casablanca 1.11.5 2.9.1 1.11.5 17.03.x
dublin 1.13.5 2.12.3 1.13.5 18.09.5
el alto 1.15.2 2.14.2 1.15.2 18.09.x
+ frankfurt 1.15.9 2.16.3 1.15.9 18.09.x
============== =========== ====== ======== ========
Minimum Hardware Configuration
Click :download:`openstack-nfs-server.sh <openstack-nfs-server.sh>` to download the
script.
-.. literalinclude:: openstack-k8s-workernode.sh
+.. literalinclude:: openstack-nfs-server.sh
:language: bash
This customization script will:
To prepare your system for an installation of ONAP, you'll need to::
- > git clone -b casablanca http://gerrit.onap.org/r/oom
+ > git clone -b frankfurt http://gerrit.onap.org/r/oom
> cd oom/kubernetes
To deploy ONAP with this environment file, enter::
- > helm deploy local/onap -n casablanca -f environments/onap-production.yaml
+ > helm deploy local/onap -n onap -f environments/onap-production.yaml
.. include:: environments_onap_demo.yaml
:code: yaml
For example, to upgrade a container by changing configuration, specifically an
environment value::
- > helm deploy casablanca onap/so --version 2.0.1 --set enableDebug=true
+ > helm deploy onap onap/so --version 2.0.1 --set enableDebug=true
Issuing this command will result in the appropriate container being stopped by
Kubernetes and replaced with a new container with the new environment value.
To upgrade a component to a new version with a new configuration file enter::
- > helm deploy casablanca onap/so --version 2.0.2 -f environments/demo.yaml
+ > helm deploy onbap onap/so --version 2.0.2 -f environments/demo.yaml
To fetch release history enter::
what will happen with a given command prior to actually deleting anything. For
example::
- > helm undeploy casablanca --dry-run
+ > helm undeploy onap --dry-run
-will display the outcome of deleting the 'casablanca' release from the
+will display the outcome of deleting the 'onap' release from the
deployment.
To completely delete a release and remove it from the internal store enter::
- > helm undeploy casablanca --purge
+ > helm undeploy onap --purge
One can also remove individual components from a deployment by changing the
ONAP configuration values. For example, to remove `so` from a running
deployment enter::
- > helm undeploy casablanca-so --purge
+ > helm undeploy onap-so --purge
will remove `so` as the configuration indicates it's no longer part of the
deployment. This might be useful if a one wanted to replace just `so` by
PACKAGE_DIR := $(OUTPUT_DIR)/packages
SECRET_DIR := $(OUTPUT_DIR)/secrets
+ifneq ($(SKIP_LINT),TRUE)
+ HELM_LINT_CMD := helm lint
+else
+ HELM_LINT_CMD := echo "Skipping linting of"
+endif
+
SUBMODS := robot aai
EXCLUDES := config oneclick readiness test dist helm $(PARENT_CHART) dcae $(SUBMODS)
HELM_CHARTS := $(filter-out $(EXCLUDES), $(patsubst %/.,%,$(wildcard */.))) $(PARENT_CHART)
@if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+ @if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
resources:
small:
limits:
- cpu: 20m
+ cpu: 200m
memory: 280Mi
requests:
cpu: 1m
small:
limits:
cpu: 100m
- memory: 30Mi
+ memory: 400Mi
requests:
cpu: 25m
memory: 10Mi
cpu: 400m
memory: 1Gi
requests:
- cpu: 10m
+ cpu: 25m
memory: 100Mi
unlimited: {}
-Subproject commit 23f076495d36081f34a367067918d15fcc5ada8d
+Subproject commit 4f4d14ab45a2225953961136220041189d566015
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+---
+# Copyright © 2020 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# The default name is elasticsearch, but you should change it to an appropriate name which describes the
# purpose of the cluster.
#
-cluster.name: "clamp-dashboard"
-#
-# The port that other nodes in the cluster should use when communicating with this node.
-# Required for Elasticsearch's nodes running on different cluster nodes.
-# More : https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-transport.html
-#transport.publish_port:$transport.publish_port
-#
-# The host address to publish for nodes in the cluster to connect to.
-# Required for Elasticsearch's nodes running on different cluster nodes.
-# More : https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-transport.html
-#transport.publish_host:$transport.publish_host
+## Default Elasticsearch configuration from elasticsearch-docker.
+## from https://opendistro.github.io/for-elasticsearch-docs/docs/elasticsearch/configuration/
#
-# ------------------------------------ Node ------------------------------------
-#
-# It is better to provide different meaningfull names fot different elastic nodes.
-# By default, Elasticsearch will take the 7 first character of the randomly generated uuid used as the node id.
-# Note that the node id is persisted and does not change when a node restarts
+
+cluster.name: "clamp-dashboard"
+node.name: "cldash-es-node1"
+# ---------------------------------- Network -----------------------------------
#
-#node.name: $node.name
+# Set the bind address to a specific IP (IPv4 or IPv6):
+# In order to communicate and to form a cluster with nodes on other servers, your node will need to bind to a
+# non-loopback address.
+network.host: 0.0.0.0
#
-# Add custom attributes to the node:
+# Set a custom port for HTTP: If required, default is 9200-9300
#
-#node.attr.rack: r1
+#http.port: $http.port
#
+# For more information, consult the network module documentation.
# ----------------------------------- Paths ------------------------------------
#
# The location of the data files of each index / shard allocated on the node. Can hold multiple locations separated by coma.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
-# ---------------------------------- Network -----------------------------------
-#
-# Set the bind address to a specific IP (IPv4 or IPv6):
-# In order to communicate and to form a cluster with nodes on other servers, your node will need to bind to a
-# non-loopback address.
-network.host: 0.0.0.0
-#
-# Set a custom port for HTTP: If required, default is 9200-9300
-#
-#http.port: $http.port
-#
-# For more information, consult the network module documentation.
-#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when new node is started
# that are likely to be live and contactable.
# By default, Elasticsearch will bind to the available loopback addresses and will scan ports 9300 to 9305 to try
# to connect to other nodes running on the same server.
-#
-#$discovery.zen.ping.unicast.hosts
-#
-# This setting tells Elasticsearch to not elect a master unless there are enough master-eligible nodes
-# available. Only then will an election take place.
-# Prevent the "split brain" by configuring the majority of nodes (total number of master-eligible nodes / 2 + 1):
+# # minimum_master_nodes need to be explicitly set when bound on a public IP
+# # set to 1 to allow single node clusters
+# # Details: https://github.com/elastic/elasticsearch/pull/17288
discovery.zen.minimum_master_nodes: 1
-#
-# For more information, consult the zen discovery module documentation.
-#
-# ---------------------------------- Gateway -----------------------------------
-#
-# Block initial recovery after a full cluster restart until N nodes are started:
-#
-#gateway.recover_after_nodes: 3
-#
-# For more information, consult the gateway module documentation.
-#
+discovery.seed_hosts: []
+# # Breaking change in 7.0
+# # https://www.elastic.co/guide/en/elasticsearch/reference/7.0/breaking-changes-7.0.html#breaking_70_discovery_changes
+cluster.initial_master_nodes:
+ - cldash-es-node1
+# - docker-test-node-1
# ---------------------------------- Various -----------------------------------
#
# Require explicit names when deleting indices:
# Defaults to 9300-9400.
# More info:
transport.tcp.port: {{.Values.service.externalPort2}}
-#xpack.graph.enabled: false
-#Set to false to disable X-Pack graph features.
-#xpack.ml.enabled: false
-#Set to false to disable X-Pack machine learning features.
-#xpack.monitoring.enabled: false
-#Set to false to disable X-Pack monitoring features.
+######## Start OpenDistro for Elasticsearch Security Demo Configuration ########
+# WARNING: revise all the lines below before you go into production
+opendistro_security.ssl.transport.pemcert_filepath: esnode.pem
+opendistro_security.ssl.transport.pemkey_filepath: esnode-key.pem
+opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem
+opendistro_security.ssl.transport.enforce_hostname_verification: false
+opendistro_security.ssl.http.enabled: {{.Values.security.ssl.enabled}}
+opendistro_security.ssl.http.pemcert_filepath: esnode.pem
+opendistro_security.ssl.http.pemkey_filepath: esnode-key.pem
+opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem
+opendistro_security.allow_unsafe_democertificates: true
+opendistro_security.allow_default_init_securityindex: true
+opendistro_security.authcz.admin_dn:
+ - CN=kirk,OU=client,O=client,L=test, C=de
-#xpack.watcher.enabled: false
-#Set to false to disable Watcher.
-
-#xpack.license.self_generated.type: basic
-#xpack.security.enabled: false
-
-## Search Guard
-#
-searchguard.enterprise_modules_enabled: false
-searchguard.ssl.transport.keystore_filepath: sg/node-0-keystore.jks
-searchguard.ssl.transport.truststore_filepath: sg/truststore.jks
-searchguard.ssl.transport.enforce_hostname_verification: false
-
-searchguard.authcz.admin_dn:
- - "CN=kirk,OU=client,O=client,l=tEst,C=De"
+opendistro_security.audit.type: internal_elasticsearch
+opendistro_security.enable_snapshot_restore_privilege: true
+opendistro_security.check_snapshot_restore_write_privileges: true
+opendistro_security.restapi.roles_enabled: ["all_access", "security_rest_api_access"]
+cluster.routing.allocation.disk.threshold_enabled: false
+node.max_local_storage_nodes: 3
+######## End OpenDistro for Elasticsearch Security Demo Configuration ########
\ No newline at end of file
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
+ timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
{{ end -}}
readinessProbe:
tcpSocket:
port: {{ .Values.service.internalPort2 }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
+ timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
env:
volumeMounts:
- mountPath: /etc/localtime
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2020 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-dashboard-elasticsearch:4.1.1
+image: onap/clamp-dashboard-elasticsearch:5.0.3
pullPolicy: Always
# flag to enable debugging - application support required
# probe configuration parameters
liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
+ initialDelaySeconds: 180
+ periodSeconds: 30
+ timeoutSeconds: 5
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
+ initialDelaySeconds: 180
+ periodSeconds: 30
+ timeoutSeconds: 5
## Persist data to a persitent volume
persistence:
mountSubPath: clamp/dashboard-elasticsearch/data
mountSubPathLogs: clamp
+security:
+ ssl:
+ enabled: true
+
service:
type: ClusterIP
name: cdash-es
+++ /dev/null
-Bag Attributes
- friendlyName: clamp@clamp.onap.org
- localKeyID: 54 69 6D 65 20 31 35 35 33 37 38 37 35 31 38 33 30 33
-subject=/CN=clamp/emailAddress=/OU=clamp@clamp.onap.org/OU=OSAAF/O=ONAP/C=US
-issuer=/C=US/O=ONAP/OU=OSAAF/CN=intermediateCA_9
------BEGIN CERTIFICATE-----
-MIIEKDCCAxCgAwIBAgIIWY+5kgf/UG4wDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE
-BhMCVVMxDTALBgNVBAoMBE9OQVAxDjAMBgNVBAsMBU9TQUFGMRkwFwYDVQQDDBBp
-bnRlcm1lZGlhdGVDQV85MB4XDTE5MDMyMTE2MTY1OFoXDTIwMDMyMTE2MTY1OFow
-bDEOMAwGA1UEAwwFY2xhbXAxDzANBgkqhkiG9w0BCQEWADEdMBsGA1UECwwUY2xh
-bXBAY2xhbXAub25hcC5vcmcxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQ
-MQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALic
-uDccBjOAlOsL1Z1nKnDPRTNxBwIVfARRQDxK3C0zDHQ5qEmIQlF0Vjp+bJ2rgzMW
-BnodC38zt1jSXymEsekZNV2sUyBbzJl6vxvA1xJKI9VHLyPSzyUEd1H4qh8b7IDX
-3GDqUJgNfvzJ94DaNnnYWFVZq/IYdLjCFaXDxPUQZtlmpdkIWBzvMeNRe4bWajau
-immkmSi5/2BYQfZXHXpiKiyBnN+1FbU3consmjNwS1L+PjD+k3JLsc5ANZYZMOTp
-Szhu3xmDiB3UV4gPQWacQQZEo/5exywY3Ax3TowGwIA660eSkW1L5RPdyvzEgp7A
-vu4+rbhfeR5bXjy2iAUCAwEAAaOB8jCB7zAJBgNVHRMEAjAAMA4GA1UdDwEB/wQE
-AwIF4DAgBgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwVAYDVR0jBE0w
-S4AUgfeZWxC5yIze81Je6k5poEM+rN2hMKQuMCwxDjAMBgNVBAsMBU9TQUFGMQ0w
-CwYDVQQKDARPTkFQMQswCQYDVQQGEwJVU4IBBzAdBgNVHQ4EFgQU+GZ6wmWDPrmq
-Wd1/NtMYiCQ8Dg4wOwYDVR0RBDQwMoIFY2xhbXCCHWNsYW1wLmFwaS5zaW1wbGVk
-ZW1vLm9uYXAub3JnggpjbGFtcC5vbmFwMA0GCSqGSIb3DQEBCwUAA4IBAQCFZdhB
-U6xm6l0vj4q89onLx4opTPvwGNRc0n402lifkPYXseFtphZSHIf2Sg0mFTH4KHb4
-FdMyBzq1+f5WLU+xRC1nT4eGJ0FvRR6204/fGVrzJTS67phnRnxr2WZzLPW0wPJe
-K8SzN6tkUgE7/a/s0T/htE/blDxWh75+tA2jQlgj1Ri0y9A1J8wx++REKjGlHjFN
-53aiipsB+wC/oEMzYL4qEPiYPI0Lr3Lsay1F7f6cvDT4+EYzBLMFuwCvpcnHgSMS
-4fFj2ROmUG2+CC23B88Q0WNxjLPq/CrmHZZBsqwruPJ0cSuCQxfshTQ6uZhcjtu8
-6TRYkIcL0x9r/AHP
------END CERTIFICATE-----
+++ /dev/null
-Bag Attributes
- friendlyName: clamp@clamp.onap.org
- localKeyID: 54 69 6D 65 20 31 35 35 33 37 38 37 35 31 38 33 30 33
-Key Attributes: <No Attributes>
------BEGIN PRIVATE KEY-----
-MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC4nLg3HAYzgJTr
-C9WdZypwz0UzcQcCFXwEUUA8StwtMwx0OahJiEJRdFY6fmydq4MzFgZ6HQt/M7dY
-0l8phLHpGTVdrFMgW8yZer8bwNcSSiPVRy8j0s8lBHdR+KofG+yA19xg6lCYDX78
-yfeA2jZ52FhVWavyGHS4whWlw8T1EGbZZqXZCFgc7zHjUXuG1mo2ropppJkouf9g
-WEH2Vx16YiosgZzftRW1N3KJ7JozcEtS/j4w/pNyS7HOQDWWGTDk6Us4bt8Zg4gd
-1FeID0FmnEEGRKP+XscsGNwMd06MBsCAOutHkpFtS+UT3cr8xIKewL7uPq24X3ke
-W148togFAgMBAAECggEATncV+R5pKFS7dteV2IvzxvTh1cZxkxoslu0t3zJ2OKPc
-5D1pYK+QeGx5Be2cHru6TOlMoXRc4ZjKke8AUXY74/Y573GB91vtL0KznYkuIHDw
-oALcb153eqVWTbniHMzSjcSxv2N4E9iQo8L39oVI6CrjCIvPgFuSqMCdUNJPkVTI
-4nsarTfLK4fzi7IbWzi9JdE1QRNIxcCMcYJRnLZMdneMLBleR0UL82Xc2KOy5SEt
-zyKYCQ8zS247FKolnOrDkhKxXI5fzdDpRK5AQSsAykUPWlYq7pzKjY/dU9rMRohx
-YSltFjPZ3sQ3UKqqIqhZS+GoVuZoc925WyhViPsqtQKBgQDsL4LFfPWN8nnsusQp
-VR3T7HvvwXuEVAydlaJMwZU0cRYN+L7RHHjDoXZZrNJDIDzNoWnBLKRGx3mtLmgJ
-9Pa6SxN6Oc8oo6jzv2D59g1PVjNOMOYTCTb/2Xum4LMLaeeF57HkWxzeA3Ws47++
-gXwzQpbE90tp1Ys4uXD3JoivvwKBgQDIGZTwLGhLSegdAjG83WEgmdtzT1kjvx0Q
-A8IR2jkgkTJHdKiuslJ8Z3/XufHEwWMWwfs1XLwxYluoo1y9eNvNeHZXjLqjL62c
-I3034F9IvvTUqFcxam2WdoklXbAiSvLUo/9exPgOuVxok6Zv1imRgGb/vYV9vyG7
-86MRuQu5OwKBgQC9E3fcA6JMpY3H3uhEsngzfMDm+fyYvfRvfyezzNFWbyWZv8V6
-gBGJg0vMlFarGDa044BW/hbw9qXI5zqwpeOS1aFdGsRlo0cRAuduk/Spy7c85FZ7
-bMgT4BZmTMHo5DpNb2NxDSO59AkThCuvJde47ZjnS5WavzI6EfKGWNnZ3wKBgQCF
-QiwjCp/mS/DtqLFxAsmVSYGROG231aXILYiIFRloa+ndFn7j4NP4D4FfLHErRFL2
-K/ddIUYfaU57b1fqwts26ht90LXWyYDH9AaHOMCcFLe+C+INgcA7rPNG1C7hl6JC
-JHmEJo7AV4eICZSU9D44rRdrB08oYCpaHjYiLmb1UwKBgQCWCDJ4p2DrNL9hzj3K
-kzvM5saXrfI4aVBXVt9rw9s1d/WG8JOpnmHcnLPb6Tj59rDktrLCLv0sVstMwNVJ
-sOO+qsgn1VoZalcVhhjdONm5YvhJQgz0F7Y2xkr6g/AuMPz2YigGfm7fe/z7rc+L
-q9Ua2HmUS8DDBy7W89MNZJNkDQ==
------END PRIVATE KEY-----
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+# Copyright © 2020 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
-# limitations under the License.
-#xpack.graph.enabled: false
-#Set to false to disable X-Pack graph features.
-#xpack.ml.enabled: false
-#Set to false to disable X-Pack machine learning features.
-#xpack.monitoring.enabled: false
-#Set to false to disable X-Pack monitoring features.
-#xpack.reporting.enabled: false
-#Set to false to disable X-Pack reporting features.
-#xpack.security.enabled: false
-#Set to false to disable X-Pack security features.
-#xpack.watcher.enabled: false
-#Set to false to disable Watcher.
+# limitations under the License.# Default Kibana configuration from kibana-docker.
+
+server.name: "Clamp CL Dashboard"
+server.host: "0"
# Kibana is served by a back end server. This setting specifies the port to use.
server.port: {{.Values.service.externalPort}}
-# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
-# The default is 'localhost', which usually means remote machines will not be able to connect.
-# To allow connections from remote users, set this parameter to a non-loopback address.
-server.host: "0.0.0.0"
-
-# Enables you to specify a path to mount Kibana at if you are running behind a proxy. This only affects
-# the URLs generated by Kibana, your proxy is expected to remove the basePath value before forwarding requests
-# to Kibana. This setting cannot end in a slash.
-#server.basePath: ""
-
-# The maximum payload size in bytes for incoming server requests.
-#server.maxPayloadBytes: 1048576
-
-# The Kibana server's name. This is used for display purposes.
-server.name: "Clamp Dashboard"
-
-# The URL of the Elasticsearch instance to use for all your queries.
-elasticsearch.url: "http://{{.Values.config.elasticsearchServiceName}}.{{ include "common.namespace" . }}:{{.Values.config.elasticsearchPort}}"
-# When this setting's value is true Kibana uses the hostname specified in the server.host
-# setting. When the value of this setting is false, Kibana uses the hostname of the host
-# that connects to this Kibana instance.
-#elasticsearch.preserveHost: true
-
-# Kibana uses an index in Elasticsearch to store saved searches, visualizations and
-# dashboards. Kibana creates a new index if the index doesn't already exist.
-#kibana.index: ".kibana"
-
-# The default application to load.
-#kibana.defaultAppId: "discover"
-
-# If your Elasticsearch is protected with basic authentication, these settings provide
-# the username and password that the Kibana server uses to perform maintenance on the Kibana
-# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which
-# is proxied through the Kibana server.
-#elasticsearch.username: "elastic"
-#elasticsearch.password: "changeme"
-# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
-# These settings enable SSL for outgoing requests from the Kibana server to the browser.
server.ssl.enabled: {{.Values.config.sslEnabled}}
server.ssl.certificate: {{.Values.config.sslPemCertFilePath}}
server.ssl.key: {{.Values.config.sslPemkeyFilePath}}
-# Optional settings that provide the paths to the PEM-format SSL certificate and key files.
-# These files validate that your Elasticsearch backend uses the same key files.
-#elasticsearch.ssl.certificate: $elasticsearch_ssl_certificate
-#elasticsearch.ssl.key: $elasticsearch_ssl_key
-
-# Optional setting that enables you to specify a path to the PEM file for the certificate
-# authority for your Elasticsearch instance.
-#elasticsearch.ssl.certificateAuthorities: $elasticsearch_ssl_certificateAuthorities
-
-# To disregard the validity of SSL certificates, change this setting's value to 'none'.
-#elasticsearch.ssl.verificationMode: $elasticsearch_ssl_verificationMode
-
-# Time in milliseconds to wait for Elasticsearch to respond to pings. Defaults to the value of
-# the elasticsearch.requestTimeout setting.
-#elasticsearch.pingTimeout: 1500
-
-# Time in milliseconds to wait for responses from the back end or Elasticsearch. This value
-# must be a positive integer.
-#elasticsearch.requestTimeout: 30000
-
-# List of Kibana client-side headers to send to Elasticsearch. To send *no* client-side
-# headers, set this value to [] (an empty list).
-#elasticsearch.requestHeadersWhitelist: [ authorization ]
-
-# Header names and values that are sent to Elasticsearch. Any custom headers cannot be overwritten
-# by client-side headers, regardless of the elasticsearch.requestHeadersWhitelist configuration.
-#elasticsearch.customHeaders: {}
-
-# Time in milliseconds for Elasticsearch to wait for responses from shards. Set to 0 to disable.
-#elasticsearch.shardTimeout: 0
-
-# Time in milliseconds to wait for Elasticsearch at Kibana startup before retrying.
-#elasticsearch.startupTimeout: 5000
-
-# Specifies the path where Kibana creates the process ID file.
-#pid.file: /var/run/kibana.pid
-
-# Enables you specify a file where Kibana stores log output.
-#logging.dest: stdout
-
-# Set the value of this setting to true to suppress all logging output.
-#logging.silent: false
-
-# Set the value of this setting to true to suppress all logging output other than error messages.
-#logging.quiet: false
-
-# Set the value of this setting to true to log all events, including system usage information
-# and all requests.
-#logging.verbose: false
-
-# Set the interval in milliseconds to sample system and process performance
-# metrics. Minimum is 100ms. Defaults to 5000.
-#ops.interval: 5000
-
-# The default locale. This locale can be used in certain circumstances to substitute any missing
-# translations.
-#i18n.defaultLocale: "en"
+# The URL of the Elasticsearch instance to use for all your queries.
+elasticsearch.hosts: ${elasticsearch_base_url}
-## Search Guard
-#
-#xpack.security.enabled: false
+elasticsearch.ssl.verificationMode: none
elasticsearch.username: {{.Values.config.elasticUSR}}
elasticsearch.password: {{.Values.config.elasticPWD}}
-searchguard.cookie.password: 123567818187654rwrwfsfshdhdhtegdhfzftdhncn
+elasticsearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
+
+opendistro_security.multitenancy.enabled: true
+opendistro_security.multitenancy.tenants.preferred: ["Private", "Global"]
+opendistro_security.readonly_mode.roles: ["kibana_read_only"]
\ No newline at end of file
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end -}}
env:
+ - name: elasticsearch_base_url
+ value: "{{ternary "https" "http" .Values.security.ssl.enabled}}://{{.Values.config.elasticsearchServiceName}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.config.elasticsearchPort}}"
volumeMounts:
- mountPath: /etc/localtime
name: localtime
- mountPath: /usr/share/kibana/config/kibana.yml
name: {{ include "common.fullname" . }}
subPath: kibana.yml
- - name: {{ include "common.fullname" . }}-aaf-pem-certs
- mountPath: /usr/share/kibana/config/keystore/
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
items:
- key: kibana.yml
path: kibana.yml
- - name: {{ include "common.fullname" . }}-aaf-pem-certs
- secret:
- secretName: {{ include "common.fullname" . }}-aaf-pem-keys
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-dashboard-kibana:4.1.3
+image: onap/clamp-dashboard-kibana:5.0.3
pullPolicy: Always
# flag to enable debugging - application support required
debugEnabled: false
# application configuration
+#the 'sslEnabled flag' here below is for the kibana UI connection (web browser connection to kibana)
config:
elasticsearchServiceName: cdash-es
elasticsearchPort: 9200
# probe configuration parameters
liveness:
initialDelaySeconds: 360
- periodSeconds: 10
+ periodSeconds: 30
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
+ initialDelaySeconds: 360
+ periodSeconds: 30
+
+#internal ssl security scheme for elasticsearch connection mainly
+security:
+ ssl:
+ enabled: true
service:
#Example service definition with external, internal and node ports.
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIIEVDCCAjygAwIBAgIBAjANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB
-RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMwHhcNMTgwNjA1MDg1MTQxWhcN
-MjMwNjA1MDg1MTQxWjBHMQswCQYDVQQGEwJVUzENMAsGA1UECgwET05BUDEOMAwG
-A1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVkaWF0ZUNBXzEwggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOXCdZIoWM0EnEEw3qPiVMhAgNolWCTaLt
-eI2TjlTQdGDIcXdBZukHdNeOKYzOXRsLt6bLRtd5yARpn53EbzS/dgAyHuaz1HjE
-5IPWSFRg9SulfHUmcS+GBt1+KiMJTlOsw6wSA73H/PjjXBbWs/uRJTnaNmV3so7W
-DhNW6fHOrbom4p+3FucbB/QAM9b/3l/1LKnRgdXx9tekDnaKN5u3HVBmyOlRhaRp
-tscLUCT3jijoGAPRcYZybgrpa0z3iCWquibTO/eLwuO/Dn7yHWau9ZZAHGPBSn9f
-TiLKRYV55mNjr3zvs8diTPECFPW8w8sRIH3za1aKHgUC1gd87Yr3AgMBAAGjZjBk
-MB0GA1UdDgQWBBQa1FdycErTZ6nr4dxiMbKH0P7vqjAfBgNVHSMEGDAWgBRTVTPy
-S+vQUbHBeJrBKDF77+rtSTASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQE
-AwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAlA/RTPy5i09fJ4ytSAmAdytMwEwRaU9F
-dshG7LU9q95ODsuM79yJvV9+ISIJZRsBqf5PDv93bUCKKHIYGvR6kNd+n3yx/fce
-txDkC/tMj1T9D8TuDKAclGEO9K5+1roOQQFxr4SE6XKb/wjn8OMrCoJ75S0F3htF
-LKL85T77JeGeNgSk8JEsZvQvj32m0gv9rxi5jM/Zi5E2vxrBR9T1v3kVvlt6+PSF
-BoHXROk5HQmdHxnH+VYQtDHSwj9Xe9aoJMyL0WjYKd//8NUO+VACDOtK4Nia6gy9
-m/n9kMASMw6f9iF4n6t4902RWrRKTYM1CVu5wyVklVbEdE9i6Db4CpL9E8HpBUAP
-t44JiNzuFkDmSE/z5XuQIimDt6nzOaSF8pX2KHY2ICDLwpMNUvxzqXD9ECbdspiy
-JC2RGq8uARGGl6kQQBKDNO8SrO7rSBPANd1+LgqrKbCrHYfvFgkZPgT5MlQi+E1G
-LNT+i6fzZha9ed/L6yjl5Em71flJGFwRZl2pfErZRxp8pLPcznYyIpSjcwnqNCRC
-orhlp8nheiODC3oO3AFHDiFgUqvm8hgpnT2cPk2lpU2VY1TcZ8sW5qUDCxINIPcW
-u1SAsa87IJK3vEzPZfTCs/S6XThoqRfXj0c0Rahj7YFRi/PqIPY0ejwdtmZ9m9pZ
-8Lb0GYmlo44=
------END CERTIFICATE-----
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+# Copyright © 2020 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
## Setting true makes logstash check periodically for change in pipeline configurations
config.reload.automatic: true
-## xpack configurations
-#xpack.monitoring.elasticsearch.url: ["http://10.247.186.12:9200", "http://10.247.186.13:9200"]
-#xpack.monitoring.elasticsearch.username: elastic
-#xpack.monitoring.elasticsearch.password: changeme
-#xpack.monitoring.enabled: false
if "error" in [tags] {
elasticsearch {
codec => "json"
+ cacert => "/clamp-cert/ca-certs.pem"
+ ssl_certificate_verification => false
hosts => ["${elasticsearch_base_url}"]
user => ["${logstash_user}"]
password => ["${logstash_pwd}"]
elasticsearch {
codec => "json"
hosts => ["${elasticsearch_base_url}"]
+ cacert => "/clamp-cert/ca-certs.pem"
+ ssl_certificate_verification => false
user => ["${logstash_user}"]
password => ["${logstash_pwd}"]
document_id => "%{requestID}"
elasticsearch {
codec => "json"
hosts => ["${elasticsearch_base_url}"]
+ cacert => "/clamp-cert/ca-certs.pem"
+ ssl_certificate_verification => false
user => ["${logstash_user}"]
password => ["${logstash_pwd}"]
index => "events-%{+YYYY.MM.DD}" # creates daily indexes
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
-
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-aaf-keys
- namespace: {{ include "common.namespace" . }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }}
- name: request_topic
value: "{{ .Values.config.requestTopic }}"
- name: dmaap_base_url
- value: {{ .Values.config.dmaapScheme }}://{{ .Values.config.dmaapHost }}.{{ include "common.namespace" . }}:{{ .Values.config.dmaapPort }}
+ value: {{ ternary "https" "http" .Values.security.ssl.enabled }}://{{ .Values.config.dmaapHost }}.{{ include "common.namespace" . }}:{{ .Values.config.dmaapPort }}
- name: logstash_user
value: "{{ .Values.config.logstash_user }}"
- name: logstash_pwd
value: "{{ .Values.config.logstash_pwd }}"
- name: elasticsearch_base_url
- value: "http://{{.Values.config.elasticsearchServiceName}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.config.elasticsearchPort}}"
+ value: "{{ ternary "https" "http" .Values.security.ssl.enabled }}://{{.Values.config.elasticsearchServiceName}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.config.elasticsearchPort}}"
ports:
- containerPort: {{ .Values.service.internalPort }}
name: {{ include "common.servicename" . }}
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
+ timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{- if eq .Values.liveness.enabled true }}
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
+ timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
{{ end -}}
volumeMounts:
- mountPath: /etc/localtime
- mountPath: /usr/share/logstash/pipeline/logstash.conf
name: {{ include "common.fullname" . }}
subPath: pipeline.conf
- - name: {{ include "common.fullname" . }}-aaf-certs
- mountPath: /certs.d/
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
path: logstash.yml
- key: pipeline.conf
path: pipeline.conf
- - name: {{ include "common.fullname" . }}-aaf-certs
- secret:
- secretName: {{ include "common.fullname" . }}-aaf-keys
-
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-dashboard-logstash:4.1.3
+image: onap/clamp-dashboard-logstash:5.0.3
pullPolicy: Always
# flag to enable debugging - application support required
elasticsearchServiceName: cdash-es
elasticsearchPort: 9200
dmaapHost: message-router
- dmaapScheme: https
+ dmaapSchemeSSL: https
+ dmaapSchemeNoSSL: http
dmaapPort: 3905
dmaapConsumerGroup: "clampdashboard"
dmaapConsumerId: "clampdashboard"
# probe configuration parameters
liveness:
- initialDelaySeconds: 120
- periodSeconds: 10
+ initialDelaySeconds: 900
+ periodSeconds: 20
+ timeoutSeconds: 5
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
+ initialDelaySeconds: 900
+ periodSeconds: 20
+ timeoutSeconds: 5
+
+security:
+ ssl:
+ enabled: true
service:
#Example service definition with external, internal and node ports.
# application image
repository: nexus3.onap.org:10001
-image: library/cassandra:2.2.14
+image: library/cassandra:3.11.4
pullPolicy: Always
# flag to enable debugging - application support required
port: 7199
- name: tcp-cql
port: 9042
+ ## thrift protocol is deprecated . Should be removed. Being left until all project removes it.
- name: tcp-thrift
port: 9160
- name: tcp-agent
- .dot : environment (.)
- .ports : an array of ports
- .portType: the type of the service
+ - .prefix: NodePort prefix to be used
+
*/}}
{{- define "common.servicePorts" -}}
{{- $portType := .portType -}}
{{- $dot := .dot -}}
{{- range $index, $port := .ports }}
+{{- $portPrefix := default "nodePortPrefix" $port.prefix }}
- port: {{ $port.port }}
targetPort: {{ $port.name }}
{{- if (eq $portType "NodePort") }}
- nodePort: {{ $dot.Values.global.nodePortPrefix | default $dot.Values.nodePortPrefix }}{{ $port.nodePort }}
+ nodePort: {{ index $dot.Values "global" $portPrefix | default (index $dot.Values $portPrefix) }}{{ $port.nodePort }}
{{- end }}
name: {{ $port.name }}
{{- end -}}
"sharedDir": "releases/sdnc1.0/flows/shared",
"userDir": "releases/sdnc1.0",
"httpAuth": {
- "user": "dguser",
- "pass": "{{.Values.config.dgUserPassword}}"
+ "user": "${HTTP_USER}",
+ "pass": "${HTTP_PASSWORD}"
},
"dbHost": "{{.Values.config.dbServiceName}}.{{ include "common.namespace" . }}",
"dbPort": "3306",
- "dbName": "sdnctl",
- "dbUser": "sdnctl",
- "dbPassword": "{{.Values.config.dbSdnctlPassword}}",
+ "dbName": "{{.Values.config.db.dbName}}",
+ "dbUser": "${DB_USER}",
+ "dbPassword": "${DB_PASSWORD}",
"gitLocalRepository": "",
"restConfUrl": "http://localhost:8181/restconf/operations/SLI-API:execute-graph",
- "restConfUser": "admin",
- "restConfPassword": "admin",
+ "restConfUser": "${REST_CONF_USER}",
+ "restConfPassword": "${REST_CONF_PASSWORD}",
"formatXML": "Y",
"formatJSON": "Y",
"httpRoot": "/",
"disableEditor": false,
"httpAdminRoot": "/",
"httpAdminAuth": {
- "user": "dguser",
- "pass": "{{.Values.config.dgUserPassword}}"
+ "user": "${HTTP_ADMIN_USER}",
+ "pass": "${HTTP_ADMIN_PASSWORD}"
},
"httpNodeRoot": "/",
"httpNodeAuth": {
- "user": "dguser",
- "pass": "{{.Values.config.dgUserPassword}}"
+ "user": "${HTTP_NODE_USER}",
+ "pass": "${HTTP_NODE_PASSWORD}"
},
"uiHost": "0.0.0.0",
"version": "0.9.1",
# limitations under the License.
org.onap.ccsdk.sli.dbtype=jdbc
-org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.dbServiceName}}.{{ include "common.namespace" . }}:3306/sdnctl
-org.onap.ccsdk.sli.jdbc.database=sdnctl
-org.onap.ccsdk.sli.jdbc.user=sdnctl
-org.onap.ccsdk.sli.jdbc.password={{.Values.config.dbSdnctlPassword}}
+org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.dbServiceName}}.{{ include "common.namespace" . }}:3306/{{.Values.config.db.dbName}}
+org.onap.ccsdk.sli.jdbc.database={{.Values.config.db.dbName}}
+org.onap.ccsdk.sli.jdbc.user=${DB_USER}
+org.onap.ccsdk.sli.jdbc.password=${DB_PASSWORD}
+++ /dev/null
-# Copyright © 2018 AT&T, Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#!/bin/bash
-export PATH=$PATH:.
-appDir=$(pwd)
-if [ "$#" != 3 -a "$#" != 4 ]
-then
- echo "Usage $0 releaseDir loginId emailAddress [gitLocalRepository]"
- echo "Note: Specify the gitLocalRepository path if you would want to be able to import flows from your local git repository"
- exit
-fi
-if [ ! -e "releases" ]
-then
- mkdir releases
-fi
-releaseDir="$1"
-name="Release $releaseDir"
-loginId="$2"
-emailid="$3"
-dbHost="{{.Values.config.dbServiceName}}.{{.Release.Namespace}}"
-dbPort="3306"
-dbName="sdnctl"
-dbUser="sdnctl"
-dbPassword="{{.Values.config.dbSdnctlPassword}}"
-gitLocalRepository="$4"
-
-lastPort=$(find "releases/" -name "customSettings.js" |xargs grep uiPort|cut -d: -f2|sed -e s/,//|sort|tail -1)
-echo $lastPort|grep uiPort >/dev/null 2>&1
-if [ "$?" == "0" ]
-then
-lastPort=$(find "releases/" -name "customSettings.js" |xargs grep uiPort|cut -d: -f3|sed -e s/,//|sort|tail -1)
-fi
-#echo $lastPort
-if [ "${lastPort}" == "" ]
-then
- lastPort="3099"
-fi
-let nextPort=$(expr $lastPort+1)
-#echo $nextPort
-if [ ! -e "releases/$releaseDir" ]
-then
-mkdir releases/$releaseDir
-cd releases/$releaseDir
-mkdir flows
-mkdir flows/shared
-mkdir flows/shared/backups
-mkdir html
-mkdir xml
-mkdir lib
-mkdir lib/flows
-mkdir logs
-mkdir conf
-mkdir codecloud
-customSettingsFile="customSettings.js"
-if [ ! -e "./$customSettingsFile" ]
-then
- echo "module.exports = {" >$customSettingsFile
- echo " 'name' : '$name'," >>$customSettingsFile
- echo " 'emailAddress' :'$emailid'," >>$customSettingsFile
- echo " 'uiPort' :$nextPort," >>$customSettingsFile
- echo " 'mqttReconnectTime': 15000," >>$customSettingsFile
- echo " 'serialReconnectTime' : 15000," >>$customSettingsFile
- echo " 'debugMaxLength': 1000," >>$customSettingsFile
- echo " 'htmlPath': 'releases/$releaseDir/html/'," >>$customSettingsFile
- echo " 'xmlPath': 'releases/$releaseDir/xml/'," >>$customSettingsFile
- echo " 'flowFile' : 'releases/$releaseDir/flows/flows.json'," >>$customSettingsFile
- echo " 'sharedDir': 'releases/$releaseDir/flows/shared'," >>$customSettingsFile
- echo " 'userDir' : 'releases/$releaseDir'," >>$customSettingsFile
- echo " 'httpAuth': {user:'$loginId',pass:'cc03e747a6afbbcbf8be7668acfebee5'}," >>$customSettingsFile
- echo " 'dbHost': '$dbHost'," >>$customSettingsFile
- echo " 'dbPort': '$dbPort'," >>$customSettingsFile
- echo " 'dbName': '$dbName'," >>$customSettingsFile
- echo " 'dbUser': '$dbUser'," >>$customSettingsFile
- echo " 'dbPassword': '$dbPassword'," >>$customSettingsFile
- echo " 'gitLocalRepository': '$gitLocalRepository'" >>$customSettingsFile
- echo " 'restConfUrl': '$restConfUrl'," >>$customSettingsFile
- echo " 'restConfUser': '$restConfUser'," >>$customSettingsFile
- echo " 'restConfPassword': '$restConfPassword'," >>$customSettingsFile
- echo " 'formatXML': '$formatXML'," >>$customSettingsFile
- echo " 'formatJSON': '$formatJSON'," >>$customSettingsFile
- echo " 'enableHttps': true" >>$customSettingsFile
- echo " }" >>$customSettingsFile
-fi
- #echo "Created custom settings file $customSettingsFile"
- echo "Done ....."
-else
- echo "ERROR:customSettings file $customSettingsFile already exists for $releaseDir"
- exit
-fi
-#echo "Content of custom settings file"
-#echo "============================================================================"
-# cat $customSettingsFile
-#echo "============================================================================"
-svclogicPropFile="./conf/svclogic.properties"
-if [ ! -d "${appDir}/yangFiles" ]
-then
- mkdir -p "${appDir}/yangFiles"
-fi
-if [ ! -d "${appDir}/generatedJS" ]
-then
- mkdir -p "${appDir}/generatedJS"
-fi
-
-if [ ! -e "./$svclogicPropFile" ]
-then
- echo "org.onap.ccsdk.sli.dbtype=jdbc" >$svclogicPropFile
- echo "org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.dbServiceName}}.{{.Release.Namespace}}:3306/sdnctl" >>$svclogicPropFile
- echo "org.onap.ccsdk.sli.jdbc.database=sdnctl" >>$svclogicPropFile
- echo "org.onap.ccsdk.sli.jdbc.user=sdnctl" >>$svclogicPropFile
- echo "org.onap.ccsdk.sli.jdbc.password={{.Values.config.dbSdnctlPassword}}" >>$svclogicPropFile
-fi
-if [ ! -e "${appDir}/flowShareUsers.js" ]
-then
- echo "module.exports = {\"flowShareUsers\":" >${appDir}/flowShareUsers.js
- echo " [" >>${appDir}/flowShareUsers.js
- echo " ]" >>${appDir}/flowShareUsers.js
- echo "}" >>${appDir}/flowShareUsers.js
-fi
-grep "$releaseDir" ${appDir}/flowShareUsers.js >/dev/null 2>&1
-if [ "$?" != "0" ]
-then
- num_of_lines=$(cat ${appDir}/flowShareUsers.js|wc -l)
- if [ $num_of_lines -gt 4 ]
- then
- content=$(head -n -2 ${appDir}/flowShareUsers.js)
- echo "${content}," > ${appDir}/flowShareUsers.js
- else
- content=$(head -n -2 ${appDir}/flowShareUsers.js)
- echo "$content" > ${appDir}/flowShareUsers.js
- fi
- echo " {" >> ${appDir}/flowShareUsers.js
- echo " \"name\" : \"$name\"," >> ${appDir}/flowShareUsers.js
- echo " \"rootDir\" : \"$releaseDir\"" >> ${appDir}/flowShareUsers.js
- echo " }" >> ${appDir}/flowShareUsers.js
- echo " ]" >> ${appDir}/flowShareUsers.js
- echo "}" >> ${appDir}/flowShareUsers.js
-fi
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-scripts
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/scripts/*").AsConfig . | indent 2 }}
release: {{ include "common.release" . }}
spec:
initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: DB_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
+ - name: DB_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
+ - name: HTTP_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "http-user-creds" "key" "login") | indent 10 }}
+ - name: HTTP_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "http-user-creds" "key" "password") | indent 10 }}
+ - name: HTTP_ADMIN_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "admin-creds" "key" "login") | indent 10 }}
+ - name: HTTP_ADMIN_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "admin-creds" "key" "password") | indent 10 }}
+ - name: HTTP_NODE_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "node-creds" "key" "login") | indent 10 }}
+ - name: HTTP_NODE_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "node-creds" "key" "password") | indent 10 }}
+ - name: REST_CONF_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "restconf-creds" "key" "login") | indent 10 }}
+ - name: REST_CONF_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "restconf-creds" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: config-input
+ - mountPath: /config
+ name: config
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
- command:
- /root/ready.py
args:
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- - name: MYSQL_ROOT_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}
- key: db-root-password
- name: SDNC_CONFIG_DIR
value: /opt/onap/sdnc/data/properties
volumeMounts:
- name: config
mountPath: /opt/onap/ccsdk/dgbuilder/svclogic/svclogic.properties
subPath: svclogic.properties
- - name: scripts
- mountPath: /opt/onap/ccsdk/dgbuilder/createReleaseDir.sh
- subPath: createReleaseDir.sh
- - name: scripts
+ - name: config
mountPath: /opt/onap/ccsdk/dgbuilder/releases/sdnc1.0/customSettings.js
subPath: customSettings.js
resources:
- name: localtime
hostPath:
path: /etc/localtime
- - name: config
+ - name: config-input
configMap:
name: {{ include "common.fullname" . }}-config
- - name: scripts
- configMap:
- name: {{ include "common.fullname" . }}-scripts
- defaultMode: 0755
+ - name: config
+ emptyDir:
+ medium: Memory
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
# Copyright © 2018 AT&T, Amdocs, Bell Canada
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
- db-root-password: {{ .Values.config.dbRootPassword | b64enc | quote }}
\ No newline at end of file
+{{ include "common.secret" . }}
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ # envsusbt
+ envsubstImage: dibi/envsubst
+
# image pull policy
pullPolicy: Always
# flag to enable debugging - application support required
debugEnabled: true
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: 'db-root-password'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}'
+ password: '{{ .Values.config.dbRootPassword }}'
+ - uid: 'db-user-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.db.userName }}'
+ password: '{{ .Values.config.dbSdnctlPassword }}'
+ - uid: 'http-user-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.httpCredsExternalSecret) . }}'
+ login: '{{ .Values.config.httpUser }}'
+ password: '{{ .Values.config.dgUserPassword }}'
+ - uid: 'admin-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.adminCredsExternalSecret) . }}'
+ login: '{{ .Values.config.adminUser }}'
+ password: '{{ .Values.config.dgUserPassword }}'
+ - uid: 'node-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.nodeCredsExternalSecret) . }}'
+ login: '{{ .Values.config.nodeUser }}'
+ password: '{{ .Values.config.dgUserPassword }}'
+ - uid: 'restconf-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.restconfCredsExternalSecret) . }}'
+ login: '{{ .Values.config.restconfUser }}'
+ password: '{{ .Values.config.restconfPassword }}'
+
#################################################################
# Application configuration defaults.
#################################################################
# application configuration
config:
+ db:
+ dbName: sdnctl
+ # unused for now to preserve the API
+ rootPassword: openECOMP1.0
+ # rootPasswordExternalSecret: some secret
+ userName: sdnctl
+ # unused for now to preserve the API
+ userPassword: gamma
+ # userCredentialsExternalSecret: some secret
+ httpUser: dguser
+ # unused for now to preserve the API
+ httpPassword: cc03e747a6afbbcbf8be7668acfebee5
+ # httpCredsExternalSecret: some secret
+ adminUser: dguser
+ # unused for now to preserve the API
+ adminPassword: cc03e747a6afbbcbf8be7668acfebee5
+ # adminCredsExternalSecret: some secret
+ nodeUser: dguser
+ # unused for now to preserve the API
+ nodePassword: cc03e747a6afbbcbf8be7668acfebee5
+ # nodeCredsExternalSecret: some secret
+ restconfUser: admin
+ # unused for now to preserve the API
+ restconfPassword: admin
+ # restconfCredsExternalSecret: some secret
+
dbRootPassword: openECOMP1.0
dbSdnctlPassword: gamma
dbPodName: mysql-db
repository: '@local'\r
- name: mariadb-galera\r
version: ~5.x-0\r
- repository: file://../mariadb-galera/\r
+ repository: '@local'\r
+ condition: global.mariadbGalera.localCluster\r
+ - name: mariadb-init\r
+ version: ~5.x-0\r
+ repository: '@local'\r
+ condition: not global.mariadbGalera.localCluster\r
release: {{ include "common.release" . }}
spec:
initContainers:
+{{- if .Values.global.mariadbGalera.localCluster }}
- command:
- /root/ready.py
args:
- --container-name
- {{ index .Values "mariadb-galera" "nameOverride" }}
+{{- else }}
+ - command:
+ - /root/job_complete.py
+ args:
+ - --job-name
+ - {{ include "common.release" . }}-{{ index .Values "mariadb-init" "nameOverride" }}-config-job
+{{- end }}
env:
- name: NAMESPACE
valueFrom:
- name: SPRING_PROFILE
value: "{{ .Values.config.springProfile }}"
- name: NENG_DB_USER
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10}}
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "neng-db-secret" "key" "login") | indent 10}}
- name: NENG_DB_PASS
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10}}
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "neng-db-secret" "key" "password") | indent 10}}
- name: NENG_DB_URL
- value: {{ .Values.config.dbUrl }}
+ value: jdbc:mysql://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{ index .Values "mariadb-galera" "config" "mysqlDatabase" }}
- name: POL_CLIENT_AUTH
value: "{{ .Values.config.polClientAuth }}"
- name: POL_BASIC_AUTH
# image pull policy
pullPolicy: IfNotPresent
+ mariadbGalera: &mariadbGalera
+ #This flag allows SO to instantiate its own mariadb-galera cluster
+ localCluster: false
+ service: mariadb-galera
+ internalPort: 3306
+ nameOverride: mariadb-galera
+
#################################################################
# Secrets metaconfig
#################################################################
secrets:
- - uid: "db-user-creds"
- externalSecret: '{{- include "common.mariadb.secret.userCredentialsSecretName" (dict "dot" . "chartName" (index .Values "mariadb-galera" "nameOverride")) }}'
+ - uid: neng-db-secret
+ name: '{{ include "common.release" . }}-neng-db-secret'
type: basicAuth
- - uid: "db-root-pass"
- externalSecret: '{{- include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (index .Values "mariadb-galera" "nameOverride")) }}'
- type: password
+ externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.db.userName }}'
+ password: '{{ .Values.config.db.userPassword }}'
# sub-chart config
mariadb-galera:
- config:
- userName: nenguser
- userPassword: nenguser123
- mariadbRootPassword: nenguser123
- mysqlDatabase: nengdb
+ config: &mariadbConfig
+ userCredentialsExternalSecret: '{{ include "common.release" . }}-neng-db-secret'
+ mysqlDatabase: nengdb
nameOverride: nengdb
service:
name: nengdb
enabled: true
mountSubPath: network-name-gen/data
+mariadb-init:
+ config: *mariadbConfig
+ nameOverride: nengdb-init
#################################################################
# Application configuration defaults.
# application configuration
config:
- dbUrl: jdbc:mysql://nengdb:3306/nengdb
+ db:
+ userName: nenguser
+ # userPassword: password
+ # userCredentialsExternalSecret: some-secret
springProfile: live
polClientAuth: cHl0aG9uOnRlc3Q=
polBasicAuth: dGVzdHBkcDphbHBoYTEyMw==
+++ /dev/null
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
+++ /dev/null
-# ----------------------------
-# pgPool-II configuration file a custom version
-# ----------------------------
-#
-# This file consists of lines of the form:
-#
-# name = value
-#
-# Whitespace may be used. Comments are introduced with "#" anywhere on a line.
-# The complete list of parameter names and allowed values can be found in the
-# pgPool-II documentation.
-#
-# This file is read on server startup and when the server receives a SIGHUP
-# signal. If you edit the file on a running system, you have to SIGHUP the
-# server for the changes to take effect, or use "pgpool reload". Some
-# parameters, which are marked below, require a server shutdown and restart to
-# take effect.
-#
-
-
-#------------------------------------------------------------------------------
-# CONNECTIONS
-#------------------------------------------------------------------------------
-
-# - pgpool Connection Settings -
-
-listen_addresses = '*'
- # Host name or IP address to listen on:
- # '*' for all, '' for no TCP/IP connections
- # (change requires restart)
-#port = 9999
-port = 5432
- # Port number
- # (change requires restart)
-socket_dir = '/tmp'
- # Unix domain socket path
- # The Debian package defaults to
- # /var/run/postgresql
- # (change requires restart)
-
-
-# - pgpool Communication Manager Connection Settings -
-
-pcp_port = 9898
- # Port number for pcp
- # (change requires restart)
-pcp_socket_dir = '/tmp'
- # Unix domain socket path for pcp
- # The Debian package defaults to
- # /var/run/postgresql
- # (change requires restart)
-
-# - Backend Connection Settings -
-
-backend_hostname0 = '{{.Values.container.name.primary}}'
-backend_port0 = 5432
-backend_weight0= 1
-backend_flag0= 'DISALLOW_TO_FAILOVER'
-
-backend_hostname1 = '{{.Values.container.name.replica}}'
-backend_port1 = 5432
-backend_weight1= 1
-backend_flag1= 'DISALLOW_TO_FAILOVER'
-
-#backend_hostname0 = 'master'
- # Host name or IP address to connect to for backend 0
-#backend_port0 = 5432
- # Port number for backend 0
-#backend_weight0 = 1
- # Weight for backend 0 (only in load balancing mode)
-#backend_data_directory0 = '/data'
- # Data directory for backend 0
-#backend_flag0 = 'ALLOW_TO_FAILOVER'
- # Controls various backend behavior
- # ALLOW_TO_FAILOVER or DISALLOW_TO_FAILOVER
-#backend_hostname1 = 'standby'
-#backend_port1 = 5432
-#backend_weight1 = 1
-#backend_data_directory1 = '/data1'
-#backend_flag1 = 'ALLOW_TO_FAILOVER'
-
-# - Authentication -
-
-enable_pool_hba = on
- # Use pool_hba.conf for client authentication
-pool_passwd = 'pool_passwd'
- # File name of pool_passwd for md5 authentication.
- # "" disables pool_passwd.
- # (change requires restart)
-authentication_timeout = 60
- # Delay in seconds to complete client authentication
- # 0 means no timeout.
-
-# - SSL Connections -
-
-ssl = off
- # Enable SSL support
- # (change requires restart)
-#ssl_key = './server.key'
- # Path to the SSL private key file
- # (change requires restart)
-#ssl_cert = './server.cert'
- # Path to the SSL public certificate file
- # (change requires restart)
-#ssl_ca_cert = ''
- # Path to a single PEM format file
- # containing CA root certificate(s)
- # (change requires restart)
-#ssl_ca_cert_dir = ''
- # Directory containing CA root certificate(s)
- # (change requires restart)
-
-
-#------------------------------------------------------------------------------
-# POOLS
-#------------------------------------------------------------------------------
-
-# - Pool size -
-
-num_init_children = 5
- # Number of pools
- # (change requires restart)
-max_pool = 1
- # Number of connections per pool
- # (change requires restart)
-
-# - Life time -
-
-child_life_time = 300
- # Pool exits after being idle for this many seconds
-child_max_connections = 0
- # Pool exits after receiving that many connections
- # 0 means no exit
-connection_life_time = 0
- # Connection to backend closes after being idle for this many seconds
- # 0 means no close
-client_idle_limit = 0
- # Client is disconnected after being idle for that many seconds
- # (even inside an explicit transactions!)
- # 0 means no disconnection
-
-
-#------------------------------------------------------------------------------
-# LOGS
-#------------------------------------------------------------------------------
-
-# - Where to log -
-
-log_destination = 'stderr'
- # Where to log
- # Valid values are combinations of stderr,
- # and syslog. Default to stderr.
-
-# - What to log -
-
-print_timestamp = on
- # Print timestamp on each line
- # (change requires restart)
-
-log_connections = on
- # Log connections
-log_hostname = on
- # Hostname will be shown in ps status
- # and in logs if connections are logged
-log_statement = on
- # Log all statements
-log_per_node_statement = off
- # Log all statements
- # with node and backend informations
-log_standby_delay = 'if_over_threshold'
- # Log standby delay
- # Valid values are combinations of always,
- # if_over_threshold, none
-
-# - Syslog specific -
-
-syslog_facility = 'LOCAL0'
- # Syslog local facility. Default to LOCAL0
-syslog_ident = 'pgpool'
- # Syslog program identification string
- # Default to 'pgpool'
-
-# - Debug -
-
-debug_level = 1
- # Debug message verbosity level
- # 0 means no message, 1 or more mean verbose
-
-
-#------------------------------------------------------------------------------
-# FILE LOCATIONS
-#------------------------------------------------------------------------------
-
-pid_file_name = '/tmp/pgpool.pid'
- # PID file name
- # (change requires restart)
-logdir = '/tmp'
- # Directory of pgPool status file
- # (change requires restart)
-
-
-#------------------------------------------------------------------------------
-# CONNECTION POOLING
-#------------------------------------------------------------------------------
-
-connection_cache = off
- # Activate connection pools
- # (change requires restart)
-
- # Semicolon separated list of queries
- # to be issued at the end of a session
- # The default is for 8.3 and later
-reset_query_list = 'ABORT; DISCARD ALL'
- # The following one is for 8.2 and before
-#reset_query_list = 'ABORT; RESET ALL; SET SESSION AUTHORIZATION DEFAULT'
-
-
-#------------------------------------------------------------------------------
-# REPLICATION MODE
-#------------------------------------------------------------------------------
-
-replication_mode = off
- # Activate replication mode
- # (change requires restart)
-replicate_select = off
- # Replicate SELECT statements
- # when in replication or parallel mode
- # replicate_select is higher priority than
- # load_balance_mode.
-
-insert_lock = off
- # Automatically locks a dummy row or a table
- # with INSERT statements to keep SERIAL data
- # consistency
- # Without SERIAL, no lock will be issued
-lobj_lock_table = ''
- # When rewriting lo_creat command in
- # replication mode, specify table name to
- # lock
-
-# - Degenerate handling -
-
-replication_stop_on_mismatch = off
- # On disagreement with the packet kind
- # sent from backend, degenerate the node
- # which is most likely "minority"
- # If off, just force to exit this session
-
-failover_if_affected_tuples_mismatch = off
- # On disagreement with the number of affected
- # tuples in UPDATE/DELETE queries, then
- # degenerate the node which is most likely
- # "minority".
- # If off, just abort the transaction to
- # keep the consistency
-
-
-#------------------------------------------------------------------------------
-# LOAD BALANCING MODE
-#------------------------------------------------------------------------------
-
-load_balance_mode = on
- # Activate load balancing mode
- # (change requires restart)
-ignore_leading_white_space = on
- # Ignore leading white spaces of each query
-white_function_list = ''
- # Comma separated list of function names
- # that don't write to database
- # Regexp are accepted
-black_function_list = 'currval,lastval,nextval,setval'
- # Comma separated list of function names
- # that write to database
- # Regexp are accepted
-
-
-#------------------------------------------------------------------------------
-# MASTER/SLAVE MODE
-#------------------------------------------------------------------------------
-
-master_slave_mode = on
- # Activate master/slave mode
- # (change requires restart)
-master_slave_sub_mode = 'stream'
- # Master/slave sub mode
- # Valid values are combinations slony or
- # stream. Default is slony.
- # (change requires restart)
-
-# - Streaming -
-
-sr_check_period = 10
- # Streaming replication check period
- # Disabled (0) by default
-sr_check_user = '{{.Values.credentials.pgusername}}'
- # Streaming replication check user
- # This is neccessary even if you disable streaming
- # replication delay check by sr_check_period = 0
-sr_check_password = '{{.Values.credentials.pgpassword}}'
- # Password for streaming replication check user
-delay_threshold = 10000000
- # Threshold before not dispatching query to standby node
- # Unit is in bytes
- # Disabled (0) by default
-
-# - Special commands -
-
-follow_master_command = ''
- # Executes this command after master failover
- # Special values:
- # %d = node id
- # %h = host name
- # %p = port number
- # %D = database cluster path
- # %m = new master node id
- # %H = hostname of the new master node
- # %M = old master node id
- # %P = old primary node id
- # %r = new master port number
- # %R = new master database cluster path
- # %% = '%' character
-
-
-#------------------------------------------------------------------------------
-# PARALLEL MODE
-#------------------------------------------------------------------------------
-
-parallel_mode = off
- # Activates parallel query mode
- # (change requires restart)
-pgpool2_hostname = ''
- # Set pgpool2 hostname
- # (change requires restart)
-
-# - System DB info -
-
-#system_db_hostname = 'localhost'
- # (change requires restart)
-#system_db_port = 5432
- # (change requires restart)
-#system_db_dbname = 'pgpool'
- # (change requires restart)
-#system_db_schema = 'pgpool_catalog'
- # (change requires restart)
-#system_db_user = 'pgpool'
- # (change requires restart)
-#system_db_password = ''
- # (change requires restart)
-
-
-#------------------------------------------------------------------------------
-# HEALTH CHECK
-#------------------------------------------------------------------------------
-
-health_check_period = 20
- # Health check period
- # Disabled (0) by default
-health_check_timeout = 10
- # Health check timeout
- # 0 means no timeout
-health_check_user = '{{.Values.credentials.pgusername}}'
- # Health check user
-health_check_password = '{{.Values.credentials.pgpassword}}'
- # Password for health check user
-health_check_max_retries = 3
-connect_timeout = 10000 # Timeout value in milliseconds before giving up to connect to backend.
-
- # Maximum number of times to retry a failed health check before giving up.
-health_check_retry_delay = 1
- # Amount of time to wait (in seconds) between retries.
-
-
-#------------------------------------------------------------------------------
-# FAILOVER AND FAILBACK
-#------------------------------------------------------------------------------
-
-failover_command = ''
- # Executes this command at failover
- # Special values:
- # %d = node id
- # %h = host name
- # %p = port number
- # %D = database cluster path
- # %m = new master node id
- # %H = hostname of the new master node
- # %M = old master node id
- # %P = old primary node id
- # %r = new master port number
- # %R = new master database cluster path
- # %% = '%' character
-failback_command = ''
- # Executes this command at failback.
- # Special values:
- # %d = node id
- # %h = host name
- # %p = port number
- # %D = database cluster path
- # %m = new master node id
- # %H = hostname of the new master node
- # %M = old master node id
- # %P = old primary node id
- # %r = new master port number
- # %R = new master database cluster path
- # %% = '%' character
-
-fail_over_on_backend_error = off
- # Initiates failover when reading/writing to the
- # backend communication socket fails
- # If set to off, pgpool will report an
- # error and disconnect the session.
-
-search_primary_node_timeout = 10
- # Timeout in seconds to search for the
- # primary node when a failover occurs.
- # 0 means no timeout, keep searching
- # for a primary node forever.
-
-#------------------------------------------------------------------------------
-# ONLINE RECOVERY
-#------------------------------------------------------------------------------
-
-recovery_user = '{{.Values.credentials.pgusername}}'
- # Online recovery user
-recovery_password = '{{.Values.credentials.pgpassword}}'
- # Online recovery password
-recovery_1st_stage_command = ''
- # Executes a command in first stage
-recovery_2nd_stage_command = ''
- # Executes a command in second stage
-recovery_timeout = 90
- # Timeout in seconds to wait for the
- # recovering node's postmaster to start up
- # 0 means no wait
-client_idle_limit_in_recovery = 0
- # Client is disconnected after being idle
- # for that many seconds in the second stage
- # of online recovery
- # 0 means no disconnection
- # -1 means immediate disconnection
-
-
-#------------------------------------------------------------------------------
-# WATCHDOG
-#------------------------------------------------------------------------------
-
-# - Enabling -
-
-use_watchdog = off
- # Activates watchdog
- # (change requires restart)
-
-# -Connection to up stream servers -
-
-trusted_servers = ''
- # trusted server list which are used
- # to confirm network connection
- # (hostA,hostB,hostC,...)
- # (change requires restart)
-ping_path = '/bin'
- # ping command path
- # (change requires restart)
-
-# - Watchdog communication Settings -
-
-wd_hostname = ''
- # Host name or IP address of this watchdog
- # (change requires restart)
-wd_port = 9000
- # port number for watchdog service
- # (change requires restart)
-wd_authkey = ''
- # Authentication key for watchdog communication
- # (change requires restart)
-
-# - Virtual IP control Setting -
-
-delegate_IP = ''
- # delegate IP address
- # If this is empty, virtual IP never bring up.
- # (change requires restart)
-ifconfig_path = '/sbin'
- # ifconfig command path
- # (change requires restart)
-if_up_cmd = 'ifconfig eth0:0 inet $_IP_$ netmask 255.255.255.0'
- # startup delegate IP command
- # (change requires restart)
-if_down_cmd = 'ifconfig eth0:0 down'
- # shutdown delegate IP command
- # (change requires restart)
-
-arping_path = '/usr/sbin' # arping command path
- # (change requires restart)
-
-arping_cmd = 'arping -U $_IP_$ -w 1'
- # arping command
- # (change requires restart)
-
-# - Behaivor on escalation Setting -
-
-clear_memqcache_on_escalation = on
- # Clear all the query cache on shared memory
- # when standby pgpool escalate to active pgpool
- # (= virtual IP holder).
- # This should be off if client connects to pgpool
- # not using virtual IP.
- # (change requires restart)
-wd_escalation_command = ''
- # Executes this command at escalation on new active pgpool.
- # (change requires restart)
-
-# - Lifecheck Setting -
-
-# -- common --
-
-wd_lifecheck_method = 'heartbeat'
- # Method of watchdog lifecheck ('heartbeat' or 'query')
- # (change requires restart)
-wd_interval = 10
- # lifecheck interval (sec) > 0
- # (change requires restart)
-
-# -- heartbeat mode --
-
-wd_heartbeat_port = 9694
- # Port number for receiving heartbeat signal
- # (change requires restart)
-wd_heartbeat_keepalive = 2
- # Interval time of sending heartbeat signal (sec)
- # (change requires restart)
-wd_heartbeat_deadtime = 30
- # Deadtime interval for heartbeat signal (sec)
- # (change requires restart)
-heartbeat_destination0 = 'host0_ip1'
- # Host name or IP address of destination 0
- # for sending heartbeat signal.
- # (change requires restart)
-heartbeat_destination_port0 = 9694
- # Port number of destination 0 for sending
- # heartbeat signal. Usually this is the
- # same as wd_heartbeat_port.
- # (change requires restart)
-heartbeat_device0 = ''
- # Name of NIC device (such like 'eth0')
- # used for sending/receiving heartbeat
- # signal to/from destination 0.
- # This works only when this is not empty
- # and pgpool has root privilege.
- # (change requires restart)
-
-#heartbeat_destination1 = 'host0_ip2'
-#heartbeat_destination_port1 = 9694
-#heartbeat_device1 = ''
-
-# -- query mode --
-
-wd_life_point = 3
- # lifecheck retry times
- # (change requires restart)
-wd_lifecheck_query = 'SELECT 1'
- # lifecheck query to pgpool from watchdog
- # (change requires restart)
-wd_lifecheck_dbname = 'template1'
- # Database name connected for lifecheck
- # (change requires restart)
-wd_lifecheck_user = 'nobody'
- # watchdog user monitoring pgpools in lifecheck
- # (change requires restart)
-wd_lifecheck_password = ''
- # Password for watchdog user in lifecheck
- # (change requires restart)
-
-# - Other pgpool Connection Settings -
-
-#other_pgpool_hostname0 = 'host0'
- # Host name or IP address to connect to for other pgpool 0
- # (change requires restart)
-#other_pgpool_port0 = 5432
- # Port number for othet pgpool 0
- # (change requires restart)
-#other_wd_port0 = 9000
- # Port number for othet watchdog 0
- # (change requires restart)
-#other_pgpool_hostname1 = 'host1'
-#other_pgpool_port1 = 5432
-#other_wd_port1 = 9000
-
-
-#------------------------------------------------------------------------------
-# OTHERS
-#------------------------------------------------------------------------------
-relcache_expire = 0
- # Life time of relation cache in seconds.
- # 0 means no cache expiration(the default).
- # The relation cache is used for cache the
- # query result against PostgreSQL system
- # catalog to obtain various information
- # including table structures or if it's a
- # temporary table or not. The cache is
- # maintained in a pgpool child local memory
- # and being kept as long as it survives.
- # If someone modify the table by using
- # ALTER TABLE or some such, the relcache is
- # not consistent anymore.
- # For this purpose, cache_expiration
- # controls the life time of the cache.
-relcache_size = 256
- # Number of relation cache
- # entry. If you see frequently:
- # "pool_search_relcache: cache replacement happend"
- # in the pgpool log, you might want to increate this number.
-
-check_temp_table = on
- # If on, enable temporary table check in SELECT statements.
- # This initiates queries against system catalog of primary/master
- # thus increases load of master.
- # If you are absolutely sure that your system never uses temporary tables
- # and you want to save access to primary/master, you could turn this off.
- # Default is on.
-
-
-#------------------------------------------------------------------------------
-# ON MEMORY QUERY MEMORY CACHE
-#------------------------------------------------------------------------------
-memory_cache_enabled = off
- # If on, use the memory cache functionality, off by default
-memqcache_method = 'shmem'
- # Cache storage method. either 'shmem'(shared memory) or
- # 'memcached'. 'shmem' by default
- # (change requires restart)
-memqcache_memcached_host = 'localhost'
- # Memcached host name or IP address. Mandatory if
- # memqcache_method = 'memcached'.
- # Defaults to localhost.
- # (change requires restart)
-memqcache_memcached_port = 11211
- # Memcached port number. Mondatory if memqcache_method = 'memcached'.
- # Defaults to 11211.
- # (change requires restart)
-memqcache_total_size = 67108864
- # Total memory size in bytes for storing memory cache.
- # Mandatory if memqcache_method = 'shmem'.
- # Defaults to 64MB.
- # (change requires restart)
-memqcache_max_num_cache = 1000000
- # Total number of cache entries. Mandatory
- # if memqcache_method = 'shmem'.
- # Each cache entry consumes 48 bytes on shared memory.
- # Defaults to 1,000,000(45.8MB).
- # (change requires restart)
-memqcache_expire = 0
- # Memory cache entry life time specified in seconds.
- # 0 means infinite life time. 0 by default.
- # (change requires restart)
-memqcache_auto_cache_invalidation = on
- # If on, invalidation of query cache is triggered by corresponding
- # DDL/DML/DCL(and memqcache_expire). If off, it is only triggered
- # by memqcache_expire. on by default.
- # (change requires restart)
-memqcache_maxcache = 409600
- # Maximum SELECT result size in bytes.
- # Must be smaller than memqcache_cache_block_size. Defaults to 400KB.
- # (change requires restart)
-memqcache_cache_block_size = 1048576
- # Cache block size in bytes. Mandatory if memqcache_method = 'shmem'.
- # Defaults to 1MB.
- # (change requires restart)
-memqcache_oiddir = '/var/log/pgpool/oiddir'
- # Temporary work directory to record table oids
- # (change requires restart)
-white_memqcache_table_list = ''
- # Comma separated list of table names to memcache
- # that don't write to database
- # Regexp are accepted
-black_memqcache_table_list = ''
- # Comma separated list of table names not to memcache
- # that don't write to database
- # Regexp are accepted
+++ /dev/null
-# pgpool Client Authentication Configuration File a custom version
-# ===============================================
-#
-# The format rule in this file follows the rules in the PostgreSQL
-# Administrator's Guide. Refer to chapter "Client Authentication" for a
-# complete description. A short synopsis follows.
-#
-# This file controls: which hosts are allowed to connect, how clients
-# are authenticated, which user names they can use, which databases they
-# can access. Records take one of these forms:
-#
-# local DATABASE USER METHOD [OPTION]
-# host DATABASE USER CIDR-ADDRESS METHOD [OPTION]
-#
-# (The uppercase items must be replaced by actual values.)
-#
-# The first field is the connection type: "local" is a Unix-domain
-# socket, "host" is either a plain or SSL-encrypted TCP/IP socket.
-#
-# DATABASE can be "all", "sameuser", a database name, or a comma-separated
-# list thereof. Note that "samegroup" like in PostgreSQL's pg_hba.conf
-# file is not supported, since pgpool does not know which group a user
-# belongs to. Also note that the database specified here may not exist in
-# the backend PostgreSQL. pgpool will authenticate based on the database's
-# name, not based on whether it exists or not.
-#
-# USER can be "all", a user name, or a comma-separated list thereof. In
-# both the DATABASE and USER fields you can also write a file name prefixed
-# with "@" to include names from a separate file. Note that a group name
-# prefixed with "+" like in PostgreSQL's pg_hba.conf file is not supported
-# because of the same reason as "samegroup" token. Also note that a user
-# name specified here may not exist in the backend PostgreSQL. pgpool will
-# authenticate based on the user's name, not based on whether he/she exists.
-#
-# CIDR-ADDRESS specifies the set of hosts the record matches.
-# It is made up of an IP address and a CIDR mask that is an integer
-# (between 0 and 32 (IPv4) that specifies the number of significant bits in
-# the mask. Alternatively, you can write an IP address and netmask in
-# separate columns to specify the set of hosts.
-#
-# METHOD can be "trust", "reject", "md5" or "pam". Note that "pam" sends passwords
-# in clear text.
-#
-# OPTION is the name of the PAM service. Default service name is "pgpool"
-#
-# Database and user names containing spaces, commas, quotes and other special
-# characters must be quoted. Quoting one of the keywords "all" or "sameuser"
-# makes the name lose its special character, and just match a database or
-# username with that name.
-#
-# This file is read on pgpool startup. If you edit the file on a running
-# system, you have to restart the pgpool for the changes to take effect.
-
-# Put your actual configuration here
-# ----------------------------------
-#
-# If you want to allow non-local connections, you need to add more
-# "host" records. In that case you will also need to make pgpool listen
-# on a non-local interface via the listen_addresses configuration parameter.
-#
-
-# TYPE DATABASE USER CIDR-ADDRESS METHOD
-
-# "local" is for Unix domain socket connections only
-#local all all trust
-# IPv4 local connections:
-host all all 0.0.0.0/0 md5
+++ /dev/null
-testuser:md599e8713364988502fa6189781bcf648f
-postgres:md53175bce1d3201d16594cebf9d7eb3f9d
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-# #
-# # Licensed under the Apache License, Version 2.0 (the "License");
-# # you may not use this file except in compliance with the License.
-# # You may obtain a copy of the License at
-# #
-# # http://www.apache.org/licenses/LICENSE-2.0
-# #
-# # Unless required by applicable law or agreed to in writing, software
-# # distributed under the License is distributed on an "AS IS" BASIS,
-# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# # See the License for the specific language governing permissions and
-# # limitations under the License.
-*/}}
-kind: Deployment
-apiVersion: extensions/v1beta1
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: 2
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- containers:
- - image: "{{.Values.repository}}/{{.Values.image}}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}
- env:
- - name: PG_PRIMARY_SERVICE_NAME
- value: {{.Values.container.name.primary}}
- - name: PG_REPLICA_SERVICE_NAME
- value: {{.Values.container.name.replica}}
- - name: PG_USERNAME
- value: {{.Values.credentials.pgusername}}
- - name: PG_PASSWORD
- value: {{.Values.credentials.pgpassword}}
- ports:
- - containerPort: 5432
- name: pgpool
- protocol: TCP
- readinessProbe:
- tcpSocket:
- port: 5432
- initialDelaySeconds: 20
- periodSeconds: 10
- livenessProbe:
- tcpSocket:
- port: 5432
- initialDelaySeconds: 15
- periodSeconds: 20
- volumeMounts:
- - name: pgpool-pgconf
- mountPath: /pgconf/pgpoolconfigdir
- readOnly: false
- volumes:
- - name: pgpool-pgconf
- configMap:
- name: {{ include "common.fullname" . }}-pgpool-configmap
+++ /dev/null
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Values.service.name }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.name }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.name }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- persistence: {}
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: crunchydata
-image: crunchy-pgpool:centos7-10.4-2.0.0
-pullPolicy: Always
-
-container:
- port: 5432
- name:
- primary: pgset-primary
- replica: pgset-replica
-credentials:
- pgusername: testuser
- pgpassword: password
-service:
- name: pgpool
- type: ClusterIP
- externalPort: 5432
- internalPort: 5432
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-# #
-# # Licensed under the Apache License, Version 2.0 (the "License");
-# # you may not use this file except in compliance with the License.
-# # You may obtain a copy of the License at
-# #
-# # http://www.apache.org/licenses/LICENSE-2.0
-# #
-# # Unless required by applicable law or agreed to in writing, software
-# # distributed under the License is distributed on an "AS IS" BASIS,
-# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# # See the License for the specific language governing permissions and
-# # limitations under the License.
-*/}}
-{{- $global := . }}
-{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }}
-{{- if eq "True" (include "common.needPV" .) -}}
-{{- range $i := until (int $global.Values.replicaCount)}}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" $global }}-data-{{ $i }}
- namespace: {{ include "common.namespace" $global }}
- labels:
- app: {{ include "common.fullname" $global }}
- chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" $global }}"
- heritage: "{{ $global.Release.Service }}"
- name: {{ include "common.fullname" $global }}
-spec:
- capacity:
- storage: {{ $global.Values.persistence.size}}
- accessModes:
- - {{ $global.Values.persistence.accessMode }}
- persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }}
- storageClassName: "{{ include "common.fullname" $global }}-data"
- hostPath:
- path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.mountSubPath }}-{{$i}}
-{{if ne $i (int $global.Values.replicaCount) }}
----
-{{- end -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-# #
-# # Licensed under the Apache License, Version 2.0 (the "License");
-# # you may not use this file except in compliance with the License.
-# # You may obtain a copy of the License at
-# #
-# # http://www.apache.org/licenses/LICENSE-2.0
-# #
-# # Unless required by applicable law or agreed to in writing, software
-# # distributed under the License is distributed on an "AS IS" BASIS,
-# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# # See the License for the specific language governing permissions and
-# # limitations under the License.
-*/}}
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
- pg-primary-password: {{ .Values.config.pgPrimaryPassword | b64enc | quote }}
- pg-user-password: {{ .Values.config.pgUserPassword | b64enc | quote }}
- pg-root-password: {{ .Values.config.pgRootPassword | b64enc | quote }}
-
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-# #
-# # Licensed under the Apache License, Version 2.0 (the "License");
-# # you may not use this file except in compliance with the License.
-# # You may obtain a copy of the License at
-# #
-# # http://www.apache.org/licenses/LICENSE-2.0
-# #
-# # Unless required by applicable law or agreed to in writing, software
-# # distributed under the License is distributed on an "AS IS" BASIS,
-# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# # See the License for the specific language governing permissions and
-# # limitations under the License.
-*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Values.service.name }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.name }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.name }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
----
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Values.service.name2 }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type2 }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.name2 }}
- {{- else -}}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.name2 }}
- {{- end}}
- selector:
- name: "{{.Values.container.name.primary}}"
- release: {{ include "common.release" . }}
----
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Values.service.name3 }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type3 }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort3 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort3 }}
- name: {{ .Values.service.name3 }}
- {{- else -}}
- - port: {{ .Values.service.externalPort3 }}
- targetPort: {{ .Values.service.internalPort3 }}
- name: {{ .Values.service.name3 }}
- {{- end}}
- selector:
- name: "{{.Values.container.name.replica}}"
- release: {{ include "common.release" . }}
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-# #
-# # Licensed under the Apache License, Version 2.0 (the "License");
-# # you may not use this file except in compliance with the License.
-# # You may obtain a copy of the License at
-# #
-# # http://www.apache.org/licenses/LICENSE-2.0
-# #
-# # Unless required by applicable law or agreed to in writing, software
-# # distributed under the License is distributed on an "AS IS" BASIS,
-# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# # See the License for the specific language governing permissions and
-# # limitations under the License.
-*/}}
-apiVersion: apps/v1beta1
-kind: StatefulSet
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- serviceName: {{ .Values.service.name }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - command:
- - /bin/sh
- - -c
- - |
- chown -R 26:26 /podroot/;
- chmod 700 /podroot/;
- image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.busyboxImage }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-prepare
- volumeMounts:
- - name: {{ include "common.fullname" . }}-data
- mountPath: /podroot/
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ .Values.postgresRepository }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- name: postgres
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
- {{end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: PGHOST
- value: /tmp
- - name: PG_PRIMARY_USER
- value: primaryuser
- - name: PG_MODE
- value: set
- - name: PG_PRIMARY_HOST
- value: "{{.Values.container.name.primary}}"
- - name: PG_REPLICA_HOST
- value: "{{.Values.container.name.replica}}"
- - name: PG_PRIMARY_PORT
- value: "{{.Values.service.internalPort}}"
- - name: PG_PRIMARY_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}
- key: pg-primary-password
- - name: PG_USER
- value: "{{.Values.config.pgUserName}}"
- - name: PG_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}
- key: pg-user-password
- - name: PG_DATABASE
- value: "{{.Values.config.pgDatabase}}"
- - name: PG_ROOT_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}
- key: pg-root-password
- volumeMounts:
- - mountPath: /pgdata
- name: {{ include "common.fullname" . }}-data
- - mountPath: /backup
- name: {{ include "common.fullname" . }}-backup
- readOnly: true
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}-backup
- emptyDir: {}
-{{- if not .Values.persistence.enabled }}
- - name: {{ include "common.fullname" . }}-data
- emptyDir: {}
-{{- else }}
- volumeClaimTemplates:
- - metadata:
- name: {{ include "common.fullname" . }}-data
- labels:
- name: {{ include "common.fullname" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- spec:
- accessModes:
- - {{ .Values.persistence.accessMode | quote }}
- storageClassName: {{ include "common.storageClass" . }}
- resources:
- requests:
- storage: {{ .Values.persistence.size | quote }}
-{{- end }}
+++ /dev/null
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- persistence: {}
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-
-# BusyBox image
-busyboxRepository: registry.hub.docker.com
-busyboxImage: library/busybox:latest
-
-postgresRepository: crunchydata
-image: crunchy-postgres:centos7-10.4-2.0.0
-pullPolicy: Always
-
-# application configuration
-config:
- pgUserName: testuser
- pgDatabase: userdb
- pgPrimaryPassword: password
- pgUserPassword: password
- pgRootPassword: password
-
-container:
- name:
- primary: pgset-primary
- replica: pgset-replica
-
-pgpool:
- container:
- port: 5432
- name:
- primary: pgset-primary
- replica: pgset-replica
- credentials:
- pgusername: testuser
- pgpassword: password
- service:
- name: pgpool
-
-
-# default number of instances
-replicaCount: 2
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 300
- periodSeconds: 10
- timeoutSeconds: 5
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-## Persist data to a persitent volume
-persistence:
- enabled: true
-
- ## A manually managed Persistent Volume and Claim
- ## Requires persistence.enabled: true
- ## If defined, PVC must be created manually before volume will be bound
- # existingClaim:
- volumeReclaimPolicy: Retain
-
- ## database data Persistent Volume Storage Class
- ## If defined, storageClassName: <storageClass>
- ## If set to "-", storageClassName: "", which disables dynamic provisioning
- ## If undefined (the default) or set to null, no storageClassName spec is
- ## set, choosing the default provisioner. (gp2 on AWS, standard on
- ## GKE, AWS & OpenStack)
- accessMode: ReadWriteOnce
- size: 1Gi
- mountPath: /dockerdata-nfs
- mountSubPath: postgres/data
- mountInitPath: postgres
-
-service:
- type: ClusterIP
- name: pgset
- externalPort: 5432
- internalPort: 5432
- type2: ClusterIP
- name2: pgset-primary
- externalPort2: 5432
- internalPort2: 5432
- type3: ClusterIP
- name3: pgset-replica
- externalPort3: 5432
- internalPort3: 5432
-
-ingress:
- enabled: false
-
-resources: {}
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- #
- # Example:
- # Configure resource requests and limits
- # ref: http://kubernetes.io/docs/user-guide/compute-resources/
- # Minimum memory for development is 2 CPU cores and 4GB memory
- # Minimum memory for production is 4 CPU cores and 8GB memory
-#resources:
-# limits:
-# cpu: 2
-# memory: 4Gi
-# requests:
-# cpu: 2
-# memory: 4Gi
-
busyboxImage: library/busybox:latest
postgresRepository: crunchydata
-image: crunchy-postgres:centos7-10.4-2.0.0
+image: crunchy-postgres:centos7-10.11-4.2.1
pullPolicy: Always
# application configuration
name: consul-server
portName: consul-join
internalPort: 8301
- type2: NodePort
+ type2: ClusterIP
portName2: consul-ui
internalPort2: 8500
nodePort2: 70
# https://wiki.onap.org/display/DW/OOM+RKE+Kubernetes+Deployment
# source from https://jira.onap.org/browse/OOM-1598
#
-# master/dublin
+# master/dublin
# RKE 0.1.16 Kubernetes 1.11.6, kubectl 1.11.6, Helm 2.9.1, Docker 18.06
# 20190428 RKE 0.2.1, Kubernetes 1.13.5, kubectl 1.13.5, Helm 2.12.3, Docker 18.09.5
# single node install, HA pending
cat <<EOF
Usage: $0 [PARAMs]
example
-sudo ./rke_setup.sh -b dublin -s rke.onap.cloud -e onap -l amdocs -v true
+sudo ./rke_setup.sh -b master -s rke.onap.cloud -e onap -l amdocs -v true
-u : Display usage
-b [branch] : branch = master or dublin (required)
-s [server] : server = IP or DNS name (required)
KUBECTL_VERSION=1.13.5
HELM_VERSION=2.12.3
DOCKER_VERSION=18.09
-
+
# copy your private ssh key and cluster.yml file to the vm
# on your dev machine
#sudo cp ~/.ssh/onap_rsa .
- #sudo chmod 777 onap_rsa
+ #sudo chmod 777 onap_rsa
#scp onap_rsa ubuntu@192.168.241.132:~/
# on this vm
- #sudo chmod 400 onap_rsa
+ #sudo chmod 400 onap_rsa
#sudo cp onap_rsa ~/.ssh
- # make sure public key is insetup correctly in
+ # make sure public key is insetup correctly in
# sudo vi ~/.ssh/authorized_keys
echo "please supply your ssh key as provided by the -k keyname - it must be be chmod 400 and chown user:user in ~/.ssh/"
echo "specifically"
echo "address: $SERVER"
echo "user: $USERNAME"
- echo "ssh_key_path: $SSHPATH_PREFIX/$SSHKEY"
-
+ echo "ssh_key_path: $SSHPATH_PREFIX/$SSHKEY"
+
RKETOOLS=
HYPERCUBE=
POD_INFRA_CONTAINER=
- name: common
version: ~5.x-0
repository: '@local'
- - name: postgres-legacy
+ - name: postgres
version: ~5.x-0
repository: '@local'
alias: postgres
+ - name: mongo
+ version: ~5.x-0
+ repository: '@local'
{{ if .Values.componentImages.hv_ves }}
tag_version: {{ include "common.repository" . }}/{{ .Values.componentImages.hv_ves }}
{{ end }}
+use_tls: true
\ No newline at end of file
--- /dev/null
+#============LICENSE_START========================================================
+#=================================================================================
+# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+{{ if .Values.componentImages.tcagen2 }}
+tag_version: {{ include "common.repository" . }}/{{ .Values.componentImages.tcagen2 }}
+{{ end }}
+tca_handle_in_subscribe_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_MEASUREMENT_OUTPUT/"
+tca_handle_out_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.TCAGEN2_OUTPUT/"
--- /dev/null
+#============LICENSE_START========================================================
+#=================================================================================
+# Copyright (c) 2020 Nokia. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+{{ if .Values.componentImages.ves }}
+tag_version: {{ include "common.repository" . }}/{{ .Values.componentImages.ves }}
+{{ end }}
+external_port: 0
+external_port_tls: {{ .Values.config.address.ves.portSecure }}
+auth_method: "certBasicAuth"
+component_name: "dcae-ves-collector-tls"
+dns_component_name: "dcae-ves-collector-tls"
+enable_tls: true
+ves_other_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_OTHER_OUTPUT/"
+ves_heartbeat_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_HEARTBEAT_OUTPUT/"
+ves_fault_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_FAULT_OUTPUT/"
+ves_measurement_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_MEASUREMENT_OUTPUT/"
+ves_pnfRegistration_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_PNFREG_OUTPUT/"
+ves_notification_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_NOTIFICATION_OUTPUT/"
\ No newline at end of file
#=================================================================================
# Copyright (c) 2017-2018 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2018 Amdocs, Bell Canada
+# Modifications (c) 2020 Nokia. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
{{ if .Values.componentImages.ves }}
tag_version: {{ include "common.repository" . }}/{{ .Values.componentImages.ves }}
{{ end }}
-external_port : {{ .Values.config.address.ves.port }}
-external_tls_port : {{ .Values.config.address.ves.portSecure }}
+external_port_tls: 0
+external_port: {{ .Values.config.address.ves.port }}
+auth_method: "noAuth"
+component_name: "dcae-ves-collector"
+dns_component_name: "dcae-ves-collector"
ves_other_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_OTHER_OUTPUT/"
ves_heartbeat_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_HEARTBEAT_OUTPUT/"
ves_fault_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_FAULT_OUTPUT/"
ves_measurement_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_MEASUREMENT_OUTPUT/"
ves_pnfRegistration_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_PNFREG_OUTPUT/"
-ves_notification_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_NOTIFICATION_OUTPUT/"
+ves_notification_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_NOTIFICATION_OUTPUT/"
\ No newline at end of file
primary: dcae-pgpool-primary
replica: dcae-pgpool-replica
+mongo:
+ nameOverride: dcae-mongo
+ config:
+ dbName: dcaecommondb
+ service:
+ name: dcae-mongohost
+ internalPort: 27017
+ nfsprovisionerPrefix: dcaemongo
+ sdnctlPrefix: tcagen2
+ persistence:
+ mountSubPath: dcae/mongo/data
+ enabled: true
+ disableNfsProvisioner: true
+
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.9.0
+image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.10.0
default_k8s_location: central
# DCAE component images to be deployed via Cloudify Manager
holmes_rules: onap/holmes/rule-management:1.2.7
holmes_engine: onap/holmes/engine-management:1.2.6
tca: onap/org.onap.dcaegen2.deployments.tca-cdap-container:1.2.2
- ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.5.2
+ #placeholder until tca-gen2 release image is available
+ #tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.0.0
+ ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.5.3
snmptrap: onap/org.onap.dcaegen2.collectors.snmptrap:1.4.0
prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.0
- hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.3.0
+ hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.4.0
# Resource Limit flavor -By Default using small
flavor: small
volumeMounts:
- mountPath: /usr/local/share/ca-certificates/
name: tls-info
+ - mountPath: /opt/logs/dcae/dashboard
+ name: component-log
env:
- name: CONSUL_HOST
value: consul-server.{{ include "common.namespace" . }}
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.ccsdk.dashboard.ccsdk-app-os:1.1.0
+image: onap/org.onap.ccsdk.dashboard.ccsdk-app-os:1.3.0
pullPolicy: Always
# probe configuration parameters
initialDelaySeconds: 30
periodSeconds: 30
path: /ccsdk-app/health
- scheme: HTTP
+ scheme: HTTPS
service:
type: NodePort
name: dashboard
- externalPort: 8080
- internalPort: 8080
+ externalPort: 8443
+ internalPort: 8443
nodePort: 18
# application configuration override for postgres
postgres:
service:
name: dcae-healthcheck
- internalPort: 80
+ internalPort: 8080
externalPort: 80
type: ClusterIP
periodSeconds: 10
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.healthcheck-container:1.2.5
+image: onap/org.onap.dcaegen2.deployments.healthcheck-container:1.3.0
# Resource Limit flavor -By Default using small
flavor: small
- name: common
version: ~5.x-0
repository: '@local'
- - name: postgres-legacy
+ - name: postgres
version: ~5.x-0
repository: '@local'
alias: postgres
"type": "https",
"port": 8080,
"keyStorePath": "/opt/cert/cert.jks",
- "keyStorePassword": "hD:!w:CxF]lGvM6Mz9l^j[7U",
+ "keyStorePassword": "/opt/cert/jks.pass",
"keyStoreType": "JKS"
}]
}
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2018-2019 AT&T Intellectual Property. All rights reserved.
+# Modifications Copyright © 2018 Amdocs, Bell Canada
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+filebeat.prospectors:
+#it is mandatory, in our case it's log
+- input_type: log
+ #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory.
+ paths:
+ - /var/log/onap/*/*/*/*.log
+ - /var/log/onap/*/*/*.log
+ - /var/log/onap/*/*.log
+ #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive
+ ignore_older: 48h
+ # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit
+ clean_inactive: 96h
+
+
+# Name of the registry file. If a relative path is used, it is considered relative to the
+# data path. Else full qualified file name.
+#filebeat.registry_file: ${path.data}/registry
+
+
+output.logstash:
+ #List of logstash server ip addresses with port number.
+ #But, in our case, this will be the loadbalancer IP address.
+ #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately.
+ hosts: ["{{.Values.config.logstashServiceName}}.{{.Release.Namespace}}:{{.Values.config.logstashPort}}"]
+ #If enable will do load balancing among availabe Logstash, automatically.
+ loadbalance: true
+
+ #The list of root certificates for server verifications.
+ #If certificate_authorities is empty or not set, the trusted
+ #certificate authorities of the host system are used.
+ #ssl.certificate_authorities: $ssl.certificate_authorities
+
+ #The path to the certificate for SSL client authentication. If the certificate is not specified,
+ #client authentication is not available.
+ #ssl.certificate: $ssl.certificate
+
+ #The client certificate key used for client authentication.
+ #ssl.key: $ssl.key
+
+ #The passphrase used to decrypt an encrypted key stored in the configured key file
+ #ssl.key_passphrase: $ssl.key_passphrase
+
+logging:
+ level: debug
+
+ # enable file rotation with default configuration
+ to_files: true
+
+ # do not log to syslog
+ to_syslog: false
+
+ files:
+ path: /usr/share/filebeat/logs
+ name: mybeat.log
+ keepfiles: 7
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{include "common.fullname" . }}-filebeat-configmap
+ namespace: {{include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/log/*").AsConfig . | indent 2 }}
subPath: config.json
- mountPath: /opt/cert/
name: tls-info
+ - mountPath: /opt/logs/
+ name: component-log
env:
- name: CONSUL_HOST
value: consul.{{ include "common.namespace" . }}
+ - name: {{ include "common.name" . }}-filebeat
+ env:
+ - name: POD_IP
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: status.podIP
+ image: {{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}
+ imagePullPolicy: IfNotPresent
+ resources: {}
+ volumeMounts:
+ - mountPath: /var/log/onap/inventory
+ name: component-log
+ - mountPath: /usr/share/filebeat/data
+ name: filebeat-data
+ - mountPath: /usr/share/filebeat/filebeat.yml
+ name: filebeat-conf
+ subPath: filebeat.yml
volumes:
+ - emptyDir: {}
+ name: component-log
+ - emptyDir: {}
+ name: filebeat-data
+ - configMap:
+ defaultMode: 420
+ name: {{ include "common.fullname" . }}-filebeat-configmap
+ name: filebeat-conf
- name: {{ include "common.fullname" . }}-inv-config
configMap:
name: {{ include "common.fullname" . }}-configmap
name: tls-info
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
+
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.inventory-api:3.4.0
+image: onap/org.onap.dcaegen2.platform.inventory-api:3.4.1
pullPolicy: Always
# application images
repository: nexus3.onap.org:10001
-image: onap/dmaap/dmaap-bc:1.1.5
+image: onap/dmaap/dmaap-bc:2.0.3
# application configuration
</logger>
- <root level="INFO">
+ <root level="{{.Values.config.dmaapDrNode.logLevel}}">
<appender-ref ref="asyncAudit" />
<appender-ref ref="asyncMetrics" />
<appender-ref ref="asyncDebug" />
portName2: dr-node-port2
nodePort: 93
nodePort2: 94
+ # dr uses the EELF Logging framework https://github.com/att/EELF
+ # and supports the following log levels: TRACE, DEBUG, INFO, WARN, ERROR, OFF
+ logLevel: "INFO"
- <root level="INFO">
+ <root level="{{.Values.config.dmaapDrProv.logLevel}}">
<appender-ref ref="asyncEELF" />
<appender-ref ref="asyncEELFError" />
<appender-ref ref="asyncEELFjettylog" />
# * Licensed under the Apache License, Version 2.0 (the "License");
# * you may not use this file except in compliance with the License.
# * You may obtain a copy of the License at
-# *
+# *
# * http://www.apache.org/licenses/LICENSE-2.0
-# *
+# *
# * Unless required by applicable law or agreed to in writing, software
# * distributed under the License is distributed on an "AS IS" BASIS,
# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# Database access
org.onap.dmaap.datarouter.db.driver = org.mariadb.jdbc.Driver
-org.onap.dmaap.datarouter.db.url = jdbc:mariadb://{{.Values.config.dmaapDrDb.mariadbServiceName}}:{{.Values.config.dmaapDrDb.mariadbServicePort}}/datarouter
-org.onap.dmaap.datarouter.db.login = datarouter
-org.onap.dmaap.datarouter.db.password = datarouter
+org.onap.dmaap.datarouter.db.url = jdbc:mariadb://{{.Values.config.dmaapDrDb.mariadbServiceName}}:{{.Values.config.dmaapDrDb.mariadbServicePort}}/{{.Values.mariadb.config.mysqlDatabase}}
+org.onap.dmaap.datarouter.db.login = ${DB_USERNAME}
+org.onap.dmaap.datarouter.db.password = ${DB_PASSWORD}
# PROV - DEFAULT ENABLED TLS PROTOCOLS
org.onap.dmaap.datarouter.provserver.https.include.protocols = TLSv1.1|TLSv1.2
org.onap.dmaap.datarouter.provserver.aaf.instance = legacy
org.onap.dmaap.datarouter.provserver.aaf.action.publish = publish
org.onap.dmaap.datarouter.provserver.aaf.action.subscribe = subscribe
-
- aaf-locate
- --container-name
- aaf-cm
+ - --container-name
+ - aaf-service
env:
- name: NAMESPACE
valueFrom:
port: {{ .Values.config.dmaapDrProv.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ - name: DB_USERNAME
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "dmaap-dr-db-user-secret" "key" "login") | indent 12 }}
+ - name: DB_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "dmaap-dr-db-user-secret" "key" "password") | indent 12 }}
volumeMounts:
{{- if .Values.global.aafEnabled }}
- mountPath: {{ .Values.persistence.aafCredsPath }}
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-dependencies:
- - name: common
- version: ~5.x-0
- repository: '@local'
+{{ include "common.secret" . }}
nodePortPrefix: 302
loggingDirectory: /opt/app/datartr/logs
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: dmaap-dr-db-user-secret
+ name: '{{ include "common.release" . }}-dmaap-dr-db-user-secret'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.dmaapDrDb.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.dmaapDrDb.userName }}'
+ password: '{{ .Values.config.dmaapDrDb.userPassword }}'
+
#################################################################
# Application configuration defaults.
#################################################################
portName2: dr-prov-port2
nodePort: 59
nodePort2: 69
+ # dr uses the EELF Logging framework https://github.com/att/EELF
+ # and supports the following log levels: TRACE, DEBUG, INFO, WARN, ERROR, OFF
+ logLevel: "INFO"
+
# dr-prov db configuration
dmaapDrDb:
mariadbServiceName: dmaap-dr-db-svc
mariadbServicePort: 3306
mariadbContName: dmaap-dr-db
+ userName: datarouter
+# userPassword: password
+# userCredentialsExternalSecret: some secret
# mariadb-galera configuration
mariadb:
nameOverride: dmaap-dr-db
replicaCount: 2
config:
- mariadbRootPassword: datarouter
- userName: datarouter
- userPassword: datarouter
+ userCredentialsExternalSecret: '{{ include "common.release" . }}-dmaap-dr-db-user-secret'
mysqlDatabase: datarouter
service:
name: dmaap-dr-db-svc
requests:
cpu: 1000m
memory: 2Gi
- unlimited: {}
\ No newline at end of file
+ unlimited: {}
repository: nexus3.onap.org:10001
image: onap/aai/esr-gui:1.4.0
pullPolicy: Always
-msbaddr: msb-iag.{{ include "common.namespace" . }}:80
+msbaddr: msb-iag.{{ include "common.namespace" . }}:443
# default number of instances
replicaCount: 1
# application image
repository: nexus3.onap.org:10001
-image: onap/aai/esr-server:1.4.0
+image: onap/aai/esr-server:1.5.1
pullPolicy: Always
-msbaddr: msb-iag.{{ include "common.namespace" . }}:80
+msbaddr: msb-iag.{{ include "common.namespace" . }}:443
# application configuration
config:
config:
msbServiceName: msb-iag
- msbPort: 80
+ msbPort: 443
persistence:
mountPath: /dockerdata-nfs
- /root/ready.py
args:
- --container-name
- - {{ .Values.mariadb.nameOverride }}
+ - {{ .Values.config.db.container }}
env:
- name: NAMESPACE
valueFrom:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
- name: DB_HOST
- value: {{ .Values.config.db_host }}.{{.Release.Namespace}}
+ value: {{ .Values.config.db.host }}.{{.Release.Namespace}}
- name: DB_PORT
- value: {{ .Values.config.db_port | quote}}
+ value: {{ .Values.config.db.port | quote}}
- name: DB_USERNAME
- value: {{ .Values.config.db_root }}
+ value: {{ .Values.config.db.root }}
- name: DB_SCHEMA
- value: {{ .Values.config.mysqlDatabase }}
+ value: {{ .Values.config.db.mysqlDatabase }}
- name: DB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-cmso-db-db-root-password
- key: password
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}}
terminationMessagePolicy: File
volumeMounts:
- name: {{ include "common.fullname" . }}-config
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
- name: DB_HOST
- value: {{ .Values.config.db_host }}.{{.Release.Namespace}}
+ value: {{ .Values.config.db.host }}.{{.Release.Namespace}}
- name: DB_PORT
- value: {{ .Values.config.db_port | quote}}
+ value: {{ .Values.config.db.port | quote}}
- name: DB_USERNAME
- value: {{ .Values.config.db_root }}
+ value: {{ .Values.config.db.root }}
- name: DB_SCHEMA
- value: {{ .Values.config.mysqlDatabase }}
+ value: {{ .Values.config.db.mysqlDatabase }}
- name: DB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-cmso-db-db-root-password
- key: password
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}}
- name: JAVA_TRUSTSTORE
value: /share/etc/certs/{{ .Values.global.truststoreFile }}
- name: SSL_KEYSTORE
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-dependencies:
- - name: common
- version: ~5.x-0
- repository: '@local'
+{{ include "common.secret" . }}
# flag to enable debugging - application support required
debugEnabled: false
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: cmso-db-root-password
+ type: password
+ password: '{{ .Values.config.db.rootPassword }}'
+ externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}'
+ policy: required
+ - uid: cmso-db-user-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.db.user }}'
+ password: '{{ .Values.config.db.password }}'
+ passwordPolicy: required
+
#################################################################
# Application configuration defaults.
#################################################################
config:
- db_root: root
- db_user: cmso-admin
- mysqlDatabase: optimizer
- db_host: oof-cmso-dbhost
- db_port: 3306
+ db:
+ port: 3306
+ root: root
+# rootPassword: pass
+# rootPasswordExternalSecret: some secret
+# user: cmso-admin
+# password: pass
+# userCredentialsExternalSecret: some-secret
+# host: host
+# container: container
+# mysqlDatabase: optimizer
topology_host: oof-cmso-topology
topology_port: 7998
ticketmgt_host: oof-cmso-ticketmgt
ticketmgt_port: 7999
-mariadb:
- nameOverride: cmso-db
-
ingress:
enabled: false
- /root/ready.py
args:
- --container-name
- - {{ .Values.mariadb.nameOverride }}
+ - {{ .Values.config.db.container }}
env:
- name: NAMESPACE
valueFrom:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
- name: DB_HOST
- value: {{ .Values.config.db_host }}.{{.Release.Namespace}}
+ value: {{ .Values.config.db.host }}.{{.Release.Namespace}}
- name: DB_PORT
- value: {{ .Values.config.db_port | quote}}
+ value: {{ .Values.config.db.port | quote}}
- name: DB_USERNAME
- value: {{ .Values.config.db_root }}
+ value: {{ .Values.config.db.root }}
- name: DB_SCHEMA
- value: {{ .Values.config.mysqlDatabase }}
+ value: {{ .Values.config.db.mysqlDatabase }}
- name: DB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-cmso-db-db-root-password
- key: password
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}}
terminationMessagePolicy: File
volumeMounts:
- name: {{ include "common.fullname" . }}-config
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
- name: DB_HOST
- value: {{ .Values.config.db_host }}.{{.Release.Namespace}}
+ value: {{ .Values.config.db.host }}.{{.Release.Namespace}}
- name: DB_PORT
- value: {{ .Values.config.db_port | quote}}
+ value: {{ .Values.config.db.port | quote}}
- name: DB_USERNAME
- value: {{ .Values.config.db_user }}
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}}
- name: DB_SCHEMA
- value: {{ .Values.config.mysqlDatabase }}
+ value: {{ .Values.config.db.mysqlDatabase }}
- name: DB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-cmso-db-db-user-credentials
- key: password
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}}
- name: JAVA_TRUSTSTORE
value: /share/etc/certs/{{ .Values.global.truststoreFile }}
- name: SSL_KEYSTORE
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-description: ONAP Postgres Server
-name: postgres-legacy
-version: 5.0.0
+{{ include "common.secret" . }}
# flag to enable debugging - application support required
debugEnabled: false
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: cmso-db-root-password
+ type: password
+ password: '{{ .Values.config.db.rootPassword }}'
+ externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}'
+ policy: required
+ - uid: cmso-db-user-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.db.user }}'
+ password: '{{ .Values.config.db.password }}'
+ passwordPolicy: required
+
#################################################################
# Application configuration defaults.
#################################################################
config:
- db_root: root
- db_user: cmso-admin
- mysqlDatabase: cmso
- db_host: oof-cmso-dbhost
- db_port: 3306
+ db:
+ port: 3306
+ root: root
+# rootPassword: pass
+# rootPasswordExternalSecret: some secret
+# user: cmso-admin
+# password: pass
+# userCredentialsExternalSecret: some-secret
+# host: host
+# container: container
+# mysqlDatabase: cmso
optimizer_host: oof-cmso-optimizer
optimizer_port: 7997
-mariadb:
- nameOverride: cmso-db
-
ingress:
enabled: false
# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
+{{ include "common.secret" . }}
+---
apiVersion: v1
kind: Secret
metadata:
# See the License for the specific language governing permissions and
# limitations under the License.
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: cmso-db-root-password
+ name: '{{ include "common.release" . }}-cmso-db-root-password'
+ type: password
+ password: ''
+ policy: generate
+ - uid: cmso-db-secret
+ name: '{{ include "common.release" . }}-cmso-db-secret'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.db.userName }}'
+ password: '{{ .Values.config.db.userPassword }}'
+ passwordPolicy: generate
+
mariadb-galera:
replicaCount: 1
nameOverride: cmso-db
enabled: true
disableNfsProvisioner: true
config:
- mariadbRootPassword: beer
- userName: cmso-admin
- userPassword: nimda-osmc
+ mariadbRootPasswordExternalSecret: '{{ include "common.release" . }}-cmso-db-root-password'
+ userCredentialsExternalSecret: '{{ include "common.release" . }}-cmso-db-secret'
mysqlDatabase: cmso
externalConfig: |
[mysqld]
config:
log:
logstashServiceName: log-ls
- logstashPort: 5044
\ No newline at end of file
+ logstashPort: 5044
+ db:
+ # userCredentialsExternalsecret: some secret
+ userName: cmso-admin
+ # userPassword: password
+
+oof-cmso-service:
+ config:
+ db:
+ userCredentialsExternalSecret: '{{ include "common.release" . }}-cmso-db-secret'
+ rootPasswordExternalSecret: '{{ include "common.release" . }}-cmso-db-root-password'
+ host: oof-cmso-dbhost
+ container: cmso-db
+ mysqlDatabase: cmso
+
+oof-cmso-optimizer:
+ config:
+ db:
+ userCredentialsExternalSecret: '{{ include "common.release" . }}-cmso-db-secret'
+ rootPasswordExternalSecret: '{{ include "common.release" . }}-cmso-db-root-password'
+ host: oof-cmso-dbhost
+ container: cmso-db
+ mysqlDatabase: optimizer
#table_prefix = sdnc
# Base URL for SDN-C, up to and including the version. (string value)
-#server_url = https://controller:8443/restconf/
-server_url = https://sdncodl-conexus-e2e.ecomp.cci.att.com:8543/restconf/
+server_url = https://controller:8443/restconf/
# Basic Authentication Username (string value)
#username = <None>
# Retry Numbers for SDNC Rest Call (string value)
#sdnc_retries = 3
-
[service_controller]
#
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ============LICENSE_START==========================================
+ ONAP Portal
+ ===================================================================
+ Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ ===================================================================
+
+ Unless otherwise specified, all software contained herein is licensed
+ under the Apache License, Version 2.0 (the "License");
+ you may not use this software except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+ Unless otherwise specified, all documentation contained herein is licensed
+ under the Creative Commons License, Attribution 4.0 Intl. (the "License");
+ you may not use this documentation except in compliance with the License.
+ You may obtain a copy of the License at
+
+ https://creativecommons.org/licenses/by/4.0/
+
+ Unless required by applicable law or agreed to in writing, documentation
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+ ============LICENSE_END============================================
+
+
+ -->
+
+<web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" version="2.4">
+ <display-name>fusion</display-name>
+
+ <!--
+ <context-param>
+ <param-name>log4jConfigLocation</param-name>
+ <param-value>/WEB-INF/conf/log4j.properties</param-value>
+ </context-param>
+
+ <listener>
+ <listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
+ </listener>
+ -->
+
+ <!-- The Portal app can function on a HA cluster -->
+ <distributable/>
+
+ <!-- <context-param>
+ <param-name>contextConfigLocation</param-name>
+ <param-value>/WEB-INF/oid-context.xml</param-value>
+ </context-param>
+
+ <listener>
+ <listener-class>
+ org.springframework.web.context.ContextLoaderListener
+ </listener-class>
+ </listener> -->
+
+
+ <listener>
+ <listener-class>org.onap.portalapp.portal.listener.UserSessionListener</listener-class>
+ </listener>
+ <!--
+ <filter>
+ <filter-name>springSessionRepositoryFilter</filter-name>
+ <filter-class>org.onap.portalapp.music.filter.MusicSessionRepositoryFilter</filter-class>
+ </filter>
+ <filter-mapping>
+ <filter-name>springSessionRepositoryFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ <dispatcher>REQUEST</dispatcher>
+ <dispatcher>ERROR</dispatcher>
+ </filter-mapping>
+ -->
+ <filter>
+ <filter-name>CorsFilter</filter-name>
+ <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
+ <init-param>
+ <param-name>cors.allowed.origins</param-name>
+ <param-value>http://www.portal.onap.org:9200,http://www.portal.onap.org:9000</param-value>
+ </init-param>
+ <init-param>
+ <param-name>cors.allowed.methods</param-name>
+ <param-value>GET,POST,HEAD,OPTIONS,PUT,DELETE</param-value>
+ </init-param>
+ <init-param>
+ <param-name>cors.allowed.headers</param-name>
+ <param-value>EPService,JSESSIONID,X-ECOMP-RequestID,X-Widgets-Type,Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
+ </init-param>
+ <init-param>
+ <param-name>cors.exposed.headers</param-name>
+ <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
+ </init-param>
+ <init-param>
+ <param-name>cors.support.credentials</param-name>
+ <param-value>true</param-value>
+ </init-param>
+ <init-param>
+ <param-name>cors.preflight.maxage</param-name>
+ <param-value>10</param-value>
+ </init-param>
+ </filter>
+
+ <filter-mapping>
+ <filter-name>CorsFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
+
+ <filter>
+ <filter-name>SecurityXssFilter</filter-name>
+ <filter-class>org.onap.portalapp.filter.SecurityXssFilter</filter-class>
+ </filter>
+
+ <filter-mapping>
+ <filter-name>SecurityXssFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
+<!-- <filter> -->
+<!-- <filter-name>CadiAuthFilter</filter-name> -->
+<!-- <filter-class>org.onap.portalsdk.core.onboarding.crossapi.CadiAuthFilter</filter-class> -->
+<!-- <init-param> -->
+<!-- <param-name>cadi_prop_files</param-name> -->
+<!-- Add Absolute path of cadi.properties -->
+<!-- <param-value>{Path}/cadi.properties -->
+<!-- </param-value> -->
+<!-- </init-param> -->
+<!-- Add param values with comma delimited values -->
+<!-- <init-param> -->
+<!-- <param-name>include_url_endpoints</param-name> -->
+<!-- <param-value>/auxapi/*</param-value> -->
+<!-- </init-param> -->
+<!-- <init-param> -->
+<!-- <param-name>exclude_url_endpoints</param-name> -->
+<!-- <param-value>/api/v3/analytics,/api/v3/storeAnalytics</param-value> -->
+<!-- </init-param> -->
+<!-- </filter> -->
+<!-- <filter-mapping> -->
+<!-- <filter-name>CadiAuthFilter</filter-name> -->
+<!-- <url-pattern>/auxapi/v3/*</url-pattern> -->
+<!-- </filter-mapping> -->
+<!-- <filter-mapping> -->
+<!-- <filter-name>CadiAuthFilter</filter-name> -->
+<!-- <url-pattern>/auxapi/v4/*</url-pattern> -->
+
+<!-- </filter-mapping> -->
+</web-app>
- name: properties-onapportal
mountPath: "{{ .Values.global.env.tomcatDir }}/conf/server.xml"
subPath: server.xml
+ - name: properties-onapportal
+ mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/web.xml"
+ subPath: web.xml
- name: authz-onapportal
mountPath: "{{ .Values.global.env.tomcatDir }}/{{ .Values.global.keystoreFile}}"
subPath: {{ .Values.global.keystoreFile}}
{{ if eq .Values.liveness.enabled true }}
livenessProbe:
httpGet:
- path: /sdc2/rest/version
+ path: /sdc2/rest/healthCheck
port: {{ .Values.service.internalPort }}
scheme: HTTPS
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-backend:1.5.2
-backendInitImage: onap/sdc-backend-init:1.5.2
+image: onap/sdc-backend:1.6.1
+backendInitImage: onap/sdc-backend-init:1.6.1
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-cassandra:1.5.2
-cassandraInitImage: onap/sdc-cassandra-init:1.5.2
+image: onap/sdc-cassandra:1.6.1
+cassandraInitImage: onap/sdc-cassandra-init:1.6.1
pullPolicy: Always
type: ClusterIP
name: sdc-cs
portName: sdc-cs
- externalPort: 9160
- internalPort: 9160
- externalPort2: 9042
- internalPort2: 9042
+ externalPort: 9042
+ internalPort: 9042
## Persist data to a persitent volume
+++ /dev/null
-# Patterns to ignore when building packages.\r
-# This supports shell glob matching, relative path matching, and\r
-# negation (prefixed with !). Only one pattern per line.\r
-.DS_Store\r
-# Common VCS dirs\r
-.git/\r
-.gitignore\r
-.bzr/\r
-.bzrignore\r
-.hg/\r
-.hgignore\r
-.svn/\r
-# Common backup files\r
-*.swp\r
-*.bak\r
-*.tmp\r
-*~\r
-# Various IDEs\r
-.project\r
-.idea/\r
-*.tmproj
\ No newline at end of file
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T, ZTE
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-apiVersion: v1
-description: ONAP Service Design and Creation Elasticsearch
-name: sdc-es
-version: 5.0.0
+++ /dev/null
-# Copyright © 2018 Amdocs, Bell Canada, AT&T, ZTE
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-# Copyright © 2017 Amdocs, AT&T, Bell Canada
-# Modifications Copyright © 2018 ZTE
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- - containerPort: {{ .Values.service.internalPort2 }}
- {{ if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- readinessProbe:
- httpGet:
- path: "_cluster/health?wait_for_status=yellow&timeout=120s"
- port: {{ .Values.service.internalPort }}
- scheme: HTTP
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- resources:
-{{ include "common.resources" . | indent 12 }}
- env:
- - name: ENVNAME
- value: {{ .Values.global.env.name }}
- - name: HOST_IP
- valueFrom:
- fieldRef:
- fieldPath: status.podIP
- - name: ES_HEAP_SIZE
- value: {{ .Values.config.JvmHeapSize }}
- - name: ES_JAVA_OPTS
- value: {{ .Values.config.JvmOptions }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-environments
- mountPath: /root/chef-solo/environments/
- - name: {{ include "common.fullname" . }}-localtime
- mountPath: /etc/localtime
- readOnly: true
- - name: {{ include "common.fullname" . }}-data
- mountPath: /usr/share/elasticsearch/data/
- volumes:
- - name: {{ include "common.fullname" . }}-localtime
- hostPath:
- path: /etc/localtime
- {{- if .Values.persistence.enabled }}
- - name: {{ include "common.fullname" . }}-data
- persistentVolumeClaim:
- claimName: {{ include "common.fullname" . }}
- {{- else }}
- emptyDir: {}
- {{- end }}
- - name: {{ include "common.fullname" . }}-environments
- configMap:
- name: {{ include "common.release" . }}-sdc-environments-configmap
- defaultMode: 0755
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, AT&T, Bell Canada
-# Modifications Copyright © 2018 ZTE
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: batch/v1
-kind: Job
-metadata:
- name: {{ include "common.fullname" . }}-config-elasticsearch
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}-job
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- backoffLimit: 20
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}-job
- release: {{ include "common.release" . }}
- spec:
- restartPolicy: Never
- initContainers:
- - name: {{ include "common.name" . }}-init-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /root/ready.py
- args:
- - --container-name
- - sdc-es
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- containers:
- - name: {{ include "common.name" . }}-job
- image: "{{ include "common.repository" . }}/{{ .Values.elasticInitImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-environments
- mountPath: /root/chef-solo/environments/
- env:
- - name: ENVNAME
- value: {{ .Values.global.env.name }}
- volumes:
- - name: {{ include "common.fullname" . }}-environments
- configMap:
- name: {{ include "common.release" . }}-sdc-environments-configmap
- defaultMode: 0755
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
- restartPolicy: Never
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T, ZTE
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-{{- if eq "True" (include "common.needPV" .) -}}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- name: {{ include "common.fullname" . }}
-spec:
- capacity:
- storage: {{ .Values.persistence.size}}
- accessModes:
- - {{ .Values.persistence.accessMode }}
- persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
- storageClassName: "{{ include "common.fullname" . }}-data"
- hostPath:
- path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }}
-{{- end -}}
-{{- end -}}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T, ZTE
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
-{{- if .Values.persistence.annotations }}
- annotations:
-{{ toYaml .Values.persistence.annotations | indent 4 }}
-{{- end }}
-spec:
- accessModes:
- - {{ .Values.persistence.accessMode }}
- storageClassName: {{ include "common.storageClass" . }}
- resources:
- requests:
- storage: {{ .Values.persistence.size }}
-{{- end -}}
\ No newline at end of file
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T, ZTE
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- - port: {{ .Values.service.internalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.portName }}2
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName }}2
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T, ZTE
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- ubuntuInitRepository: oomk8s
- ubuntuInitImage: ubuntu-init:1.0.0
-
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/sdc-elasticsearch:1.5.2
-elasticInitImage: onap/sdc-init-elasticsearch:1.5.2
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-config:
- JvmHeapSize: "1024M"
- JvmOptions: "-Xms512m -Xmx512m"
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 60
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 60
- periodSeconds: 10
-
-service:
- type: ClusterIP
- name: sdc-es
- portName: sdc-es
- externalPort: 9200
- internalPort: 9200
- externalPort2: 9300
- internalPort2: 9300
-
-## Persist data to a persitent volume
-persistence:
- enabled: true
-
- ## A manually managed Persistent Volume and Claim
- ## Requires persistence.enabled: true
- ## If defined, PVC must be created manually before volume will be bound
- # existingClaim:
- volumeReclaimPolicy: Retain
-
- ## database data Persistent Volume Storage Class
- ## If defined, storageClassName: <storageClass>
- ## If set to "-", storageClassName: "", which disables dynamic provisioning
- ## If undefined (the default) or set to null, no storageClassName spec is
- ## set, choosing the default provisioner. (gp2 on AWS, standard on
- ## GKE, AWS & OpenStack)
- ##
- # storageClass: "-"
- accessMode: ReadWriteOnce
- size: 2Gi
- mountPath: /dockerdata-nfs
- mountSubPath: /sdc/sdc-es/ES
-
-ingress:
- enabled: false
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1
- memory: 4Gi
- requests:
- cpu: 10m
- memory: 1Gi
- large:
- limits:
- cpu: 2
- memory: 8Gi
- requests:
- cpu: 20m
- memory: 2Gi
- unlimited: {}
-
release: {{ include "common.release" . }}
spec:
initContainers:
- - name: {{ include "common.name" . }}-readiness
- command:
- - /root/ready.py
- args:
- - --container-name
- - "sdc-kb"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-job-completion
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-frontend:1.5.2
+image: onap/sdc-frontend:1.6.1
pullPolicy: Always
config:
+++ /dev/null
-# Patterns to ignore when building packages.\r
-# This supports shell glob matching, relative path matching, and\r
-# negation (prefixed with !). Only one pattern per line.\r
-.DS_Store\r
-# Common VCS dirs\r
-.git/\r
-.gitignore\r
-.bzr/\r
-.bzrignore\r
-.hg/\r
-.hgignore\r
-.svn/\r
-# Common backup files\r
-*.swp\r
-*.bak\r
-*.tmp\r
-*~\r
-# Various IDEs\r
-.project\r
-.idea/\r
-*.tmproj\r
-\r
-\r
-#TODO:REMOVE\r
-sdc-kb.yaml
\ No newline at end of file
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T, ZTE
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: ONAP Service Design and Creation Kibana
-name: sdc-kb
-version: 5.0.0
+++ /dev/null
-# Copyright © 2018 Amdocs, Bell Canada, AT&T, ZTE
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T, ZTE
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - name: {{ include "common.name" . }}-job-completion
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
- command:
- - /root/job_complete.py
- args:
- - --job-name
- - {{ include "common.release" . }}-sdc-es-config-elasticsearch
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- {{ if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- resources:
-{{ include "common.resources" . | indent 12 }}
- env:
- - name: ENVNAME
- value: {{ .Values.global.env.name }}
- - name: NODE_OPTIONS
- value: {{ .Values.config.nodeOptions }}
- - name: HOST_IP
- valueFrom:
- fieldRef:
- fieldPath: status.podIP
- volumeMounts:
- - name: {{ include "common.fullname" . }}-environments
- mountPath: /root/chef-solo/environments/
- - name: {{ include "common.fullname" . }}-localtime
- mountPath: /etc/localtime
- readOnly: true
- volumes:
- - name: {{ include "common.fullname" . }}-localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}-environments
- configMap:
- name: {{ include "common.release" . }}-sdc-environments-configmap
- defaultMode: 0755
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T, ZTE
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T, ZTE
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/sdc-kibana:1.5.2
-pullPolicy: Always
-
-config:
- nodeOptions: "--max-old-space-size=200"
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: false
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-service:
- type: ClusterIP
- name: sdc-kb
- portName: sdc-kb
- externalPort: 5601
- internalPort: 5601
-
-
-sdc-es:
- service:
- name: sdc-es
-
-ingress:
- enabled: false
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1
- memory: 4Gi
- requests:
- cpu: 10m
- memory: 1Gi
- large:
- limits:
- cpu: 2
- memory: 8Gi
- requests:
- cpu: 20m
- memory: 2Gi
- unlimited: {}
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-onboard-backend:1.5.2
-onboardingInitImage: onap/sdc-onboard-cassandra-init:1.5.2
+image: onap/sdc-onboard-backend:1.6.1
+onboardingInitImage: onap/sdc-onboard-cassandra-init:1.6.1
pullPolicy: Always
# flag to enable debugging - application support required
- name: CS_HOST
value: "{{ .Values.global.cassandra.serviceName }}"
- name: CS_PORT
- value: "{{ .Values.config.cassandraThriftClientPort }}"
+ value: "{{ .Values.config.cassandraClientPort }}"
- name: CS_AUTHENTICATE
value: "{{ .Values.config.cassandraAuthenticationEnabled }}"
- name: CS_USER
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/workflow-backend:1.6.0
-configInitImage: onap/workflow-init:1.6.0
+image: onap/workflow-backend:1.6.1
+configInitImage: onap/workflow-init:1.6.1
pullPolicy: Always
initJob:
config:
javaOptions: "-Xmx1536m -Xms1536m"
cassandraAuthenticationEnabled: true
- cassandraThriftClientPort: 9160
cassandraClientPort: 9042
sdcProtocol: HTTPS
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/workflow-frontend:1.6.0
+image: onap/workflow-frontend:1.6.1
pullPolicy: Always
# flag to enable debugging - application support required
"DCAE_FE_VIP": "sdc-dcae-fe.{{include "common.namespace" .}}",
"DCAE_TOSCA_LAB_VIP": "sdc-dcae-tosca-lab.{{include "common.namespace" .}}",
"FE_VIP": "sdc-fe.{{include "common.namespace" .}}",
- "ES_VIP": "sdc-es.{{include "common.namespace" .}}",
- "KB_VIP": "sdc-kb.{{include "common.namespace" .}}",
"interfaces": {
"application": "eth0",
"private": "eth0"
],
"BE": "sdc-be.{{include "common.namespace" .}}",
"ONBOARDING_BE": "sdc-onboarding-be.{{include "common.namespace" .}}",
- "FE": "sdc-fe.{{include "common.namespace" .}}",
- "ES": [
- "sdc-es.{{include "common.namespace" .}}"
- ],
- "KB": "sdc-kb.{{include "common.namespace" .}}"
+ "FE": "sdc-fe.{{include "common.namespace" .}}"
},
"VnfRepo": {
"vnfRepoPort": "{{.Values.config.environment.vnfRepoPort}}",
"https_port": "8445",
"catalog_notification_url": "%s://%s:%s/sdc2/rest/v1/catalog/notif/vsp/"
},
- "elasticsearch": {
- "cluster_name": "SDC-ES-",
- "ES_path_home": "/usr/share/elasticsearch",
- "ES_path_data": "/usr/share/elasticsearch/data",
- "num_of_replicas": "0",
- "num_of_shards": "1"
- },
-
"cassandra": {
"cassandra_port": 9042,
"concurrent_reads": "32",
"socket_connect_timeout": "20000",
"janusgraph_connection_timeout": "10000",
"replication_factor": "{{.Values.global.cassandra.replicaCount}}"
- }
+ },
+ "DMAAP": {
+ "consumer": {
+ "host": "dcae-mrtr.com:3905",
+ "topic": "operationalEnvironmentEvent",
+ "serviceName": "dcae-mrtr.com:3905/events",
+ "environment": "TEST",
+ "partner": "BOT_R",
+ "username": "user1@sdc.com",
+ "password": "password=="
+ },
+ "producer": {
+ "host": "olsd004.com:3905",
+ "topic": "SDC-FACADE-NOTIF-v1 ",
+ "serviceName": "dmaap.com:3905/events",
+ "environment": "TEST",
+ "username": "user1@sdc.com",
+ "password": "password=="
+ }
+ }
}
}
workflowUrl: 10.0.2.15
vnfRepoPort: 8702
-sdc-es:
- service:
- name: sdc-es
-
#Used only if localCluster is enabled. Instantiates SDC's own cassandra cluster
cassandra:
nameOverride: sdc-cs
AFT_DME2_EP_READ_TIMEOUT_MS=50000
sessionstickinessrequired=NO
DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt
-sdnc.odl.user=admin
-sdnc.odl.password=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+sdnc.odl.user=${ODL_USER}
+sdnc.odl.password=${ODL_PASSWORD}
sdnc.odl.url-base=http://sdnc.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations
\ No newline at end of file
###
# ============LICENSE_START=======================================================
-# Copyright (C) 2018 ONAP Intellectual Property. All rights
-# reserved.
+# Copyright (C) 2018 ONAP Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
###
org.onap.ccsdk.sli.dbtype=jdbc
org.onap.ccsdk.sli.jdbc.hosts=sdnctldb01
-org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.mariadbGalera.serviceName}}.{{.Release.Namespace}}:{{.Values.config.mariadbGalera.internalPort}}/sdnctl
+org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{include "common.mariadbService" $}}:{{include "common.mariadbPort" $}}/{{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
org.onap.ccsdk.sli.jdbc.driver=org.mariadb.jdbc.Driver
-org.onap.ccsdk.sli.jdbc.database=sdnctl
-org.onap.ccsdk.sli.jdbc.user=sdnctl
-org.onap.ccsdk.sli.jdbc.password=gamma
+org.onap.ccsdk.sli.jdbc.database={{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
+org.onap.ccsdk.sli.jdbc.user=${SDNC_DB_USER}
+org.onap.ccsdk.sli.jdbc.password=${SDNC_DB_PASSWORD}
org.onap.ccsdk.sli.jdbc.connection.name=sdnctldb01
org.onap.ccsdk.sli.jdbc.connection.timeout=50
org.onap.ccsdk.sli.jdbc.request.timeout=100
AFT_DME2_EP_READ_TIMEOUT_MS=50000
sessionstickinessrequired=NO
DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt
-sdnc.odl.user=admin
-sdnc.odl.password={{.Values.config.odlPassword}}
+sdnc.odl.user=${ODL_USER}
+sdnc.odl.password=${ODL_PASSWORD}
sdnc.odl.url-base=http://sdnc.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations
AFT_DME2_EP_READ_TIMEOUT_MS=50000
sessionstickinessrequired=NO
DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt
-sdnc.odl.user=admin
-sdnc.odl.password={{.Values.config.odlPassword}}
+sdnc.odl.user=${ODL_USER}
+sdnc.odl.password=${ODL_PASSWORD}
sdnc.odl.url-base=http://sdnc.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations
\ No newline at end of file
release: {{ include "common.release" . }}
spec:
initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: SDNC_DB_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ - name: SDNC_DB_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ - name: ODL_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "login") | indent 10 }}
+ - name: ODL_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: config-input
+ - mountPath: /config
+ name: properties
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+
- command:
- /root/ready.py
args:
- --container-name
- - {{ .Values.config.mariadbGalera.chartName }}
+ - {{ include "common.mariadbService" . }}
- --container-name
- {{ .Values.config.sdncChartName }}
- --container-name
- name: localtime
hostPath:
path: /etc/localtime
- - name: properties
+ - name: config-input
configMap:
name: {{ include "common.fullname" . }}
defaultMode: 0644
+ - name: properties
+ emptyDir:
+ medium: Memory
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secret" . }}
readinessImage: readiness-check:2.0.2
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ # envsusbt
+ envsubstImage: dibi/envsubst
+ mariadbGalera:
+ #This flag allows SO to instantiate its own mariadb-galera cluster
+ #If shared instance is used, this chart assumes that DB already exists
+ localCluster: false
+ service: mariadb-galera
+ internalPort: 3306
+ nameOverride: mariadb-galera
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-secret
+ name: &dbSecretName '{{ include "common.release" . }}-sdnc-dmaap-listener-db-secret'
+ type: basicAuth
+ # This is a nasty trick that allows you override this secret using external one
+ # with the same field that is used to pass this to subchart
+ externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "sdnc-dmaap-listener-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}'
+ login: '{{ index .Values "mariadb-galera" "config" "userName" }}'
+ password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}'
+ passwordPolicy: required
+ - uid: odl-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.odlCredsExternalSecret) . }}'
+ login: '{{ .Values.config.odlUser }}'
+ password: '{{ .Values.config.odlPassword }}'
+ passwordPolicy: required
#################################################################
# Application configuration defaults.
sdncPort: 8282
msgRouterContainerName: message-router
configDir: /opt/onap/sdnc/data/properties
+ odlUser: admin
odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
- mariadbGalera:
- chartName: mariadb-galera
- serviceName: mariadb-galera
+ # odlCredsExternalSecret: some secret
+
+mariadb-galera:
+ config:
+ userCredentialsExternalSecret: *dbSecretName
+ userName: sdnctl
+ userPassword: gamma
+ mysqlDatabase: sdnctl
+ nameOverride: dmaap-listener-galera
+ service:
+ name: dmaap-listener-galera
+ portName: dmaap-listener-galera
internalPort: 3306
+ replicaCount: 1
+ persistence:
+ enabled: true
+ mountSubPath: dmaap-listener/maria/data
# default number of instances
replicaCount: 1
# limitations under the License.
# Host definition
-ip: 0.0.0.0
-port: {{.Values.service.internalPort}}
+ip: 0.0.0.0
+port: {{.Values.service.internalPort}}
# Security (controls use of TLS encrypton and RestServer authentication)
-tls: no
-auth: no
+tls: no
+auth: no
# TLS certificates (must be built on application host)
-priv: provide_privated_key.pem
-pub: provide_public_key.pem
+priv: provide_privated_key.pem
+pub: provide_public_key.pem
# RestServer authentication
-id: sdnc
-psswd: sdnc
+id: ${REST_USER}
+psswd: ${REST_PASSWORD}
# Mysql
-host: {{.Values.config.mariadbGalera.serviceName}}
-user: sdnc
-passwd: sdnc
-db: ansible
+host: {{ include "common.mariadbService" $ }}
+user: ${DB_USER}
+passwd: ${DB_PASSWORD}
+db: {{ index .Values "mariadb-galera" "config" "mysqlDatabase" }}
# Playbooks
-from_files: yes
-ansible_path: /opt/onap/sdnc/Playbooks
-ansible_inv: Ansible_inventory
-ansible_temp: PlaybooksTemp
-timeout_seconds: 60
+from_files: yes
+ansible_path: /opt/onap/sdnc/Playbooks
+ansible_inv: Ansible_inventory
+ansible_temp: PlaybooksTemp
+timeout_seconds: 60
# Blocking on GetResults
-getresults_block: yes
+getresults_block: yes
release: {{ include "common.release" . }}
spec:
initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: DB_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ - name: DB_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ - name: REST_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "rest-creds" "key" "login") | indent 10 }}
+ - name: REST_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "rest-creds" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: config-input
+ - mountPath: /config
+ name: config
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+
- command:
- /root/ready.py
args:
- name: localtime
hostPath:
path: /etc/localtime
- - name: config
+ - name: config-input
configMap:
name: {{ include "common.fullname" . }}
defaultMode: 0644
+ - name: config
+ emptyDir:
+ medium: Memory
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secret" . }}
readinessImage: readiness-check:2.0.2
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ # envsusbt
+ envsubstImage: dibi/envsubst
+ mariadbGalera:
+ #This flag allows SO to instantiate its own mariadb-galera cluster
+ #If shared instance is used, this chart assumes that DB already exists
+ localCluster: false
+ service: mariadb-galera
+ internalPort: 3306
+ nameOverride: mariadb-galera
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-secret
+ name: &dbSecretName '{{ include "common.release" . }}-sdnc-ansible-server-db-secret'
+ type: basicAuth
+ # This is a nasty trick that allows you override this secret using external one
+ # with the same field that is used to pass this to subchart
+ externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "sdnc-ansible-server-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}'
+ login: '{{ index .Values "mariadb-galera" "config" "userName" }}'
+ password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}'
+ passwordPolicy: required
+ - uid: rest-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.restCredsExternalSecret) . }}'
+ login: '{{ .Values.config.restUser }}'
+ password: '{{ .Values.config.restPassword }}'
+ passwordPolicy: required
#################################################################
# Application configuration defaults.
config:
sdncChartName: sdnc
configDir: /opt/onap/sdnc
- mariadbGalera:
- serviceName: mariadb-galera
+ restUser: sdnc
+ restPassword: sdnc
+ # restCredsExternalSecret: some secret
+mariadb-galera:
+ config:
+ userCredentialsExternalSecret: *dbSecretName
+ userName: sdnc
+ userPassword: sdnc
+ mysqlDatabase: ansible
+ nameOverride: ansible-server-galera
+ service:
+ name: ansible-server-galera
+ portName: ansible-server-galera
+ internalPort: 3306
+ replicaCount: 1
+ persistence:
+ enabled: true
+ mountSubPath: ansible-server/maria/data
# default number of instances
replicaCount: 1
},
"svclogicPropertiesDb01": "{{.Values.config.configDir}}/svclogic.properties.sdnctldb01",
"databases": [
- "{{.Values.config.mariadbGalera.serviceName}}.{{.Release.Namespace}}|sdnc-sdnctldb01.{{.Release.Namespace}}"
+ "{{include "common.mariadbService" $}}|sdnc-sdnctldb01.{{.Release.Namespace}}"
],
"dbFabricServer": "localhost",
"dbFabricPort": "32275",
"dbFabricGroupId": "hagroup1",
- "dbFabricUser": "admin",
- "dbFabricPassword": "admin",
- "dbFabricDB": "mysql",
- "dbUser": "sdnctl",
- "dbPassword": "{{.Values.config.dbSdnctlPassword}}",
- "dbName": "sdnctl",
+ "dbFabricUser": "${DB_FABRIC_USER}",
+ "dbFabricPassword": "${DB_FABRIC_PASSWORD",
+ "dbFabricDB": "{{.Values.config.dbFabricDB}}",
+ "dbUser": "${SDNC_DB_USER}",
+ "dbPassword": "${SDNC_DB_PASSWORD}",
+ "dbName": "{{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}",
"odlProtocol": "http",
"odlHost": "sdnc.{{.Release.Namespace}}",
"odlConexusHost": "sdnc.{{.Release.Namespace}}",
"odlPort": "8181",
"odlConexusPort": "8181",
- "odlUser": "admin",
- "odlPasswd": "{{.Values.config.odlPassword}}",
+ "odlUser": "${ODL_USER}",
+ "odlPasswd": "${ODL_PASSWORD}",
"ConexusNetwork_sslCert": "{{.Values.config.storesDir}}/org.onap.sdnc.p12",
- "ConexusNetwork_sslKey": "{{.Values.config.keystorePwd}}",
+ "ConexusNetwork_sslKey": "${KEYSTORE_PASSWORD}",
"AppNetwork_sslCert": "",
"AppNetwork_sslKey": "",
"hostnameList": [
###
# ============LICENSE_START=======================================================
-# Copyright (C) 2018 ONAP Intellectual Property. All rights
-# reserved.
+# Copyright (C) 2018 ONAP Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
###
org.onap.ccsdk.sli.dbtype=jdbc
org.onap.ccsdk.sli.jdbc.hosts=sdnctldb01
-org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.mariadbGalera.serviceName}}.{{.Release.Namespace}}:{{.Values.config.mariadbGalera.internalPort}}/sdnctl
+org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{include "common.mariadbService" $}}:{{include "common.mariadbPort" $}}/{{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
org.onap.ccsdk.sli.jdbc.driver=org.mariadb.jdbc.Driver
-org.onap.ccsdk.sli.jdbc.database=sdnctl
-org.onap.ccsdk.sli.jdbc.user=sdnctl
-org.onap.ccsdk.sli.jdbc.password={{.Values.config.dbSdnctlPassword}}
+org.onap.ccsdk.sli.jdbc.database={{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
+org.onap.ccsdk.sli.jdbc.user=${SDNC_DB_USER}
+org.onap.ccsdk.sli.jdbc.password=${SDNC_DB_PASSWORD}
org.onap.ccsdk.sli.jdbc.connection.name=sdnctldb01
org.onap.ccsdk.sli.jdbc.connection.timeout=50
org.onap.ccsdk.sli.jdbc.request.timeout=100
org.openecomp.sdnctl.sli.dbtype = jdbc
-org.openecomp.sdnctl.sli.jdbc.url = jdbc:mysql://sdnc-sdnctldb01:3306/sdnctl
-org.openecomp.sdnctl.sli.jdbc.database = sdnctl
-org.openecomp.sdnctl.sli.jdbc.user = sdnctl
-org.openecomp.sdnctl.sli.jdbc.password = {{.Values.config.dbSdnctlPassword}}
\ No newline at end of file
+org.openecomp.sdnctl.sli.jdbc.url = jdbc:mysql://sdnc-sdnctldb01:3306/{{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
+org.openecomp.sdnctl.sli.jdbc.database = {{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
+org.openecomp.sdnctl.sli.jdbc.user = ${SDNC_DB_USER}
+org.openecomp.sdnctl.sli.jdbc.password = ${SDNC_DB_PASSWORD}
org.openecomp.sdnctl.sli.dbtype = jdbc
-org.openecomp.sdnctl.sli.jdbc.url = jdbc:mysql://sdnc-sdnctldb02:3306/sdnctl
-org.openecomp.sdnctl.sli.jdbc.database = sdnctl
-org.openecomp.sdnctl.sli.jdbc.user = sdnctl
-org.openecomp.sdnctl.sli.jdbc.password = {{.Values.config.dbSdnctlPassword}}
\ No newline at end of file
+org.openecomp.sdnctl.sli.jdbc.url = jdbc:mysql://sdnc-sdnctldb02:3306/{{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
+org.openecomp.sdnctl.sli.jdbc.database = {{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
+org.openecomp.sdnctl.sli.jdbc.user = ${SDNC_DB_USER}
+org.openecomp.sdnctl.sli.jdbc.password = ${SDNC_DB_PASSWORD}
release: {{ include "common.release" . }}
spec:
initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: SDNC_DB_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ - name: SDNC_DB_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ - name: DB_FABRIC_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "fabric-db-creds" "key" "login") | indent 10 }}
+ - name: DB_FABRIC_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "fabric-db-creds" "key" "password") | indent 10 }}
+ - name: ODL_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "login") | indent 10 }}
+ - name: ODL_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "password") | indent 10 }}
+ - name: KEYSTORE_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "keystore-password" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: config-input
+ - mountPath: /config
+ name: properties
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+
- command:
- /root/ready.py
args:
- --container-name
- - {{ .Values.config.mariadbGalera.chartName }}
+ - {{ include "common.mariadbService" . }}
- --container-name
- {{ .Values.config.sdncChartName }}
env:
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- name: MYSQL_ROOT_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}
- key: db-root-password
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-password" "key" "password") | indent 14 }}
- name: SDNC_CONFIG_DIR
value: "{{ .Values.config.configDir }}"
volumeMounts:
- name: localtime
hostPath:
path: /etc/localtime
- - name: properties
+ - name: config-input
configMap:
name: {{ include "common.fullname" . }}
defaultMode: 0644
+ - name: properties
+ emptyDir:
+ medium: Memory
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
- db-root-password: {{ .Values.config.dbRootPassword | b64enc | quote }}
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secret" . }}
readinessImage: readiness-check:2.0.2
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ # envsusbt
+ envsubstImage: dibi/envsubst
+
+ mariadbGalera:
+ #This flag allows SO to instantiate its own mariadb-galera cluster
+ #If shared instance is used, this chart assumes that DB already exists
+ localCluster: false
+ service: mariadb-galera
+ internalPort: 3306
+ nameOverride: mariadb-galera
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-root-password
+ type: password
+ externalSecret: '{{ .Values.global.mariadbGalera.localCluster | ternary (default (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (index .Values "mariadb-galera" "nameOverride"))) (index .Values "mariadb-galera" "config" "mariadbRootPasswordExternalSecret")) (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) }}'
+ password: '{{ (index .Values "mariadb-galera" "config" "mariadbRootPassword" }}'
+ passwordPolicy: required
+ - uid: db-secret
+ name: &dbSecretName '{{ include "common.release" . }}-sdnc-portal-db-secret'
+ type: basicAuth
+ # This is a nasty trick that allows you override this secret using external one
+ # with the same field that is used to pass this to subchart
+ externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "sdnc-portal-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}'
+ login: '{{ index .Values "mariadb-galera" "config" "userName" }}'
+ password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}'
+ passwordPolicy: required
+ - uid: odl-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.odlCredsExternalSecret) . }}'
+ login: '{{ .Values.config.odlUser }}'
+ password: '{{ .Values.config.odlPassword }}'
+ passwordPolicy: required
+ - uid: fabric-db-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.odlCredsExternalSecret) . }}'
+ login: '{{ .Values.config.dbFabricUser }}'
+ password: '{{ .Values.config.dbFabricPassword }}'
+ passwordPolicy: required
+ - uid: keystore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.config.KeyStorePwdExternalSecret) . }}'
+ password: '{{ .Values.config.keystorePwd }}'
+ passwordPolicy: required
#################################################################
# Application configuration defaults.
repository: nexus3.onap.org:10001
image: onap/admportal-sdnc-image:1.7.6
config:
- dbRootPassword: secretpassword
- dbSdnctlPassword: gamma
+ dbFabricDB: mysql
+ dbFabricUser: admin
+ dbFabricPassword: admin
+ # dbFabricDBCredsExternalSecret: some secret
sdncChartName: sdnc
configDir: /opt/onap/sdnc/data/properties
storesDir: /opt/onap/sdnc/data/stores
+ odlUser: admin
odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+ # odlCredsExternalSecret: some secret
keystorePwd: ff^G9D]yf&r}Ktum@BJ0YB?N
- mariadbGalera:
- chartName: mariadb-galera
- serviceName: mariadb-galera
+ # keystorePwdExternalSecret: some secret
+
+mariadb-galera:
+ config:
+ userCredentialsExternalSecret: *dbSecretName
+ userName: sdnctl
+ userPassword: gamma
+ mysqlDatabase: sdnctl
+ nameOverride: sdnc-portal-galera
+ service:
+ name: sdnc-portal-galera
+ portName: sdnc-portal-galera
internalPort: 3306
+ replicaCount: 1
+ persistence:
+ enabled: true
+ mountSubPath: sdnc-portal/maria/data
# default number of instances
replicaCount: 0
# ============LICENSE_START=======================================================
# openECOMP : SDN-C
# ================================================================================
-# Copyright (C) 2017 AT&T Intellectual Property. All rights
-# reserved.
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+# Copyright (C) 2020 Samsung Electrinics
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
org.onap.ccsdk.sli.dbtype=jdbc
org.onap.ccsdk.sli.jdbc.hosts=sdnctldb01
-org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.mariadbGalera.serviceName}}.{{.Release.Namespace}}:{{.Values.config.mariadbGalera.internalPort}}/sdnctl
+org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{include "common.mariadbService" $}}:{{include "common.mariadbPort" $}}/{{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
org.onap.ccsdk.sli.jdbc.driver=org.mariadb.jdbc.Driver
-org.onap.ccsdk.sli.jdbc.database=sdnctl
-org.onap.ccsdk.sli.jdbc.user=sdnctl
-org.onap.ccsdk.sli.jdbc.password=gamma
+org.onap.ccsdk.sli.jdbc.database={{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
+org.onap.ccsdk.sli.jdbc.user=${SDNC_DB_USER}
+org.onap.ccsdk.sli.jdbc.password=${SDNC_DB_PASSWORD}
org.onap.ccsdk.sli.jdbc.connection.name=sdnctldb01
org.onap.ccsdk.sli.jdbc.connection.timeout=50
org.onap.ccsdk.sli.jdbc.request.timeout=100
org.onap.ccsdk.sli.northbound.uebclient.consumer-group=sdc-OpenSource-Env1-sdnc-dockero
org.onap.ccsdk.sli.northbound.uebclient.consumer-id=sdc-COpenSource-Env11-sdnc-dockero
org.onap.ccsdk.sli.northbound.uebclient.environment-name=AUTO
-org.onap.ccsdk.sli.northbound.uebclient.password=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
-org.onap.ccsdk.sli.northbound.uebclient.user=sdnc
-org.onap.ccsdk.sli.northbound.uebclient.sdnc-user=admin
-org.onap.ccsdk.sli.northbound.uebclient.sdnc-passwd={{.Values.config.odlPassword}}
+org.onap.ccsdk.sli.northbound.uebclient.password=${UEB_PASSWORD}
+org.onap.ccsdk.sli.northbound.uebclient.user=${UEB_USER}
+org.onap.ccsdk.sli.northbound.uebclient.sdnc-user=${ODL_USER}
+org.onap.ccsdk.sli.northbound.uebclient.sdnc-passwd=${ODL_PASSWORD}
org.onap.ccsdk.sli.northbound.uebclient.asdc-api-base-url=http://sdnc.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations/
org.onap.ccsdk.sli.northbound.uebclient.asdc-api-namespace=org:onap:ccsdk
org.onap.ccsdk.sli.northbound.uebclient.spool.incoming=/opt/onap/sdnc/ueb-listener/spool/incoming
release: {{ include "common.release" . }}
spec:
initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: SDNC_DB_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ - name: SDNC_DB_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ - name: UEB_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "ueb-creds" "key" "login") | indent 10 }}
+ - name: UEB_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "ueb-creds" "key" "password") | indent 10 }}
+ - name: ODL_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "login") | indent 10 }}
+ - name: ODL_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: config-input
+ - mountPath: /config
+ name: properties
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
- command:
- /root/ready.py
args:
- --container-name
- - {{ .Values.config.mariadbGalera.chartName }}
+ - {{ include "common.mariadbService" . }}
- --container-name
- {{ .Values.config.sdncChartName }}
- --container-name
- name: localtime
hostPath:
path: /etc/localtime
- - name: properties
+ - name: config-input
configMap:
name: {{ include "common.fullname" . }}
defaultMode: 0644
+ - name: properties
+ emptyDir:
+ medium: Memory
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secret" . }}
readinessImage: readiness-check:2.0.2
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ # envsusbt
+ envsubstImage: dibi/envsubst
+ mariadbGalera:
+ #This flag allows SO to instantiate its own mariadb-galera cluster
+ #If shared instance is used, this chart assumes that DB already exists
+ localCluster: false
+ service: mariadb-galera
+ internalPort: 3306
+ nameOverride: mariadb-galera
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-secret
+ name: '{{ include "common.release" . }}-sdnc-ueb-listener-db-secret'
+ type: basicAuth
+ # This is a nasty trick that allows you override this secret using external one
+ # with the same field that is used to pass this to subchart
+ externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "sdnc-ueb-listener-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}'
+ login: '{{ index .Values "mariadb-galera" "config" "userName" }}'
+ password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}'
+ passwordPolicy: required
+ - uid: odl-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.odlCredsExternalSecret) . }}'
+ login: '{{ .Values.config.odlUser }}'
+ password: '{{ .Values.config.odlPassword }}'
+ passwordPolicy: required
+ - uid: ueb-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.odlCredsExternalSecret) . }}'
+ login: '{{ .Values.config.uebUser }}'
+ password: '{{ .Values.config.uebPassword }}'
+ passwordPolicy: required
#################################################################
# Application configuration defaults.
sdcbeChartName: sdc-be
msgRouterContainerName: message-router
configDir: /opt/onap/sdnc/data/properties
+ uebUser: sdnc
+ uebPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+ # uebCredsExternalSecret: some secret
+ odlUser: admin
odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
- mariadbGalera:
- chartName: mariadb-galera
- serviceName: mariadb-galera
+ # odlCredsExternalSecret: some secret
+
+mariadb-galera:
+ # '&mariadbConfig' means we "store" the values for later use in the file
+ # with '*mariadbConfig' pointer.
+ config:
+ userCredentialsExternalSecret: '{{ include "common.release" . }}-sdnc-ueb-listener-db-secret'
+ userName: sdnctl
+ userPassword: gamma
+ mysqlDatabase: sdnctl
+ nameOverride: ueb-listener-galera
+ service:
+ name: ueb-listener-galera
+ portName: ueb-listener-galera
internalPort: 3306
+ replicaCount: 1
+ persistence:
+ enabled: true
+ mountSubPath: ueb-listener/maria/data
# default number of instances
replicaCount: 1
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-log
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
+
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.readwrite.port
- name: DB_USERNAME
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.rolename
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- name: DB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.password
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
- name: DB_ADMIN_USERNAME
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.rolename
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- name: DB_ADMIN_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.password
- {{- if eq .Values.global.security.aaf.enabled true }}
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
+ {{- if eq .Values.global.security.aaf.enabled true }}
- name: TRUSTSTORE
value: /app/org.onap.so.trust.jks
- name: TRUSTSTORE_PASSWORD
- name: config
mountPath: /app/config
readOnly: true
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
{{ include "helpers.livenessProbe" .| indent 8 }}
ports:
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
protocol: TCP
+ # Filebeat sidecar container
+ - name: {{ include "common.name" . }}-filebeat-onap
+ image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ mountPath: /usr/share/filebeat/data
+ - name: logs
+ mountPath: /var/log/onap/so
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
volumes:
- name: logs
emptyDir: {}
- name: config
configMap:
name: {{ include "common.fullname" . }}-app-configmap
+ - name: {{ include "common.fullname" . }}-log-conf
+ configMap:
+ name: {{ include "common.fullname" . }}-log
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ configMap:
+ name: {{ .Release.Name }}-so-filebeat-configmap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secret" . }}
persistence:
mountPath: /dockerdata-nfs
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-user-creds
+ name: '{{ include "common.release" . }}-so-bpmn-infra-db-user-creds'
+ type: basicAuth
+ externalSecret: '{{ .Values.db.userCredsExternalSecret }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ passwordPolicy: required
+ - uid: db-admin-creds
+ name: '{{ include "common.release" . }}-so-bpmn-infra-db-admin-creds'
+ type: basicAuth
+ externalSecret: '{{ .Values.db.adminCredsExternalSecret }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ passwordPolicy: required
+
+
#################################################################
# Application configuration defaults.
#################################################################
image: onap/so/bpmn-infra:1.5.3
pullPolicy: Always
+db:
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
replicaCount: 1
minReadySeconds: 10
containerPort: 8081
auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.encrypted "value2" .Values.mso.auth )}}
logPath: ./logs/openstack
msb-ip: msb-iag.{{ include "common.namespace" . }}
- msb-port: 80
+ msb-port: 443
+ msb-scheme: https
workflow:
endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/sobpmnengine
msoKey: {{ .Values.mso.msoKey }}
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-log
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
\ No newline at end of file
- name: config
mountPath: /app/config
readOnly: true
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
{{ include "helpers.livenessProbe" .| indent 8 }}
ports:
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
protocol: TCP
+ # Filebeat sidecar container
+ - name: {{ include "common.name" . }}-filebeat-onap
+ image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ mountPath: /usr/share/filebeat/data
+ - name: logs
+ mountPath: /var/log/onap/so
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
volumes:
- name: logs
emptyDir: {}
- name: config
configMap:
name: {{ include "common.fullname" . }}-app-configmap
+ - name: {{ include "common.fullname" . }}-log-conf
+ configMap:
+ name: {{ include "common.fullname" . }}-log
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ configMap:
+ name: {{ .Release.Name }}-so-filebeat-configmap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-log
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
- name: config
mountPath: /app/config
readOnly: true
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
{{ include "helpers.livenessProbe" .| indent 8 }}
ports:
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
protocol: TCP
+ # Filebeat sidecar container
+ - name: {{ include "common.name" . }}-filebeat-onap
+ image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ mountPath: /usr/share/filebeat/data
+ - name: logs
+ mountPath: /var/log/onap/so
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
volumes:
- name: logs
emptyDir: {}
- name: config
configMap:
name: {{ include "common.fullname" . }}-app-configmap
+ - name: {{ include "common.fullname" . }}-log-conf
+ configMap:
+ name: {{ include "common.fullname" . }}-log
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ configMap:
+ name: {{ .Release.Name }}-so-filebeat-configmap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-log
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
- name: config
mountPath: /app/config
readOnly: true
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
{{ include "helpers.livenessProbe" .| indent 8 }}
ports:
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
protocol: TCP
+ # Filebeat sidecar container
+ - name: {{ include "common.name" . }}-filebeat-onap
+ image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ mountPath: /usr/share/filebeat/data
+ - name: logs
+ mountPath: /var/log/onap/so
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
volumes:
- name: logs
emptyDir: {}
- name: config
configMap:
name: {{ include "common.fullname" . }}-app-configmap
+ - name: {{ include "common.fullname" . }}-log-conf
+ configMap:
+ name: {{ include "common.fullname" . }}-log
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ configMap:
+ name: {{ .Release.Name }}-so-filebeat-configmap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
+# Copyright © 2020 Samsung
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
apiVersion: v1
-description: ONAP Postgres Server
-name: pgpool
+description: ONAP SO VE VNFM Adapter (SOL002)
+name: so-ve-vnfm-adapter
version: 5.0.0
--- /dev/null
+# Copyright © 2020 Samsung# Copyright © 2020 Samsung
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+server:
+ port: {{ (index .Values.service.ports 0).port }}
+
+vevnfmadapter:
+ endpoint: https://msb-iag:30283/api/{{ include "common.servicename" . }}/v1
+
+aai:
+ endpoint: https://aai.{{ include "common.namespace" . }}:8443
+
+dmaap:
+ endpoint: http://message-router.{{ include "common.namespace" . }}:3904
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2020 Samsung
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: v1
kind: ConfigMap
metadata:
- name: {{ include "common.fullname" . }}-pgpool-configmap
+ name: {{ include "common.fullname" . }}-configmap
namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+ labels: {{- include "common.labels" . | nindent 4 }}
data:
-{{ tpl (.Files.Glob "configs/*").AsConfig . | indent 2 }}
+ APP: {{ include "common.name" . }}
+---
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-app-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels: {{- include "common.labels" . | nindent 4 }}
+data: {{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | nindent 2 }}
--- /dev/null
+# Copyright © 2020 Samsung
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ index .Values.replicaCount }}
+ template:
+ metadata:
+ labels: {{- include "common.labels" . | nindent 8 }}
+ spec:
+ initContainers:
+ - name: {{ include "common.name" . }}-readiness
+ command:
+ - /root/ready.py
+ args:
+ - --container-name
+ - aai
+ - --container-name
+ - message-router
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ containers:
+ - name: {{ include "common.name" . }}
+ envFrom:
+ - configMapRef:
+ name: {{ include "common.fullname" . }}-configmap
+ image: {{ include "common.repository" . }}/{{ .Values.image }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: logs
+ mountPath: /app/logs
+ - name: config
+ mountPath: /app/config
+ readOnly: true
+ livenessProbe:
+ tcpSocket:
+ port: {{ index .Values.livenessProbe.port }}
+ initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
+ periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
+ successThreshold: {{ index .Values.livenessProbe.successThreshold}}
+ failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
+ ports: {{- include "common.containerPorts" . | nindent 10 }}
+ volumes:
+ - name: logs
+ emptyDir: {}
+ - name: config
+ configMap:
+ name: {{ include "common.fullname" . }}-app-configmap
--- /dev/null
+# Copyright © 2020 Samsung
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.service" . }}
--- /dev/null
+# Copyright © 2020 Samsung
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+global:
+ repository: nexus3.onap.org:10001
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.2
+ persistence:
+ mountPath: /dockerdata-nfs
+image: onap/so/ve-vnfm-adapter:1.6.0
+pullPolicy: Always
+replicaCount: 1
+service:
+ name: ve-vnfm-adapter
+ type: ClusterIP
+ annotations:
+ msb.onap.org/service-info: |
+ {{ if not .Values.global.msbDisabled -}}[
+ {
+ "serviceName": "{{ include "common.servicename" . }}",
+ "version": "v1",
+ "url": "/",
+ "protocol": "REST",
+ "port": "{{ (index .Values.service.ports 0).port }}",
+ "visualRange": "1"
+ }
+ ]{{ end }}
+ ports:
+ - name: http
+ port: 9098
+flavor: small
+resources:
+ small:
+ limits:
+ memory: 512Mi
+ cpu: 500m
+ requests:
+ memory: 256Mi
+ cpu: 250m
+ large:
+ limits:
+ memory: 8Gi
+ cpu: 4000m
+ requests:
+ memory: 2Gi
+ cpu: 1000m
+ unlimited: {}
+livenessProbe:
+ port: 9098
+ initialDelaySeconds: 600
+ periodSeconds: 60
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+nodeSelector: {}
+tolerations: []
+affinity: {}
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-log
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/log/filebeat/filebeat.yml").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ .Release.Name }}-so-filebeat-configmap
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/log/filebeat/filebeat.yml").AsConfig . | indent 2 }}
- name: config
mountPath: /app/config
readOnly: true
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
{{ include "helpers.livenessProbe" .| indent 8 }}
ports:
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
protocol: TCP
+ # Filebeat sidecar container
+ - name: {{ include "common.name" . }}-filebeat-onap
+ image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ mountPath: /usr/share/filebeat/data
+ - name: logs
+ mountPath: /var/log/onap/so
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
volumes:
- name: logs
emptyDir: {}
- name: config
configMap:
name: {{ include "common.fullname" . }}-app-configmap
+ - name: {{ include "common.fullname" . }}-log-conf
+ configMap:
+ name: {{ include "common.fullname" . }}-log
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ configMap:
+ name: {{ .Release.Name }}-so-filebeat-configmap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
repository: nexus3.onap.org:10001
readinessRepository: oomk8s
readinessImage: readiness-check:2.0.2
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
mariadbGalera:
nameOverride: mariadb-galera
serviceName: mariadb-galera
nodeSelector: {}
affinity: {}
+# application configuration
+config:
+ logstashServiceName: log-ls
+ logstashPort: 5044
+
+
#Used only if localCluster is enabled. Instantiates SO's own cassandra cluster
#helm deploy demo local/onap --namespace onap --verbose --set so.enabled=true \
# --set so.global.mariadbGalera.localCluster=true \
"url": "/api/usecaseui-server/v1",
"protocol": "REST",
"port": "{{.Values.service.internalPort}}",
- "visualRange":"1"
+ "visualRange":"1",
+ "enable_ssl": true
}
]'
spec:
# application configuration
-msbaddr: msb-iag.{{include "common.namespace" .}}:80
+msbaddr: msb-iag.{{include "common.namespace" .}}:443
mraddr: message-router.{{include "common.namespace" .}}:3904
# flag to enable debugging - application support required
resources:
small:
limits:
- cpu: 250m
- memory: 250Mi
+ cpu: 1.5
+ memory: 350Mi
requests:
- cpu: 250m
- memory: 250Mi
+ cpu: 1
+ memory: 245Mi
large:
limits:
- cpu: 500m
+ cpu: 2
memory: 500Mi
requests:
- cpu: 500m
+ cpu: 1
memory: 500Mi
unlimited: {}
# application image
repository: nexus3.onap.org:10001
-image: onap/vid:6.0.2
+image: onap/vid:6.0.3
pullPolicy: Always
# mariadb image for initializing
Code Review / oom.git / commitdiff