+++ /dev/null
-Subproject commit 540b846831e2053ccdcce9fa620cb7eeb7f5db46
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+components/
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2021 Orange
+# Modifications Copyright © 2021-2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v2
+description: ONAP Active and Available Inventory
+name: aai
+version: 16.0.1
+
+dependencies:
+ - name: common
+ version: ~13.x-0
+ repository: '@local'
+ - name: cassandra
+ version: ~16.x-0
+ # local reference to common chart, as it is
+ # a part of this chart's package and will not
+ # be published independently to a repo (at this point)
+ repository: '@local'
+ condition: global.cassandra.localCluster
+ - name: repositoryGenerator
+ version: ~13.x-0
+ repository: '@local'
+ - name: readinessCheck
+ version: ~13.x-0
+ repository: '@local'
+ - name: aai-babel
+ version: ~15.x-0
+ repository: 'file://components/aai-babel'
+ condition: aai-babel.enabled
+ - name: aai-graphadmin
+ version: ~16.x-0
+ repository: 'file://components/aai-graphadmin'
+ condition: aai-graphadmin.enabled
+ - name: aai-modelloader
+ version: ~15.x-0
+ repository: 'file://components/aai-modelloader'
+ condition: aai-modelloader.enabled
+ - name: aai-resources
+ version: ~16.x-0
+ repository: 'file://components/aai-resources'
+ condition: aai-resources.enabled
+ - name: aai-schema-service
+ version: ~16.x-0
+ repository: 'file://components/aai-schema-service'
+ condition: aai-schema-service.enabled
+ - name: aai-sparky-be
+ version: ~16.x-0
+ repository: 'file://components/aai-sparky-be'
+ condition: aai-sparky-be.enabled
+ - name: aai-traversal
+ version: ~16.x-0
+ repository: 'file://components/aai-traversal'
+ condition: aai-traversal.enabled
+ - name: serviceAccount
+ version: ~13.x-0
+ repository: '@local'
--- /dev/null
+# Copyright © 2020 Samsung Electronics, Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts docker
+HELM_BIN := helm
+ifneq ($(SKIP_LINT),TRUE)
+ HELM_LINT_CMD := $(HELM_BIN) lint
+else
+ HELM_LINT_CMD := echo "Skipping linting of"
+endif
+
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) cm-push -f $$PACKAGE_NAME local; fi
+ @sleep 3
+ #@$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */Chart.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
--- /dev/null
+# Copyright © 2020 Samsung Electronics, Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES :=
+HELM_BIN := helm
+ifneq ($(SKIP_LINT),TRUE)
+ HELM_LINT_CMD := $(HELM_BIN) lint
+else
+ HELM_LINT_CMD := echo "Skipping linting of"
+endif
+
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) cm-push -f $$PACKAGE_NAME local; fi
+ @sleep 3
+ #@$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */Chart.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
--- /dev/null
+# Patterns to ignore when building packages.\r
+# This supports shell glob matching, relative path matching, and\r
+# negation (prefixed with !). Only one pattern per line.\r
+.DS_Store\r
+# Common VCS dirs\r
+.git/\r
+.gitignore\r
+.bzr/\r
+.bzrignore\r
+.hg/\r
+.hgignore\r
+.svn/\r
+# Common backup files\r
+*.swp\r
+*.bak\r
+*.tmp\r
+*~\r
+# Various IDEs\r
+.project\r
+.idea/\r
+*.tmproj\r
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T
+# Modifications Copyright © 2018 Bell Canada
+# Modifications Copyright © 2021 Orange
+# Modifications Copyright © 2021-2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v2
+description: Babel microservice
+name: aai-babel
+version: 15.0.2
+
+dependencies:
+ - name: common
+ version: ~13.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~13.x-0
+ repository: '@local'
+ - name: serviceAccount
+ version: ~13.x-0
+ repository: '@local'
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Copyright © 2021 Orange
+# Modifications Copyright � 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+server.port=9516
+security.require-ssl=false
+server.ssl.enabled=false
+
+spring.main.allow-bean-definition-overriding=true
+server.servlet.context-path=/services/babel-service
+logging.config=${CONFIG_HOME}/logback.xml
+tosca.mappings.config=${CONFIG_HOME}/tosca-mappings.json
+
+spring.application.name=aai-babel
+spring.sleuth.enabled={{ .Values.global.tracing.enabled }}
+spring.zipkin.baseUrl={{ .Values.global.tracing.collector.baseUrl }}
+spring.sleuth.messaging.jms.enabled = false
+spring.sleuth.trace-id128=true
+spring.sleuth.sampler.probability={{ .Values.global.tracing.sampling.probability }}
+spring.sleuth.propagation.type=w3c, b3
+spring.sleuth.supports-join=false
+
+management.endpoints.web.exposure.include=*
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+#action widget details
+*/}}
+AAI.model-version-id.action=fd7fb09e-d930-41b9-b83f-cfde9df48640
+AAI.model-invariant-id.action=af593b4b-490e-4665-ad74-2f6351c0a7ce
+#action-data widget details
+AAI.model-invariant-id.action-data=9551346c-7d8b-4daf-9926-b93e96e2344a
+AAI.model-version-id.action-data=2f80c596-27e5-4ca9-b5bb-e03a7fd4c0fd
+#allotted-resource widget details
+AAI.model-invariant-id.allotted-resource=f6d6a23d-a1a9-48ff-8419-b6530da2d381
+AAI.model-version-id.allotted-resource=7ad0915f-25c0-4a70-b9bc-185a75f87564
+#availability-zone widget details
+AAI.model-version-id.availability-zone=6c092fb1-21b2-456b-9e01-67fb4de1896e
+AAI.model-invariant-id.availability-zone=61b88c01-d819-41c0-8e21-7fd7ba47148e
+#az-and-dvs-switches widget details
+AAI.model-version-id.az-and-dvs-switches=b2dea88d-78a0-49bf-95c9-5819df08e966
+AAI.model-invariant-id.az-and-dvs-switches=53dc00d4-e6d9-48ec-b6cc-3d3797e9b896
+#class-of-service widget details
+AAI.model-version-id.class-of-service=d2fb27cc-15eb-4c4e-828e-71d41aaecc5b
+AAI.model-invariant-id.class-of-service=18094b19-d16d-4822-8acf-e92c6aefa178
+#cloud-region widget details
+AAI.model-version-id.cloud-region=2a160989-b202-47dd-874b-4a0f275998f7
+AAI.model-invariant-id.cloud-region=425b2158-e51d-4509-9945-dad4556474a3
+#complex widget details
+AAI.model-invariant-id.complex=af91c2f7-35fc-43cf-a13d-443f385b2353
+AAI.model-version-id.complex=3a8ab1ee-9220-4fe8-b89c-9251d160ddc2
+#configuration widget details
+AAI.model-invariant-id.configuration=166c050d-f69d-4305-943e-0bc58c3a26cf
+AAI.model-version-id.configuration=5a175add-57e4-4a5d-8b02-c36f1d69c52b
+#connector widget details
+AAI.model-version-id.connector=22104c9f-29fd-462f-be07-96cd6b46dd33
+AAI.model-invariant-id.connector=4c01c948-7607-4d66-8a6c-99c2c2717936
+#constrained-element-set widget details
+AAI.model-invariant-id.constrained-element-set=c0292b4f-ee97-40cc-8c2e-f967c48f5701
+AAI.model-version-id.constrained-element-set=01102126-9c04-4a89-945b-b131e61e95d7
+#ctag-assignment widget details
+AAI.model-version-id.ctag-assignment=44e5cb1f-0938-41aa-b766-d4595109fe89
+AAI.model-invariant-id.ctag-assignment=fcb8d46b-b656-4ad6-8fa4-22cef74b443f
+#ctag-pool widget details
+AAI.model-invariant-id.ctag-pool=46c51d4e-d67e-4a9c-b1f5-49b1e9c6fcaa
+AAI.model-version-id.ctag-pool=2056c41f-23b9-4de7-9f50-819adad37d76
+#customer widget details
+AAI.model-invariant-id.customer=c1d4305f-cdbd-4bbe-9069-a2f4978fd89e
+AAI.model-version-id.customer=d4df5c27-98a1-4812-a8aa-c17f055b7a3f
+#cvlan-tag-entry widget details
+AAI.model-version-id.cvlan-tag-entry=c3878ffb-8d85-4114-bee6-e4074a9db10b
+AAI.model-invariant-id.cvlan-tag-entry=245cf4b0-7cc5-4eea-bbd9-753e939adcab
+#dvs-switch widget details
+AAI.model-invariant-id.dvs-switch=98fbb471-1f86-428e-bd8a-c8a25de6fa23
+AAI.model-version-id.dvs-switch=4cb44ae8-e3ab-452a-9f95-bcc8a44c55ea
+#edge-prop-names widget details
+AAI.model-invariant-id.edge-prop-names=7a08cad4-8759-46a5-8245-095d1ba57ac6
+AAI.model-version-id.edge-prop-names=f0442326-8201-4d0e-857c-74b4ddcbfc9f
+#element-choice-set widget details
+AAI.model-invariant-id.element-choice-set=9a011958-7165-47a3-b872-00951d1f09ae
+AAI.model-version-id.element-choice-set=af27fbfd-598d-44da-aeae-0f9d3a5fcd6a
+#entitlement widget details
+AAI.model-version-id.entitlement=7e27ba2e-b7db-4e13-9fae-d142152ef98a
+AAI.model-invariant-id.entitlement=ae75b5a0-d5e1-4f3a-b8fb-37626a753da3
+#flavor widget details
+AAI.model-invariant-id.flavor=bace8d1c-a261-4041-9e37-823117415d0f
+AAI.model-version-id.flavor=36200fb5-f251-4f5d-a520-7c5ad5c2cd4b
+#generic-vnf widget details
+AAI.model-version-id.generic-vnf=93a6166f-b3d5-4f06-b4ba-aed48d009ad9
+AAI.model-invariant-id.generic-vnf=acc6edd8-a8d4-4b93-afaa-0994068be14c
+#group-assignment widget details
+AAI.model-invariant-id.group-assignment=7cc05f25-7ba2-42b7-a237-c5662a1689e1
+AAI.model-version-id.group-assignment=fe578080-ce19-4604-8760-fc264fbb2565
+#image widget details
+AAI.model-version-id.image=f6a038c2-820c-42ba-8c2b-375e24e8f932
+AAI.model-invariant-id.image=3f4c7204-739b-4bbb-87a7-8a6856439c90
+#include-node-filter widget details
+AAI.model-invariant-id.include-node-filter=2a2d8ad2-af0a-4e1f-9982-0c899e7dc827
+AAI.model-version-id.include-node-filter=f05f804d-7057-4ffe-bdc5-39f2f0c9c9fd
+#instance-group widget details
+AAI.model-version-id.instance-group=8e6ee9dc-9017-444a-83b3-219edb018128
+AAI.model-invariant-id.instance-group=3bf1e610-45f7-4ad6-b833-ca4c5ee6a3fd
+#inventory-item widget details
+AAI.model-invariant-id.inventory-item=cd57d844-9017-4078-aa19-926935a3d77c
+AAI.model-version-id.inventory-item=69957f4a-2155-4b95-8d72-d6dd9b88b27b
+#inventory-item-data widget details
+AAI.model-version-id.inventory-item-data=0e54bb87-bd6e-4a2b-ad1c-6d935b87ae51
+AAI.model-invariant-id.inventory-item-data=87a383ae-cf03-432e-a9de-04e6a622d0fd
+#ipsec-configuration widget details
+AAI.model-invariant-id.ipsec-configuration=aca4c310-cb45-42bd-9f88-73e40ba7b962
+AAI.model-version-id.ipsec-configuration=d949fd10-36bf-408a-ac7a-cad5004d2e0d
+#key-data widget details
+AAI.model-version-id.key-data=c23ea04d-1a3b-453d-bc49-a6c783a5e92b
+AAI.model-invariant-id.key-data=f5faa464-c2f2-4cc3-89d2-a90452dc3a07
+#l3-interface-ipv4-address-list widget details
+AAI.model-version-id.l3-interface-ipv4-address-list=41e76b6f-1e06-4fd4-82cd-81c50fc4574b
+AAI.model-invariant-id.l3-interface-ipv4-address-list=aad85df2-09be-40fa-b867-16415e4e10e2
+#l3-interface-ipv6-address-list widget details
+AAI.model-invariant-id.l3-interface-ipv6-address-list=82966045-43ee-4982-8307-7e9610866140
+AAI.model-version-id.l3-interface-ipv6-address-list=d040621d-541a-477b-bb1b-a2b61b14e295
+#l3-network widget details
+AAI.model-version-id.l3-network=9111f20f-e680-4001-b83f-19a2fc23bfc1
+AAI.model-invariant-id.l3-network=3d560d81-57d0-438b-a2a1-5334dba0651a
+#lag-interface widget details
+AAI.model-version-id.lag-interface=ce95f7c3-b61b-4758-ae9e-7e943b1c103d
+AAI.model-invariant-id.lag-interface=e0ee9bde-c1fc-4651-a95d-8e0597bf7d70
+#lag-link widget details
+AAI.model-version-id.lag-link=d29a087a-af59-4053-a3f8-0f95a92faa75
+AAI.model-invariant-id.lag-link=86ffe6e5-4d0e-4cec-80b5-5c38aa3eff98
+#license widget details
+AAI.model-invariant-id.license=b9a9b337-1f86-42d3-b9f9-f987a089507c
+AAI.model-version-id.license=6889274b-a1dc-40ab-9090-93677e13e2e6
+#license-key-resource widget details
+AAI.model-invariant-id.license-key-resource=9022ebfe-b54f-4911-a6b2-8c3f5ec189b7
+AAI.model-version-id.license-key-resource=24b25f8c-b8bd-4c62-9421-87c12667aac9
+#l-interface widget details
+AAI.model-version-id.l-interface=a32613fd-18b9-459e-aab8-fffb3912966a
+AAI.model-invariant-id.l-interface=cea0a982-8d55-4093-921e-418fbccf7060
+#logical-link widget details
+AAI.model-version-id.logical-link=a1481a38-f8ba-4ae4-bdf1-06c2c6af4c54
+AAI.model-invariant-id.logical-link=fe012535-2c31-4a39-a739-612374c638a0
+#metadatum widget details
+AAI.model-invariant-id.metadatum=86dbb63a-265e-4614-993f-6771c30b56a5
+AAI.model-version-id.metadatum=6bae950e-8939-41d3-a6a7-251b03e4c1fc
+#model widget details
+AAI.model-invariant-id.model=06d1418a-5faa-452d-a94b-a2829df5f67b
+AAI.model-version-id.model=1f51c05c-b164-4c27-9c03-5cbb239fd6be
+#model-constraint widget details
+AAI.model-invariant-id.model-constraint=c28966f3-e758-4483-b37b-a90b05d3dd33
+AAI.model-version-id.model-constraint=ad70dd19-f156-4fb5-a865-97b5563b0d37
+#model-element widget details
+AAI.model-invariant-id.model-element=2076e726-3577-477a-a300-7fa65cd4df11
+AAI.model-version-id.model-element=753e813a-ba9e-4a1d-ab34-b2f6dc6eec0c
+#multicast-configuration widget details
+AAI.model-invariant-id.multicast-configuration=ea78c9e3-514d-4a0a-9162-13837fa54c35
+AAI.model-version-id.multicast-configuration=666a06ee-4b57-46df-bacf-908da8f10c3f
+#named-query widget details
+AAI.model-version-id.named-query=5c3b7c33-afa3-4be5-8da7-1a5ac6f99896
+AAI.model-invariant-id.named-query=80b712fd-0ad3-4180-a99c-8c995cf1cc32
+#named-query-element widget details
+AAI.model-version-id.named-query-element=204c641a-3494-48c8-979a-86856f5fd32a
+AAI.model-invariant-id.named-query-element=3c504d40-b847-424c-9d25-4fb7e0a3e994
+#network-policy widget details
+AAI.model-invariant-id.network-policy=6aa05779-94d7-4d8b-9bee-59ef2ab0c246
+AAI.model-version-id.network-policy=a0ccd9dc-7062-4940-9bcc-e91dd28af510
+#network-profile widget details
+AAI.model-version-id.network-profile=01f45471-4240-498c-a9e1-235dc0b8b4a6
+AAI.model-invariant-id.network-profile=2734b44a-b8a2-40f6-957d-6256589e5d00
+#newvce widget details
+AAI.model-version-id.newvce=7c79e11f-a408-4593-aa86-ba948a1236af
+AAI.model-invariant-id.newvce=4b05ec9c-c55d-4987-83ff-e08d6ddb694f
+#oam-network widget details
+AAI.model-invariant-id.oam-network=2851cf01-9c40-4064-87d4-6184a6fcff35
+AAI.model-version-id.oam-network=f4fb34f3-fd6e-4a8f-a3fb-4ab61a343b79
+#physical-link widget details
+AAI.model-invariant-id.physical-link=c822d81f-822f-4304-9623-1025b53da568
+AAI.model-version-id.physical-link=9c523936-95b4-4d7f-9f53-6bdfe0cf2c05
+#p-interface widget details
+AAI.model-invariant-id.p-interface=94043c37-4e73-439c-a790-0fdd697924cd
+AAI.model-version-id.p-interface=d2cdb2d0-fc1f-4a57-a89e-591b1c4e3754
+#pnf widget details
+AAI.model-version-id.pnf=e9f1fa7d-c839-418a-9601-03dc0d2ad687
+AAI.model-invariant-id.pnf=862b25a1-262a-4961-bdaa-cdc55d69785a
+#port-group widget details
+AAI.model-version-id.port-group=03e8bb6b-b48a-46ae-b5d4-e5af577e6844
+AAI.model-invariant-id.port-group=8ce940fb-55d7-4230-9e7f-a56cc2741f77
+#property-constraint widget details
+AAI.model-version-id.property-constraint=81706bbd-981e-4362-ae20-995cbcb2d995
+AAI.model-invariant-id.property-constraint=f4a863c3-6886-470a-a6ae-05723837ea45
+#pserver widget details
+AAI.model-invariant-id.pserver=6d932c8f-463b-4e76-83fb-87acfbaa2e2d
+AAI.model-version-id.pserver=72f0d495-bc27-4653-9e1a-eef76bd34bc9
+#related-lookup widget details
+AAI.model-invariant-id.related-lookup=468f6f5b-2996-41bb-b2a3-7cf9613ebb9b
+AAI.model-version-id.related-lookup=0988bab5-bf4f-4938-a419-ab249867d12a
+#reserved-prop-names widget details
+AAI.model-invariant-id.reserved-prop-names=0c3e0ba3-618c-498d-9127-c8d42b00170f
+AAI.model-version-id.reserved-prop-names=ac49d26d-9163-430e-934a-13b738a04f5c
+#result-data widget details
+AAI.model-version-id.result-data=4e9b50aa-5227-4f6f-b489-62e6bbc03c79
+AAI.model-invariant-id.result-data=ff656f23-6185-406f-9006-4b26834f3e1c
+#route-table-reference widget details
+AAI.model-version-id.route-table-reference=fed7e326-03a7-45ff-a3f2-471470d268c4
+AAI.model-invariant-id.route-table-reference=a8614b63-2636-4c4f-98df-fd448c4241db
+#routing-instance widget details
+AAI.model-invariant-id.routing-instance=1c2ded4f-8b01-4193-829c-966847dfec3e
+AAI.model-version-id.routing-instance=3ccbcbc7-d19e-44d5-a52f-7e18aa8d69fa
+#secondary-filter widget details
+AAI.model-version-id.secondary-filter=1380619d-dd1a-4cec-b755-c6407833e065
+AAI.model-invariant-id.secondary-filter=738ff299-6290-4c00-8998-bd0e96a07b93
+#segmentation-assignment widget details
+AAI.model-invariant-id.segmentation-assignment=6e814aee-46e1-4583-a9d4-0049bfd2b59b
+AAI.model-version-id.segmentation-assignment=c5171ae0-44fb-4c04-b482-d56702241a44
+#service widget details
+AAI.model-version-id.service=ecce2c42-3957-4ae0-9442-54bc6afe27b6
+AAI.model-invariant-id.service=07a3a60b-1b6c-4367-8173-8014386f89e3
+#service-capability widget details
+AAI.model-invariant-id.service-capability=b1a7cc05-d19d-443b-a5d1-733e325c4232
+AAI.model-version-id.service-capability=f9cfec1b-18da-4bba-bd83-4b26cca115cd
+#service-instance widget details
+AAI.model-invariant-id.service-instance=82194af1-3c2c-485a-8f44-420e22a9eaa4
+AAI.model-version-id.service-instance=46b92144-923a-4d20-b85a-3cbd847668a9
+#service-subscription widget details
+AAI.model-invariant-id.service-subscription=2e1a602a-acd8-4f78-94ff-618b802a303b
+AAI.model-version-id.service-subscription=5e68299a-79f2-4bfb-8fbc-2bae877a2459
+#site-pair widget details
+AAI.model-version-id.site-pair=7106bc02-6552-4fc3-8a56-4f3df9034531
+AAI.model-invariant-id.site-pair=db63f3e6-f8d1-484e-8d5e-191600b7914b
+#site-pair-set widget details
+AAI.model-invariant-id.site-pair-set=5d4dae3e-b402-4bfd-909e-ece12ff75d26
+AAI.model-version-id.site-pair-set=a5c6c1bc-dc38-468e-9459-bb08f87247df
+#snapshot widget details
+AAI.model-version-id.snapshot=962a7c8b-687f-4d32-a775-fe098e214bcd
+AAI.model-invariant-id.snapshot=24de00ef-aead-4b52-995b-0adf8d4bd90d
+#sriov-vf widget details
+AAI.model-version-id.sriov-vf=1e8b331f-3d4a-4160-b7aa-f4d5a8916625
+AAI.model-invariant-id.sriov-vf=04b2935f-33c4-40a9-8af0-8b52690042dc
+#start-node-filter widget details
+AAI.model-version-id.start-node-filter=aad96fd3-e75f-42fc-9777-3450c36f1168
+AAI.model-invariant-id.start-node-filter=083093a3-e407-447a-ba5d-7583e4d23e1d
+#subnet widget details
+AAI.model-version-id.subnet=f902a6bc-6be4-4fe5-8458-a6ec0056b374
+AAI.model-invariant-id.subnet=1b2c9ba7-e449-4831-ba15-3073672f5ef2
+#tagged-inventory-item-list widget details
+AAI.model-invariant-id.tagged-inventory-item-list=e78a7eaa-f65d-4919-9c2b-5b258c8c4d7e
+AAI.model-version-id.tagged-inventory-item-list=c246f6e2-e3a1-4697-94c0-5672a7fbbf04
+#tenant widget details
+AAI.model-invariant-id.tenant=97c26c99-6870-44c1-8a07-1d900d3f4ce6
+AAI.model-version-id.tenant=abcc54bc-bb74-49dc-9043-7f7171707545
+#tunnel-xconnect widget details
+AAI.model-invariant-id.tunnel-xconnect=50b9e2fa-005c-4bbe-b651-3251dece4cd8
+AAI.model-version-id.tunnel-xconnect=e7cb4ca8-e1a5-4487-a716-4ae0bcd8aef5
+#update-node-key widget details
+AAI.model-version-id.update-node-key=6004cfa6-eb6d-4062-971f-b1fde6b74aa0
+AAI.model-invariant-id.update-node-key=fe81c801-f65d-408a-b2b7-a729a18f8154
+#vce widget details
+AAI.model-version-id.vce=b6cf54b5-ec45-43e1-be64-97b4e1513333
+AAI.model-invariant-id.vce=bab6dceb-e7e6-4301-a5e0-a7399b48d792
+#vf-module widget details
+AAI.model-invariant-id.vf-module=ef86f9c5-2165-44f3-8fc3-96018b609ea5
+AAI.model-version-id.vf-module=c00563ae-812b-4e62-8330-7c4d0f47088a
+#vig-server widget details
+AAI.model-version-id.vig-server=8e8c22f1-fbdf-48ea-844c-8bdeb44e7b16
+AAI.model-invariant-id.vig-server=bed7c3b7-35d0-4cd9-abde-41b20e68b28e
+#virtual-data-center widget details
+AAI.model-invariant-id.virtual-data-center=5150abcf-0c5f-4593-9afe-a19c48fc4824
+AAI.model-version-id.virtual-data-center=6dd43ced-d789-47af-a759-d3abc14e3ac1
+#vlan widget details
+AAI.model-version-id.vlan=257d88a5-a269-4c35-944f-aca04fbdb791
+AAI.model-invariant-id.vlan=d2b1eaf1-ae59-4116-9ee4-aa0179faa4f8
+#vnfc widget details
+AAI.model-invariant-id.vnfc=96129eb9-f0de-4e05-8af2-73146473f766
+AAI.model-version-id.vnfc=5761e0a7-c6df-4d8a-9ebd-b8f445054dec
+#vnf-image widget details
+AAI.model-invariant-id.vnf-image=f9a628ff-7aa0-40e2-a93d-02d91c950982
+AAI.model-version-id.vnf-image=c4d3e747-ba4a-4b17-9896-94c6f18c19d3
+#volume widget details
+AAI.model-version-id.volume=0fbe2e8f-4d91-4415-a772-88387049b38d
+AAI.model-invariant-id.volume=ddd739b4-2b25-46c4-affc-41a32af5cc42
+#volume-group widget details
+AAI.model-invariant-id.volume-group=fcec1b02-b2d0-4834-aef8-d71be04717dd
+AAI.model-version-id.volume-group=99d44c90-1f61-4418-b9a6-56586bf38c79
+#vpe widget details
+AAI.model-invariant-id.vpe=053ec3a7-5b72-492d-b54d-123805a9b967
+AAI.model-version-id.vpe=203817d3-829c-42d4-942d-2a935478e993
+#vpls-pe widget details
+AAI.model-version-id.vpls-pe=b1566228-6785-4ce1-aea2-053736f80341
+AAI.model-invariant-id.vpls-pe=457ba89b-334c-4fbd-acc4-160ac0e0cdc0
+#vpn-binding widget details
+AAI.model-invariant-id.vpn-binding=9e23b675-db2b-488b-b459-57aa9857baa0
+AAI.model-version-id.vpn-binding=21a146e5-9901-448c-9197-723076770119
+#vserver widget details
+AAI.model-invariant-id.vserver=ff69d4e0-a8e8-4108-bdb0-dd63217e63c7
+AAI.model-version-id.vserver=8ecb2c5d-7176-4317-a255-26274edfdd53
+#collection resource widget details
+AAI.model-invariant-id.cr=8bac3599-9a1c-4b7f-80e5-c1838f744c23
+AAI.model-version-id.cr=3f908abc-3a15-40d0-b674-2a639e52884d
--- /dev/null
+{"roles": [\r
+ {\r
+ "name": "admin",\r
+ "functions": [\r
+ {\r
+ "name": "generateArtifacts",\r
+ "methods": [{"name": "POST"}]\r
+ }\r
+ ],\r
+ "users": [\r
+ {"username": "CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA"}\r
+ ]\r
+ },\r
+ {\r
+ "name": "ops",\r
+ "functions": [{\r
+ "name": "actions",\r
+ "methods": [{"name": "POST"}]\r
+ }],\r
+ "users": [\r
+ {"username": "CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA"}\r
+ ]\r
+ },\r
+ {\r
+ "name": "readonly",\r
+ "functions": [\r
+ {\r
+ "name": "actions",\r
+ "methods": [{"name": "GET"}]\r
+ }\r
+ ],\r
+ "users": [\r
+ {"username": "CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA"}\r
+ ]\r
+ },\r
+ {\r
+ "name": "basicauth",\r
+ "functions": [{\r
+ "name": "util",\r
+ "methods": [{"name": "GET"}]\r
+ }],\r
+ "users": [{\r
+ "user": "aai",\r
+ "pass": "OBF:deadbeef"\r
+ }]\r
+ }\r
+]}\r
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+auth.policy.file=/auth/auth_policy.json
+auth.authentication.disable=true
--- /dev/null
+<?xml version="1.0"?>
+<!--
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright © 2021 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+-->
+<configuration scan="true" scanPeriod="30 seconds" debug="true">
+
+ <statusListener class="ch.qos.logback.core.status.NopStatusListener"/>
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder class="net.logstash.logback.encoder.LoggingEventCompositeJsonEncoder">
+ <providers>
+ <timestamp>
+ <fieldName>timestamp</fieldName>
+ </timestamp>
+ <message />
+ <mdc>
+ <fieldName>context</fieldName>
+ <excludeMdcKeyName>ServerIPAddress</excludeMdcKeyName>
+ <excludeMdcKeyName>EntryTimestamp</excludeMdcKeyName>
+ <excludeMdcKeyName>InvokeTimestamp</excludeMdcKeyName>
+ <excludeMdcKeyName>ErrorCode</excludeMdcKeyName>
+ <excludeMdcKeyName>ErrorDesc</excludeMdcKeyName>
+ </mdc>
+ <stackTrace>
+ <fieldName>exception</fieldName>
+ <throwableConverter class="net.logstash.logback.stacktrace.ShortenedThrowableConverter">
+ <exclude>^sun\.reflect\..*\.invoke</exclude>
+ <exclude>^net\.sf\.cglib\.proxy\.MethodProxy\.invoke</exclude>
+ <rootCauseFirst>true</rootCauseFirst>
+ </throwableConverter>
+ </stackTrace>
+ <threadName>
+ <fieldName>thread</fieldName>
+ </threadName>
+ <loggerName>
+ <fieldName>logger</fieldName>
+ <shortenedLoggerNameLength>36</shortenedLoggerNameLength>
+ </loggerName>
+ <logLevel />
+ </providers>
+ </encoder>
+ </appender>
+
+ <!-- ============================================================================ -->
+ <!-- EELF Appenders -->
+ <!-- ============================================================================ -->
+
+ <appender name="asyncEELF" class="ch.qos.logback.classic.AsyncAppender">
+ <!-- deny all events with a level below INFO, that is TRACE and DEBUG -->
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>INFO</level>
+ </filter>
+ <queueSize>256</queueSize>
+ <appender-ref ref="STDOUT" />
+ </appender>
+
+ <!-- EELF Audit Appender. This appender is used to record audit engine related logging events. The
+ audit logger and appender
+ are specializations of the EELF application root logger and appender. This can be used to segregate
+ Policy engine events
+ from other components, or it can be eliminated to record these events as part of the application
+ root log. -->
+
+ <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="STDOUT" />
+ </appender>
+
+ <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="STDOUT" />
+ </appender>
+
+ <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
+ <!-- allow only events with a level below INFO, that is TRACE and DEBUG -->
+ <filter class="ch.qos.logback.core.filter.EvaluatorFilter">
+ <evaluator class="ch.qos.logback.classic.boolex.GEventEvaluator">
+ <expression><![CDATA[e.level.toInt() < INFO.toInt()]]></expression>
+ </evaluator>
+ <OnMismatch>DENY</OnMismatch>
+ <OnMatch>NEUTRAL</OnMatch>
+ </filter>
+ <queueSize>256</queueSize>
+ <appender-ref ref="STDOUT" />
+ <includeCallerData>false</includeCallerData>
+ </appender>
+
+
+ <appender name="AsyncSysOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="STDOUT" />
+ </appender>
+
+ <logger name="com.att.eelf" level="INFO" additivity="false">
+ <appender-ref ref="asyncEELF" />
+ <appender-ref ref="AsyncSysOut" />
+ </logger>
+
+ <!-- The level of this logger determines the contents of the debug log -->
+ <logger name="com.att.eelf.debug" level="INFO" additivity="false">
+ <appender-ref ref="asyncEELFDebug" />
+ <appender-ref ref="AsyncSysOut" />
+ </logger>
+
+ <logger name="com.att.eelf.audit" level="INFO" additivity="false">
+ <appender-ref ref="asyncEELFAudit" />
+ <appender-ref ref="AsyncSysOut" />
+ </logger>
+
+ <logger name="com.att.eelf.metrics" level="INFO" additivity="false">
+ <appender-ref ref="asyncEELFMetrics" />
+ <appender-ref ref="AsyncSysOut" />
+ </logger>
+
+ <!-- ============================================================================ -->
+ <!-- Non-EELF loggers -->
+ <!-- ============================================================================ -->
+
+ <!-- ATT packages including DMAAP message routing -->
+ <logger name="com.att" level="INFO" />
+
+ <!-- Spring related loggers -->
+ <logger name="org.springframework" level="WARN" />
+ <logger name="org.springframework.beans" level="WARN" />
+ <logger name="org.springframework.web" level="WARN" />
+
+ <!-- Other Loggers that may help troubleshoot -->
+ <logger name="org.apache" level="WARN" />
+ <logger name="org.apache.commons" level="WARN" />
+
+ <!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging. May aid in
+ troubleshooting) -->
+ <logger name="org.apache.camel" level="WARN" />
+ <logger name="org.apache.cxf" level="WARN" />
+ <logger name="org.apache.camel.processor.interceptor" level="WARN" />
+ <logger name="org.apache.cxf.jaxrs.interceptor" level="WARN" />
+ <logger name="org.apache.cxf.service" level="WARN" />
+ <logger name="org.restlet" level="WARN" />
+ <logger name="org.apache.camel.component.restlet" level="WARN" />
+
+ <!-- logback internals logging -->
+ <logger name="ch.qos.logback.classic" level="WARN" />
+ <logger name="ch.qos.logback.core" level="WARN" />
+
+ <root level={{ .Values.log.level.root | upper | quote }}>
+ <appender-ref ref="asyncEELF" />
+ <appender-ref ref="asyncEELFDebug" />
+ <appender-ref ref="AsyncSysOut" />
+ </root>
+</configuration>
--- /dev/null
+{
+ "instanceGroupTypes": [
+ "org.openecomp.groups.NetworkCollection",
+ "org.openecomp.groups.VfcInstanceGroup",
+ "org.openecomp.groups.ResourceInstanceGroup"
+ ],
+ "widgetTypes": [
+ {
+ "type": "SERVICE",
+ "name": "service-instance",
+ "deleteFlag": true,
+ "modelVersionId": "46b92144-923a-4d20-b85a-3cbd847668a9",
+ "modelInvariantId": "82194af1-3c2c-485a-8f44-420e22a9eaa4"
+ },
+ {
+ "type": "VF",
+ "name": "generic-vnf",
+ "deleteFlag": true,
+ "modelVersionId": "93a6166f-b3d5-4f06-b4ba-aed48d009ad9",
+ "modelInvariantId": "acc6edd8-a8d4-4b93-afaa-0994068be14c"
+ },
+ {
+ "type": "VFC",
+ "name": "vnfc",
+ "deleteFlag": true,
+ "modelVersionId": "5761e0a7-c6df-4d8a-9ebd-b8f445054dec",
+ "modelInvariantId": "96129eb9-f0de-4e05-8af2-73146473f766"
+ },
+ {
+ "type": "VSERVER",
+ "name": "vserver",
+ "deleteFlag": true,
+ "modelVersionId": "8ecb2c5d-7176-4317-a255-26274edfdd53",
+ "modelInvariantId": "ff69d4e0-a8e8-4108-bdb0-dd63217e63c7"
+ },
+ {
+ "type": "VOLUME",
+ "name": "volume",
+ "deleteFlag": true,
+ "modelVersionId": "0fbe2e8f-4d91-4415-a772-88387049b38d",
+ "modelInvariantId": "ddd739b4-2b25-46c4-affc-41a32af5cc42"
+ },
+ {
+ "type": "FLAVOR",
+ "name": "flavor",
+ "deleteFlag": false,
+ "modelVersionId": "36200fb5-f251-4f5d-a520-7c5ad5c2cd4b",
+ "modelInvariantId": "bace8d1c-a261-4041-9e37-823117415d0f"
+ },
+ {
+ "type": "TENANT",
+ "name": "tenant",
+ "deleteFlag": false,
+ "modelVersionId": "abcc54bc-bb74-49dc-9043-7f7171707545",
+ "modelInvariantId": "97c26c99-6870-44c1-8a07-1d900d3f4ce6"
+ },
+ {
+ "type": "VOLUME_GROUP",
+ "name": "volume-group",
+ "deleteFlag": true,
+ "modelVersionId": "99d44c90-1f61-4418-b9a6-56586bf38c79",
+ "modelInvariantId": "fcec1b02-b2d0-4834-aef8-d71be04717dd"
+ },
+ {
+ "type": "LINT",
+ "name": "l-interface",
+ "deleteFlag": true,
+ "modelVersionId": "a32613fd-18b9-459e-aab8-fffb3912966a",
+ "modelInvariantId": "cea0a982-8d55-4093-921e-418fbccf7060"
+ },
+ {
+ "type": "L3_NET",
+ "name": "l3-network",
+ "deleteFlag": true,
+ "modelVersionId": "9111f20f-e680-4001-b83f-19a2fc23bfc1",
+ "modelInvariantId": "3d560d81-57d0-438b-a2a1-5334dba0651a"
+ },
+ {
+ "type": "VFMODULE",
+ "name": "vf-module",
+ "deleteFlag": true,
+ "modelVersionId": "c00563ae-812b-4e62-8330-7c4d0f47088a",
+ "modelInvariantId": "ef86f9c5-2165-44f3-8fc3-96018b609ea5"
+ },
+ {
+ "type": "IMAGE",
+ "name": "image",
+ "deleteFlag": false,
+ "modelVersionId": "f6a038c2-820c-42ba-8c2b-375e24e8f932",
+ "modelInvariantId": "3f4c7204-739b-4bbb-87a7-8a6856439c90"
+ },
+ {
+ "type": "OAM_NETWORK",
+ "name": "oam-network",
+ "deleteFlag": true,
+ "modelVersionId": "f4fb34f3-fd6e-4a8f-a3fb-4ab61a343b79",
+ "modelInvariantId": "2851cf01-9c40-4064-87d4-6184a6fcff35"
+ },
+ {
+ "type": "ALLOTTED_RESOURCE",
+ "name": "allotted-resource",
+ "deleteFlag": true,
+ "modelVersionId": "7ad0915f-25c0-4a70-b9bc-185a75f87564",
+ "modelInvariantId": "f6d6a23d-a1a9-48ff-8419-b6530da2d381"
+ },
+ {
+ "type": "TUNNEL_XCONNECT",
+ "name": "tunnel-xconnect",
+ "deleteFlag": true,
+ "modelVersionId": "e7cb4ca8-e1a5-4487-a716-4ae0bcd8aef5",
+ "modelInvariantId": "50b9e2fa-005c-4bbe-b651-3251dece4cd8"
+ },
+ {
+ "type": "CONFIGURATION",
+ "name": "configuration",
+ "deleteFlag": true,
+ "modelVersionId": "5a175add-57e4-4a5d-8b02-c36f1d69c52b",
+ "modelInvariantId": "166c050d-f69d-4305-943e-0bc58c3a26cf"
+ },
+ {
+ "type": "CR",
+ "name": "cr",
+ "deleteFlag": true,
+ "modelVersionId": "3f908abc-3a15-40d0-b674-2a639e52884d",
+ "modelInvariantId": "8bac3599-9a1c-4b7f-80e5-c1838f744c23"
+ },
+ {
+ "type": "INSTANCE_GROUP",
+ "name": "instance-group",
+ "deleteFlag": true,
+ "modelVersionId": "8e6ee9dc-9017-444a-83b3-219edb018128",
+ "modelInvariantId": "3bf1e610-45f7-4ad6-b833-ca4c5ee6a3fd"
+ },
+ {
+ "type": "PNF",
+ "name": "pnf",
+ "deleteFlag": true,
+ "modelVersionId": "e9f1fa7d-c839-418a-9601-03dc0d2ad687",
+ "modelInvariantId": "862b25a1-262a-4961-bdaa-cdc55d69785a"
+ }
+ ],
+ "widgetMappings": [
+ {
+ "prefix": "org.openecomp.resource.vfc",
+ "type": "widget",
+ "widget": "VSERVER",
+ "deleteFlag": true
+ },
+ {
+ "prefix": "org.openecomp.resource.cp",
+ "type": "widget",
+ "widget": "LINT",
+ "deleteFlag": true
+ },
+ {
+ "prefix": "org.openecomp.cp",
+ "type": "widget",
+ "widget": "LINT",
+ "deleteFlag": true
+ },
+ {
+ "prefix": "org.openecomp.resource.vl",
+ "widget": "L3_NET",
+ "deleteFlag": false
+ },
+ {
+ "prefix": "org.openecomp.resource.vf",
+ "widget": "VF",
+ "deleteFlag": true
+ },
+ {
+ "prefix": "org.openecomp.groups.vfmodule",
+ "widget": "VFMODULE",
+ "deleteFlag": true
+ },
+ {
+ "prefix": "org.openecomp.groups.VfModule",
+ "widget": "VFMODULE",
+ "deleteFlag": true
+ },
+ {
+ "prefix": "org.openecomp.resource.vfc.nodes.heat.cinder",
+ "type": "widget",
+ "widget": "VOLUME",
+ "deleteFlag": true
+ },
+ {
+ "prefix": "org.openecomp.resource.pnf",
+ "widget": "PNF",
+ "deleteFlag": true
+ }
+ ]
+}
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs, AT&T
+# Modifications Copyright © 2018 Bell Canada
+# Modifications Copyright (c) 2021 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels: {{- include "common.labels" . | nindent 4 }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs, AT&T
+# Modifications Copyright © 2018 Bell Canada
+# Modifications Copyright © 2020,2021 Orange
+# Modifications Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" (dict "annotations" .Values.annotations "dot" .) | nindent 2 }}
+spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ {{- if .Values.debug.enabled }}
+ replicas: 1
+ {{- else }}
+ replicas: {{ .Values.replicaCount }}
+ {{- end }}
+ revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
+ strategy:
+ type: {{ .Values.updateStrategy.type }}
+ {{- if (eq "RollingUpdate" .Values.updateStrategy.type) }}
+ rollingUpdate:
+ maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ .Values.updateStrategy.maxSurge }}
+ {{- end }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
+ ports:
+ {{- if .Values.debug.enabled }}
+ - containerPort: {{ .Values.debug.port }}
+ name: {{ .Values.debug.portName }}
+ {{- end }}
+ {{- if .Values.profiling.enabled }}
+ - containerPort: {{ .Values.profiling.port }}
+ name: {{ .Values.profiling.portName }}
+ {{- end }}
+ {{ include "common.containerPorts" . | nindent 12 }}
+ # disable liveness probe when
+ # debugging.enabled=true or profiling.enabled=true
+ {{- if and .Values.liveness.enabled (not (or .Values.debug.enabled .Values.profiling.enabled)) }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ - name: KEY_STORE_PASSWORD
+ value: NotUsed
+ - name: CONFIG_HOME
+ value: /opt/app/babel/config
+ {{- if .Values.profiling.enabled }}
+ - name: JVM_OPTS
+ value: '{{ join " " .Values.profiling.args }}'
+ {{- end }}
+ {{- if .Values.debug.enabled }}
+ - name: JVM_OPTS
+ value: {{ .Values.debug.args | quote }}
+ {{- end }}
+ volumeMounts:
+ - mountPath: /opt/app/babel/config/application.properties
+ name: config
+ subPath: application.properties
+ - mountPath: /opt/app/babel/config/artifact-generator.properties
+ name: config
+ subPath: artifact-generator.properties
+ - mountPath: /opt/app/babel/config/tosca-mappings.json
+ name: config
+ subPath: tosca-mappings.json
+ - mountPath: /opt/app/babel/config/babel-auth.properties
+ name: config
+ subPath: babel-auth.properties
+ - mountPath: /opt/app/babel/config/auth
+ name: secrets
+ - mountPath: {{ .Values.log.path }}
+ name: logs
+ - mountPath: /opt/app/babel/config/logback.xml
+ name: config
+ subPath: logback.xml
+ - mountPath: /opt/app/babel/logs
+ name: babel-logs
+ - mountPath: /tmp
+ name: tmp
+ resources: {{ include "common.resources" . | nindent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+ {{- end }}
+
+ # side car containers
+ {{ include "common.log.sidecar" . | nindent 8 }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
+ volumes:
+ - name: config
+ configMap:
+ name: {{ include "common.fullname" . }}-configmap
+ - name: secrets
+ secret:
+ secretName: {{ include "common.fullname" . }}-babel-secrets
+ - name: logs
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.artifactDataSizeLimit }}
+ - name: tmp
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.tmpSizeLimit }}
+ - name: babel-logs
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.babelLogsSizeLimit }}
+ {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 8 }}
+
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
--- /dev/null
+{{ include "common.ingress" . }}
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs, AT&T
+# Modifications Copyright © 2018 Bell Canada
+# Modifications Copyright (c) 2021 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.fullname" . }}-babel-secrets
+ namespace: {{ include "common.namespace" . }}
+ labels: {{- include "common.labels" . | nindent 4 }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/config/auth/*").AsSecrets . | indent 2 }}
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs, AT&T
+# Modifications Copyright © 2018 Bell Canada
+# Modifications Copyright (c) 2021 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.service" . }}
--- /dev/null
+{{- if .Values.metrics.serviceMonitor.enabled }}
+{{ include "common.serviceMonitor" . }}
+{{- end }}
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T
+# Modifications Copyright © 2018 Bell Canada
+# Modifications Copyright © 2020, 2021 Orange
+# Modifications Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ tracing:
+ enabled: false
+ collector:
+ baseUrl: http://jaeger-collector.istio-config:9411
+ sampling:
+ probability: 1.0
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+
+# application image
+image: onap/babel:1.13.5
+
+flavor: small
+
+# default number of instances
+replicaCount: 1
+
+# number of ReplicaSets that should be retained for the Deployment
+revisionHistoryLimit: 1
+
+updateStrategy:
+ type: RollingUpdate
+ maxUnavailable: 0
+ maxSurge: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: false
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+
+service:
+ type: NodePort
+ internalPort: 9516
+ ports:
+ - name: http
+ port: 9516
+ nodePort: 79
+
+ingress:
+ enabled: false
+ service:
+ - baseaddr: "aai-babel-api"
+ name: "aai-babel"
+ port: 9516
+ config:
+ ssl: "redirect"
+
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: aai-modelloader-read
+ - serviceAccount: istio-ingress
+ namespace: istio-ingress
+
+resources:
+ small:
+ limits:
+ cpu: "1"
+ memory: "2500Mi"
+ requests:
+ cpu: "100m"
+ memory: "1Gi"
+ large:
+ limits:
+ cpu: "4"
+ memory: "4Gi"
+ requests:
+ cpu: "1"
+ memory: "1Gi"
+ unlimited: {}
+
+# adds jvm args for remote debugging the application
+debug:
+ enabled: false
+ args: "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005"
+ port: 5005
+ portName: debug
+
+# adds jvm args for remote profiling the application
+profiling:
+ enabled: false
+ args:
+ - "-Dcom.sun.management.jmxremote"
+ - "-Dcom.sun.management.jmxremote.ssl=false"
+ - "-Dcom.sun.management.jmxremote.authenticate=false"
+ - "-Dcom.sun.management.jmxremote.local.only=false"
+ - "-Dcom.sun.management.jmxremote.port=9999"
+ - "-Dcom.sun.management.jmxremote.rmi.port=9999"
+ - "-Djava.rmi.server.hostname=127.0.0.1"
+ port: 9999
+ portName: jmx
+
+metrics:
+ serviceMonitor:
+ enabled: true
+ targetPort: 9516
+ path: /services/babel-service/actuator/prometheus
+ basicAuth:
+ enabled: false
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: aai-babel
+ roles:
+ - read
+
+#Log configuration
+log:
+ path: /var/log/onap
+ level:
+ root: INFO
+logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
+
+volumes:
+ artifactDataSizeLimit: 50Mi
+ babelLogsSizeLimit: 100Mi
+ tmpSizeLimit: 100Mi
+
+securityContext:
+ user_id: 1000
+ group_id: 1000
+
+podAnnotations:
+ checksum/config: '{{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}'
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
--- /dev/null
+#
+# ============LICENSE_START=======================================================
+# org.onap.aai
+# ================================================================================
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
+# Modifications Copyright © 2021 Orange
+# Modifications Copyright © 2021-2023 Nordix Foundation
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: v2
+description: ONAP AAI GraphAdmin
+name: aai-graphadmin
+version: 16.0.0
+
+dependencies:
+ - name: common
+ version: ~13.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~13.x-0
+ repository: '@local'
+ - name: serviceAccount
+ version: ~13.x-0
+ repository: '@local'
+ - name: readinessCheck
+ version: ~13.x-0
+ repository: '@local'
--- /dev/null
+{{/*
+#
+# ============LICENSE_START=======================================================
+# org.onap.aai
+# ================================================================================
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
+# Modifications Copyright © 2021 Orange
+# Modifications Copyright © 2023 Nordix Foundation
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+
+aai.config.checktime=1000
+
+# this could come from siteconfig.pl?
+aai.config.nodename=AutomaticallyOverwritten
+aai.server.url.base=http://aai.{{ include "common.namespace" . }}/aai/
+aai.server.url=http://aai.{{ include "common.namespace" . }}/aai/{{ .Values.global.config.schema.version.api.default }}/
+aai.global.callback.url=http://aai.{{ include "common.namespace" . }}/aai/
+
+{{- if or (.Values.global.auth.enabled) ( include "common.onServiceMesh" .) }}
+aai.tools.enableBasicAuth=true
+aai.tools.username={{ (index .Values.global.auth.users 0).username }}
+aai.tools.password={{ (index .Values.global.auth.users 0).password }}
+{{- end }}
+
+aai.notification.current.version={{ .Values.global.config.schema.version.api.default }}
+aai.notificationEvent.default.status=UNPROCESSED
+aai.notificationEvent.default.eventType={{ .Values.global.config.notification.eventType }}
+aai.notificationEvent.default.domain={{ .Values.global.config.notification.domain }}
+aai.notificationEvent.default.sourceName=aai
+aai.notificationEvent.default.sequenceNumber=0
+aai.notificationEvent.default.severity=NORMAL
+aai.notificationEvent.default.version={{ .Values.global.config.schema.version.api.default }}
+# This one lets us enable/disable resource-version checking on updates/deletes
+aai.resourceversion.enableflag=true
+aai.logging.maxStackTraceEntries=10
+aai.default.api.version={{ .Values.global.config.schema.version.api.default }}
+
+# Used by Data Grooming
+aai.grooming.default.max.fix={{ .Values.config.maxFix.dataGrooming | int }}
+aai.grooming.default.sleep.minutes={{ .Values.config.sleepMinutes.dataGrooming | int }}
+
+# Used by DupeTool
+aai.dupeTool.default.max.fix={{ .Values.config.maxFix.dupeTool | int }}
+aai.dupeTool.default.sleep.minutes={{ .Values.config.sleepMinutes.dupeTool | int }}
+
+
+aai.model.proc.max.levels=50
+aai.edgeTag.proc.max.levels=50
+
+# Used by the ForceDelete tool
+aai.forceDel.protected.nt.list=cloud-region
+aai.forceDel.protected.edge.count=10
+aai.forceDel.protected.descendant.count=10
+
+#used by the dataGrooming and dataSnapshot cleanup tasks
+aai.cron.enable.datagroomingcleanup={{ .Values.config.cron.dataCleanup.dataGrooming.enabled }}
+aai.cron.enable.datasnapshotcleanup={{ .Values.config.cron.dataCleanup.dataSnapshot.enabled }}
+aai.datagrooming.agezip={{ .Values.config.cron.dataCleanup.dataGrooming.ageZip | int }}
+aai.datagrooming.agedelete={{ .Values.config.cron.dataCleanup.dataGrooming.ageDelete | int }}
+
+aai.datasnapshot.agezip={{ .Values.config.cron.dataCleanup.dataSnapshot.ageZip | int }}
+aai.datasnapshot.agedelete={{ .Values.config.cron.dataCleanup.dataSnapshot.ageDelete | int }}
+
+#used by the dataSnapshot and dataGrooming tasks
+aai.cron.enable.dataSnapshot={{ .Values.config.cron.dataSnapshot.enabled }}
+
+aai.cron.enable.dataGrooming={{ .Values.config.cron.dataGrooming.enabled }}
+
+#used by the dataGrooming tasks
+aai.datagrooming.enableautofix=true
+aai.datagrooming.enabledupefixon=true
+aai.datagrooming.enabledontfixorphans=true
+aai.datagrooming.enabletimewindowminutes=true
+aai.datagrooming.enableskiphostcheck=false
+aai.datagrooming.enablesleepminutes=false
+aai.datagrooming.enableedgesonly=false
+aai.datagrooming.enableskipedgechecks=false
+aai.datagrooming.enablemaxfix=false
+aai.datagrooming.enablesinglecommits=false
+aai.datagrooming.enabledupecheckoff=false
+aai.datagrooming.enableghost2checkoff=false
+aai.datagrooming.enableghost2fixon=false
+aai.datagrooming.enablef=false
+aai.datagrooming.enableskipindexupdatefix=false
+
+# used by the dataGrooming to set values
+aai.datagrooming.timewindowminutesvalue=10500
+aai.datagrooming.sleepminutesvalue=100
+aai.datagrooming.maxfixvalue=10
+aai.datagrooming.fvalue=10
+
+#timeout for traversal enabled flag
+aai.graphadmin.timeoutenabled={{ .Values.config.timeout.enabled }}
+#default timeout limit added for graphadmin if not overridden (in ms)
+aai.graphadmin.timeoutlimit={{ .Values.config.timeout.limit }}
+
+#timeout app specific -1 to bypass for that app id, a whole number to override the timeout with that value (in ms)
+aai.graphadmin.timeout.appspecific={{ .Values.global.config.realtime.clients }}
+
+# Disable the process check which are oriented towards linux OS
+# These props should only be true for local on windows
+aai.disable.check.snapshot.running=false
+aai.disable.check.grooming.running=false
+
+# Specify the params listed right here that you would have send to the dataSnapshot shell script
+# JUST_TAKE_SNAPSHOT
+# THREADED_SNAPSHOT 2 DEBUG
+# THREADED_SNAPSHOT 2
+aai.datasnapshot.params={{ .Values.config.cron.dataSnapshot.params }}
+
+# Concurrency lock control flag
+aai.lock.uri.enabled={{ .Values.config.aai.lock.uri.enabled }}
--- /dev/null
+{{/*
+#
+# ============LICENSE_START=======================================================
+# org.onap.aai
+# ================================================================================
+# Copyright � 2018 AT&T Intellectual Property. All rights reserved.
+# Modifications Copyright © 2021 Orange
+# Modifications Copyright � 2023 Nordix Foundation
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+# The following info parameters are being referenced by ajsc6
+*/}}
+info.build.artifact=aai-graphadmin
+info.build.name=resources
+info.build.description=Resources Microservice
+info.build.version=1.2.0
+
+spring.application.name=aai-graphadmin
+spring.jersey.type=filter
+
+spring.main.allow-bean-definition-overriding=true
+server.servlet.context-path=/
+
+spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration
+
+spring.profiles.active={{ .Values.config.profiles.active }}
+spring.jersey.application-path=${schema.uri.base.path}
+#The max number of active threads in this pool
+server.tomcat.max-threads=50
+#The minimum number of threads always kept alive
+server.tomcat.min-Spare-Threads=5
+#The number of milliseconds before an idle thread shutsdown, unless the number of active threads are less or equal to minSpareThreads
+server.tomcat.max-idle-time=60000
+
+# If you get an application startup failure that the port is already taken
+# If thats not it, please check if the key-store file path makes sense
+server.local.startpath=/opt/app/aai-graphadmin/resources/
+
+server.port={{ .Values.service.appPort }}
+
+spring.kafka.producer.bootstrap-servers=${BOOTSTRAP_SERVERS}
+spring.kafka.producer.properties.security.protocol=SASL_PLAINTEXT
+spring.kafka.producer.properties.sasl.mechanism=SCRAM-SHA-512
+spring.kafka.producer.key-serializer=org.apache.kafka.common.serialization.StringSerializer
+spring.kafka.producer.value-serializer=org.apache.kafka.common.serialization.StringSerializer
+spring.kafka.producer.properties.sasl.jaas.config=${JAAS_CONFIG}
+spring.kafka.producer.retries=3
+
+# Schema related attributes for the oxm and edges
+# Any additional schema related attributes should start with prefix schema
+schema.configuration.location=N/A
+schema.source.name={{ .Values.global.config.schema.source.name }}
+schema.nodes.location=${server.local.startpath}/schema/${schema.source.name}/oxm/
+schema.edges.location=${server.local.startpath}/schema/${schema.source.name}/dbedgerules/
+
+schema.ingest.file=${server.local.startpath}/application.properties
+
+# Schema Version Related Attributes
+
+schema.uri.base.path={{ .Values.global.config.schema.uri.base.path }}
+# Lists all of the versions in the schema
+schema.version.list={{ .Values.global.config.schema.version.list }}
+# Specifies from which version should the depth parameter to default to zero
+schema.version.depth.start={{ .Values.global.config.schema.version.depth }}
+# Specifies from which version should the related link be displayed in response payload
+schema.version.related.link.start={{ .Values.global.config.schema.version.related.link }}
+
+# Specifies from which version should the client see only the uri excluding host info
+# Before this version server base will also be included
+schema.version.app.root.start={{ .Values.global.config.schema.version.app.root }}
+# Specifies from which version should the namespace be changed
+schema.version.namespace.change.start={{ .Values.global.config.schema.version.namespace.change }}
+# Specifies from which version should the client start seeing the edge label in payload
+schema.version.edge.label.start={{ .Values.global.config.schema.version.edge.label }}
+# Specifies the version that the application should default to
+schema.version.api.default={{ .Values.global.config.schema.version.api.default }}
+
+schema.translator.list={{ .Values.global.config.schema.translator.list }}
+schema.service.base.url={{ include "common.scheme" . }}://aai-schema-service.{{ include "common.namespace" . }}:8452/aai/schema-service/v1/
+schema.service.nodes.endpoint=nodes?version=
+schema.service.edges.endpoint=edgerules?version=
+schema.service.versions.endpoint=versions
+schema.service.client=no-auth
+
+
+aperture.rdbmsname=aai_relational
+
+aperture.service.client=no-auth
+
+aperture.service.base.url=http://localhost:8457/aai/aperture
+aperture.service.timeout-in-milliseconds=300000
+
+#To Expose the Prometheus scraping endpoint
+management.server.port={{ .Values.service.actuatorPort }}
+management.endpoints.enabled-by-default=true
+management.endpoints.web.exposure.include=*
+management.security.enabled=false
+
+# If true, the actuator health check will be overriden
+# to use the AaiGraphChecker check instead.
+# This does the same as the /echo endpoint,
+# but doesn't show up in micrometer metrics
+aai.actuator.echo.enabled={{ .Values.actuator.echo.enabled }}
+
+aai.graph.properties.path=${server.local.startpath}/etc/appprops/janusgraph-realtime.properties
+aai.basic-auth.enabled={{ .Values.global.auth.enabled }}
+{{- range $index, $user := .Values.global.auth.users }}
+aai.basic-auth.users[{{ $index }}].username={{ $user.username }}
+aai.basic-auth.users[{{ $index }}].password={{ $user.password }}
+{{- end }}
--- /dev/null
+{{/*
+#
+# ============LICENSE_START=======================================================
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+
+query.fast-property=true
+query.smart-limit=false
+
+{{- if .Values.global.config.cluster.cassandra.dynamic }}
+
+storage.backend=cql
+storage.hostname={{.Values.global.cassandra.serviceName}}
+storage.username={{.Values.global.cassandra.username}}
+storage.password={{.Values.global.cassandra.password}}
+
+storage.cql.keyspace=aaigraph
+storage.cql.local-datacenter={{ .Values.global.cassandra.localDataCenter }}
+storage.cql.read-consistency-level=LOCAL_QUORUM
+storage.cql.write-consistency-level=LOCAL_QUORUM
+storage.cql.replication-factor={{.Values.global.cassandra.replicas}}
+storage.cql.only-use-local-consistency-for-system-operations=true
+
+{{- if .Values.global.cassandra.partitionerName }}
+storage.cql.partitioner-name={{ .Values.global.cassandra.partitionerName }}
+{{- end }}
+
+{{- if .Values.config.janusgraph.cassandraDriver }}
+storage.cql.internal.string-configuration = datastax-java-driver { {{ .Values.config.janusgraph.cassandraDriver.configuration }} }
+{{- end }}
+
+{{- else -}}
+
+{{- if .Values.global.config.storage }}
+
+storage.backend={{ .Values.global.config.storage.backend }}
+
+{{- if eq .Values.global.config.storage.backend "cql" }}
+
+storage.hostname={{ .Values.global.config.storage.hostname }}
+storage.cql.keyspace={{ .Values.global.config.storage.name }}
+storage.cql.local-datacenter={{ .Values.global.cassandra.localDataCenter }}
+
+storage.cql.read-consistency-level={{ .Values.global.config.storage.cql.readConsistency }}
+storage.cql.write-consistency-level={{ .Values.global.config.storage.cql.readConsistency }}
+storage.cql.replication-factor={{ .Values.global.config.storage.cql.replicationFactor | int }}
+
+storage.cql.only-use-local-consistency-for-system-operations={{ .Values.global.config.storage.cql.localConsistencyForSysOps }}
+storage.cql.cluster-name={{ .Values.global.config.storage.clusterName }}
+storage.cql.local-datacenter={{ .Values.global.cassandra.localDataCenter }}
+
+storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }}
+cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }}
+log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }}
+
+{{- else if eq .Values.global.config.storage.backend "hbase" }}
+
+storage.hostname={{ .Values.global.config.storage.hostname }}
+storage.hbase.table={{ .Values.global.config.storage.name }}
+
+storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }}
+cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }}
+log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }}
+
+{{- end }}
+{{- end }}
+{{- end }}
+
+storage.lock.wait-time=300
+# Setting db-cache to false ensure the fastest propagation of changes across servers
+cache.db-cache=false
+#load graphson file on startup
+load.snapshot.file=false
+
+{{- if .Values.config.janusgraph.allowUpgrade }}
+graph.allow-upgrade=true
+{{- end }}
--- /dev/null
+<!--
+{{/*
+ ============LICENSE_START=======================================================
+ org.onap.aai
+ ================================================================================
+ Copyright © 2018 AT&T Intellectual Property. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ ============LICENSE_END=========================================================
+*/}}
+-->
+<configuration scan="true" scanPeriod="60 seconds" debug="false">
+ <statusListener class="ch.qos.logback.core.status.NopStatusListener"/>
+ <property name="AJSC_HOME" value="${AJSC_HOME:-.}" />
+ <property name="maxHistory" value='{{.Values.accessLogback.maxHistory}}' />
+ <property name="totalSizeCap" value='{{.Values.accessLogback.totalSizeCap}}' />
+ <property name="logToFileEnabled" value='{{.Values.accessLogback.logToFileEnabled}}'/>
+
+
+ <appender name="STDOUTACCESS" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder class="net.logstash.logback.encoder.AccessEventCompositeJsonEncoder">
+ <providers>
+ <pattern>
+ <pattern>
+ {
+ "remoteIp": "%a",
+ "remoteUser": "%u",
+ "timestamp": "%t",
+ "requestMethod": "%m",
+ "requestUrl": "%U",
+ "queryString": "%q",
+ "httpStatusCode": "%s",
+ "bytesSent": "%b",
+ "transactionId": "%i{X-TransactionId}",
+ "fromAppId": "%i{X-FromAppId}",
+ "forwardedFor": "%i{X-Forwarded-For}",
+ "aaiSslClientCn": "%i{X-AAI-SSL-Client-CN}",
+ "aaiSslClientOu": "%i{X-AAI-SSL-Client-OU}",
+ "aaiSslClientO": "%i{X-AAI-SSL-Client-O}",
+ "aaiSslClientL": "%i{X-AAI-SSL-Client-L}",
+ "aaiSslClientSt": "%i{X-AAI-SSL-Client-ST}",
+ "aaiSslClientC": "%i{X-AAI-SSL-Client-C}",
+ "aaiSslClientNotBefore": "%i{X-AAI-SSL-Client-NotBefore}",
+ "aaiSslClientNotAfter": "%i{X-AAI-SSL-Client-NotAfter}",
+ "aaiSslClientDn": "%i{X-AAI-SSL-Client-DN}",
+ "durationMs": "%D",
+ "logType": "access"
+ }
+ </pattern>
+ </pattern>
+ </providers>
+ </encoder>
+ </appender>
+
+<!-- <appender-ref ref="STDOUTACCESS" />-->
+</configuration>
+
+<!--
+%a - Remote IP address
+%A - Local IP address
+%b - Bytes sent, excluding HTTP headers, or '-' if no bytes were sent
+%B - Bytes sent, excluding HTTP headers
+%h - Remote host name
+%H - Request protocol
+%l - Remote logical username from identd (always returns '-')
+%m - Request method
+%p - Local port
+%q - Query string (prepended with a '?' if it exists, otherwise an empty string
+%r - First line of the request
+%s - HTTP status code of the response
+%S - User session ID
+%t - Date and time, in Common Log Format format
+%u - Remote user that was authenticated
+%U - Requested URL path
+%v - Local server name
+%I - current request thread name (can compare later with stacktraces)
+
+%z - Custom pattern that parses the cert for the subject
+%y - Custom pattern determines rest or dme2
+ -->
--- /dev/null
+<?xml version="1.0"?>
+<!--
+{{/*
+ ============LICENSE_START=======================================================
+ org.onap.aai
+ ================================================================================
+ Copyright 2019 AT&T Intellectual Property. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ ============LICENSE_END=========================================================
+*/}}
+-->
+<configuration scan="true" scanPeriod="60 seconds" debug="true">
+ <statusListener class="ch.qos.logback.core.status.NopStatusListener"/>
+ <property resource="application.properties"/>
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder class="net.logstash.logback.encoder.LoggingEventCompositeJsonEncoder">
+ <providers>
+ <timestamp><fieldName>timestamp</fieldName></timestamp>
+ <message/>
+ <mdc>
+ <fieldName>context</fieldName>
+ <excludeMdcKeyName>ServerIPAddress</excludeMdcKeyName>
+ <excludeMdcKeyName>EntryTimestamp</excludeMdcKeyName>
+ <excludeMdcKeyName>InvokeTimestamp</excludeMdcKeyName>
+ <excludeMdcKeyName>ErrorCode</excludeMdcKeyName>
+ <excludeMdcKeyName>ErrorDesc</excludeMdcKeyName>
+ </mdc>
+ <stackTrace>
+ <fieldName>exception</fieldName>
+ <throwableConverter class="net.logstash.logback.stacktrace.ShortenedThrowableConverter">
+ <exclude>^sun\.reflect\..*\.invoke</exclude>
+ <exclude>^net\.sf\.cglib\.proxy\.MethodProxy\.invoke</exclude>
+ <rootCauseFirst>true</rootCauseFirst>
+ </throwableConverter>
+ </stackTrace>
+ <threadName><fieldName>thread</fieldName></threadName>
+ <loggerName>
+ <fieldName>logger</fieldName>
+ <shortenedLoggerNameLength>36</shortenedLoggerNameLength>
+ </loggerName>
+ <logLevel/>
+ </providers>
+ </encoder>
+ </appender>
+
+ <logger name="org.onap.aai" level={{ .Values.log.level.base | upper | quote }} additivity="false">
+ <appender-ref ref="STDOUT"/>
+ </logger>
+ <logger name="AuditRecord" level="INFO" additivity="false">
+ <appender-ref ref="STDOUT"/>
+ </logger>
+ <logger name="AuditRecord_DirectCall" level="INFO" additivity="false">
+ <appender-ref ref="STDOUT"/>
+ </logger>
+ <logger name="PerfTrackerRecord" level="INFO" additivity="false">
+ <appender-ref ref="STDOUT"/>
+ </logger>
+ <!-- logback jms appenders & loggers definition ends here -->
+ <logger name="org.onap.aai.aaf" level="DEBUG" additivity="false">
+ <appender-ref ref="STDOUT"/>
+ </logger>
+
+ <logger name="org.onap.aai.aailog.filter.RestClientLoggingInterceptor" level="INFO">
+ <appender-ref ref="STDOUT"/>
+ </logger>
+ <logger name="org.onap.logging.filter.base.AbstractMetricLogFilter" level="INFO">
+ <appender-ref ref="STDOUT"/>
+ </logger>
+ <logger name="org.onap.aai.aailog.logs.AaiScheduledTaskAuditLog" level="INFO">
+ <appender-ref ref="STDOUT"/>
+ </logger>
+ <logger name="org.onap.aai.aailog.logs.AaiDBMetricLog" level="INFO">
+ <appender-ref ref="STDOUT"/>
+ </logger>
+ <logger name="org.onap.aai.logging.ErrorLogHelper" level="WARN">
+ <appender-ref ref="STDOUT"/>
+ </logger>
+ <logger name="org.onap.logging.filter.base.AbstractAuditLogFilter" level="INFO">
+ <appender-ref ref="STDOUT"/>
+ </logger>
+ <logger name="org.onap.aai.interceptors.post" level="DEBUG" additivity="false">
+ <appender-ref ref="STDOUT"/>
+ </logger>
+ <logger name="org.onap.aai.kafka" level="DEBUG" additivity="false">
+ <appender-ref ref="STDOUT"/>
+ </logger>
+ <logger name="org.onap.aai.datasnapshot" level="DEBUG" additivity="false">
+ <appender-ref ref="STDOUT"/>
+ </logger>
+ <logger name="org.onap.aai.historytruncate" level="DEBUG" additivity="false">
+ <appender-ref ref="STDOUT"/>
+ </logger>
+ <logger name="org.onap.aai.datagrooming" level="DEBUG" additivity="false">
+ <appender-ref ref="STDOUT"/>
+ </logger>
+ <logger name="org.onap.aai.schema" level="DEBUG" additivity="false">
+ <appender-ref ref="STDOUT"/>
+ </logger>
+ <logger name="org.onap.aai.dbgen.DupeTool" level="DEBUG" additivity="false">
+ <appender-ref ref="STDOUT"/>
+ </logger>
+ <logger name="org.onap.aai.dbgen.DynamicPayloadGenerator" level="DEBUG" additivity="false">
+ <appender-ref ref="STDOUT"/>
+ </logger>
+ <logger name="org.onap.aai.dbgen" level="DEBUG" additivity="false">
+ <appender-ref ref="STDOUT"/>
+ </logger>
+ <logger name="org.onap.aai.datacleanup" level="DEBUG" additivity="false">
+ <appender-ref ref="STDOUT"/>
+ </logger>
+ <logger name="org.onap.aai.migration" level="DEBUG" additivity="false">
+ <appender-ref ref="STDOUT"/>
+ </logger>
+ <logger name="org.onap.aai.util.SendMigrationNotifications" level="DEBUG" additivity="false">
+ <appender-ref ref="STDOUT"/>
+ </logger>
+ <logger name="org.onap.aai.util.SendDeleteMigrationNotifications" level="DEBUG" additivity="false">
+ <appender-ref ref="STDOUT"/>
+ </logger>
+ <logger name="org.onap.aai.dataexport" level="DEBUG" additivity="false">
+ <appender-ref ref="STDOUT"/>
+ </logger>
+
+ <logger name="org.apache" level="WARN"/>
+ <logger name="org.zookeeper" level="WARN"/>
+ <logger name="com.netflix" level="WARN"/>
+ <logger name="org.janusgraph" level="WARN"/>
+ <logger name="org.janusgraph.graphdb.transaction" level="ERROR" />
+ <logger name="com.att.aft.dme2" level="WARN"/>
+ <!-- ============================================================================ -->
+ <!-- General EELF logger -->
+ <!-- ============================================================================ -->
+ <logger name="com.att.eelf" level="WARN" additivity="false">
+ <appender-ref ref="STDOUT"/>
+ </logger>
+ <root level={{ .Values.log.level.root | upper | quote }}>
+ <appender-ref ref="STDOUT"/>
+ </root>
+</configuration>
--- /dev/null
+{{/*
+#
+# ============LICENSE_START=======================================================
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+
+query.fast-property=true
+query.smart-limit=false
+
+{{- if eq .Values.global.jobs.migration.remoteCassandra.enabled false }}
+
+storage.backend=cql
+storage.hostname={{ .Values.global.cassandra.existingInstServiceName | default .Values.global.cassandra.serviceName }}
+storage.cql.keyspace=aaigraph
+storage.username={{.Values.global.cassandra.username}}
+storage.password={{.Values.global.cassandra.password}}
+
+storage.cql.read-consistency-level=LOCAL_QUORUM
+storage.cql.write-consistency-level=LOCAL_QUORUM
+storage.cql.replication-factor={{.Values.global.cassandra.replicas}}
+storage.cql.only-use-local-consistency-for-system-operations=true
+{{- else }}
+{{- if .Values.global.jobs.migration.remoteCassandra.storage }}
+storage.backend={{ .Values.global.jobs.migration.remoteCassandra.storage.backend }}
+storage.hostname={{ .Values.global.jobs.migration.remoteCassandra.storage.hostname }}
+{{- if eq .Values.global.jobs.migration.remoteCassandra.storage.backend "cassandra" }}
+storage.cassandra.keyspace={{ .Values.global.jobs.migration.remoteCassandra.storage.name }}
+storage.cassandra.read-consistency-level={{ .Values.global.jobs.migration.remoteCassandra.storage.cassandra.readConsistency }}
+storage.cassandra.write-consistency-level={{ .Values.global.jobs.migration.remoteCassandra.storage.cassandra.writeConsistency }}
+storage.cassandra.replication-factor={{ .Values.global.jobs.migration.remoteCassandra.storage.cassandra.replicationFactor | int }}
+storage.cassandra.replication-strategy-class=org.apache.cassandra.locator.SimpleStrategy
+
+{{- else if eq .Values.global.jobs.migration.remoteCassandra.storage.backend "cql" }}
+storage.cql.keyspace={{ .Values.global.jobs.migration.remoteCassandra.storage.name }}
+storage.cql.read-consistency-level={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.readConsistency }}
+storage.cql.write-consistency-level={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.readConsistency }}
+storage.cql.replication-factor={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.replicationFactor | int }}
+storage.cql.only-use-local-consistency-for-system-operations={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.localConsistencyForSysOps }}
+storage.cql.cluster-name={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.clusterName }}
+storage.cql.local-datacenter={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.localDataCenter }}
+
+{{- else if eq .Values.global.jobs.migration.remoteCassandra.storage.backend "hbase" }}
+storage.hbase.table={{ .Values.global.jobs.migration.remoteCassandra.storage.name }}
+{{- end }}
+storage.connection-timeout={{ .Values.global.jobs.migration.remoteCassandra.storage.connectionTimeout | int }}
+cache.tx-cache-size={{ .Values.global.jobs.migration.remoteCassandra.storage.cacheSize | int }}
+log.tx.key-consistent={{ .Values.global.jobs.migration.remoteCassandra.storage.keyConsistent }}
+{{- end }}
+{{- end }}
+storage.lock.wait-time=300
+
+#caching on
+cache.db-cache = true
+cache.db-cache-clean-wait = 20
+cache.db-cache-time = 180000
+cache.db-cache-size = 0.3
+
+#load graphson file on startup
+load.snapshot.file=false
--- /dev/null
+{{/*
+#
+# ============LICENSE_START=======================================================
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+
+query.fast-property=true
+query.smart-limit=false
+
+{{- if eq .Values.global.jobs.migration.remoteCassandra.enabled false }}
+
+storage.backend=cql
+storage.hostname={{ .Values.global.cassandra.existingInstServiceName | default .Values.global.cassandra.serviceName }}
+storage.cql.keyspace=aaigraph
+storage.username={{.Values.global.cassandra.username}}
+storage.password={{.Values.global.cassandra.password}}
+
+storage.cql.read-consistency-level=LOCAL_QUORUM
+storage.cql.write-consistency-level=LOCAL_QUORUM
+storage.cql.replication-factor={{.Values.global.cassandra.replicas}}
+storage.cql.only-use-local-consistency-for-system-operations=true
+{{- else }}
+{{- if .Values.global.jobs.migration.remoteCassandra.storage }}
+storage.backend={{ .Values.global.jobs.migration.remoteCassandra.storage.backend }}
+storage.hostname={{ .Values.global.jobs.migration.remoteCassandra.storage.hostname }}
+{{- if eq .Values.global.jobs.migration.remoteCassandra.storage.backend "cassandra" }}
+storage.cassandra.keyspace={{ .Values.global.jobs.migration.remoteCassandra.storage.name }}
+storage.cassandra.read-consistency-level={{ .Values.global.jobs.migration.remoteCassandra.storage.cassandra.readConsistency }}
+storage.cassandra.write-consistency-level={{ .Values.global.jobs.migration.remoteCassandra.storage.cassandra.writeConsistency }}
+storage.cassandra.replication-factor={{ .Values.global.jobs.migration.remoteCassandra.storage.cassandra.replicationFactor | int }}
+storage.cassandra.replication-strategy-class=org.apache.cassandra.locator.SimpleStrategy
+
+{{- else if eq .Values.global.jobs.migration.remoteCassandra.storage.backend "cql" }}
+storage.cql.keyspace={{ .Values.global.jobs.migration.remoteCassandra.storage.name }}
+storage.cql.read-consistency-level={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.readConsistency }}
+storage.cql.write-consistency-level={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.readConsistency }}
+storage.cql.replication-factor={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.replicationFactor | int }}
+storage.cql.only-use-local-consistency-for-system-operations={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.localConsistencyForSysOps }}
+storage.cql.cluster-name={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.clusterName }}
+storage.cql.local-datacenter={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.localDataCenter }}
+
+{{- else if eq .Values.global.jobs.migration.remoteCassandra.storage.backend "hbase" }}
+storage.hbase.table={{ .Values.global.jobs.migration.remoteCassandra.storage.name }}
+{{- end }}
+storage.connection-timeout={{ .Values.global.jobs.migration.remoteCassandra.storage.connectionTimeout | int }}
+cache.tx-cache-size={{ .Values.global.jobs.migration.remoteCassandra.storage.cacheSize | int }}
+log.tx.key-consistent={{ .Values.global.jobs.migration.remoteCassandra.storage.keyConsistent }}
+{{- end }}
+{{- end }}
+storage.lock.wait-time=300
+# Setting db-cache to false ensure the fastest propagation of changes across servers
+cache.db-cache = false
+#load graphson file on startup
+load.snapshot.file=false
--- /dev/null
+{{- define "aai.waitForSchemaService" -}}
+- name: wait-for-schema-service
+ image: "{{ include "repositoryGenerator.image.curl" . }}"
+ imagePullPolicy: IfNotPresent
+ command: ["/bin/sh", "-c"]
+ args:
+ - |
+ URL="{{ required "URL is required" (.Values.schemaInitCheckURL | default "http://aai-schema-service:8452/aai/schema-service/util/echo") }}"
+ AUTH="{{ printf "%s:%s" (index .Values.global.auth.users 0).username (index .Values.global.auth.users 0).password }}"
+ while true; do
+ if curl --fail --header 'X-FromAppId: graphadmin' --header 'X-TransactionId: someTransaction' -u $AUTH -s $URL; then
+ echo "Request successful. Schema-service is available"
+ exit 0
+ else
+ echo "Request unsuccessful. Schema-service is not available yet. Retrying in 3 seconds..."
+ sleep 3
+ fi
+ done
+ {{ include "common.containerSecurityContext" . | indent 2 | trim }}
+{{- end -}}
--- /dev/null
+{{/*
+# Copyright © 2022-23 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaUser
+metadata:
+ name: {{ include "common.release" . }}-{{ .Values.global.aaiGraphKafkaUser }}
+ labels: {{- include "common.labels" . | nindent 4 }}
+ strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+ authentication:
+ type: scram-sha-512
+ authorization:
+ type: simple
+ acls:
+ - resource:
+ type: topic
+ name: AAI-EVENT
+ operations:
+ - All
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
--- /dev/null
+{{/*
+#
+# ============LICENSE_START=======================================================
+# org.onap.aai
+# ================================================================================
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
+# Modifications Copyright © 2021 Orange
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels: {{- include "common.labels" . | nindent 4 }}
+ {{- if .Values.global.jobs.migration.enabled }}
+ annotations:
+ "helm.sh/hook": pre-upgrade,pre-install
+ "helm.sh/hook-weight": "0"
+ "helm.sh/hook-delete-policy": before-hook-creation
+ {{- end }}
+data:
+{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/localhost-access-logback.xml").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/janusgraph-realtime.properties").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-properties
+ namespace: {{ include "common.namespace" . }}
+ labels: {{- include "common.labels" . | nindent 4 }}
+ {{- if .Values.global.jobs.migration.enabled }}
+ annotations:
+ "helm.sh/hook": pre-upgrade,pre-install
+ "helm.sh/hook-weight": "0"
+ "helm.sh/hook-delete-policy": before-hook-creation
+ {{- end }}
+data:
+{{ tpl (.Files.Glob "resources/config/aaiconfig.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }}
+{{- if .Values.global.jobs.migration.enabled }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-migration
+ namespace: {{ include "common.namespace" . }}
+ labels: {{- include "common.labels" . | nindent 4 }}
+ annotations:
+ "helm.sh/hook": pre-upgrade,pre-install
+ "helm.sh/hook-weight": "0"
+ "helm.sh/hook-delete-policy": before-hook-creation
+data:
+{{ tpl (.Files.Glob "resources/config/migration/*").AsConfig . | indent 2 }}
+{{- end }}
--- /dev/null
+{{/*
+#
+# ============LICENSE_START=======================================================
+# org.onap.aai
+# ================================================================================
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2020 Nokia Intellectual Property. All rights reserved.
+# Copyright (c) 2020-2021 Orange Intellectual Property. All rights reserved.
+# Modifications Copyright © 2023 Nordix Foundation
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" (dict "annotations" .Values.annotations "dot" .) | nindent 2 }}
+spec:
+ {{- if .Values.config.debug.enabled }}
+ replicas: 1
+ {{- else }}
+ replicas: {{ .Values.replicaCount }}
+ {{- end }}
+ revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
+ minReadySeconds: {{ .Values.minReadySeconds }}
+ strategy:
+ type: {{ .Values.updateStrategy.type }}
+ rollingUpdate:
+ maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ .Values.updateStrategy.maxSurge }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ hostname: aai-graphadmin
+ terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }}
+ {{- if .Values.global.initContainers.enabled }}
+ initContainers:
+ {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.waitForCassandraService ) | indent 8 | trim }}
+ {{- if not .Values.createDbSchemaViaJob.enabled }}
+ {{- include "aai.waitForSchemaService" . | nindent 8 }}
+ - name: {{ include "common.name" . }}-create-db-schema
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | nindent 10 | trim }}
+ command:
+ - sh
+ args:
+ - -c
+ - |
+ {{- if include "common.onServiceMesh" . }}
+ echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
+ sh docker-entrypoint.sh createDBSchema.sh;
+ {{ include "common.serviceMesh.killSidecar" . | indent 11 | trim }}
+ env:
+ {{- if .Values.config.debug.enabled }}
+ - name: JVM_OPTS
+ value: {{ .Values.config.debug.args | quote }}
+ {{- end }}
+ {{- if .Values.config.env }}
+ {{- range $key,$value := .Values.config.env }}
+ - name: {{ $key | upper | quote}}
+ value: {{ $value | quote}}
+ {{- end }}
+ {{- end }}
+ - name: BOOTSTRAP_SERVERS
+ value: {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ - name: JAAS_CONFIG
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.release" . }}-{{ .Values.global.aaiGraphKafkaUser }}
+ key: sasl.jaas.config
+ {{- if .Values.config.debug.enabled }}
+ ports:
+ - containerPort: {{ .Values.service.debugPort }}
+ name: {{ .Values.service.debugPortName }}
+ {{- end }}
+ volumeMounts:
+ - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties
+ name: config
+ subPath: janusgraph-realtime.properties
+ - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties
+ name: properties
+ subPath: aaiconfig.properties
+ - mountPath: /opt/aai/logroot/AAI-GA
+ name: logs
+ - mountPath: /opt/app/aai-graphadmin/resources/logback.xml
+ name: config
+ subPath: logback.xml
+ - mountPath: /opt/app/aai-graphadmin/resources/localhost-access-logback.xml
+ name: config
+ subPath: localhost-access-logback.xml
+ - mountPath: /opt/app/aai-graphadmin/resources/application.properties
+ name: properties
+ subPath: application.properties
+ resources: {{ include "common.resources" . | nindent 12 }}
+ {{- end }}
+ {{- end }}
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
+ env:
+ {{- if .Values.config.env }}
+ {{- range $key,$value := .Values.config.env }}
+ - name: {{ $key | upper | quote}}
+ value: {{ $value | quote}}
+ {{- end }}
+ {{- end }}
+ - name: INTERNAL_PORT_1
+ value: {{ .Values.service.appPort | quote }}
+ - name: INTERNAL_PORT_2
+ value: {{ .Values.service.debugPort | quote }}
+ - name: INTERNAL_PORT_3
+ value: {{ .Values.service.actuatorPort | quote }}
+ - name: BOOTSTRAP_SERVERS
+ value: {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ - name: JAAS_CONFIG
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.release" . }}-{{ .Values.global.aaiGraphKafkaUser }}
+ key: sasl.jaas.config
+ {{- if .Values.config.profiling.enabled }}
+ - name: PRE_JVM_ARGS
+ value: '{{ join " " .Values.config.profiling.args }}'
+ {{- end }}
+ {{- if .Values.config.debug.enabled }}
+ - name: POST_JVM_ARGS
+ value: {{ .Values.config.debug.args | quote }}
+ {{- end }}
+ volumeMounts:
+ - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties
+ name: config
+ subPath: janusgraph-realtime.properties
+ - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties
+ name: properties
+ subPath: aaiconfig.properties
+ - mountPath: /opt/aai/logroot/AAI-RES
+ name: logs
+ - mountPath: /opt/app/aai-graphadmin/logs
+ name: script-logs
+ - mountPath: /opt/app/aai-graphadmin/resources/logback.xml
+ name: config
+ subPath: logback.xml
+ - mountPath: /opt/app/aai-graphadmin/resources/localhost-access-logback.xml
+ name: config
+ subPath: localhost-access-logback.xml
+ - mountPath: /opt/app/aai-graphadmin/resources/application.properties
+ name: properties
+ subPath: application.properties
+ - mountPath: /tmp
+ name: tmp-volume
+ ports:
+ - containerPort: {{ .Values.service.appPort }}
+ name: {{ .Values.service.appPortName }}
+ {{- if .Values.config.debug.enabled }}
+ - containerPort: {{ .Values.service.debugPort }}
+ name: {{ .Values.service.debugPortName }}
+ {{- end }}
+ {{- if .Values.config.profiling.enabled }}
+ - containerPort: {{ .Values.service.profilingPort }}
+ name: {{ .Values.service.profilingPortName }}
+ {{- end }}
+ - containerPort: {{ .Values.service.actuatorPort }}
+ name: {{ .Values.service.actuatorPortName }}
+ lifecycle:
+ # wait for active requests (long-running tasks) to be finished
+ # Before the SIGTERM is invoked, Kubernetes exposes a preStop hook in the Pod.
+ preStop:
+ exec:
+ command:
+ - sh
+ - -c
+ - |
+ while (netstat -an | grep ESTABLISHED | grep -e $INTERNAL_PORT_1 -e $INTERNAL_PORT_2) do
+ echo "Still active connections. Waiting for active requests to be finished"
+ sleep 3
+ done
+ # disable liveness probe when
+ # debugging.enabled=true or profiling.enabled=true
+ {{- if and .Values.liveness.enabled (not (or .Values.config.debug.enabled .Values.config.profiling.enabled)) }}
+ livenessProbe:
+ httpGet:
+ port: {{ .Values.service.actuatorPort }}
+ path: {{ .Values.liveness.path }}
+ {{- if .Values.liveness.initialDelaySeconds }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ {{- end }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{- end }}
+ readinessProbe:
+ httpGet:
+ port: {{ .Values.service.actuatorPort }}
+ path: {{ .Values.readiness.path }}
+ {{- if .Values.readiness.initialDelaySeconds }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ {{- end }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ startupProbe:
+ httpGet:
+ port: {{ .Values.service.actuatorPort }}
+ path: {{ .Values.startup.path }}
+ failureThreshold: {{ .Values.startup.failureThreshold }}
+ periodSeconds: {{ .Values.startup.periodSeconds }}
+ resources: {{ include "common.resources" . | nindent 10 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+ {{ toYaml .Values.nodeSelector | indent 8 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+ {{ toYaml .Values.affinity | indent 8 }}
+ {{- end }}
+ # side car containers
+ {{ include "common.log.sidecar" . | nindent 6 }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
+ volumes:
+ - name: tmp-volume
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.tmpSizeLimit }}
+ - name: logs
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.logSizeLimit }}
+ - name: script-logs
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.scriptlogSizeLimit }}
+ {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
+ - name: config
+ configMap:
+ name: {{ include "common.fullname" . }}
+ - name: properties
+ configMap:
+ name: {{ include "common.fullname" . }}-properties
+ restartPolicy: {{ .Values.restartPolicy }}
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
--- /dev/null
+{{/*
+#
+# ============LICENSE_START=======================================================
+# org.onap.aai
+# ================================================================================
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2020 Nokia Intellectual Property. All rights reserved.
+# Copyright (c) 2020-2021 Orange Intellectual Property. All rights reserved.
+# Modifications Copyright © 2023 Nordix Foundation
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+# In ONAP, the following job will always be run on each installation
+# The following job will go through the latest oxm and
+# create properties based on the data type defined in the oxm
+# and create the required indexes for the appropriate properties
+# This can be run multiple times as the code if the index or property already exists
+# then the index or property won't be created again
+# NOTE - During the execution of the createSchema job, there should
+# be no other janusgraph connection to the graph as its the reason
+# that resources traversal and graphadmin wait until this job is done
+# If you are using an existing cassandra cluster not coming from oom
+# then it is your job to ensure that there are no connections to the database
+*/}}
+
+{{- if .Values.global.jobs.migration.enabled }}
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ include "common.fullname" . }}-db-backup
+ namespace: {{ include "common.namespace" . }}
+ labels: {{- include "common.labels" (dict "labels" .Values.labels "ignoreHelmChart" .Values.ignoreHelmChart "dot" . "suffix" "job") | nindent 4 }}
+ {{- if .Values.jobAnnotations.backup }}
+ annotations: {{- include "common.tplValue" (dict "value" .Values.jobAnnotations.backup "context" $) | nindent 4 }}
+ {{- end }}
+spec:
+ backoffLimit: 20
+ template:
+ metadata:
+ labels: {{- include "common.labels" (dict "labels" .Values.labels "ignoreHelmChart" .Values.ignoreHelmChart "dot" . "suffix" "job") | nindent 8 }}
+ name: {{ include "common.name" . }}
+ spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
+ initContainers:
+ {{- if eq .Values.global.jobs.migration.remoteCassandra.enabled false }}
+ {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.waitForCassandraService ) | indent 6 | trim}}
+ {{- end }}
+ containers:
+ - name: {{ include "common.name" . }}-db-backup-job
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
+ command:
+ - sh
+ args:
+ - -c
+ - |
+ {{- if include "common.onServiceMesh" . }}
+ echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
+ bash docker-entrypoint.sh dataSnapshot.sh;
+ {{ include "common.serviceMesh.killSidecar" . | indent 11 | trim }}
+ volumeMounts:
+ - mountPath: /opt/app/aai-graphadmin/logs/data/dataSnapshots
+ name: snapshots
+ - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties
+ name: migration
+ subPath: janusgraph-migration-real.properties
+ - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-cached.properties
+ name: migration
+ subPath: janusgraph-migration-cached.properties
+ - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties
+ name: properties
+ subPath: aaiconfig.properties
+ - mountPath: /opt/aai/logroot/AAI-RES/
+ name: logs
+ - mountPath: /opt/app/aai-graphadmin/resources/logback.xml
+ name: config
+ subPath: logback.xml
+ - mountPath: /opt/app/aai-graphadmin/resources/localhost-access-logback.xml
+ name: config
+ subPath: localhost-access-logback.xml
+ - mountPath: /opt/app/aai-graphadmin/resources/application.properties
+ name: properties
+ subPath: application.properties
+ resources: {{ include "common.resources" . | nindent 10 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
+ {{- end }}
+ {{- if .Values.affinity }}
+ affinity: {{ toYaml .Values.affinity | nindent 8 }}
+ {{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
+ volumes:
+ - name: logs
+ emptyDir: {}
+ - name: config
+ configMap:
+ name: {{ include "common.fullname" . }}
+ - name: properties
+ configMap:
+ name: {{ include "common.fullname" . }}-properties
+ - name: migration
+ configMap:
+ name: {{ include "common.fullname" . }}-migration
+ - name: snapshots
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}-migration
+ restartPolicy: Never
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
+{{ end }}
--- /dev/null
+{{/*
+#
+# ============LICENSE_START=======================================================
+# org.onap.aai
+# ================================================================================
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2020 Nokia Intellectual Property. All rights reserved.
+# Copyright (c) 2020-2021 Orange Intellectual Property. All rights reserved.
+# Modifications Copyright © 2023 Nordix Foundation
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+# In ONAP, the following job will always be run on each installation
+# The following job will go through the latest oxm and
+# create properties based on the data type defined in the oxm
+# and create the required indexes for the appropriate properties
+# This can be run multiple times as the code if the index or property already exists
+# then the index or property won't be created again
+# NOTE - During the execution of the createSchema job, there should
+# be no other janusgraph connection to the graph as its the reason
+# that resources traversal and graphadmin wait until this job is done
+# If you are using an existing cassandra cluster not coming from oom
+# then it is your job to ensure that there are no connections to the database
+*/}}
+
+{{/* the new default is schema creation via graphadmin init container. This will be removed in the future. */}}
+{{- if .Values.createDbSchemaViaJob.enabled }}
+{{- if and ( not .Values.global.jobs.migration.enabled ) ( .Values.global.jobs.createSchema.enabled ) }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ include "common.fullname" . }}-create-db-schema
+ namespace: {{ include "common.namespace" . }}
+ labels: {{- include "common.labels" (dict "labels" .Values.labels "ignoreHelmChart" .Values.ignoreHelmChart "dot" . "suffix" "job") | nindent 4 }}
+ {{- if .Values.jobAnnotations.createDBSchema }}
+ annotations: {{- include "common.tplValue" (dict "value" .Values.jobAnnotations.createDBSchema "context" $) | nindent 4 }}
+ {{- end }}
+spec:
+ backoffLimit: 20
+ template:
+ metadata:
+ labels: {{- include "common.labels" (dict "labels" .Values.labels "ignoreHelmChart" .Values.ignoreHelmChart "dot" . "suffix" "job") | nindent 8 }}
+ name: {{ include "common.name" . }}
+ spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
+ containers:
+ - name: {{ include "common.name" . }}-job
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | nindent 8 | trim }}
+ command:
+ - sh
+ args:
+ - -c
+ - |
+ {{- if include "common.onServiceMesh" . }}
+ echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
+ sh docker-entrypoint.sh createDBSchema.sh;
+ {{ include "common.serviceMesh.killSidecar" . | indent 11 | trim }}
+ env:
+ {{- if .Values.config.debug.enabled }}
+ - name: JVM_OPTS
+ value: {{ .Values.config.debug.args | quote }}
+ {{- end }}
+ {{- if .Values.config.env }}
+ {{- range $key,$value := .Values.config.env }}
+ - name: {{ $key | upper | quote}}
+ value: {{ $value | quote}}
+ {{- end }}
+ {{- end }}
+ - name: JAAS_CONFIG
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.release" . }}-{{ .Values.global.aaiGraphKafkaUser }}
+ key: sasl.jaas.config
+ {{- if .Values.config.debug.enabled }}
+ ports:
+ - containerPort: {{ .Values.service.debugPort }}
+ name: {{ .Values.service.debugPortName }}
+ {{- end }}
+ volumeMounts:
+ - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties
+ name: config
+ subPath: janusgraph-realtime.properties
+ - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties
+ name: properties
+ subPath: aaiconfig.properties
+ - mountPath: /opt/aai/logroot/AAI-GA
+ name: logs
+ - mountPath: /opt/app/aai-graphadmin/resources/logback.xml
+ name: config
+ subPath: logback.xml
+ - mountPath: /opt/app/aai-graphadmin/resources/localhost-access-logback.xml
+ name: config
+ subPath: localhost-access-logback.xml
+ - mountPath: /opt/app/aai-graphadmin/resources/application.properties
+ name: properties
+ subPath: application.properties
+ resources: {{ include "common.resources" . | nindent 10 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
+ {{- end }}
+ {{- if .Values.affinity }}
+ affinity: {{ toYaml .Values.affinity | nindent 8 }}
+ {{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
+ volumes:
+ {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
+ - name: logs
+ emptyDir:
+ sizeLimit: 64Mi
+ - name: config
+ configMap:
+ name: {{ include "common.fullname" . }}
+ - name: properties
+ configMap:
+ name: {{ include "common.fullname" . }}-properties
+ restartPolicy: Never
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
+{{- end }}
+{{- end }}
--- /dev/null
+{{/*
+#
+# ============LICENSE_START=======================================================
+# org.onap.aai
+# ================================================================================
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2020 Nokia Intellectual Property. All rights reserved.
+# Copyright (c) 2020-2021 Orange Intellectual Property. All rights reserved.
+# Modifications Copyright © 2023 Nordix Foundation
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+# In ONAP, the following job will always be run on each installation
+# The following job will go through the latest oxm and
+# create properties based on the data type defined in the oxm
+# and create the required indexes for the appropriate properties
+# This can be run multiple times as the code if the index or property already exists
+# then the index or property won't be created again
+# NOTE - During the execution of the createSchema job, there should
+# be no other janusgraph connection to the graph as its the reason
+# that resources traversal and graphadmin wait until this job is done
+# If you are using an existing cassandra cluster not coming from oom
+# then it is your job to ensure that there are no connections to the database
+*/}}
+
+{{- if .Values.global.jobs.migration.enabled }}
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ include "common.fullname" . }}-migration
+ namespace: {{ include "common.namespace" . }}
+ labels: {{- include "common.labels" (dict "labels" .Values.labels "ignoreHelmChart" .Values.ignoreHelmChart "dot" . "suffix" "job") | nindent 4 }}
+ {{- if .Values.jobAnnotations.migration }}
+ annotations: {{- include "common.tplValue" (dict "value" .Values.jobAnnotations.migration "context" $) | nindent 4 }}
+ {{- end }}
+spec:
+ backoffLimit: 20
+ template:
+ metadata:
+ labels: {{- include "common.labels" (dict "labels" .Values.labels "ignoreHelmChart" .Values.ignoreHelmChart "dot" . "suffix" "job") | nindent 8 }}
+ name: {{ include "common.name" . }}
+ spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
+ initContainers:
+ {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.waitForWithSchemaService) | indent 6 | trim }}
+ - command:
+ - sh
+ args:
+ - -c
+ - |
+ sh docker-entrypoint.sh dataRestoreFromSnapshot.sh `ls -t /opt/app/aai-graphadmin/logs/data/dataSnapshots|head -1|awk -F".P" '{ print $1 }'`
+ volumeMounts:
+ - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties
+ name: config
+ subPath: janusgraph-realtime.properties
+ - mountPath: /opt/app/aai-graphadmin/logs/data/dataSnapshots
+ name: snapshots
+ - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties
+ name: properties
+ subPath: aaiconfig.properties
+ - mountPath: /opt/aai/logroot/AAI-GA
+ name: logs
+ - mountPath: /opt/app/aai-graphadmin/resources/logback.xml
+ name: config
+ subPath: logback.xml
+ - mountPath: /opt/app/aai-graphadmin/resources/localhost-access-logback.xml
+ name: config
+ subPath: localhost-access-logback.xml
+ - mountPath: /opt/app/aai-graphadmin/resources/application.properties
+ name: properties
+ subPath: application.properties
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-restore-backup
+ containers:
+ - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-perform-migration
+ command:
+ - sh
+ args:
+ - -c
+ - |
+ {{- if include "common.onServiceMesh" . }}
+ echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
+ sh docker-entrypoint.sh run_Migrations.sh -e UpdateAaiUriIndexMigration --commit --skipPreMigrationSnapShot --runDisabled RebuildAllEdges ;
+ {{ include "common.serviceMesh.killSidecar" . | indent 11 | trim }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
+ volumeMounts:
+ - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties
+ name: config
+ subPath: janusgraph-realtime.properties
+ - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties
+ name: properties
+ subPath: aaiconfig.properties
+ - mountPath: /opt/aai/logroot/AAI-GA
+ name: logs
+ - mountPath: /opt/app/aai-graphadmin/resources/logback.xml
+ name: config
+ subPath: logback.xml
+ - mountPath: /opt/app/aai-graphadmin/resources/localhost-access-logback.xml
+ name: config
+ subPath: localhost-access-logback.xml
+ - mountPath: /opt/app/aai-graphadmin/resources/application.properties
+ name: properties
+ subPath: application.properties
+ resources: {{ include "common.resources" . | nindent 10 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
+ {{- end }}
+ {{- if .Values.affinity }}
+ affinity: {{ toYaml .Values.affinity | nindent 8 }}
+ {{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
+ volumes:
+ {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 8 }}
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}-configmap
+ - name: {{ include "common.fullname" . }}-snapshots
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}-migration
+ - name: properties
+ configMap:
+ name: {{ include "common.fullname" . }}-properties
+ restartPolicy: Never
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ include "common.fullname" . }}-db-backup-job
+ namespace: {{ include "common.namespace" . }}
+ labels: {{- include "common.labels" (dict "labels" .Values.labels "ignoreHelmChart" .Values.ignoreHelmChart "dot" . "suffix" "db-backup-job") | nindent 4 }}
+ annotations:
+ "helm.sh/hook": pre-upgrade,pre-install
+ "helm.sh/hook-weight": "2"
+ "helm.sh/hook-delete-policy": before-hook-creation
+spec:
+ backoffLimit: 20
+ template:
+ metadata:
+ labels: {{- include "common.labels" (dict "labels" .Values.labels "ignoreHelmChart" .Values.ignoreHelmChart "dot" . "suffix" "db-backup-job") | nindent 8 }}
+ name: {{ include "common.name" . }}
+ spec:
+ initContainers:
+ {{- if eq .Values.global.jobs.migration.remoteCassandra.enabled false }}
+ - command:
+ - /bin/bash
+ - -c
+ - /app/ready.py --service-name {{ .Values.global.cassandra.serviceName }}
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-db-backup-readiness
+ resources:
+ limits:
+ cpu: "100m"
+ memory: "500Mi"
+ requests:
+ cpu: "3m"
+ memory: "20Mi"
+ {{- end }}
+ containers:
+ - name: {{ include "common.name" . }}-db-backup-job
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - sh
+ args:
+ - -c
+ - |
+ {{- if include "common.onServiceMesh" . }}
+ echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
+ sh docker-entrypoint.sh dataSnapshot.sh
+ {{ include "common.serviceMesh.killSidecar" . | indent 11 | trim }}
+ volumeMounts:
+ - mountPath: /opt/app/aai-graphadmin/logs/data/dataSnapshots
+ name: snapshots
+ - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties
+ name: migration
+ subPath: janusgraph-migration-real.properties
+ - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-cached.properties
+ name: migration
+ subPath: janusgraph-migration-cached.properties
+ - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties
+ name: properties
+ subPath: aaiconfig.properties
+ - mountPath: /opt/aai/logroot/AAI-RES/
+ name: logs
+ - mountPath: /opt/app/aai-graphadmin/resources/logback.xml
+ name: config
+ subPath: logback.xml
+ - mountPath: /opt/app/aai-graphadmin/resources/localhost-access-logback.xml
+ name: config
+ subPath: localhost-access-logback.xml
+ - mountPath: /opt/app/aai-graphadmin/resources/application.properties
+ name: properties
+ subPath: application.properties
+ resources: {{ include "common.resources" . | nindent 10 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
+ {{- end }}
+ {{- if .Values.affinity }}
+ affinity: {{ toYaml .Values.affinity | nindent 8 }}
+ {{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
+ volumes: {{ include "common.resources" . | nindent 10 }}
+ - name: logs
+ emptyDir: {}
+ - name: config
+ configMap:
+ name: {{ include "common.fullname" . }}
+ - name: properties-input
+ configMap:
+ name: {{ include "common.fullname" . }}-properties
+ - name: properties
+ emptyDir:
+ medium: Memory
+ - name: migration
+ configMap:
+ name: {{ include "common.fullname" . }}-migration
+ - name: snapshots
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}-migration
+ restartPolicy: Never
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
+{{ end }}
--- /dev/null
+{{/*
+# Copyright ▒ 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.global.jobs.migration.enabled -}}
+{{- if eq "True" (include "common.needPV" .) -}}
+{{- if not .Values.persistence.storageClass -}}
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels: {{- include "common.labels" . | nindent 4 }}
+ name: {{ include "common.fullname" . }}
+ annotations:
+ "helm.sh/hook": pre-upgrade,pre-install
+ "helm.sh/hook-weight": "0"
+ "helm.sh/hook-delete-policy": before-hook-creation
+spec:
+ capacity:
+ storage: {{ .Values.persistence.size}}
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
+ storageClassName: "{{ include "common.fullname" . }}-data"
+ hostPath:
+ path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath1 }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
--- /dev/null
+{{/*
+# Copyright ▒ 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.global.jobs.migration.enabled -}}
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+ name: {{ include "common.fullname" . }}-migration
+ namespace: {{ include "common.namespace" . }}
+ labels: {{- include "common.labels" . | nindent 4 }}
+ annotations:
+ "helm.sh/hook": pre-upgrade,pre-install
+ "helm.sh/hook-weight": "-1"
+ "helm.sh/hook-delete-policy": before-hook-creation
+{{- if .Values.persistence.annotations }}
+{{ toYaml .Values.persistence.annotations | indent 4 }}
+{{- end }}
+spec:
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ resources:
+ requests:
+ storage: {{ .Values.persistence.size }}
+ storageClassName: {{ include "common.storageClass" . }}
+{{- end -}}
--- /dev/null
+{{/*
+#
+# ============LICENSE_START=======================================================
+# org.onap.aai
+# ================================================================================
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
+# Modifications Copyright © 2021 Orange
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels: {{- include "common.labels" . | nindent 4 }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.appPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.appPortName }}
+ targetPort: {{ .Values.service.appPortName }}
+ - port: {{ .Values.service.debugPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
+ name: {{ .Values.service.debugPortName }}
+ targetPort: {{ .Values.service.debugPortName }}
+ - port: {{ .Values.service.actuatorPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort3 }}
+ name: {{ .Values.service.actuatorPortName }}
+ targetPort: {{ .Values.service.actuatorPortName }}
+ {{- else -}}
+ - port: {{ .Values.service.appPort }}
+ name: {{ .Values.service.appPortName }}
+ targetPort: {{ .Values.service.appPortName }}
+ - port: {{ .Values.service.debugPort }}
+ name: {{ .Values.service.debugPortName }}
+ targetPort: {{ .Values.service.debugPortName }}
+ - port: {{ .Values.service.actuatorPort }}
+ name: {{ .Values.service.actuatorPortName }}
+ targetPort: {{ .Values.service.appPort }}
+ {{- end}}
+ selector: {{- include "common.matchLabels" . | nindent 4 }}
--- /dev/null
+{{- if .Values.metrics.serviceMonitor.enabled }}
+{{ include "common.serviceMonitor" . }}
+{{- end }}
--- /dev/null
+#
+# ============LICENSE_START=======================================================
+# org.onap.aai
+# ================================================================================
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2020 Nokia Intellectual Property. All rights reserved.
+# Copyright (c) 2020-2021 Orange Intellectual Property. All rights reserved.
+# Modifications Copyright © 2023 Nordix Foundation
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+# Default values for resources.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+global: # global defaults
+ nodePortPrefix: 302
+ kafkaBootstrap: strimzi-kafka-bootstrap
+ aaiGraphKafkaUser: aai-graph-kafka-user
+ cassandra:
+ #This will instantiate AAI cassandra cluster, default:shared cassandra.
+ localCluster: false
+ # flag to enable the DB creation via k8ssandra-operator
+ useOperator: true
+ #Cassandra datacenter name
+ localDataCenter: dc1
+ initContainers:
+ enabled: true
+ jobs:
+ # When enabled, it will create the schema based on oxm and edge rules
+ createSchema:
+ enabled: true
+ #migration using helm hooks
+ migration:
+ enabled: false
+ duplicates:
+ enabled: false
+ # Specifies if basic authorization is enabled
+ auth:
+ enabled: true
+ # users that can authenticate via basic auth
+ users:
+ - username: aai@aai.onap.org
+ password: demo123456!
+ - username: AAI
+ password: AAI
+ config:
+ # Specifies that the cluster connected to a dynamic
+ # cluster being spinned up by kubernetes deployment
+ cluster:
+ cassandra:
+ dynamic: true
+ # Notification event specific properties
+ notification:
+ eventType: AAI-EVENT
+ domain: dev
+ # Schema specific properties that include supported versions of api
+ schema:
+ # Specifies if the connection should be one way ssl, two way ssl or no auth
+ # will be set to no-auth if tls is disabled
+ service:
+ client: no-auth
+ # Specifies which translator to use if it has schema-service, then it will
+ # make a rest request to schema service
+ translator:
+ list: schema-service
+ source:
+ # Specifies which folder to take a look at
+ name: onap
+ uri:
+ # Base URI Path of the application
+ base:
+ path: /aai
+ version:
+ # Current version of the REST API
+ api:
+ default: v30
+ # Specifies which version the depth parameter is configurable
+ depth: v11
+ # List of all the supported versions of the API
+ list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28,v29,v30
+ # Specifies from which version related link should appear
+ related:
+ link: v11
+ # Specifies from which version the app root change happened
+ app:
+ root: v11
+ # Specifies from which version the xml namespace changed
+ namespace:
+ change: v12
+ # Specifies from which version the edge label appeared in API
+ edge:
+ label: v12
+ # Specifies which clients should always default to realtime graph connection
+ realtime:
+ clients: SDNC,-1|MSO,-1|SO,-1|robot-ete,-1
+
+# application image
+image: onap/aai-graphadmin:1.16.0
+pullPolicy: Always
+restartPolicy: Always
+flavor: small
+
+# default number of instances
+replicaCount: 1
+
+# number of ReplicaSets that should be retained for the Deployment
+revisionHistoryLimit: 1
+
+# the minimum number of seconds that a newly created Pod should be ready
+minReadySeconds: 30
+updateStrategy:
+ type: RollingUpdate
+ # The number of pods that can be unavailable during the update process
+ maxUnavailable: 0
+ # The number of pods that can be created above the desired amount of pods during an update
+ maxSurge: 1
+
+# Configuration for the graphadmin deployment
+config:
+ # Specify the profiles for the graphadmin microservice
+ profiles:
+ active: kafka
+ jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.aaiGraphKafkaUser }}'
+ someConfig: graphrandom
+ # Specifies the timeout limit for the REST API requests
+ timeout:
+ enabled: true
+ limit: 180000
+ janusgraph:
+ # temporarily enable this to update the graph storage version
+ # see: https://docs.janusgraph.org/changelog/#upgrade-instructions_9
+ allowUpgrade: true
+ # config override for the cassandra driver
+ # see: https://docs.janusgraph.org/master/configs/configuration-reference/#storagecqlinternal
+ cassandraDriver:
+ configuration: advanced.metadata.schema.debouncer.window = 2 second
+ # Default maximum records to fix for the data grooming and dupeTool
+ maxFix:
+ dataGrooming: 150
+ dupeTool: 25
+ # Default number of sleep minutes for dataGrooming and dupeTool
+ sleepMinutes:
+ dataGrooming: 7
+ dupeTool: 7
+ # Cron specific attributes to be triggered for the graphadmin spring cron tasks
+ cron:
+ # Specifies that the data grooming tool which runs duplicates should be enabled
+ dataGrooming:
+ enabled: true
+ # Specifies that the data snapshot which takes a graphson snapshot should be enabled
+ dataSnapshot:
+ enabled: true
+ params: JUST_TAKE_SNAPSHOT
+ # Data cleanup which zips snapshots older than x days and deletes older than y days
+ dataCleanup:
+ dataGrooming:
+ enabled: true
+ # Zips up the dataGrooming files older than 5 days
+ ageZip: 5
+ # Deletes the dataGrooming files older than 30 days
+ ageDelete: 30
+
+ dataSnapshot:
+ enabled: true
+ # Zips up the dataSnapshot graphson files older than 5 days
+ ageZip: 5
+ # Deletes the dataSnapshot graphson files older than 30 days
+ ageDelete: 30
+ # Concurrency lock control flag
+ aai:
+ lock:
+ uri:
+ enabled: false
+ # adds jvm args for remote debugging the application
+ debug:
+ enabled: false
+ args: "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005"
+ # adds jvm args for remote profiling the application
+ profiling:
+ enabled: false
+ args:
+ - "-Dcom.sun.management.jmxremote"
+ - "-Dcom.sun.management.jmxremote.ssl=false"
+ - "-Dcom.sun.management.jmxremote.authenticate=false"
+ - "-Dcom.sun.management.jmxremote.local.only=false"
+ - "-Dcom.sun.management.jmxremote.port=9999"
+ - "-Dcom.sun.management.jmxremote.rmi.port=9999"
+ - "-Djava.rmi.server.hostname=127.0.0.1"
+ env:
+ BOOTSTRAP_SERVERS: onap-strimzi-kafka-bootstrap:9092
+ DATA_SNAPSHOT_TASKS_ENABLED: false
+ DATA_SNAPSHOT_CLEANUP_ENABLED: false
+ HISTORY_TRUNCATE_TASK_ENABLED: false
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ enabled: true
+ path: /actuator/health
+ periodSeconds: 10
+
+readiness:
+ path: /actuator/health/readiness
+ periodSeconds: 10
+
+startup:
+ path: /actuator/health/liveness
+ failureThreshold: 60
+ periodSeconds: 5
+
+actuator:
+ echo:
+ enabled: true
+
+## Can be used to restore the old behaviour of having a separate job for schema creation
+createDbSchemaViaJob:
+ enabled: false
+
+readinessCheck:
+ waitForSchemaCreationJob:
+ jobs:
+ - '{{ include "common.release" . }}-aai-graphadmin-create-db-schema'
+ waitForLocalCassandra:
+ containers:
+ - aai-schema-service
+ apps:
+ - aai-cassandra
+ waitForCassandraService:
+ services:
+ - '{{ .Values.global.cassandra.serviceName }}'
+ waitForWithSchemaService:
+ services:
+ - '{{ .Values.global.cassandra.serviceName }}'
+ - aai-schema-service
+
+service:
+ type: ClusterIP
+ # REST API port for the graphadmin microservice
+ appPortName: http
+ appPort: 8449
+ debugPortName: tcp-5005
+ debugPort: 5005
+ profilingPortName: jxm-9999
+ profilingPort: 9999
+ actuatorPortName: http-graphadmin
+ actuatorPort: 8448
+ terminationGracePeriodSeconds: 45
+
+ingress:
+ enabled: false
+
+# No inbound communications.
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals: []
+
+persistence:
+ enabled: true
+ ## A manually managed Persistent Volume and Claim
+ ## Requires persistence.enabled: true
+ ## If defined, PVC must be created manually before volume will be bound
+ # existingClaim:
+ volumeReclaimPolicy: Retain
+ ## database data Persistent Volume Storage Class
+ ## If defined, storageClassName: <storageClass>
+ ## If set to "-", storageClassName: "", which disables dynamic provisioning
+ ## If undefined (the default) or set to null, no storageClassName spec is
+ ## set, choosing the default provisioner. (gp2 on AWS, standard on
+ ## GKE, AWS & OpenStack)
+ ##
+ # storageClass: "-"
+ accessMode: ReadWriteMany
+ size: 2Gi
+
+ mountPath: /dockerdata-nfs
+ mountSubPath: aai/aai-graphadmin
+ mountSubPath1: aai/migration
+
+# To make logback capping values configurable
+logback:
+ logToFileEnabled: false
+ maxHistory: 7
+ totalSizeCap: 6GB
+ queueSize: 1000
+
+accessLogback:
+ logToFileEnabled: false
+ maxHistory: 7
+ totalSizeCap: 6GB
+
+resources:
+ small:
+ limits:
+ cpu: "1"
+ memory: "4Gi"
+ requests:
+ cpu: "500m"
+ memory: "1600Mi"
+ large:
+ limits:
+ cpu: "2"
+ memory: "8Gi"
+ requests:
+ cpu: "1"
+ memory: "4Gi"
+ unlimited: {}
+
+metrics:
+ serviceMonitor:
+ enabled: true
+ targetPort: 8448
+ path: /actuator/prometheus
+ basicAuth:
+ enabled: false
+
+ selector:
+ app: '{{ include "common.name" . }}'
+ helm.sh/chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
+ app.kubernetes.io/instance: '{{ include "common.release" . }}'
+ app.kubernetes.io/managed-by: '{{ .Release.Service }}'
+
+ relabelings: []
+
+ metricRelabelings: []
+
+# Not fully used for now
+securityContext:
+ user_id: 65534
+ group_id: 65534
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: aai-graphadmin
+ roles:
+ - read
+#Log configuration
+log:
+ path: /var/log/onap
+ level:
+ root: INFO
+ base: INFO
+logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
+
+#DupeTool cronjob parameters
+dupeToolParams:
+ schedule: "0 8 * * *"
+ userId: "am8383 "
+ nodeType: "complex"
+ timeWindowMinutes: 60
+ autoFix: true
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: aai-graph-kafka-user
+ externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
+ type: genericKV
+ envs:
+ - name: sasl.jaas.config
+ value: '{{ .Values.config.someConfig }}'
+ policy: generate
+kafkaUser:
+ authenticationType: scram-sha-512
+ acls:
+ - name: AAI-EVENT
+ type: topic
+ operations: [Read, Write]
+
+volumes:
+ logSizeLimit: 64Mi
+ scriptlogSizeLimit: 300Mi
+ tmpSizeLimit: 500Mi
+
+podAnnotations:
+ checksum/config: '{{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}'
+
+jobAnnotations:
+ backup:
+ "helm.sh/hook": pre-upgrade,pre-rollback,post-install
+ "helm.sh/hook-weight": "2"
+ "helm.sh/hook-delete-policy": before-hook-creation
+ migration:
+ "helm.sh/hook": pre-upgrade,pre-rollback,post-install
+ "helm.sh/hook-weight": "2"
+ "helm.sh/hook-delete-policy": before-hook-creation
--- /dev/null
+# Patterns to ignore when building packages.\r
+# This supports shell glob matching, relative path matching, and\r
+# negation (prefixed with !). Only one pattern per line.\r
+.DS_Store\r
+# Common VCS dirs\r
+.git/\r
+.gitignore\r
+.bzr/\r
+.bzrignore\r
+.hg/\r
+.hgignore\r
+.svn/\r
+# Common backup files\r
+*.swp\r
+*.bak\r
+*.tmp\r
+*~\r
+# Various IDEs\r
+.project\r
+.idea/\r
+*.tmproj\r
--- /dev/null
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright © 2021 Orange
+# Modifications Copyright © 2021-2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v2
+description: ONAP AAI modelloader
+name: aai-modelloader
+version: 15.0.5
+
+dependencies:
+ - name: common
+ version: ~13.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~13.x-0
+ repository: '@local'
+ - name: serviceAccount
+ version: ~13.x-0
+ repository: '@local'
--- /dev/null
+# Note that the start.sh script sets the following System Properties
+# We provide default values here for testing purposes
+AJSC_HOME=.
+CONFIG_HOME=appconfig-local
+com.att.eelf.logging.path=src/main/resources
+com.att.eelf.logging.file=logback.xml
+logback.configurationFile=${com.att.eelf.logging.path}/${com.att.eelf.logging.file}
+
+server.port=9500
+
+spring.application.name=aai-model-loader
+
+spring.sleuth.enabled={{ .Values.global.tracing.enabled }}
+spring.zipkin.baseUrl={{ .Values.global.tracing.collector.baseUrl }}
+spring.sleuth.messaging.jms.enabled=false
+spring.sleuth.trace-id128=true
+spring.sleuth.sampler.probability={{ .Values.global.tracing.sampling.probability }}
+spring.sleuth.propagation.type=w3c,b3
+spring.sleuth.supports-join=false
+spring.sleuth.web.skip-pattern={{ join "," .Values.tracing.ignorePatterns }}
+
+server.tomcat.threads.max=200
+# The minimum number of threads always kept alive
+server.tomcat.threads.min-spare=25
+
+# Spring Boot logging
+logging.config=${logback.configurationFile}
+
+# Model Loader Client Configuration for the A&AI REST interface
+ml.aai.base-url=http://aai.{{.Release.Namespace}}:80
+ml.aai.model-url=/aai/%s/service-design-and-creation/models/model/
+ml.aai.named-query-url=/aai/%s/service-design-and-creation/named-queries/named-query/
+ml.aai.vnf-image-url=/aai/v*/service-design-and-creation/vnf-images # v* is supported by the resources api and translates to 'latest'
+ml.aai.auth-user={{ (index .Values.global.auth.users 0).username }}
+ml.aai.auth-password={{ (index .Values.global.auth.users 0).password }}
+ml.aai.use-gizmo=false
+# Babel client config
+ml.babel.base-url={{ include "common.scheme" . }}://aai-babel.{{.Release.Namespace}}:9516
+ml.babel.generate-artifacts-url=/services/babel-service/v1/app/generateArtifacts
--- /dev/null
+{{/*
+<!--
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright © 2021 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+-->
+*/}}
+<configuration scan="true" scanPeriod="3 seconds" debug="false">
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder class="net.logstash.logback.encoder.LoggingEventCompositeJsonEncoder">
+ <providers>
+ <timestamp><fieldName>timestamp</fieldName></timestamp>
+ <message/>
+ <mdc>
+ <fieldName>context</fieldName>
+ <excludeMdcKeyName>ServerIPAddress</excludeMdcKeyName>
+ <excludeMdcKeyName>EntryTimestamp</excludeMdcKeyName>
+ <excludeMdcKeyName>InvokeTimestamp</excludeMdcKeyName>
+ <excludeMdcKeyName>ErrorCode</excludeMdcKeyName>
+ <excludeMdcKeyName>ErrorDesc</excludeMdcKeyName>
+ </mdc>
+ <stackTrace>
+ <fieldName>exception</fieldName>
+ <throwableConverter class="net.logstash.logback.stacktrace.ShortenedThrowableConverter">
+ <exclude>^sun\.reflect\..*\.invoke</exclude>
+ <exclude>^net\.sf\.cglib\.proxy\.MethodProxy\.invoke</exclude>
+ <rootCauseFirst>true</rootCauseFirst>
+ </throwableConverter>
+ </stackTrace>
+ <threadName><fieldName>thread</fieldName></threadName>
+ <loggerName>
+ <fieldName>logger</fieldName>
+ <shortenedLoggerNameLength>36</shortenedLoggerNameLength>
+ </loggerName>
+ <logLevel/>
+ </providers>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncSysOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="STDOUT" />
+ </appender>
+
+ <!-- ============================================================================ -->
+ <!-- EELF loggers -->
+ <!-- ============================================================================ -->
+ <logger name="com.att.eelf" level="info" additivity="false">
+ <appender-ref ref="STDOUT" />
+ </logger>
+ <logger name="com.att.eelf.audit" level="info" additivity="false">
+ <appender-ref ref="STDOUT" />
+ </logger>
+ <logger name="com.att.eelf.metrics" level="info" additivity="false">
+ <appender-ref ref="STDOUT" />
+ </logger>
+
+ <!-- Spring related loggers -->
+ <logger name="org.springframework" level="WARN" />
+ <logger name="org.springframework.beans" level="WARN" />
+ <logger name="org.springframework.web" level="WARN" />
+ <logger name="com.blog.spring.jms" level="WARN" />
+
+ <logger name="com.att" level="INFO" />
+
+ <!-- Model Loader loggers -->
+ <logger name="org.openecomp.modelloader" level="INFO" />
+
+ <logger name="org.onap.sdc.impl.NotificationConsumer" level="WARN" />
+
+ <!-- Other Loggers that may help troubleshoot -->
+ <logger name="net.sf" level="WARN" />
+ <logger name="org.apache.commons.httpclient" level="WARN" />
+ <logger name="org.apache.commons" level="WARN" />
+ <logger name="org.apache.coyote" level="WARN" />
+ <logger name="org.apache.jasper" level="WARN" />
+
+ <!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging.
+ May aid in troubleshooting) -->
+ <logger name="org.apache.camel" level="WARN" />
+ <logger name="org.apache.cxf" level="WARN" />
+ <logger name="org.apache.camel.processor.interceptor" level="WARN" />
+ <logger name="org.apache.cxf.jaxrs.interceptor" level="WARN" />
+ <logger name="org.apache.cxf.service" level="WARN" />
+ <logger name="org.restlet" level="WARN" />
+ <logger name="org.apache.camel.component.restlet" level="WARN" />
+
+ <!-- logback internals logging -->
+ <logger name="ch.qos.logback.classic" level="WARN" />
+ <logger name="ch.qos.logback.core" level="WARN" />
+
+ <root level={{ .Values.log.level.root | upper | quote }}>
+ <appender-ref ref="STDOUT" />
+ </root>
+
+</configuration>
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright © 2021 Orange
+# Modifications Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Model Loader Distribution Client Configuration
+*/}}
+ml.distribution.ACTIVE_SERVER_TLS_AUTH=false
+ml.distribution.ASDC_ADDRESS=sdc-be.{{.Release.Namespace}}:8080
+ml.distribution.ASDC_USE_HTTPS=false
+ml.distribution.KEYSTORE_PASSWORD=
+ml.distribution.KEYSTORE_FILE=
+ml.distribution.PASSWORD=OBF:1ks51l8d1o3i1pcc1r2r1e211r391kls1pyj1z7u1njf1lx51go21hnj1y0k1mli1sop1k8o1j651vu91mxw1vun1mze1vv11j8x1k5i1sp11mjc1y161hlr1gm41m111nkj1z781pw31kku1r4p1e391r571pbm1o741l4x1ksp
+{{- with (first .Values.kafkaUser.acls) }}
+ml.distribution.CONSUMER_GROUP={{ .name }}
+ml.distribution.CONSUMER_ID={{ .name }}-model-loader
+ml.distribution.ENVIRONMENT_NAME=AUTO
+ml.distribution.POLLING_INTERVAL=30
+ml.distribution.POLLING_TIMEOUT=20
+ml.distribution.USER={{ .name }}
+{{- end }}
+ml.distribution.ARTIFACT_TYPES=MODEL_QUERY_SPEC,TOSCA_CSAR
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-prop
+ namespace: {{ include "common.namespace" . }}
+ labels: {{- include "common.labels" . | nindent 4 }}
+data:
+{{ tpl (.Files.Glob "resources/config/model-loader.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/application.properties").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-log
+ namespace: {{ include "common.namespace" . }}
+ labels: {{- include "common.labels" . | nindent 4 }}
+data:
+{{ tpl (.Files.Glob "resources/config/log/logback.xml").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs, AT&T
+# Modifications Copyright © 2018 Bell Canada
+# Modifications Copyright © 2020-2021 Orange
+# Modifications Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" (dict "annotations" .Values.annotations "dot" .) | nindent 2 }}
+spec:
+ {{- if .Values.debug.enabled }}
+ replicas: 1
+ {{- else }}
+ replicas: {{ .Values.replicaCount }}
+ {{- end }}
+ revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
+ strategy:
+ type: {{ .Values.updateStrategy.type }}
+ {{- if (eq "RollingUpdate" .Values.updateStrategy.type) }}
+ rollingUpdate:
+ maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ .Values.updateStrategy.maxSurge }}
+ {{- end }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ {{- if .Values.nodeSelector }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity: {{ toYaml .Values.affinity | nindent 8 }}
+ {{- end }}
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
+ env:
+ - name: CONFIG_HOME
+ value: /opt/app/model-loader/config/
+ - name: SASL_JAAS_CONFIG
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: sasl.jaas.config
+ {{- if .Values.profiling.enabled }}
+ - name: JVM_ARGS
+ value: '{{ join " " .Values.profiling.args }}'
+ {{- end }}
+ {{- if .Values.debug.enabled }}
+ - name: JVM_ARGS
+ value: {{ .Values.debug.args | quote }}
+ {{- end }}
+ ports:
+ - containerPort: {{ .Values.service.appPort }}
+ name: {{ .Values.service.appPortName }}
+ {{- if .Values.debug.enabled }}
+ - containerPort: {{ .Values.debug.port }}
+ name: {{ .Values.debug.portName }}
+ {{- end }}
+ {{- if .Values.profiling.enabled }}
+ - containerPort: {{ .Values.profiling.port }}
+ name: {{ .Values.profiling.portName }}
+ {{- end }}
+ volumeMounts:
+ - mountPath: /opt/app/model-loader/config/model-loader.properties
+ subPath: model-loader.properties
+ name: prop-config
+ - mountPath: /opt/app/model-loader/application.properties
+ subPath: application.properties
+ name: prop-config
+ - mountPath: {{ .Values.log.path }}
+ name: logs
+ - mountPath: /tmp
+ name: tmp
+ - mountPath: /opt/app/model-loader/logback.xml
+ name: log-config
+ subPath: logback.xml
+ resources: {{ include "common.resources" . | nindent 10 }}
+ # side car containers
+ {{ include "common.log.sidecar" . | nindent 6 }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
+ volumes:
+ - name: prop-config
+ configMap:
+ name: {{ include "common.fullname" . }}-prop
+ - name: logs
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.logSizeLimit }}
+ - name: tmp
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.tmpSizeLimit }}
+ {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
+ - name: log-config
+ configMap:
+ name: {{ include "common.fullname" . }}-log
+ restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }}
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
--- /dev/null
+{{/*
+# Copyright © 2022-23 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.kafkauser" . }}
--- /dev/null
+{{/*
+# Copyright © 2024 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.metrics.podMonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: PodMonitor
+metadata:
+ name: {{ include "common.fullname" . }}
+ labels: {{- include "common.labels" . | nindent 4 }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ podMetricsEndpoints:
+ - port: {{ .Values.metrics.podMonitor.port }}
+ path: {{ .Values.metrics.podMonitor.path }}
+ namespaceSelector:
+ matchNames:
+ - {{ .Release.Namespace }}
+{{- end }}
--- /dev/null
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright © 2020-2021 Orange
+# Modifications Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Default values for modelloader.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+global: # global defaults
+ nodePortPrefix: 302
+ tracing:
+ enabled: false
+ collector:
+ baseUrl: http://jaeger-collector.istio-config:9411
+ sampling:
+ probability: 1.0 # percentage of requests that are sampled (between 0-1/0%-100%)
+ auth:
+ # users that can authenticate via basic auth
+ users:
+ - username: aai@aai.onap.org
+ password: demo123456!
+ - username: AAI
+ password: AAI
+
+
+# application image
+image: onap/model-loader:1.14.3
+pullPolicy: Always
+restartPolicy: Always
+flavor: small
+
+# Strimzi KafkaUser config
+kafkaUser:
+ acls:
+ - name: aai
+ type: group
+ operations: [Read]
+ - name: SDC-DISTR
+ type: topic
+ patternType: prefix
+ operations: [Read, Write]
+
+# default number of instances
+replicaCount: 1
+
+# number of ReplicaSets that should be retained for the Deployment
+revisionHistoryLimit: 1
+
+updateStrategy:
+ type: RollingUpdate
+ maxUnavailable: 0
+ maxSurge: 1
+
+# adds jvm args for remote debugging the application
+debug:
+ enabled: false
+ args: "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005"
+ port: 5005
+ portName: debug
+
+# adds jvm args for remote profiling the application
+profiling:
+ enabled: false
+ args:
+ - "-Dcom.sun.management.jmxremote"
+ - "-Dcom.sun.management.jmxremote.ssl=false"
+ - "-Dcom.sun.management.jmxremote.authenticate=false"
+ - "-Dcom.sun.management.jmxremote.local.only=false"
+ - "-Dcom.sun.management.jmxremote.port=9999"
+ - "-Dcom.sun.management.jmxremote.rmi.port=9999"
+ - "-Djava.rmi.server.hostname=127.0.0.1"
+ port: 9999
+ portName: jmx
+
+
+nodeSelector: {}
+
+affinity: {}
+
+service:
+ # REST API port for the graphadmin microservice
+ appPortName: http
+ appPort: 9500
+
+# probe configuration parameters
+liveness:
+ enabled: true
+ path: /healthz
+ periodSeconds: 10
+ initialDelaySeconds: 10
+
+readiness:
+ path: /healthz
+ periodSeconds: 10
+ initialDelaySeconds: 10
+
+resources:
+ small:
+ limits:
+ cpu: "1"
+ memory: "4Gi"
+ requests:
+ cpu: "500m"
+ memory: "1Gi"
+ large:
+ limits:
+ cpu: "2"
+ memory: "8Gi"
+ requests:
+ cpu: "1"
+ memory: "2Gi"
+ unlimited: {}
+
+# use this to define service specific overrides
+# for the global.tracing.* config keys
+tracing:
+ ignorePatterns:
+ - /aai/util.*
+
+metrics:
+ podMonitor:
+ enabled: true
+ port: http
+ path: /actuator/prometheus
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: aai-modelloader
+ roles:
+ - read
+
+# Not fully used for now
+securityContext:
+ user_id: 1000
+ group_id: 1000
+
+#Log configuration
+log:
+ path: /var/log/onap
+ level:
+ root: INFO
+logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
+
+volumes:
+ logSizeLimit: 64Mi
+ tmpSizeLimit: 100Mi
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
--- /dev/null
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright © 2021 Orange
+# Modifications Copyright © 2021-2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+apiVersion: v2
+description: ONAP AAI resources
+name: aai-resources
+version: 16.0.0
+
+dependencies:
+ - name: common
+ version: ~13.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~13.x-0
+ repository: '@local'
+ - name: serviceAccount
+ version: ~13.x-0
+ repository: '@local'
+ - name: readinessCheck
+ version: ~13.x-0
+ repository: '@local'
--- /dev/null
+{{/*
+#
+# ============LICENSE_START=======================================================
+# org.onap.aai
+# ================================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# Modifications Copyright © 2020 Orange
+# Modifications Copyright © 2023 Nordix Foundation
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+#
+
+####################################################################
+# REMEMBER TO THINK ABOUT ENVIRONMENTAL DIFFERENCES AND CHANGE THE
+# TEMPLATE AND *ALL* DATAFILES
+####################################################################
+
+####################################################################
+# REMEMBER TO THINK ABOUT ENVIRONMENTAL DIFFERENCES AND CHANGE THE
+# TEMPLATE AND *ALL* DATAFILES
+####################################################################
+*/}}
+
+aai.config.checktime=1000
+
+# this could come from siteconfig.pl?
+aai.config.nodename=AutomaticallyOverwritten
+
+aai.server.url.base=http://aai.{{ include "common.namespace" . }}/aai/
+aai.server.url=http://aai.{{ include "common.namespace" . }}/aai/{{ .Values.global.config.schema.version.api.default }}/
+aai.global.callback.url=http://aai.{{ include "common.namespace" . }}/aai/
+
+{{ if .Values.global.auth.enabled }}
+aai.tools.enableBasicAuth=true
+aai.tools.username={{ (index .Values.global.auth.users 0).username }}
+aai.tools.password={{ (index .Values.global.auth.users 0).password }}
+{{ end }}
+
+aai.notification.current.version={{ .Values.global.config.schema.version.api.default }}
+aai.notificationEvent.default.status=UNPROCESSED
+aai.notificationEvent.default.eventType={{ .Values.global.config.notification.eventType }}
+aai.notificationEvent.default.domain={{ .Values.global.config.notification.domain }}
+aai.notificationEvent.default.sourceName=aai
+aai.notificationEvent.default.sequenceNumber=0
+aai.notificationEvent.default.severity=NORMAL
+aai.notificationEvent.default.version={{ .Values.global.config.schema.version.api.default }}
+# This one lets us enable/disable resource-version checking on updates/deletes
+aai.resourceversion.enableflag=true
+aai.logging.maxStackTraceEntries=10
+aai.default.api.version={{ .Values.global.config.schema.version.api.default }}
+
+aai.logging.trace.enabled=true
+aai.logging.trace.logrequest=false
+aai.logging.trace.logresponse=false
+
+aai.transaction.logging=true
+aai.transaction.logging.get=false
+aai.transaction.logging.post=true
+
+aai.realtime.clients={{ .Values.global.config.realtime.clients }}
+
+# Timeout for crud enabled flag
+aai.crud.timeoutenabled={{ .Values.config.crud.timeout.enabled }}
+
+# Timeout app specific -1 to bypass for that app id, a whole number to override the timeout with that value (in ms)
+aai.crud.timeout.appspecific={{ .Values.config.crud.timeout.appspecific }}
+
+#default timeout limit added for crud if not overridden (in ms)
+aai.crud.timeoutlimit={{ .Values.config.crud.timeout.limit }}
+#limit set for bulk consumer APIS
+aai.bulkconsumer.payloadlimit={{ .Values.config.bulk.limit }}
+
+#uncomment and use header X-OverrideLimit with the value to override the bulk api limit
+aai.bulkconsumer.payloadoverride={{ .Values.config.bulk.override }}
+
+#
+# AAI Graph DB checker task
+#
+
+# Indicator to enable or disable scheduled task (true/false)
+aai.graph.checker.task.enabled=false
+
+# Delay, in seconds, before the scheduled task is started, if enabled
+aai.graph.checker.task.delay=5
+
+# Period, in seconds, between two consecutive executions of the scheduled task, if enabled
+aai.graph.checker.task.period=10
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright © 2020 Orange
+# Modifications Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# The following info parameters are being referenced by ajsc6
+*/}}
+info.build.artifact=aai-resources
+info.build.name=resources
+info.build.description=Resources Microservice
+info.build.version=1.3.0
+
+spring.application.name=aai-resources
+spring.jersey.type=filter
+
+spring.main.allow-bean-definition-overriding=true
+server.servlet.context-path=/
+
+management.tracing.enabled={{ .Values.global.tracing.enabled }}
+management.tracing.sampling.probability={{ .Values.global.tracing.sampling.probability }}
+management.tracing.propagation.type=w3c, b3
+management.zipkin.tracing.endpoint={{ .Values.global.tracing.collector.baseUrl }}
+
+spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration,org.keycloak.adapters.springboot.KeycloakAutoConfiguration,org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration,org.springframework.boot.actuate.autoconfigure.security.servlet.ManagementWebSecurityAutoConfiguration
+
+spring.profiles.active={{ .Values.global.config.profiles.active }}
+spring.jersey.application-path=${schema.uri.base.path}
+#The max number of active threads in this pool
+server.tomcat.max-threads=200
+#The minimum number of threads always kept alive
+server.tomcat.min-Spare-Threads=25
+#The number of milliseconds before an idle thread shutsdown, unless the number of active threads are less or equal to minSpareThreads
+server.tomcat.max-idle-time=60000
+
+# If you get an application startup failure that the port is already taken
+# If thats not it, please check if the key-store file path makes sense
+server.local.startpath=aai-resources/src/main/resources/
+
+server.port={{ .Values.service.resourcesPort }}
+
+spring.kafka.producer.bootstrap-servers=${BOOTSTRAP_SERVERS}
+spring.kafka.producer.properties.security.protocol=SASL_PLAINTEXT
+spring.kafka.producer.properties.sasl.mechanism=SCRAM-SHA-512
+spring.kafka.producer.key-serializer=org.apache.kafka.common.serialization.StringSerializer
+spring.kafka.producer.value-serializer=org.apache.kafka.common.serialization.StringSerializer
+spring.kafka.producer.properties.sasl.jaas.config=${JAAS_CONFIG}
+spring.kafka.producer.retries=3
+
+# Schema related attributes for the oxm and edges
+# Any additional schema related attributes should start with prefix schema
+schema.configuration.location=N/A
+schema.source.name={{ .Values.global.config.schema.source.name }}
+schema.nodes.location=${server.local.startpath}/schema/${schema.source.name}/oxm/
+schema.edges.location=${server.local.startpath}/schema/${schema.source.name}/dbedgerules/
+
+schema.ingest.file=${server.local.startpath}/application.properties
+
+# Schema Version Related Attributes
+
+schema.uri.base.path={{ .Values.global.config.schema.uri.base.path }}
+# Lists all of the versions in the schema
+schema.version.list={{ .Values.global.config.schema.version.list }}
+# Specifies from which version should the depth parameter to default to zero
+schema.version.depth.start={{ .Values.global.config.schema.version.depth }}
+# Specifies from which version should the related link be displayed in response payload
+schema.version.related.link.start={{ .Values.global.config.schema.version.related.link }}
+
+# Specifies from which version should the client see only the uri excluding host info
+# Before this version server base will also be included
+schema.version.app.root.start={{ .Values.global.config.schema.version.app.root }}
+# Specifies from which version should the namespace be changed
+schema.version.namespace.change.start={{ .Values.global.config.schema.version.namespace.change }}
+# Specifies from which version should the client start seeing the edge label in payload
+schema.version.edge.label.start={{ .Values.global.config.schema.version.edge.label }}
+# Specifies the version that the application should default to
+schema.version.api.default={{ .Values.global.config.schema.version.api.default }}
+
+schema.translator.list={{ .Values.global.config.schema.translator.list }}
+schema.service.base.url={{ include "common.scheme" . }}://aai-schema-service.{{ include "common.namespace" . }}:8452/aai/schema-service/v1/
+schema.service.nodes.endpoint=nodes?version=
+schema.service.edges.endpoint=edgerules?version=
+schema.service.versions.endpoint=versions
+schema.service.client=no-auth
+
+#to expose the Prometheus scraping endpoint
+management.server.port=8448
+management.endpoints.enabled-by-default=true
+management.endpoints.web.exposure.include=*
+endpoints.enabled={{ .Values.endpoints.enabled }}
+endpoints.info.enabled={{ .Values.endpoints.info.enabled }}
+endpoints.prometheus.enabled={{ .Values.metrics.serviceMonitor.enabled }}
+endpoints.health.enabled={{ .Values.endpoints.health.enabled }}
+management.metrics.web.server.auto-time-requests=false
+management.metrics.distribution.percentiles-histogram[http.server.requests]=true
+management.metrics.distribution.sla[http.server.requests]=20ms, 30ms, 40ms, 50ms, 60ms, 70ms, 80ms, 90ms, 100ms, 500ms, 1000ms, 5000ms, 7000ms
+#Add common tag for grouping all aai related metrics
+management.metrics.tags.group_id=aai
+#It is not advisable to use labels to store dimensions with high cardinality. Enable this option only for debug purposes. For more information: https://github.com/micrometer-metrics/micrometer/issues/1584
+scrape.uri.metrics=false
+
+# If true, the actuator health check will be overriden
+# to use the AaiGraphChecker check instead.
+# This does the same as the /echo endpoint,
+# but doesn't show up in micrometer metrics
+aai.actuator.echo.enabled={{ .Values.actuator.echo.enabled }}
+aai.graph.properties.path=${server.local.startpath}/etc/appprops/janusgraph-realtime.properties
+
+aai.basic-auth.enabled={{ .Values.global.auth.enabled }}
+{{- range $index, $user := .Values.global.auth.users }}
+aai.basic-auth.users[{{ $index }}].username={{ $user.username }}
+aai.basic-auth.users[{{ $index }}].password={{ $user.password }}
+{{- end }}
--- /dev/null
+{
+ "roles": [
+ {
+ "name": "admin",
+ "functions": [
+ {
+ "name": "actions",
+ "methods": [
+ {
+ "name": "GET"
+ },
+ {
+ "name": "DELETE"
+ },
+ {
+ "name": "PUT"
+ }
+ ]
+ },
+ {
+ "name": "servers",
+ "methods": [
+ {
+ "name": "GET"
+ },
+ {
+ "name": "DELETE"
+ },
+ {
+ "name": "PUT"
+ }
+ ]
+ },
+ {
+ "name": "cloudinfra",
+ "methods": [
+ {
+ "name": "GET"
+ },
+ {
+ "name": "DELETE"
+ },
+ {
+ "name": "PUT"
+ }
+ ]
+ },
+ {
+ "name": "cloud-infrastructure",
+ "methods": [
+ {
+ "name": "GET"
+ },
+ {
+ "name": "DELETE"
+ },
+ {
+ "name": "PUT"
+ }
+ ]
+ },
+ {
+ "name": "sdandc",
+ "methods": [
+ {
+ "name": "GET"
+ },
+ {
+ "name": "DELETE"
+ },
+ {
+ "name": "PUT"
+ }
+ ]
+ },
+ {
+ "name": "service-design-and-creation",
+ "methods": [
+ {
+ "name": "GET"
+ },
+ {
+ "name": "DELETE"
+ },
+ {
+ "name": "PUT"
+ }
+ ]
+ },
+ {
+ "name": "business",
+ "methods": [
+ {
+ "name": "GET"
+ },
+ {
+ "name": "DELETE"
+ },
+ {
+ "name": "PUT"
+ }
+ ]
+ },
+ {
+ "name": "network",
+ "methods": [
+ {
+ "name": "GET"
+ },
+ {
+ "name": "DELETE"
+ },
+ {
+ "name": "PUT"
+ }
+ ]
+ },
+ {
+ "name": "search",
+ "methods": [
+ {
+ "name": "GET"
+ },
+ {
+ "name": "POST"
+ }
+ ]
+ },
+ {
+ "name": "util",
+ "methods": [
+ {
+ "name": "GET"
+ }
+ ]
+ },
+ {
+ "name": "license-management",
+ "methods": [
+ {
+ "name": "GET"
+ },
+ {
+ "name": "DELETE"
+ },
+ {
+ "name": "PUT"
+ }
+ ]
+ },
+ {
+ "name": "examples",
+ "methods": [
+ {
+ "name": "GET"
+ }
+ ]
+ },
+ {
+ "name": "resources",
+ "methods": [
+ {
+ "name": "GET"
+ }
+ ]
+ },
+ {
+ "name": "generateurl",
+ "methods": [
+ {
+ "name": "GET"
+ }
+ ]
+ },
+ {
+ "name": "bulkadd",
+ "methods": [
+ {
+ "name": "PUT"
+ }
+ ]
+ },
+ {
+ "name": "nodes",
+ "methods": [
+ {
+ "name": "GET"
+ }
+ ]
+ },
+ {
+ "name": "query",
+ "methods": [
+ {
+ "name": "PUT"
+ }
+ ]
+ },
+ {
+ "name": "dbquery",
+ "methods": [
+ {
+ "name": "PUT"
+ }
+ ]
+ },
+ {
+ "name": "bulk",
+ "methods": [
+ {
+ "name": "POST"
+ }
+ ]
+ },
+ {
+ "name": "bulkprocess",
+ "methods": [
+ {
+ "name": "PUT"
+ }
+ ]
+ },
+ {
+ "name": "recents",
+ "methods": [
+ {
+ "name": "GET"
+ }
+ ]
+ },
+ {
+ "name": "dsl",
+ "methods": [
+ {
+ "name": "PUT"
+ }
+ ]
+ },
+ {
+ "name": "common",
+ "methods": [
+ {
+ "name": "GET"
+ },
+ {
+ "name": "DELETE"
+ },
+ {
+ "name": "PUT"
+ }
+ ]
+ }
+ ],
+ "users": [
+ {
+ "username": "CN=aai, OU=OSAAF, OU=aai@aai.onap.org, O=ONAP, C=US"
+ }
+ ]
+ },
+ {
+ "name": "basicauth",
+ "functions": [
+ {
+ "name": "util",
+ "methods": [
+ {
+ "name": "GET"
+ }
+ ]
+ }
+ ],
+ "users": [
+ {
+ "user": "aai",
+ "pass": "OBF:1u2a1t2v1vgb1s3g1s3m1vgj1t3b1u30"
+ }
+ ]
+ },
+ {
+ "name": "HAProxy",
+ "functions": [
+ {
+ "name": "util",
+ "methods": [
+ {
+ "name": "GET"
+ }
+ ]
+ }
+ ],
+ "users": [
+ {
+ "username": "CN=haproxyuser, OU=OSAAF, OU=aai@aai.onap.org, O=ONAP, C=US"
+ }
+ ]
+ }
+ ]
+}
--- /dev/null
+{{/*
+#
+# ============LICENSE_START=======================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+query.fast-property=true
+query.smart-limit=false
+
+{{- if .Values.global.config.cluster.cassandra.dynamic }}
+storage.backend=cql
+storage.hostname={{.Values.global.cassandra.serviceName}}
+storage.username={{.Values.global.cassandra.username}}
+storage.password={{.Values.global.cassandra.password}}
+
+storage.cql.keyspace=aaigraph
+storage.cql.local-datacenter={{ .Values.global.cassandra.localDataCenter }}
+storage.cql.read-consistency-level=LOCAL_QUORUM
+storage.cql.write-consistency-level=LOCAL_QUORUM
+storage.cql.replication-factor={{.Values.global.cassandra.replicas}}
+storage.cql.only-use-local-consistency-for-system-operations=true
+
+{{- if .Values.global.cassandra.partitionerName }}
+storage.cql.partitioner-name={{ .Values.global.cassandra.partitionerName }}
+{{- end }}
+{{- else -}}
+{{- if .Values.global.config.storage }}
+storage.backend={{ .Values.global.config.storage.backend }}
+{{- if eq .Values.global.config.storage.backend "cql" }}
+storage.hostname={{ .Values.global.config.storage.hostname }}
+storage.cql.keyspace={{ .Values.global.config.storage.name }}
+storage.cql.local-datacenter={{ .Values.global.cassandra.localDataCenter }}
+
+storage.cql.read-consistency-level={{ .Values.global.config.storage.cql.readConsistency }}
+storage.cql.write-consistency-level={{ .Values.global.config.storage.cql.readConsistency }}
+storage.cql.replication-factor={{ .Values.global.config.storage.cql.replicationFactor | int }}
+
+storage.cql.only-use-local-consistency-for-system-operations={{ .Values.global.config.storage.cql.localConsistencyForSysOps }}
+storage.cql.cluster-name={{ .Values.global.config.storage.clusterName }}
+storage.cql.local-datacenter={{ .Values.global.cassandra.localDataCenter }}
+
+storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }}
+cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }}
+log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }}
+{{ else if eq .Values.global.config.storage.backend "hbase" }}
+storage.hostname={{ .Values.global.config.storage.hostname }}
+storage.hbase.table={{ .Values.global.config.storage.name }}
+
+storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }}
+cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }}
+log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+storage.lock.wait-time=300
+
+# https://docs.janusgraph.org/operations/cache/#database-level-caching
+# Setting db-cache to false will ensure the fastest propagation of changes across servers
+# Setting db-cache to true will ensure fastest response times
+cache.db-cache={{ .Values.config.janusgraph.caching.enabled }}
+{{- if .Values.config.janusgraph.caching.enabled }}
+# cache-time in milliseconds
+cache.db-cache-time={{ .Values.config.janusgraph.caching.dbCacheTime }}
+cache.db-cache-size={{ .Values.config.janusgraph.caching.dbCacheSize }}
+cache.db-cache-clean-wait={{ .Values.config.janusgraph.caching.dbCacheCleanWait }}
+{{- end }}
+
+#load graphson file on startup
+load.snapshot.file=false
+
+{{- if .Values.config.janusgraph.allowUpgrade }}
+graph.allow-upgrade=true
+{{- end }}
--- /dev/null
+{{/*
+<!--
+
+ ============LICENSE_START=======================================================
+ org.onap.aai
+ ================================================================================
+ Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ Modifications Copyright © 2018 Amdocs, Bell Canada
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ ============LICENSE_END=========================================================
+
+ ECOMP is a trademark and service mark of AT&T Intellectual Property.
+
+-->
+*/}}
+<configuration scan="true" scanPeriod="60 seconds" debug="false">
+ <statusListener class="ch.qos.logback.core.status.NopStatusListener" />
+
+ <property resource="application.properties" />
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder class="net.logstash.logback.encoder.LoggingEventCompositeJsonEncoder">
+ <providers>
+ <timestamp><fieldName>timestamp</fieldName></timestamp>
+ <message/>
+ <mdc>
+ <fieldName>context</fieldName>
+ <excludeMdcKeyName>ServerIPAddress</excludeMdcKeyName>
+ <excludeMdcKeyName>EntryTimestamp</excludeMdcKeyName>
+ <excludeMdcKeyName>InvokeTimestamp</excludeMdcKeyName>
+ <excludeMdcKeyName>ErrorCode</excludeMdcKeyName>
+ <excludeMdcKeyName>ErrorDesc</excludeMdcKeyName>
+ </mdc>
+ <stackTrace>
+ <fieldName>exception</fieldName>
+ <throwableConverter class="net.logstash.logback.stacktrace.ShortenedThrowableConverter">
+ <exclude>^sun\.reflect\..*\.invoke</exclude>
+ <exclude>^net\.sf\.cglib\.proxy\.MethodProxy\.invoke</exclude>
+ <rootCauseFirst>true</rootCauseFirst>
+ </throwableConverter>
+ </stackTrace>
+ <threadName><fieldName>thread</fieldName></threadName>
+ <loggerName>
+ <fieldName>logger</fieldName>
+ <shortenedLoggerNameLength>36</shortenedLoggerNameLength>
+ </loggerName>
+ <logLevel/>
+ </providers>
+ </encoder>
+ </appender>
+
+
+
+ <!-- logback internals logging -->
+ <logger name="ch.qos.logback.classic" level="WARN" />
+ <logger name="ch.qos.logback.core" level="WARN" />
+
+ <logger name="com.att.aft.dme2" level="WARN" />
+ <logger name="com.jayway.jsonpath" level="WARN" />
+
+ <logger name="org.apache" level="OFF" />
+ <logger name="org.apache.commons" level="WARN" />
+ <logger name="org.apache.zookeeper" level="OFF" />
+ <logger name="org.codehaus.groovy" level="WARN" />
+ <logger name="org.eclipse.jetty" level="WARN" />
+ <!-- Spring related loggers -->
+ <logger name="org.springframework" level="WARN" />
+ <logger name="org.springframework.beans" level="WARN" />
+ <logger name="org.springframework.web" level="WARN" />
+ <logger name="org.janusgraph" level="WARN" />
+ <logger name="org.janusgraph.graphdb.transaction" level="ERROR" />
+ <logger name="org.zookeeper" level="OFF" />
+
+
+ <logger name="org.onap.aai" level={{ .Values.log.level.base | upper | quote }} additivity="false">
+ <appender-ref ref="STDOUT"/>
+ </logger>
+ <logger name="org.onap.aai.aaf.auth" level="DEBUG" additivity="false">
+ <appender-ref ref="STDOUT"/>
+ </logger>
+
+ <logger name="org.onap.aai.interceptors.post" level="DEBUG" additivity="false">
+ <appender-ref ref="STDOUT"/>
+ </logger>
+
+ <logger name="org.onap.aai.kafka" level="DEBUG" additivity="false">
+ <appender-ref ref="STDOUT"/>
+ </logger>
+
+ <root level={{ .Values.log.level.root | upper | quote }}>
+ <appender-ref ref="STDOUT"/>
+ </root>
+</configuration>
--- /dev/null
+{{- define "aairesources.waitForSchemaCreation" -}}
+- name: wait-for-schema-creation
+ image: "{{ include "repositoryGenerator.image.curl" . }}"
+ imagePullPolicy: IfNotPresent
+ command: ["/bin/sh", "-c"]
+ args:
+ - |
+ URL="{{ required "URL is required" (.Values.schemaInitCheckURL | default "http://aai-graphadmin:8449/isSchemaInitialized") }}"
+ AUTH="{{ printf "%s:%s" (index .Values.global.auth.users 0).username (index .Values.global.auth.users 0).password }}"
+ while true; do
+ RESPONSE=$(curl -u $AUTH -s $URL)
+ if [ "$RESPONSE" = "true" ]; then
+ echo "Request successful. Schema is initialized."
+ exit 0
+ else
+ echo "Request unsuccessful. Schema is not yet initialized. Retrying in 3 seconds..."
+ sleep 3
+ fi
+ done
+ {{ include "common.containerSecurityContext" . | indent 2 | trim }}
+{{- end -}}
--- /dev/null
+{{/*
+# Copyright © 2022-23 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaUser
+metadata:
+ name: {{ include "common.release" . }}-{{ .Values.global.aaiKafkaUser }}
+ labels: {{- include "common.labels" . | nindent 4 }}
+ strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+ authentication:
+ type: scram-sha-512
+ authorization:
+ type: simple
+ acls:
+ - resource:
+ type: topic
+ name: AAI-EVENT
+ operations:
+ - All
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
--- /dev/null
+{{- if and .Values.autoscaling.enabled (not (or .Values.config.debug.enabled .Values.config.profiling.enabled)) }}
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels: {{- include "common.labels" . | nindent 4 }}
+spec:
+ scaleTargetRef:
+ apiVersion: apps/v1
+ kind: Deployment
+ name: {{ include "common.fullname" . }}
+ minReplicas: {{ .Values.autoscaling.minReplicas }}
+ maxReplicas: {{ .Values.autoscaling.maxReplicas }}
+ metrics:
+ {{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
+ - type: Resource
+ resource:
+ name: cpu
+ target:
+ type: Utilization
+ averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
+ {{- end }}
+ {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
+ - type: Resource
+ resource:
+ name: memory
+ target:
+ type: Utilization
+ averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
+ {{- end }}
+{{- end }}
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright (c) 2021 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels: {{- include "common.labels" . | nindent 4 }}
+data:
+{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/janusgraph-realtime.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/aaiconfig.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# Copyright (c) 2017 Amdocs, Bell Canada
+# Modifications Copyright (c) 2018 AT&T
+# Modifications Copyright (c) 2020 Nokia
+# Modifications Copyright (c) 2021 Orange
+# Modifications Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" (dict "annotations" .Values.annotations "dot" .) | nindent 2 }}
+spec:
+ {{- if or .Values.config.debug.enabled .Values.config.profiling.enabled }}
+ replicas: 1
+ {{- else }}
+ {{- if not .Values.autoscaling.enabled }}
+ replicas: {{ .Values.replicaCount }}
+ {{- end }}
+ {{- end }}
+ revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
+ minReadySeconds: {{ .Values.minReadySeconds }}
+ strategy:
+ type: {{ .Values.updateStrategy.type }}
+ rollingUpdate:
+ maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ .Values.updateStrategy.maxSurge }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ hostname: aai-resources
+ terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }}
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
+ initContainers:
+ {{- if .Values.global.jobs.migration.enabled }}
+ {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_migration) | nindent 8 }}
+ {{- else if .Values.global.jobs.createSchema.enabled }}
+ {{ include "aairesources.waitForSchemaCreation" . | nindent 6 }}
+ {{- end }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
+ env:
+ {{- if .Values.config.env }}
+ {{- range $key,$value := .Values.config.env }}
+ - name: {{ $key | upper | quote}}
+ value: {{ $value | quote}}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.config.profiling.enabled }}
+ - name: PRE_JVM_ARGS
+ value: '{{ join " " .Values.config.profiling.args }}'
+ {{- end }}
+ {{- if .Values.config.debug.enabled }}
+ - name: POST_JVM_ARGS
+ value: {{ .Values.config.debug.args | quote }}
+ {{- end }}
+ - name: INTERNAL_PORT_1
+ value: {{ .Values.service.resourcesPort | quote }}
+ - name: INTERNAL_PORT_2
+ value: {{ .Values.service.debugPort | quote }}
+ - name: INTERNAL_PORT_3
+ value: {{ .Values.service.metricsPort | quote }}
+ - name: BOOTSTRAP_SERVERS
+ value: {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ - name: JAAS_CONFIG
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.release" . }}-{{ .Values.global.aaiKafkaUser }}
+ key: sasl.jaas.config
+ volumeMounts:
+ - mountPath: /opt/app/aai-resources/resources/etc/appprops/janusgraph-realtime.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: janusgraph-realtime.properties
+ - mountPath: /opt/app/aai-resources/resources/etc/appprops/aaiconfig.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: aaiconfig.properties
+ - mountPath: /opt/aai/logroot/AAI-RES
+ name: logs
+ - mountPath: /opt/app/aai-resources/resources/logback.xml
+ name: {{ include "common.fullname" . }}-config
+ subPath: logback.xml
+ - mountPath: /opt/app/aai-resources/resources/application.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: application.properties
+ - mountPath: /tmp
+ name: tmp
+ ports:
+ - containerPort: {{ .Values.service.resourcesPort }}
+ name: {{ .Values.service.resourcesPortName }}
+ {{- if .Values.config.debug.enabled }}
+ - containerPort: {{ .Values.service.debugPort }}
+ name: {{ .Values.service.debugPortName }}
+ {{- end }}
+ - containerPort: {{ .Values.service.metricsPort }}
+ name: {{ .Values.service.metricsPortName }}
+ {{- if .Values.config.profiling.enabled }}
+ - containerPort: {{ .Values.service.profilingPort }}
+ name: {{ .Values.service.profilingPortName }}
+ {{- end }}
+ lifecycle:
+ # wait for active requests (long-running tasks) to be finished
+ # Before the SIGTERM is invoked, Kubernetes exposes a preStop hook in the Pod.
+ preStop:
+ exec:
+ command:
+ - sh
+ - -c
+ - |
+ while (netstat -an | grep ESTABLISHED | grep -e $INTERNAL_PORT_1)
+ do sleep 3
+ done
+ # disable liveness probe when
+ # debugging.enable=true or profiling.enabled=true
+ {{- if and .Values.liveness.enabled (not (or .Values.config.debug.enabled .Values.config.profiling.enabled)) }}
+ livenessProbe:
+ httpGet:
+ port: {{ .Values.service.metricsPort }}
+ path: {{ .Values.liveness.path }}
+ {{- if .Values.liveness.initialDelaySeconds }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ {{- end }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
+ {{- end }}
+ readinessProbe:
+ httpGet:
+ port: {{ .Values.service.metricsPort }}
+ path: {{ .Values.readiness.path }}
+ {{- if .Values.readiness.initialDelaySeconds }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ {{- end }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
+ startupProbe:
+ httpGet:
+ port: {{ .Values.service.metricsPort }}
+ path: {{ .Values.startup.path }}
+ failureThreshold: {{ .Values.startup.failureThreshold }}
+ periodSeconds: {{ .Values.startup.periodSeconds }}
+ timeoutSeconds: {{ .Values.startup.timeoutSeconds }}
+ resources: {{ include "common.resources" . | nindent 10 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
+ {{- end }}
+ {{- if .Values.affinity }}
+ affinity: {{ toYaml .Values.affinity | nindent 8 }}
+ {{- end }}
+ # side car containers
+ {{ include "common.log.sidecar" . | nindent 6 }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
+ volumes:
+ - name: logs
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.logSizeLimit }}
+ - name: tmp
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.tmpSizeLimit }}
+ {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}
+ restartPolicy: {{ .Values.restartPolicy }}
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels: {{- include "common.labels" . | nindent 4 }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{ if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.resourcesPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.resourcesPortName }}
+ targetPort: {{ .Values.service.resourcesPortName }}
+ - port: {{ .Values.service.debugPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
+ name: {{ .Values.service.debugPortName }}
+ targetPort: {{ .Values.service.debugPortName }}
+ - port: {{ .Values.service.metricsPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort3 }}
+ name: {{ .Values.service.metricsPortName }}
+ targetPort: {{ .Values.service.metricsPortName }}
+ {{- else -}}
+ - port: {{ .Values.service.resourcesPort }}
+ name: {{ .Values.service.resourcesPortName }}
+ targetPort: {{ .Values.service.resourcesPortName }}
+ {{- if .Values.config.debug.enabled }}
+ - port: {{ .Values.service.debugPort }}
+ name: {{ .Values.service.debugPortName }}
+ targetPort: {{ .Values.service.debugPortName }}
+ {{- end }}
+ - port: {{ .Values.service.metricsPort }}
+ name: {{ .Values.service.metricsPortName }}
+ targetPort: {{ .Values.service.metricsPortName }}
+ {{- end }}
+ selector: {{- include "common.matchLabels" . | nindent 4 }}
+ clusterIP: None
+ sessionAffinity: {{ .Values.service.sessionAffinity }}
--- /dev/null
+{{- if .Values.metrics.serviceMonitor.enabled }}
+{{ include "common.serviceMonitor" . }}
+{{- end }}
--- /dev/null
+# Copyright (c) 2018 Amdocs, Bell Canada, AT&T
+# Copyright (c) 2020 Nokia, Orange
+# Modifications Copyright (c) 2021 Orange
+# Modifications Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Default values for resources.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+global: # global defaults
+ nodePortPrefix: 302
+ kafkaBootstrap: strimzi-kafka-bootstrap
+ aaiKafkaUser: aai-kafka-user
+ cassandra:
+ #Service Name of the cassandra cluster to connect to.
+ #Override it to aai-cassandra if localCluster is enabled.
+ serviceName: cassandra
+ tracing:
+ enabled: false
+ collector:
+ baseUrl: http://jaeger-collector.istio-config:9411
+ sampling:
+ probability: 1.0
+
+ # Specifies a list of jobs to be run
+ jobs:
+ # When enabled, it will create the schema based on oxm and edge rules
+ createSchema:
+ enabled: true
+ #migration using helm hooks
+ migration:
+ enabled: false
+
+ # Specifies if basic authorization is enabled
+ auth:
+ enabled: true
+ # users that can authenticate via basic auth
+ users:
+ - username: aai@aai.onap.org
+ password: demo123456!
+ - username: so@so.onap.org
+ password: demo123456!
+ - username: sdnc@sdnc.onap.org
+ password: demo123456!
+ - username: dcae@dcae.onap.org
+ password: demo123456!
+ - username: policy@policy.onap.org
+ password: demo123456!
+ - username: sdc@sdc.onap.org
+ password: demo123456!
+ - username: AAI
+ password: AAI
+ - username: DCAE
+ password: DCAE
+ - username: MSO
+ password: MSO
+ - username: POLICY
+ password: POLICY
+ - username: ASDC
+ password: ASDC
+ - username: ModelLoader
+ password: ModelLoader
+ - username: AaiUI
+ password: AaiUI
+ config:
+ # Specifies that the cluster connected to a dynamic
+ # cluster being spinned up by kubernetes deployment
+ cluster:
+ cassandra:
+ dynamic: true
+
+ # Active spring profiles for the resources microservice
+ profiles:
+ active: production,kafka
+
+ # Notification event specific properties
+ notification:
+ eventType: AAI-EVENT
+ domain: dev
+
+ # Schema specific properties that include supported versions of api
+ schema:
+ # Specifies if the connection should be one way ssl, two way ssl or no auth
+ service:
+ client: no-auth
+ # Specifies which translator to use if it has schema-service, then it will make a rest request to schema service
+ translator:
+ list: schema-service
+ source:
+ # Specifies which folder to take a look at
+ name: onap
+ uri:
+ # Base URI Path of the application
+ base:
+ path: /aai
+ version:
+ # Current version of the REST API
+ api:
+ default: v30
+ # Specifies which version the depth parameter is configurable
+ depth: v11
+ # List of all the supported versions of the API
+ list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28,v29,v30
+ # Specifies from which version related link should appear
+ related:
+ link: v11
+ # Specifies from which version the app root change happened
+ app:
+ root: v11
+ # Specifies from which version the xml namespace changed
+ namespace:
+ change: v12
+ # Specifies from which version the edge label appeared in API
+ edge:
+ label: v12
+
+ # Specifies which clients should always default to realtime graph connection
+ realtime:
+ clients: SDNC,MSO,SO,robot-ete
+api_list:
+ - 11
+ - 12
+ - 13
+ - 14
+ - 15
+ - 16
+ - 17
+ - 18
+ - 19
+ - 20
+ - 21
+ - 22
+ - 23
+ - 24
+ - 25
+ - 26
+ - 27
+ - 28
+ - 29
+
+aai_enpoints:
+ - name: aai-cloudInfrastructure
+ url: cloud-infrastructure
+ - name: aai-business
+ url: business
+ - name: aai-actions
+ url: actions
+ - name: aai-service-design-and-creation
+ url: service-design-and-creation
+ - name: aai-network
+ url: network
+ - name: aai-externalSystem
+ url: external-system
+
+# application image
+image: onap/aai-resources:1.16.0
+pullPolicy: Always
+restartPolicy: Always
+flavor: small
+# default number of instances
+replicaCount: 1
+
+# number of ReplicaSets that should be retained for the Deployment
+revisionHistoryLimit: 1
+
+# the minimum number of seconds that a newly created Pod should be ready
+minReadySeconds: 30
+updateStrategy:
+ type: RollingUpdate
+ # The number of pods that can be unavailable during the update process
+ maxUnavailable: 0
+ # The number of pods that can be created above the desired amount of pods during an update
+ maxSurge: 1
+
+# Configuration for the resources deployment
+config:
+ janusgraph:
+ caching:
+ # enable when running read-heavy workloads
+ # modifications to graph done by this service/janusgraph instance will immediately invalidate the cache
+ # modifications to graph done by other services (traversal) will only be visible
+ # after time specified in db-cache-time
+ enabled: true
+ # Documentation: https://docs.janusgraph.org/operations/cache/#database-level-caching
+ dbCacheTime: 180000 # in milliseconds
+ dbCacheSize: 0.5 # percentage (expressed as a decimal between 0 and 1) of the total heap space available to the JVM running
+ dbCacheCleanWait: 20 # in milliseconds
+ # temporarily enable this to update the graph storage version
+ # see: https://docs.janusgraph.org/changelog/#upgrade-instructions_9
+ allowUpgrade: true
+
+
+
+ # Specifies crud related operation timeouts and overrides
+ crud:
+ timeout:
+ # Specifies if the timeout for REST GET calls should be enabled
+ enabled: true
+ # Specifies the timeout values for application specific
+ # Its a pipe seperated list where each element before comma represents
+ # the X-FromAppId and the comma after specifies the timeout limit in ms
+ # If the timeout limit is -1 then it means for these apps no timeout
+ appspecific: JUNITTESTAPP1,1|JUNITTESTAPP2,-1|DCAE-CCS,-1|DCAES,-1|AAIRctFeed,-1|NewvceCreator,-1|IANewvceCreator,-1|AAI-CSIOVALS,-1
+ # Specifies what is the maximum timeout limit in milliseconds
+ limit: 100000
+
+ # Specifies configuration for bulk apis
+ bulk:
+ # Specifies for a bulk payload how many transactions in total allowed
+ limit: 30
+ # Specifies if the bulk can be override and if it can the value
+ override: false
+
+ # environment variables added to the launch of the image in deployment
+ env:
+ MAX_METASPACE_SIZE: "512m"
+
+ # adds jvm args for remote debugging the application
+ debug:
+ enabled: false
+ args: "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005"
+
+ # adds jvm args for remote profiling the application
+ # port-forward, i.e:
+ # $ PODNAME=traversal
+ # $ kubectl -n ${NAMESPACE:=onap} port-forward pod/$(kubectl -n ${NAMESPACE:=onap}
+ # get pods | awk '{print $1}' | grep -m1 -e "$PODNAME") 9999:9999
+ profiling:
+ enabled: false
+ args:
+ - "-Dcom.sun.management.jmxremote"
+ - "-Dcom.sun.management.jmxremote.ssl=false"
+ - "-Dcom.sun.management.jmxremote.authenticate=false"
+ - "-Dcom.sun.management.jmxremote.local.only=false"
+ - "-Dcom.sun.management.jmxremote.port=9999"
+ - "-Dcom.sun.management.jmxremote.rmi.port=9999"
+ - "-Djava.rmi.server.hostname=127.0.0.1"
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ enabled: true
+ path: /actuator/health
+ periodSeconds: 10
+ timeoutSeconds: 3
+
+readiness:
+ path: /actuator/health/readiness
+ periodSeconds: 10
+ timeoutSeconds: 3
+
+startup:
+ path: /actuator/health/liveness
+ failureThreshold: 60
+ periodSeconds: 5
+ timeoutSeconds: 3
+
+actuator:
+ echo:
+ enabled: true
+
+service:
+ type: ClusterIP
+ resourcesPortName: http
+ resourcesPort: 8447
+ debugPortName: tcp-5005
+ debugPort: 5005
+ metricsPortName: metrics
+ metricsPort: 8448
+ profilingPortName: jmx-9999
+ profilingPort: 9999
+ terminationGracePeriodSeconds: 30
+ sessionAffinity: None
+
+ingress:
+ enabled: false
+
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: aai-read
+ - serviceAccount: consul-read
+
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ #
+ # Example:
+ # Configure resource requests and limits
+ # ref: http://kubernetes.io/docs/user-guide/compute-resources/
+ # Minimum memory for development is 2 CPU cores and 4GB memory
+ # Minimum memory for production is 4 CPU cores and 8GB memory
+resources:
+ small:
+ limits:
+ cpu: "2"
+ memory: "4Gi"
+ requests:
+ cpu: "1"
+ memory: "3Gi"
+ large:
+ limits:
+ cpu: "8"
+ memory: "8Gi"
+ requests:
+ cpu: "4"
+ memory: "6Gi"
+ unlimited: {}
+
+tracing:
+ ignorePatterns:
+ - /aai/util.*
+
+endpoints:
+ enabled: true
+ health:
+ enabled: true
+ info:
+ enabled: true
+
+autoscaling:
+ enabled: false
+ minReplicas: 1
+ maxReplicas: 3
+ targetCPUUtilizationPercentage: 80
+
+metrics:
+ serviceMonitor:
+ enabled: true
+ targetPort: 8448
+ path: /actuator/prometheus
+ basicAuth:
+ enabled: false
+ externalSecretName: mysecretname
+ externalSecretUserKey: login
+ externalSecretPasswordKey: password
+
+ ## Namespace in which Prometheus is running
+ ##
+ # namespace: monitoring
+
+ ## Interval at which metrics should be scraped.
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
+ ##
+ #interval: 30s
+
+ ## Timeout after which the scrape is ended
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
+ ##
+ # scrapeTimeout: 10s
+
+ ## ServiceMonitor selector labels
+ ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration
+ ##
+ selector:
+ app: '{{ include "common.name" . }}'
+ helm.sh/chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
+ app.kubernetes.io/instance: '{{ include "common.release" . }}'
+ app.kubernetes.io/managed-by: '{{ .Release.Service }}'
+
+ ## RelabelConfigs to apply to samples before scraping
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
+ ## Value is evalued as a template
+ ##
+ relabelings: []
+
+ ## MetricRelabelConfigs to apply to samples before ingestion
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
+ ## Value is evalued as a template
+ ##
+ metricRelabelings: []
+ # - sourceLabels:
+ # - "__name__"
+ # targetLabel: "__name__"
+ # action: replace
+ # regex: '(.*)'
+ # replacement: 'example_prefix_$1'
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: aai-resources
+ roles:
+ - read
+
+#Log configuration
+log:
+ path: /var/log/onap
+ level:
+ root: INFO
+ base: INFO # base package (org.onap.aai)
+ audit: WARN
+ dbMetric: WARN
+logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: aai-kafka-user
+ externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
+ type: genericKV
+ envs:
+ - name: sasl.jaas.config
+ value: '{{ .Values.config.someConfig }}'
+ policy: generate
+kafkaUser:
+ authenticationType: scram-sha-512
+ acls:
+ - name: AAI-EVENT
+ type: topic
+ operations: [Read, Write]
+
+volumes:
+ logSizeLimit: 50Mi
+ tmpSizeLimit: 100Mi
+
+securityContext:
+ user_id: 1000
+ group_id: 1000
+
+readinessCheck:
+ wait_for_migration:
+ jobs:
+ - '{{ include "common.release" . }}-aai-graphadmin-migration'
+ wait_for_createSchema:
+ jobs:
+ - '{{ include "common.release" . }}-aai-graphadmin-create-db-schema'
+ wait_for_cassandra:
+ services:
+ - '{{ .Values.global.cassandra.serviceName }}'
+ - aai-schema-service
+
+podAnnotations:
+ checksum/config: '{{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}'
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
--- /dev/null
+# Copyright © 2019 AT&T
+# Modifications Copyright © 2021 Orange
+# Modifications Copyright © 2021-2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+apiVersion: v2
+description: ONAP AAI Schema Service
+name: aai-schema-service
+version: 16.0.0
+
+dependencies:
+ - name: common
+ version: ~13.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~13.x-0
+ repository: '@local'
+ - name: serviceAccount
+ version: ~13.x-0
+ repository: '@local'
--- /dev/null
+{{/*
+#
+# ============LICENSE_START=======================================================
+# org.onap.aai
+# ================================================================================
+# Copyright © 2019 AT&T Intellectual Property. All rights reserved.
+# Modifications Copyright © 2023 Nordix Foundation
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+
+aai.server.url.base=http://aai.{{ include "common.namespace" . }}/aai/
+aai.server.url=http://aai.{{ include "common.namespace" . }}/aai/{{ .Values.global.config.schema.version.api.default }}/
+aai.global.callback.url=http://aai.{{ include "common.namespace" . }}/aai/
+
+{{ if or (.Values.global.auth.enabled) ( include "common.onServiceMesh" .) }}
+aai.tools.enableBasicAuth={{ .Values.global.auth.enabled }}
+aai.tools.username={{ (index .Values.global.auth.users 0).username }}
+aai.tools.password={{ (index .Values.global.auth.users 0).password }}
+{{ end }}
+
+aai.default.api.version={{ .Values.global.config.schema.version.api.default }}
+
+aai.logging.trace.enabled=true
+aai.logging.trace.logrequest=false
+aai.logging.trace.logresponse=false
+
+aai.transaction.logging=true
+aai.transaction.logging.get=false
+aai.transaction.logging.post=false
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# The following info parameters are being referenced by ajsc6
+*/}}
+info.build.artifact=aai-schema-service
+info.build.name=schema-service
+info.build.description=Schema Service Microservice
+info.build.version=1.1.0
+
+spring.application.name=aai-schema-service
+spring.jersey.type=filter
+spring.jersey.application-path=${schema.uri.base.path}
+spring.main.allow-bean-definition-overriding=true
+spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration
+spring.sleuth.enabled={{ .Values.global.tracing.enabled }}
+spring.zipkin.baseUrl={{ .Values.global.tracing.collector.baseUrl }}
+spring.sleuth.trace-id128=true
+spring.sleuth.sampler.probability={{ .Values.global.tracing.sampling.probability }}
+spring.sleuth.propagation.type=w3c, b3
+spring.sleuth.supports-join=false
+{{- if and .Values.tracing .Values.tracing.ignorePatterns }}
+spring.sleuth.web.skip-pattern={{ join "," .Values.tracing.ignorePatterns }}
+{{- end }}
+
+server.servlet.context-path=/
+server.tomcat.max-threads=200
+server.tomcat.min-Spare-Threads=25
+server.tomcat.max-idle-time=60000
+
+server.local.startpath=aai-schema-service/src/main/resources/
+
+server.port=8452
+security.require-ssl=false
+server.ssl.enabled=false
+
+schema.configuration.location=N/A
+schema.source.name={{ .Values.global.config.schema.source.name }}
+schema.nodes.location=${server.local.startpath}/schema/${schema.source.name}/oxm/
+schema.edges.location=${server.local.startpath}/schema/${schema.source.name}/dbedgerules/
+schema.query.location=${server.local.startpath}/schema/${schema.source.name}/query/
+
+schema.ingest.file=${server.local.startpath}/application.properties
+
+# Schema Version Related Attributes
+schema.uri.base.path={{ .Values.global.config.schema.uri.base.path }}/schema-service
+# Lists all of the versions in the schema
+schema.version.list={{ .Values.global.config.schema.version.list }}
+# Specifies from which version should the depth parameter to default to zero
+schema.version.depth.start={{ .Values.global.config.schema.version.depth }}
+# Specifies from which version should the related link be displayed in response payload
+schema.version.related.link.start={{ .Values.global.config.schema.version.related.link }}
+
+# Specifies from which version should the client see only the uri excluding host info
+# Before this version server base will also be included
+schema.version.app.root.start={{ .Values.global.config.schema.version.app.root }}
+# Specifies from which version should the namespace be changed
+schema.version.namespace.change.start={{ .Values.global.config.schema.version.namespace.change }}
+# Specifies from which version should the client start seeing the edge label in payload
+schema.version.edge.label.start={{ .Values.global.config.schema.version.edge.label }}
+# Specifies the version that the application should default to
+schema.version.api.default={{ .Values.global.config.schema.version.api.default }}
--- /dev/null
+{{/*
+<!--
+ ============LICENSE_START=======================================================
+ org.onap.aai
+ ================================================================================
+ Copyright © 2019 AT&T Intellectual Property. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ ============LICENSE_END=========================================================
+-->
+*/}}
+<configuration>
+ <property name="AJSC_HOME" value="${AJSC_HOME:-.}" />
+ <appender name="ACCESS"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log.%d{yyyy-MM-dd}
+ </fileNamePattern>
+ </rollingPolicy>
+ <encoder class="org.onap.aai.logging.CustomLogPatternLayoutEncoder">
+ <Pattern>%a %u %z [%t] "%m %U%q" %s %b %y %i{X-TransactionId} %i{X-FromAppId} %i{X-Forwarded-For} %i{X-AAI-SSL-Client-CN} %i{X-AAI-SSL-Client-OU} %i{X-AAI-SSL-Client-O} %i{X-AAI-SSL-Client-L} %i{X-AAI-SSL-Client-ST} %i{X-AAI-SSL-Client-C} %i{X-AAI-SSL-Client-NotBefore} %i{X-AAI-SSL-Client-NotAfter} %i{X-AAI-SSL-Client-DN} %D</Pattern>
+ </encoder>
+ </appender>
+ <appender-ref ref="ACCESS" />
+</configuration>
+{{/*
+<!--
+%a - Remote IP address
+%A - Local IP address
+%b - Bytes sent, excluding HTTP headers, or '-' if no bytes were sent
+%B - Bytes sent, excluding HTTP headers
+%h - Remote host name
+%H - Request protocol
+%l - Remote logical username from identd (always returns '-')
+%m - Request method
+%p - Local port
+%q - Query string (prepended with a '?' if it exists, otherwise an empty string
+%r - First line of the request
+%s - HTTP status code of the response
+%S - User session ID
+%t - Date and time, in Common Log Format format
+%u - Remote user that was authenticated
+%U - Requested URL path
+%v - Local server name
+%I - current request thread name (can compare later with stacktraces)
+
+%z - Custom pattern that parses the cert for the subject
+%y - Custom pattern determines rest or dme2
+ -->
+*/}}
--- /dev/null
+{{/*
+<!--
+
+ ============LICENSE_START=======================================================
+ org.onap.aai
+ ================================================================================
+ Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ ============LICENSE_END=========================================================
+
+ ECOMP is a trademark and service mark of AT&T Intellectual Property.
+
+-->
+*/}}
+<configuration scan="true" scanPeriod="60 seconds" debug="false">
+ <statusListener class="ch.qos.logback.core.status.NopStatusListener"/>
+
+ <property resource="application.properties"/>
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder class="net.logstash.logback.encoder.LoggingEventCompositeJsonEncoder">
+ <providers>
+ <timestamp><fieldName>timestamp</fieldName></timestamp>
+ <message/>
+ <mdc>
+ <fieldName>context</fieldName>
+ <excludeMdcKeyName>ServerIPAddress</excludeMdcKeyName>
+ <excludeMdcKeyName>EntryTimestamp</excludeMdcKeyName>
+ <excludeMdcKeyName>InvokeTimestamp</excludeMdcKeyName>
+ <excludeMdcKeyName>ErrorCode</excludeMdcKeyName>
+ <excludeMdcKeyName>ErrorDesc</excludeMdcKeyName>
+ </mdc>
+ <stackTrace>
+ <fieldName>exception</fieldName>
+ <throwableConverter class="net.logstash.logback.stacktrace.ShortenedThrowableConverter">
+ <exclude>^sun\.reflect\..*\.invoke</exclude>
+ <exclude>^net\.sf\.cglib\.proxy\.MethodProxy\.invoke</exclude>
+ <rootCauseFirst>true</rootCauseFirst>
+ </throwableConverter>
+ </stackTrace>
+ <threadName><fieldName>thread</fieldName></threadName>
+ <loggerName>
+ <fieldName>logger</fieldName>
+ <shortenedLoggerNameLength>36</shortenedLoggerNameLength>
+ </loggerName>
+ <logLevel/>
+ </providers>
+ </encoder>
+ </appender>
+
+ <logger name="org.onap.aai" level={{ .Values.log.level.base | upper | quote }} additivity="false">
+ <appender-ref ref="STDOUT"/>
+ </logger>
+
+ <!-- Spring related loggers -->
+ <logger name="org.springframework" level="WARN"/>
+ <logger name="org.springframework.beans" level="WARN"/>
+ <logger name="org.springframework.web" level="WARN"/>
+ <logger name="com.blog.spring.jms" level="WARN"/>
+ <logger name="com.jayway.jsonpath" level="WARN"/>
+
+ <!-- AJSC related loggers (DME2 Registration, csi logging, restlet, servlet
+ logging) -->
+ <logger name="org.codehaus.groovy" level="WARN"/>
+ <logger name="com.netflix.loadbalancer" level="WARN"/>
+
+ <logger name="org.apache.zookeeper" level="OFF"/>
+
+ <!-- Other Loggers that may help troubleshoot -->
+ <logger name="net.sf" level="WARN"/>
+ <logger name="org.apache.commons.httpclient" level="WARN"/>
+ <logger name="org.apache.commons" level="WARN"/>
+ <logger name="org.apache.coyote" level="WARN"/>
+ <logger name="org.apache.jasper" level="WARN"/>
+
+ <!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging.
+ May aid in troubleshooting) -->
+ <logger name="org.apache.camel" level="WARN"/>
+ <logger name="org.apache.cxf" level="WARN"/>
+ <logger name="org.apache.camel.processor.interceptor" level="WARN"/>
+ <logger name="org.apache.cxf.jaxrs.interceptor" level="WARN"/>
+ <logger name="org.apache.cxf.service" level="WARN"/>
+ <logger name="org.restlet" level="WARN"/>
+ <logger name="org.apache.camel.component.restlet" level="WARN"/>
+
+ <logger name="org.hibernate.validator" level="WARN"/>
+ <logger name="org.hibernate" level="WARN"/>
+ <logger name="org.hibernate.ejb" level="OFF"/>
+
+ <!-- logback internals logging -->
+ <logger name="ch.qos.logback.classic" level="WARN"/>
+ <logger name="ch.qos.logback.core" level="WARN"/>
+
+ <logger name="org.eclipse.jetty" level="WARN"/>
+
+
+ <logger name="org.onap.aai.aailog.logs.AaiScheduledTaskAuditLog" level="INFO">
+ <appender-ref ref="STDOUT"/>
+ </logger>
+
+ <logger name="org.onap.logging.filter.base.AbstractAuditLogFilter" level="INFO">
+ <appender-ref ref="STDOUT"/>
+ </logger>
+
+ <logger name="org.onap.aai.logging.ErrorLogHelper" level="WARN">
+ <appender-ref ref="STDOUT"/>
+ </logger>
+ <logger name="org.onap.aai.schemaservice.interceptors.post" level="DEBUG" additivity="false">
+ <appender-ref ref="STDOUT"/>
+ </logger>
+
+ <logger name="org.apache" level="OFF"/>
+ <logger name="org.zookeeper" level="OFF"/>
+ <logger name="org.janusgraph" level="WARN"/>
+ <logger name="com.att.aft.dme2" level="WARN"/>
+
+
+ <root level={{ .Values.log.level.root | upper | quote }}>
+ <appender-ref ref="STDOUT" />
+ </root>
+</configuration>
--- /dev/null
+AAI:OBF:1gfr1ev31gg7,admin
+MSO:OBF:1jzx1lz31k01,admin
+SDNC:OBF:1itr1i0l1i151isv,admin
+DCAE:OBF:1g8u1f9d1f991g8w,admin
+POLICY:OBF:1mk61i171ima1im41i0j1mko,admin
+ASDC:OBF:1f991j0u1j001f9d,admin
+ModelLoader:OBF:1qvu1v2h1sov1sar1wfw1j7j1wg21saj1sov1v1x1qxw,admin
+AaiUI:OBF:1gfr1p571unz1p4j1gg7,admin
+OOF:OBF:1img1ke71ily,admin
+aai@aai.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+aai-graphadmin@aai-graphadmin.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+so@so.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+sdnc@sdnc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+dcae@dcae.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+policy@policy.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+sdc@sdc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+oof@oof.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+pomba@pomba.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+vfc@vfc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-log
+ namespace: {{ include "common.namespace" . }}
+ labels: {{- include "common.labels" . | nindent 4 }}
+data:
+{{ tpl (.Files.Glob "config/logback.xml").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-localhost-access-log
+ namespace: {{ include "common.namespace" . }}
+ labels: {{- include "common.labels" . | nindent 4 }}
+data:
+{{ tpl (.Files.Glob "config/localhost-access-logback.xml").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-aaiconfig
+ namespace: {{ include "common.namespace" . }}
+ labels: {{- include "common.labels" . | nindent 4 }}
+data:
+{{ tpl (.Files.Glob "config/aaiconfig.properties").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-springapp
+ namespace: {{ include "common.namespace" . }}
+ labels: {{- include "common.labels" . | nindent 4 }}
+data:
+{{ tpl (.Files.Glob "config/application.properties").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2020 Orange
+# Modifications Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" (dict "dot" . "suffix" "" "labels" .Values.labels "annotations" .Values.annotations ) | nindent 2 }}
+spec:
+ {{- if .Values.debug.enabled }}
+ replicas: 1
+ {{- else }}
+ replicas: {{ .Values.replicaCount }}
+ {{- end }}
+ revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
+ strategy:
+ type: {{ .Values.updateStrategy.type }}
+ {{- if (eq "RollingUpdate" .Values.updateStrategy.type) }}
+ rollingUpdate:
+ maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ .Values.updateStrategy.maxSurge }}
+ {{- end }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
+ initContainers:
+ - command: ["cp", "-R", "/opt/app/aai-schema-service/.", "/opt/app/aai-schema-service_rw/"]
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: copy-base-folder
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
+ resources:
+ limits:
+ cpu: 100m
+ memory: 200Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
+ volumeMounts:
+ - mountPath: /opt/app/aai-schema-service_rw
+ name: aai-schema-service
+ - mountPath: /tmp
+ name: tmp-volume
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
+ env:
+ {{- if .Values.profiling.enabled }}
+ - name: PRE_JVM_ARGS
+ value: '{{ join " " .Values.profiling.args }}'
+ {{- end }}
+ {{- if .Values.debug.enabled }}
+ - name: POST_JAVA_OPTS
+ value: {{ .Values.debug.args | quote }}
+ {{- end }}
+ volumeMounts:
+ - mountPath: /opt/app/aai-schema-service
+ name: aai-schema-service
+ - mountPath: /opt/app/aai-schema-service/resources/etc/appprops/aaiconfig.properties
+ name: aaiconfig-conf
+ subPath: aaiconfig.properties
+ - mountPath: /opt/aai/logroot/AAI-SS
+ name: logs
+ - mountPath: /opt/app/aai-schema-service/resources/logback.xml
+ name: log-conf
+ subPath: logback.xml
+ - mountPath: /opt/app/aai-schema-service/resources/localhost-access-logback.xml
+ name: localhost-access-log-conf
+ subPath: localhost-access-logback.xml
+ - mountPath: /opt/app/aai-schema-service/resources/application.properties
+ name: springapp-conf
+ subPath: application.properties
+ - mountPath: /tmp
+ name: tmp-volume
+ ports:
+ - containerPort: {{ .Values.service.appPort }}
+ name: {{ .Values.service.appPortName }}
+ {{- if .Values.debug.enabled }}
+ - containerPort: {{ .Values.service.debugPort }}
+ name: {{ .Values.service.debugPortName }}
+ {{- end }}
+ {{- if .Values.profiling.enabled }}
+ - containerPort: {{ .Values.service.profilingPort }}
+ name: {{ .Values.service.profilingPortName }}
+ {{- end }}
+ # disable liveness probe when
+ # debugging.enabled=true or profiling.enabled=true
+ {{- if and .Values.liveness.enabled (not (or .Values.debug.enabled .Values.profiling.enabled)) }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.appPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.appPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ resources: {{ include "common.resources" . | nindent 10 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+ {{- end }}
+
+ # side car containers
+ {{ include "common.log.sidecar" . | nindent 6 }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
+ volumes:
+ - name: aai-schema-service
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.aaiSizeLimit }}
+ - name: tmp-volume
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.aaiSizeLimit }}
+ - name: logs
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.logSizeLimit }}
+ {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
+ - name: log-conf
+ configMap:
+ name: {{ include "common.fullname" . }}-log
+ - name: localhost-access-log-conf
+ configMap:
+ name: {{ include "common.fullname" . }}-localhost-access-log
+ - name: springapp-conf
+ configMap:
+ name: {{ include "common.fullname" . }}-springapp
+ - name: aaiconfig-conf
+ configMap:
+ name: {{ include "common.fullname" . }}-aaiconfig
+ restartPolicy: {{ .Values.restartPolicy }}
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels: {{- include "common.labels" . | nindent 4 }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.appPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.appPortName }}
+ targetPort: {{ .Values.service.appPortName }}
+ - port: {{ .Values.service.debugPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
+ name: {{ .Values.service.debugPortName }}
+ targetPort: {{ .Values.service.debugPortName }}
+ {{- else -}}
+ - port: {{ .Values.service.appPort }}
+ name: {{ .Values.service.appPortName }}
+ targetPort: {{ .Values.service.appPortName }}
+ - port: {{ .Values.service.debugPort }}
+ name: {{ .Values.service.debugPortName }}
+ targetPort: {{ .Values.service.debugPortName }}
+ {{- end }}
+ selector: {{- include "common.matchLabels" . | nindent 4 }}
--- /dev/null
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright © 2020 Orange
+# Modifications Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Default values for resources.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+global: # global defaults
+ nodePortPrefix: 302
+ tracing:
+ enabled: false
+ collector:
+ baseUrl: http://jaeger-collector.istio-config:9411
+ sampling:
+ probability: 1.0 # percentage of requests that are sampled (between 0-1/0%-100%)
+
+ # Specifies if basic authorization is enabled
+ auth:
+ enabled: true
+ users:
+ - username: AAI
+ password: AAI
+ # Common configuration for resources traversal and graphadmin
+ config:
+ # Schema specific properties that include supported versions of api
+ schema:
+ source:
+ # Specifies which folder to take a look at
+ name: onap
+ uri:
+ # Base URI Path of the application
+ base:
+ path: /aai
+ version:
+ # Current version of the REST API
+ api:
+ default: v30
+ # Specifies which version the depth parameter is configurable
+ depth: v11
+ # List of all the supported versions of the API
+ list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28,v29,v30
+ # Specifies from which version related link should appear
+ related:
+ link: v11
+ # Specifies from which version the app root change happened
+ app:
+ root: v11
+ # Specifies from which version the xml namespace changed
+ namespace:
+ change: v12
+ # Specifies from which version the edge label appeared in API
+ edge:
+ label: v12
+
+# application image
+image: onap/aai-schema-service:1.12.11
+pullPolicy: Always
+restartPolicy: Always
+flavor: small
+# default number of instances
+replicaCount: 1
+
+# adds jvm args for remote debugging the application
+debug:
+ enabled: false
+ args: "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005"
+
+# adds jvm args for remote profiling the application
+profiling:
+ enabled: false
+ args:
+ - "-Dcom.sun.management.jmxremote"
+ - "-Dcom.sun.management.jmxremote.ssl=false"
+ - "-Dcom.sun.management.jmxremote.authenticate=false"
+ - "-Dcom.sun.management.jmxremote.local.only=false"
+ - "-Dcom.sun.management.jmxremote.port=9999"
+ - "-Dcom.sun.management.jmxremote.rmi.port=9999"
+ - "-Djava.rmi.server.hostname=127.0.0.1"
+
+# number of ReplicaSets that should be retained for the Deployment
+revisionHistoryLimit: 1
+
+updateStrategy:
+ type: RollingUpdate
+ maxUnavailable: 0
+ maxSurge: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ enabled: true
+ initialDelaySeconds: 60
+ periodSeconds: 60
+
+readiness:
+ initialDelaySeconds: 60
+ periodSeconds: 10
+
+service:
+ type: ClusterIP
+ appPortName: http
+ appPort: 8452
+ debugPortName: tcp-5005
+ debugPort: 5005
+ profilingPortName: jmx-9999
+ profilingPort: 9999
+
+ingress:
+ enabled: false
+
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: aai-graphadmin-read
+ - serviceAccount: aai-resources-read
+ - serviceAccount: aai-traversal-read
+
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ #
+ # Example:
+ # Configure resource requests and limits
+ # ref: http://kubernetes.io/docs/user-guide/compute-resources/
+ # Minimum memory for development is 2 CPU cores and 4GB memory
+ # Minimum memory for production is 4 CPU cores and 8GB memory
+#resources:
+# limits:
+# cpu: "2"
+# memory: "4Gi"
+# requests:
+# cpu: "2"
+# memory: "4Gi"
+resources:
+ small:
+ limits:
+ cpu: "2"
+ memory: "4Gi"
+ requests:
+ cpu: "1"
+ memory: "3Gi"
+ large:
+ limits:
+ cpu: "4"
+ memory: "8Gi"
+ requests:
+ cpu: "2"
+ memory: "4Gi"
+ unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: aai-schema-service
+ roles:
+ - read
+
+# Not fully used for now
+securityContext:
+ user_id: 1000
+ group_id: 1000
+
+#Log configuration
+log:
+ path: /var/log/onap
+ level:
+ root: INFO
+ base: INFO # base package (org.onap.aai)
+logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
+
+volumes:
+ logSizeLimit: 50Mi
+ aaiSizeLimit: 150Mi
+
+podAnnotations:
+ checksum/config: '{{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}'
+
+tracing: {}
+ # ignorePatterns:
+ # - ""
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
--- /dev/null
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright © 2021 Orange
+# Modifications Copyright © 2021-2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v2
+description: ONAP AAI sparky-be
+name: aai-sparky-be
+version: 16.0.0
+
+dependencies:
+ - name: common
+ version: ~13.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~13.x-0
+ repository: '@local'
+ - name: serviceAccount
+ version: ~13.x-0
+ repository: '@local'
+ - name: readinessCheck
+ version: ~13.x-0
+ repository: '@local'
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+oxm.apiVersion=v14
+oxm.apiVersionList=v8,v9,v10,v11,v12,v13,v14
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+oxm.apiVersionOverride=v14
+oxm.apiVersionList=v8,v9,v10,v11,v12,v13,v14
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+oxm.schemaNodeDir=/opt/app/sparky/onap/oxm
+#schemaServiceTranslator is used to define whether to retreive the oxm from schema service microservice or read from the disk, possible values are schema-service/config
+oxm.schemaServiceTranslatorList=config
+# The end point for onap is https://<hostname>:<port>/onap/schema-service/v1/
+
+oxm.schemaServiceBaseUrl=http://<schema-service/config>/aai/schema-service/v1/
+
+
+
+# Schema Service need this variable for the time being
+spring.applicationName=sparky
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+resources.hostname=aai
+
+resources.port=80
+resources.authType=HTTP_NOAUTH
--- /dev/null
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+server.port=8000
+security.require-ssl=false
+server.ssl.enabled=false
--- /dev/null
+aggregationSyncEnabled=true
+historicalEntitySyncEnabled=true
+autoSuggestSyncEnabled=true
+vnfAliasSyncEnabled=true
+geoSyncEnabled=true
+viewInspectSyncEnabled=true
--- /dev/null
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#
+# disable the default thyme leaf icon on web-pages
+#
+spring.mvc.favicon.enabled=false
+
+#
+# to switch to http, remove ssl and put http
+# and in the values.yaml change the internalPort to 9517
+#
+
+spring.profiles.active=camel,fe-prod,oxm-schema-prod,oxm-default,resources,aai-proxy,http
+
+portal.cadiFileLocation={{.Values.config.cadiFileLocation}}
+searchservice.hostname={{.Values.global.searchData.serviceName}}
+searchservice.port=9509
+
+schema.ingest.file=${CONFIG_HOME}/schemaIngest.properties
+
+# Properties for the SchemaLocationsBean
+# Files named aai_oxm_v*.xml are unpacked here:
+# Schema Version Related Attributes
+schema.uri.base.path=/aai
+# Lists all of the versions in the schema
+schema.version.list=v9,v10,v11,v12,v13,v14
+# Specifies from which version should the depth parameter to default to zero
+schema.version.depth.start=v10
+# Specifies from which version should the related link be displayed in response payload
+schema.version.related.link.start=v10
+# Specifies from which version should the client see only the uri excluding host info
+# Before this version server base will also be included
+schema.version.app.root.start=v11
+# Specifies from which version should the namespace be changed
+schema.version.namespace.change.start=v12
+# Specifies from which version should the client start seeing the edge label in payload
+schema.version.edge.label.start=v12
+# Specifies the version that the application should default to
+schema.version.api.default=v14
+# Schema Location Related Attributes
+schema.configuration.location=NA
+# New propterties required by the aai-common - aai-schema-ingest lib as of 1.3.0
+schema.configuration.location=N/A
+schema.nodes.location=${APP_HOME}/onap/oxm
+schema.edges.location=
+# Setting this values to ${oxm.apiVersion} only to ensure the value used exists (we don't use this properties in our application)
+# schema.version.depth.start=${oxm.apiVersion}
+# schema.version.related.link.start=${oxm.apiVersion}
+# schema.version.app.root.start=${oxm.apiVersion}
+# schema.version.namespace.change.start=${oxm.apiVersion}
+# schema.version.edge.label.start=${oxm.apiVersion}
+# Properties required by AAI Schema Service MS
+schema.translator.list=config
+schema.service.base.url=${oxm.schemaServiceBaseUrl}
+schema.service.nodes.endpoint=nodes?version=
+schema.service.edges.endpoint=edgerules?version=
+schema.service.versions.endpoint=versions
+schema.local=true
+schema.filename=mockrequests
+#Default rest client is the two-way-ssl
+#schema.service.client=two-way-ssl
+#Replace the below with the A&AI client key store
+schema.service.ssl.key-store=${oxm.schemaServiceKeystore}
+#Replace the below with the A&AI tomcat trust store
+schema.service.ssl.trust-store=${oxm.schemaServiceTruststore}
+schema.service.ssl.key-store-password=${oxm.schemaServiceKeystorePassword}
+schema.service.ssl.trust-store-password=${oxm.schemaServiceTruststorePassword}
+spring.application.name=sparky
+nodeDir=src/main/resources/schema/onap/oxm/
+edgeDir=src/main/resources/schema/onap/oxm
+schemaIngestPropLoc=src/main/resources/schema/onap/oxm
--- /dev/null
+<configuration scan="true" scanPeriod="3 seconds" debug="false">
+<!--{{/*
+ # Copyright © 2018 AT&T
+ # Copyright © 2021 Orange
+ #
+ # Licensed under the Apache License, Version 2.0 (the "License");
+ # you may not use this file except in compliance with the License.
+ # You may obtain a copy of the License at
+ #
+ # http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # Unless required by applicable law or agreed to in writing, software
+ # distributed under the License is distributed on an "AS IS" BASIS,
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+ */}}-->
+<!--<jmxConfigurator /> -->
+<!-- directory path for all other type logs -->
+
+<property name="logDir" value="/var/log/onap" />
+
+<!-- <ECOMP-component-name>::= "MSO" | "DCAE" | "ASDC " | "AAI" |"Policy"
+ | "SDNC" | "AC" -->
+<property name="componentName" value="AAI-UI"></property>
+
+<!-- default eelf log file names -->
+<property name="generalLogName" value="error" />
+<property name="metricsLogName" value="metrics" />
+<property name="auditLogName" value="audit" />
+<property name="debugLogName" value="debug" />
+
+<property name="errorLogPattern" value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{RequestId}|%thread|AAIUI|%mdc{PartnerName}|%logger|%.-5level|%msg%n" />
+<property name="auditMetricPattern" value="%m%n" />
+
+<property name="logDirectory" value="${logDir}/${componentName}" />
+
+
+<!-- Example evaluator filter applied against console appender -->
+<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <pattern>${errorLogPattern}</pattern>
+ </encoder>
+</appender>
+
+<!-- ============================================================================ -->
+<!-- EELF Appenders -->
+<!-- ============================================================================ -->
+
+<!-- The EELFAppender is used to record events to the general application
+ log -->
+
+<appender name="EELF" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${generalLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.log.zip
+</fileNamePattern>
+ <maxHistory>60</maxHistory>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${errorLogPattern}</pattern>
+ </encoder>
+</appender>
+<appender name="asyncEELF" class="ch.qos.logback.classic.AsyncAppender">
+ <!-- deny all events with a level below INFO, that is TRACE and DEBUG -->
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>INFO</level>
+ </filter>
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELF" />
+</appender>
+
+
+<!-- EELF Audit Appender. This appender is used to record audit engine related
+ logging events. The audit logger and appender are specializations of the
+ EELF application root logger and appender. This can be used to segregate
+ Policy engine events from other components, or it can be eliminated to record
+ these events as part of the application root log. -->
+
+<appender name="EELFAudit" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${auditLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.log.zip
+</fileNamePattern>
+ <maxHistory>60</maxHistory>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${auditMetricPattern}</pattern>
+ </encoder>
+</appender>
+<appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFAudit" />
+</appender>
+
+<appender name="EELFMetrics" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${metricsLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.log.zip
+</fileNamePattern>
+ <maxHistory>60</maxHistory>
+ </rollingPolicy>
+ <encoder>
+ <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n"</pattern> -->
+ <pattern>${auditMetricPattern}</pattern>
+ </encoder>
+</appender>
+
+
+<appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFMetrics" />
+</appender>
+
+<appender name="EELFDebug" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${debugLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.log.zip
+</fileNamePattern>
+ <maxHistory>60</maxHistory>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${errorLogPattern}</pattern>
+ </encoder>
+</appender>
+
+<appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFDebug" />
+ <includeCallerData>false</includeCallerData>
+</appender>
+
+<!-- ============================================================================ -->
+<!-- EELF loggers -->
+<!-- ============================================================================ -->
+<logger name="com.att.eelf" level="info" additivity="false">
+ <appender-ref ref="asyncEELF" />
+ <appender-ref ref="asyncEELFDebug" />
+ <appender-ref ref="STDOUT" />
+</logger>
+
+<logger name="com.att.eelf.audit" level="info" additivity="false">
+ <appender-ref ref="asyncEELFAudit" />
+</logger>
+<logger name="com.att.eelf.metrics" level="info" additivity="false">
+ <appender-ref ref="asyncEELFMetrics" />
+</logger>
+
+<!-- Spring related loggers -->
+<logger name="org.springframework" level="WARN" />
+<logger name="org.springframework.beans" level="WARN" />
+<logger name="org.springframework.web" level="WARN" />
+<logger name="com.blog.spring.jms" level="WARN" />
+
+<!-- Sparky loggers -->
+<logger name="org.onap" level="INFO">
+ <appender-ref ref="STDOUT" />
+</logger>
+
+<!-- Other Loggers that may help troubleshoot -->
+<logger name="net.sf" level="WARN" />
+<logger name="org.apache.commons.httpclient" level="WARN" />
+<logger name="org.apache.commons" level="WARN" />
+<logger name="org.apache.coyote" level="WARN" />
+<logger name="org.apache.jasper" level="WARN" />
+
+<!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging.
+ May aid in troubleshooting) -->
+<logger name="org.apache.camel" level="WARN" />
+<logger name="org.apache.cxf" level="WARN" />
+<logger name="org.apache.camel.processor.interceptor" level="WARN" />
+<logger name="org.apache.cxf.jaxrs.interceptor" level="WARN" />
+<logger name="org.apache.cxf.service" level="WARN" />
+<logger name="org.restlet" level="WARN" />
+<logger name="org.apache.camel.component.restlet" level="WARN" />
+
+<!-- logback internals logging -->
+<logger name="ch.qos.logback.classic" level="WARN" />
+<logger name="ch.qos.logback.core" level="WARN" />
+
+<root>
+ <appender-ref ref="asyncEELF" />
+ <appender-ref ref="STDOUT" />
+ <!-- <appender-ref ref="asyncEELFDebug" /> -->
+</root>
+
+</configuration>
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+[
+ {
+ "id":1,
+ "name":"View"
+ }
+]
--- /dev/null
+[{
+ "orgId": null,
+ "managerId": null,
+ "firstName": "Demo",
+ "middleInitial": null,
+ "lastName": "User",
+ "phone": null,
+ "email": "demo@email.com",
+ "hrid": null,
+ "orgUserId": "demo",
+ "orgCode": null,
+ "orgManagerUserId": null,
+ "jobTitle": null,
+ "loginId": "demo",
+ "active": false,
+ "roles": [{
+ "id": 1,
+ "name": "View"
+ }]
+}]
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+global.login.url=aaiportal.onap.org
+
+# MOTS ID of the application
+application.id=12345
+
+# valid domains for open redirect
+redirect-domain=domain.com
+
+# Required by esGateKeeper. Valid values are:
+# DEVL - used during development
+# PROD - used in production
+gatekeeper.environment=TEST
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+data:
+{{ tpl (.Files.Glob "resources/config/application/*").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2020 Nokia
+# Modifications Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" (dict "annotations" .Values.annotations "dot" .) | nindent 2 }}
+spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ {{- if .Values.debug.enabled }}
+ replicas: 1
+ {{- else }}
+ replicas: {{ .Values.replicaCount }}
+ {{- end }}
+ revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
+ strategy:
+ type: {{ .Values.updateStrategy.type }}
+ {{- if (eq "RollingUpdate" .Values.updateStrategy.type) }}
+ rollingUpdate:
+ maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ .Values.updateStrategy.maxSurge }}
+ {{- end }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
+ initContainers:
+ {{ include "common.readinessCheck.waitFor" . | nindent 8 }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
+ volumeMounts:
+ - mountPath: {{ .Values.log.path }}
+ name: logs
+ - mountPath: /opt/app/sparky/config/application.properties
+ name: config
+ subPath: application.properties
+ - mountPath: /opt/app/sparky/config/application-resources.properties
+ name: config
+ subPath: application-resources.properties
+ - mountPath: /opt/app/sparky/config/application-ssl.properties
+ name: config
+ subPath: application-ssl.properties
+ - mountPath: /opt/app/sparky/config/application-oxm-default.properties
+ name: config
+ subPath: application-oxm-default.properties
+ - mountPath: /opt/app/sparky/config/application-oxm-override.properties
+ name: config
+ subPath: application-oxm-override.properties
+ - mountPath: /opt/app/sparky/config/application-oxm-schema-prod.properties
+ name: config
+ subPath: application-oxm-schema-prod.properties
+ - mountPath: /opt/app/sparky/config/roles.config
+ name: config
+ subPath: roles.config
+ - mountPath: /opt/app/sparky/config/users.config
+ name: config
+ subPath: users.config
+ - mountPath: /opt/app/sparky/config/logging/logback.xml
+ name: config
+ subPath: logback.xml
+ - mountPath: /tmp
+ name: tmp-volume
+ ports:
+ {{- if .Values.debug.enabled }}
+ - containerPort: {{ .Values.debug.port }}
+ name: {{ .Values.debug.portName }}
+ {{- end }}
+ {{- if .Values.profiling.enabled }}
+ - containerPort: {{ .Values.profiling.port }}
+ name: {{ .Values.profiling.portName }}
+ {{- end }}
+ {{ include "common.containerPorts" . | nindent 10 }}
+ env:
+ {{- if .Values.config.env }}
+ {{- range $key,$value := .Values.config.env }}
+ - name: {{ $key | upper | quote}}
+ value: {{ $value | quote}}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.profiling.enabled }}
+ - name: PRE_JVM_ARGS
+ value: '{{ join " " .Values.profiling.args }}'
+ {{- end }}
+ {{- if .Values.debug.enabled }}
+ - name: JVM_ARGS
+ value: {{ .Values.debug.args | quote }}
+ {{- end }}
+ # disable liveness probe when
+ # debugging.enabled=true or profiling.enabled=true
+ {{- if and .Values.liveness.enabled (not (or .Values.debug.enabled .Values.profiling.enabled)) }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{- end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ startupProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ failureThreshold: {{ .Values.startup.failureThreshold }}
+ periodSeconds: {{ .Values.startup.periodSeconds }}
+ resources: {{ include "common.resources" . | nindent 10 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+ {{- end }}
+
+ # side car containers
+ {{ include "common.log.sidecar" . | nindent 6 }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
+ volumes:
+ - name: config
+ configMap:
+ name: {{ include "common.fullname" . }}
+ - name: logs
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.logSizeLimit }}
+ {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
+ - name: modeldir
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.modeldirSizeLimit }}
+ - name: tmp-volume
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.tmpSizeLimit }}
+ restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }}
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
--- /dev/null
+{{ include "common.ingress" . }}
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.service" . }}
--- /dev/null
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright © 2020 Nokia, Orange
+# Modifications Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Default values for sparky-be.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+global: # global defaults
+ nodePortPrefix: 302
+ aai:
+ serviceName: aai
+ aaiElasticsearch:
+ serviceName: aai-elasticsearch
+ gizmo:
+ serviceName: aai-gizmo
+ searchData:
+ serviceName: aai-search-data
+
+# application image
+image: onap/sparky-be:2.1.0
+pullPolicy: Always
+restartPolicy: Always
+flavor: small
+dockerhubRepository: registry.hub.docker.com
+
+# application configuration
+config:
+ elasticsearchHttpPort: 9200
+ gerritBranch: 3.0.0-ONAP
+ gerritProject: http://gerrit.onap.org/r/aai/test-config
+ portalUsername: aaiui
+ portalPassword: OBF:1t2v1vfv1unz1vgz1t3b # aaiui
+ portalCookieName: UserId
+ portalAppRoles: ui_view
+ cookieDecryptorClass: org.onap.aai.sparky.security.BaseCookieDecryptor
+ env:
+ JVM_ARGS: -XX:MaxRAMPercentage=50.0
+
+# ONAP Cookie Processing - During initial development, the following flag, if true, will
+# prevent the portal interface's login processing from searching for a user
+# specific cookie, and will instead allow passage if a valid session cookie is discovered.
+ portalOnapEnabled: true
+#
+
+# adds jvm args for remote debugging the application
+debug:
+ enabled: false
+ args: "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005"
+ port: 5555
+ portName: debug
+
+# adds jvm args for remote profiling the application
+profiling:
+ enabled: false
+ args:
+ - "-Dcom.sun.management.jmxremote"
+ - "-Dcom.sun.management.jmxremote.ssl=false"
+ - "-Dcom.sun.management.jmxremote.authenticate=false"
+ - "-Dcom.sun.management.jmxremote.local.only=false"
+ - "-Dcom.sun.management.jmxremote.port=9999"
+ - "-Dcom.sun.management.jmxremote.rmi.port=9999"
+ - "-Djava.rmi.server.hostname=127.0.0.1"
+ port: 9999
+ portName: jmx
+
+# default number of instances
+replicaCount: 1
+
+# number of ReplicaSets that should be retained for the Deployment
+revisionHistoryLimit: 1
+
+updateStrategy:
+ type: RollingUpdate
+ maxUnavailable: 0
+ maxSurge: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+
+startup:
+ failureThreshold: 90
+ periodSeconds: 1
+
+service:
+ type: NodePort
+ internalPort: 9517
+ ports:
+ - name: http
+ port: 8000
+ internal_port: 9517
+ nodePort: 20
+
+ingress:
+ enabled: false
+ service:
+ - baseaddr: "aai-sparkybe-api"
+ name: "aai-sparky-be"
+ port: 8000
+ config:
+ ssl: "redirect"
+
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: istio-ingress
+ namespace: istio-ingress
+
+podAnnotations:
+ sidecar.istio.io/rewriteAppHTTPProbers: "false"
+ checksum/config: '{{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}'
+
+# Configure resource requests and limits
+# ref: http://kubernetes.io/docs/user-guide/compute-resources/
+resources:
+ small:
+ limits:
+ cpu: "500m"
+ memory: "2Gi"
+ requests:
+ cpu: "250m"
+ memory: "1Gi"
+ large:
+ limits:
+ cpu: "1"
+ memory: "4Gi"
+ requests:
+ cpu: "500m"
+ memory: "2Gi"
+ unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: aai-sparky-be
+ roles:
+ - read
+
+#Log configuration
+log:
+ path: /var/log/onap
+logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
+
+volumes:
+ logSizeLimit: 64Mi
+ modeldirSizeLimit: 64Mi
+ tmpSizeLimit: 64Mi
+
+securityContext:
+ user_id: 1000
+ group_id: 1000
+
+readinessCheck:
+ wait_for:
+ services:
+ - aai
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
--- /dev/null
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright © 2021 Orange
+# Modifications Copyright © 2021-2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v2
+description: ONAP AAI traversal
+name: aai-traversal
+version: 16.0.0
+
+dependencies:
+ - name: common
+ version: ~13.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~13.x-0
+ repository: '@local'
+ - name: serviceAccount
+ version: ~13.x-0
+ repository: '@local'
+ - name: readinessCheck
+ version: ~13.x-0
+ repository: '@local'
--- /dev/null
+{{/*
+#
+# ============LICENSE_START=======================================================
+# org.onap.aai
+# ================================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# Modifications Copyright © 2020 Orange
+# Modifications Copyright © 2023 Nordix Foundation
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+#
+*/}}
+
+aai.config.checktime=1000
+
+# this could come from siteconfig.pl?
+aai.config.nodename=AutomaticallyOverwritten
+aai.server.url.base=http://aai.{{ include "common.namespace" . }}/aai/
+aai.server.url=http://aai.{{ include "common.namespace" . }}/aai/{{ .Values.global.config.schema.version.api.default }}/
+aai.global.callback.url=http://aai.{{ include "common.namespace" . }}/aai/
+
+{{ if or (.Values.global.auth.enabled) ( include "common.onServiceMesh" .) }}
+aai.tools.enableBasicAuth=true
+aai.tools.username={{ (index .Values.global.auth.users 0).username }}
+aai.tools.password={{ (index .Values.global.auth.users 0).password }}
+{{ end }}
+
+aai.notification.current.version={{ .Values.global.config.schema.version.api.default }}
+aai.notificationEvent.default.status=UNPROCESSED
+aai.notificationEvent.default.eventType={{ .Values.global.config.notification.eventType }}
+aai.notificationEvent.default.domain={{ .Values.global.config.notification.domain }}
+aai.notificationEvent.default.sourceName=aai
+aai.notificationEvent.default.sequenceNumber=0
+aai.notificationEvent.default.severity=NORMAL
+aai.notificationEvent.default.version={{ .Values.global.config.schema.version.api.default }}
+# This one lets us enable/disable resource-version checking on updates/deletes
+aai.resourceversion.enableflag=true
+aai.logging.maxStackTraceEntries=10
+aai.default.api.version={{ .Values.global.config.schema.version.api.default }}
+
+# Used by Model-processing code
+aai.model.delete.sleep.per.vtx.msec=500
+aai.model.query.resultset.maxcount=50
+aai.model.query.timeout.sec=90
+
+aai.model.proc.max.levels=50
+aai.edgeTag.proc.max.levels=50
+
+aai.logging.trace.enabled=true
+aai.logging.trace.logrequest=false
+aai.logging.trace.logresponse=false
+
+aai.transaction.logging=true
+aai.transaction.logging.get=false
+aai.transaction.logging.post=false
+
+aai.realtime.clients={{ .Values.global.config.realtime.clients }}
+
+#timeout for traversal enabled flag
+aai.traversal.timeoutenabled={{ .Values.config.timeout.enabled }}
+
+#timeout app specific
+aai.traversal.timeout.appspecific={{ .Values.config.timeout.appspecific }}
+
+#default timeout limit added for traversal if not overridden (in ms)
+aai.traversal.timeoutlimit={{ .Values.config.timeout.limit | int }}
+
+#timeout for traversal dsl enabled flag
+aai.traversal.dsl.timeoutenabled={{ .Values.config.dsl.timeout.enabled }}
+
+#timeout app specific -1 to bypass for that app id, a whole number to override the timeout with that value (in ms)
+aai.traversal.dsl.timeout.appspecific={{ .Values.config.dsl.timeout.appspecific | join "|" }}
+
+#default timeout limit added for traversal dsl if not overridden (in ms)
+aai.traversal.dsl.timeoutlimit={{ .Values.config.dsl.timeout.limit | int }}
+
+# Threshold for margin of error (in ms) for resources_with_sot format to derive the most recent http method performed
+aai.resource.formatter.threshold=10
+aai.dsl.override={{ .Values.config.dslOverride }}
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright © 2020 Orange
+# Modifications Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# The following info parameters are being referenced by ajsc6
+*/}}
+info.build.artifact=aai-traversal
+info.build.name=traversal
+info.build.description=Traversal Microservice
+info.build.version=1.3.0
+
+spring.application.name=aai-traversal
+spring.jersey.type=filter
+
+spring.main.allow-bean-definition-overriding=true
+server.servlet.context-path=${schema.uri.base.path}
+
+spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration,org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration,org.springframework.boot.actuate.autoconfigure.security.servlet.ManagementWebSecurityAutoConfiguration
+spring.profiles.active={{ .Values.global.config.profiles.active }}
+spring.jersey.application-path=/
+
+management.tracing.enabled={{ .Values.global.tracing.enabled }}
+management.tracing.sampling.probability={{ .Values.global.tracing.sampling.probability }}
+management.tracing.propagation.type=w3c, b3
+management.zipkin.tracing.endpoint={{ .Values.global.tracing.collector.baseUrl }}
+
+#The max number of active threads in this pool
+server.tomcat.max-threads=200
+#The minimum number of threads always kept alive
+server.tomcat.min-Spare-Threads=25
+#The number of milliseconds before an idle thread shutsdown, unless the number of active threads are less or equal to minSpareThreads
+server.tomcat.max-idle-time=60000
+
+# If you get an application startup failure that the port is already taken
+# If thats not it, please check if the key-store file path makes sense
+server.local.startpath=aai-traversal/src/main/resources/
+
+server.port=8446
+
+spring.kafka.producer.bootstrap-servers=${BOOTSTRAP_SERVERS}
+spring.kafka.producer.properties.security.protocol=SASL_PLAINTEXT
+spring.kafka.producer.properties.sasl.mechanism=SCRAM-SHA-512
+spring.kafka.producer.key-serializer=org.apache.kafka.common.serialization.StringSerializer
+spring.kafka.producer.value-serializer=org.apache.kafka.common.serialization.StringSerializer
+spring.kafka.producer.properties.sasl.jaas.config=${JAAS_CONFIG}
+spring.kafka.producer.retries=3
+
+# Schema related attributes for the oxm and edges
+# Any additional schema related attributes should start with prefix schema
+schema.configuration.location=N/A
+schema.source.name={{ .Values.global.config.schema.source.name }}
+schema.nodes.location=${server.local.startpath}/schema/${schema.source.name}/oxm/
+schema.edges.location=${server.local.startpath}/schema/${schema.source.name}/dbedgerules/
+# Location of where the stored queries are
+schema.queries.location=${server.local.startpath}/schema/${schema.source.name}/query/
+
+schema.ingest.file=${server.local.startpath}/application.properties
+
+# Schema Version Related Attributes
+
+schema.uri.base.path={{ .Values.global.config.schema.uri.base.path }}
+# Lists all of the versions in the schema
+schema.version.list={{ .Values.global.config.schema.version.list }}
+# Specifies from which version should the depth parameter to default to zero
+schema.version.depth.start={{ .Values.global.config.schema.version.depth }}
+# Specifies from which version should the related link be displayed in response payload
+schema.version.related.link.start={{ .Values.global.config.schema.version.related.link }}
+
+# Specifies from which version should the client see only the uri excluding host info
+# Before this version server base will also be included
+schema.version.app.root.start={{ .Values.global.config.schema.version.app.root }}
+# Specifies from which version should the namespace be changed
+schema.version.namespace.change.start={{ .Values.global.config.schema.version.namespace.change }}
+# Specifies from which version should the client start seeing the edge label in payload
+schema.version.edge.label.start={{ .Values.global.config.schema.version.edge.label }}
+# Specifies the version that the application should default to
+schema.version.api.default={{ .Values.global.config.schema.version.api.default }}
+
+schema.translator.list={{ .Values.global.config.schema.translator.list }}
+schema.service.base.url={{ include "common.scheme" . }}://aai-schema-service.{{ include "common.namespace" . }}:8452/aai/schema-service/v1/
+schema.service.nodes.endpoint=nodes?version=
+schema.service.edges.endpoint=edgerules?version=
+schema.service.versions.endpoint=versions
+schema.service.custom.queries.endpoint=stored-queries
+schema.service.client=no-auth
+
+#to expose the Prometheus scraping endpoint
+management.server.port=8448
+management.endpoints.enabled-by-default=true
+management.endpoints.web.exposure.include=*
+management.security.enabled=false
+endpoints.enabled={{ .Values.endpoints.enabled }}
+endpoints.info.enabled={{ .Values.endpoints.info.enabled }}
+endpoints.prometheus.enabled={{ .Values.metrics.serviceMonitor.enabled }}
+endpoints.health.enabled={{ .Values.endpoints.health.enabled }}
+management.metrics.web.server.auto-time-requests=false
+management.metrics.distribution.percentiles-histogram[http.server.requests]=true
+management.metrics.distribution.sla[http.server.requests]=20ms, 30ms, 40ms, 50ms, 60ms, 70ms, 80ms, 90ms, 100ms, 500ms, 1000ms, 5000ms, 7000ms
+#Add common tag for grouping all aai related metrics
+management.metrics.tags.group_id=aai
+#It is not advisable to use labels to store dimensions with high cardinality. Enable this option only for debug purposes. For more information: https://github.com/micrometer-metrics/micrometer/issues/1584
+scrape.uri.metrics=false
+
+# If true, the actuator health check will be overriden
+# to use the AaiGraphChecker check instead.
+# This does the same as the /echo endpoint,
+# but doesn't show up in micrometer metrics
+aai.actuator.echo.enabled={{ .Values.actuator.echo.enabled }}
+aai.graph.properties.path=${server.local.startpath}/etc/appprops/janusgraph-realtime.properties
+
+aai.basic-auth.enabled={{ .Values.global.auth.enabled }}
+{{- range $index, $user := .Values.global.auth.users }}
+aai.basic-auth.users[{{ $index }}].username={{ $user.username }}
+aai.basic-auth.users[{{ $index }}].password={{ $user.password }}
+{{- end }}
--- /dev/null
+{{/*
+#
+# ============LICENSE_START=======================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+
+query.fast-property=true
+query.smart-limit=false
+
+{{- if .Values.global.config.cluster.cassandra.dynamic }}
+
+storage.backend=cql
+storage.hostname={{.Values.global.cassandra.serviceName}}
+storage.username={{.Values.global.cassandra.username}}
+storage.password={{.Values.global.cassandra.password}}
+
+storage.cql.keyspace=aaigraph
+storage.cql.local-datacenter={{ .Values.global.cassandra.localDataCenter }}
+storage.cql.read-consistency-level=LOCAL_QUORUM
+storage.cql.write-consistency-level=LOCAL_QUORUM
+storage.cql.replication-factor={{.Values.global.cassandra.replicas}}
+storage.cql.only-use-local-consistency-for-system-operations=true
+
+{{- if .Values.global.cassandra.partitionerName }}
+storage.cql.partitioner-name={{ .Values.global.cassandra.partitionerName }}
+{{- end }}
+
+{{- else -}}
+
+{{- if .Values.global.config.storage }}
+
+storage.backend={{ .Values.global.config.storage.backend }}
+
+{{- if eq .Values.global.config.storage.backend "cql" }}
+
+storage.hostname={{ .Values.global.config.storage.hostname }}
+storage.cql.keyspace={{ .Values.global.config.storage.name }}
+storage.cql.local-datacenter={{ .Values.global.cassandra.localDataCenter }}
+
+storage.cql.read-consistency-level={{ .Values.global.config.storage.cql.readConsistency }}
+storage.cql.write-consistency-level={{ .Values.global.config.storage.cql.readConsistency }}
+storage.cql.replication-factor={{ .Values.global.config.storage.cql.replicationFactor | int }}
+
+storage.cql.only-use-local-consistency-for-system-operations={{ .Values.global.config.storage.cql.localConsistencyForSysOps }}
+storage.cql.cluster-name={{ .Values.global.config.storage.clusterName }}
+storage.cql.local-datacenter={{ .Values.global.cassandra.localDataCenter }}
+
+storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }}
+cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }}
+log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }}
+
+{{- else if eq .Values.global.config.storage.backend "hbase" -}}
+
+storage.hostname={{ .Values.global.config.storage.hostname }}
+storage.hbase.table={{ .Values.global.config.storage.name }}
+
+storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }}
+cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }}
+log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }}
+
+{{- end }}
+{{- end }}
+{{- end }}
+
+storage.lock.wait-time=300
+
+# https://docs.janusgraph.org/operations/cache/#database-level-caching
+# Setting db-cache to false will ensure the fastest propagation of changes across servers
+# Setting db-cache to true will ensure fastest response times
+cache.db-cache={{ .Values.config.janusgraph.caching.enabled }}
+{{- if .Values.config.janusgraph.caching.enabled }}
+# cache-time in milliseconds
+cache.db-cache-time={{ .Values.config.janusgraph.caching.dbCacheTime }}
+cache.db-cache-size={{ .Values.config.janusgraph.caching.dbCacheSize }}
+cache.db-cache-clean-wait={{ .Values.config.janusgraph.caching.dbCacheCleanWait }}
+{{- end }}
+
+#load graphson file on startup
+load.snapshot.file=false
+
+{{- if .Values.config.janusgraph.allowUpgrade }}
+graph.allow-upgrade=true
+{{- end }}
--- /dev/null
+{{/*<!--
+ ============LICENSE_START=======================================================
+ org.onap.aai
+ ================================================================================
+ Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ Modifications Copyright © 2018 Amdocs, Bell Canada
+ Modifications Copyright © 2020 Orange
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ ============LICENSE_END=========================================================
+-->
+*/}}
+<configuration scan="true" scanPeriod="60 seconds" debug="false">
+ <statusListener class="ch.qos.logback.core.status.NopStatusListener" />
+
+ <property resource="application.properties" />
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder class="net.logstash.logback.encoder.LoggingEventCompositeJsonEncoder">
+ <providers>
+ <timestamp><fieldName>timestamp</fieldName></timestamp>
+ <message/>
+ <mdc>
+ <fieldName>context</fieldName>
+ <excludeMdcKeyName>ServerIPAddress</excludeMdcKeyName>
+ <excludeMdcKeyName>EntryTimestamp</excludeMdcKeyName>
+ <excludeMdcKeyName>InvokeTimestamp</excludeMdcKeyName>
+ <excludeMdcKeyName>ErrorCode</excludeMdcKeyName>
+ <excludeMdcKeyName>ErrorDesc</excludeMdcKeyName>
+ </mdc>
+ <stackTrace>
+ <fieldName>exception</fieldName>
+ <throwableConverter class="net.logstash.logback.stacktrace.ShortenedThrowableConverter">
+ <exclude>^sun\.reflect\..*\.invoke</exclude>
+ <exclude>^net\.sf\.cglib\.proxy\.MethodProxy\.invoke</exclude>
+ <rootCauseFirst>true</rootCauseFirst>
+ </throwableConverter>
+ </stackTrace>
+ <threadName><fieldName>thread</fieldName></threadName>
+ <loggerName>
+ <fieldName>logger</fieldName>
+ <shortenedLoggerNameLength>36</shortenedLoggerNameLength>
+ </loggerName>
+ <logLevel/>
+ </providers>
+ </encoder>
+ </appender>
+
+ <!-- logback internals logging -->
+ <logger name="ch.qos.logback.classic" level="WARN" />
+ <logger name="ch.qos.logback.core" level="WARN" />
+
+ <logger name="com.att.aft.dme2" level="WARN" />
+ <logger name="com.jayway.jsonpath" level="WARN" />
+
+ <logger name="org.apache" level="OFF" />
+ <logger name="org.apache.commons" level="WARN" />
+ <logger name="org.apache.zookeeper" level="OFF" />
+ <logger name="org.codehaus.groovy" level="WARN" />
+ <logger name="org.eclipse.jetty" level="WARN" />
+ <!-- Spring related loggers -->
+ <logger name="org.springframework" level="WARN" />
+ <logger name="org.springframework.beans" level="WARN" />
+ <logger name="org.springframework.web" level="WARN" />
+ <logger name="org.janusgraph" level="WARN" />
+ <logger name="org.janusgraph.graphdb.transaction" level="ERROR" />
+ <logger name="org.zookeeper" level="OFF" />
+
+
+ <logger name="org.onap.aai" level={{ .Values.log.level.base | upper | quote }} additivity="false">
+ <appender-ref ref="STDOUT" />
+ </logger>
+
+ <logger name="org.onap.aai.aailog.logs.AaiScheduledTaskAuditLog" level="INFO" additivity="false">
+ <appender-ref ref="STDOUT" />
+ </logger>
+
+ <logger name="org.onap.logging.filter.base.AbstractAuditLogFilter" level="INFO" additivity="false">
+ <appender-ref ref="STDOUT" />
+ </logger>
+
+ <logger name="org.onap.aai.aailog.logs.AaiDBMetricLog" level="INFO" additivity="false">
+ <appender-ref ref="STDOUT" />
+ </logger>
+
+ <logger name="org.onap.aai.aailog.logs.AaiDmaapMetricLog" level="INFO" additivity="false">
+ <appender-ref ref="STDOUT" />
+ </logger>
+
+ <logger name="org.onap.aai.logging.ErrorLogHelper" level="INFO" additivity="false">
+ <appender-ref ref="STDOUT" />
+ </logger>
+
+ <logger name="org.onap.aai.interceptors.post" level="DEBUG" additivity="false">
+ <appender-ref ref="STDOUT" />
+ </logger>
+
+ <logger name="org.onap.aai.kafka" level="DEBUG" additivity="false">
+ <appender-ref ref="STDOUT" />
+ </logger>
+
+ <root level={{ .Values.log.level.root | upper | quote }}>
+ <appender-ref ref="STDOUT" />
+ </root>
+</configuration>
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# format : username: password[,rolename ...]
+# default username/password: AAI/AAI, MSO/MSO, ModelLoader/ModelLoader...
+*/ -}}
+AAI:OBF:1gfr1ev31gg7,admin
+MSO:OBF:1jzx1lz31k01,admin
+SDNC:OBF:1itr1i0l1i151isv,admin
+DCAE:OBF:1g8u1f9d1f991g8w,admin
+POLICY:OBF:1mk61i171ima1im41i0j1mko,admin
+ASDC:OBF:1f991j0u1j001f9d,admin
+ModelLoader:OBF:1qvu1v2h1sov1sar1wfw1j7j1wg21saj1sov1v1x1qxw,admin
+AaiUI:OBF:1gfr1p571unz1p4j1gg7,admin
+OOF:OBF:1img1ke71ily,admin
+aai@aai.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+so@so.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+sdnc@sdnc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+dcae@dcae.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+policy@policy.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+sdc@sdc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+oof@oof.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+pomba@pomba.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+vfc@vfc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
--- /dev/null
+{{- define "aai.waitForSchemaCreation" -}}
+- name: wait-for-schema-creation
+ image: "{{ include "repositoryGenerator.image.curl" . }}"
+ imagePullPolicy: IfNotPresent
+ command: ["/bin/sh", "-c"]
+ args:
+ - |
+ URL="{{ required "URL is required" (.Values.schemaInitCheckURL | default "http://aai-graphadmin:8449/isSchemaInitialized") }}"
+ AUTH="{{ printf "%s:%s" (index .Values.global.auth.users 0).username (index .Values.global.auth.users 0).password }}"
+ while true; do
+ RESPONSE=$(curl -u $AUTH -s $URL)
+ if [ "$RESPONSE" = "true" ]; then
+ echo "Request successful. Schema is initialized."
+ exit 0
+ else
+ echo "Request unsuccessful. Schema is not yet initialized. Retrying in 3 seconds..."
+ sleep 3
+ fi
+ done
+ {{ include "common.containerSecurityContext" . | indent 2 | trim }}
+{{- end -}}
--- /dev/null
+{{/*
+# Copyright © 2022-23 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaUser
+metadata:
+ name: {{ include "common.release" . }}-{{ .Values.global.aaiTravKafkaUser }}
+ labels: {{- include "common.labels" . | nindent 4 }}
+ strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+ authentication:
+ type: scram-sha-512
+ authorization:
+ type: simple
+ acls:
+ - resource:
+ type: topic
+ name: AAI-EVENT
+ operations:
+ - All
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
--- /dev/null
+{{- if .Values.autoscaling.enabled }}
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ scaleTargetRef:
+ apiVersion: apps/v1
+ kind: Deployment
+ name: {{ include "common.fullname" . }}
+ minReplicas: {{ .Values.autoscaling.minReplicas }}
+ maxReplicas: {{ .Values.autoscaling.maxReplicas }}
+ metrics:
+ {{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
+ - type: Resource
+ resource:
+ name: cpu
+ target:
+ type: Utilization
+ averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
+ {{- end }}
+ {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
+ - type: Resource
+ resource:
+ name: memory
+ target:
+ type: Utilization
+ averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
+ {{- end }}
+{{- end }}
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Copyright © 2021 Orange
+# Modifications Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+data:
+{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/janusgraph-realtime.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/aaiconfig.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2020 Nokia, Orange
+# Modifications Copyright © 2021 Orange
+# Modifications Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" (dict "annotations" .Values.annotations "dot" .) | nindent 2 }}
+spec:
+ {{- if or .Values.config.debug.enabled .Values.config.profiling.enabled }}
+ replicas: 1
+ {{- else }}
+ {{- if not .Values.autoscaling.enabled }}
+ replicas: {{ .Values.replicaCount }}
+ {{- end }}
+ {{- end }}
+ revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
+ minReadySeconds: {{ .Values.minReadySeconds }}
+ strategy:
+ type: {{ .Values.updateStrategy.type }}
+ rollingUpdate:
+ maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ .Values.updateStrategy.maxSurge }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ hostname: aai-traversal
+ terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }}
+ initContainers:
+ {{- if .Values.global.jobs.migration.enabled }}
+ {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_migration) | nindent 8 }}
+ {{- else if .Values.global.jobs.createSchema.enabled }}
+ {{ include "aai.waitForSchemaCreation" . | nindent 6 }}
+ {{- else }}
+ {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_cassandra) | nindent 8 }}
+ {{- end }}
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
+ env:
+ {{- if .Values.config.env }}
+ {{- range $key,$value := .Values.config.env }}
+ - name: {{ $key | upper | quote}}
+ value: {{ $value | quote}}
+ {{- end }}
+ {{- end }}
+ {{- if eq .Values.flavor "small" }}
+ - name: MAX_HEAP_SIZE
+ value: {{ .Values.small.maxHeapSize | quote }}
+ {{- else if eq .Values.flavor "large" }}
+ - name: MAX_HEAP_SIZE
+ value: {{ .Values.large.maxHeapSize | quote }}
+ {{- end }}
+ {{- if .Values.config.profiling.enabled }}
+ - name: PRE_JVM_ARGS
+ value: '{{ join " " .Values.config.profiling.args }}'
+ {{- end }}
+ {{- if .Values.config.debug.enabled }}
+ - name: POST_JVM_ARGS
+ value: {{ .Values.config.debug.args | quote }}
+ {{- end }}
+ - name: DISABLE_UPDATE_QUERY
+ value: {{ .Values.config.disableUpdateQuery | quote }}
+ - name: INTERNAL_PORT_1
+ value: {{ .Values.service.traversalPort | quote }}
+ - name: INTERNAL_PORT_2
+ value: {{ .Values.service.debugPort | quote }}
+ - name: INTERNAL_PORT_3
+ value: {{ .Values.service.metricsPort | quote }}
+ - name: BOOTSTRAP_SERVERS
+ value: {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ - name: JAAS_CONFIG
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.release" . }}-{{ .Values.global.aaiTravKafkaUser }}
+ key: sasl.jaas.config
+ volumeMounts:
+ - mountPath: /opt/app/aai-traversal/resources/etc/appprops/janusgraph-realtime.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: janusgraph-realtime.properties
+ - mountPath: /opt/app/aai-traversal/resources/etc/appprops/aaiconfig.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: aaiconfig.properties
+ - mountPath: /opt/aai/logroot/AAI-GQ
+ name: logs
+ - mountPath: /opt/aai/logroot/AAI-GQ/misc
+ name: {{ include "common.fullname" . }}-logs-misc
+ - mountPath: /opt/app/aai-traversal/resources/logback.xml
+ name: {{ include "common.fullname" . }}-config
+ subPath: logback.xml
+ - mountPath: /opt/app/aai-traversal/resources/application.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: application.properties
+ - mountPath: /tmp
+ name: tmp
+ ports:
+ - containerPort: {{ .Values.service.traversalPort }}
+ name: {{ .Values.service.traversalPortName }}
+ {{- if .Values.config.debug.enabled }}
+ - containerPort: {{ .Values.service.debugPort }}
+ name: {{ .Values.service.debugPortName }}
+ {{- end }}
+ - containerPort: {{ .Values.service.metricsPort }}
+ name: {{ .Values.service.metricsPortName }}
+ {{- if .Values.config.profiling.enabled }}
+ - containerPort: {{ .Values.service.profilingPort }}
+ name: {{ .Values.service.profilingPortName }}
+ {{- end }}
+ lifecycle:
+ # wait for active requests (long-running tasks) to be finished
+ # Before the SIGTERM is invoked, Kubernetes exposes a preStop hook in the Pod.
+ preStop:
+ exec:
+ command:
+ - sh
+ - -c
+ - |
+ while (netstat -an | grep ESTABLISHED | grep -e $INTERNAL_PORT_1)
+ do sleep 3
+ done
+ # disable liveness probe when
+ # debugging.enable=true or profiling.enabled=true
+ {{- if and .Values.liveness.enabled (not (or .Values.config.debug.enabled .Values.config.profiling.enabled)) }}
+ livenessProbe:
+ httpGet:
+ port: {{ .Values.service.metricsPort }}
+ path: {{ .Values.liveness.path }}
+ {{- if .Values.liveness.initialDelaySeconds }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ {{- end }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{- end }}
+ readinessProbe:
+ httpGet:
+ port: {{ .Values.service.metricsPort }}
+ path: {{ .Values.readiness.path }}
+ {{- if .Values.readiness.initialDelaySeconds }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ {{- end }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ resources: {{ include "common.resources" . | nindent 10 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | indent 8 }}
+ {{- end }}
+ {{- if .Values.affinity }}
+ affinity: {{ toYaml .Values.affinity | indent 8 }}
+ {{- end }}
+
+ # side car containers
+ {{ include "common.log.sidecar" . | nindent 6 }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
+ volumes:
+ - name: logs
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.logSizeLimit }}
+ - name: tmp
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.tmpSizeLimit }}
+ - name: {{ include "common.fullname" . }}-logs-misc
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.logmiscSizeLimit }}
+ {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}
+ restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }}
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
--- /dev/null
+{{/*
+# Copyright (c) 2017-2018 AT&T
+# Modifications Copyright (c) 2018 Amdocs, Bell Canada
+# Modifications Copyright (c) 2020 Nokia, Orange
+# Modifications Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ if .Values.global.jobs.updateQueryData.enabled }}
+
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ include "common.fullname" . }}-update-query-data
+ namespace: {{ include "common.namespace" . }}
+ labels: {{- include "common.labels" . | nindent 4 }}
+{{ if .Values.global.jobs.migration.enabled }}
+ {{- if .Values.jobAnnotations }}
+ annotations: {{- include "common.tplValue" (dict "value" .Values.jobAnnotations "context" $) | nindent 4 }}
+ {{- end }}
+{{ end }}
+spec:
+ template:
+ metadata:
+ labels: {{- include "common.labels" (dict "labels" .Values.labels "ignoreHelmChart" .Values.ignoreHelmChart "dot" . "suffix" "job") | nindent 8 }}
+ name: {{ include "common.name" . }}
+ spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
+ initContainers:
+ {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_traversal) | nindent 6 }}
+ - name: {{ include "common.name" . }}-wait-for-aai-haproxy
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ securityContext:
+ runAsUser: 100
+ runAsGroup: 65533
+ readOnlyRootFilesystem: true
+ privileged: false
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ - CAP_NET_RAW
+ command:
+ - sh
+ - "-c"
+ - |
+ set -x;
+
+ until nc -w10 -z -v aai.{{.Release.Namespace}} 80; do
+ echo "Retrying to reach aai on port 80";
+ sleep 1;
+ done;
+ resources:
+ limits:
+ cpu: "100m"
+ memory: "500Mi"
+ requests:
+ cpu: "3m"
+ memory: "20Mi"
+ containers:
+ - name: {{ include "common.name" . }}-job
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - sh
+ - "-c"
+ - |
+ set -x;
+ if [ ! -d /opt/aai/logroot/AAI-GQ/misc ];
+ then mkdir -p /opt/aai/logroot/AAI-GQ/misc;
+ fi
+
+ sh -x /opt/app/aai-traversal/bin/install/updateQueryData.sh ;
+
+ {{ include "common.serviceMesh.killSidecar" . | indent 11 | trim }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
+ resources: {{ include "common.resources" . | nindent 10 }}
+ volumeMounts:
+ - mountPath: /opt/app/aai-traversal/resources/etc/appprops/janusgraph-realtime.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: janusgraph-realtime.properties
+ - mountPath: /opt/app/aai-traversal/resources/etc/appprops/aaiconfig.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: aaiconfig.properties
+ - mountPath: /opt/aai/logroot/AAI-GQ/
+ name: {{ include "common.fullname" . }}-logs
+ - mountPath: /opt/aai/logroot/AAI-GQ/misc
+ name: {{ include "common.fullname" . }}-logs-misc
+ - mountPath: /opt/app/aai-traversal/resources/logback.xml
+ name: {{ include "common.fullname" . }}-config
+ subPath: logback.xml
+ - mountPath: /opt/app/aai-traversal/resources/application.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: application.properties
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
+ volumes:
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.logSizeLimit }}
+ - name: {{ include "common.fullname" . }}-logs-misc
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.logmiscSizeLimit }}
+ {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}
+ restartPolicy: OnFailure
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
+{{ end }}
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels: {{- include "common.labels" . | nindent 4 }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.traversalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.traversalPortName }}
+ targetPort: {{ .Values.service.traversalPortName }}
+ - port: {{ .Values.service.debugPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
+ name: {{ .Values.service.debugPortName }}
+ targetPort: {{ .Values.service.debugPortName }}
+ - port: {{ .Values.service.metricsPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort3 }}
+ name: {{ .Values.service.metricsPortName }}
+ targetPort: {{ .Values.service.metricsPortName }}
+ {{- else -}}
+ - port: {{ .Values.service.traversalPort }}
+ name: {{ .Values.service.traversalPortName }}
+ targetPort: {{ .Values.service.traversalPortName }}
+ {{- if .Values.config.debug.enabled }}
+ - port: {{ .Values.service.debugPort }}
+ name: {{ .Values.service.debugPortName }}
+ targetPort: {{ .Values.service.debugPortName }}
+ {{- end }}
+ - port: {{ .Values.service.metricsPort }}
+ name: {{ .Values.service.metricsPortName }}
+ targetPort: {{ .Values.service.metricsPortName }}
+ {{- end }}
+ selector: {{- include "common.matchLabels" . | nindent 4 }}
+ clusterIP: None
+ sessionAffinity: {{ .Values.service.sessionAffinity }}
--- /dev/null
+{{- if .Values.metrics.serviceMonitor.enabled }}
+{{ include "common.serviceMonitor" . }}
+{{- end }}
--- /dev/null
+# Copyright (c) 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright (c) 2020 Nokia
+# Modifications Copyright (c) 2021 Orange
+# Modifications Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Default values for traversal.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+global: # global defaults
+ nodePortPrefix: 302
+ kafkaBootstrap: strimzi-kafka-bootstrap
+ aaiTravKafkaUser: aai-trav-kafka-user
+ cassandra:
+ #Service Name of the cassandra cluster to connect to.
+ #Override it to aai-cassandra if localCluster is enabled.
+ serviceName: cassandra
+ # Cassandra datacenter name
+ localDataCenter: dc1
+ tracing:
+ enabled: false
+ collector:
+ baseUrl: http://jaeger-collector.istio-config:9411
+ sampling:
+ probability: 1.0 # percentage of requests that are sampled (between 0-1/0%-100%)
+
+ # Specifies a list of jobs to be run
+ jobs:
+ # When enabled, it will create the schema based on oxm and edge rules
+ createSchema:
+ enabled: true
+ # When enabled, it will create the widget models via REST API to haproxy
+ updateQueryData:
+ enabled: true
+ #migration using helm hooks
+ migration:
+ enabled: false
+ # Specifies if basic authorization is enabled
+ auth:
+ enabled: true
+ users:
+ - username: aai@aai.onap.org
+ password: demo123456!
+ - username: AAI
+ password: AAI
+ - username: DCAE
+ password: DCAE
+ - username: MSO
+ password: MSO
+ - username: POLICY
+ password: POLICY
+ - username: ASDC
+ password: ASDC
+ - username: ModelLoader
+ password: ModelLoader
+ - username: AaiUI
+ password: AaiUI
+ # Common configuration for resources traversal and graphadmin
+ config:
+ # User information for the admin user in container
+ userId: 1000
+ groupId: 1000
+
+ # Specifies that the cluster connected to a dynamic
+ # cluster being spinned up by kubernetes deployment
+ cluster:
+ cassandra:
+ dynamic: true
+
+ # Active spring profiles for the resources microservice
+ profiles:
+ active: production,kafka
+
+ # Notification event specific properties
+ notification:
+ eventType: AAI-EVENT
+ domain: dev
+
+ # Schema specific properties that include supported versions of api
+ schema:
+ # Specifies if the connection should be one way ssl, two way ssl or no auth
+ service:
+ client: no-auth
+ # Specifies which translator to use if it has schema-service, then it will make a rest request to schema service
+ translator:
+ list: schema-service
+ source:
+ # Specifies which folder to take a look at
+ name: onap
+ uri:
+ # Base URI Path of the application
+ base:
+ path: /aai
+ version:
+ # Current version of the REST API
+ api:
+ default: v30
+ # Specifies which version the depth parameter is configurable
+ depth: v11
+ # List of all the supported versions of the API
+ list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28,v29,v30
+ # Specifies from which version related link should appear
+ related:
+ link: v11
+ # Specifies from which version the app root change happened
+ app:
+ root: v11
+ # Specifies from which version the xml namespace changed
+ namespace:
+ change: v12
+ # Specifies from which version the edge label appeared in API
+ edge:
+ label: v12
+
+ # Specifies which clients should always default to realtime graph connection
+ realtime:
+ clients: SDNC,MSO,SO,robot-ete
+ jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.aaiTravKafkaUser }}'
+ someConfig: random
+
+# application image
+image: onap/aai-traversal:1.16.0
+pullPolicy: Always
+restartPolicy: Always
+flavor: small
+# the minimum number of seconds that a newly created Pod should be ready
+minReadySeconds: 30
+updateStrategy:
+ type: RollingUpdate
+ # The number of pods that can be unavailable during the update process
+ maxUnavailable: 0
+ # The number of pods that can be created above the desired amount of pods during an update
+ maxSurge: 1
+
+api_list:
+ - 11
+ - 12
+ - 13
+ - 14
+ - 15
+ - 16
+ - 17
+ - 18
+ - 19
+ - 20
+ - 21
+ - 22
+ - 23
+ - 24
+ - 25
+ - 26
+ - 27
+ - 28
+ - 29
+
+aai_enpoints:
+ - name: aai-generic-query
+ url: search/generic-query
+ - name: aai-nodes-query
+ url: search/nodes-query
+ - name: aai-nquery
+ url: query
+
+# application configuration
+config:
+ janusgraph:
+ caching:
+ # enable when running read-heavy workloads
+ # modifications to graph done by this service/janusgraph instance will immediately invalidate the cache
+ # modifications to graph done by other services (traversal) will only be visible
+ # after time specified in db-cache-time
+ enabled: true
+ # Documentation: https://docs.janusgraph.org/operations/cache/#database-level-caching
+ dbCacheTime: 180000 # in milliseconds
+ dbCacheSize: 0.1 # percentage (expressed as a decimal between 0 and 1) of the total heap space available to the JVM running
+ dbCacheCleanWait: 20 # in milliseconds
+ # temporarily enable this to update the graph storage version
+ # see: https://docs.janusgraph.org/changelog/#upgrade-instructions_9
+ allowUpgrade: true
+
+ # Specifies timeout information such as application specific and limits
+ timeout:
+ # If set to true application will timeout for queries taking longer than limit
+ enabled: true
+ # Specifies which apps (X-FromAppId) header should get overridden and (-1) no timeout
+ appspecific: JUNITTESTAPP1,1|JUNITTESTAPP2,-1|DCAE-CCS,-1|DCAES,-1|AAI-FILEGEN-GFPIP,-1
+ # Specifies how long should it wait before timing out the REST request
+ limit: 180000
+
+ # environment variables added to the launch of the image in deployment
+ env:
+ MIN_HEAP_SIZE: "512m"
+ MAX_METASPACE_SIZE: "512m"
+ # POST_JVM_ARGS: "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005"
+
+ # adds jvm args for remote debugging the application
+ debug:
+ enabled: false
+ args: "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005"
+
+ # adds jvm args for remote profiling the application
+ profiling:
+ enabled: false
+ args:
+ - "-Dcom.sun.management.jmxremote"
+ - "-Dcom.sun.management.jmxremote.ssl=false"
+ - "-Dcom.sun.management.jmxremote.authenticate=false"
+ - "-Dcom.sun.management.jmxremote.local.only=false"
+ - "-Dcom.sun.management.jmxremote.port=9999"
+ - "-Dcom.sun.management.jmxremote.rmi.port=9999"
+ - "-Djava.rmi.server.hostname=127.0.0.1"
+
+ # Disables the updateQueryData script to run as part of traversal
+ disableUpdateQuery: true
+
+ # Override of the DSL Timeout Limit
+ dslOverride: 'ZV4V7E3N77SKIB6MR9MHQ6M4P6Q99Z7M76RBODA'
+
+ dsl:
+ # Dsl timeout configuration
+ timeout:
+ # Whether or not the dsl is enabled
+ enabled: true
+ # Default time limit of the DSL query
+ limit: 150000
+ # App Specific Timeout Limit for each of the X-FromAppId
+ appspecific:
+ - JUNITTESTAPP1,1
+ - JUNITTESTAPP2,-1
+ - AAI-TOOLS,-1
+ - DCAE-CCS,1200000
+ - DCAES,1200000
+ - VPESAT,-1
+ - AAI-CACHER,-1
+ - VidAaiController,300000
+ - AAI-UI,180000
+
+persistence:
+ mountPath: /dockerdata-nfs
+ mountSubPath: aai/aai-traversal
+
+# default number of instances
+replicaCount: 1
+
+# number of ReplicaSets that should be retained for the Deployment
+revisionHistoryLimit: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ path: /actuator/health
+ initialDelaySeconds: 60
+ periodSeconds: 60
+ enabled: true
+
+readiness:
+ path: /actuator/health/readiness
+ initialDelaySeconds: 10
+ periodSeconds: 10
+
+actuator:
+ echo:
+ enabled: true
+
+service:
+ type: ClusterIP
+ traversalPortName: http
+ traversalPort: 8446
+ debugPortName: tcp-5005
+ debugPort: 5005
+ metricsPortName: metrics
+ metricsPort: 8448
+ profilingPortName: jmx-9999
+ profilingPort: 9999
+ terminationGracePeriodSeconds: 30
+ sessionAffinity: None
+
+ingress:
+ enabled: false
+
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: aai-read
+ - serviceAccount: consul-read
+
+# To make logback capping values configurable
+logback:
+ logToFileEnabled: false
+ maxHistory: 7
+ totalSizeCap: 6GB
+ queueSize: 1000
+
+accessLogback:
+ logToFileEnabled: false
+ livenessAccessLogEnabled: false # false: do not log kubernetes liveness probes
+ maxHistory: 7
+ totalSizeCap: 6GB
+
+# Configure resource requests and limits
+# ref: http://kubernetes.io/docs/user-guide/compute-resources/
+resources:
+ small:
+ limits:
+ cpu: "2"
+ memory: "4Gi"
+ requests:
+ cpu: "1"
+ memory: "3Gi"
+ large:
+ limits:
+ cpu: "4"
+ memory: "8Gi"
+ requests:
+ cpu: "2"
+ memory: "4Gi"
+ unlimited: {}
+
+# define the heap size for the JVM
+# according to the resource flavor
+small:
+ maxHeapSize: "2500m"
+large:
+ maxHeapSize: "3g"
+
+autoscaling:
+ enabled: false
+ minReplicas: 1
+ maxReplicas: 3
+ targetCPUUtilizationPercentage: 80
+
+tracing:
+ ignorePatterns:
+ - /aai/util.*
+
+endpoints:
+ enabled: true
+ health:
+ enabled: true
+ info:
+ enabled: true
+
+podAnnotations:
+ checksum/config: '{{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}'
+
+metrics:
+ serviceMonitor:
+ enabled: true
+ targetPort: 8448
+ path: /actuator/prometheus
+ basicAuth:
+ enabled: false
+ externalSecretName: mysecretname
+ externalSecretUserKey: login
+ externalSecretPasswordKey: password
+
+ ## Namespace in which Prometheus is running
+ ##
+ # namespace: monitoring
+
+ ## Interval at which metrics should be scraped.
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
+ ##
+ #interval: 30s
+
+ ## Timeout after which the scrape is ended
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
+ ##
+ # scrapeTimeout: 10s
+
+ ## ServiceMonitor selector labels
+ ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration
+ ##
+ selector:
+ app: '{{ include "common.name" . }}'
+ helm.sh/chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
+ app.kubernetes.io/instance: '{{ include "common.release" . }}'
+ app.kubernetes.io/managed-by: '{{ .Release.Service }}'
+
+ ## RelabelConfigs to apply to samples before scraping
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
+ ## Value is evalued as a template
+ ##
+ relabelings: []
+
+ ## MetricRelabelConfigs to apply to samples before ingestion
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
+ ## Value is evalued as a template
+ ##
+ metricRelabelings: []
+ # - sourceLabels:
+ # - "__name__"
+ # targetLabel: "__name__"
+ # action: replace
+ # regex: '(.*)'
+ # replacement: 'example_prefix_$1'
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: aai-traversal
+ roles:
+ - read
+
+#Log configuration
+log:
+ path: /var/log/onap
+ level:
+ root: INFO
+ base: INFO # base package (org.onap.aai)
+logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
+
+volumes:
+ logSizeLimit: 50Mi
+ logmiscSizeLimit: 50Mi
+ tmpSizeLimit: 100Mi
+
+securityContext:
+ user_id: 1000
+ group_id: 1000
+
+readinessCheck:
+ wait_for_migration:
+ jobs:
+ - '{{ include "common.release" . }}-aai-graphadmin-migration'
+ wait_for_createSchema:
+ jobs:
+ - '{{ include "common.release" . }}-aai-graphadmin-create-db-schema'
+ wait_for_cassandra:
+ services:
+ - '{{ .Values.global.cassandra.serviceName }}'
+ - aai-schema-service
+ wait_for_traversal:
+ services:
+ - aai-traversal
+
+jobAnnotations:
+ "helm.sh/hook": pre-upgrade,pre-rollback,post-install
+ "helm.sh/hook-weight": "2"
+ "helm.sh/hook-delete-policy": before-hook-creation
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: aai-trav-kafka-user
+ externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
+ type: genericKV
+ envs:
+ - name: sasl.jaas.config
+ value: '{{ .Values.config.someConfig }}'
+ policy: generate
+kafkaUser:
+ authenticationType: scram-sha-512
+ acls:
+ - name: AAI-EVENT
+ type: topic
+ operations: [Read, Write]
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+global
+ log /dev/log local0
+ stats socket /usr/local/etc/haproxy/haproxy.socket mode 660 level admin
+ stats timeout 30s
+ # it is required else pod will not come up
+ maxconn 50000
+ user haproxy
+ group haproxy
+ daemon
+ #################################
+ # Default SSL material locations#
+ #################################
+ ca-base /etc/ssl/certs
+ crt-base /etc/ssl/private
+
+ # Default ciphers to use on SSL-enabled listening sockets.
+ # For more information, see ciphers(1SSL). This list is from:
+ # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
+ # An alternative list with additional directives can be obtained from
+ # https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy
+ tune.ssl.default-dh-param 2048
+
+defaults
+ log global
+ mode http
+ option httplog
+ option ssl-hello-chk
+ option httpchk
+ http-check send meth GET uri /aai/util/echo ver HTTP/1.1 hdr Host aai hdr X-TransactionId haproxy-0111 hdr X-FromAppId haproxy hdr Accept application/json hdr Authorization 'Basic QUFJOkFBSQ=='
+ default-server init-addr none
+# option dontlognull
+# errorfile 400 /etc/haproxy/errors/400.http
+# errorfile 403 /etc/haproxy/errors/403.http
+# errorfile 408 /etc/haproxy/errors/408.http
+# errorfile 500 /etc/haproxy/errors/500.http
+# errorfile 502 /etc/haproxy/errors/502.http
+# errorfile 503 /etc/haproxy/errors/503.http
+# errorfile 504 /etc/haproxy/errors/504.http
+
+ option http-server-close
+ option forwardfor except 127.0.0.1
+ retries 6
+ option redispatch
+ maxconn 50000
+ timeout connect 50000
+ timeout client 480000
+ timeout server 480000
+ timeout http-keep-alive 30000
+
+frontend stats
+ bind *:8448
+ http-request use-service prometheus-exporter if { path /metrics }
+ stats enable
+ stats uri /stats
+ stats refresh 10s
+
+frontend IST_8443
+ mode http
+ bind 0.0.0.0:8443 name https ssl crt /opt/app/osaaf/local/certs/fullchain.pem
+# log-format %ci:%cp\ [%t]\ %ft\ %b/%s\ %Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %B\ %CC\ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %hr\ %hs\ {%[ssl_c_verify],%{+Q}[ssl_c_s_dn],%{+Q}[ssl_c_i_dn]}\ %{+Q}r
+ log-format "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC \ %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r"
+ option httplog
+ log global
+ option logasap
+ option forwardfor
+ capture request header Host len 100
+ capture response header Host len 100
+ option log-separate-errors
+ option forwardfor
+
+ http-request set-header X-Forwarded-Proto https
+ http-request add-header X-Forwarded-Port 8443
+
+ http-request set-header X-Forwarded-Proto https if { ssl_fc }
+ http-request set-header X-AAI-Client-SSL TRUE if { ssl_c_used }
+ http-request set-header X-AAI-SSL %[ssl_fc]
+ http-request set-header X-AAI-SSL-Client-Verify %[ssl_c_verify]
+ http-request set-header X-AAI-SSL-Client-DN %{+Q}[ssl_c_s_dn]
+ http-request set-header X-AAI-SSL-Client-CN %{+Q}[ssl_c_s_dn(cn)]
+ http-request set-header X-AAI-SSL-Issuer %{+Q}[ssl_c_i_dn]
+ http-request set-header X-AAI-SSL-Client-NotBefore %{+Q}[ssl_c_notbefore]
+ http-request set-header X-AAI-SSL-Client-NotAfter %{+Q}[ssl_c_notafter]
+ http-request set-header X-AAI-SSL-ClientCert-Base64 %{+Q}[ssl_c_der,base64]
+ http-request set-header X-AAI-SSL-Client-OU %{+Q}[ssl_c_s_dn(OU)]
+ http-request set-header X-AAI-SSL-Client-L %{+Q}[ssl_c_s_dn(L)]
+ http-request set-header X-AAI-SSL-Client-ST %{+Q}[ssl_c_s_dn(ST)]
+ http-request set-header X-AAI-SSL-Client-C %{+Q}[ssl_c_s_dn(C)]
+ http-request set-header X-AAI-SSL-Client-O %{+Q}[ssl_c_s_dn(O)]
+#######################################
+## Request blocking configuration ###
+#######################################
+ {{- if eq $.Values.haproxy.requestBlocking.enabled true }}
+ {{- range $custom_config := $.Values.haproxy.requestBlocking.customConfigs }}
+ {{ $custom_config }}
+ {{- end }}
+ {{- end }}
+
+#######################
+#ACLS FOR PORT 8446####
+#######################
+
+ acl is_Port_8446_generic path_reg -i ^/aai/v[0-9]+/search/generic-query$
+ acl is_Port_8446_nodes path_reg -i ^/aai/v[0-9]+/search/nodes-query$
+ acl is_Port_8446_version path_reg -i ^/aai/v[0-9]+/query$
+ acl is_dsl path_reg -i ^/aai/v[0-9]+/dsl$
+ acl is_named-query path_beg -i /aai/search/named-query
+ acl is_search-model path_beg -i /aai/search/model
+ use_backend IST_AAI_8446 if is_Port_8446_generic or is_Port_8446_nodes or is_Port_8446_version or is_named-query or is_search-model or is_dsl
+
+ default_backend IST_Default_8447
+
+
+#######################
+#DEFAULT BACKEND 8447##
+#######################
+
+backend IST_Default_8447
+ balance roundrobin
+ stick-table type string len 100 size 200k expire 2m
+ stick on path
+ http-request set-header X-Forwarded-Port %[src_port]
+ http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload;
+ server-template aai-resources.{{.Release.Namespace}} {{$.Values.haproxy.replicas.aaiResources}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check check-ssl port 8447 ssl verify none
+
+
+#######################
+# BACKEND 8446#########
+#######################
+
+backend IST_AAI_8446
+ balance roundrobin
+ stick-table type string len 100 size 200k expire 2m
+ stick on path
+ http-request set-header X-Forwarded-Port %[src_port]
+ http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload;
+ server-template aai-traversal.{{.Release.Namespace}} {{$.Values.haproxy.replicas.aaiTraversal}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check check-ssl port 8446 ssl verify none
+
+listen IST_AAI_STATS
+ mode http
+ bind *:8080
+ stats uri /stats
+ stats enable
+ stats refresh 30s
+ stats hide-version
+ stats auth admin:admin
+ stats show-legends
+ stats show-desc IST AAI APPLICATION NODES
+ stats admin if TRUE
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+global
+ log /dev/log local0
+ stats socket /usr/local/etc/haproxy/haproxy.socket mode 660 level admin
+ stats timeout 30s
+ # it is required else pod will not come up
+ maxconn 50000
+ user haproxy
+ group haproxy
+ daemon
+ #################################
+ # Default SSL material locations#
+ #################################
+ ca-base /etc/ssl/certs
+ crt-base /etc/ssl/private
+
+ # Default ciphers to use on SSL-enabled listening sockets.
+ # For more information, see ciphers(1SSL). This list is from:
+ # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
+ # An alternative list with additional directives can be obtained from
+ # https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy
+ tune.ssl.default-dh-param 2048
+
+defaults
+ log global
+ mode http
+ option httplog
+ option httpchk
+ http-check send meth GET uri /aai/util/echo ver HTTP/1.1 hdr Host aai hdr X-TransactionId haproxy-0111 hdr X-FromAppId haproxy hdr Accept application/json hdr Authorization 'Basic QUFJOkFBSQ=='
+ default-server init-addr none
+# option dontlognull
+# errorfile 400 /etc/haproxy/errors/400.http
+# errorfile 403 /etc/haproxy/errors/403.http
+# errorfile 408 /etc/haproxy/errors/408.http
+# errorfile 500 /etc/haproxy/errors/500.http
+# errorfile 502 /etc/haproxy/errors/502.http
+# errorfile 503 /etc/haproxy/errors/503.http
+# errorfile 504 /etc/haproxy/errors/504.http
+
+ option http-server-close
+ option forwardfor except 127.0.0.1
+ retries 6
+ option redispatch
+ maxconn 50000
+ timeout connect 50000
+ timeout client 480000
+ timeout server 480000
+ timeout http-keep-alive 30000
+
+frontend stats
+ bind *:8448
+ http-request use-service prometheus-exporter if { path /metrics }
+ stats enable
+ stats uri /stats
+ stats refresh 10s
+
+frontend IST_8080
+ mode http
+ bind 0.0.0.0:8080
+ log-format "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC \ %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r"
+ option httplog
+ log global
+ option logasap
+ option forwardfor
+ capture request header Host len 100
+ capture response header Host len 100
+ option log-separate-errors
+ option forwardfor
+ http-request set-header X-Forwarded-Proto http
+ http-request set-header X-Forwarded-Proto http
+ http-request add-header X-Forwarded-Port 8080
+
+#######################
+#ACLS FOR PORT 8446####
+#######################
+
+ acl is_Port_8446_generic path_reg -i ^/aai/v[0-9]+/search/generic-query$
+ acl is_Port_8446_nodes path_reg -i ^/aai/v[0-9]+/search/nodes-query$
+ acl is_Port_8446_version path_reg -i ^/aai/v[0-9]+/query$
+ acl is_dsl path_reg -i ^/aai/v[0-9]+/dsl$
+ acl is_named-query path_beg -i /aai/search/named-query
+ acl is_search-model path_beg -i /aai/search/model
+ use_backend IST_AAI_8446 if is_Port_8446_generic or is_Port_8446_nodes or is_Port_8446_version or is_named-query or is_search-model or is_dsl
+
+ default_backend IST_Default_8447
+
+#######################
+#ACLS FOR PORT 8446####
+#######################
+
+ acl is_Port_8446_generic path_reg -i ^/aai/v[0-9]+/search/generic-query$
+ acl is_Port_8446_nodes path_reg -i ^/aai/v[0-9]+/search/nodes-query$
+ acl is_Port_8446_version path_reg -i ^/aai/v[0-9]+/query$
+ acl is_dsl path_reg -i ^/aai/v[0-9]+/dsl$
+ acl is_named-query path_beg -i /aai/search/named-query
+ acl is_search-model path_beg -i /aai/search/model
+ use_backend IST_AAI_8446 if is_Port_8446_generic or is_Port_8446_nodes or is_Port_8446_version or is_named-query or is_search-model or is_dsl
+
+ default_backend IST_Default_8447
+
+#######################
+#DEFAULT BACKEND 8447##
+#######################
+
+backend IST_Default_8447
+ balance roundrobin
+ stick-table type string len 100 size 200k expire 2m
+ stick on path
+ http-request set-header X-Forwarded-Port %[src_port]
+ http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload;
+ server-template aai-resources.{{.Release.Namespace}} {{$.Values.haproxy.replicas.aaiResources}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check port 8447
+
+#######################
+# BACKEND 8446#########
+#######################
+
+backend IST_AAI_8446
+ balance roundrobin
+ stick-table type string len 100 size 200k expire 2m
+ stick on path
+ http-request set-header X-Forwarded-Port %[src_port]
+ http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload;
+ server-template aai-traversal.{{.Release.Namespace}} {{$.Values.haproxy.replicas.aaiTraversal}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check port 8446
--- /dev/null
+resolvers kubernetes
+ nameserver dns1 {{.Values.config.NAME_SERVER}}:53
+ hold valid 1s
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+filebeat.prospectors:
+#it is mandatory, in our case it's log
+- input_type: log
+ #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory.
+ paths:
+ - /var/log/onap/*/*/*/*.log
+ - /var/log/onap/*/*/*.log
+ - /var/log/onap/*/*.log
+ #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive
+ ignore_older: 48h
+ # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit
+ clean_inactive: 96h
+
+{{/*
+# Name of the registry file. If a relative path is used, it is considered relative to the
+# data path. Else full qualified file name.
+#filebeat.registry_file: ${path.data}/registry
+*/}}
+
+output.logstash:
+{{/*
+ #List of logstash server ip addresses with port number.
+ #But, in our case, this will be the loadbalancer IP address.
+ # For the below property to work the loadbalancer or logstash should expose
+ # 5044 port to listen the filebeat events or port in the property should be
+ # changed appropriately.
+*/}}
+ hosts: ["{{.Values.config.logstashServiceName}}.{{.Release.Namespace}}:{{.Values.config.logstashPort}}"]
+ #If enable will do load balancing among availabe Logstash, automatically.
+ loadbalance: true
+
+{{/*
+ #The list of root certificates for server verifications.
+ #If certificate_authorities is empty or not set, the trusted
+ #certificate authorities of the host system are used.
+ #ssl.certificate_authorities: $ssl.certificate_authorities
+
+ #The path to the certificate for SSL client authentication. If the certificate is not specified,
+ #client authentication is not available.
+ #ssl.certificate: $ssl.certificate
+
+ #The client certificate key used for client authentication.
+ #ssl.key: $ssl.key
+
+ #The passphrase used to decrypt an encrypted key stored in the configured key file
+ #ssl.key_passphrase: $ssl.key_passphrase
+*/}}
\ No newline at end of file
--- /dev/null
+2otP92kNFHdexroZxvgYY7ffslFiwCD3CiVYMIfUF2edqZK7972NwkvE_mbaBo6jh8lByLIqrWAf
+jyzoiVsvQ_kCa0cS1xaRLpcxv3bx1b7o3hGPBqpd6vmSG4y2JLzNlCBZWuTJz827wr8p_fWrYuUm
+4L1WoaEe8W5PRnXjl4hDqbJBAlEoRIBXugUDt_7O5wgx2Rl3HVoOczZtf0RzONZ1F0BmKf3QlAUe
+moSbARitYRgIPt5sLbT7qPyoEpGDhQ1XBowR744-wsjBc-14yO62Ajp5xWKTp15uWn3_HHuw1SAf
+GWSBRGlSlEVkXQqi9Hw5jDttKVzHX1ckwR0SQOirbtHPHplxPX3WKjKhSdSeMzw6LOAHIQYRMKBT
+74oGnULAfPtV7TaGwOKriT3P49CoPdt9On89-LGyCZSxDWKH0K-rgB6I2_hPT2Uzr3jmXiMa-sfh
+iMvyQ7ABBVx0OFsUuNb5mcU2O6dWiQreL5RerrloV_X3ZtnNjxENXKjQ5KBR1A5ISPjFFK-kf4Rb
+p6FSII8LcsiqgdWuZ4GX_C6x8HX4A-vD0x3Uc9CfoXY-k23cNIy-R-W-oB-P2OgdWDNgZ7VaOLNt
+3L-NwWpNblfYvs93cNmkbVAwCZ3r0OP7RFeuON84TRaynK_Fh2S3rypRyJcUmM1pvpZqJ5_-umSW
+hUs1OqkdLv3xjlVzzK-3nMr0q3Zcyp4XdyLYtcX5I3Xqk9ZcsyAT7ghmHhV8KjUjue7OcfAWg0m7
+RJLGq6VC8HeK4HEMa4lF677Qh7DRufghIDEmQSIDfGA790WGSA8HqcOvAL4hURCHyCWiPa5i8ksX
+xX4HyqF8PCVCLJ_ZhzcuIlc0jStAexWbJU_vcyX7XgUaHCkF-M-zv1FP6Z3DHBMD2QqSWjmyNCCk
+8sIuwzs62P_j2o9jG33kssedCrUWOwZancU107-5H0Zw-UWvtCqUfmRZ7TsEbWY7lk_SKfLfAN5q
+ncOQgU_VxDXUFDST4LN_WVECRafK3UtwWomxWSji25Lbf6NVni3ok-yLMDZR-wrE-54jLPES9j0i
+5N0xrk9CfsvGUpUZ1_XQcgaxI6m27DtCCJXb5ywenPBiUIJCMCTq88CqNZxGpju2i4BJcUH2hUHe
+GKhO8pgslwhtEVot9EDwdzSrJkWFCfb6ud4zMxrqdi7-mLWMOydg6lhpEFEX5wu2BLIujGsZlEGE
+_K9jGfBypjXuJCKDZIuPfEnf_7idjKis_JcFB7x4Hx2HHDcBjlWWFZN_VIEnPkQSyZEC26RTFP3k
+zkY3GwUfA36a4XW2pu3gE9wz-W6fkONfzOZ6YiyCm_dRFUVuGSdJG02Hh5iXYlMOGJltPzWH2jVf
+S-QTOmXQTKSOheXoJO6O-9uQbsRf-kq-6w1pvIOp4ms35w4_0Xj0Xr2a9y-L9PdBZvrUsa-jxsZU
+LyA-YY4Ej6QwDBDTD2MGjF1E5_ekYgjoNlltM9rJjofruM4ym0n7LPHC7YXXQSEFOZYeTKi6wUDw
+hQ1DoWHgu4PQ2lexada8sxQdConbPe2iW16h-PrO5D12E4XbT00fqaMlBmjQwzdNRdCC2NRPIQ5W
+nwaO8dZ9yjxsjT7ZVHb9-DRblb3XDocponzxVXqUGtJAie4WXQnerX0ApTWGaHEr5y56JJVS_3LP
+bKrbXBXcs4jTUX4ECXRrOs8JQDQNysXhvTPCu0XUxNZpjx6KLxDs93k2OcESHjl5J6n6OKKJqqoN
+JEyFO5LGXpnmUJbn0-CaHHPRI1mHwEu4brY8wDZd9A0PD1KGXDoCHMfEk1lGblQdyOcVrXZ6uSBk
+Z6zHDnwSCHO1mPYqtelJQehZoFuPSv9PIgKLxs_qJOtZFnXII5YO1mGXgiIBWBjUFDR5HG4ENS6y
+J4MCF-JLMp-PVMAkOaCIQRRDpRnMm_fT1sc_P562Diu_pcdt-r55pMFQYGoGfjRmxQBKk0-SsdnP
+mlZIiis9DfQEN0q3QQdNRYBJD7tmhUwhAPZdLgXqJA8sZf8UyFQhhpsky79NT343YL9smUlF
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- $dot := default . .dot -}}
+{{- $trustedDomain := default "cluster.local" $dot.Values.serviceMesh.authorizationPolicy.trustedDomain -}}
+{{- $authorizedPrincipals := default list $dot.Values.serviceMesh.authorizationPolicy.authorizedPrincipals -}}
+{{- $authorizedPrincipalsMetrics := default list $dot.Values.serviceMesh.authorizationPolicy.authorizedPrincipalsMetrics -}}
+{{- $defaultOperationMethods := list "GET" "POST" "PUT" "PATCH" "DELETE" -}}
+{{- $relName := include "common.release" . -}}
+
+{{- if (include "common.useAuthorizationPolicies" .) }}
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+ name: {{ include "common.fullname" (dict "suffix" "authz" "dot" . )}}
+ namespace: {{ include "common.namespace" . }}
+ labels: {{- include "common.labels" . | nindent 4 }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ action: ALLOW
+ rules:
+{{- if $authorizedPrincipals }}
+{{- range $principal := $authorizedPrincipals }}
+ - from:
+ - source:
+ principals:
+{{- $namespace := default "onap" $principal.namespace -}}
+{{- if eq "onap" $namespace }}
+ - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $relName }}-{{ $principal.serviceAccount }}"
+{{- else }}
+ - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $principal.serviceAccount }}"
+{{- end }}
+ to:
+ - operation:
+ methods:
+{{- if $principal.allowedOperationMethods }}
+{{- range $method := $principal.allowedOperationMethods }}
+ - {{ $method }}
+{{- end }}
+{{- else }}
+{{- range $method := $defaultOperationMethods }}
+ - {{ $method }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+---
+{{- if (include "common.useAuthorizationPolicies" .) }}
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+ name: {{ include "common.fullname" (dict "suffix" "metrics-authz" "dot" . )}}
+ namespace: {{ include "common.namespace" . }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}-metrics
+ action: ALLOW
+ rules:
+{{- if $authorizedPrincipalsMetrics }}
+{{- range $principal := $authorizedPrincipalsMetrics }}
+ - from:
+ - source:
+ principals:
+{{- $namespace := default "onap" $principal.namespace -}}
+{{- if eq "onap" $namespace }}
+ - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $relName }}-{{ $principal.serviceAccount }}"
+{{- else }}
+ - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $principal.serviceAccount }}"
+{{- end }}
+ to:
+ - operation:
+ methods:
+{{- if $principal.allowedOperationMethods }}
+{{- range $method := $principal.allowedOperationMethods }}
+ - {{ $method }}
+{{- end }}
+{{- else }}
+{{- range $method := $defaultOperationMethods }}
+ - {{ $method }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# this is a shared resource for subcharts
+*/}}
+{{ include "common.log.configMap" . }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: aai-deployment-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels: {{- include "common.labels" . | nindent 4 }}
+data:
+{{ tpl (.Files.Glob "resources/config/haproxy/resolvers.conf").AsConfig . | indent 2 }}
+{{ if .Values.global.installSidecarSecurity }}
+{{ tpl (.Files.Glob "resources/config/haproxy/haproxy-pluggable-security.cfg").AsConfig . | indent 2 }}
+{{ else }}
+{{ tpl (.Files.Glob "resources/config/haproxy/haproxy.cfg").AsConfig . | indent 2 }}
+{{ end }}
+{{ if .Values.global.installSidecarSecurity }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: aai-fproxy-auth-certs
+ namespace: {{ include "common.namespace" . }}
+ labels: {{- include "common.labels" . | nindent 4 }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/config/fproxy/auth/*").AsSecrets . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: aai-rproxy-auth-certs
+ namespace: {{ include "common.namespace" . }}
+ labels: {{- include "common.labels" . | nindent 4 }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/config/rproxy/auth/*").AsSecrets . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: aai-rproxy-security-config
+ namespace: {{ include "common.namespace" . }}
+ labels: {{- include "common.labels" . | nindent 4 }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/config/rproxy/security/*").AsSecrets . | indent 2 }}
+{{ end }}
--- /dev/null
+{{/*
+# Copyright (c) 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright (c) 2020 Nokia, Orange
+# Modifications Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" (dict "annotations" .Values.annotations "dot" .) | nindent 2 }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ replicas: {{ .Values.replicaCount }}
+ revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
+ strategy:
+ type: {{ .Values.updateStrategy.type }}
+ {{- if (eq "RollingUpdate" .Values.updateStrategy.type) }}
+ rollingUpdate:
+ maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ .Values.updateStrategy.maxSurge }}
+ {{- end }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }}
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
+ initContainers:
+ - command: ["/bin/sh","-c"]
+ args: ['cp -R /usr/local/etc/haproxy /usr/local/etc/haproxy_rw/']
+ image: '{{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}'
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: copy-haproxy-config
+ resources:
+ limits:
+ cpu: 100m
+ memory: 200Mi
+ requests:
+ cpu: 2m
+ memory: 100Mi
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
+ terminationMessagePath: /dev/termination-log
+ terminationMessagePolicy: File
+ volumeMounts:
+ - mountPath: /usr/local/etc/haproxy_rw
+ name: haproxy-etc
+ containers:
+ - name: {{ include "common.name" . }}
+ image: '{{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}'
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /usr/local/etc/haproxy
+ name: haproxy-etc
+ - mountPath: /usr/local/etc/haproxy/resolvers.conf
+ name: haproxy-config
+ subPath: resolvers.conf
+ readOnly: true
+ - mountPath: /usr/local/etc/haproxy/haproxy.cfg
+ {{ if .Values.global.installSidecarSecurity }}
+ subPath: haproxy-pluggable-security.cfg
+ {{ else }}
+ subPath: haproxy.cfg
+ {{ end }}
+ name: haproxy-config
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ - containerPort: {{ .Values.metricsService.internalPort }}
+ name: {{ .Values.metricsService.portName }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
+ resources: {{ include "common.resources" . | nindent 10 }}
+ readinessProbe:
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+ {{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
+ volumes:
+ - name: haproxy-config
+ configMap:
+ name: aai-deployment-configmap
+ - name: haproxy-etc
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.haProxySizeLimit }}
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
--- /dev/null
+{{ include "common.ingress" . }}
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: aai-common-aai-auth
+ namespace: {{ include "common.namespace" . }}
+ labels: {{- include "common.labels" . | nindent 4 }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/config/auth/*").AsSecrets . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: aai-common-truststore
+ namespace: {{ include "common.namespace" . }}
+ labels: {{- include "common.labels" . | nindent 4 }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/config/aai/*").AsSecrets . | indent 2 }}
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels: {{- include "common.labels" . | nindent 4 }}
+spec:
+ ports:
+ - name: {{ .Values.service.portName }}
+ port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ {{- if eq .Values.service.type "NodePort" }}
+ {{ if not (include "common.ingressEnabled" .) }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ {{ end }}
+ {{- end }}
+ type: {{ if (include "common.ingressEnabled" .) }}ClusterIP{{ else }}{{ .Values.service.type }}{{ end }}
+ selector: {{- include "common.matchLabels" . | nindent 4 }}
+ sessionAffinity: {{ .Values.service.sessionAffinity }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}-internal
+ namespace: {{ include "common.namespace" . }}
+ labels: {{- include "common.labels" . | nindent 4 }}
+spec:
+ ports:
+ - name: {{ .Values.service.portName }}
+ port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ type: ClusterIP
+ selector: {{- include "common.matchLabels" . | nindent 4 }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}-metrics
+ namespace: {{ include "common.namespace" . }}
+ labels: {{- include "common.labels" . | nindent 4 }}
+spec:
+ ports:
+ - port: {{ .Values.metricsService.externalPort }}
+ targetPort: {{ .Values.metricsService.internalPort }}
+ name: {{ .Values.metricsService.portName }}
+ type: {{ .Values.metricsService.type }}
+ selector: {{- include "common.matchLabels" . | nindent 4 }}
+ clusterIP: None
--- /dev/null
+{{- if .Values.metrics.serviceMonitor.enabled }}
+{{ include "common.serviceMonitor" . }}
+{{- end }}
--- /dev/null
+# Copyright (c) 2017 Amdocs, Bell Canada
+# Modifications Copyright (c) 2018 AT&T
+# Modifications Copyright (c) 2020 Nokia, Orange
+# Modifications Copyright (c) 2021 Orange
+# Modifications Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Default values for aai.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+global: # global defaults
+ nodePortPrefix: 302
+ repository: nexus3.onap.org:10001
+ dockerhubRepository: docker.io
+ busyboxImage: busybox
+
+ readinessImage: onap/oom/readiness:6.1.2
+
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+
+ restartPolicy: Always
+
+ centralizedLoggingEnabled: false
+
+ tracing:
+ enabled: false
+ collector:
+ baseUrl: http://jaeger-collector.istio-config:9411
+ sampling:
+ probability: 1.0 # percentage of requests that are sampled (between 0-1/0%-100%)
+
+ cassandra:
+ #This will instantiate AAI cassandra cluster, default:shared cassandra.
+ localCluster: false
+
+ # in case of a local cassandra cluster
+ # flag to enable the DB creation via k8ssandra-operator
+ useOperator: true
+ # if useOperator set to "true", set "enableServiceAccount to "false"
+ # as the SA is created by the Operator
+ enableServiceAccount: false
+
+ #Service Name of the cassandra cluster to connect to.
+ #Override it to aai-cassandra if localCluster is enabled.
+ #in case of using k8ssandra-operator in the common cassandra installation
+ #the service name is:
+ serviceName: cassandra-dc1-service
+ #in case of local k8ssandra-operator instance it is
+ #serviceName: aai-cassandra-dc1-service
+ #in case the older cassandra installation is used:
+ #serviceName: cassandra
+
+ #This should be same as shared cassandra instance or if localCluster is enabled
+ #then it should be same as aai-cassandra replicaCount
+ replicas: 3
+
+ #Cassandra login details
+ username: cassandra
+ password: cassandra
+
+ #Cassandra datacenter name
+ localDataCenter: dc1
+
+ # The name of Cassandra cluster's partitioner.
+ # It will be retrieved by client if not provided.
+ # See storage.cql.partitioner-name in https://docs.janusgraph.org/v0.6/configs/configuration-reference/#storagecql
+ partitionerName: org.apache.cassandra.dht.Murmur3Partitioner
+
+ aai:
+ serviceName: aai
+ babel:
+ serviceName: aai-babel
+ aaiElasticsearch:
+ serviceName: aai-elasticsearch
+ resources:
+ serviceName: aai-resources
+ sparkyBe:
+ serviceName: aai-sparky-be
+ modelloader:
+ serviceName: aai-modelloader
+ searchData:
+ serviceName: aai-search-data
+ traversal:
+ serviceName: aai-traversal
+ graphadmin:
+ serviceName: aai-graphadmin
+
+ initContainers:
+ enabled: true
+ # Specifies a list of jobs to be run
+ jobs:
+ # When enabled, it will create the schema based on oxm and edge rules
+ createSchema:
+ enabled: true
+ # When enabled, it will create the widget models via REST API to haproxy
+ updateQueryData:
+ enabled: true
+ #migration using helm hooks
+ migration:
+ enabled: false
+ remoteCassandra:
+ enabled: false
+ storage:
+ backend: cassandra
+ hostname: 10.10.10.10
+ connectionTimeout: 100000
+ cacheSize: 1000000
+ keyConsistent: true
+
+ #If backend is cql or cassandra it should be keyspace name
+ #else backend is hbase it should be hbase table name
+ name: aaigraph
+
+ ## CQL driver specific properties for janusgraph
+ # cql:
+ # #Name of the Cassandra Cluster
+ # cluster: someclustername
+ # readConsistency: QUORUM
+ # writeConsistency: QUORUM
+ # replicationFactor: 3
+ # localConsistencyForSysOps: true
+
+ ## Cassandra driver specific properties for janusgraph
+ cassandra:
+ #Name of the Cassandra Cluster
+ clusterName: aai-cluster
+ localDataCenter: Pod lab
+ readConsistency: LOCAL_QUORUM
+ writeConsistency: LOCAL_QUORUM
+ replicationFactor: 3
+
+ #storage:
+ # backend: cassandra
+ # hostname: somehost1,somehost2,somehost3
+ # connectionTimeout: 100000
+ # cacheSize: 1000000
+ # clusterName: someClusterName
+ # localDataCenter: someDataCenter
+ # keyConsistent: true
+ # #If backend is cql or cassandra it should be keyspace name
+ # #else backend is hbase it should be hbase table name
+ # name: your_hbase_table_or_keyspace_name
+
+ ## CQL driver specific properties for janusgraph
+ # cql:
+ # #Name of the Cassandra Cluster
+ # cluster: someclustername
+ # readConsistency: QUORUM
+ # writeConsistency: QUORUM
+ # replicationFactor: 3
+ # localConsistencyForSysOps: true
+
+ ## Cassandra driver specific properties for janusgraph
+ # cassandra:
+ # #Name of the Cassandra Cluster
+ # cluster: someclustername
+ # readConsistency: LOCAL_QUORUM
+ # writeConsistency: LOCAL_QUORUM
+ # replicationFactor: 3
+
+
+ # Common configuration for resources traversal and graphadmin
+ config:
+ # User information for the admin user in container
+ userId: 1000
+ groupId: 1000
+
+ # Specifies that the cluster connected to a dynamic
+ # cluster being spinned up by kubernetes deployment
+ cluster:
+ cassandra:
+ dynamic: true
+
+ # If cluster.cassandra.dynamic is set to false
+ # Then the following configuration should be uncommented
+ # This is if you are planning to connect to a existing
+ # Cassandra cluster instead of doing the deployment
+ #storage:
+ # backend: cassandra
+ # hostname: somehost1,somehost2,somehost3
+ # connectionTimeout: 100000
+ # cacheSize: 1000000
+ # clusterName: someClusterName
+ # localDataCenter: someDataCenter
+ # keyConsistent: true
+ # # If backend is cql or cassandra it should be keyspace name
+ # # else backend is hbase it should be hbase table name
+ # name: your_hbase_table_or_keyspace_name
+
+ # # CQL driver specific properties for janusgraph
+ # cql:
+ # # Name of the Cassandra Cluster
+ # cluster: someclustername
+ # readConsistency: QUORUM
+ # writeConsistency: QUORUM
+ # replicationFactor: 3
+ # localConsistencyForSysOps: true
+
+ # # Cassandra driver specific properties for janusgraph
+ # cassandra:
+ # # Name of the Cassandra Cluster
+ # cluster: someclustername
+ # readConsistency: LOCAL_QUORUM
+ # writeConsistency: LOCAL_QUORUM
+ # replicationFactor: 3
+
+ # Specifies if the basic authorization is enabled
+ basic:
+ auth:
+ enabled: true
+ username: AAI
+ passwd: AAI
+
+ # Active spring profiles for the resources microservice
+ # aaf-auth profile will be automatically set if aaf enabled is set to true
+ profiles:
+ active: production,kafka #,aaf-auth
+
+ # Notification event specific properties
+ notification:
+ eventType: AAI-EVENT
+ domain: dev
+
+ # Schema specific properties that include supported versions of api
+ schema:
+ # Specifies if the connection should be one way ssl, two way ssl or no auth
+ # will be set to no-auth if tls is disabled
+ service:
+ client: no-auth
+ # Specifies which translator to use if it has schema-service, then it will make a rest request to schema service
+ translator:
+ list: schema-service
+ source:
+ # Specifies which folder to take a look at
+ name: onap
+ uri:
+ # Base URI Path of the application
+ base:
+ path: /aai
+ version:
+ # Current version of the REST API
+ api:
+ default: v30
+ # Specifies which version the depth parameter is configurable
+ depth: v11
+ # List of all the supported versions of the API
+ list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28,v29,v30
+ # Specifies from which version related link should appear
+ related:
+ link: v11
+ # Specifies from which version the app root change happened
+ app:
+ root: v11
+ # Specifies from which version the xml namespace changed
+ namespace:
+ change: v12
+ # Specifies from which version the edge label appeared in API
+ edge:
+ label: v12
+
+ # Keystore configuration password and filename
+ keystore:
+ filename: aai_keystore
+ passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 # changeit
+
+ # Truststore configuration password and filename
+ truststore:
+ filename: aai_keystore
+ passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 # changeit
+
+ # Specifies a list of files to be included in auth volume
+ auth:
+ files:
+ - aai_keystore
+
+ # Specifies which clients should always default to realtime graph connection
+ realtime:
+ clients: SDNC,MSO,SO,robot-ete
+
+ # Logback debug enabled
+ logback:
+ console:
+ # If enabled, container will print all logback to standard output
+ # This will make debugging much easier but it should only be done
+ # when debugging the issue and changed back as it can affect performance
+ # since when this is enabled, it prints a lot of information to console
+ enabled: false
+
+aai-babel:
+ logConfigMapNamePrefix: '{{ include "common.release" . }}-aai'
+aai-graphadmin:
+ logConfigMapNamePrefix: '{{ include "common.release" . }}-aai'
+aai-modelloader:
+ logConfigMapNamePrefix: '{{ include "common.release" . }}-aai'
+aai-resources:
+ logConfigMapNamePrefix: '{{ include "common.release" . }}-aai'
+aai-schema-service:
+ logConfigMapNamePrefix: '{{ include "common.release" . }}-aai'
+aai-sparky-be:
+ logConfigMapNamePrefix: '{{ include "common.release" . }}-aai'
+aai-traversal:
+ logConfigMapNamePrefix: '{{ include "common.release" . }}-aai'
+
+# application image
+dockerhubRepository: registry.hub.docker.com
+image: onap/aai-haproxy:1.15.2
+pullPolicy: Always
+
+flavor: small
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+config:
+ logstashServiceName: log-ls
+ logstashPort: 5044
+ # IP address of name server is needed in nginx configuration. The secure endpoint for logging with Keycloak need the ip address in the config file.
+ # You can find this ip address in the /etc/resolv.conf This file is generated by k8s. The name server ip address is in all k8s cluster the same.
+ NAME_SERVER: coredns.kube-system
+ # hold interval in seconds
+ DNS_REFRESH_INTERVAL: 5
+
+# default number of instances
+replicaCount: 1
+
+# number of ReplicaSets that should be retained for the Deployment
+revisionHistoryLimit: 1
+
+updateStrategy:
+ type: RollingUpdate
+ maxUnavailable: 33%
+ maxSurge: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# HAProxy configuration to block HTTP requests to AAI based on configurable URL patterns
+haproxy:
+ initContainers:
+ resources:
+ cpu: "50m"
+ memory: "500Mi"
+ requestBlocking:
+ enabled: false
+ customConfigs: []
+ replicas:
+ aaiResources: 3
+ aaiTraversal: 3
+ # stickiness based on path.
+ # For multiple replicas, requests will not be distributed evenly
+ stickOnPath: true
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+#This section is used when localCluster is enabled. AAI will create its own cassandra cluster for its specific use.
+#Below command will instantiate the aai cassandra instances:
+#helm deploy demo local/onap --version=4.0.0 --namespace onap --set aai.enabled=true \
+# --set aai.global.cassandra.localCluster=true \
+# --set aai.global.cassandra.serviceName=aai-cassandra
+cassandra:
+ nameOverride: aai-cassandra
+ serviceAccount:
+ nameOverride: aai-cassandra
+ replicaCount: 3
+ service:
+ name: aai-cassandra
+ persistence:
+ mountSubPath: aai/cassandra
+ enabled: true
+ k8ssandraOperator:
+ config:
+ clusterName: aai-cassandra
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+
+service:
+ type: NodePort
+ portName: http
+ externalPort: 80
+ internalPort: 8080
+ nodePort: 33
+ sessionAffinity: None
+
+metricsService:
+ type: ClusterIP
+ portName: http-pro
+ externalPort: 8448
+ internalPort: 8448
+
+metrics:
+ serviceMonitor:
+ enabled: true
+ targetPort: 8448
+ path: /metrics
+ basicAuth:
+ enabled: false
+
+ selector:
+ app: '{{ include "common.name" . }}-metrics'
+ helm.sh/chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
+ app.kubernetes.io/instance: '{{ include "common.release" . }}'
+ app.kubernetes.io/managed-by: '{{ .Release.Service }}'
+
+ relabelings: []
+
+ metricRelabelings: []
+
+ingress:
+ enabled: false
+ service:
+ - baseaddr: "aai-api"
+ name: "aai"
+ port: 80
+ config:
+ ssl: "redirect"
+
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipalsMetrics: []
+ authorizedPrincipals:
+ - serviceAccount: aai-graphadmin-read
+ - serviceAccount: aai-modelloader-read
+ - serviceAccount: aai-resources-read
+ - serviceAccount: aai-schema-service-read
+ - serviceAccount: aai-traversal-read
+ - serviceAccount: cds-blueprints-processor-read
+ - serviceAccount: consul-read
+ - serviceAccount: dcae-prh-read
+ - serviceAccount: dcae-slice-analysis-ms-read
+ - serviceAccount: dcae-tcagen2
+ - serviceAccount: nbi-read
+ - serviceAccount: sdnc-read
+ - serviceAccount: so-read
+ - serviceAccount: so-bpmn-infra-read
+ - serviceAccount: so-cnf-adapter-read
+ - serviceAccount: so-nssmf-adapter-read
+ - serviceAccount: so-etsi-nfvo-ns-lcm-read
+ - serviceAccount: so-etsi-sol003-adapter-read
+ - serviceAccount: so-openstack-adapter-read
+ - serviceAccount: so-sdc-controller-read
+ - serviceAccount: so-ve-vnfm-adapter
+ - serviceAccount: istio-ingress
+ namespace: istio-ingress
+
+resources:
+ small:
+ limits:
+ cpu: "2"
+ memory: "4Gi"
+ requests:
+ cpu: "500m"
+ memory: "1200Mi"
+ large:
+ limits:
+ cpu: "4"
+ memory: "8Gi"
+ requests:
+ cpu: "1"
+ memory: "2400Mi"
+ unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: aai
+ roles:
+ - read
+
+securityContext:
+ user_id: 99
+ group_id: 99
+
+volumes:
+ haProxySizeLimit: 20Mi
+
+podAnnotations:
+ checksum/config: '{{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}'
Code Review / oom.git / blobdiff