# Override the name using the following option
# nameOverride:
image:
- name:: ric-dash-be
+ name: ric-dash-be
tag: 1.0.5
properties:
e2mgr:
# repositoryOverride:
image:
name: ric-plt-a1
- tag: 0.8.3
+ tag: 0.9.0
rmr_timeout_config:
rcv_retry_interval_ms: 500
rcv_retry_times: 20
# Use the following option to override the docker registry value
# repositoryOverride:
image:
- name: appmgr
- tag: 1.0.4
+ name: ric-plt-appmgr
+ tag: 0.1.5
# Use the following option to override the docker registry value
# repositoryOverride:
image:
- name: e2mgr
- tag: 1.6.0
+ name: ric-plt-e2mgr
+ tag: 1.0.0
env:
RIC_ID: "bbbccc-abcd0e/20"
privilegedmode: true
# Use the following option to override the docker registry value
# repositoryOverride:
image:
- name: e2
- tag: 1.6.0
+ name: ric-plt-e2
+ tag: 1.0.0
env:
print: "1"
privilegedmode: true
# Use the following option to override the docker registry value
# repositoryOverride:
image:
- name: rtmgr
- tag: 0.0.2
+ name: ric-plt-rtmgr
+ tag: 0.3.1
# Subscription Manager
submgr:
# Use the following option to override the docker registry value
# repositoryOverride:
image:
- name: submgr
- tag: v0.1.0
+ name: ric-plt-submgr
+ tag: 0.5.0
# the service for redirecting to AUX cluster
extsvcplt:
auxip:
# The ip address of the aux cluster ingress controller
- <IP_ADDRESS of the AUX cluster>
+ <IP_ADDRESS of the AUX cluster>
ricip:
# The ip address of the ric cluster ingress controller
- <IP_ADDRESS of the RIC cluster>
+ <IP_ADDRESS of the RIC cluster>
\ No newline at end of file
+++ /dev/null
-################################################################################
-# Copyright (c) 2019 AT&T Intellectual Property. #
-# Copyright (c) 2019 Nokia. #
-# #
-# Licensed under the Apache License, Version 2.0 (the "License"); #
-# you may not use this file except in compliance with the License. #
-# You may obtain a copy of the License at #
-# #
-# http://www.apache.org/licenses/LICENSE-2.0 #
-# #
-# Unless required by applicable law or agreed to in writing, software #
-# distributed under the License is distributed on an "AS IS" BASIS, #
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
-# See the License for the specific language governing permissions and #
-# limitations under the License. #
-################################################################################
-
-{{/* vim: set filetype=mustache: */}}
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "vescollector.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "vescollector.fullname" -}}
-{{- if .Values.fullnameOverride -}}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- $name := default .Chart.Name .Values.nameOverride -}}
-{{- if contains $name .Release.Name -}}
-{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "vescollector.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
apiVersion: v1
kind: ConfigMap
metadata:
- name: dmaap-configmap
+ name: {{ include "common.configmapname.ves" . }}
data:
DMaapConfig.json: |
{
"class": "HpCambriaOutputStream",
"stripHpId": "true",
"type": "out",
- "cambria.hosts": "message-router:3904"
+ "cambria.hosts": "ricaux-message-router:3904"
}
]
}
\ No newline at end of file
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
- name: ric-ingress-ves
+ name: {{ include "common.ingressname.ves" . }}
spec:
rules:
- http:
paths:
- path: /vescollector
backend:
- serviceName: xdcae-ves-collector
+ serviceName: {{ include "common.servicename.ves.http" . }}
servicePort: {{ include "common.serviceport.ves.http.container" . }}
kind: Deployment\r
apiVersion: extensions/v1beta1\r
metadata:\r
- name: {{ include "vescollector.fullname" . }}\r
+ name: {{ include "common.deploymentname.ves" . }}\r
generation: 1\r
labels:\r
- app: dcae-ves-collector\r
- cfydeployment: ves\r
- cfynode: ves\r
- cfynodeinstance: ves_uj48fg\r
- k8sdeployment: dep-dcae-ves-collector\r
+ app: {{ include "common.namespace.aux" . }}-{{ include "common.name.ves" . }}\r
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}\r
+ release: {{ .Release.Name }}\r
+ heritage: {{ .Release.Service }}\r
annotations:\r
deployment.kubernetes.io/revision: '1'\r
spec:\r
replicas: {{ .Values.ves.replicaCount }}\r
selector:\r
matchLabels:\r
- app: dcae-ves-collector\r
- cfydeployment: ves\r
- cfynode: ves\r
- cfynodeinstance: ves_uj48fg\r
- k8sdeployment: dep-dcae-ves-collector\r
+ app: {{ include "common.namespace.aux" . }}-{{ include "common.name.ves" . }}\r
+ release: {{ .Release.Name }}\r
template:\r
metadata:\r
labels:\r
- app: dcae-ves-collector\r
- cfydeployment: ves\r
- cfynode: ves\r
- cfynodeinstance: ves_uj48fg\r
- k8sdeployment: dep-dcae-ves-collector\r
+ app: {{ include "common.namespace.aux" . }}-{{ include "common.name.ves" . }}\r
+ release: {{ .Release.Name }}\r
spec:\r
+ hostname: {{ include "common.name.ves" . }}\r
volumes:\r
- name: component-log\r
emptyDir: {}\r
- name: dmaap-config-file\r
configMap:\r
- name: dmaap-configmap\r
+ name: {{ include "common.configmapname.ves" . }}\r
+ imagePullPolicy: {{ include "common.pullPolicy" . }}\r
+ imagePullSecrets:\r
+ - name: onap-docker-registry-key\r
containers:\r
- - name: {{ include "common.namespace" . }}-{{include "common.name" . }}\r
+ - name: {{ include "common.containername.ves" . }}\r
image: {{ .Values.ves.onapRepository }}/{{ .Values.ves.image.name }}:{{ .Values.ves.image.tag }}\r
ports:\r
- containerPort: {{ include "common.serviceport.ves.http.container" . }}\r
protocol: TCP\r
- containerPort: {{ include "common.serviceport.ves.https.container" . }}\r
protocol: TCP\r
- env:\r
- - name: CONSUL_HOST\r
- value: consul-server.onap\r
- - name: CONFIG_BINDING_SERVICE\r
- value: config-binding-service\r
- - name: POD_IP\r
- valueFrom:\r
- fieldRef:\r
- apiVersion: v1\r
- fieldPath: status.podIP\r
- resources: {}\r
volumeMounts:\r
- name: component-log\r
mountPath: "/opt/app/VESCollector/logs/ecomp"\r
failureThreshold: 1\r
terminationMessagePath: "/dev/termination-log"\r
terminationMessagePolicy: File\r
- imagePullPolicy: IfNotPresent\r
- restartPolicy: Always\r
- terminationGracePeriodSeconds: 30\r
- dnsPolicy: ClusterFirst\r
- securityContext: {}\r
- imagePullSecrets:\r
- - name: onap-docker-registry-key\r
- hostname: dcae-ves-collector\r
- schedulerName: default-scheduler\r
- strategy:\r
- type: RollingUpdate\r
- rollingUpdate:\r
- maxUnavailable: 1\r
- maxSurge: 1\r
- revisionHistoryLimit: 10\r
- progressDeadlineSeconds: 600\r
+ restartPolicy: Always
\ No newline at end of file
kind: Service\r
apiVersion: v1\r
metadata:\r
- name: xdcae-ves-collector\r
+ name: {{ include "common.servicename.ves.http" . }}\r
labels:\r
- app: dcae-ves-collector\r
- cfydeployment: ves\r
- cfynode: ves\r
- cfynodeinstance: ves_uj48fg\r
- k8sdeployment: dep-dcae-ves-collector\r
+ app: {{ include "common.namespace.aux" . }}-{{ include "common.name.ves" . }}\r
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}\r
+ release: {{ .Release.Name }}\r
+ heritage: {{ .Release.Service }}\r
spec:\r
ports:\r
- - name: xport-t-8080\r
+ - name: http\r
protocol: TCP\r
port: {{ include "common.serviceport.ves.http.container" . }}\r
targetPort: {{ include "common.serviceport.ves.http.container" . }}\r
nodePort: {{ include "common.serviceport.ves.http" . }}\r
- - name: xport-t-8443\r
+ - name: https\r
protocol: TCP\r
port: {{ include "common.serviceport.ves.https.container" . }}\r
targetPort: {{ include "common.serviceport.ves.https.container" . }}\r
nodePort: {{ include "common.serviceport.ves.https" . }}\r
selector:\r
- app: dcae-ves-collector\r
- type: NodePort\r
- sessionAffinity: None\r
- externalTrafficPolicy: Cluster\r
-status:\r
- loadBalancer: {}\r
+ app: {{ include "common.namespace.aux" . }}-{{ include "common.name.ves" . }}\r
+ release: {{ .Release.Name }}\r
+ type: NodePort
\ No newline at end of file
{{- printf "service-%s-http" $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
+{{- define "common.servicename.ves.http" -}}
+ {{- $name := ( include "common.fullname.ves" . ) -}}
+ {{- printf "service-%s-http" $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
###################### TCP Service ##################################
--- /dev/null
+# Copyright (c) 2019 AT&T Intellectual Property.
+# Copyright (c) 2019 Nokia.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+FROM alpine
+
+MAINTAINER "RIC"
+
+LABEL name="A container with support for creating Kubernetes SSL secrets"
+
+RUN apk update
+
+RUN apk add openssl
+
+# unfortunately not available by itself in apk
+ADD https://storage.googleapis.com/kubernetes-release/release/v1.14.1/bin/linux/amd64/kubectl /bin/kubectl
+RUN chmod +x /bin/kubectl
+
+COPY bin/cert-gen.sh /bin/cert-gen.sh
+COPY bin/svcacct-to-kubeconfig.sh /bin/svcacct-to-kubeconfig.sh
+COPY bin/tls-secrets.sh /tls-secrets.sh
+
+RUN mkdir /pki
+
+CMD /tls-secrets.sh
+
--- /dev/null
+#!/bin/sh
+
+# Copyright (c) 2019 AT&T Intellectual Property.
+# Copyright (c) 2019 Nokia.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dnBase=${CERT_DN:-'/C=US/O=O-RAN Alliance/OU=O-RAN Software Community'}
+keyBits=${KEY_BITS:-4096}
+
+CAHome=${CA_DIR:-'/pki'}
+CADays=${CA_CERT_EXPIRY:-9125}
+CAKey=${CAHome}/${CA_KEY_NAME:-ca.key.pem}
+CACert=${CAHome}/${CA_CERT_NAME:-ca.cert.pem}
+#
+CertHome=${CERT_DIR:-$CAHome}
+#
+TillerDays=${TILLER_CERT_EXPIRY:-3650}
+TillerKey=${CertHome}/${TILLER_KEY_NAME:-tiller.key.pem}
+TillerCert=${CertHome}/${TILLER_CERT_NAME:-tiller.cert.pem}
+TillerCN=${TILLER_CN:-tiller}
+#
+HelmDays=${HELM_CERT_EXPIRY:-3650}
+HelmKey=${CertHome}/${HELM_KEY_NAME:-helm.key.pem}
+HelmCert=${CertHome}/${HELM_CERT_NAME:-helm.cert.pem}
+HelmCN=${HELM_CN:-helm}
+
+# 1. CA
+if [ ! -d ${CAHome} ]; then
+ mkdir -p ${CAHome}
+fi
+if [ ! -f ${CAKey} ]; then
+ openssl genrsa -out ${CAKey} ${keyBits}
+fi
+if [ ! -f ${CACert} ]; then
+ openssl req -new -x509 -extensions v3_ca -sha256 -days ${CADays} \
+ -key ${CAKey} \
+ -out ${CACert} \
+ -subj "${dnBase}"
+fi
+
+# 2. tiller server cert
+if [ ! -f ${TillerKey} ]; then
+ openssl genrsa -out ${TillerKey} ${keyBits}
+fi
+if [ ! -f ${TillerCert} ]; then
+ CSR=`mktemp`
+ openssl req -new -sha256 \
+ -key ${TillerKey} \
+ -out ${CSR} \
+ -subj "${dnBase}/CN=${TillerCN}"
+ openssl x509 -req -CAcreateserial -days ${TillerDays} \
+ -CA ${CACert} \
+ -CAkey ${CAKey} \
+ -in ${CSR} \
+ -out ${TillerCert}
+fi
+
+# 3. helm client cert
+if [ ! -f ${HelmKey} ]; then
+ openssl genrsa -out ${HelmKey} ${keyBits}
+fi
+if [ ! -f ${HelmCert} ]; then
+ CSR=`mktemp`
+ openssl req -new -sha256 \
+ -key ${HelmKey} \
+ -out ${CSR} \
+ -subj "${dnBase}/CN=${HelmCN}"
+ openssl x509 -req -CAcreateserial -days ${HelmDays} \
+ -CA ${CACert} \
+ -CAkey ${CAKey} \
+ -in ${CSR} \
+ -out ${HelmCert}
+fi
--- /dev/null
+#!/bin/sh
+
+# Copyright (c) 2019 AT&T Intellectual Property.
+# Copyright (c) 2019 Nokia.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# generate a kubconfig (at ${KUBECONFIG} file from the automatically-mounted
+# service account token.
+# ENVIRONMENT:
+# SVCACCT_NAME: the name of the service account user. default "default"
+# CLUSTER_NAME: the name of the kubernetes cluster. default "kubernetes"
+# KUBECONFIG: where the generated file will be deposited.
+SVCACCT_TOKEN=`cat /var/run/secrets/kubernetes.io/serviceaccount/token`
+CLUSTER_CA=`base64 /var/run/secrets/kubernetes.io/serviceaccount/ca.crt|tr -d '\n'`
+
+cat >${KUBECONFIG} <<__EOF__
+ApiVersion: v1
+kind: Config
+users:
+- name: ${SVCACCT_NAME:-default}
+ user:
+ token: ${SVCACCT_TOKEN}
+clusters:
+- cluster:
+ certificate-authority-data: ${CLUSTER_CA}
+ server: https://kubernetes.default.svc.cluster.local/
+ name: ${CLUSTER_NAME:-kubernetes}
+contexts:
+- context:
+ cluster: ${CLUSTER_NAME:-kubernetes}
+ user: ${SVCACCT_NAME:-default}
+ name: svcs-acct-context
+current-context: svcs-acct-context
+__EOF__
--- /dev/null
+#!/bin/sh
+
+# Copyright (c) 2019 AT&T Intellectual Property.
+# Copyright (c) 2019 Nokia.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -x
+
+export ENTITIES=${ENTITIES:-helm tiller}
+export KUBECONFIG=${KUBECONFIG:-/kubeconfig}
+export CA_DIR=${CA_DIR:-/pki}
+if [ ! -z ${TARGET_NAMESPACE} ]; then
+ SECRET_NS="--namespace ${TARGET_NAMESPACE}"
+else
+ SECRET_NS=''
+fi
+
+if [ ! -f ${KUBECONFIG} ]; then
+ export SVCACCT_NAME=${SVCACCT_NAME:-tiller}
+ /bin/svcacct-to-kubeconfig.sh
+fi
+
+if [ ! -f ${CA_DIR}/helm.key.pem -o \
+ ! -f ${CA_DIR}/tiller.key.pem ]; then
+ /bin/cert-gen.sh
+fi
+
+# i'm assuming we can just lose the CA key.
+for entity in ${ENTITIES}; do
+ kubectl create secret generic \
+ --from-file=ca.crt=/pki/ca.cert.pem \
+ --from-file=tls.crt=/pki/${entity}.cert.pem \
+ --from-file=tls.key=/pki/${entity}.key.pem \
+ ${SECRET_NS} ${entity}
+
+ kubectl label secret \
+ ${SECRET_NS} ${entity} \
+ app=helm \
+ name=${entity}
+done
--- /dev/null
+---
+tag: 0.0.1