Merge "Revert "[CONSUL] Make consul run as non-root""
diff --git a/kubernetes/a1policymanagement/resources/envsubst/daemon.sh b/kubernetes/a1policymanagement/resources/envsubst/daemon.sh
new file mode 100644
index 0000000..6d239f1
--- /dev/null
+++ b/kubernetes/a1policymanagement/resources/envsubst/daemon.sh
@@ -0,0 +1,30 @@
+#!/bin/sh
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+terminate() {
+ echo "$(date) | INFO | Terminating child processes"
+ pids="$(jobs -p)"
+ if [ "$pids" != "" ]; then
+ kill -TERM $pids >/dev/null 2>/dev/null
+ fi
+ wait
+}
+
+trap terminate TERM
+echo "$(date) | INFO | Started monitoring /config-input/ directory"
+inotifyd /tmp/scripts/update_files /config-input/ &
+wait
diff --git a/kubernetes/a1policymanagement/resources/envsubst/update_files b/kubernetes/a1policymanagement/resources/envsubst/update_files
new file mode 100644
index 0000000..754bb55
--- /dev/null
+++ b/kubernetes/a1policymanagement/resources/envsubst/update_files
@@ -0,0 +1,27 @@
+#!/bin/sh
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+if [ "$1" == "y" ] && [ "$3" == "..data" ]; then
+ echo "$(date) | INFO | Configmap has been reloaded"
+ cd /config-input
+ for file in $(ls -1); do
+ if [ "$file" -nt "/config/$file" ]; then
+ echo "$(date) | INFO | Templating /config/$file"
+ envsubst <$file >/config/$file
+ fi
+ done
+fi
diff --git a/kubernetes/a1policymanagement/templates/deployment.yaml b/kubernetes/a1policymanagement/templates/deployment.yaml
index 6987bd4..1a2866b 100644
--- a/kubernetes/a1policymanagement/templates/deployment.yaml
+++ b/kubernetes/a1policymanagement/templates/deployment.yaml
@@ -1,6 +1,7 @@
{{/*
################################################################################
# Copyright (c) 2020 Nordix Foundation. #
+# Copyright © 2020 Samsung Electronics, Modifications #
# #
# Licensed under the Apache License, Version 2.0 (the "License"); #
# you may not use this file except in compliance with the License. #
@@ -27,14 +28,14 @@
labels: {{- include "common.labels" . | nindent 8 }}
spec:
initContainers:
- - name: {{ include "common.name" . }}-update-config
+ - name: {{ include "common.name" . }}-bootstrap-config
image: "{{ .Values.global.envsubstImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- sh
args:
- -c
- - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; chmod o+w /config/${PFILE}; done"
env:
- name: A1CONTROLLER_USER
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "login") | indent 10 }}
@@ -46,6 +47,29 @@
- mountPath: /config
name: config
containers:
+ - name: {{ include "common.name" . }}-update-config
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ securityContext:
+ runAsGroup: {{ .Values.groupID }}
+ runAsUser: {{ .Values.userID }}
+ runAsNonRoot: true
+ command:
+ - sh
+ args:
+ - /tmp/scripts/daemon.sh
+ env:
+ - name: A1CONTROLLER_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "login") | indent 10 }}
+ - name: A1CONTROLLER_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /tmp/scripts
+ name: {{ include "common.fullname" . }}-envsubst-scripts
+ - mountPath: /config-input
+ name: {{ include "common.fullname" . }}-policy-conf-input
+ - mountPath: /config
+ name: config
- name: {{ include "common.name" . }}
image: {{ include "common.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
@@ -70,6 +94,10 @@
- name: {{ include "common.fullname" . }}-policy-conf-input
configMap:
name: {{ include "common.fullname" . }}-policy-conf
+ defaultMode: 0555
+ - name: {{ include "common.fullname" . }}-envsubst-scripts
+ configMap:
+ name: {{ include "common.fullname" . }}-envsubst-scripts
- name: config
emptyDir:
medium: Memory
diff --git a/kubernetes/a1policymanagement/templates/envsubst-configmap.yaml b/kubernetes/a1policymanagement/templates/envsubst-configmap.yaml
new file mode 100644
index 0000000..9944963
--- /dev/null
+++ b/kubernetes/a1policymanagement/templates/envsubst-configmap.yaml
@@ -0,0 +1,23 @@
+{{/*
+################################################################################
+# Copyright © 2020 Samsung Electronics #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+*/}}
+apiVersion: v1
+kind: ConfigMap
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+ name: {{ include "common.fullname" . }}-envsubst-scripts
+data:
+{{ tpl (.Files.Glob "resources/envsubst/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/a1policymanagement/values.yaml b/kubernetes/a1policymanagement/values.yaml
index 21a86a0..2f45e41 100644
--- a/kubernetes/a1policymanagement/values.yaml
+++ b/kubernetes/a1policymanagement/values.yaml
@@ -1,5 +1,6 @@
################################################################################
# Copyright (c) 2020 Nordix Foundation. #
+# Copyright © 2020 Samsung Electronics, Modifications #
# #
# Licensed under the Apache License, Version 2.0 (the "License"); #
# you may not use this file except in compliance with the License. #
@@ -19,7 +20,7 @@
global:
nodePortPrefix: 300
- envsubstImage: dibi/envsubst
+ envsubstImage: dibi/envsubst:1
secrets:
- uid: controller-secret
@@ -31,6 +32,8 @@
repository: nexus3.onap.org:10001
image: onap/ccsdk-oran-a1policymanagementservice:1.0.1
+userID: 1000 #Should match with image-defined user ID
+groupID: 999 #Should match with image-defined group ID
pullPolicy: IfNotPresent
replicaCount: 1
diff --git a/kubernetes/clamp/components/clamp-backend/values.yaml b/kubernetes/clamp/components/clamp-backend/values.yaml
index 6478809..5e3102e 100644
--- a/kubernetes/clamp/components/clamp-backend/values.yaml
+++ b/kubernetes/clamp/components/clamp-backend/values.yaml
@@ -66,7 +66,7 @@
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-backend:5.1.4
+image: onap/clamp-backend:5.1.5
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/clamp/values.yaml b/kubernetes/clamp/values.yaml
index 9dcad58..34ab79f 100644
--- a/kubernetes/clamp/values.yaml
+++ b/kubernetes/clamp/values.yaml
@@ -93,7 +93,7 @@
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-frontend:5.1.4
+image: onap/clamp-frontend:5.1.5
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/contrib/components/ejbca/templates/deployment.yaml b/kubernetes/contrib/components/ejbca/templates/deployment.yaml
index 3034366..55de54f 100644
--- a/kubernetes/contrib/components/ejbca/templates/deployment.yaml
+++ b/kubernetes/contrib/components/ejbca/templates/deployment.yaml
@@ -89,6 +89,7 @@
{{- if .Values.affinity }}
affinity: {{ toYaml .Values.affinity | nindent 10 }}
{{- end }}
+ resources: {{ include "common.resources" . | nindent 10 }}
volumes:
- configMap:
name: "{{ include "common.fullname" . }}-config-script"
diff --git a/kubernetes/contrib/components/ejbca/values.yaml b/kubernetes/contrib/components/ejbca/values.yaml
index 1a9a34b..35160e4 100644
--- a/kubernetes/contrib/components/ejbca/values.yaml
+++ b/kubernetes/contrib/components/ejbca/values.yaml
@@ -13,7 +13,7 @@
# limitations under the License.
global:
readinessImage: onap/oom/readiness:3.0.1
- mariadbGalera: &mariadbGalera
+ mariadbGalera: &mariadbGalera
#This flag allows EJBCA to instantiate its own mariadb-galera cluster
localCluster: false
service: mariadb-galera
@@ -104,3 +104,23 @@
port: 8443
plain_port: 8080
port_protocol: http
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 1500m
+ memory: 1536Mi
+ requests:
+ cpu: 10m
+ memory: 750Mi
+ large:
+ limits:
+ cpu: 2
+ memory: 2Gi
+ requests:
+ cpu: 20m
+ memory: 1Gi
+ unlimited: {}
diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml b/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml
index 9c910ba..388c1ab 100644
--- a/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml
+++ b/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml
@@ -101,7 +101,7 @@
flavor: small
repository: nexus3.onap.org:10001
-image: onap/modeling/etsicatalog:1.0.8
+image: onap/modeling/etsicatalog:1.0.9
initImage: busybox:latest
pullPolicy: Always
diff --git a/kubernetes/oof/resources/config/conf/osdf_config.yaml b/kubernetes/oof/resources/config/conf/osdf_config.yaml
index 5c9aa2b..97d037a 100755
--- a/kubernetes/oof/resources/config/conf/osdf_config.yaml
+++ b/kubernetes/oof/resources/config/conf/osdf_config.yaml
@@ -62,6 +62,8 @@
desHeaders:
Accept: application/json
Content-Type: application/json
+desUsername: {{ .Values.config.desUsername }}
+desPassword: {{ .Values.config.desPassword }}
#key
appkey: ''
diff --git a/kubernetes/oof/values.yaml b/kubernetes/oof/values.yaml
index bce02d4..0cdccfb 100644
--- a/kubernetes/oof/values.yaml
+++ b/kubernetes/oof/values.yaml
@@ -39,7 +39,7 @@
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/optf-osdf:3.0.1
+image: onap/optf-osdf:3.0.2
pullPolicy: Always
# flag to enable debugging - application support required
@@ -101,7 +101,8 @@
#des api
desUrl: https://des.url:9000
desApiPath: /datalake/v1/exposure/
-
+ desUsername: ''
+ desPassword: ''
# default number of instances
replicaCount: 1
nodeSelector: {}
diff --git a/kubernetes/so/components/so-bpmn-infra/values.yaml b/kubernetes/so/components/so-bpmn-infra/values.yaml
index 47b7bdc..2bb7d7b 100755
--- a/kubernetes/so/components/so-bpmn-infra/values.yaml
+++ b/kubernetes/so/components/so-bpmn-infra/values.yaml
@@ -67,7 +67,7 @@
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/bpmn-infra:1.7.9
+image: onap/so/bpmn-infra:1.7.10
pullPolicy: Always
db:
diff --git a/kubernetes/so/components/so-catalog-db-adapter/values.yaml b/kubernetes/so/components/so-catalog-db-adapter/values.yaml
index 7ef1bed..b27566d 100755
--- a/kubernetes/so/components/so-catalog-db-adapter/values.yaml
+++ b/kubernetes/so/components/so-catalog-db-adapter/values.yaml
@@ -66,7 +66,7 @@
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/catalog-db-adapter:1.7.9
+image: onap/so/catalog-db-adapter:1.7.10
pullPolicy: Always
db:
diff --git a/kubernetes/so/components/so-nssmf-adapter/values.yaml b/kubernetes/so/components/so-nssmf-adapter/values.yaml
index d1022fe..40a55c6 100755
--- a/kubernetes/so/components/so-nssmf-adapter/values.yaml
+++ b/kubernetes/so/components/so-nssmf-adapter/values.yaml
@@ -79,7 +79,7 @@
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/nssmf-adapter:1.7.9
+image: onap/so/nssmf-adapter:1.7.10
pullPolicy: Always
db:
diff --git a/kubernetes/so/components/so-openstack-adapter/values.yaml b/kubernetes/so/components/so-openstack-adapter/values.yaml
index 2de316a..129ad59 100755
--- a/kubernetes/so/components/so-openstack-adapter/values.yaml
+++ b/kubernetes/so/components/so-openstack-adapter/values.yaml
@@ -61,7 +61,7 @@
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/openstack-adapter:1.7.9
+image: onap/so/openstack-adapter:1.7.10
pullPolicy: Always
repository: nexus3.onap.org:10001
diff --git a/kubernetes/so/components/so-request-db-adapter/values.yaml b/kubernetes/so/components/so-request-db-adapter/values.yaml
index d1ac4fc..e221870 100755
--- a/kubernetes/so/components/so-request-db-adapter/values.yaml
+++ b/kubernetes/so/components/so-request-db-adapter/values.yaml
@@ -62,7 +62,7 @@
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/request-db-adapter:1.7.9
+image: onap/so/request-db-adapter:1.7.10
pullPolicy: Always
db:
diff --git a/kubernetes/so/components/so-sdc-controller/values.yaml b/kubernetes/so/components/so-sdc-controller/values.yaml
index 637f86d..be3be26 100755
--- a/kubernetes/so/components/so-sdc-controller/values.yaml
+++ b/kubernetes/so/components/so-sdc-controller/values.yaml
@@ -62,7 +62,7 @@
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/sdc-controller:1.7.9
+image: onap/so/sdc-controller:1.7.10
pullPolicy: Always
db:
diff --git a/kubernetes/so/components/so-sdnc-adapter/values.yaml b/kubernetes/so/components/so-sdnc-adapter/values.yaml
index 9564b44..cabd60e 100755
--- a/kubernetes/so/components/so-sdnc-adapter/values.yaml
+++ b/kubernetes/so/components/so-sdnc-adapter/values.yaml
@@ -61,7 +61,7 @@
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/sdnc-adapter:1.7.9
+image: onap/so/sdnc-adapter:1.7.10
pullPolicy: Always
org:
diff --git a/kubernetes/so/components/so-vfc-adapter/values.yaml b/kubernetes/so/components/so-vfc-adapter/values.yaml
index 4d57cd8..f88e117 100755
--- a/kubernetes/so/components/so-vfc-adapter/values.yaml
+++ b/kubernetes/so/components/so-vfc-adapter/values.yaml
@@ -61,7 +61,7 @@
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/vfc-adapter:1.7.9
+image: onap/so/vfc-adapter:1.7.10
pullPolicy: Always
db:
diff --git a/kubernetes/so/components/so-vnfm-adapter/values.yaml b/kubernetes/so/components/so-vnfm-adapter/values.yaml
index d495fdb..f8fa7c9 100755
--- a/kubernetes/so/components/so-vnfm-adapter/values.yaml
+++ b/kubernetes/so/components/so-vnfm-adapter/values.yaml
@@ -33,7 +33,7 @@
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/vnfm-adapter:1.7.9
+image: onap/so/vnfm-adapter:1.7.10
pullPolicy: Always
aaf:
diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml
index 8b24708..05df60b 100755
--- a/kubernetes/so/values.yaml
+++ b/kubernetes/so/values.yaml
@@ -147,7 +147,7 @@
adminName: so_admin
repository: nexus3.onap.org:10001
-image: onap/so/api-handler-infra:1.7.9
+image: onap/so/api-handler-infra:1.7.10
pullPolicy: Always
replicaCount: 1
minReadySeconds: 10