diff --git a/kubernetes/helm/openslice/files/mysql-init/01-databases.sql b/kubernetes/helm/openslice/files/mysql-init/01-databases.sql deleted file mode 100644 index aa16eecb933a0d47f811532a7fd8c7185800482c..0000000000000000000000000000000000000000 --- a/kubernetes/helm/openslice/files/mysql-init/01-databases.sql +++ /dev/null @@ -1,11 +0,0 @@ -# create databases -CREATE DATABASE IF NOT EXISTS `{{ .Values.oscreds.mysql.openslicedb | default "osdb" }}`; -CREATE DATABASE IF NOT EXISTS `{{ .Values.oscreds.mysql.keycloak.database | default "keycloak" }}`; - -# create portal user and grant rights -CREATE USER '{{ .Values.oscreds.mysql.portal.username | default "portaluser" }}'@'localhost' IDENTIFIED BY '{{ .Values.oscreds.mysql.portal.password | default "12345" }}'; -GRANT ALL PRIVILEGES ON *.* TO '{{ .Values.oscreds.mysql.portal.username | default "portaluser" }}'@'%' IDENTIFIED BY '{{ .Values.oscreds.mysql.portal.password | default "12345" }}'; - -# create keycloak user and grant rights -CREATE USER '{{ .Values.oscreds.mysql.keycloak.username | default "keycloak" }}'@'localhost' IDENTIFIED BY '{{ .Values.oscreds.mysql.keycloak.password | default "password" }}'; -GRANT ALL PRIVILEGES ON *.* TO '{{ .Values.oscreds.mysql.keycloak.username | default "keycloak" }}'@'%' IDENTIFIED BY '{{ .Values.oscreds.mysql.keycloak.password | default "password" }}'; diff --git a/kubernetes/helm/openslice/files/mysql-init/entrypoint.sh b/kubernetes/helm/openslice/files/mysql-init/entrypoint.sh new file mode 100644 index 0000000000000000000000000000000000000000..fe7dc19d2c2f6920389804b6ac292c6edd4a8bd6 --- /dev/null +++ b/kubernetes/helm/openslice/files/mysql-init/entrypoint.sh @@ -0,0 +1,53 @@ +#!/usr/bin/env sh +set -eu + +run_mysql() { + mysql -u root -p"$MYSQL_ROOT_PASSWORD" "$@" +} + +echo "Waiting for database to be ready" + +until run_mysql -e 'SELECT 1'; do + sleep 1 +done + +echo "Creating databases and users" + +create_user() { + if ! run_mysql --execute "CREATE USER '$1'@'%' IDENTIFIED BY '$2';" 2>/dev/null; then + run_mysql --execute "ALTER USER '$1'@'%' IDENTIFIED BY '$2';" + fi +} + +PORTAL_USER="$(< /var/run/secrets/portal/username)" +PORTAL_DATABASE="$(< /var/run/secrets/portal/database)" + +KEYCLOAK_USER="$(< /var/run/secrets/keycloak/username)" +KEYCLOAK_DATABASE="$(< /var/run/secrets/keycloak/database)" + +METRICO_USER="$(< /var/run/secrets/metrico/username)" +METRICO_DATABASE="$(< /var/run/secrets/metrico/database)" + +run_mysql --execute \ +" +# create databases +CREATE DATABASE IF NOT EXISTS $PORTAL_DATABASE; +CREATE DATABASE IF NOT EXISTS $KEYCLOAK_DATABASE; +CREATE DATABASE IF NOT EXISTS $METRICO_DATABASE; +" + +create_user "$PORTAL_USER" "$(< /var/run/secrets/portal/password)" +create_user "$KEYCLOAK_USER" "$(< /var/run/secrets/keycloak/password)" +create_user "$METRICO_USER" "$(< /var/run/secrets/metrico/password)" + +run_mysql --execute \ +" +# Grant portal user rights to the portal database +GRANT ALL PRIVILEGES ON $PORTAL_DATABASE.* TO '$PORTAL_USER'@'%'; +# Grant keycloak user rights to the portal database +GRANT ALL PRIVILEGES ON $KEYCLOAK_DATABASE.* TO '$KEYCLOAK_USER'@'%'; +# Grant metrico user rights to the portal database +GRANT ALL PRIVILEGES ON $METRICO_DATABASE.* TO '$METRICO_USER'@'%'; +" + +echo "Finished creating databases and users" diff --git a/kubernetes/helm/openslice/templates/artemis-secret.yaml b/kubernetes/helm/openslice/templates/artemis-secret.yaml new file mode 100644 index 0000000000000000000000000000000000000000..21c97d099c3c61f1c851c2d5d30fb3bfa5e03288 --- /dev/null +++ b/kubernetes/helm/openslice/templates/artemis-secret.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Secret +metadata: + namespace: {{ .Release.Namespace }} + labels: + app: {{ include "openslice.fullname" . }} + org.etsi.osl.service: mysql + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + {{- include "openslice.labels" . | nindent 4 }} + name: {{ include "openslice.fullname" . }}-artemis-secret +data: + username: {{ .Values.oscreds.activemq.user | b64enc }} + password: {{ .Values.oscreds.activemq.password | b64enc }} diff --git a/kubernetes/helm/openslice/templates/artemis.yaml b/kubernetes/helm/openslice/templates/artemis.yaml index 9d7fa3528229186063ba7074ce723338d7a139fb..2f4cc1f2a542f6c9787fb74d03839178886db20b 100644 --- a/kubernetes/helm/openslice/templates/artemis.yaml +++ b/kubernetes/helm/openslice/templates/artemis.yaml @@ -30,9 +30,15 @@ spec: name: {{ include "openslice.fullname" . }}-artemis env: - name: ARTEMIS_USER - value: {{ .Values.oscreds.activemq.user }} + valueFrom: + secretKeyRef: + name: {{ include "openslice.fullname" . }}-artemis-secret + key: username - name: ARTEMIS_PASSWORD - value: {{ .Values.oscreds.activemq.password }} + valueFrom: + secretKeyRef: + name: {{ include "openslice.fullname" . }}-artemis-secret + key: password resources: {{- toYaml .Values.resources | nindent 12 }} ports: diff --git a/kubernetes/helm/openslice/templates/bugzilla.yaml b/kubernetes/helm/openslice/templates/bugzilla.yaml index d759a2554c42af2abf6e209f2207b92cfc9ef7cb..1e63a6d0f60ec937122a694617bb0d29511b4989 100644 --- a/kubernetes/helm/openslice/templates/bugzilla.yaml +++ b/kubernetes/helm/openslice/templates/bugzilla.yaml @@ -31,11 +31,10 @@ spec: env: - name: SPRING_APPLICATION_JSON value: >- - { + { + "spring.config.import": "configtree:/etc/config/", "spring.activemq.brokerUrl": "tcp://{{ include "openslice.fullname" . }}-artemis:61616?jms.watchTopicAdvisories=false", - "spring.activemq.user": "{{ .Values.oscreds.activemq.user }}", - "spring.activemq.password": "{{ .Values.oscreds.activemq.password }}", - "bugzillaurl":"{{ .Values.bugzillaurl }}", + "bugzillaurl":"{{ .Values.bugzillaurl }}", "bugzillakey":"{{ .Values.bugzillakey }}", "main_operations_product":"{{ .Values.main_operations_product }}" } @@ -43,7 +42,20 @@ spec: {{- toYaml .Values.resources | nindent 12 }} ports: - containerPort: 13010 + volumeMounts: + - mountPath: "/etc/config/spring.activemq.user" + name: artemis-secrets + subPath: username + readOnly: true + - mountPath: "/etc/config/spring.activemq.password" + name: artemis-secrets + subPath: password + readOnly: true restartPolicy: Always + volumes: + - name: artemis-secrets + secret: + secretName: {{ include "openslice.fullname" . }}-artemis-secret --- apiVersion: v1 kind: Service diff --git a/kubernetes/helm/openslice/templates/centrallog.yaml b/kubernetes/helm/openslice/templates/centrallog.yaml index b8143fcd9f39869242c7192e96b1a55a08e94246..e3c4b0e6cc9d8e3c3ea8ca22e461b56b1a74f5c6 100644 --- a/kubernetes/helm/openslice/templates/centrallog.yaml +++ b/kubernetes/helm/openslice/templates/centrallog.yaml @@ -31,17 +31,29 @@ spec: env: - name: SPRING_APPLICATION_JSON value: >- - { + { + "spring.config.import": "configtree:/etc/config/", "spring.activemq.brokerUrl": "tcp://{{ include "openslice.fullname" . }}-artemis:61616?jms.watchTopicAdvisories=false", - "spring.activemq.user": "{{ .Values.oscreds.activemq.user }}", - "spring.activemq.password": "{{ .Values.oscreds.activemq.password }}", "centrallogurl": "{{ .Values.centrallogurl }}" } resources: {{- toYaml .Values.resources | nindent 12 }} ports: - containerPort: 13013 + volumeMounts: + - mountPath: "/etc/config/spring.activemq.user" + name: artemis-secrets + subPath: username + readOnly: true + - mountPath: "/etc/config/spring.activemq.password" + name: artemis-secrets + subPath: password + readOnly: true restartPolicy: Always + volumes: + - name: artemis-secrets + secret: + secretName: {{ include "openslice.fullname" . }}-artemis-secret --- apiVersion: v1 kind: Service diff --git a/kubernetes/helm/openslice/templates/cridge.yaml b/kubernetes/helm/openslice/templates/cridge.yaml index 10656390c474046f1bee83e9531b0cf87da57272..45dc6f31de5fe95c37b5fb5172e052eed3fbddf7 100644 --- a/kubernetes/helm/openslice/templates/cridge.yaml +++ b/kubernetes/helm/openslice/templates/cridge.yaml @@ -32,8 +32,6 @@ spec: value: >- { "spring.activemq.brokerUrl": "tcp://{{ include "openslice.fullname" . }}-artemis:61616?jms.watchTopicAdvisories=false", - "spring.activemq.user": "{{ .Values.oscreds.activemq.user }}", - "spring.activemq.password": "{{ .Values.oscreds.activemq.password }}", "logging.level.org.springframework" : "{{ .Values.cridge.spring.logLevel | default "INFO" }}", "logging.level.org.etsi.osl.cridge" : "{{ .Values.cridge.logLevel | default "INFO" }}" } @@ -43,9 +41,20 @@ spec: - name: kubeconfig readOnly: true mountPath: /root/.kube + - mountPath: "/etc/config/spring.activemq.user" + name: artemis-secrets + subPath: username + readOnly: true + - mountPath: "/etc/config/spring.activemq.password" + name: artemis-secrets + subPath: password + readOnly: true restartPolicy: Always volumes: - name: kubeconfig secret: secretName: {{ include "openslice.fullname" . }}-kubeconfig + - name: artemis-secrets + secret: + secretName: {{ include "openslice.fullname" . }}-artemis-secret {{- end }} diff --git a/kubernetes/helm/openslice/templates/keycloak-secret.yaml b/kubernetes/helm/openslice/templates/keycloak-secret.yaml new file mode 100644 index 0000000000000000000000000000000000000000..1795c04c9a66674bf69e4de62f6fa8ef47d5d4b7 --- /dev/null +++ b/kubernetes/helm/openslice/templates/keycloak-secret.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Secret +metadata: + namespace: {{ .Release.Namespace }} + labels: + app: {{ include "openslice.fullname" . }} + org.etsi.osl.service: mysql + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + {{- include "openslice.labels" . | nindent 4 }} + name: {{ include "openslice.fullname" . }}-keycloak-secret +data: + admin-password: {{ .Values.oscreds.mysql.keycloak.adminpassword | b64enc }} diff --git a/kubernetes/helm/openslice/templates/keycloak.yaml b/kubernetes/helm/openslice/templates/keycloak.yaml index fca2bdbe8782e30adda9e4a54e3b0aa455f5a573..d0f469c0185eeeb5226eae87a0f064d039313c37 100644 --- a/kubernetes/helm/openslice/templates/keycloak.yaml +++ b/kubernetes/helm/openslice/templates/keycloak.yaml @@ -39,15 +39,27 @@ spec: - name: DB_ADDR value: {{ include "openslice.fullname" . }}-mysql - name: DB_DATABASE - value: {{ .Values.oscreds.mysql.keycloak.database }} + valueFrom: + secretKeyRef: + name: {{ include "openslice.fullname" . }}-mysql-keycloak-secrets + key: database - name: DB_PASSWORD - value: {{ .Values.oscreds.mysql.keycloak.password }} + valueFrom: + secretKeyRef: + name: {{ include "openslice.fullname" . }}-mysql-keycloak-secrets + key: password - name: DB_USER - value: {{ .Values.oscreds.mysql.keycloak.username }} + valueFrom: + secretKeyRef: + name: {{ include "openslice.fullname" . }}-mysql-keycloak-secrets + key: username - name: KEYCLOAK_USER value: admin - name: KEYCLOAK_PASSWORD - value: {{ .Values.oscreds.mysql.keycloak.adminpassword }} + valueFrom: + secretKeyRef: + name: {{ include "openslice.fullname" . }}-keycloak-secret + key: admin-password - name: JDBC_PARAMS value: useSSL=false - name: JAVA_OPTS diff --git a/kubernetes/helm/openslice/templates/manoclient.yaml b/kubernetes/helm/openslice/templates/manoclient.yaml index 064c0c18b043595834c087cdf909ba8a2111dcf8..46d75aec90634a7c39beec0dcd6c680d250afeca 100644 --- a/kubernetes/helm/openslice/templates/manoclient.yaml +++ b/kubernetes/helm/openslice/templates/manoclient.yaml @@ -32,16 +32,28 @@ spec: - name: SPRING_APPLICATION_JSON value: >- { + "spring.config.import": "configtree:/etc/config/", "spring.activemq.brokerUrl": "tcp://{{ include "openslice.fullname" . }}-artemis:61616?jms.watchTopicAdvisories=false", - "spring.activemq.user": "{{ .Values.oscreds.activemq.user }}", - "spring.activemq.password": "{{ .Values.oscreds.activemq.password }}", "logging.level.org.springframework" : "{{ .Values.manoclient.spring.logLevel | default "INFO" }}" } resources: {{- toYaml .Values.resources | nindent 12 }} ports: - containerPort: 13011 + volumeMounts: + - mountPath: "/etc/config/spring.activemq.user" + name: artemis-secrets + subPath: username + readOnly: true + - mountPath: "/etc/config/spring.activemq.password" + name: artemis-secrets + subPath: password + readOnly: true restartPolicy: Always + volumes: + - name: artemis-secrets + secret: + secretName: {{ include "openslice.fullname" . }}-artemis-secret --- apiVersion: v1 kind: Service diff --git a/kubernetes/helm/openslice/templates/mcp-server.yaml b/kubernetes/helm/openslice/templates/mcp-server.yaml index 942f9a9a170321dff7bfe69224f30655f25c15e3..b5bb3310319fae7f4586ae23e834022f89489fde 100644 --- a/kubernetes/helm/openslice/templates/mcp-server.yaml +++ b/kubernetes/helm/openslice/templates/mcp-server.yaml @@ -31,9 +31,8 @@ spec: - name: SPRING_APPLICATION_JSON value: >- { - "spring.datasource.url": "jdbc:mysql://{{ include "openslice.fullname" . }}-mysql/osdb?createDatabaseIfNotExist=true", - "spring.datasource.username": "{{ .Values.oscreds.mysql.username }}", - "spring.datasource.password": "{{ .Values.oscreds.mysql.password }}", + "spring.config.import": "configtree:/etc/config/", + "spring.datasource.url": "jdbc:mysql://{{ include "openslice.fullname" . }}-mysql/{{ .Values.oscreds.mysql.portal.database }}", "spring-addons.issuers[0].uri": "{{ .Values.rooturl }}/auth/realms/openslice", "spring-addons.issuers[0].username-json-path":"$.preferred_username", "spring-addons.issuers[0].claims[0].jsonPath":"$.realm_access.roles", @@ -44,15 +43,37 @@ spec: "springdoc.oauth.client-id": "osapiWebClientId", "springdoc.oauth.clientsecret": "{{ .Values.mcpserver.springdoc.clientSecret }}", "spring.activemq.brokerUrl": "tcp://{{ include "openslice.fullname" . }}-artemis:61616?jms.watchTopicAdvisories=false", - "spring.activemq.user": "{{ .Values.oscreds.activemq.user }}", - "spring.activemq.password": "{{ .Values.oscreds.activemq.password }}", "logging.level.org.springframework": "{{ .Values.mcpserver.spring.logLevel | default "INFO" }}" } ports: - containerPort: 13015 resources: {{- toYaml .Values.resources | nindent 12 }} + volumeMounts: + - mountPath: "/etc/config/spring.datasource.username" + name: mysql-portal-secrets + subPath: username + readOnly: true + - mountPath: "/etc/config/spring.datasource.password" + name: mysql-portal-secrets + subPath: password + readOnly: true + - mountPath: "/etc/config/spring.activemq.user" + name: artemis-secrets + subPath: username + readOnly: true + - mountPath: "/etc/config/spring.activemq.password" + name: artemis-secrets + subPath: password + readOnly: true restartPolicy: Always + volumes: + - name: artemis-secrets + secret: + secretName: {{ include "openslice.fullname" . }}-artemis-secret + - name: mysql-portal-secrets + secret: + secretName: {{ include "openslice.fullname" . }}-mysql-portal-secrets --- apiVersion: v1 kind: Service diff --git a/kubernetes/helm/openslice/templates/metrico.yaml b/kubernetes/helm/openslice/templates/metrico.yaml index 620ca0aa2146d38585535fbad658d42536ec7a53..b5d1aa463db41836d70a745fcc469e8bbd91735f 100644 --- a/kubernetes/helm/openslice/templates/metrico.yaml +++ b/kubernetes/helm/openslice/templates/metrico.yaml @@ -33,14 +33,35 @@ spec: - name: SPRING_APPLICATION_JSON value: >- { - "spring.datasource.url": "jdbc:mysql://{{ include "openslice.fullname" . }}-mysql/metricodb?createDatabaseIfNotExist=true", - "spring.datasource.username": "{{ .Values.oscreds.mysql.username }}", - "spring.datasource.password": "{{ .Values.oscreds.mysql.password }}", - "spring.activemq.brokerUrl": "tcp://{{ include "openslice.fullname" . }}-artemis:61616?jms.watchTopicAdvisories=false", - "spring.activemq.user": "{{ .Values.oscreds.activemq.user }}", - "spring.activemq.password": "{{ .Values.oscreds.activemq.password }}", + "spring.config.import": "configtree:/etc/config/", + "spring.datasource.url": "jdbc:mysql://{{ include "openslice.fullname" . }}-mysql/{{ .Values.oscreds.mysql.metrico.database }}", + "spring.activemq.brokerUrl": "tcp://{{ include "openslice.fullname" . }}-artemis:61616?jms.watchTopicAdvisories=false", "logging.level.org.springframework" : "{{ .Values.metrico.spring.logLevel | default "INFO" }}", "logging.level.org.etsi.osl.cridge" : "{{ .Values.metrico.logLevel | default "INFO" }}" } + volumeMounts: + - mountPath: "/etc/config/spring.datasource.username" + name: mysql-metrico-secrets + subPath: username + readOnly: true + - mountPath: "/etc/config/spring.datasource.password" + name: mysql-metrico-secrets + subPath: password + readOnly: true + - mountPath: "/etc/config/spring.activemq.user" + name: artemis-secrets + subPath: username + readOnly: true + - mountPath: "/etc/config/spring.activemq.password" + name: artemis-secrets + subPath: password + readOnly: true restartPolicy: Always + volumes: + - name: artemis-secrets + secret: + secretName: {{ include "openslice.fullname" . }}-artemis-secret + - name: mysql-metrico-secrets + secret: + secretName: {{ include "openslice.fullname" . }}-mysql-metrico-secrets {{- end }} diff --git a/kubernetes/helm/openslice/templates/mysql-config.yaml b/kubernetes/helm/openslice/templates/mysql-config.yaml index 0de0e5277807c43e82193fa44c53a07e386b9470..5a29569d4a6ea22e2095b8db0b02da5c0085747d 100644 --- a/kubernetes/helm/openslice/templates/mysql-config.yaml +++ b/kubernetes/helm/openslice/templates/mysql-config.yaml @@ -7,7 +7,7 @@ metadata: org.etsi.osl.service: mysql chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" {{- include "openslice.labels" . | nindent 4 }} - name: {{ include "openslice.fullname" . }}-mysql-initdb-config + name: {{ include "openslice.fullname" . }}-mysql-init-config data: - 01-databases.sql: | - {{- tpl (.Files.Get "files/mysql-init/01-databases.sql") . | nindent 4 }} + entrypoint.sh: | + {{- .Files.Get "files/mysql-init/entrypoint.sh" | nindent 4 }} diff --git a/kubernetes/helm/openslice/templates/mysql-keycloak-secret.yaml b/kubernetes/helm/openslice/templates/mysql-keycloak-secret.yaml new file mode 100644 index 0000000000000000000000000000000000000000..eae26f4c35e9bd450142e5f9d419c7f65ddfc33d --- /dev/null +++ b/kubernetes/helm/openslice/templates/mysql-keycloak-secret.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Secret +metadata: + namespace: {{ .Release.Namespace }} + labels: + app: {{ include "openslice.fullname" . }} + org.etsi.osl.service: mysql + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + {{- include "openslice.labels" . | nindent 4 }} + name: {{ include "openslice.fullname" . }}-mysql-keycloak-secrets +data: + username: {{ .Values.oscreds.mysql.keycloak.username | default "keycloak" | b64enc }} + password: {{ .Values.oscreds.mysql.keycloak.password | default "password" | b64enc }} + database: {{ .Values.oscreds.mysql.keycloak.database | default "keycloak" | b64enc }} diff --git a/kubernetes/helm/openslice/templates/mysql-metrico-secret.yaml b/kubernetes/helm/openslice/templates/mysql-metrico-secret.yaml new file mode 100644 index 0000000000000000000000000000000000000000..3aa8df072492297f084ebebc326101e6006d07ee --- /dev/null +++ b/kubernetes/helm/openslice/templates/mysql-metrico-secret.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Secret +metadata: + namespace: {{ .Release.Namespace }} + labels: + app: {{ include "openslice.fullname" . }} + org.etsi.osl.service: mysql + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + {{- include "openslice.labels" . | nindent 4 }} + name: {{ include "openslice.fullname" . }}-mysql-metrico-secrets +data: + username: {{ .Values.oscreds.mysql.metrico.username | default "metricouser" | b64enc }} + password: {{ .Values.oscreds.mysql.metrico.password | default "12345" | b64enc }} + database: {{ .Values.oscreds.mysql.metrico.database | default "metricodb" | b64enc }} diff --git a/kubernetes/helm/openslice/templates/mysql-portal-secret.yaml b/kubernetes/helm/openslice/templates/mysql-portal-secret.yaml new file mode 100644 index 0000000000000000000000000000000000000000..58bff0246fbc1e40242bb99269268a887b2962f8 --- /dev/null +++ b/kubernetes/helm/openslice/templates/mysql-portal-secret.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Secret +metadata: + namespace: {{ .Release.Namespace }} + labels: + app: {{ include "openslice.fullname" . }} + org.etsi.osl.service: mysql + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + {{- include "openslice.labels" . | nindent 4 }} + name: {{ include "openslice.fullname" . }}-mysql-portal-secrets +data: + username: {{ .Values.oscreds.mysql.portal.username | default "portaluser" | b64enc }} + password: {{ .Values.oscreds.mysql.portal.password | default "12345" | b64enc }} + database: {{ .Values.oscreds.mysql.openslicedb | default "osdb" | b64enc }} diff --git a/kubernetes/helm/openslice/templates/mysql-secret.yaml b/kubernetes/helm/openslice/templates/mysql-secret.yaml new file mode 100644 index 0000000000000000000000000000000000000000..a17dc36a8744ce240ae8ef89c8dc344e1620983b --- /dev/null +++ b/kubernetes/helm/openslice/templates/mysql-secret.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Secret +metadata: + namespace: {{ .Release.Namespace }} + labels: + app: {{ include "openslice.fullname" . }} + org.etsi.osl.service: mysql + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + {{- include "openslice.labels" . | nindent 4 }} + name: {{ include "openslice.fullname" . }}-mysql-secrets +data: + root-password: {{ .Values.oscreds.mysql.password | default "letmein" | b64enc }} diff --git a/kubernetes/helm/openslice/templates/mysql.yaml b/kubernetes/helm/openslice/templates/mysql.yaml index b69a3f1e8cd3ecf222ed5aaa21f44feb52d2d950..7f9585f402a18d983c3fcae686e6fd17d922a69a 100644 --- a/kubernetes/helm/openslice/templates/mysql.yaml +++ b/kubernetes/helm/openslice/templates/mysql.yaml @@ -35,26 +35,45 @@ spec: - name: MYSQL_ROOT_HOST value: "%" - name: MYSQL_ROOT_PASSWORD - value: {{ .Values.oscreds.mysql.password | default "letmein" }} - - name: MYSQL_DATABASE - value: {{ .Values.oscreds.mysql.openslicedb | default "osdb" }} - - name: MYSQL_USER - value: {{ .Values.oscreds.mysql.portal.username | default "portaluser" }} - - name: MYSQL_PASSWORD - value: "{{ .Values.oscreds.mysql.portal.password | default 12345 }}" + valueFrom: + secretKeyRef: + name: {{ include "openslice.fullname" . }}-mysql-secrets + key: root-password resources: {{- toYaml .Values.resources | nindent 12 }} ports: - containerPort: 3306 + lifecycle: + postStart: + exec: + command: ["/init/entrypoint.sh"] volumeMounts: - mountPath: /var/lib/mysql name: mysql-portal-claim0 - - mountPath: /docker-entrypoint-initdb.d - name: mysql-initdb + - mountPath: /init + name: mysql-init + - mountPath: "/var/run/secrets/mysql" + readOnly: true + name: mysql-secrets + - mountPath: "/var/run/secrets/portal" + readOnly: true + name: mysql-portal-secrets + - mountPath: "/var/run/secrets/keycloak" + readOnly: true + name: mysql-keycloak-secrets + - mountPath: "/var/run/secrets/metrico" + readOnly: true + name: mysql-metrico-secrets + livenessProbe: + exec: + command: ["sh", "-c", "mysqladmin ping -p\"$MYSQL_ROOT_PASSWORD\""] + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 readinessProbe: exec: # Check we can execute queries over TCP (skip-networking is off). - command: ["mysql", "-h", "127.0.0.1", "-u", "{{ .Values.oscreds.mysql.username | default "root" }}", "-p{{ .Values.oscreds.mysql.password | default "letmein" }}", "-e", "SELECT 1"] + command: ["sh", "-c", "mysql -p\"$MYSQL_ROOT_PASSWORD\" -h 127.0.0.1 -e 'SELECT 1'"] initialDelaySeconds: 5 periodSeconds: 2 timeoutSeconds: 1 @@ -63,9 +82,22 @@ spec: - name: mysql-portal-claim0 persistentVolumeClaim: claimName: {{ include "openslice.fullname" . }}-mysql-portal-claim0 - - name: mysql-initdb + - name: mysql-init configMap: - name: {{ include "openslice.fullname" . }}-mysql-initdb-config + name: {{ include "openslice.fullname" . }}-mysql-init-config + defaultMode: 0755 + - name: mysql-secrets + secret: + secretName: {{ include "openslice.fullname" . }}-mysql-secrets + - name: mysql-portal-secrets + secret: + secretName: {{ include "openslice.fullname" . }}-mysql-portal-secrets + - name: mysql-keycloak-secrets + secret: + secretName: {{ include "openslice.fullname" . }}-mysql-keycloak-secrets + - name: mysql-metrico-secrets + secret: + secretName: {{ include "openslice.fullname" . }}-mysql-metrico-secrets --- apiVersion: v1 kind: Service diff --git a/kubernetes/helm/openslice/templates/oasapi.yaml b/kubernetes/helm/openslice/templates/oasapi.yaml index bf78b5dd478c19f009fddd599d6537fb7b667c66..3cb458cac33d1dbee28a4b543fde5f44e9f538dc 100644 --- a/kubernetes/helm/openslice/templates/oasapi.yaml +++ b/kubernetes/helm/openslice/templates/oasapi.yaml @@ -36,15 +36,14 @@ spec: - image: "{{ .Values.image.oasapi.repository }}:{{ .Values.image.oasapi.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.oasapi.pullPolicy | default "Always" }} name: {{ .Release.Name }}-oasapi - env: + env: - name: SPRING_APPLICATION_JSON value: >- { - "origins":"{{ .Values.rooturl }}", - "spring.datasource.url": "jdbc:mysql://{{ include "openslice.fullname" . }}-mysql/ostmfdb?createDatabaseIfNotExist=true&useUnicode=true&nullCatalogMeansCurrent=true&characterEncoding=utf8&useJDBCCompliantTimezoneShift=true&useLegacyDatetimeCode=false&serverTimezone=UTC", - "spring.datasource.username": "{{ .Values.oscreds.mysql.username }}", - "spring.datasource.password": "{{ .Values.oscreds.mysql.password }}", - "spring-addons.issuers[0].uri": "{{ .Values.rooturl }}/auth/realms/openslice", + "origins":"{{ .Values.rooturl }}", + "spring.config.import": "configtree:/etc/config/", + "spring.datasource.url": "jdbc:mysql://{{ include "openslice.fullname" . }}-mysql/{{ .Values.oscreds.mysql.portal.database }}", + "spring-addons.issuers[0].uri": "{{ .Values.rooturl }}/auth/realms/openslice", "spring-addons.issuers[0].username-json-path":"$.preferred_username", "spring-addons.issuers[0].claims[0].jsonPath":"$.realm_access.roles", "spring-addons.issuers[0].claims[1].jsonPath":"$.resource_access.*.roles", @@ -54,8 +53,6 @@ spec: "springdoc.oauth.client-id" : "osapiWebClientId", "springdoc.oauth.clientsecret" : "{{ .Values.spring.oauthClientSecret }}", "spring.activemq.brokerUrl": "tcp://{{ include "openslice.fullname" . }}-artemis:61616?jms.watchTopicAdvisories=false", - "spring.activemq.user": "{{ .Values.oscreds.activemq.user }}", - "spring.activemq.password": "{{ .Values.oscreds.activemq.password }}", "logging.level.org.springframework" : "{{ .Values.oasapi.spring.logLevel | default "INFO" }}", "server.forward-headers-strategy":"FRAMEWORK" } @@ -67,7 +64,31 @@ spec: httpGet: path: /oas-api/swagger-ui/index.html port: 13101 + volumeMounts: + - mountPath: "/etc/config/spring.datasource.username" + name: mysql-portal-secrets + subPath: username + readOnly: true + - mountPath: "/etc/config/spring.datasource.password" + name: mysql-portal-secrets + subPath: password + readOnly: true + - mountPath: "/etc/config/spring.activemq.user" + name: artemis-secrets + subPath: username + readOnly: true + - mountPath: "/etc/config/spring.activemq.password" + name: artemis-secrets + subPath: password + readOnly: true restartPolicy: Always + volumes: + - name: artemis-secrets + secret: + secretName: {{ include "openslice.fullname" . }}-artemis-secret + - name: mysql-portal-secrets + secret: + secretName: {{ include "openslice.fullname" . }}-mysql-portal-secrets --- apiVersion: v1 kind: Service diff --git a/kubernetes/helm/openslice/templates/osom.yaml b/kubernetes/helm/openslice/templates/osom.yaml index 14c8d2d2cbae36b462156a9292e5582506a388a8..f5a1617a404a015187537d6a61a738aa81bf1cda 100644 --- a/kubernetes/helm/openslice/templates/osom.yaml +++ b/kubernetes/helm/openslice/templates/osom.yaml @@ -31,18 +31,30 @@ spec: env: - name: SPRING_APPLICATION_JSON value: >- - { + { + "spring.config.import": "configtree:/etc/config/", "spring.datasource.url" : "{{ .Values.osom.spring.datasource.url | default "jdbc:h2:/tmp/tempdb;DB_CLOSE_DELAY=-1" }}", "spring.activemq.brokerUrl": "tcp://{{ include "openslice.fullname" . }}-artemis:61616?jms.watchTopicAdvisories=false", - "spring.activemq.user": "{{ .Values.oscreds.activemq.user }}", - "spring.activemq.password": "{{ .Values.oscreds.activemq.password }}", "logging.level.org.springframework" : "{{ .Values.osom.spring.logLevel | default "INFO" }}" } resources: {{- toYaml .Values.resources | nindent 12 }} ports: - containerPort: 13100 + volumeMounts: + - mountPath: "/etc/config/spring.activemq.user" + name: artemis-secrets + subPath: username + readOnly: true + - mountPath: "/etc/config/spring.activemq.password" + name: artemis-secrets + subPath: password + readOnly: true restartPolicy: Always + volumes: + - name: artemis-secrets + secret: + secretName: {{ include "openslice.fullname" . }}-artemis-secret --- apiVersion: v1 kind: Service diff --git a/kubernetes/helm/openslice/templates/osportalapi.yaml b/kubernetes/helm/openslice/templates/osportalapi.yaml index 6df11d4899aec82bc2f40444c8721ee57e94edce..afe161aae0fac33362f72314b1b8fdd97a3bc2c6 100644 --- a/kubernetes/helm/openslice/templates/osportalapi.yaml +++ b/kubernetes/helm/openslice/templates/osportalapi.yaml @@ -42,9 +42,8 @@ spec: value: >- { "origins":"{{ .Values.rooturl }}", - "spring.datasource.url": "jdbc:mysql://{{ include "openslice.fullname" . }}-mysql/osdb?createDatabaseIfNotExist=true", - "spring.datasource.username": "{{ .Values.oscreds.mysql.username }}", - "spring.datasource.password": "{{ .Values.oscreds.mysql.password }}", + "spring.config.import": "configtree:/etc/config/", + "spring.datasource.url": "jdbc:mysql://{{ include "openslice.fullname" . }}-mysql/{{ .Values.oscreds.mysql.portal.database }}", "spring-addons.issuers[0].uri": "{{ .Values.rooturl }}/auth/realms/openslice", "spring-addons.issuers[0].username-json-path":"$.preferred_username", "spring-addons.issuers[0].claims[0].jsonPath":"$.realm_access.roles", @@ -55,8 +54,6 @@ spec: "springdoc.oauth.client-id" : "osapiWebClientId", "springdoc.oauth.clientsecret" : "{{ .Values.spring.oauthClientSecret }}", "spring.activemq.brokerUrl": "tcp://{{ include "openslice.fullname" . }}-artemis:61616?jms.watchTopicAdvisories=false", - "spring.activemq.user": "{{ .Values.oscreds.activemq.user }}", - "spring.activemq.password": "{{ .Values.oscreds.activemq.password }}", "logging.level.org.springframework" : "{{ .Values.portalapi.spring.logLevel | default "INFO" }}", "logging.level.org.etsi.osl.portal.api": "{{ .Values.portalapi.logLevel | default "INFO" }}", "server.forward-headers-strategy":"FRAMEWORK" @@ -68,11 +65,33 @@ spec: volumeMounts: - name: osportalapi-claim0 mountPath: /root + - mountPath: "/etc/config/spring.datasource.username" + name: mysql-portal-secrets + subPath: username + readOnly: true + - mountPath: "/etc/config/spring.datasource.password" + name: mysql-portal-secrets + subPath: password + readOnly: true + - mountPath: "/etc/config/spring.activemq.user" + name: artemis-secrets + subPath: username + readOnly: true + - mountPath: "/etc/config/spring.activemq.password" + name: artemis-secrets + subPath: password + readOnly: true restartPolicy: Always volumes: - name: osportalapi-claim0 persistentVolumeClaim: claimName: {{ include "openslice.fullname" . }}-osportalapi-claim0 + - name: artemis-secrets + secret: + secretName: {{ include "openslice.fullname" . }}-artemis-secret + - name: mysql-portal-secrets + secret: + secretName: {{ include "openslice.fullname" . }}-mysql-portal-secrets --- apiVersion: v1 kind: Service diff --git a/kubernetes/helm/openslice/templates/osscapi.yaml b/kubernetes/helm/openslice/templates/osscapi.yaml index 758d5194bba9efd07fe9e9b5dcdcb91a17611667..2b3be8e352df7a548bcd16c0ce41882e5c9beb07 100644 --- a/kubernetes/helm/openslice/templates/osscapi.yaml +++ b/kubernetes/helm/openslice/templates/osscapi.yaml @@ -41,9 +41,8 @@ spec: value: >- { "origins":"{{ .Values.rooturl }}", - "spring.datasource.url": "jdbc:mysql://{{ include "openslice.fullname" . }}-mysql/osdb?createDatabaseIfNotExist=true", - "spring.datasource.username": "{{ .Values.oscreds.mysql.username }}", - "spring.datasource.password": "{{ .Values.oscreds.mysql.password }}", + "spring.config.import": "configtree:/etc/config/", + "spring.datasource.url": "jdbc:mysql://{{ include "openslice.fullname" . }}-mysql/{{ .Values.oscreds.mysql.portal.database }}", "spring-addons.issuers[0].uri":"{{ .Values.rooturl }}/auth/realms/openslice", "spring-addons.issuers[0].username-json-path":"$.preferred_username", "spring-addons.issuers[0].claims[0].jsonPath":"$.realm_access.roles", @@ -55,8 +54,6 @@ spec: "springdoc.oauth.client-id":"osapiWebClientId", "springdoc.oauth.clientsecret" : "{{ .Values.spring.oauthClientSecret }}", "spring.activemq.brokerUrl": "tcp://{{ include "openslice.fullname" . }}-artemis:61616?jms.watchTopicAdvisories=false", - "spring.activemq.user": "{{ .Values.oscreds.activemq.user }}", - "spring.activemq.password": "{{ .Values.oscreds.activemq.password }}", "logging.level.org.springframework": "{{ .Values.osscapi.spring.logLevel | default "INFO" }}", "kroki.serverurl":"{{ .Values.rooturl }}/kroki", "server.forward-headers-strategy":"FRAMEWORK" @@ -68,6 +65,22 @@ spec: volumeMounts: - mountPath: /root name: osscapi-claim0 + - mountPath: "/etc/config/spring.datasource.username" + name: mysql-portal-secrets + subPath: username + readOnly: true + - mountPath: "/etc/config/spring.datasource.password" + name: mysql-portal-secrets + subPath: password + readOnly: true + - mountPath: "/etc/config/spring.activemq.user" + name: artemis-secrets + subPath: username + readOnly: true + - mountPath: "/etc/config/spring.activemq.password" + name: artemis-secrets + subPath: password + readOnly: true readinessProbe: httpGet: path: /tmf-api/serviceCatalogManagement/v4/serviceCatalog @@ -77,6 +90,12 @@ spec: - name: osscapi-claim0 persistentVolumeClaim: claimName: {{ include "openslice.fullname" . }}-osscapi-claim0 + - name: artemis-secrets + secret: + secretName: {{ include "openslice.fullname" . }}-artemis-secret + - name: mysql-portal-secrets + secret: + secretName: {{ include "openslice.fullname" . }}-mysql-portal-secrets --- apiVersion: v1 kind: Service diff --git a/kubernetes/helm/openslice/values.yaml b/kubernetes/helm/openslice/values.yaml index cc86020d7d3eb3c0d9084c177ab5dc911e7e16c7..405de62d64e47655f39f9f06c6fd4731a939c0dc 100644 --- a/kubernetes/helm/openslice/values.yaml +++ b/kubernetes/helm/openslice/values.yaml @@ -113,7 +113,11 @@ oscreds: portal: database: osdb username: portaluser - password: 12345 + password: "12345" + metrico: + database: metricodb + username: metricouser + password: "12345" spring: oauthClientSecret: secret