--- /dev/null
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# Copyright (c) 2019 Nokia. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+###############################################################################
+
+#-------------------------------------------------------------------------
+# Global common setting
+#-------------------------------------------------------------------------
+global:
+ # Docker registry from which RIC platform components pull the images
+ repository: nexus3.o-ran-sc.org:10004
+
+ # Name of the K8S docker credential that is onboarded by 20-credential
+ repositoryCred: docker-reg-cred
+
+ # Docker image pull policy
+ imagePullPolicy: Always
+
+ # Helm repo that will be used by xApp manager
+ helmRepository: nexus.ricinfra.local
+
+ # Certificate of the helm repo
+ helmRepositoryCert: xapp-mgr-certs
+
+ # Name of the K8S secret that contains the credential of the helm repo
+ helmRepositoryCred: xapp-mgr-creds
+
+ # The name of the tiller that xApp helm client talks to
+ helmRepositoryTiller: tiller-deploy
+
+ # The namespace of the xApp helm tiller
+ helmRepositoryTillerNamespace: kube-system
+
+ # The port the xApp helm tiller is listening to
+ helmRepositoryTillerPort: 44134
+
+
+
+
+#-------------------------------------------------------------------------
+# Auxiliary Functions
+#-------------------------------------------------------------------------
+dashboard:
+ image:
+ name:: ric-dash-be
+ tag: 1.0.0-SNAPSHOT
+
--- /dev/null
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# Copyright (c) 2019 Nokia. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+###############################################################################
+
+#-------------------------------------------------------------------------
+# Global common setting
+#-------------------------------------------------------------------------
+global:
+ # Docker registry from which RIC platform components pull the images
+ repository: nexus3.o-ran-sc.org:10004
+
+ # Name of the K8S docker credential that is onboarded by 20-credential
+ repositoryCred: docker-reg-cred
+
+ # Docker image pull policy
+ imagePullPolicy: Always
+
+ # Helm repo that will be used by xApp manager
+ helmRepository: nexus.ricinfra.local
+
+ # Certificate of the helm repo
+ helmRepositoryCert: xapp-mgr-certs
+
+ # Name of the K8S secret that contains the credential of the helm repo
+ helmRepositoryCred: xapp-mgr-creds
+
+ # The name of the tiller that xApp helm client talks to
+ helmRepositoryTiller: tiller-deploy
+
+ # The namespace of the xApp helm tiller
+ helmRepositoryTillerNamespace: kube-system
+
+ # The port the xApp helm tiller is listening to
+ helmRepositoryTillerPort: 44134
+
+#-------------------------------------------------------------------------
+# Infrastructure
+#-------------------------------------------------------------------------
+
+cluster:
+ deployK8S: false
+ deployNexus: false
+ useLocalHelmRepo: false
+ useLocalDockerRegistry: false
+
+
+repositoryCredential:
+ user: "docker"
+ password: "haha"
+
+
+helmrepoCredential:
+ user: "helm"
+ password: "hehe"
+
+
+adminPassword: admin123
+
+datapath: /tmp/nexus3-data/
imagePullPolicy: Always
# Helm repo that will be used by xApp manager
- helmRepository: nexus.ricinfra.local
+ helmRepository: helm.ricinfra.local
# Certificate of the helm repo
helmRepositoryCert: xapp-mgr-certs
# The port the xApp helm tiller is listening to
helmRepositoryTillerPort: 44134
-#-------------------------------------------------------------------------
-# Infrastructure
-#-------------------------------------------------------------------------
-
-
-
-
-#-------------------------------------------------------------------------
-# Auxiliary Functions
-#-------------------------------------------------------------------------
-dashboard:
- image:
- name:: ric-dash-be
- tag: 1.0.0-SNAPSHOT
#-------------------------------------------------------------------------
# Platform Components
--- /dev/null
+#!/bin/bash
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# Copyright (c) 2019 Nokia. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+# This script deploys RIC auxiliary function components automatically
+
+OVERRIDEYAML=$1
+
+
+
+
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null && pwd )"
+
+source $DIR/../etc/ric-infra.conf
+
+export RICINFRA_RELEASE_NAME=$ric_infra_helm_release_name
+
+export RICINFRA_NAMESPACE=$ric_infra_namespace
+
+export DEPLOY_K8S=$deployK8S
+
+export DEPLOY_NEXUS=$deployNexus
+
+export USE_LOCAL_HELM_REPO=$useLocalHelmRepo
+
+export USE_LOCAL_DOCKER_REGISTRY=$useLocalDockerRegistry
+
+
+
+
+
+source $DIR/../etc/ric-platform.conf
+
+export RICPLT_RELEASE_NAME=$ric_platform_helm_release_name
+
+export RICPLT_NAMESPACE=$ric_platform_namespace
+
+
+
+
+if [ -z "$OVERRIDEYAML" ];then
+ echo "****************************************************************************************************************"
+ echo " WARNING "
+ echo "****************************************************************************************************************"
+ echo "Deploying RIC infrastructure components without deployment recipe. Default configurations are used."
+ echo "****************************************************************************************************************"
+
+else
+
+ export DEPLOY_K8S=$(cat $OVERRIDEYAML | grep deployK8S | awk '{print $2}')
+ export DEPLOY_NEXUS=$(cat $OVERRIDEYAML | grep deployNexus | awk '{print $2}')
+ export USE_LOCAL_HELM_REPO=$(cat $OVERRIDEYAML | grep useLocalHelmRepo | awk '{print $2}')
+ export USE_LOCAL_DOCKER_REGISTRY=$(cat $OVERRIDEYAML | grep useLocalDockerRegistry | awk '{print $2}')
+fi
+
+
+
+if $USE_LOCAL_HELM_REPO && [ "$DEPLOY_NEXUS" != "true" ];then
+ echo "****************************************************************************************************************"
+ echo " ERROR "
+ echo "****************************************************************************************************************"
+ echo "Local helm repo cannot be used if Nexus is not installed. Please change your configurations in the deployment recipe."
+ echo "****************************************************************************************************************"
+ exit 1
+fi
+
+
+if $USE_LOCAL_DOCKER_REGISTRY && [ "$DEPLOY_NEXUS" != "true" ];then
+ echo "****************************************************************************************************************"
+ echo " ERROR "
+ echo "****************************************************************************************************************"
+ echo "Local docker registry cannot be used if Nexus is not installed. Please change your configurations in the deployment recipe."
+ echo "****************************************************************************************************************"
+ exit 1
+fi
+
+
+if $DEPLOY_K8S; then
+ echo "Deploying K8S. Please make sure that you configure files in ./ric-infra/00-Kubernetes/etc correctly."
+ . ../ric-infra/00-Kubernetes/bin/install
+fi
+
+
+if $DEPLOY_NEXUS; then
+ echo "Deploying Nexus."
+ . ../ric-infra/10-Nexus/bin/install $OVERRIDEYAML
+fi
+
+
+
--- /dev/null
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# Copyright (c) 2019 Nokia. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+# ------------------- RIC AUX ---------------------------------------
+
+# release name helm will use to deploy RIC infrastructure componenets
+ric_infra_helm_release_name=r0
+
+# namespace that helm will use to deploy RIC infrastructure componenets
+ric_infra_namespace=ricinfra
+
+# deploy the kubernete cluster
+deployK8S=false
+
+# deploy a nexus repository manager
+deployNexus=true
+
+# use the local helm repo
+useLocalHelmRepo=true
+
+# use the local docker registry
+useLocalDockerRegistry=false
--- /dev/null
+#!/bin/bash
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# Copyright (c) 2019 Nokia. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+OVERRIDEYAML=$1
+
+
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null && pwd )"
+source $DIR/../etc/nexus.conf
+
+if [ -z "$RICINFRA_RELEASE_NAME" ];then
+ RELEASE_NAME=$helm_release_name
+else
+ RELEASE_NAME=$RICINFRA_RELEASE_NAME
+fi
+if [ -z "$RICINFRA_NAMESPACE" ];then
+ NAMESPACE=$namespace
+else
+ NAMESPACE=$RICINFRA_NAMESPACE
+fi
+if [ -z "$INGRESS_PORT" ];then
+ INGRESS_PORT_NEXUS=$ingress_port
+else
+ INGRESS_PORT_NEXUS=$INGRESS_PORT
+fi
+
+if [ -z "$DEFAULT_NEXUS_ADMIN_PASSWORD" ];then
+ NEXUS_ADMIN_PASSWORD=$default_admin_password
+else
+ NEXUS_ADMIN_PASSWORD=$DEFAULT_NEXUS_ADMIN_PASSWORD
+fi
+
+
+
+HOSTPOSTFIX=$(cat $DIR/../helm/values.yaml | grep hostpostfix | awk '{print $2}')
+
+
+
+
+
+
+
+
+
+NEXUS_URL="http://nexus.$HOSTPOSTFIX:$INGRESS_PORT_NEXUS"
+
+
+
+
+
+
+if [ -z $OVERRIDEYAML ]; then
+
+ DOCKERPASSWORD=$(cat $DIR/../../20-Credential/helm/values.yaml | awk '/^.*repositoryCredential:.*/{getline; getline; print substr($2, 2, length($2)-2);}')
+ HELMPASSWORD=$(cat $DIR/../../20-Credential/helm/values.yaml | awk '/^.*helmrepoCredential:.*/{getline; getline; print substr($2, 2, length($2)-2);}')
+ ADMINPASSWORD=$(cat $DIR/../helm/values.yaml | awk '/^.*adminPassword:.*/{print $2}')
+
+else
+
+
+
+ DOCKERPASSWORD=$(cat $OVERRIDEYAML | awk '/^.*repositoryCredential:.*/{getline; getline; print substr($2, 2, length($2)-2);}')
+
+
+
+ if [ -z $DOCKERPASSWORD ]; then
+ DOCKERPASSWORD=$(cat $DIR/../../20-Credential/helm/values.yaml | awk '/^.*repositoryCredential:.*/{getline; getline; print substr($2, 2, length($2)-2);}')
+ fi
+
+ HELMPASSWORD=$(cat $OVERRIDEYAML | awk '/^.*helmrepoCredential:.*/{getline; getline; print substr($2, 2, length($2)-2);}')
+
+ if [ -z $HELMPASSWORD ]; then
+ HELMPASSWORD=$(cat $DIR/../../20-Credential/helm/values.yaml | awk '/^.*helmrepoCredential:.*/{getline; getline; print substr($2, 2, length($2)-2);}')
+ fi
+
+ ADMINPASSWORD=$(cat $OVERRIDEYAML | awk '/^.*adminPassword:.*/{print $2;}')
+ if [ -z $ADMINPASSWORD ]; then
+ ADMINPASSWORD=$(cat $DIR/../helm/values.yaml | awk '/^.*adminPassword:.*/{print $2;}')
+ fi
+
+fi
+
+
+
+
+#echo $DOCKERPASSWORD, $HELMPASSWORD, $ADMINPASSWORD
+
+
+
+
+DOCKERPORT=$(cat $DIR/../helm/templates/deployment.yaml | awk '/.*- name: docker.*/{getline; print $2}')
+
+
+DOCKERREPOSCRIPT="{\"name\":\"docker_changepassword\",\
+ \"type\":\"groovy\",\
+ \"content\":\"security.securitySystem.changePassword('docker', '$DOCKERPASSWORD')\"}"
+
+
+
+
+# This line uses the default admin password
+STATUS=$(curl -s -o /dev/null -w "%{http_code}" -u admin:$NEXUS_ADMIN_PASSWORD -X POST -H "Content-Type: application/json" --data "$DOCKERREPOSCRIPT" http://nexus.$HOSTPOSTFIX:$INGRESS_PORT_NEXUS/service/rest/v1/script)
+
+
+if [ "${STATUS}" != "204" ];then
+ echo "> script upload failed!"
+fi
+
+STATUS=$(curl -s -o /dev/null -w "%{http_code}" -u admin:$NEXUS_ADMIN_PASSWORD -X POST -H 'Content-Type: text/plain' -H 'Accept: application/json' http://nexus.$HOSTPOSTFIX:$INGRESS_PORT_NEXUS/service/rest/v1/script/docker_changepassword/run)
+
+
+if [ "${STATUS}" == "200" ];then
+ echo "> docker password change succeeded!"
+else
+ echo "> docker password change failed!"
+fi
+
+
+STATUS=$(curl -s -o /dev/null -w "%{http_code}" -X DELETE -u admin:$NEXUS_ADMIN_PASSWORD http://nexus.$HOSTPOSTFIX:$INGRESS_PORT_NEXUS/service/rest/v1/script/docker_changepassword)
+
+
+if [ "${STATUS}" != "204" ];then
+ echo "> script deletion failed!"
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+HELMREPOSCRIPT="{\"name\":\"helm_changepassword\",\
+ \"type\":\"groovy\",\
+ \"content\":\"security.securitySystem.changePassword('helm', '$HELMPASSWORD')\"}"
+
+
+
+# This line uses the default admin password
+STATUS=$(curl -s -o /dev/null -w "%{http_code}" -u admin:$NEXUS_ADMIN_PASSWORD -X POST -H "Content-Type: application/json" --data "$HELMREPOSCRIPT" http://nexus.$HOSTPOSTFIX:$INGRESS_PORT_NEXUS/service/rest/v1/script)
+
+
+if [ "${STATUS}" != "204" ];then
+ echo "> script upload failed!"
+fi
+
+STATUS=$(curl -s -o /dev/null -w "%{http_code}" -u admin:$NEXUS_ADMIN_PASSWORD -X POST -H 'Content-Type: text/plain' -H 'Accept: application/json' http://nexus.$HOSTPOSTFIX:$INGRESS_PORT_NEXUS/service/rest/v1/script/helm_changepassword/run)
+
+
+if [ "${STATUS}" == "200" ];then
+ echo "> helm password change succeeded!"
+else
+ echo "> helm password change failed!"
+fi
+
+
+STATUS=$(curl -s -o /dev/null -w "%{http_code}" -X DELETE -u admin:$NEXUS_ADMIN_PASSWORD http://nexus.$HOSTPOSTFIX:$INGRESS_PORT_NEXUS/service/rest/v1/script/helm_changepassword)
+
+
+if [ "${STATUS}" != "204" ];then
+ echo "> script deletion failed!"
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+ADMINSCRIPT="{\"name\":\"admin_changepassword\",\
+ \"type\":\"groovy\",\
+ \"content\":\"security.securitySystem.changePassword('admin', '$ADMINPASSWORD')\"}"
+
+
+
+# This line uses the default admin password
+STATUS=$(curl -s -o /dev/null -w "%{http_code}" -u admin:$NEXUS_ADMIN_PASSWORD -X POST -H "Content-Type: application/json" --data "$ADMINSCRIPT" http://nexus.$HOSTPOSTFIX:$INGRESS_PORT_NEXUS/service/rest/v1/script)
+
+
+if [ "${STATUS}" != "204" ];then
+ echo "> script upload failed!"
+fi
+
+STATUS=$(curl -s -o /dev/null -w "%{http_code}" -u admin:$NEXUS_ADMIN_PASSWORD -X POST -H 'Content-Type: text/plain' -H 'Accept: application/json' http://nexus.$HOSTPOSTFIX:$INGRESS_PORT_NEXUS/service/rest/v1/script/admin_changepassword/run)
+
+
+if [ "${STATUS}" == "200" ];then
+ echo "> admin password change succeeded!"
+else
+ echo "> admin password change failed!"
+fi
+
+NEXUS_ADMIN_PASSWORD=$ADMINPASSWORD
+STATUS=$(curl -s -o /dev/null -w "%{http_code}" -X DELETE -u admin:$NEXUS_ADMIN_PASSWORD http://nexus.$HOSTPOSTFIX:$INGRESS_PORT_NEXUS/service/rest/v1/script/admin_changepassword)
+
+
+if [ "${STATUS}" != "204" ];then
+ echo "> script deletion failed!"
+fi
+
--- /dev/null
+#!/bin/bash
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# Copyright (c) 2019 Nokia. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+OVERRIDEYAML=$1
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null && pwd )"
+
+
+
+
+
+
+if [ -z $OVERRIDEYAML ]; then
+
+ DATAPATH=$(cat $DIR/../helm/values.yaml | awk '/^.*datapath:.*/{ print $2;}')
+
+else
+
+ DATAPATH=$(cat $OVERRIDEYAML | awk '/^.*datapath:.*/{ print $2;}')
+
+
+ if [ -z $DATAPATH ]; then
+ DATAPATH=$(cat $DIR/../helm/values.yaml | awk '/^.*datapath:.*/{ print $2;}')
+ fi
+
+fi
+
+if [ -e $DATAPATH ]; then
+ if [ ! -w $DATAPATH ]; then
+ echo "Error: you don't have write permission to directory $DATAPATH"
+ echo "Deployment terminated."
+ exit 1
+ fi
+
+ rm -rf $DATAPATH
+
+ mkdir -p $DATAPATH
+
+ tar -xf $DIR/../etc/conf.tar -C $DATAPATH
+
+ chmod -R a+rwx $DATAPATH
+else
+ mkdir -p $DATAPATH
+ if [ $? -eq 0 ]; then
+ tar -xf $DIR/../etc/conf.tar -C $DATAPATH
+ chmod -R a+rwx $DATAPATH
+ else
+ echo "Error: you don't have write permission to directory $DATAPATH"
+ echo "Deployment terminated."
+ exit 1
+ fi
+
+
+fi
+
+
echo "If nexus.$HOSTPOSTFIX is not resolved by your DNS server, please add an entry in your /etc/hosts file."
echo "****************************************************************************************************************"
+. ./deploy_nexus_data $OVERRIDEYAML
+
+
+
+NODENAME=$(kubectl get node | awk 'NR==2{print $1}')
+kubectl label --overwrite nodes $NODENAME nexus-node=enable
+
+
+
+
+
+
COMMON_CHART_VERSION=$(cat $DIR/../../../ric-platform/50-RIC-Platform/helm/common/Chart.yaml | grep version | awk '{print $2}')
helm package -d /tmp $DIR/../../../ric-platform/50-RIC-Platform/helm/common
helm install -f $OVERRIDEYAML --namespace "${NAMESPACE}" --name "${RELEASE_NAME}-nexus" $DIR/../helm
fi
-NEXUS_POD_NAME=$(kubectl get pod -n $NAMESPACE | grep nexus | grep ContainerCreating | awk '{print $1}')
+NEXUS_POD_NAME=$(kubectl get pod -n $NAMESPACE | grep nexus | grep -v "Terminating" | awk '{print $1}')
+
echo "Waiting Nexus to be ready."
echo " "
echo $IS_NEXUS_READY
-DOCKERPORT=$(cat $DIR/../helm/templates/deployment.yaml | awk '/.*- name: docker.*/{getline; print $2}')
-
-
-DOCKERREPOSCRIPT="{\"name\":\"create_docker_repo\",\
- \"type\":\"groovy\",\
- \"content\":\"repository.createDockerHosted('docker.snapshot',\
- $DOCKERPORT, null, 'default', false, true)\"}"
-
-echo $DOCKERREPOSCRIPT
-
-# This line uses the default admin password
-curl -u admin:admin123 -X POST -H "Content-Type: application/json" --data "$DOCKERREPOSCRIPT" http://nexus.$HOSTPOSTFIX:$INGRESS_PORT_NEXUS/service/rest/v1/script
-
-curl -u admin:admin123 -X POST -H 'Content-Type: text/plain' -H 'Accept: application/json' http://nexus.$HOSTPOSTFIX:$INGRESS_PORT_NEXUS/service/rest/v1/script/create_docker_repo/run
-
-
-
+. ./change_password $OVERRIDEYAML
# ingress port number of the K8S cluster
# It will be overrided by INGRESS_PORT
ingress_port=30000
+
+
+default_admin_password=admin123
- name: docker
containerPort: 10001
protocol: TCP
+ volumeMounts:
+ - name: nexus-config
+ mountPath: /nexus-data
+ volumes:
+ - name: nexus-config
+ persistentVolumeClaim:
+ claimName: nexus-claim
+
+
# livenessProbe:
# httpGet:
# path: /
--- /dev/null
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# Copyright (c) 2019 Nokia. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+ annotations:
+ nginx.ingress.kubernetes.io/rewrite-target: /repository/helm.local/
+ name: {{ include "nexus.fullname" . }}-helm
+ labels:
+ app: {{ template "nexus.name" . }}
+ chart: {{ template "nexus.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ tls:
+ - hosts:
+ - helm.{{ .Values.ingress.hostpostfix }}
+ secretName: {{ include "common.helmrepositorycert" . }}
+ rules:
+ - host: helm.{{ .Values.ingress.hostpostfix }}
+ http:
+ paths:
+ - backend:
+ serviceName: {{ include "nexus.fullname" . }}
+ servicePort: nexus
+ path: /
heritage: {{ .Release.Service }}
spec:
tls:
- - hosts:
- - docker.{{ .Values.ingress.hostpostfix }}
- secretName: {{ include "common.repositorycert" . }}
+ - hosts:
+ - docker.{{ .Values.ingress.hostpostfix }}
+ secretName: {{ include "common.repositorycert" . }}
rules:
- host: nexus.{{ .Values.ingress.hostpostfix }}
http:
--- /dev/null
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+ name: nexus3-configuration
+spec:
+ capacity:
+ storage: {{ .Values.storagesize }}
+ accessModes:
+ - ReadWriteOnce
+ persistentVolumeReclaimPolicy: Retain
+ storageClassName: nexus3-storage
+ local:
+ path: {{ .Values.datapath }}
+ nodeAffinity:
+ required:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: nexus-node
+ operator: In
+ values:
+ - enable
--- /dev/null
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+ name: nexus-claim
+spec:
+ accessModes:
+ - ReadWriteOnce
+ storageClassName: nexus3-storage
+ resources:
+ requests:
+ storage: {{ .Values.storagesize }}
containers:
- name: cert-copy
image: alpine
- command: ["cp", "-rL", "/var/run/certs/..data/tls.crt", "/var/run/certs-copy/"]
+ command: [ "/bin/sh","-c","cp -rL /var/run/dockercerts/..data/tls.crt /var/run/certs-copy/dockertls.crt && cp -rL /var/run/helmcerts/..data/tls.crt /var/run/certs-copy/helmtls.crt"]
# command: ["tail", "-f", "/dev/null"]
volumeMounts:
- - name: certs
- mountPath: /var/run/certs
+ - name: dockercerts
+ mountPath: /var/run/dockercerts
+ readOnly: true
+ - name: helmcerts
+ mountPath: /var/run/helmcerts
readOnly: true
- name: write-to-volume
mountPath: /var/run/certs-copy
volumes:
- - name: certs
+ - name: dockercerts
secret:
secretName: {{ include "common.repositorycert" . }}
+ - name: helmcerts
+ secret:
+ secretName: {{ include "common.helmrepositorycert" . }}
- name: write-to-volume
hostPath:
path: /tmp
--- /dev/null
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# Copyright (c) 2019 Nokia. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+apiVersion: v1
+kind: Secret
+type: kubernetes.io/tls
+metadata:
+ name: {{ include "common.helmrepositorycert" . }}
+ labels:
+ app: {{ template "nexus.name" . }}
+ chart: {{ template "nexus.chart" . }}
+ heritage: {{ .Release.Service }}
+ release: {{ .Release.Name }}
+ annotations:
+ "helm.sh/hook": "pre-install"
+ "helm.sh/hook-delete-policy": "before-hook-creation"
+data:
+{{ ( include "common.helmrepository.gen-certs" . ) | indent 2 }}
--- /dev/null
+kind: StorageClass
+apiVersion: storage.k8s.io/v1
+metadata:
+ name: nexus3-storage
+provisioner: kubernetes.io/no-provisioner
+volumeBindingMode: WaitForFirstConsumer
# repositoryCertOverride: ""
repositoryCert: docker-reg-certs
+# This is the name of K8S secret that contains the helm repository cert
+# You can override this by using
+# helmRepositoryCertOverride: ""
+helmRepositoryCert: xapp-mgr-certs
+
+
+# This is the admin password
+adminPassword: admin123
+
# This is designed to be deployed using local image
image:
repository: nexus-repository-helm-apt
ingress:
hostpostfix: ricinfra.local
+
+storagesize: 20Gi
+datapath: /tmp/nexus3-data/
*/}}
{{- define "repository.secret" -}}
{{- $repo := include "common.repository" . }}
- {{- $cred := .Values.repositoryCred }}
+ {{- $cred := .Values.repositoryCredential }}
{{- $user := default "docker" $cred.user }}
{{- $password := default "docker" $cred.password }}
{{- $mail := default "@" $cred.mail }}
{{- define "helmrepo.secret.user" -}}
- {{- $user := default "helm" .Values.helmrepoCred.user -}}
+ {{- $user := default "helm" .Values.helmrepoCredential.user -}}
{{- printf "%s" $user |b64enc }}
{{- end -}}
{{- define "helmrepo.secret.password" -}}
- {{- $pass := default "helm" .Values.helmrepoCred.password -}}
+ {{- $pass := default "helm" .Values.helmrepoCredential.password -}}
{{- printf "%s" $pass |b64enc }}
{{- end -}}
# Values for setting up Kubernetes resources for accessing infrastructure such as docker registry
# helm repo, etc.
+repository: "nexus3.o-ran-sc.org:10004"
-repositoryCred:
+repositoryCredential:
user: "docker"
password: "docker"
-helmrepoCred:
+helmrepoCredential:
user: "helm"
password: "helm"
# By default a local helm repo is used. The global setting will override
# the default value. You can further override using
#helmRepositoryOverride: ""
-helmRepository: "snapshot.helm.local.ric.org"
+helmRepository: "helm.ricinfra.local"
# Default secret name for Helm Repo credential. .Value.golbal.helmRepositoryCred will
# override the default value. You can further override uing
{{- end -}}
{{- end -}}
{{- end -}}
+
+{{/*
+Generate certificates for the helm repo
+*/}}
+{{- define "common.helmrepository.gen-certs" -}}
+{{- $altNames := list ( printf "helm.%s" .Values.ingress.hostpostfix ) -}}
+{{- $ca := genCA "helm-repository-ca" 365 -}}
+{{- $cert := genSignedCert ( include "nexus.name" . ) nil $altNames 365 $ca -}}
+tls.crt: {{ $cert.Cert | b64enc }}
+tls.key: {{ $cert.Key | b64enc }}
+{{- end -}}
+
Code Review / it / dep.git / commitdiff