.. This work is licensed under a Creative Commons Attribution 4.0 International License.
.. http://creativecommons.org/licenses/by/4.0
.. Copyright 2018 Amdocs, Bell Canada
+.. _master_index:
OOM Documentation Repository
.. International License.
.. http://creativecommons.org/licenses/by/4.0
.. Copyright 2019 Amdocs, Bell Canada
+.. _oom_cloud_setup_guide:
.. Links
.. _Microsoft Azure: https://wiki.onap.org/display/DW/Cloud+Native+Deployment#CloudNativeDeployment-MicrosoftAzure
.. This work is licensed under a Creative Commons Attribution 4.0 International License.
.. http://creativecommons.org/licenses/by/4.0
.. Copyright 2018 Amdocs, Bell Canada
+.. _oom_project_description:
ONAP Operations Manager Project
###############################
.. Creative Commons Attribution 4.0 International License.
.. http://creativecommons.org/licenses/by/4.0
.. Copyright 2019 Amdocs, Bell Canada
-
+.. _oom_quickstart_guide:
.. _quick-start-label:
OOM Quick Start Guide
.. This work is licensed under a Creative Commons Attribution 4.0 International License.
.. http://creativecommons.org/licenses/by/4.0
.. Copyright 2018 Amdocs, Bell Canada
+.. _oom_user_guide:
.. Links
.. _Curated applications for Kubernetes: https://github.com/kubernetes/charts
.. http://creativecommons.org/licenses/by/4.0
.. Copyright 2017 Bell Canada & Amdocs Intellectual Property. All rights
.. reserved.
+.. _release_notes:
.. Links
.. _release-notes-label:
* Automated rolling upgrades for applications
* In-place schema and data migrations
* Blue-Green deployment environment migration (e.g. Pre-prod to Prod)
- * Upgrades from embedded database instance into shared database instance
+ * Upgrades from embedded database instance into shared database instance
* Release-to-release upgrade support delivered for the following projects
* [`OOM-52 <https://jira.onap.org/browse/OOM-52>`_] - OOM ONAP Configuration Management - Parameterization of docker images
* [`OOM-53 <https://jira.onap.org/browse/OOM-53>`_] - OOM ONAP Configuration Management - Parameterization for Sizing
* [`OOM-63 <https://jira.onap.org/browse/OOM-63>`_] - Kubernetes cluster created by TOSCA description
-* [`OOM-85 <https://jira.onap.org/browse/OOM-85>`_] - Test the code in the “Lab” project environment
+* [`OOM-85 <https://jira.onap.org/browse/OOM-85>`_] - Test the code in the "Lab" project environment
* [`OOM-86 <https://jira.onap.org/browse/OOM-86>`_] - Monitoring the health status of ONAP components
* [`OOM-87 <https://jira.onap.org/browse/OOM-87>`_] - Configure TOSCA description via dashboard
* [`OOM-88 <https://jira.onap.org/browse/OOM-88>`_] - Deploy Holmes on K8S cluster by TOSCA description
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
+ initContainers:
+ - name: fix-permission
+ command:
+ - /bin/sh
+ args:
+ - -c
+ - |
+ chmod -R 775 /opt/app/aaf/status
+ chown -R 1000:1000 /opt/app/aaf/status
+ chmod -R 775 /var/lib/cassandra
+ chown -R 1000:1000 /var/lib/cassandra
+ image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /opt/app/aaf/status
+ name: aaf-status-vol
+ - mountPath: /var/lib/cassandra
+ name: aaf-cass-vol
containers:
- name: {{ include "common.name" . }}
image: {{ .Values.global.repository }}/{{.Values.global.aaf.cass.image}}
value: {{.Values.global.aaf.cass.cluster_name}}
- name: CASSANDRA_DC
value: {{.Values.global.aaf.cass.dc}}
+ - name: CQLSH
+ value: "/opt/cassandra/bin/cqlsh"
- name: HEAP_NEWSIZE
value: {{.Values.global.aaf.cass.heap_new_size}}
- name: MAX_HEAP_SIZE
# Copyright © 2017 Amdocs, Bell Canada
+# Modifications © 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
flavor: small
#################################################################
release: {{ include "common.release" . }}
spec:
initContainers:
+ - name: fix-permission
+ command:
+ - /bin/sh
+ args:
+ - -c
+ - |
+ chmod -R 775 /opt/app/aaf/status
+ chown -R 1000:1000 /opt/app/aaf/status
+ chmod -R 775 /opt/app/osaaf
+ chown -R 1000:1000 /opt/app/osaaf
+ image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /opt/app/aaf/status
+ name: aaf-status-vol
+ - mountPath: /opt/app/osaaf
+ name: aaf-config-vol
- name: {{ include "common.name" . }}-config-container
image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["bash","-c","cd /opt/app/aaf_config && bin/pod_wait.sh config aaf-service remove && bin/agent.sh"]
+ command: ["bash","-c","cd /opt/app/aaf_config && bin/pod_wait.sh config aaf-service aaf-locate remove && bin/agent.sh"]
volumeMounts:
- mountPath: "/opt/app/osaaf"
name: aaf-config-vol
# Copyright © 2017 Amdocs, Bell Canada
+# Modifications © 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
flavor: small
+
#################################################################
# Application configuration defaults.
#################################################################
release: {{ include "common.release" . }}
spec:
initContainers:
+ - name: fix-permission
+ command:
+ - /bin/sh
+ args:
+ - -c
+ - |
+ chmod -R 775 /opt/app/aaf/status
+ chown -R 1000:1000 /opt/app/aaf/status
+ chmod -R 775 /opt/app/osaaf
+ chown -R 1000:1000 /opt/app/osaaf
+ image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /opt/app/osaaf
+ name: aaf-config-vol
+ - mountPath: /opt/app/aaf/status
+ name: aaf-status-vol
- name: {{ include "common.name" . }}-config-container
image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["bash","-c","cd /opt/app/aaf_config && bin/pod_wait.sh config aaf-service remove && bin/agent.sh"]
+ command: ["bash","-c","cd /opt/app/aaf_config && bin/pod_wait.sh config aaf-service aaf-locate remove && bin/agent.sh"]
volumeMounts:
- mountPath: "/opt/app/osaaf"
name: aaf-config-vol
# Copyright © 2017 Amdocs, Bell Canada
+# Modifications © 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
flavor: small
+
#################################################################
# Application configuration defaults.
#################################################################
release: {{ include "common.release" . }}
spec:
initContainers:
+ - name: fix-permission
+ command:
+ - /bin/sh
+ args:
+ - -c
+ - |
+ chmod -R 775 /opt/app/aaf/status
+ chown -R 1000:1000 /opt/app/aaf/status
+ chmod -R 775 /opt/app/osaaf
+ chown -R 1000:1000 /opt/app/osaaf
+ image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /opt/app/osaaf
+ name: aaf-config-vol
+ - mountPath: /opt/app/aaf/status
+ name: aaf-status-vol
- name: {{ include "common.name" . }}-config-container
image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["bash","-c","cd /opt/app/aaf_config && bin/pod_wait.sh config aaf-service remove && bin/agent.sh"]
+ command: ["bash","-c","cd /opt/app/aaf_config && bin/pod_wait.sh config aaf-service aaf-locate remove && bin/agent.sh"]
volumeMounts:
- mountPath: "/opt/app/osaaf"
name: aaf-config-vol
-
# Copyright © 2017 Amdocs, Bell Canada
+# Modifications © 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
flavor: small
#################################################################
# Application configuration defaults.
name: {{ include "common.fullname" . }}
spec:
capacity:
- storage: {{ .Values.persistence.config.size}}
+ storage: {{ .Values.persistence.size}}
accessModes:
- - {{ .Values.persistence.config.accessMode }}
- persistentVolumeReclaimPolicy: {{ .Values.persistence.config.volumeReclaimPolicy }}
+ - {{ .Values.persistence.accessMode }}
+ persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
hostPath:
path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }}
storageClassName: "{{ include "common.fullname" . }}-data"
release: {{ include "common.release" . }}
spec:
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: aaf-hello-vol
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: aaf-hello-vol
{{- if and .Values.persistence.enabled }}
- persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-aaf-hello-pvc
+ persistentVolumeClaim:
+ claimName: {{ include "common.release" . }}-aaf-hello-pvc
{{- else }}
- emptyDir: {}
+ emptyDir: {}
{{- end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
initContainers:
- - name: {{ include "common.name" . }}-config
+ - name: fix-permission
+ command: ["/bin/sh","-c","chmod -R 775 /opt/app/osaaf/local && chown -R 1000:1000 /opt/app/osaaf"]
+ image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: "/opt/app/osaaf/local"
+ name: aaf-hello-vol
+ - name: {{ include "common.name" . }}-config-container
image: {{ .Values.global.repository }}/{{.Values.aaf_init.image}}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command: ["bash","-c","cd /opt/app/aaf_config && bin/agent.sh"]
+# command: ["bash","-c","cd /opt/app/aaf_config && echo Sleeping && sleep 480"]
+# command: ["bash","-c","chown 1000:1000 /opt/app/osaaf && cd /opt/app/aaf_config && sleep 480"]
volumeMounts:
- - mountPath: "/opt/app/osaaf"
+ - mountPath: "/opt/app/osaaf/local"
name: aaf-hello-vol
-# NOTE: Before this, need Liveness Attached to aaf-certman
- command: ["bash","-c","exec /opt/app/aaf_config/bin/agent.sh"]
env:
- name: APP_FQI
value: "{{ .Values.aaf_init.fqi }}"
- name: aaf_locate_url
- value: "https://aaf-locate.{{ .Release.Namespace}}:8095"
+ value: "https://aaf-locate.{{ .Release.Namespace}}:{{.Values.global.aaf.locate.internal_port}}"
- name: aaf_locator_container
value: "oom"
- name: aaf_locator_container_ns
value: "{{ .Release.Namespace }}"
+# This should the APP's FQDN to be put in Locator
+# This MUST match what is entered for AAF Certificate Artifacts
- name: aaf_locator_fqdn
- value: "{{ .Values.aaf_init.fqdn }}"
- - name: aaf_locator_app_ns
- value: "{{ .Values.aaf_init.app_ns }}"
- - name: DEPLOY_FQI
- value: "deployer@people.osaaf.org"
-# Note: We want to put this in Secrets or at LEAST ConfigMaps
- - name: DEPLOY_PASSWORD
- value: "demo123456!"
-# Note: want to put this on Nodes, evenutally
- - name: cadi_longitude
- value: "{{ .Values.aaf_init.cadi_longitude }}"
- - name: cadi_latitude
- value: "{{ .Values.aaf_init.cadi_latitude }}"
+ value: "{{.Values.aaf_init.fqdn}}"
# Hello specific. Clients don't don't need this, unless Registering with AAF Locator
+# This should be the APP's PUBLIC FQDN, if applicable
- name: aaf_locator_public_fqdn
- value: "{{.Values.global.aaf.public_fqdn}}"
+ value: "{{.Values.aaf_init.locator_public_fqdn}}"
+ - name: LATITUDE
+ value: "{{ .Values.aaf_init.cadi_latitude }}"
+ - name: LONGITUDE
+ value: "{{ .Values.aaf_init.cadi_longitude }}"
+# Note: We want to put this in Secrets or at LEAST ConfigMaps
+ - name: "DEPLOY_FQI"
+ value: "deployer@people.osaaf.org"
+# Note: want to put this on Nodes, evenutally
+ - name: "DEPLOY_PASSWORD"
+ value: "demo123456!"
+# CONTAINER Definition
containers:
- name: {{ include "common.name" . }}
command: ["bash","-c","cd /opt/app/aaf && if [ ! -d /opt/app/osaaf/etc ]; then cp -Rf etc logs /opt/app/osaaf; fi && exec bin/hello"]
image: {{ .Values.global.repository }}/{{.Values.service.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- - mountPath: "/opt/app/osaaf"
+ - mountPath: "/opt/app/osaaf/local"
name: aaf-hello-vol
- mountPath: /etc/localtime
name: localtime
# Copyright © 2017 Amdocs, Bell Canada
+# Modifications © 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
flavor: small
+
#################################################################
# Application configuration defaults.
#################################################################
aaf_init:
# You might want this in your own app. For AAF, we store in global
# replicas: 1
- fqdn: "aaf-hello"
- image: onap/aaf/aaf_agent:2.1.15
- app_ns: "org.osaaf.aaf"
+ image: onap/aaf/aaf_agent:2.1.20
fqi: "aaf@aaf.osaaf.org"
+# This MUST match what is put in AAF's "Artifact" for Certificates
fqdn: "aaf-hello"
- public_fqdn: "aaf.osaaf.org"
+# What is put in Locator for External Access
+ locator_public_fqdn: "aaf.osaaf.org"
+ app_ns: "org.osaaf.aaf"
deploy_fqi: "deployer@people.osaaf.org"
cadi_latitude: "38.0"
cadi_longitude: "-72.0"
service:
- image: onap/aaf/aaf_hello:2.1.15
+ image: onap/aaf/aaf_hello:2.1.20
port: "8130"
public_port: "31119"
persistence:
- enabled: true
+ enabled: false
#existingClaim:
# You will want "Reatan" in non-Hello Example.
volumeReclaimPolicy: Delete
release: {{ include "common.release" . }}
spec:
initContainers:
+ - name: fix-permission
+ command:
+ - /bin/sh
+ args:
+ - -c
+ - |
+ chmod -R 775 /opt/app/aaf/status
+ chown -R 1000:1000 /opt/app/aaf/status
+ chmod -R 775 /opt/app/osaaf
+ chown -R 1000:1000 /opt/app/osaaf
+ image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /opt/app/aaf/status
+ name: aaf-status-vol
+ - mountPath: /opt/app/osaaf
+ name: aaf-config-vol
- name: {{ include "common.name" . }}-config-container
image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
# Copyright © 2017 Amdocs, Bell Canada
+# Modifications © 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
flavor: small
#################################################################
# Application configuration defaults.
release: {{ include "common.release" . }}
spec:
initContainers:
+ - name: fix-permission
+ command:
+ - /bin/sh
+ args:
+ - -c
+ - |
+ chmod -R 775 /opt/app/aaf/status
+ chown -R 1000:1000 /opt/app/aaf/status
+ chmod -R 775 /opt/app/osaaf
+ chown -R 1000:1000 /opt/app/osaaf
+ image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /opt/app/aaf/status
+ name: aaf-status-vol
+ - mountPath: /opt/app/osaaf
+ name: aaf-config-vol
- name: {{ include "common.name" . }}-config-container
image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
# Copyright © 2017 Amdocs, Bell Canada
+# Modifications © 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
flavor: small
+
#################################################################
# Application configuration defaults.
#################################################################
release: {{ include "common.release" . }}
spec:
initContainers:
+ - name: fix-permission
+ command:
+ - /bin/sh
+ args:
+ - -c
+ - |
+ chmod -R 775 /opt/app/aaf/status
+ chown -R 1000:1000 /opt/app/aaf/status
+ chmod -R 775 /opt/app/osaaf
+ chown -R 1000:1000 /opt/app/osaaf
+ image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /opt/app/aaf/status
+ name: aaf-status-vol
+ - mountPath: /opt/app/osaaf
+ name: aaf-config-vol
- name: {{ include "common.name" . }}-config-container
image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
# Copyright © 2017 Amdocs, Bell Canada
+# Modifications © 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
flavor: small
+
#################################################################
# Application configuration defaults.
#################################################################
# Copyright 2018 Intel Corporation, Inc
+# Modifications © 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
spec:
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
+{{- if .Values.persistence.enabled }}
+ initContainers:
+ - name: fix-permission
+ command:
+ - /bin/sh
+ args:
+ - -c
+ - |
+ chmod -R 775 /quorumclient/auth
+ chown -R 100:1000 /quorumclient/auth
+ image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /quorumclient/auth
+ name: {{ include "common.fullname" . }}-data
+{{- end }}
containers:
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
name: {{ include "common.name" . }}
# Copyright 2018 Intel Corporation, Inc
+# Modifications © 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# Global configuration defaults.
#################################################################
global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
persistence: {}
#################################################################
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/aaf/smsquorumclient:4.0.0
+image: onap/aaf/smsquorumclient:4.0.2
pullPolicy: Always
# flag to enable debugging - application support required
# Copyright 2018 Intel Corporation, Inc
+# Modifications © 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
+{{- if .Values.persistence.enabled }}
+ initContainers:
+ - name: fix-permission
+ command:
+ - /bin/sh
+ args:
+ - -c
+ - |
+ chmod -R 775 /consul/data
+ chown -R 100:1000 /consul/data
+ image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /consul/data
+ name: {{ include "common.fullname" . }}-data
+{{- end }}
containers:
- image: "{{ include "common.repository" . }}/{{ .Values.image.vault }}"
name: {{ include "common.name" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["vault","server","-config","/vault/config/config.json"]
+ args: ["server"]
ports:
- containerPort: {{ .Values.service.internalPort }}
volumeMounts:
- image: "{{ include "common.repository" . }}/{{ .Values.image.consul }}"
name: {{ include "common.name" . }}-backend
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["consul","agent","-server","-client","0.0.0.0","-bootstrap-expect=1","-config-file","/consul/config/config.json"]
+ args: ["agent","-server","-bind","0.0.0.0","-bootstrap-expect=1","-config-file","/consul/config/config.json"]
ports:
- name: http
containerPort: 8500
# Copyright 2018 Intel Corporation, Inc
+# Modifications © 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# Global configuration defaults.
#################################################################
global:
- nodePortPrefix: 302
persistence: {}
# application image
repository: nexus3.onap.org:10001
image:
- consul: library/consul:1.0.6
- vault: library/vault:0.10.0
+ consul: library/consul:1.7.1
+ vault: library/vault:1.3.3
pullPolicy: Always
# flag to enable debugging - application support required
# Copyright 2018 Intel Corporation, Inc
+# Modifications © 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
release: {{ include "common.release" . }}
spec:
initContainers:
- - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- command:
- - /root/ready.py
- args:
- - --container-name
- - "aaf-sms-vault"
- - --container-name
- - "aaf-sms-vault-backend"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
+ - name: fix-permission
+ command:
+ - /bin/sh
+ args:
+ - -c
+ - |
+ chmod -R 775 /sms/auth
+ chown -R 1000:1000 /sms/auth
+ image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /sms/auth
+ name: {{ include "common.fullname" . }}-auth
+ - name: {{ include "common.name" . }}-readiness
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /root/ready.py
+ args:
+ - --container-name
+ - "aaf-sms-vault"
+ - --container-name
+ - "aaf-sms-vault-backend"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
containers:
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
# Copyright 2018 Intel Corporation, Inc
+# Modifications © 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
persistence: {}
+
flavor: small
#################################################################
# Application configuration defaults.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/aaf/sms:4.0.1
+image: onap/aaf/sms:4.0.2
pullPolicy: Always
# flag to enable debugging - application support required
# Global configuration defaults.
#################################################################
global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- ubuntuInitRepository: oomk8s
- ubuntuInitImage: ubuntu-init:1.0.0
tpm:
enabled: false
# if enabled, nodeselector will use the below
# Copyright © 2017 Amdocs, Bell Canada
+# Modifications © 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#################################################################
global:
nodePortPrefix: 302
+ # Readiness image
readinessRepository: oomk8s
readinessImage: readiness-check:2.0.2
+ # Ubuntu Init image
ubuntuInitRepository: registry.hub.docker.com
ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
+ # Logging image
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+ # BusyBox image
+ busyboxRepository: registry.hub.docker.com
+ busyboxImage: library/busybox:latest
persistence:
enabled: true
# Standard OOM
aaf:
readiness: false
- image: onap/aaf/aaf_core:2.1.15
+ image: onap/aaf/aaf_core:2.1.20
aaf_env: "DEV"
public_fqdn: "aaf.osaaf.org"
aaf_release: "El Alto"
cadi_x509_issuers: "CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US"
config:
- image: onap/aaf/aaf_config:2.1.15
+ image: onap/aaf/aaf_config:2.1.20
cass:
replicas: 1
- image: onap/aaf/aaf_cass:2.1.15
+ image: onap/aaf/aaf_cass:2.1.20
fqdn: "aaf-cass"
cluster_name: "osaaf"
heap_new_size: "512M"
public_port: 31115
hello:
replicas: 0
+# Note: as hello is a sample app, find values in charts/aaf-hello/values.yaml
+
#################################################################
# Application configuration defaults.
mountPath: /dockerdata-nfs
mountSubPath: "cass"
+
resources: {}
-Subproject commit eb70b3f12b30d4d7ea010723707db8c3e2ef2354
+Subproject commit 0c4cd899d53538202c23030ab278984897aede94
--- /dev/null
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+make-contrib: make-contrib-awx make-contrib-netbox make-contrib-core
+
+make-contrib-awx:
+ cd components && helm dep up awx && helm lint awx
+
+make-contrib-netbox:
+ cd components && helm dep up netbox && helm lint netbox
+
+make-contrib-core:
+ helm dep up . && helm lint .
+
+clean:
+ @find . -type f -name '*.tgz' -delete
+ @find . -type f -name '*.lock' -delete
dependencies:
- name: common
version: ~6.x-0
- repository: '@local'
\ No newline at end of file
+ repository: '@local'
+ - name: netbox
+ version: ~6.x-0
+ repository: 'file://components/netbox'
+ condition: netbox.enabled
+ - name: awx
+ version: ~6.x-0
+ repository: 'file://components/awx'
+ condition: awx.enabled
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.12.4
+image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.12.5
default_k8s_location: central
# DCAE component images to be deployed via Cloudify Manager
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.0.2
+image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.0.3
# Resource Limit flavor -By Default using small
flavor: small
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/msb/msb_discovery:1.2.5
+image: onap/msb/msb_discovery:1.2.6
pullPolicy: Always
istioSidecar: true
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/msb/msb_apigateway:1.2.5
+image: onap/msb/msb_apigateway:1.2.6
pullPolicy: Always
istioSidecar: true
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/msb/msb_apigateway:1.2.5
+image: onap/msb/msb_apigateway:1.2.6
pullPolicy: Always
istioSidecar: true
multicloud:
enabled: false
nbi:
- enabled: false
+ enabled: true
config:
# openstack configuration
openStackRegion: "Yolo"
# to customize the ONAP deployment.
#################################################################
aaf:
- enabled: false
+ enabled: true
aai:
enabled: false
appc:
image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["/bin/bash","-c"]
- args: ["nginx && /usr/local/bin/uwsgi -s /run/conductor/uwsgi.sock --chmod-socket=777 --wsgi-file /etc/nginx/conductor.wsgi --callable application --set port=80 --die-on-term --exit-on-reload --logto /opt/conductor-uwsgi.log --pidfile /run/conductor/conductor-uwsgi.pid --enable-threads --workers 6 --master --vacuum --single-interpreter --socket-timeout 10 --max-worker-lifetime 300 --max-requests 100 --no-defer-accept --logfile-chown --logfile-chmod 664 --protocol=uwsgi --socket 0.0.0.0:80"]
+ args: ["nginx && /usr/local/bin/uwsgi -s /run/conductor/uwsgi.sock --chmod-socket=777 --wsgi-file /etc/nginx/conductor.wsgi --callable application --set port=80 --die-on-term --exit-on-reload --logto /var/log/conductor-uwsgi.log --pidfile /run/conductor/conductor-uwsgi.pid --enable-threads --workers 6 --master --vacuum --single-interpreter --socket-timeout 10 --max-worker-lifetime 300 --max-requests 100 --no-defer-accept --logfile-chown --logfile-chmod 664 --protocol=uwsgi --socket 0.0.0.0:80"]
ports:
- containerPort: {{ .Values.liveness.periodSeconds }}
# disable liveness probe when breakpoints set in debugger
class=handlers.TimedRotatingFileHandler
level=NOTSET
formatter=generic
-args=('application.log','midnight', 1, 10)
+args=('/var/log/application.log','midnight', 1, 10)
[handler_audithand]
class=handlers.TimedRotatingFileHandler
level=INFO
formatter=audit
-args=('audit.log', 'midnight', 1, 10)
+args=('/var/log/audit.log', 'midnight', 1, 10)
[handler_metrichand]
class=handlers.TimedRotatingFileHandler
level=INFO
formatter=metric
-args=('metric.log','midnight', 1, 10)
+args=('/var/log/metric.log','midnight', 1, 10)
[handler_errhand]
class=handlers.TimedRotatingFileHandler
level=ERROR
formatter=error
-args=('error.log','midnight', 1, 10)
+args=('/var/log/error.log','midnight', 1, 10)
[handler_debughand]
class=handlers.TimedRotatingFileHandler
level=DEBUG
formatter=generic
-args=('debug.log','midnight', 1, 10)
+args=('/var/log/debug.log','midnight', 1, 10)
[formatters]
keys=generic,audit,metric,error
release: {{ include "common.release" . }}
spec:
initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1 *.conf`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: JDBC_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ - name: JDBC_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: pe
+ - mountPath: /config
+ name: pe-processed
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
- command:
- /root/ready.py
args:
name: pe-brmsgw
subPath: brmsgw.conf
- mountPath: /tmp/policy-install/config/base.conf
- name: pe
+ name: pe-processed
subPath: base.conf
- mountPath: /tmp/policy-install/do-start.sh
name: pe-scripts
configMap:
name: {{ include "common.fullname" . }}-pe-configmap
defaultMode: 0755
+ - name: pe-processed
+ emptyDir:
+ medium: Memory
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
nodePortPrefix: 302
readinessRepository: oomk8s
readinessImage: readiness-check:2.0.2
+ envsubstImage: dibi/envsubst
#################################################################
# Secrets metaconfig
--- /dev/null
+###
+# ============LICENSE_START=======================================================
+# feature-healthcheck
+# ================================================================================
+# Copyright (C) 2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+###
+
+http.server.services=HEALTHCHECK
+http.server.services.HEALTHCHECK.host=0.0.0.0
+http.server.services.HEALTHCHECK.port=6969
+http.server.services.HEALTHCHECK.restClasses=org.onap.policy.drools.healthcheck.RestHealthCheck
+http.server.services.HEALTHCHECK.managed=false
+http.server.services.HEALTHCHECK.swagger=true
+http.server.services.HEALTHCHECK.userName=${envd:HEALTHCHECK_USER}
+http.server.services.HEALTHCHECK.password=${envd:HEALTHCHECK_PASSWORD}
+http.server.services.HEALTHCHECK.https=true
+http.server.services.HEALTHCHECK.aaf=${envd:AAF:false}
+http.server.services.HEALTHCHECK.serialization.provider=org.onap.policy.common.gson.JacksonHandler,org.onap.policy.common.endpoints.http.server.YamlJacksonHandler
+
+http.client.services=PAP
+
+http.client.services.PAP.host={{ .Values.global.pap.nameOverride }}
+http.client.services.PAP.port=9091
+http.client.services.PAP.contextUriPath=pap/test
+http.client.services.PAP.https=true
+http.client.services.PAP.userName=${envd:PAP_LEGACY_USERNAME}
+http.client.services.PAP.password=${envd:PAP_LEGACY_PASSWORD}
+
+http.client.services.PDP.host={{ .Values.global.pdp.nameOverride }}
+http.client.services.PDP.port=8081
+http.client.services.PDP.contextUriPath=pdp/test
+http.client.services.PDP.https=true
+http.client.services.PDP.userName=${envd:PDP_LEGACY_USERNAME}
+http.client.services.PDP.password=${envd:PDP_LEGACY_PASSWORD}
PAP_USERNAME={{.Values.pap.user}}
PAP_PASSWORD={{.Values.pap.password}}
+PAP_LEGACY_USERNAME={{.Values.papl.user}}
+PAP_LEGACY_PASSWORD={{.Values.papl.password}}
+
PDP_USERNAME={{.Values.pdp.user}}
PDP_PASSWORD={{.Values.pdp.password}}
+PDP_LEGACY_USERNAME={{.Values.pdpl.user}}
+PDP_LEGACY_PASSWORD={{.Values.pdpl.password}}
+
AAI_USERNAME={{.Values.aai.user}}
AAI_PASSWORD={{.Values.aai.password}}
user: healthcheck
password: zb!XztG34
+papl:
+ user: testpap
+ password: alpha123
+
+pdpl:
+ user: testpdp
+ password: alpha123
+
aai:
user: policy@policy.onap.org
password: demo123456!
release: {{ include "common.release" . }}
spec:
initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1 *.conf`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: JDBC_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ - name: JDBC_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: pe
+ - mountPath: /config
+ name: pe-processed
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
- command:
- /root/ready.py
args:
name: localtime
readOnly: true
- mountPath: /tmp/policy-install/config/base.conf
- name: pe
+ name: pe-processed
subPath: base.conf
- mountPath: /tmp/policy-install/config/pdp-tweaks.sh
name: pe-pdp
configMap:
name: {{ include "common.fullname" . }}-pe-configmap
defaultMode: 0755
+ - name: pe-processed
+ emptyDir:
+ medium: Memory
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
JDBC_DRIVER=org.mariadb.jdbc.Driver
JDBC_URL=jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/onap_sdk?connectTimeout=30000&socketTimeout=60000&log=true&sessionVariables=max_statement_time=30
JDBC_LOG_URL=jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/log?connectTimeout=30000&socketTimeout=60000&log=true&sessionVariables=max_statement_time=30
-JDBC_USER={{ .Values.global.mariadb.config.userName }}
-JDBC_PASSWORD={{ .Values.global.mariadb.config.userPassword }}
+
+JDBC_USER=${JDBC_USER}
+JDBC_PASSWORD=${JDBC_PASSWORD}
site_name=site_1
fp_monitor_interval=30
release: {{ include "common.release" . }}
spec:
initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1 *.conf`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: JDBC_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ - name: JDBC_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: pe
+ - mountPath: /config
+ name: pe-processed
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
- command:
- /root/ready.py
args:
name: pe-pap
subPath: console.conf
- mountPath: /tmp/policy-install/config/base.conf
- name: pe
+ name: pe-processed
subPath: base.conf
- mountPath: /tmp/policy-install/do-start.sh
name: pe-scripts
configMap:
name: {{ include "common.fullname" . }}-pe-configmap
defaultMode: 0755
+ - name: pe-processed
+ emptyDir:
+ medium: Memory
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
- /dbcmd-config/db.sh
env:
- name: MYSQL_ROOT_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}-secret
- key: db-root-password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-password" "key" "password") | indent 10 }}
- name: MYSQL_HOST
value: "{{ index .Values "mariadb-galera" "service" "name" }}"
- name: MYSQL_USER
- value: "{{ index .Values "mariadb-galera" "config" "userName" }}"
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- name: MYSQL_PORT
value: "{{ index .Values "mariadb-galera" "service" "internalPort" }}"
restartPolicy: Never
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-secret
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
- db-user-password: {{ index .Values "mariadb-galera" "config" "userPassword" | b64enc | quote }}
- db-root-password: {{ index .Values "mariadb-galera" "config" "mariadbRootPassword" | b64enc | quote }}
+{{ include "common.secretFast" . }}
readinessImage: readiness-check:2.0.2
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ envsubstImage: dibi/envsubst
ubuntuImage: ubuntu:16.04
pdp:
nameOverride: pdp
# '&mariadbConfig' means we "store" the values for later use in the file
# with '*mariadbConfig' pointer.
config: &mariadbConfig
- userName: policy_user
- userPassword: policy_user
- mariadbRootPassword: secret
mysqlDatabase: policyadmin
service: &mariadbService
name: policy-mariadb
portName: mysql-policy
internalPort: 3306
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-root-password
+ name: &dbRootPassSecretName '{{ include "common.release" . }}-policy-db-root-password'
+ type: password
+ externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "mariadbRootPasswordExternalSecret")) .) (hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "config" "mariadbRootPasswordExternalSecret"))}}'
+ password: '{{ (index .Values "mariadb-galera" "config" "mariadbRootPassword") }}'
+ policy: generate
+ - uid: db-secret
+ name: &dbSecretName '{{ include "common.release" . }}-policy-db-secret'
+ type: basicAuth
+ externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "policy-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}'
+ login: '{{ index .Values "mariadb-galera" "config" "userName" }}'
+ password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}'
+ passwordPolicy: generate
+
#################################################################
# Application configuration defaults.
#################################################################
subChartsOnly:
enabled: true
+db: &dbSecretsHook
+ credsExternalSecret: *dbSecretName
+
pap:
nameOverride: pap
+ db: *dbSecretsHook
pdp:
nameOverride: pdp
+ db: *dbSecretsHook
drools:
nameOverride: drools
-brmwgw:
+ db: *dbSecretsHook
+brmsgw:
nameOverride: brmsgw
+ db: *dbSecretsHook
+policy-api:
+ db: *dbSecretsHook
+policy-xacml-pdp:
+ db: *dbSecretsHook
+
nexus:
nameOverride: nexus
mariadb-galera:
# mariadb-galera.config and global.mariadb.config must be equals
- config: *mariadbConfig
+ config:
+ <<: *mariadbConfig
+ userName: policy_user
+ mariadbRootPasswordExternalSecret: *dbRootPassSecretName
+ userCredentialsExternalSecret: *dbSecretName
nameOverride: policy-mariadb
# mariadb-galera.service and global.mariadb.service must be equals
service: *mariadbService
# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright © 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#External system notification URL
external_system_notification_url= https://jira.onap.org/browse/
+#cookie domain
+cookie_domain = onap.org
+
+{{- if .Values.global.aafEnabled }}
# External Access System Basic Auth Credentials & Rest endpoint(These credentials doesn't work as these are place holders for now)
ext_central_access_user_name = aaf_admin@people.osaaf.org
-ext_central_access_password = VTCIC7wfMI0Zy61wkqKQC0bF0EK2YmL2JLl1fQU2YC4=
-ext_central_access_url = https://aaf-service:8100/authz/
+ext_central_access_password = thiswillbereplacedatruntime
+ext_central_access_url = {{ .Values.aafURL }}/authz/
ext_central_access_user_domain = @people.osaaf.org
# External Central Auth system access
remote_centralized_system_access = true
-
-#cookie domain
-cookie_domain = onap.org
+{{- end }}
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-
+
Modifications to this file for use in ONAP are also subject to the Apache-2.0 license.
-->
<!-- Note: A "Server" is not itself a "Container", so you may not
Documentation at /docs/config/server.html
-->
<Server port="8005" shutdown="SHUTDOWN">
- <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
+ <Listener className="org.apache.catalina.startup.VersionLoggerListener" logArgs="false"/>
<!-- Security listener. Documentation at /docs/config/listeners.html
<Listener className="org.apache.catalina.security.SecurityListener" />
-->
-->
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
- redirectPort="8443" />
+ {{ if .Values.global.aafEnabled }}
+ redirectPort="8443"
+ {{ end }}
+ />
<!-- A "Connector" using the shared thread pool-->
<!--
<Connector executor="tomcatThreadPool"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->
-
- <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
+ {{ if .Values.global.aafEnabled }}
+ <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
- keystoreFile="{{.Values.global.keystoreFile}}" keystorePass="{{.Values.global.keypass}}"
+ keystoreFile="{{.Values.aafConfig.credsPath}}/{{.Values.aafConfig.keystoreFile}}"
+ keystorePass="${javax.net.ssl.keyStorePassword}"
clientAuth="false" sslProtocol="TLS" />
-
+ {{ end }}
<!-- Define an AJP 1.3 Connector on port 8009 -->
- <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
+ <Connector port="8009" protocol="AJP/1.3"
+ {{ if .Values.global.aafEnabled }}
+ redirectPort="8443"
+ {{ end }}
+ />
<!-- An Engine represents the entry point (within Catalina) that processes
# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
data:
{{ tpl (.Files.Glob "resources/config/deliveries/properties/ONAPPORTAL/*").AsConfig . | indent 2 }}
{{ tpl (.Files.Glob "resources/server/*").AsConfig . | indent 2 }}
+
+{{ if .Values.global.aafEnabled }}
+{{- if .Values.aafConfig.addconfig -}}
+---
+apiVersion: v1
+kind: ConfigMap
+{{- $suffix := "aaf-add-config" }}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }}
+data:
+ aaf-add-config.sh: |-
+ /opt/app/aaf_config/bin/agent.sh;/opt/app/aaf_config/bin/agent.sh local showpass \
+ {{.Values.aafConfig.fqi}} {{ .Values.aafConfig.fqdn }} > {{ .Values.aafConfig.credsPath }}/mycreds.prop
+{{- end -}}
+{{- end -}}
# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ {{- if .Values.global.aafEnabled }}
+{{ include "common.aaf-config" . | indent 6 }}
+ {{- end }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /start-apache-tomcat.sh
- - -i
- - ""
- - -n
- - ""
- - -b
- - "{{ .Values.global.env.tomcatDir }}"
+ command: ["bash","-c"]
+ {{- if .Values.global.aafEnabled }}
+ args: ["export $(grep '^c' {{ .Values.aafConfig.credsPath }}/mycreds.prop | xargs -0);\
+ export _JAVA_OPTIONS=\"-Djavax.net.ssl.trustStorePassword=$cadi_truststore_password \
+ -Djavax.net.ssl.keyStorePassword=$cadi_keystore_password_p12\";\
+ /start-apache-tomcat.sh -i \"\" -n \"\" -b {{ .Values.global.env.tomcatDir }}"]
env:
- - name: CATALINA_OPTS
+ - name: _CATALINA_OPTS
value: >
- -Djavax.net.ssl.keyStore={{ .Values.global.env.tomcatDir }}/{{ .Values.global.truststoreFile}}
- -Djavax.net.ssl.keyStorePassword={{ .Values.global.trustpass }}
- -Djavax.net.ssl.trustStore={{ .Values.global.env.tomcatDir }}/{{ .Values.global.truststoreFile}}
- -Djavax.net.ssl.trustStorePassword={{ .Values.global.trustpass }}
- - name: javax.net.ssl.keyStore
- value: {{ .Values.global.env.tomcatDir }}/{{ .Values.global.truststoreFile}}
- - name: javax.net.ssl.keyStorePassword
- value: {{ .Values.global.trustpass }}
- - name: javax.net.ssl.trustStore
- value: {{ .Values.global.env.tomcatDir }}/{{ .Values.global.truststoreFile}}
- - name: javax.net.ssl.trustStorePassword
- value: {{ .Values.global.trustpass }}
+ -Djavax.net.ssl.keyStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.keystoreFile }}"
+ -Djavax.net.ssl.trustStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.truststoreFile }}"
+ {{- else }}
+ args: ["/start-apache-tomcat.sh -i "" -n "" -b {{ .Values.global.env.tomcatDir }}"]
+ {{- end }}
ports:
- containerPort: {{ .Values.service.internalPort }}
- containerPort: {{ .Values.service.internalPort2 }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
+ {{- if .Values.global.aafEnabled }}
+{{ include "common.aaf-config-volume-mountpath" . | indent 8 }}
+ {{- end }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
- name: properties-onapportal
mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/web.xml"
subPath: web.xml
- - name: authz-onapportal
- mountPath: "{{ .Values.global.env.tomcatDir }}/{{ .Values.global.keystoreFile}}"
- subPath: {{ .Values.global.keystoreFile}}
- - name: authz-onapportal
- mountPath: "{{ .Values.global.env.tomcatDir }}/{{ .Values.global.truststoreFile}}"
- subPath: {{ .Values.global.truststoreFile}}
- name: var-log-onap
mountPath: /var/log/onap
resources:
-{{ include "common.resources" . | indent 12 }}
+{{ include "common.resources" . }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
- name: var-log-onap
mountPath: /var/log/onap
volumes:
+ {{- if .Values.global.aafEnabled }}
+{{ include "common.aaf-config-volumes" . | indent 8 }}
+ {{- end }}
- name: localtime
hostPath:
path: /etc/localtime
configMap:
name: {{ include "common.fullname" . }}-onapportal
defaultMode: 0755
- - name: authz-onapportal
- secret:
- secretName: {{ include "common.fullname" . }}-authz-onapportal
- name: filebeat-conf
configMap:
name: portal-filebeat
# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright © 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-authz-onapportal
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }}
+{{ include "common.secretFast" . }}
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2018,2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
readinessImage: readiness-check:2.0.0
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ #AAF service
+ aafEnabled: true
+ aafAgentImage: onap/aaf/aaf_agent:2.1.20
#################################################################
# Application configuration defaults.
#################################################################
+
# application image
repository: nexus3.onap.org:10001
image: onap/portal-app:2.6.0
pullPolicy: Always
+#AAF local config
+
+aafURL: https://aaf-service:8100/
+aafConfig:
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: portal
+ fqi: portal@portal.onap.org
+ publicFqdn: portal.onap.org
+ cadi_latitude: "38.0"
+ cadi_longitude: "-72.0"
+ credsPath: /opt/app/osaaf/local
+ app_ns: org.osaaf.aaf
+ permission_user: 1000
+ permission_group: 999
+ addconfig: true
+ secret_uid: &aaf_secret_uid portal-app-aaf-deploy-creds
+ keystoreFile: "org.onap.portal.p12"
+ truststoreFile: "org.onap.portal.trust.jks"
+
+secrets:
+ - uid: *aaf_secret_uid
+ type: basicAuth
+ externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDiabled" .Values.global.aafEnabled }}'
+ login: '{{ .Values.aafConfig.aafDeployFqi }}'
+ password: '{{ .Values.aafConfig.aafDeployPass }}'
+ passwordPolicy: required
+
# default number of instances
replicaCount: 1
{{ if .Values.global.aafEnabled }}
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
- keystoreFile="{{.Values.persistence.aafCredsPath}}/{{.Values.aafConfig.keystoreFile}}"
+ keystoreFile="{{.Values.aafConfig.credsPath}}/{{.Values.aafConfig.keystoreFile}}"
keystorePass="${javax.net.ssl.keyStorePassword}"
clientAuth="false" sslProtocol="TLS" />
{{ end }}
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2018, 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/deliveries/properties/ONAPPORTALSDK/*").AsConfig . | indent 2 }}
-{{ tpl (.Files.Glob "resources/server/*").AsConfig . | indent 2 }}
\ No newline at end of file
+{{ tpl (.Files.Glob "resources/server/*").AsConfig . | indent 2 }}
+
+{{ if .Values.global.aafEnabled }}
+{{- if .Values.aafConfig.addconfig -}}
+---
+apiVersion: v1
+kind: ConfigMap
+{{- $suffix := "aaf-add-config" }}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }}
+data:
+ aaf-add-config.sh: |-
+ /opt/app/aaf_config/bin/agent.sh;/opt/app/aaf_config/bin/agent.sh local showpass \
+ {{.Values.aafConfig.fqi}} {{ .Values.aafConfig.fqdn }} > {{ .Values.aafConfig.credsPath }}/mycreds.prop
+{{- end -}}
+{{- end -}}
\ No newline at end of file
apiVersion: v1
fieldPath: metadata.namespace
{{- if .Values.global.aafEnabled }}
- - name: {{ include "common.name" . }}-aaf-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /root/ready.py
- args:
- - --container-name
- - aaf-locate
- - --container-name
- - aaf-cm
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- - name: {{ include "common.name" . }}-aaf-config
- image: "{{ include "common.repository" . }}/{{ .Values.global.aafAgentImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["bash","-c"]
- args: ["/opt/app/aaf_config/bin/agent.sh;/opt/app/aaf_config/bin/agent.sh local showpass \
- {{.Values.aafConfig.fqi}} {{ .Values.aafConfig.fqdn }} > {{ .Values.persistence.aafCredsPath }}/mycreds.prop"]
- volumeMounts:
- - mountPath: {{ .Values.persistence.aafCredsPath }}
- name: {{ include "common.fullname" . }}-aaf-config-vol
- env:
- - name: APP_FQI
- value: "{{ .Values.aafConfig.fqi }}"
- - name: aaf_locate_url
- value: "https://aaf-locate.{{ .Release.Namespace }}:8095"
- - name: aaf_locator_container
- value: "{{ .Values.global.aafLocatorContainer }}"
- - name: aaf_locator_container_ns
- value: "{{ .Release.Namespace }}"
- - name: aaf_locator_fqdn
- value: "{{ .Values.aafConfig.fqdn }}"
- - name: aaf_locator_public_fqdn
- value: "{{.Values.aafConfig.publicFqdn}}"
- - name: aaf_locator_app_ns
- value: "{{ .Values.global.aafAppNs }}"
- - name: DEPLOY_FQI
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aaf-deploy-creds" "key" "login") | indent 12 }}
- - name: DEPLOY_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aaf-deploy-creds" "key" "password") | indent 12 }}
- - name: cadi_longitude
- value: "{{ .Values.aafConfig.cadiLongitude }}"
- - name: cadi_latitude
- value: "{{ .Values.aafConfig.cadiLatitude }}"
- {{ end }}
+{{ include "common.aaf-config" . | indent 6 }}
+ {{- end }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["bash","-c"]
{{- if .Values.global.aafEnabled }}
- args: ["export $(grep '^c' {{ .Values.persistence.aafCredsPath }}/mycreds.prop | xargs -0);\
+ args: ["export $(grep '^c' {{ .Values.aafConfig.credsPath }}/mycreds.prop | xargs -0);\
export _JAVA_OPTIONS=\"-Djavax.net.ssl.trustStorePassword=$cadi_truststore_password \
-Djavax.net.ssl.keyStorePassword=$cadi_keystore_password_p12\";\
- cat /dev/null > {{ .Values.persistence.aafCredsPath }}/mycreds.prop;\
/start-apache-tomcat.sh -b {{ .Values.global.env.tomcatDir }}"]
env:
- name: _CATALINA_OPTS
value: >
- -Djavax.net.ssl.keyStore="{{ .Values.persistence.aafCredsPath }}/{{ .Values.aafConfig.keystoreFile }}"
- -Djavax.net.ssl.trustStore="{{ .Values.persistence.aafCredsPath }}/{{ .Values.aafConfig.truststoreFile }}"
+ -Djavax.net.ssl.keyStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.keystoreFile }}"
+ -Djavax.net.ssl.trustStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.truststoreFile }}"
{{- else }}
args: ["/start-apache-tomcat.sh -b {{ .Values.global.env.tomcatDir }}"]
{{- end }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
{{- if .Values.global.aafEnabled }}
- - mountPath: {{ .Values.persistence.aafCredsPath }}
- name: {{ include "common.fullname" . }}-aaf-config-vol
+{{ include "common.aaf-config-volume-mountpath" . | indent 8 }}
{{- end }}
- name: properties-onapportalsdk
mountPath: "{{ .Values.global.env.tomcatDir }}/conf/server.xml"
- name: var-log-onap
mountPath: /var/log/onap
resources:
-{{ include "common.resources" . | indent 12 }}
+{{ include "common.resources" . }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
- name: portal-tomcat-logs
emptyDir: {}
{{- if .Values.global.aafEnabled }}
- - name: {{ include "common.fullname" . }}-aaf-config-vol
- emptyDir:
- medium: Memory
+{{ include "common.aaf-config-volumes" . | indent 8 }}
{{- end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
persistence: {}
- #AAF global config overrides
+ #AAF service
aafEnabled: true
- aafAgentImage: onap/aaf/aaf_agent:2.1.15
- aafAppNs: org.osaaf.aaf
- aafLocatorContainer: oom
+ aafAgentImage: onap/aaf/aaf_agent:2.1.20
+
#################################################################
# Application configuration defaults.
#################################################################
-secrets:
- - uid: aaf-deploy-creds
- type: basicAuth
- externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDiabled" .Values.global.aafEnabled }}'
- login: '{{ .Values.aafConfig.aafDeployFqi }}'
- password: '{{ .Values.aafConfig.aafDeployPass }}'
- passwordPolicy: required
-
-## Persist cert data to a memory volume
-persistence:
- aafCredsPath: /opt/app/osaaf/local
# application image
repository: nexus3.onap.org:10001
image: onap/portal-sdk:2.6.0
pullPolicy: Always
-#AAF service
-aafURL: https://aaf-service:8100/
-aafLocateUrl: https://aaf-locate:8095
-
#AAF local config
+aafURL: https://aaf-service:8100/
aafConfig:
aafDeployFqi: deployer@people.osaaf.org
aafDeployPass: demo123456!
fqdn: portal
fqi: portal@portal.onap.org
publicFqdn: portal.onap.org
- cadiLatitude: 0.0
- cadiLongitude: 0.0
+ cadi_latitude: "38.0"
+ cadi_longitude: "-72.0"
+ credsPath: /opt/app/osaaf/local
+ app_ns: org.osaaf.aaf
+ permission_user: 1000
+ permission_group: 999
+ addconfig: true
+ secret_uid: &aaf_secret_uid portal-sdk-aaf-deploy-creds
keystoreFile: "org.onap.portal.p12"
truststoreFile: "org.onap.portal.trust.jks"
+secrets:
+ - uid: *aaf_secret_uid
+ type: basicAuth
+ externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDiabled" .Values.global.aafEnabled }}'
+ login: '{{ .Values.aafConfig.aafDeployFqi }}'
+ password: '{{ .Values.aafConfig.aafDeployPass }}'
+ passwordPolicy: required
+
# flag to enable debugging - application support required
debugEnabled: false
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2018, 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
portalFEPort: "30225"
# application's front end hostname. Must be resolvable on the client side environment
portalHostName: "portal.api.simpledemo.onap.org"
- keystoreFile: "keystoreONAPPortal.p12"
- truststoreFile: "truststoreONAPall.jks"
- keypass: ",@{9!OOv%HO@#c+0Z}axu!xV"
- trustpass: "changeit"
-
config:
logstashServiceName: log-ls
logstashPort: 5044
-
portal-mariadb:
nameOverride: portal-db
-
mariadb:
service:
name: portal-db
zookeeper:
service:
name: portal-zookeeper
-
messageRouter:
service:
name: message-router
-
ingress:
enabled: false
\ No newline at end of file
-Subproject commit 7f37c3cd610edd911a8b68e2118212d9ec8149d6
+Subproject commit a995fce78ae63d33a0c48d825001ed7faea3b18f
pollTimeout: 7500
pollInterval: 15
mso:
+ adapters:
+ requestDb:
+ endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.db.auth )}}
auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.encrypted "value2" .Values.mso.auth )}}
logPath: ./logs/openstack
msb-ip: msb-iag.{{ include "common.namespace" . }}
etsi-catalog-manager:
vnfpkgm:
{{- if .Values.global.msbEnabled }}
- endpoint: http://msb-iag.{{ include "common.namespace" . }}:80/api/vnfpkgm/v1
+ endpoint: https://msb-iag.{{ include "common.namespace" . }}:443/api/vnfpkgm/v1
+ http:
+ client:
+ ssl:
+ trust-store: ${TRUSTSTORE}
+ trust-store-password: ${TRUSTSTORE_PASSWORD}
{{- else }}
endpoint: http://modeling-etsicatalog.{{ include "common.namespace" . }}:8806/api/vnfpkgm/v1
{{- end }}
-
Code Review / oom.git / commitdiff