---
apiVersion: v1
kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-filebeat
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/log/filebeat/log4j/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-logging-cfg
namespace: {{ include "common.namespace" . }}
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/log/*").AsConfig . | indent 2 }}
+
+{{ include "common.log.configMap" . }}
subPath: installSdncDb.sh
- mountPath: {{ .Values.persistence.mdsalPath }}
name: {{ include "common.fullname" . }}-data
- - mountPath: /var/log/onap
+ - mountPath: {{ .Values.log.path }}
name: logs
- mountPath: /opt/onap/appc/data/org.ops4j.pax.logging.cfg
name: log-config
{{- end }}
# side car containers
- - name: filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /usr/share/filebeat/filebeat.yml
- name: filebeat-conf
- subPath: filebeat.yml
- - mountPath: /var/log/onap
- name: logs
- - mountPath: /usr/share/filebeat/data
- name: data-filebeat
+ {{ include "common.log.sidecar" . | nindent 8 }}
volumes:
- name: keyfile-certs
secret:
- name: localtime
hostPath:
path: /etc/localtime
- - name: filebeat-conf
- configMap:
- name: {{ include "common.fullname" . }}-filebeat
- name: log-config
configMap:
name: {{ include "common.fullname" . }}-logging-cfg
- name: logs
emptyDir: {}
- - name: data-filebeat
- emptyDir: {}
+ {{ include "common.log.volumes" . | nindent 8 }}
- name: onap-appc-data-properties-input
configMap:
name: {{ include "common.fullname" . }}-onap-appc-data-properties
nodePortPrefix: 302
readinessRepository: oomk8s
readinessImage: readiness-check:2.0.0
+ centralizedLoggingEnabled: false
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
# envsusbt
# flag to enable debugging - application support required
debugEnabled: false
+# log configuration
+log:
+ path: /var/log/onap
+
# application configuration
config:
# dbRootPassExternalSecret: some secret
--- /dev/null
+{{/*
+# Copyright © 2020 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- define "common.log.sidecar" -}}
+{{- if .Values.global.centralizedLoggingEnabled }}
+- name: {{ include "common.name" . }}-filebeat
+ image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: logs
+ mountPath: {{ .Values.log.path }}
+ - name: filebeat-data
+ mountPath: /usr/share/filebeat/data
+{{- end -}}
+{{- end -}}
+
+{{- define "common.log.volumes" -}}
+{{- if .Values.global.centralizedLoggingEnabled }}
+- name: filebeat-conf
+ configMap:
+ name: {{ include "common.fullname" . }}-filebeat
+- name: filebeat-data
+ emptyDir: {}
+{{- end -}}
+{{- end -}}
+
+{{- define "common.log.configMap" -}}
+{{- if .Values.global.centralizedLoggingEnabled }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata: {{- include "common.resourceMetadata" (dict "dot" . "suffix" "filebeat") | nindent 2 }}
+data:
+{{ tpl (.Files.Glob "resources/config/log/filebeat/*").AsConfig . | indent 2 }}
+{{- end }}
+{{- end -}}
+
enabled: true
esr:
enabled: true
-sniro-emulator:
- enabled: true
oof:
enabled: true
msb:
enabled: true
policy:
enabled: true
-pomba:
- enabled: true
portal:
enabled: true
robot:
###################################################################
global:
addTestingComponents: &testing true
+ centralizedLoggingEnabled: ¢ralizedLogging false
cassandra:
enabled: true
mariadb-galera:
enabled: true
esr:
enabled: true
-sniro-emulator:
- enabled: true
oof:
enabled: true
msb:
enabled: true
policy:
enabled: true
-pomba:
- enabled: true
portal:
enabled: true
robot:
# if set this element will force or not tls even if serviceMesh.tls is set.
# tlsEnabled: false
+ # Logging
+ # Currently, centralized logging is not in best shape so it's disabled by
+ # default
+ centralizedLoggingEnabled: ¢ralizedLogging false
+
# Example of specific for the components where you want to disable TLS only for
# it:
enabled: false
esr:
enabled: false
+# Today, "logging" chart that perform the central part of logging must also be
+# enabled in order to make it work. So `logging.enabled` must have the same
+# value than centralizedLoggingEnabled
log:
- enabled: false
+ enabled: *centralizedLogging
sniro-emulator:
enabled: false
oof:
"restServerParameters":{
"host":"0.0.0.0",
"port":6969,
- "userName":"healthcheck",
- "password":"zb!XztG34",
+ "userName":"${RESTSERVER_USER}",
+ "password":"${RESTSERVER_PASSWORD}",
"https": true,
"aaf": false
},
- "export SQL_PASSWORD_BASE64=`echo -n ${SQL_PASSWORD} | base64`; cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
env:
- name: SQL_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 12 }}
- name: SQL_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "password") | indent 12 }}
+ - name: RESTSERVER_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 12 }}
+ - name: RESTSERVER_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "password") | indent 12 }}
volumeMounts:
- mountPath: /config-input
name: apiconfig
# Secrets metaconfig
#################################################################
secrets:
- - uid: db-secret
+ - uid: db-creds
type: basicAuth
externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
login: '{{ .Values.db.user }}'
password: '{{ .Values.db.password }}'
passwordPolicy: required
+ - uid: restserver-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}'
+ login: '{{ .Values.restServer.user }}'
+ password: '{{ .Values.restServer.password }}'
+ passwordPolicy: required
#################################################################
# Application configuration defaults.
db:
user: policy_user
password: policy_user
+restServer:
+ user: healthcheck
+ password: zb!XztG34
# default number of instances
replicaCount: 1