# Modifications Copyright © 2018 ZTE
# Modifications Copyright © 2021 Orange
# Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2025 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: v2
description: Service Design and Creation Umbrella Helm charts
name: sdc
-version: 13.0.5
+version: 13.0.6
dependencies:
- name: common
# Modifications Copyright © 2018 AT&T, ZTE
# Modifications Copyright © 2021 Orange
# Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2025 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: v2
description: ONAP Service Design and Creation Backend API
name: sdc-be
-version: 13.0.4
+version: 13.0.5
dependencies:
- name: common
repository: '@local'
- name: serviceAccount
version: ~13.x-0
- repository: '@local'
\ No newline at end of file
+ repository: '@local'
+ - name: readinessCheck
+ version: ~13.x-0
+ repository: '@local'
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- - name: {{ include "common.name" . }}-readiness
- command:
- - /app/ready.py
- args:
- - --service-name
- - sdc-onboarding-be
- {{- if not .Values.global.kafka.useKafka }}
- - --service-name
- - message-router
- {{- end }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- resources:
- limits:
- cpu: "100m"
- memory: "500Mi"
- requests:
- cpu: "3m"
- memory: "20Mi"
- - name: {{ include "common.name" . }}-job-completion
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
- command:
- - /app/ready.py
- args:
- - --job-name
- - {{ include "common.release" . }}-sdc-onboarding-be
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- resources:
- limits:
- cpu: "100m"
- memory: "500Mi"
- requests:
- cpu: "3m"
- memory: "20Mi"
+ {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_service) | nindent 8 }}
+ - name: {{ include "common.name" . }}-copy-jetty
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command: ["/bin/sh","-c"]
+ args: ['cp -a /app/jetty/ /app/jetty_rw/; mkdir /app/jetty_rw/jetty/ruby_temp']
+ resources:
+ limits:
+ cpu: 400m
+ memory: 400Mi
+ requests:
+ cpu: 30m
+ memory: 200Mi
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-jetty
+ mountPath: /app/jetty_rw
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports: {{ include "common.containerPorts" . | nindent 12 }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
{{ if eq .Values.liveness.enabled true }}
livenessProbe:
httpGet:
- path: /sdc2/rest/healthCheck
+ path: {{ .Values.liveness.path }}
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end }}
readinessProbe:
httpGet:
- path: /sdc2/rest/healthCheck
+ path: {{ .Values.readiness.path }}
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
failureThreshold: {{ .Values.readiness.failureThreshold }}
startupProbe:
httpGet:
- path: /sdc2/rest/healthCheck
+ path: {{ .Values.startup.path }}
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.startup.initialDelaySeconds }}
periodSeconds: {{ .Values.startup.periodSeconds }}
failureThreshold: {{ .Values.startup.failureThreshold }}
resources: {{ include "common.resources" . | nindent 12 }}
env:
+ - name: TMPDIR
+ value: '/app/jetty/ruby_temp'
- name: JAVA_OPTIONS
value: {{ .Values.config.javaOptions }}
- name: cassandra_ssl_enabled
value: {{ .Values.global.kafka.useKafka | quote }}
{{- end }}
volumeMounts:
- - name: logs
+ - name: {{ include "common.fullname" . }}-jetty
+ mountPath: /app/jetty
+ subPath: jetty
+ - name: {{ include "common.fullname" . }}-logs
mountPath: /var/log/onap
+ - name: {{ include "common.fullname" . }}-tmp
+ mountPath: /tmp
- name: logback
mountPath: /tmp/logback.xml
subPath: logback.xml
# side car containers
{{ include "common.log.sidecar" . | nindent 8 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
volumes:
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
- name: logback
configMap:
name : {{ include "common.fullname" . }}-logging-configmap
- - name: logs
- emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.logSizeLimit }}
+ - name: {{ include "common.fullname" . }}-tmp
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.tmpSizeLimit }}
+ - name: {{ include "common.fullname" . }}-jetty
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.jettySizeLimit }}
- name: http-config
configMap:
name: {{ include "common.release" . }}-sdc-http-be-configmap
{{/*
# Copyright © 2017 Amdocs, AT&T, Bell Canada
# Modifications Copyright © 2018 ZTE
+# Modifications Copyright © 2025 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
app.kubernetes.io/managed-by: {{ .Release.Service }}
spec:
restartPolicy: Never
+ securityContext:
+ {{- toYaml .Values.jobPodSecurityContext | nindent 8 }}
initContainers:
- - name: {{ include "common.name" . }}-init-readiness
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /app/ready.py
- args:
- - --service-name
- - sdc-be
- - "-t"
- - "35"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- resources:
- limits:
- cpu: "100m"
- memory: "500Mi"
- requests:
- cpu: "3m"
- memory: "20Mi"
+ {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.job_wait_for) | nindent 8 }}
containers:
- name: {{ include "common.name" . }}-job
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.backendInitImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
command:
- /bin/sh
- -c
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
mountPath: /home/onap/chef-solo/environments/
- - name: sdc-logs
+ - name: {{ include "common.fullname" . }}-logs
mountPath: /home/onap/logs
+ - name: {{ include "common.fullname" . }}-tmp
+ mountPath: /tmp
+ - name: {{ include "common.fullname" . }}-var-tmp
+ mountPath: /var/tmp
env:
+ - name: TMPDIR
+ value: '/home/onap/chef-solo/ruby_temp'
- name: ENVNAME
value: {{ .Values.env.name }}
- name: HOST_IP
- name: BASIC_AUTH_PASS
value: {{ .Values.basicAuth.userPass }}
resources:
- limits:
- cpu: "800m"
- memory: "1Gi"
- requests:
- cpu: "200m"
- memory: "200Mi"
+ {{- toYaml .Values.resources_initContainer | nindent 12 }}
{{ include "common.waitForJobContainer" . | indent 6 | trim }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
configMap:
name: {{ include "common.release" . }}-sdc-environments-configmap
defaultMode: 0755
- - name: sdc-logs
- emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.logSizeLimit }}
+ - name: {{ include "common.fullname" . }}-tmp
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.tmpSizeLimit }}
+ - name: {{ include "common.fullname" . }}-var-tmp
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.varTmpSizeLimit }}
{{- include "common.imagePullSecrets" . | nindent 6 }}
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T, ZTE
# Modifications Copyright © 2022 Nordix Foundation
+# Modifications Copyright © 2025 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# probe configuration parameters
liveness:
+ path: /sdc2/rest/healthCheck
initialDelaySeconds: 1
periodSeconds: 10
timeoutSeconds: 180
enabled: true
readiness:
+ path: /sdc2/rest/healthCheck
initialDelaySeconds: 1
periodSeconds: 10
timeoutSeconds: 180
failureThreshold: 3
startup:
+ path: /sdc2/rest/healthCheck
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 180
port: 8080
port_protocol: http
nodePort: '04'
- annotations:
- msb.onap.org/service-info: |
- {{ if .Values.global.msbEnabled -}}[
- {
- "serviceName": "sdc-be",
- "version": "v1",
- "url": "/sdc/v1",
- "path":"/sdc/v1",
- "protocol": "REST",
- "visualRange":"1",
- "port": "{{ .Values.service.internalPort }}",
- }
- ]{{ end }}
ingress:
enabled: false
serviceMesh:
authorizationPolicy:
authorizedPrincipals:
- - serviceAccount: consul-read
- - serviceAccount: consul-server-read
- - serviceAccount: modeling-etsicatalog-read
- serviceAccount: nbi-read
- - serviceAccount: oof-has-read
- - serviceAccount: portal-db-read
- serviceAccount: so-cnfm-lcm-read
- serviceAccount: so-etsi-sol003-adapter-read
- serviceAccount: so-read
roles:
- read
+readinessCheck:
+ wait_for_service:
+ name: "services"
+ services:
+ - sdc-onboarding-be
+ job_wait_for:
+ services:
+ - sdc-be
+
wait_for_job_container:
containers:
- '{{ include "common.name" . }}-job'
path: /var/log/onap
logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
+securityContext:
+ user_id: 1000
+ group_id: 101
+
+jobPodSecurityContext:
+ fsGroup: 101
+ runAsGroup: 101
+ runAsNonRoot: true
+ runAsUser: 101
+ seccompProfile:
+ type: RuntimeDefault
+
+volumes:
+ logSizeLimit: 300Mi
+ jettySizeLimit: 400Mi
+ tmpSizeLimit: 500Mi
+ varTmpSizeLimit: 100Mi
+
+resources_initContainer:
+ limits:
+ cpu: "2000m"
+ memory: "2Gi"
+ requests:
+ cpu: "1000m"
+ memory: "600Mi"
+
#######
#######
pairEnvName: ""
-
cassandra:
hostname: cassandra-dc1-service.onap
port: 9042
# Modifications Copyright © 2018 AT&T, ZTE
# Modifications Copyright © 2021 Orange
# Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2025 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: v2
description: ONAP Service Design and Creation Cassandra
name: sdc-cs
-version: 13.0.3
+version: 13.0.4
dependencies:
- name: common
# be published independently to a repo (at this point)
repository: '@local'
condition: global.sdc_cassandra.localCluster
+ - name: readinessCheck
+ version: ~13.x-0
+ repository: '@local'
{{/*
# Copyright © 2017 Amdocs, AT&T, Bell Canada
# Modifications Copyright © 2018 ZTE
+# Modifications Copyright © 2025 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
release: {{ include "common.release" . }}
spec:
restartPolicy: Never
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
initContainers:
- - name: {{ include "common.name" . }}-init-readiness
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /app/ready.py
- args:
- - --service-name
- - {{ .Values.global.sdc_cassandra.serviceName }}
- - "-t"
- - "15"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- resources:
- limits:
- cpu: "100m"
- memory: "500Mi"
- requests:
- cpu: "3m"
- memory: "20Mi"
+ {{ include "common.readinessCheck.waitFor" . | nindent 8 }}
containers:
- name: {{ include "common.name" . }}-job
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.cassandraInitImage }}
valueFrom:
fieldRef:
fieldPath: status.podIP
- resources:
- limits:
- cpu: "800m"
- memory: "1Gi"
- requests:
- cpu: "200m"
- memory: "300Mi"
+ {{ if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: {{ .Values.service.jobPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
+ successThreshold: {{ .Values.liveness.successThreshold }}
+ failureThreshold: {{ .Values.liveness.failureThreshold }}
+ {{ end }}
+ readinessProbe:
+ httpGet:
+ path: /healthz
+ port: {{ .Values.service.jobPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
+ successThreshold: {{ .Values.readiness.successThreshold }}
+ failureThreshold: {{ .Values.readiness.failureThreshold }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
+ resources: {{ include "common.resources" . | nindent 12 }}
{{ include "common.waitForJobContainer" . | indent 6 | trim }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
portName: sdc-cs
externalPort: 9042
internalPort: 9042
-
+ jobPort: 8080
## Persist data to a persitent volume
persistence:
containers:
- '{{ include "common.name" . }}-job'
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 1200m
+ memory: 2Gi
+ requests:
+ cpu: 300m
+ memory: 500Mi
+ large:
+ limits:
+ cpu: 1600m
+ memory: "2Gi"
+ requests:
+ cpu: 400m
+ memory: 600Mi
+ unlimited: {}
+
+securityContext:
+ user_id: 1000
+ group_id: 1000
+
volumes:
importConfTmpSizeLimit: 100Mi
writableScriptsSizeLimit: 1.2Gi
cassandraConfigSizeLimit: 100Mi
+
+resources_initContainer:
+ limits:
+ cpu: "100m"
+ memory: "500Mi"
+ requests:
+ cpu: "3m"
+ memory: "20Mi"
+
+readinessCheck:
+ wait_for:
+ services:
+ - '{{ .Values.global.sdc_cassandra.serviceName }}'
# Modifications Copyright © 2018 AT&T, ZTE
# Modifications Copyright © 2021 Orange
# Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2025 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
version: 13.0.4
dependencies:
+ - name: common
+ version: ~13.x-0
+ repository: '@local'
- name: repositoryGenerator
version: ~13.x-0
repository: '@local'
- name: serviceAccount
version: ~13.x-0
repository: '@local'
+ - name: readinessCheck
+ version: ~13.x-0
+ repository: '@local'
{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T, ZTE
-# Modifications Copyright © 2023 Deutsche Telekom
+# Modifications Copyright © 2023,2025 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- - name: {{ include "common.name" . }}-job-completion
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
- command:
- - /app/ready.py
- args:
- - --job-name
- - {{ include "common.release" . }}-sdc-be
- - "-t"
- - "35"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- resources:
- limits:
- cpu: "100m"
- memory: "500Mi"
- requests:
- cpu: "3m"
- memory: "20Mi"
+ {{ include "common.readinessCheck.waitFor" . | nindent 8 }}
+ - name: {{ include "common.name" . }}-copy-jetty
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command: ["/bin/sh","-c"]
+ args: ['cp -a /app/jetty/ /app/jetty_rw/; mkdir /app/jetty_rw/jetty/ruby_temp']
+ resources:
+ limits:
+ cpu: 400m
+ memory: 400Mi
+ requests:
+ cpu: 30m
+ memory: 200Mi
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-jetty
+ mountPath: /app/jetty_rw
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
successThreshold: {{ .Values.startup.successThreshold }}
failureThreshold: {{ .Values.startup.failureThreshold }}
resources: {{ include "common.resources" . | nindent 12 }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
env:
+ - name: TMPDIR
+ value: '/app/jetty/ruby_temp'
- name: ENVNAME
value: {{ .Values.env.name }}
- name: HOST_IP
- name: JAVA_OPTIONS
value: {{ .Values.config.javaOptions }}
volumeMounts:
- - name: logs
+ - name: {{ include "common.fullname" . }}-jetty
+ mountPath: /app/jetty
+ subPath: jetty
+ - name: {{ include "common.fullname" . }}-logs
mountPath: /var/log/onap
+ - name: {{ include "common.fullname" . }}-tmp
+ mountPath: /tmp
- name: configs
mountPath: /app/jetty/config/catalog-fe/plugins-configuration.yaml
subPath: plugins-configuration.yaml
lifecycle:
postStart:
exec:
- command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/app/jetty/config/catalog-fe/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"]
+ command: ["/bin/sh", "-c", "export LOG=/tmp/wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/app/jetty/config/catalog-fe/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"]
# side car containers
{{ include "common.log.sidecar" . | nindent 8 }}
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 8 }}
configMap:
name: {{ include "common.release" . }}-sdc-environments-configmap
defaultMode: 0755
- - name: logs
- emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.logSizeLimit }}
+ - name: {{ include "common.fullname" . }}-tmp
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.tmpSizeLimit }}
+ - name: {{ include "common.fullname" . }}-jetty
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.jettySizeLimit }}
- name: {{ include "common.fullname" . }}-ready-probe-script
configMap:
name: {{ include "common.release" . }}-ready-probe-script
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T, ZTE
+# Modifications Copyright © 2025 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- name: http
port: 8181
nodePort: '07'
- annotations:
- msb.onap.org/service-info: |
- {{ if .Values.global.msbEnabled -}}[
- {
- "serviceName": "sdc-ui",
- "version": "v1",
- "url": "/sdc1",
- "protocol": "UI",
- "visualRange":"0|1",
- "port": "{{ .Values.service.internalPort }}",
- }
- ]{{ end }}
ingress:
enabled: false
serviceMesh:
authorizationPolicy:
authorizedPrincipals:
- - serviceAccount: consul-read
- - serviceAccount: consul-server-read
- serviceAccount: istio-ingress
namespace: istio-ingress
roles:
- read
+readinessCheck:
+ wait_for:
+ jobs:
+ - '{{ include "common.release" . }}-sdc-be'
+
#Log configuration
log:
path: /var/log/onap
logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
+securityContext:
+ user_id: 1000
+ group_id: 101
+
+volumes:
+ logSizeLimit: 64Mi
+ jettySizeLimit: 400Mi
+ tmpSizeLimit: 500Mi
+
autoscaling:
enabled: true
minReplicas: 1
# Copyright (c) 2021 Nokia. All rights reserved.
# Modifications Copyright © 2021 Orange
# Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2025 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: v2
description: ONAP Service Design and Creation Helm Validator
name: sdc-helm-validator
-version: 13.0.0
+version: 13.0.1
dependencies:
- - name: repositoryGenerator
+ - name: common
version: ~13.x-0
repository: '@local'
- - name: common
+ - name: repositoryGenerator
version: ~13.x-0
repository: '@local'
{{/*
# ===========LICENSE_START========================================================
# Copyright (c) 2021 Nokia. All rights reserved.
+# Modifications Copyright © 2025 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
resources: {{ include "common.resources" . | nindent 12 }}
ports: {{ include "common.containerPorts" . | nindent 12 }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
env:
- name: LOG_LEVEL
value: {{ .Values.config.loggingLevel }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
successThreshold: {{ .Values.liveness.successThreshold }}
failureThreshold: {{ .Values.liveness.failureThreshold }}
+ readinessProbe:
+ httpGet:
+ path: {{ .Values.readiness.path }}
+ port: {{ .Values.readiness.port }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ successThreshold: {{ .Values.readiness.successThreshold }}
+ failureThreshold: {{ .Values.readiness.failureThreshold }}
startupProbe:
httpGet:
path: {{ .Values.startup.path }}
periodSeconds: {{ .Values.startup.periodSeconds }}
successThreshold: {{ .Values.startup.successThreshold }}
failureThreshold: {{ .Values.startup.failureThreshold }}
+ volumeMounts:
+ - mountPath: /tmp
+ name: tmp
+ volumes:
+ - name: tmp
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.tmpSizeLimit }}
{{- include "common.imagePullSecrets" . | nindent 6 }}
# ===========LICENSE_START========================================================
# Copyright (c) 2021 Nokia. All rights reserved.
+# Modifications Copyright © 2025 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# in debugger so K8s doesn't restart unresponsive container
enabled: true
+readiness:
+ port: *port
+ path: /actuator/health
+ initialDelaySeconds: 1
+ periodSeconds: 10
+ timeoutSeconds: 1
+ successThreshold: 1
+ failureThreshold: 3
+
startup:
initialDelaySeconds: 10
periodSeconds: 10
cpu: "1"
memory: "1Gi"
unlimited: {}
+
+securityContext:
+ user_id: 1000
+ group_id: 65533
+
+volumes:
+ tmpSizeLimit: 200Mi
# Modifications Copyright © 2018 AT&T, ZTE
# Modifications Copyright © 2021 Orange
# Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2025 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: v2
description: ONAP Service Design and Creation Onboarding API
name: sdc-onboarding-be
-version: 13.0.4
+version: 13.0.5
dependencies:
+ - name: common
+ version: ~13.x-0
+ repository: '@local'
- name: repositoryGenerator
version: ~13.x-0
repository: '@local'
- name: serviceAccount
version: ~13.x-0
repository: '@local'
+ - name: readinessCheck
+ version: ~13.x-0
+ repository: '@local'
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- - name: {{ include "common.name" . }}-job-completion
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
- command:
- - /app/ready.py
- args:
- - --job-name
- - {{ include "common.release" . }}-sdc-onboarding-be
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- resources:
- limits:
- cpu: "100m"
- memory: "500Mi"
- requests:
- cpu: "3m"
- memory: "20Mi"
+ {{ include "common.readinessCheck.waitFor" . | nindent 8 }}
+ - name: {{ include "common.name" . }}-copy-jetty
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command: ["/bin/sh","-c"]
+ args: ['cp -a /app/jetty/ /app/jetty_rw/; mkdir /app/jetty_rw/jetty/ruby_temp']
+ resources:
+ limits:
+ cpu: 400m
+ memory: 400Mi
+ requests:
+ cpu: 30m
+ memory: 200Mi
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-jetty
+ mountPath: /app/jetty_rw
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
{{ if eq .Values.liveness.enabled true }}
livenessProbe:
httpGet:
- path: /onboarding-api/v1.0/healthcheck
+ path: {{ .Values.liveness.path }}
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end }}
readinessProbe:
httpGet:
- path: /onboarding-api/v1.0/healthcheck
+ path: {{ .Values.readiness.path }}
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
failureThreshold: {{ .Values.readiness.failureThreshold }}
startupProbe:
httpGet:
- path: /onboarding-api/v1.0/healthcheck
+ path: {{ .Values.startup.path }}
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.startup.initialDelaySeconds }}
periodSeconds: {{ .Values.startup.periodSeconds }}
timeoutSeconds: {{ .Values.startup.timeoutSeconds }}
successThreshold: {{ .Values.startup.successThreshold }}
failureThreshold: {{ .Values.startup.failureThreshold }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
resources: {{ include "common.resources" . | nindent 12 }}
env:
+ - name: TMPDIR
+ value: '/app/jetty/ruby_temp'
- name: ENVNAME
value: {{ .Values.env.name }}
- name: JAVA_OPTIONS
- name: SDC_CERT_DIR
value: ""
volumeMounts:
- - name: logs
+ - name: {{ include "common.fullname" . }}-jetty
+ mountPath: /app/jetty
+ subPath: jetty
+ - name: {{ include "common.fullname" . }}-logs
mountPath: /var/log/onap
+ - name: {{ include "common.fullname" . }}-tmp
+ mountPath: /tmp
- name: logback
mountPath: /tmp/logback.xml
subPath: logback.xml
lifecycle:
postStart:
exec:
- command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/app/jetty/config/onboarding-be/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"]
+ command: ["/bin/sh", "-c", "export LOG=/tmp/wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/app/jetty/config/onboarding-be/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"]
# side car containers
{{ include "common.log.sidecar" . | nindent 8 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
volumes:
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
- name: logback
configMap:
name: {{ include "common.release" . }}-sdc-ready-probe-configmap
defaultMode: 0755
- - name: logs
- emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.logSizeLimit }}
+ - name: {{ include "common.fullname" . }}-tmp
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.tmpSizeLimit }}
+ - name: {{ include "common.fullname" . }}-jetty
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.jettySizeLimit }}
{{- include "common.imagePullSecrets" . | nindent 6 }}
{{/*
# Copyright © 2017 Amdocs, AT&T, Bell Canada
# Modifications Copyright © 2018 ZTE
+# Modifications Copyright © 2025 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
release: {{ include "common.release" . }}
spec:
restartPolicy: Never
+ securityContext:
+ {{- toYaml .Values.jobPodSecurityContext | nindent 8 }}
initContainers:
- - name: {{ include "common.name" . }}-job-completion
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
- command:
- - /app/ready.py
- args:
- - --job-name
- - {{ include "common.release" . }}-sdc-cs
- - "-t"
- - "20"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- resources:
- limits:
- cpu: "100m"
- memory: "500Mi"
- requests:
- cpu: "3m"
- memory: "20Mi"
+ {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.job_wait_for) | nindent 8 }}
containers:
- name: {{ include "common.name" . }}-job
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.onboardingInitImage }}
requests:
cpu: "200m"
memory: "200Mi"
+ {{ if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: {{ .Values.service.jobPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
+ successThreshold: {{ .Values.liveness.successThreshold }}
+ failureThreshold: {{ .Values.liveness.failureThreshold }}
+ {{ end }}
+ readinessProbe:
+ httpGet:
+ path: /healthz
+ port: {{ .Values.service.jobPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
+ successThreshold: {{ .Values.readiness.successThreshold }}
+ failureThreshold: {{ .Values.readiness.failureThreshold }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
{{ include "common.waitForJobContainer" . | indent 6 | trim }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T, ZTE
+# Modifications Copyright © 2025 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# probe configuration parameters
liveness:
+ path: /onboarding-api/v1.0/healthcheck
initialDelaySeconds: 1
periodSeconds: 10
timeoutSeconds: 15
enabled: true
readiness:
+ path: /onboarding-api/v1.0/healthcheck
initialDelaySeconds: 1
periodSeconds: 10
timeoutSeconds: 15
failureThreshold: 3
startup:
+ path: /onboarding-api/v1.0/healthcheck
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 15
type: ClusterIP
name: sdc-onboarding-be
internalPort: 8081
+ jobPort: 8080
ports:
- name: http
port: 8081
mountPath: /dockerdata-nfs
mountSubPath: /sdc/sdc-cs/CS
-securityContext:
- fsGroup: 35953
- runAsUser: 352070
-
ingress:
enabled: false
containers:
- '{{ include "common.name" . }}-job'
+readinessCheck:
+ wait_for:
+ jobs:
+ - '{{ include "common.release" . }}-sdc-onboarding-be'
+ job_wait_for:
+ jobs:
+ - '{{ include "common.release" . }}-sdc-cs'
+
#Log configuration
log:
path: /var/log/onap
logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
+securityContext:
+ user_id: 1000
+ group_id: 101
+
+volumes:
+ logSizeLimit: 300Mi
+ jettySizeLimit: 400Mi
+ tmpSizeLimit: 500Mi
+
+resources_initContainer:
+ limits:
+ cpu: "100m"
+ memory: "500Mi"
+ requests:
+ cpu: "3m"
+ memory: "20Mi"
+
+jobPodSecurityContext:
+ fsGroup: 1000
+ runAsGroup: 1000
+ runAsNonRoot: true
+ runAsUser: 1000
+ seccompProfile:
+ type: RuntimeDefault
+
#################################################################
# Settings from Default.rb
#################################################################
# Copyright © 2018 Amdocs, Bell Canada
# Modifications Copyright © 2021 Orange
# Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2025 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: v2
description: ONAP Service Design and Creation Workflow Designer backend
name: sdc-wfd-be
-version: 13.0.2
+version: 13.0.3
dependencies:
- name: repositoryGenerator
- name: serviceAccount
version: ~13.x-0
repository: '@local'
+ - name: readinessCheck
+ version: ~13.x-0
+ repository: '@local'
{{/*
# Copyright © 2017 Amdocs, AT&T, Bell Canada
# Modifications Copyright © 2018 ZTE
-# Modifications Copyright © 2023 Deutsche Telekom
+# Modifications Copyright © 2023,2025 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
spec:
initContainers:
{{- if .Values.initJob.enabled }}
- - name: {{ include "common.name" . }}-job-completion
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
- command:
- - /app/ready.py
- args:
- - --job-name
- - {{ include "common.fullname" . }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- resources:
- limits:
- cpu: "100m"
- memory: "500Mi"
- requests:
- cpu: "3m"
- memory: "20Mi"
+ {{ include "common.readinessCheck.waitFor" . | nindent 8 }}
{{ end }}
containers:
- name: {{ include "common.name" . }}
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T, ZTE
+# Modifications Copyright © 2025 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
containers:
- '{{ include "common.name" . }}-job'
+readinessCheck:
+ wait_for:
+ jobs:
+ - '{{ include "common.fullname" . }}'
+
autoscaling:
enabled: false
minReplicas: 1
# Copyright © 2018 Amdocs, Bell Canada
# Modifications Copyright © 2021 Orange
# Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2025 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: v2
description: ONAP Service Design and Creation Workflow Designer frontend
name: sdc-wfd-fe
-version: 13.0.1
+version: 13.0.2
dependencies:
- name: repositoryGenerator
- name: serviceAccount
version: ~13.x-0
repository: '@local'
+ - name: readinessCheck
+ version: ~13.x-0
+ repository: '@local'
\ No newline at end of file
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- - name: {{ include "common.name" . }}-readiness
- command:
- - /app/ready.py
- args:
- - --service-name
- - sdc-wfd-be
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- resources:
- limits:
- cpu: "100m"
- memory: "500Mi"
- requests:
- cpu: "3m"
- memory: "20Mi"
+ {{ include "common.readinessCheck.waitFor" . | nindent 8 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
# Copyright © 2018 Amdocs, Bell Canada
+# Modifications Copyright © 2025 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
port: 8080
port_protocol: http
nodePort: '56'
- annotations:
- msb.onap.org/service-info: |
- {{ if .Values.global.msbEnabled -}}[
- {
- "serviceName": "wf-gui",
- "version": "v1",
- "url": "/",
- "protocol": "UI",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0|1"
- }
- ]{{ end }}
ingress:
enabled: false
path: /var/log/onap
logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
+readinessCheck:
+ wait_for:
+ services:
+ - sdc-wfd-be
+
autoscaling:
enabled: false
minReplicas: 1
Code Review / oom.git / commitdiff