X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Fso%2Fvalues.yaml;h=4f64dac032740cdc6e8aaca2e19cbef60cfc25b6;hb=ad61ccf6cccbe9a9637ef97eb98cee8dd70dce11;hp=464801570b56eeaa693e36bfb0ed0986ba5bad2b;hpb=c28ecc68065746659cdf858946cf09cd60d3629c;p=oom.git diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml index 464801570b..ce7ee71032 100755 --- a/kubernetes/so/values.yaml +++ b/kubernetes/so/values.yaml @@ -1,5 +1,6 @@ # Copyright © 2018 AT&T USA # Copyright © 2020 Huawei +# Copyright © 2021 Orange # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -17,12 +18,7 @@ global: nodePortPrefix: 302 nodePortPrefixExt: 304 - repository: nexus3.onap.org:10001 - readinessImage: onap/oom/readiness:3.0.1 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - soBaseImage: onap/so/base-image:1.0 - aafAgentImage: onap/aaf/aaf_agent:2.1.20 + centralizedLoggingEnabled: true mariadbGalera: nameOverride: mariadb-galera serviceName: mariadb-galera @@ -49,26 +45,17 @@ global: dbPassword: secretpassword # dbCredsExternalSecret: some secret msbEnabled: true - security: - aaf: - enabled: false - aaf: - auth: - header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo= - encrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456 app: siteName: onapheat auth: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456 defaultCloudOwner: onap - client: - certs: - truststore: /app/client/org.onap.so.trust.jks - keystore: /app/client/org.onap.so.jks - trustStorePassword: LHN4Iy5DKlcpXXdWZ0pDNmNjRkhJIzpI - keyStorePassword: c280b25hcA== - certificates: - path: /etc/ssl/certs - share_path: /usr/local/share/ca-certificates/ + + soSdcListenerKafkaUser: so-sdc-list-user + +readinessCheck: + wait_for: + jobs: + - '{{ include "common.release" . }}-so-mariadb-config-job' ################################################################# # Secrets metaconfig @@ -77,7 +64,11 @@ secrets: - uid: db-root-pass name: &dbRootPassSecretName '{{ include "common.release" . }}-so-db-root-pass' type: password - externalSecret: '{{ ternary .Values.global.mariadbGalera.rootPasswordExternalSecret (default (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) .Values.global.mariadbGalera.rootPasswordExternalSecret) .Values.global.mariadbGalera.localCluster }}' + externalSecret: '{{ .Values.global.mariadbGalera.localCluster | ternary + .Values.global.mariadbGalera.rootPasswordExternalSecret + (default (include "common.mariadb.secret.rootPassSecretName" + (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) + .Values.global.mariadbGalera.rootPasswordExternalSecret) }}' password: '{{ .Values.global.mariadbGalera.mariadbRootpassword }}' - uid: db-backup-creds name: &dbBackupCredsSecretName '{{ include "common.release" . }}-so-db-backup-creds' @@ -104,12 +95,6 @@ secrets: login: '{{ .Values.dbCreds.adminName }}' password: '{{ .Values.dbCreds.adminPassword }}' passwordPolicy: generate - - uid: 'so-onap-certs' - name: &so-certs '{{ include "common.release" . }}-so-certs' - externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' - type: generic - filePaths: - - resources/config/certificates/msb-ca.crt - uid: 'mso-key' name: &mso-key '{{ include "common.release" . }}-mso-key' type: password @@ -134,13 +119,6 @@ secrets: login: '{{ .Values.server.bpel.username }}' password: '{{ .Values.server.bpel.password }}' passwordPolicy: required - - uid: so-aaf-creds - name: &aaf-secrets '{{ include "common.release" . }}-so-server-aaf-creds' - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.server.aafCredsExternalSecret) . }}' - login: '{{ .Values.server.aaf.username }}' - password: '{{ .Values.server.aaf.password }}' - passwordPolicy: required - uid: so-aai-creds name: &aai-secrets '{{ include "common.release" . }}-so-server-aai-creds' type: basicAuth @@ -149,14 +127,7 @@ secrets: password: '{{ .Values.server.aai.password }}' passwordPolicy: required -aafConfig: - permission_user: 1000 - permission_group: 999 - -aaf: - trustore: org.onap.so.trust.jks - -################################################################# +################################################################## # Application configuration defaults. ################################################################# @@ -169,11 +140,9 @@ dbCreds: userName: so_user adminName: so_admin +image: onap/so/api-handler-infra:1.11.0 + server: - aaf: - username: so@so.onap.org - password: demo123456 - # aafCredsExternalSecret: some secret aai: username: aai@aai.onap.org password: demo123456! @@ -187,47 +156,398 @@ server: password: password1$ # bpelCredsExternalSecret: some secret -repository: nexus3.onap.org:10001 -image: onap/so/api-handler-infra:1.6.4 pullPolicy: Always - replicaCount: 1 minReadySeconds: 10 - containerPort: &containerPort 8080 - logPath: ./logs/apih/ - app: api-handler-infra - service: type: NodePort - nodePort: 77 internalPort: *containerPort - externalPort: *containerPort - portName: so-apih-port + ports: + - name: http + port: *containerPort + nodePort: '77' + annotations: + msb.onap.org/service-info: | + {{ if .Values.global.msbEnabled -}}[ + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/cloudResources/{version:[vV][1]}/operationalEnvironments", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/cloudResources/{version:[vV][1]}/operationalEnvironments/{operationalEnvironmentId}/activate", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/cloudResources/{version:[vV][1]}/operationalEnvironments/{operationalEnvironmentId}/deactivate", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/cloudResourcesRequests/{version:[vV][1]}/{requestId}/unlock", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/cloudResourcesRequests/{version:[vV][1]}", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/orchestrationRequests/{version:[vV][4-7]}/{requestId}", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/orchestrationRequests/{version:[vV][4-7]}", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/orchestrationRequests/{version:[vV][4-7]}/{requestId}/unlock", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/activate", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/deactivate", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][7]}/serviceInstances/assign", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiation/{version:[vV][7]}/serviceInstances/{serviceInstanceId}/unassign", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/configurations", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/configurations/{configurationInstanceId}", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/configurations/{configurationInstanceId}/enablePort", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/configurations/{configurationInstanceId}/disablePort", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/configurations/{configurationInstanceId}/activate", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/configurations/{configurationInstanceId}/deactivate", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][6-7]}/serviceInstances/{serviceInstanceId}/addRelationships", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiation/{version:[vV][6-7]}/serviceInstances/{serviceInstanceId}/removeRelationships", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/replace", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiation/{version:[vV][6-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/applyUpdatedConfig", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/vfModules", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/vfModules/{vfmoduleInstanceId}/replace", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/vfModules/{vfmoduleInstanceId}", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][6-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/inPlaceSoftwareUpdate", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/vfModules/{vfmoduleInstanceId}", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiation/{version:[vV][7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/vfModules/{vfmoduleInstanceId}/deactivateAndCloudDelete", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiation/{version:[vV][7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/vfModules/scaleOut", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/volumeGroups", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/volumeGroups/{volumeGroupInstanceId}", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/volumeGroups/{volumeGroupInstanceId}", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/networks", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/networks/{networkInstanceId}", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/networks/{networkInstanceId}", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + } + ]{{ end }} updateStrategy: type: RollingUpdate maxUnavailable: 1 maxSurge: 1 -################################################################# +################################################################ # soHelpers part ################################################################# soHelpers: - nameOverride: so-apih-cert-init - certInitializer: - nameOverride: so-apih-cert-init - credsPath: /opt/app/osaaf/local - certSecret: *so-certs containerPort: *containerPort # Resource Limit flavor -By Default using small flavor: small # Segregation for Different environment (Small and Large) -persistence: - certificatesPath: /certificates resources: small: limits: @@ -252,6 +572,8 @@ affinity: {} config: logstashServiceName: log-ls logstashPort: 5044 + # "KEYSTONE" for keystone v2, "KEYSTONE_V3" for keystone v3 + openStackKeystoneVersion: "KEYSTONE" #Used only if localCluster is enabled. Instantiates SO's own cassandra cluster #helm deploy demo local/onap --namespace onap --verbose --set so.enabled=true \ @@ -259,24 +581,22 @@ config: # --set so.global.mariadbGalera.nameOverride=so-mariadb-galera \ # --set so.global.mariadbGalera.serviceName=so-mariadb-galera mariadb-galera: - config: - mariadbRootPasswordExternalSecret: *dbRootPassSecretName - nameOverride: so-mariadb-galera + rootUser: + externalSecret: *dbRootPassSecretName + nameOverride: &so-mariadb so-mariadb-galera replicaCount: 1 - service: - name: so-mariadb-galera persistence: mountSubPath: so/mariadb-galera/data enabled: true + serviceAccount: + nameOverride: *so-mariadb ingress: enabled: false service: - - baseaddr: 'so.api' + - baseaddr: 'so-api' name: 'so' port: 8080 - config: - ssl: 'none' mso: adapters: @@ -299,16 +619,10 @@ mso: health: auth: basic bXNvX2FkbWlufHBhc3N3b3JkMSQ= -so-appc-orchestrator: - enabled: true - server: - actuatorCredsExternalSecret: *actuator-secrets - db: - <<: *dbSecrets - so-bpmn-infra: db: <<: *dbSecrets + logConfigMapNamePrefix: '{{ include "common.release" . }}-so' so-catalog-db-adapter: enabled: true @@ -317,8 +631,9 @@ so-catalog-db-adapter: so-cnf-adapter: enabled: true + db: + <<: *dbSecrets server: - aafCredsExternalSecret: *aaf-secrets aaiCredsExternalSecret: *aai-secrets actuatorCredsExternalSecret: *actuator-secrets mso: @@ -337,7 +652,7 @@ so-mariadb: userCredsExternalSecret: *dbUserCredsSecretName adminCredsExternalSecret: *dbAdminCredsSecretName -so-monitoring: +so-admin-cockpit: enabled: true db: <<: *dbSecrets @@ -359,11 +674,13 @@ so-oof-adapter: camundaAuth: AE2E9BE6EF9249085AF98689C4EE087736A5500629A72F35068FFB88813A023581DD6E765071F1C04075B36EA4213A oof: authSecret: *mso-oof-auth + logConfigMapNamePrefix: '{{ include "common.release" . }}-so' so-openstack-adapter: enabled: true db: <<: *dbSecrets + logConfigMapNamePrefix: '{{ include "common.release" . }}-so' so-request-db-adapter: db: @@ -372,19 +689,35 @@ so-request-db-adapter: so-sdc-controller: db: <<: *dbSecrets + logConfigMapNamePrefix: '{{ include "common.release" . }}-so' + config: + jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.soSdcListenerKafkaUser }}' so-sdnc-adapter: enabled: true db: <<: *dbSecrets + mso: + msoKeySecret: *mso-key + logConfigMapNamePrefix: '{{ include "common.release" . }}-so' so-ve-vnfm-adapter: - enabled: true + enabled: false -so-vfc-adapter: +so-etsi-sol005-adapter: enabled: true db: <<: *dbSecrets -so-vnfm-adapter: +so-etsi-sol003-adapter: enabled: true + +#Pods Service Account +serviceAccount: + nameOverride: so + roles: + - read + +#Log configuration +log: + path: /var/log/onap