQL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
diff --git a/kubernetes/policy/charts/policy-xacml-pdp/templates/secrets.yaml b/kubernetes/policy/charts/policy-xacml-pdp/templates/secrets.yaml
new file mode 100644
index 0000000..bd7eb8e
--- /dev/null
+++ b/kubernetes/policy/charts/policy-xacml-pdp/templates/secrets.yaml
@@ -0,0 +1,15 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/policy/charts/policy-xacml-pdp/values.yaml b/kubernetes/policy/charts/policy-xacml-pdp/values.yaml
index 5c062a0..dc7266e 100644
--- a/kubernetes/policy/charts/policy-xacml-pdp/values.yaml
+++ b/kubernetes/policy/charts/policy-xacml-pdp/values.yaml
@@ -23,6 +23,17 @@
persistence: {}
#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
+ login: '{{ .Values.db.user }}'
+ password: '{{ .Values.db.password }}'
+ passwordPolicy: required
+
+#################################################################
# Application configuration defaults.
#################################################################
# application image
@@ -35,6 +46,10 @@
# application configuration
+db:
+ user: policy_user
+ password: policy_user
+
# default number of instances
replicaCount: 1
diff --git a/kubernetes/robot b/kubernetes/robot
index a8e1918..60271b7 160000
--- a/kubernetes/robot
+++ b/kubernetes/robot
@@ -1 +1 @@
-Subproject commit a8e1918a02156ecec86409948d400669c2e67bb7
+Subproject commit 60271b7510ea9d57ed56cd9958d1c07f5ceaf3c5