global:
# Docker registry from which RIC platform components pull the images
repository: nexus3.o-ran-sc.org:10004
-
+
# Name of the K8S docker credential that is onboarded by 20-credential
repositoryCred: docker-reg-cred
imagePullPolicy: Always
# Helm repo that will be used by xApp manager
- helmRepository: "https://helm-entry"
+ helmRepository: "http://service-ricinfra-chartmuseum-http.ricinfra:8080"
# Certificate of the helm repo
helmRepositoryCert: xapp-mgr-certs
# Name of the K8S secret that contains the credential of the helm repo
helmRepositoryCred: xapp-mgr-creds
- # The name of the tiller that xApp helm client talks to
- helmRepositoryTiller: tiller-deploy
-
- # The namespace of the xApp helm tiller
- helmRepositoryTillerNamespace: kube-system
-
- # The port the xApp helm tiller is listening to
- helmRepositoryTillerPort: 44134
-
# The ingress URL definitions for the ingress controller in four namespaces
ingressurl:
platform: ricplt-entry
localnexus: nexus-entry
localhelm: helm-entry
localdocker: docker-entry
-
+
+ tillers:
+ ricxapp:
+ name: ricxapp
+ nameSpace: ricxapp
+ deployNameSpace: ricinfra
+ image:
+ tillerTLSSecrets:
+ repository: nexus3.o-ran-sc.org:10004
+ name: it-dep-secret
+ tag: 0.0.1
+ tiller:
+ repository: gcr.io
+ name: kubernetes-helm/tiller
+ tag: v2.12.3
+ secret:
+ create: true
+ tillerSecretName: secret-tiller-ricxapp
+ helmSecretName: secret-helm-client-ricxapp
+ tls:
+ authenticate: true
+ verify: true
+ serviceAccount:
+ name: tiller
+ role:
+ - apiGroups: [""]
+ resources: ["pods", "configmaps", "services"]
+ verbs: ["get", "list", "create", "delete"]
+ - apiGroups: ["extensions", "apps"]
+ resources: ["deployments"]
+ verbs: ["get", "list", "create", "delete"]
+ port: 44134
+
#-------------------------------------------------------------------------
# Auxiliary Functions
#-------------------------------------------------------------------------
global:
# Docker registry from which RIC platform components pull the images
repository: nexus3.o-ran-sc.org:10004
-
+
# Name of the K8S docker credential that is onboarded by 20-credential
repositoryCred: docker-reg-cred
# Name of the K8S secret that contains the credential of the helm repo
helmRepositoryCred: xapp-mgr-creds
- # The name of the tiller that xApp helm client talks to
- helmRepositoryTiller: tiller-deploy
-
- # The namespace of the xApp helm tiller
- helmRepositoryTillerNamespace: kube-system
-
- # The port the xApp helm tiller is listening to
- helmRepositoryTillerPort: 44134
-
# The ingress URL definitions for the ingress controller in four namespaces
ingressurl:
platform: ricplt-entry
localnexus: nexus-entry
localhelm: helm-entry
localdocker: docker-entry
+
+ tillers:
+ ricxapp:
+ name: ricxapp
+ nameSpace: ricxapp
+ deployNameSpace: ricinfra
+ image:
+ tillerTLSSecrets:
+ repository: nexus3.o-ran-sc.org:10004
+ name: it-dep-secret
+ tag: 0.0.1
+ tiller:
+ repository: gcr.io
+ name: kubernetes-helm/tiller
+ tag: v2.12.3
+ secret:
+ create: true
+ tillerSecretName: secret-tiller-ricxapp
+ helmSecretName: secret-helm-client-ricxapp
+ tls:
+ authenticate: true
+ verify: true
+ serviceAccount:
+ name: tiller
+ role:
+ - apiGroups: [""]
+ resources: ["pods", "configmaps", "services"]
+ verbs: ["get", "list", "create", "delete"]
+ - apiGroups: ["extensions", "apps"]
+ resources: ["deployments"]
+ verbs: ["get", "list", "create", "delete"]
+ port: 44134
+
#-------------------------------------------------------------------------
# Infrastructure
#-------------------------------------------------------------------------
global:
# Docker registry from which RIC platform components pull the images
repository: nexus3.o-ran-sc.org:10004
-
+
# Name of the K8S docker credential that is onboarded by 20-credential
repositoryCred: docker-reg-cred
# Name of the K8S secret that contains the credential of the helm repo
helmRepositoryCred: xapp-mgr-creds
- # The name of the tiller that xApp helm client talks to
- helmRepositoryTiller: tiller-deploy
-
- # The namespace of the xApp helm tiller
- helmRepositoryTillerNamespace: kube-system
-
- # The port the xApp helm tiller is listening to
- helmRepositoryTillerPort: 44134
-
# The ingress URL definitions for the ingress controller in four namespaces
ingressurl:
platform: ricplt-entry
localhelm: helm-entry
localdocker: docker-entry
+ tillers:
+ ricxapp:
+ name: ricxapp
+ nameSpace: ricxapp
+ deployNameSpace: ricinfra
+ image:
+ tillerTLSSecrets:
+ repository: nexus3.o-ran-sc.org:10004
+ name: it-dep-secret
+ tag: 0.0.1
+ tiller:
+ repository: gcr.io
+ name: kubernetes-helm/tiller
+ tag: v2.12.3
+ secret:
+ create: true
+ tillerSecretName: secret-tiller-ricxapp
+ helmSecretName: secret-helm-client-ricxapp
+ tls:
+ authenticate: true
+ verify: true
+ serviceAccount:
+ name: tiller
+ role:
+ - apiGroups: [""]
+ resources: ["pods", "configmaps", "services"]
+ verbs: ["get", "list", "create", "delete"]
+ - apiGroups: ["extensions", "apps"]
+ resources: ["deployments"]
+ verbs: ["get", "list", "create", "delete"]
+ port: 44134
+
+
#-------------------------------------------------------------------------
# Platform Components
#-------------------------------------------------------------------------
# repositoryOverride:
image:
name: ric-plt-a1
- tag: 0.9.0
+ tag: 0.10.1
rmr_timeout_config:
rcv_retry_interval_ms: 500
rcv_retry_times: 20
# Use the following option to override the docker registry value
# repositoryOverride:
image:
+ init:
+ name: it-dep-init
+ tag: 0.0.1
name: ric-plt-appmgr
tag: 0.1.5
# repositoryOverride:
image:
name: ric-plt-rtmgr
- tag: 0.3.1
+ tag: 0.3.2
# Subscription Manager
submgr:
<IP_ADDRESS of the AUX cluster>
ricip:
# The ip address of the ric cluster ingress controller
- <IP_ADDRESS of the RIC cluster>
\ No newline at end of file
+ <IP_ADDRESS of the RIC cluster>
apiVersion: v1
description: Common templates for inclusion in other charts
name: ric-common
-version: 2.0.0
+version: 2.0.2
{{- end -}}
-{{/*
- Resolve the helm repository tiller service name.
- The tiller should be installed by K8S system admin.
- The value for .Values.helmRepositoryTiller is used by default,
- unless either override mechanism is used.
-
- - .Values.global.helmrepositoryTiller : override default helm repository tiller
- - .Values.helmRepositoryTillerOverride : override global and default helm repository tiller
-*/}}
-{{- define "common.helmrepositorytiller" -}}
- {{- if .Values.helmRepositoryTillerOverride -}}
- {{- printf "%s" .Values.helmRepositoryTillerOverride -}}
- {{- else -}}
- {{- if .Values.global -}}
- {{- if .Values.global.helmRepositoryTiller -}}
- {{- printf "%s" .Values.global.helmRepositoryTiller -}}
- {{- else -}}
- {{- printf "%s" .Values.helmRepositoryTiller -}}
- {{- end -}}
- {{- else -}}
- {{- printf "%s" .Values.helmRepositoryTiller -}}
- {{- end -}}
- {{- end -}}
-{{- end -}}
-
-
-{{/*
- Resolve the helm repository tiller service namespace.
- The tiller should be installed by K8S system admin.
- The value for .Values.helmRepositoryTillerNamespace is used by default,
- unless either override mechanism is used.
-
- - .Values.global.helmrepositoryTillerNamespace : override default helm repository tiller namespace
- - .Values.helmRepositoryTillerNamespaceOverride : override global and default helm repository tiller namespace
-*/}}
-{{- define "common.helmrepositorytillernamespace" -}}
- {{- if .Values.helmRepositoryTillerNamespaceOverride -}}
- {{- printf "%s" .Values.helmRepositoryTillerNamespaceOverride -}}
- {{- else -}}
- {{- if .Values.global -}}
- {{- if .Values.global.helmRepositoryTillerNamespace -}}
- {{- printf "%s" .Values.global.helmRepositoryTillerNamespace -}}
- {{- else -}}
- {{- printf "%s" .Values.helmRepositoryTillerNamespace -}}
- {{- end -}}
- {{- else -}}
- {{- printf "%s" .Values.helmRepositoryTillerNamespace -}}
- {{- end -}}
- {{- end -}}
-{{- end -}}
-
-
-{{/*
- Resolve the helm repository tiller service port.
- The tiller should be installed by K8S system admin.
- The value for .Values.helmRepositoryTillerPort is used by default,
- unless either override mechanism is used.
-
- - .Values.global.helmrepositoryTillerPort : override default helm repository tiller port
- - .Values.helmRepositoryTillerPortOverride : override global and default helm repository tiller port
-*/}}
-{{- define "common.helmrepositorytillerport" -}}
- {{- if .Values.helmRepositoryTillerPortOverride -}}
- {{- printf "%.0f" .Values.helmRepositoryTillerPortOverride -}}
- {{- else -}}
- {{- if .Values.global -}}
- {{- if .Values.global.helmRepositoryTillerPort -}}
- {{- printf "%.0f" .Values.global.helmRepositoryTillerPort -}}
- {{- else -}}
- {{- printf "%.0f" .Values.helmRepositoryTillerPort -}}
- {{- end -}}
- {{- else -}}
- {{- printf "%.0f" .Values.helmRepositoryTillerPort -}}
- {{- end -}}
- {{- end -}}
-{{- end -}}
{{/*
Generate certificates for the helm repo
--- /dev/null
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# Copyright (c) 2019 Nokia. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+{{- define "recursiveprinter" -}}
+ {{- $ctx := .ctx }}
+ {{- $printkeys := .printkeys }}
+ {{- $currentkey := first $printkeys -}}
+ {{- $restkeys := rest $printkeys -}}
+ {{- if empty $restkeys -}}
+ {{- $result := index $ctx $currentkey -}}
+ {{- if not (empty $result) -}}
+ {{- $result -}}
+ {{- end -}}
+ {{- else -}}
+ {{- with index $ctx $currentkey }}
+ {{- $newctx := dict "ctx" . "printkeys" $restkeys -}}
+ {{- include "recursiveprinter" $newctx -}}
+ {{- end -}}
+ {{- end -}}
+{{- end -}}
+
+{{- define "printer" -}}
+ {{- $topctx := .ctx }}
+ {{- if hasKey $topctx.Values "global" }}
+ {{- if hasKey $topctx.Values.global "tillers" }}
+ {{- $ctx := index $topctx.Values.global.tillers .key -}}
+ {{- if not (empty $ctx) -}}
+ {{- $newctx := dict "ctx" $ctx "printkeys" .printkey -}}
+ {{- include "recursiveprinter" $newctx -}}
+ {{- end -}}
+ {{- end -}}
+ {{- end -}}
+{{- end -}}
+
+
+
+
+{{- define "common.tillerName" -}}
+ {{- $printkey := list "name" -}}
+ {{- $newctx := dict "ctx" .ctx "key" .key "printkey" $printkey }}
+ {{- default "tiller-deploy" (include "printer" $newctx) -}}
+{{- end -}}
+
+
+{{- define "common.tillerNameSpace" -}}
+ {{- $printkey := list "nameSpace" -}}
+ {{- $newctx := dict "ctx" .ctx "key" .key "printkey" $printkey }}
+ {{- default "kube-system" (include "printer" $newctx) -}}
+{{- end -}}
+
+{{- define "common.tillerDeployNameSpace" -}}
+ {{- $printkey := list "deployNameSpace" -}}
+ {{- $newctx := dict "ctx" .ctx "key" .key "printkey" $printkey }}
+ {{- default "kube-system" (include "printer" $newctx) -}}
+{{- end -}}
+
+
+
+{{- define "common.tillerPort" -}}
+ {{- $printkey := list "port" -}}
+ {{- $newctx := dict "ctx" .ctx "key" .key "printkey" $printkey }}
+ {{- default 44134 (include "printer" $newctx) -}}
+{{- end -}}
+
+
+
+
+{{- define "common.tillerTLSVerify" -}}
+ {{- $printkey := list "tls" "verify" -}}
+ {{- $newctx := dict "ctx" .ctx "key" .key "printkey" $printkey }}
+ {{- default false (include "printer" $newctx) -}}
+{{- end -}}
+
+
+{{- define "common.tillerTLSAuthenticate" -}}
+ {{- $printkey := list "tls" "authenticate" -}}
+ {{- $newctx := dict "ctx" .ctx "key" .key "printkey" $printkey }}
+ {{- default false (include "printer" $newctx) -}}
+{{- end -}}
+
+{{- define "common.tillerHelmClientTLSSecret" -}}
+ {{- $tlsverify := include "common.tillerTLSVerify" . }}
+ {{- $tlsauthenticate := include "common.tillerTLSAuthenticate" . }}
+ {{- if or (eq $tlsverify "true") (eq $tlsauthenticate "true") }}
+ {{- $printkey := list "secret" "helmSecretName" -}}
+ {{- $newctx := dict "ctx" .ctx "key" .key "printkey" $printkey }}
+ {{- default "" (include "printer" $newctx) -}}
+ {{- else -}}
+ {{- printf "" -}}
+ {{- end }}
+{{- end -}}
+
+
+
+
+{{- define "common.serviceaccountname.tiller" -}}
+ {{- $name := ( include "common.tillerName" . ) -}}
+ {{- printf "svcacct-tiller-%s" $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+
+
+{{- define "common.deploymentname.tiller" -}}
+ {{- $name := ( include "common.tillerName" . ) -}}
+ {{- printf "deployment-tiller-%s" $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+
+{{- define "common.servicename.tiller" -}}
+ {{- $topctx := .ctx }}
+ {{- if hasKey $topctx.Values "global" }}
+ {{- if hasKey $topctx.Values.global "tillers" }}
+ {{- $ctx := index $topctx.Values.global.tillers .key -}}
+ {{- if not (empty $ctx) -}}
+ {{- if hasKey $ctx "name" -}}
+ {{- $name := include "common.tillerName" . -}}
+ {{- printf "service-tiller-%s" $name | trunc 63 | trimSuffix "-" -}}
+ {{- else -}}
+ {{ "tiller-deploy" }}
+ {{- end -}}
+ {{- else -}}
+ {{ "tiller-deploy" }}
+ {{- end -}}
+ {{- else -}}
+ {{ "tiller-deploy" }}
+ {{- end -}}
+ {{- else -}}
+ {{ "tiller-deploy" }}
+ {{- end -}}
+{{- end -}}
+
+{{- define "common.tillerEndpoint" -}}
+ {{- $servicename := ( include "common.servicename.tiller" . ) -}}
+ {{- $deploynamespace := ( include "common.tillerDeployNameSpace" . ) -}}
+ {{- printf "%s.%s" $servicename $deploynamespace -}}
+{{- end -}}
--- /dev/null
+#!/bin/bash
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# Copyright (c) 2019 Nokia. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+
+OVERRIDEYAML=$1
+
+
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null && pwd )"
+
+source $DIR/../etc/tiller.conf
+
+if [ -z "$RICINFRA_RELEASE_NAME" ];then
+ RELEASE_NAME=$helm_release_name
+else
+ RELEASE_NAME=$RICINFRA_RELEASE_NAME
+fi
+# Namespace configuration
+if [ -z "$RICPLT_NAMESPACE" ];then
+ PLT_NAMESPACE=$plt_namespace
+else
+ PLT_NAMESPACE=$RICPLT_NAMESPACE
+fi
+if [ -z "$RICXAPP_NAMESPACE" ];then
+ XAPP_NAMESPACE=$xapp_namespace
+else
+ XAPP_NAMESPACE=$RICXAPP_NAMESPACE
+fi
+if [ -z "$RICAUX_NAMESPACE" ];then
+ AUX_NAMESPACE=$aux_namespace
+else
+ AUX_NAMESPACE=$RICAUX_NAMESPACE
+fi
+if [ -z "$RICINFRA_NAMESPACE" ];then
+ INFRA_NAMESPACE=$infra_namespace
+else
+ INFRA_NAMESPACE=$RICINFRA_NAMESPACE
+fi
+
+if [ -z "$RIC_COMMON_OVERRIDE" ];then
+ COMMON_OVERRIDE="--set global.namespace.platform=$PLT_NAMESPACE --set global.namespace.xapp=$XAPP_NAMESPACE --set global.namespace.aux=$AUX_NAMESPACE --set global.namespace.infra=$INFRA_NAMESPACE"
+else
+ COMMON_OVERRIDE=$RIC_COMMON_OVERRIDE
+fi
+
+
+
+
+RICINFRA_COMPONENTS="ricplt-tiller"
+
+echo "Deploying RIC infra components [$RICINFRA_COMPONENTS]"
+echo "Helm Release Name: $RELEASE_NAME"
+
+
+COMMON_CHART_VERSION=$(cat $DIR/../../../ric-common/Common-Template/helm/ric-common/Chart.yaml | grep version | awk '{print $2}')
+helm package -d /tmp $DIR/../../../ric-common/Common-Template/helm/ric-common
+
+
+
+for component in $RICINFRA_COMPONENTS; do
+
+ mkdir -p $DIR/../helm/$component/charts/
+
+ cp /tmp/ric-common-$COMMON_CHART_VERSION.tgz $DIR/../helm/$component/charts/
+
+ if [ -z $OVERRIDEYAML ]; then
+ helm install --debug --namespace "${INFRA_NAMESPACE}" --name "${RELEASE_NAME}-$component" $COMMON_OVERRIDE $DIR/../helm/$component
+ else
+ helm install -f $OVERRIDEYAML --namespace "${INFRA_NAMESPACE}" --name "${RELEASE_NAME}-$component" $COMMON_OVERRIDE $DIR/../helm/$component
+ fi
+done
--- /dev/null
+#!/bin/bash
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# Copyright (c) 2019 Nokia. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+
+
+
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null && pwd )"
+
+
+source $DIR/../etc/tiller.conf
+
+if [ -z "$RICINFRA_RELEASE_NAME" ];then
+ RELEASE_NAME=$helm_release_name
+else
+ RELEASE_NAME=$RICINFRA_RELEASE_NAME
+fi
+
+if [ -z "$RICINFRA_NAMESPACE" ];then
+ INFRA_NAMESPACE=$infra_namespace
+else
+ INFRA_NAMESPACE=$RICINFRA_NAMESPACE
+fi
+
+RICINFRA_COMPONENTS="ricplt-tiller"
+
+echo "Undeploying RIC infra components [$RICINFRA_COMPONENTS]"
+echo "Helm Release Name: $RELEASE_NAME"
+
+
+for component in $RICINFRA_COMPONENTS; do
+ helm delete --purge "${RELEASE_NAME}-${component}"
+done
+
+
+# We need to manually delete the secret creates by the secret container
+SECRET_LIST=$(kubectl get secret -n ricinfra | awk '{ if ($2=="Opaque"){ print $1}}')
+
+for component in $SECRET_LIST; do
+ kubectl delete secret -n $INFRA_NAMESPACE $component
+done
--- /dev/null
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# Copyright (c) 2019 Nokia. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+
+# helm_release_name defines the release name helm will use to deploy RIC
+# It will be overrided by RICPLT_RELEASE_NAME
+helm_release_name=r1
+
+# namespace defines the namespace that helm will use to deploy RIC
+# It will be overrided by RICPLT_NAMESPACE
+plt_namespace=ricplt
+
+# namespace defines the namespace that helm will use to deploy RIC
+# It will be overrided by RICXAPP_NAMESPACE
+xapp_namespace=ricxapp
+
+# namespace defines the namespace that helm will use to deploy RIC
+# It will be overrided by RICAUX_NAMESPACE
+aux_namespace=ricaux
+
+# namespace defines the namespace that helm will use to deploy RIC
+# It will be overrided by RICINFRA_NAMESPACE
+infra_namespace=ricinfra
--- /dev/null
+apiVersion: v1
+appVersion: "1.0"
+description: Create SSL secrets for tiller
+name: ricplt-tiller
+version: 0.1.0
--- /dev/null
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# Copyright (c) 2019 Nokia. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+dependencies:
+ - name: ric-common
+ version: ~2.0.0
--- /dev/null
+{{/*
+ Copyright (c) 2019 AT&T Intellectual Property.
+ Copyright (c) 2019 Nokia.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+*/}}
+{{- if .Values.global }}
+{{- if .Values.global.tillers }}
+{{- $topCtx := . }}
+{{- range keys .Values.global.tillers }}
+{{- $key := . }}
+{{- with index $topCtx.Values.global.tillers . }}
+{{- $nameSpace := .nameSpace }}
+{{- $deployNameSpace := .deployNameSpace }}
+{{- $img := .image.tiller }}
+{{- $secretName := default "tiller-secret" .secret.tillerSecretName }}
+{{- $ctx := dict "ctx" $topCtx "key" $key }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "common.serviceaccountname.tiller" $ctx }}
+ namespace: {{ $deployNameSpace }}
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: Role
+metadata:
+ name: {{ include "common.tillerName" $ctx }}-tiller-base
+ namespace: {{ $nameSpace }}
+rules:
+- apiGroups: [""]
+ resources: ["secrets"]
+ resourceNames: [ {{ $secretName }} ]
+ verbs: ["get"]
+- apiGroups: [""]
+ resources: ["pods/portforward"]
+ verbs: ["create"]
+- apiGroups: [""]
+ resources: ["pods", "configmaps", "deployments", "services"]
+ verbs: ["get", "list", "create", "delete"]
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: RoleBinding
+metadata:
+ name: {{ include "common.serviceaccountname.tiller" $ctx }}-{{ $nameSpace }}-tiller-base
+ namespace: {{ $nameSpace }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: {{ include "common.tillerName" $ctx }}-tiller-base
+subjects:
+ - kind: ServiceAccount
+ name: {{ include "common.serviceaccountname.tiller" $ctx }}
+ namespace: {{ $deployNameSpace }}
+{{- if .serviceAccount.role }}
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: Role
+metadata:
+ name: {{ include "common.tillerName" $ctx }}-tiller-deployer
+ namespace: {{ $nameSpace }}
+rules:
+{{ toYaml .serviceAccount.role }}
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: RoleBinding
+metadata:
+ name: {{ include "common.serviceaccountname.tiller" $ctx }}-{{ $nameSpace }}-tiller-deployer
+ namespace: {{ $nameSpace }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: {{ include "common.tillerName" $ctx }}-tiller-deployer
+subjects:
+ - kind: ServiceAccount
+ name: {{ include "common.serviceaccountname.tiller" $ctx }}
+ namespace: {{ $deployNameSpace }}
+{{- end }}
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ labels:
+ app: helm
+ name: tiller
+ name: {{ include "common.deploymentname.tiller" $ctx }}
+ namespace: {{ $deployNameSpace }}
+spec:
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ app: helm
+ name: tiller
+ spec:
+ automountServiceAccountToken: true
+ imagePullSecrets:
+ {{- if $img.repositoryCred }}
+ - name: {{ $img.repositoryCred }}
+ {{- else }}
+ - name: {{ include "common.repositoryCred" $topCtx }}
+ {{- end }}
+ containers:
+ - env:
+ - name: TILLER_NAMESPACE
+ value: {{ $deployNameSpace }}
+ - name: TILLER_HISTORY_MAX
+ value: "0"
+ - name: TILLER_TLS_VERIFY
+ value: "1"
+ - name: TILLER_TLS_ENABLE
+ value: "1"
+ - name: TILLER_TLS_CERTS
+ value: /etc/certs
+ image: {{ if $img.repository }}{{- $img.repository -}}/{{ else }}{{ include "common.repository" $topCtx -}}/{{- end -}}{{- $img.name -}}{{- if $img.tag -}} : {{- $img.tag -}} {{- end }}
+ imagePullPolicy: {{ default "IfNotPresent" $img.pullPolicy }}
+ livenessProbe:
+ httpGet:
+ path: /liveness
+ port: 44135
+ initialDelaySeconds: 1
+ timeoutSeconds: 1
+ name: tiller
+ ports:
+ - containerPort: 44134
+ name: tiller
+ - containerPort: 44135
+ name: http
+ readinessProbe:
+ httpGet:
+ path: /readiness
+ port: 44135
+ initialDelaySeconds: 1
+ timeoutSeconds: 1
+ volumeMounts:
+ - mountPath: /etc/certs
+ name: tiller-certs
+ readOnly: true
+ serviceAccountName: {{ include "common.serviceaccountname.tiller" $ctx }}
+ volumes:
+ - name: tiller-certs
+ secret:
+ secretName: {{ $secretName }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+ creationTimestamp: null
+ labels:
+ app: helm
+ name: tiller
+ name: {{ include "common.servicename.tiller" $ctx }}
+ namespace: {{ $deployNameSpace }}
+spec:
+ ports:
+ - name: tiller
+ port: {{ default 44134 .port }}
+ targetPort: tiller
+ selector:
+ app: helm
+ name: tiller
+ type: ClusterIP
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
--- /dev/null
+{{/*
+ Copyright (c) 2019 AT&T Intellectual Property.
+ Copyright (c) 2019 Nokia.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+*/}}
+
+{{- if .Values.global }}
+{{- if .Values.global.tillers }}
+{{- $topCtx := . }}
+{{- range keys .Values.global.tillers }}
+{{- $key := . }}
+{{- with index $topCtx.Values.global.tillers . }}
+{{- $img := .image.tillerTLSSecrets }}
+{{- $tillerSecret := default "tiller-secret" .secret.tillerSecretName }}
+{{- $helmSecret := default "helm-secret" .secret.helmSecretName }}
+{{- $serviceAccountName := default "tiller" .serviceAccount }}
+{{- $nameSpace := .nameSpace }}
+{{- $deployNameSpace := .deployNameSpace }}
+{{- $img := .image.tillerTLSSecrets }}
+{{- $ctx := dict "ctx" $topCtx "key" $key }}
+{{- if .secret.create }}
+{{- $serviceAccountName := randAlpha 6 | lower | printf "tiller-secret-creator-%s" }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ $serviceAccountName }}
+ namespace: {{ $deployNameSpace }}
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: Role
+metadata:
+ name: {{ $serviceAccountName }}-secret-create
+ namespace: {{ $deployNameSpace }}
+rules:
+- apiGroups: [""]
+ resources: ["secrets"]
+ verbs: ["create", "get", "patch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: RoleBinding
+metadata:
+ name: {{ $serviceAccountName }}-secret-create
+ namespace: {{ $deployNameSpace }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: {{ $serviceAccountName }}-secret-create
+subjects:
+ - kind: ServiceAccount
+ name: {{ $serviceAccountName }}
+ namespace: {{ $deployNameSpace }}
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: tiller-secret-generator
+ namespace: {{ $deployNameSpace }}
+spec:
+ template:
+ spec:
+ serviceAccountName: {{ $serviceAccountName }}
+ restartPolicy: Never
+ imagePullSecrets:
+ {{- if $img.repositoryCred }}
+ - name: {{ $img.repositoryCred }}
+ {{- else }}
+ - name: {{ include "common.repositoryCred" $topCtx }}
+ {{- end }}
+ containers:
+ - name: tiller-secret-generator
+ image: {{ if $img.repository }}{{- $img.repository -}}/{{ else }} {{ include "common.repository" $topCtx -}}/{{- end -}}{{- $img.name -}}{{- if $img.tag -}} : {{- $img.tag -}} {{- end }}
+ imagePullPolicy: {{ default "IfNotPresent" $img.pullPolicy }}
+ env:
+ - name: ENTITIES
+ value: {{ tuple $tillerSecret $helmSecret | join " " }}
+ - name: TILLER_KEY_NAME
+ value: {{ $tillerSecret }}.key.pem
+ - name: TILLER_CERT_NAME
+ value: {{ $tillerSecret }}.cert.pem
+ - name: HELM_KEY_NAME
+ value: {{ $helmSecret }}.key.pem
+ - name: HELM_CERT_NAME
+ value: {{ $helmSecret }}.cert.pem
+ - name: TILLER_CN
+ value: {{ default ( include "common.servicename.tiller" $ctx ) .hostname }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
--- /dev/null
+tillers:
+# ricxapp:
+# image:
+# tillerTLSSecrets:
+# name: it-dep-secrets
+# tiller:
+# repository: gcr.io
+# name: kubernetes-helm/tiller
+# tag: v2.12.3
+# secret:
+# create: true
+# tillerSecretName: ricxapp-tiller-secret
+# helmSecretName: ricxapp-helm-secret
+# tls:
+# authenticate: true
+# verify: true
+# serviceAccount:
+# name: tiller
+# role:
+# - apiGroups: [""]
+# resources: ["pods", "configmaps", "services"]
+# verbs: ["get", "list", "create", "delete"]
+# - apiGroups: ["extensions", "apps"]
+# resources: ["deployments"]
+# verbs: ["get", "list", "create", "delete"]
+# port: 44134
{
"name":"admission_control_policy",
"description":"various parameters to control admission of dual connection",
- "message_receives_rmr_type":"DC_ADMISSION_INTERVAL_CONTROL",
+ "control_state_request_rmr_type":"DC_ADM_GET_POLICY",
+ "control_state_request_reply_rmr_type":"DC_ADM_GET_POLICY_ACK",
+ "message_receives_rmr_type":"DC_ADM_INT_CONTROL",
"message_receives_payload_schema":{
"$schema":"http://json-schema.org/draft-07/schema#",
"type":"object",
],
"additionalProperties":false
},
- "message_sends_rmr_type":"DC_ADMISSION_INTERVAL_CONTROL_ACK",
+ "message_sends_rmr_type":"DC_ADM_INT_CONTROL_ACK",
"message_sends_payload_schema":{
"$schema":"http://json-schema.org/draft-07/schema#",
"type":"object",
-DC_ADMISSION_INTERVAL_CONTROL:20000
-DC_ADMISSION_INTERVAL_CONTROL_ACK:20001
+DC_ADM_INT_CONTROL:20000
+DC_ADM_INT_CONTROL_ACK:20001
+DC_ADM_GET_POLICY: 20002
+DC_ADM_GET_POLICY_ACK: 20003
+
rte|10361|{{ include "common.servicename.e2mgr.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2mgr.rmr.data" . }}
rte|10362|{{ include "common.servicename.e2mgr.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2mgr.rmr.data" . }}
rte|12010|{{ include "common.servicename.e2term.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2term.rmr.data" . }}
- rte|20001|{{ include "common.servicename.a1mediator.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.a1mediator.rmr.data" . }}
rte|12011|service-ricxapp-admctrl-rmr.{{ include "common.namespace.xapp" . }}:4563
rte|12012|service-ricxapp-admctrl-rmr.{{ include "common.namespace.xapp" . }}:4563
rte|12021|service-ricxapp-admctrl-rmr.{{ include "common.namespace.xapp" . }}:4563;service-ricxapp-ueec-rmr.{{ include "common.namespace.xapp" . }}:4560
rte|12022|service-ricxapp-admctrl-rmr.{{ include "common.namespace.xapp" . }}:4563;service-ricxapp-ueec-rmr.{{ include "common.namespace.xapp" . }}:4560
rte|12050|service-ricxapp-admctrl-rmr.{{ include "common.namespace.xapp" . }}:4563;service-ricxapp-ueec-rmr.{{ include "common.namespace.xapp" . }}:4560
rte|20000|service-ricxapp-admctrl-rmr.{{ include "common.namespace.xapp" . }}:4563
+ rte|20002|service-ricxapp-admctrl-rmr.{{ include "common.namespace.xapp" . }}:4563
+ rte|20001|{{ include "common.servicename.a1mediator.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.a1mediator.rmr.data" . }}
+ rte|20003|{{ include "common.servicename.a1mediator.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.a1mediator.rmr.data" . }}
newrt|end
rmr_string_int_mapping.txt: {{ tpl (.Files.Get "resources/rmr_string_int_mapping.txt") . | quote }}
ricmanifest.json: {{ tpl (.Files.Get "resources/ricmanifest.json") . | quote }}
protocol: TCP
livenessProbe:
httpGet:
- path: /ui
+ path: /healthcheck
port: http
readinessProbe:
httpGet:
- path: /ui
+ path: /healthcheck
port: http
volumes:
- name: "a1conf"
image:
name: ric-plt-a1
- tag: 0.8.3
+ tag: 0.10.2
- # Service ports are now defined in
+ # Service ports are now defined in
# ric-common/Common-Template/helm/ric-common/templates/_ports.tpl file.
# If need to change a service port, make the code change necessary, then
# update the _ports.tpl file with the new port number.
# See the License for the specific language governing permissions and #
# limitations under the License. #
################################################################################
-
+{{- $tillerKey := .Values.appmgr.tillerkey | default "ricxapp" }}
+{{- $topCtx := . }}
+{{- $ctx := dict "ctx" $topCtx "key" $tillerKey }}
apiVersion: v1
kind: ConfigMap
metadata:
{{- $restport := (printf ":%s" (include "common.serviceport.appmgr.http" .) ) | quote -}}
{{- $helmrepo := include "common.helmrepository" . | quote -}}
{{- $reponame := default "helm-repo" .Values.appmgr.reponame | quote -}}
- {{- $tiller := include "common.helmrepositorytiller" . | quote -}}
- {{- $tillernamespace := include "common.helmrepositorytillernamespace" . | quote -}}
- {{- $tillerport := include "common.helmrepositorytillerport" . | quote -}}
+ {{- $tiller := include "common.servicename.tiller" $ctx | quote -}}
+ {{- $tillernamespace := include "common.tillerNameSpace" $ctx | quote -}}
+ {{- $tillerport := include "common.tillerPort" $ctx | quote -}}
{{- $xappnamespace := include "common.namespace.xapp" . | quote -}}
{{- (.Files.Glob "resources/appmgr.yaml").AsConfig | replace "__XAPP_NAMESPACE__" $xappnamespace | replace "__HELM_REPO__" $helmrepo | replace "__REST_PORT__" $restport | replace "__REPO_NAME__" $reponame | replace "__TILLER_SERVICE__" $tiller | replace "__TILLER_NAMESPACE__" $tillernamespace | replace "__TILLER_PORT__" $tillerport | nindent 2 }}
--- /dev/null
+{{/*
+ Copyright (c) 2019 AT&T Intellectual Property.
+ Copyright (c) 2019 Nokia.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+*/}}
+#!/bin/sh
+if [ -x /svcacct-to-kubeconfig.sh ] ; then
+ /svcacct-to-kubeconfig.sh
+fi
+
+if [ ! -z "${HELM_TLS_CA_CERT}" ]; then
+ kubectl -n ${SECRET_NAMESPACE} get secret -o yaml ${SECRET_NAME} | \
+ grep 'ca.crt:' | \
+ awk '{print $2}' | \
+ base64 -d > ${HELM_TLS_CA_CERT}
+fi
+
+if [ ! -z "${HELM_TLS_CERT}" ]; then
+ kubectl -n ${SECRET_NAMESPACE} get secret -o yaml ${SECRET_NAME} | \
+ grep 'tls.crt:' | \
+ awk '{print $2}' | \
+ base64 -d > ${HELM_TLS_CERT}
+fi
+
+if [ ! -z "${HELM_TLS_KEY}" ]; then
+ kubectl -n ${SECRET_NAMESPACE} get secret -o yaml ${SECRET_NAME} | \
+ grep 'tls.key:' | \
+ awk '{print $2}' | \
+ base64 -d > ${HELM_TLS_KEY}
+fi
--- /dev/null
+{{/*
+ Copyright (c) 2019 AT&T Intellectual Property.
+ Copyright (c) 2019 Nokia.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+*/}}
+#!/bin/sh
+
+# generate a kubconfig (at ${KUBECONFIG} file from the automatically-mounted
+# service account token.
+# ENVIRONMENT:
+# SVCACCT_NAME: the name of the service account user. default "default"
+# CLUSTER_NAME: the name of the kubernetes cluster. default "kubernetes"
+# KUBECONFIG: where the generated file will be deposited.
+SVCACCT_TOKEN=`cat /var/run/secrets/kubernetes.io/serviceaccount/token`
+CLUSTER_CA=`base64 /var/run/secrets/kubernetes.io/serviceaccount/ca.crt|tr -d '\n'`
+
+cat >${KUBECONFIG} <<__EOF__
+ApiVersion: v1
+kind: Config
+users:
+- name: ${SVCACCT_NAME:-default}
+ user:
+ token: ${SVCACCT_TOKEN}
+clusters:
+- cluster:
+ certificate-authority-data: ${CLUSTER_CA}
+ server: https://${K8S_API_HOST:-kubernetes.default.svc.cluster.local}/
+ name: ${CLUSTER_NAME:-kubernetes}
+contexts:
+- context:
+ cluster: ${CLUSTER_NAME:-kubernetes}
+ user: ${SVCACCT_NAME:-default}
+ name: svcs-acct-context
+current-context: svcs-acct-context
+__EOF__
--- /dev/null
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# Copyright (c) 2019 Nokia. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.configmapname.appmgr" . }}-bin
+data:
+ appmgr-tiller-secret-copier.sh: |
+ {{- include "appmgr/templates/bin/_appmgr-tiller-secret-copier.sh.tpl" . | indent 4 }}
+ svcacct-to-kubeconfig.sh: |
+ {{- include "appmgr/templates/bin/_svcacct-to-kubeconfig.sh.tpl" . | indent 4 }}
# See the License for the specific language governing permissions and #
# limitations under the License. #
################################################################################
-
+{{- $tillerKey := .Values.appmgr.tillerkey | default "ricxapp" }}
+{{- $topCtx := . }}
+{{- $ctx := dict "ctx" $topCtx "key" $tillerKey }}
+{{- $secretPath := .Values.appmgr.appsecretpath | default "/opt/ric/secret" }}
apiVersion: apps/v1
kind: Deployment
metadata:
serviceAccountName: {{ include "common.serviceaccountname.appmgr" . }}
imagePullSecrets:
- name: {{ include "common.repositoryCred" . }}
+{{- if or (eq ( include "common.tillerTLSVerify" $ctx ) "true" ) (eq ( include "common.tillerTLSAuthenticate" $ctx ) "true") }}
+ initContainers:
+ - name: {{ include "common.containername.appmgr" . }}-copy-tiller-secret
+ image: {{ include "common.repository" . }}/{{ .Values.appmgr.image.init.name }}:{{ .Values.appmgr.image.init.tag }}
+ imagePullPolicy: {{ default "IfNotPresent" .pullPolicy }}
+ env:
+ - name: SVCACCT_NAME
+ value: {{ include "common.serviceaccountname.appmgr" . }}
+ - name: CLUSTER_NAME
+ value: {{ default "kubernetes" .Values.global.clusterName }}
+ - name: KUBECONFIG
+ value: /tmp/kubeconfig
+ - name: K8S_API_HOST
+ value: "kubernetes.default.svc.{{ default "cluster.local" .Values.global.dnsDomain }}"
+ - name: SECRET_NAMESPACE
+ value: {{ include "common.tillerDeployNameSpace" $ctx }}
+ - name: SECRET_NAME
+ value: {{ include "common.tillerHelmClientTLSSecret" $ctx }}
+ envFrom:
+ - configMapRef:
+ name: {{ include "common.configmapname.appmgr" . }}-env
+ command: ["/appmgr-tiller-secret-copier.sh"]
+ volumeMounts:
+ - name: helm-secret-volume
+ mountPath: {{ $secretPath }}
+ readOnly: false
+ - name: appmgr-bin-volume
+ mountPath: /svcacct-to-kubeconfig.sh
+ subPath: svcacct-to-kubeconfig.sh
+ - name: appmgr-bin-volume
+ mountPath: /appmgr-tiller-secret-copier.sh
+ subPath: appmgr-tiller-secret-copier.sh
+{{- end }}
containers:
- name: {{ include "common.containername.appmgr" . }}
image: {{ include "common.repository" . }}/{{ .Values.appmgr.image.name }}:{{ .Values.appmgr.image.tag }}
- name: config-volume
mountPath: {{ .Values.appmgr.appconfigpath }}/appmgr.yaml
subPath: appmgr.yaml
- - name: secret-volume
- mountPath: {{ .Values.appmgr.appsecretpath }}
- name: cert-volume
mountPath: {{ .Values.appmgr.appcertpath }}
+ - name: helm-secret-volume
+ mountPath: {{ $secretPath }}
+ readOnly: false
+ - name: secret-volume
+ mountPath: {{ $secretPath }}/helm_repo_username
+ subPath: helm_repo_username
+ - name: secret-volume
+ mountPath: {{ $secretPath }}/helm_repo_password
+ subPath: helm_repo_password
envFrom:
- configMapRef:
name: {{ include "common.configmapname.appmgr" . }}-env
- name: config-volume
configMap:
name: {{ include "common.configmapname.appmgr" . }}-appconfig
+ - name: cert-volume
+ configMap:
+ name: {{ include "common.helmrepositorycert" . }}
- name: secret-volume
secret:
secretName: {{ include "common.helmrepositorycred" . }}
- - name: cert-volume
+ - name: helm-secret-volume
+ emptyDir: {}
+ - name: appmgr-bin-volume
configMap:
- name: {{ include "common.helmrepositorycert" . }}
+ name: {{ include "common.configmapname.appmgr" . }}-bin
+ defaultMode: 0755
# See the License for the specific language governing permissions and #
# limitations under the License. #
################################################################################
-
+{{- $tillerKey := .Values.appmgr.tillerkey | default "ricxapp" }}
+{{- $topCtx := . }}
+{{- $ctx := dict "ctx" $topCtx "key" $tillerKey }}
apiVersion: v1
kind: ConfigMap
metadata:
DBAAS_PORT_6379_TCP_ADDR: {{ include "common.servicename.dbaas.tcp" . | quote }}
DBAAS_PORT_6379_TCP_PORT: {{ include "common.serviceport.dbaas.tcp" . | quote }}
RMR_RTG_SVC: {{ include "common.serviceport.appmgr.rmr.route" . | quote }}
-
+{{- $certPath := .Values.appmgr.appcertpath | default "/opt/ric/certificates" }}
+{{- $secretPath := .Values.appmgr.appsecretpath | default "/opt/ric/secret" }}
+{{- if eq (include "common.tillerTLSVerify" $ctx) "true" }}
+ HELM_TLS_VERIFY: "true"
+ HELM_TLS_CA_CERT: "{{ $secretPath }}/tiller-ca.cert"
+ HELM_TLS_HOSTNAME: {{ include "common.servicename.tiller" $ctx | quote }}
+{{- end }}
+{{- if eq (include "common.tillerTLSAuthenticate" $ctx) "true" }}
+ HELM_TLS_ENABLED: "true"
+ HELM_TLS_CERT: "{{ $secretPath }}/helm-client.cert"
+ HELM_TLS_KEY: "{{ $secretPath }}/helm-client.key"
+{{- end }}
+{{- $tillerKey := .Values.appmgr.tillerkey | default "ricxapp" }}
+{{- $topCtx := . }}
+{{- $ctx := dict "ctx" $topCtx "key" $tillerKey }}
---
apiVersion: v1
kind: ServiceAccount
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
- name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.helmrepositorytillernamespace" . }}-access
- namespace: {{ include "common.helmrepositorytillernamespace" . }}
+ name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.tillerNameSpace" $ctx }}-access
+ namespace: {{ include "common.tillerDeployNameSpace" $ctx }}
rules:
- apiGroups: [""]
resources: ["pods", "pods/portforward"]
verbs: ["get", "list", "create"]
+
+{{- if or (eq (include "common.tillerTLSVerify" $ctx) "true" ) (eq (include "common.tillerTLSAuthenticate" $ctx) "true") }}
+- apiGroups: [""]
+ resources: ["secrets"]
+ resourceNames: [ {{ include "common.tillerHelmClientTLSSecret" $ctx | quote }} ]
+ verbs: ["get"]
+{{- end }}
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
- name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.helmrepositorytillernamespace" .}}-access
- namespace: {{ include "common.helmrepositorytillernamespace" . }}
+ name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.tillerNameSpace" $ctx }}-access
+ namespace: {{ include "common.tillerDeployNameSpace" $ctx }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
- name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.helmrepositorytillernamespace" .}}-access
+ name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.tillerNameSpace" $ctx }}-access
subjects:
- kind: ServiceAccount
name: {{ include "common.serviceaccountname.appmgr" . }}
namespace: {{ include "common.namespace.platform" . }}
+---
appmgr:
image:
- # xAppmanager Docker image name and tag
- name: ric-plt-appmgr
- tag: 0.1.3
+ # xAppmanager Docker image name and tag
+ init:
+ name: it-dep-init
+ tag: latest
+ name: ric-plt-appmgr
+ tag: 0.1.3
# This section describes xAppManager
replicaCount: 1
# Path referred in xapp-manager for retrieving helm repo client certificates
appcertpath: /opt/ric/certificates
-
-
-
+ tillerkey: "ricxapp"
Code Review / it / dep.git / commitdiff