schema.service.ssl.key-store-password=${KEYSTORE_PASSWORD}
schema.service.ssl.trust-store-password=${TRUSTSTORE_PASSWORD}
{{ end }}
+
+#to expose the Prometheus scraping endpoint
+management.metrics.distribution.percentiles-histogram[http.server.requests]=true
+management.metrics.distribution.sla[http.server.requests]=20ms, 30ms, 40ms, 50ms, 60ms, 70ms, 80ms, 90ms, 100ms, 500ms, 1000ms, 5000ms, 7000ms
\ No newline at end of file
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-blueprintsprocessor:1.3.0
+image: onap/ccsdk-blueprintsprocessor:1.3.1
pullPolicy: Always
# flag to enable debugging - application support required
depends on the content of .Values.
The Deployment always includes a single Pod, with a container that uses
-the DCAE microservice image.
+the DCAE microservice image. The image name and tag are specified by
+.Values.image. By default, the image comes from the ONAP repository
+(registry) set up by the common repositoryGenerator template. A different
+repository for the microservice image can be set using
+.Values.imageRepositoryOverride. Note that this repository must not
+require authentication, because there is no way to specify credentials for
+the override repository. imageRepositoryOverride is intended primarily
+for testing purposes.
The Deployment Pod may also include a logging sidecar container.
The sidecar is included if .Values.log.path is set. The
{{- end }}
{{ include "dcaegen2-services-common._certPostProcessor" . | nindent 4 }}
containers:
- - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ - image: {{ default ( include "repositoryGenerator.repository" . ) .Values.imageRepositoryOverride }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}
env:
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.collectors.datafile.datafile-app-server:1.8.0
+image: onap/org.onap.dcaegen2.collectors.datafile.datafile-app-server:1.9.0
pullPolicy: Always
# Log directory where logging sidecar should look for log files
# Application configuration defaults.
#################################################################
# application image
-image: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.10.0
+image: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.11.0
pullPolicy: Always
# log directory where logging sidecar should look for log files
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.services.pm-mapper:1.8.0
+image: onap/org.onap.dcaegen2.services.pm-mapper:1.9.0
pullPolicy: Always
# Log directory where logging sidecar should look for log files
# Application configuration defaults.
#################################################################
# application image
-image: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.8.0
+image: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.8.1
pullPolicy: Always
# log directory where logging sidecar should look for log files
# Application configuration defaults.
#################################################################
# application image
-image: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.11.0
+image: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.11.1
pullPolicy: Always
# log directory where logging sidecar should look for log files
# Global values
global:
pullPolicy: Always
-image: onap/org.onap.dcaegen2.platform.ves-openapi-manager:1.1.0
+image: onap/org.onap.dcaegen2.platform.ves-openapi-manager:1.2.0
containerPort: &svc_port 8080
service:
containers:
- env:
- name: MSB_PROTO
- value: {{ .Values.config.msbprotocol }}
+ value: "{{ if (include "common.needTLS" .) }}https{{ else }}http{{ end }}"
- name: MSB_ADDR
value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}"
- name: MSB_PORT
- value: "{{ .Values.config.msbPort }}"
+ value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.msbPort }}{{ else }}{{ .Values.config.msbPlainPort }}{{ end }}"
- name: AAI_ADDR
- value: aai.{{ include "common.namespace" . }}
+ value: "aai.{{ include "common.namespace" . }}"
- name: AAI_PORT
- value: "{{ .Values.config.aai.port }}"
+ value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.aai.aaiPort }}{{ else }}{{ .Values.config.aai.aaiPlainPort }}{{ end }}"
- name: AAI_SCHEMA_VERSION
value: "{{ .Values.config.aai.schemaVersion }}"
- name: AAI_USERNAME
- name: AAI_PASSWORD
value: "{{ .Values.config.aai.password }}"
- name: SSL_ENABLED
- value: "{{ .Values.config.ssl_enabled }}"
+ value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.ssl_enabled }}{{ else }}false{{ end }}"
name: {{ include "common.name" . }}
volumeMounts:
- mountPath: "{{ .Values.log.path }}"
httpGet:
path: /api/multicloud-fcaps/v1/healthcheck
port: {{ .Values.service.internalPort }}
- scheme: HTTPS
+ scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
"url": "/api/multicloud-fcaps/v0",
"protocol": "REST",
"port": "{{ .Values.service.externalPort }}",
- "enable_ssl": {{ .Values.config.ssl_enabled }},
+ "enable_ssl": {{ if (include "common.needTLS" .) }}{{ .Values.config.ssl_enabled }}{{ else }}false{{ end }},
"visualRange": "1"
},
{
"url": "/api/multicloud-fcaps/v1",
"protocol": "REST",
"port": "{{ .Values.service.externalPort }}",
- "enable_ssl": {{ .Values.config.ssl_enabled }},
+ "enable_ssl": {{ if (include "common.needTLS" .) }}{{ .Values.config.ssl_enabled }}{{ else }}false{{ end }},
"visualRange": "1"
}
]'
pullPolicy: Always
#Istio sidecar injection policy
-istioSidecar: false
+istioSidecar: true
# application configuration
config:
ssl_enabled: true
- msbprotocol: https
msbgateway: msb-iag
msbPort: 443
+ msbPlainPort: 80
aai:
- port: 8443
+ aaiPort: 8443
+ aaiPlainPort: 8080
schemaVersion: v13
username: AAI
password: AAI
service:
type: ClusterIP
name: multicloud-fcaps
- portName: multicloud-fcaps
+ portName: http
externalPort: 9011
internalPort: 9011
nodePort: 87
"port":9014,
"userName":"healthcheck",
"password":"zb!XztG34",
- "https":true
+ "https":{{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
},
"receptionHandlerParameters":{
"SDCReceptionHandler":{
"sdcConfiguration":{
"parameterClassName":"org.onap.policy.distribution.reception.handling.sdc.SdcReceptionHandlerConfigurationParameterGroup",
"parameters":{
- "asdcAddress": "sdc-be.{{ include "common.namespace" . }}:8443",
+ "asdcAddress": "sdc-be.{{ include "common.namespace" . }}:{{ (eq "true" (include "common.needTLS" .)) | ternary 8443 8080 }}",
"messageBusAddress": [
"message-router.{{ include "common.namespace" . }}"
],
"keystorePassword": "null",
"activeserverTlsAuth": false,
"isFilterinEmptyResources": true,
- "isUseHttpsWithDmaap": false
+ "isUseHttpsWithDmaap": false,
+ "isUseHttpsWithSDC": {{ (eq "true" (include "common.needTLS" .)) | ternary true false }},
+ "httpsproxyHost": "null",
+ "httpproxyHost": "null",
+ "httpsproxyPort": 8181,
+ "httpproxyPort": 8080
}
}
},
"k8sConfiguration":{
"parameterClassName":"org.onap.policy.distribution.forwarding.k8s.K8sArtifactForwarderParameterGroup",
"parameters":{
- "useHttps": true,
+ "useHttps": {{ (eq "true" (include "common.needTLS" .)) | ternary true false }},
"hostname": "pdp",
"port": 8081,
"userName": "testpdp",
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.artifactImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: framework-artifactbroker
command: ["/opt/app/distribution/bin/artifact-dist.sh"]
args: ["/opt/app/distribution/etc/mounted/config.json"]
global:
nodePortPrefixExt: 304
persistence: {}
- artifactImage: onap/multicloud/framework-artifactbroker:1.7.3
+ artifactImage: onap/multicloud/framework-artifactbroker:1.8.1
#################################################################
# Application configuration defaults.
service:
type: ClusterIP
name: multicloud-k8s
- portName: multicloud-k8s
+ portName: http
internalPort: 9015
externalPort: 9015
nodePort: 98
containers:
- env:
- name: MSB_PROTO
- value: {{ .Values.config.msbprotocol }}
+ value: "{{ if (include "common.needTLS" .) }}https{{ else }}http{{ end }}"
- name: MSB_ADDR
value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}"
- name: MSB_PORT
- value: "{{ .Values.config.msbPort }}"
+ value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.msbPort }}{{ else }}{{ .Values.config.msbPlainPort }}{{ end }}"
- name: AAI_ADDR
- value: aai.{{ include "common.namespace" . }}
+ value: "aai.{{ include "common.namespace" . }}"
- name: AAI_PORT
- value: "{{ .Values.config.aai.port }}"
+ value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.aai.aaiPort }}{{ else }}{{ .Values.config.aai.aaiPlainPort }}{{ end }}"
- name: AAI_SCHEMA_VERSION
value: "{{ .Values.config.aai.schemaVersion }}"
- name: AAI_USERNAME
- name: AAI_PASSWORD
value: "{{ .Values.config.aai.password }}"
- name: SSL_ENABLED
- value: "{{ .Values.config.ssl_enabled }}"
+ value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.ssl_enabled }}{{ else }}false{{ end }}"
name: {{ include "common.name" . }}
volumeMounts:
- mountPath: "{{ .Values.log.path }}"
# application configuration
config:
ssl_enabled: false
- msbprotocol: https
msbgateway: msb-iag
msbPort: 443
+ msbPlainPort: 80
aai:
- port: 8443
+ aaiPort: 8443
+ aaiPlainPort: 8080
schemaVersion: v13
username: AAI
password: AAI
service:
type: ClusterIP
name: multicloud-pike
- portName: multicloud-pike
+ portName: http
externalPort: 9007
internalPort: 9007
nodePort: 96
service:
type: ClusterIP
name: multicloud-prometheus
- portName: multicloud-prometheus
+ portName: http
internalPort: 9090
externalPort: 9090
"port":9014,
"userName":"healthcheck",
"password":"zb!XztG34",
- "https":true
+ "https":{{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
},
"receptionHandlerParameters":{
"SDCReceptionHandler":{
"sdcConfiguration":{
"parameterClassName":"org.onap.policy.distribution.reception.handling.sdc.SdcReceptionHandlerConfigurationParameterGroup",
"parameters":{
- "asdcAddress": "sdc-be.{{ include "common.namespace" . }}:8443",
+ "asdcAddress": "sdc-be.{{ include "common.namespace" . }}:{{ (eq "true" (include "common.needTLS" .)) | ternary 8443 8080 }}",
"messageBusAddress": [
"message-router.{{ include "common.namespace" . }}"
],
"keystorePassword": "null",
"activeserverTlsAuth": false,
"isFilterinEmptyResources": true,
- "isUseHttpsWithDmaap": false
+ "isUseHttpsWithDmaap": false,
+ "isUseHttpsWithSDC": {{ (eq "true" (include "common.needTLS" .)) | ternary true false }},
+ "httpsproxyHost": "null",
+ "httpproxyHost": "null",
+ "httpsproxyPort": 8181,
+ "httpproxyPort": 8080
}
}
},
containers:
- env:
- name: MSB_PROTO
- value: {{ .Values.config.msbprotocol }}
+ value: "{{ if (include "common.needTLS" .) }}https{{ else }}http{{ end }}"
- name: MSB_ADDR
value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}"
- name: MSB_PORT
- value: "{{ .Values.config.msbPort }}"
+ value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.msbPort }}{{ else }}{{ .Values.config.msbPlainPort }}{{ end }}"
- name: AAI_ADDR
- value: aai.{{ include "common.namespace" . }}
+ value: "aai.{{ include "common.namespace" . }}"
- name: AAI_PORT
- value: "{{ .Values.config.aai.port }}"
+ value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.aai.aaiPort }}{{ else }}{{ .Values.config.aai.aaiPlainPort }}{{ end }}"
- name: AAI_SCHEMA_VERSION
value: "{{ .Values.config.aai.schemaVersion }}"
- name: AAI_USERNAME
- name: AAI_PASSWORD
value: "{{ .Values.config.aai.password }}"
- name: SSL_ENABLED
- value: "{{ .Values.config.ssl_enabled }}"
+ value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.ssl_enabled }}{{ else }}false{{ end }}"
name: {{ include "common.name" . }}
volumeMounts:
- mountPath: "{{ .Values.log.path }}"
httpGet:
path: /api/multicloud-starlingx/v0/swagger.json
port: {{ .Values.service.internalPort }}
- scheme: HTTPS
+ scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
"url": "/api/multicloud-starlingx/v0",
"protocol": "REST",
"port": "{{ .Values.service.externalPort }}",
- "enable_ssl": {{ .Values.config.ssl_enabled }},
+ "enable_ssl": {{ if (include "common.needTLS" .) }}{{ .Values.config.ssl_enabled }}{{ else }}false{{ end }},
"visualRange": "1"
},
{
"url": "/api/multicloud-starlingx/v1",
"protocol": "REST",
"port": "{{ .Values.service.externalPort }}",
- "enable_ssl": {{ .Values.config.ssl_enabled }},
+ "enable_ssl": {{ if (include "common.needTLS" .) }}{{ .Values.config.ssl_enabled }}{{ else }}false{{ end }},
"visualRange": "1"
}
]'
#################################################################
global:
nodePortPrefixExt: 304
- artifactImage: onap/multicloud/framework-artifactbroker:1.7.3
+ artifactImage: onap/multicloud/framework-artifactbroker:1.8.1
#################################################################
# Application configuration defaults.
# application configuration
config:
ssl_enabled: true
- msbprotocol: https
msbgateway: msb-iag
msbPort: 443
+ msbPlainPort: 80
aai:
- port: 8443
+ aaiPort: 8443
+ aaiPlainPort: 8080
schemaVersion: v13
username: AAI
password: AAI
spec:
containers:
- env:
+ - name: MSB_PROTO
+ value: "{{ if (include "common.needTLS" .) }}https{{ else }}http{{ end }}"
- name: MSB_ADDR
- value: "{{ .Values.config.msbgateway }}"
+ value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}"
- name: MSB_PORT
- value: "{{ .Values.config.msbPort }}.{{ include "common.namespace" . }}"
+ value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.msbPort }}{{ else }}{{ .Values.config.msbPlainPort }}{{ end }}"
- name: AAI_ADDR
- value: aai.{{ include "common.namespace" . }}
+ value: "aai.{{ include "common.namespace" . }}"
- name: AAI_PORT
- value: "{{ .Values.config.aai.port }}"
+ value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.aai.aaiPort }}{{ else }}{{ .Values.config.aai.aaiPlainPort }}{{ end }}"
- name: AAI_SCHEMA_VERSION
value: "{{ .Values.config.aai.schemaVersion }}"
- name: AAI_USERNAME
# Application configuration defaults.
#################################################################
# application image
-image: onap/multicloud/vio:1.4.1
+image: onap/multicloud/vio:1.4.2
pullPolicy: Always
#Istio sidecar injection policy
# application configuration
config:
msbgateway: msb-iag
- msbPort: 80
+ msbPort: 443
+ msbPlainPort: 80
aai:
- port: 8443
+ aaiPort: 8443
+ aaiPlainPort: 8080
schemaVersion: v13
username: AAI
password: AAI
service:
type: ClusterIP
name: multicloud-vio
- portName: multicloud-vio
+ portName: http
externalPort: 9004
internalPort: 9004
nodePort: 92
"port":9014,
"userName":"healthcheck",
"password":"zb!XztG34",
- "https":true
+ "https":{{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
},
"receptionHandlerParameters":{
"SDCReceptionHandler":{
"sdcConfiguration":{
"parameterClassName":"org.onap.policy.distribution.reception.handling.sdc.SdcReceptionHandlerConfigurationParameterGroup",
"parameters":{
- "asdcAddress": "sdc-be.{{ include "common.namespace" . }}:8443",
+ "asdcAddress": "sdc-be.{{ include "common.namespace" . }}:{{ (eq "true" (include "common.needTLS" .)) | ternary 8443 8080 }}",
"messageBusAddress": [
"message-router.{{ include "common.namespace" . }}"
],
"keystorePassword": "null",
"activeserverTlsAuth": false,
"isFilterinEmptyResources": true,
- "isUseHttpsWithDmaap": false
+ "isUseHttpsWithDmaap": false,
+ "isUseHttpsWithSDC": {{ (eq "true" (include "common.needTLS" .)) | ternary true false }},
+ "httpsproxyHost": "null",
+ "httpproxyHost": "null",
+ "httpsproxyPort": 8181,
+ "httpproxyPort": 8080
}
}
},
containers:
- env:
- name: MSB_PROTO
- value: {{ .Values.config.msbprotocol }}
+ value: "{{ if (include "common.needTLS" .) }}https{{ else }}http{{ end }}"
- name: MSB_ADDR
value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}"
- name: MSB_PORT
- value: "{{ .Values.config.msbPort }}"
+ value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.msbPort }}{{ else }}{{ .Values.config.msbPlainPort }}{{ end }}"
- name: AAI_ADDR
- value: aai.{{ include "common.namespace" . }}
+ value: "aai.{{ include "common.namespace" . }}"
- name: AAI_PORT
- value: "{{ .Values.config.aai.port }}"
+ value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.aai.aaiPort }}{{ else }}{{ .Values.config.aai.aaiPlainPort }}{{ end }}"
- name: AAI_SCHEMA_VERSION
value: "{{ .Values.config.aai.schemaVersion }}"
- name: AAI_USERNAME
- name: AAI_PASSWORD
value: "{{ .Values.config.aai.password }}"
- name: SSL_ENABLED
- value: "{{ .Values.config.ssl_enabled }}"
+ value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.ssl_enabled }}{{ else }}false{{ end }}"
name: {{ include "common.name" . }}
volumeMounts:
- mountPath: "{{ .Values.log.path }}"
httpGet:
path: /api/multicloud-titaniumcloud/v1/swagger.json
port: {{ .Values.service.internalPort }}
- scheme: HTTPS
+ scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
"url": "/api/multicloud-titanium_cloud/v0",
"protocol": "REST",
"port": "{{ .Values.service.externalPort }}",
- "enable_ssl": {{ .Values.config.ssl_enabled }},
+ "enable_ssl": {{ if (include "common.needTLS" .) }}{{ .Values.config.ssl_enabled }}{{ else }}false{{ end }},
"visualRange": "1"
},
{
"url": "/api/multicloud-titaniumcloud/v0",
"protocol": "REST",
"port": "{{ .Values.service.externalPort }}",
- "enable_ssl": {{ .Values.config.ssl_enabled }},
+ "enable_ssl": {{ if (include "common.needTLS" .) }}{{ .Values.config.ssl_enabled }}{{ else }}false{{ end }},
"visualRange": "1"
},
{
"url": "/api/multicloud-titaniumcloud/v1",
"protocol": "REST",
"port": "{{ .Values.service.externalPort }}",
- "enable_ssl": {{ .Values.config.ssl_enabled }},
+ "enable_ssl": {{ if (include "common.needTLS" .) }}{{ .Values.config.ssl_enabled }}{{ else }}false{{ end }},
"visualRange": "1"
}
]'
#################################################################
global:
nodePortPrefix: 302
- artifactImage: onap/multicloud/framework-artifactbroker:1.7.3
+ artifactImage: onap/multicloud/framework-artifactbroker:1.8.1
persistence: {}
#################################################################
# application configuration
config:
ssl_enabled: true
- msbprotocol: https
msbgateway: msb-iag
msbPort: 443
+ msbPlainPort: 80
aai:
- port: 8443
+ aaiPort: 8443
+ aaiPlainPort: 8080
schemaVersion: v13
username: AAI
password: AAI
containers:
- env:
- name: MSB_PROTO
- value: {{ .Values.config.msbprotocol }}
+ value: "{{ if (include "common.needTLS" .) }}https{{ else }}http{{ end }}"
- name: MSB_ADDR
- value: {{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}
+ value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}"
- name: MSB_PORT
- value: "{{ .Values.config.msbPort }}"
+ value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.msbPort }}{{ else }}{{ .Values.config.msbPlainPort }}{{ end }}"
- name: AAI_ADDR
value: "aai.{{ include "common.namespace" . }}"
- name: AAI_PORT
- value: "{{ .Values.config.aai.port }}"
+ value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.aai.aaiPort }}{{ else }}{{ .Values.config.aai.aaiPlainPort }}{{ end }}"
- name: AAI_SCHEMA_VERSION
value: "{{ .Values.config.aai.schemaVersion }}"
- name: AAI_USERNAME
- name: AAI_PASSWORD
value: "{{ .Values.config.aai.password }}"
- name: SSL_ENABLED
- value: "{{ .Values.config.ssl_enabled }}"
+ value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.ssl_enabled }}{{ else }}false{{ end }}"
resources:
{{ include "common.resources" . | indent 12 }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
httpGet:
path: /api/multicloud/v0/swagger.json
port: {{ .Values.service.internalPort }}
- scheme: HTTPS
+ scheme: "{{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}"
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
apiVersion: v1
kind: Service
metadata:
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.name }}
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
"url": "/api/multicloud/v0",
"protocol": "REST",
"port": "{{ .Values.service.externalPort }}",
+ {{if (include "common.needTLS" .) -}}
"enable_ssl": {{ .Values.config.ssl_enabled }},
+ {{- else -}}
+ "enable_ssl": false,
+ {{- end}}
"visualRange": "1"
},
{
"url": "/api/multicloud/v1",
"protocol": "REST",
"port": "{{ .Values.service.externalPort }}",
- "enable_ssl": {{ .Values.config.ssl_enabled }},
+ "enable_ssl": {{ if (include "common.needTLS" .) }}{{ .Values.config.ssl_enabled }}{{ else }}false{{ end }},
"visualRange": "1"
}
]'
#################################################################
global:
nodePortPrefix: 302
- artifactImage: onap/multicloud/framework-artifactbroker:1.7.3
+ artifactImage: onap/multicloud/framework-artifactbroker:1.8.1
prometheus:
enabled: false
persistence: {}
# Application configuration defaults.
#################################################################
# application image
-image: onap/multicloud/framework:1.7.3
+image: onap/multicloud/framework:1.8.1
pullPolicy: Always
#Istio sidecar injection policy
# application configuration
config:
ssl_enabled: true
- msbprotocol: https
msbgateway: msb-iag
- msbPort: 443
logstashServiceName: log-ls
logstashPort: 5044
+ msbPort: 443
+ msbPlainPort: 80
aai:
- port: 8443
+ aaiPort: 8443
+ aaiPlainPort: 8080
schemaVersion: v13
username: AAI
password: AAI
service:
type: ClusterIP
name: multicloud
- portName: multicloud-framework
+ portName: http
externalPort: 9001
internalPort: 9001
nodePort: 91
global: # global defaults
nodePortPrefix: 302
image:
- optf_has: onap/optf-has:2.3.0
+ optf_has: onap/optf-has:2.3.1
#################################################################
# secrets metaconfig
global:
image:
- optf_has: onap/optf-has:2.3.0
+ optf_has: onap/optf-has:2.3.1
#################################################################
# Secrets metaconfig
global:
image:
- optf_has: onap/optf-has:2.3.0
+ optf_has: onap/optf-has:2.3.1
#################################################################
# secrets metaconfig
global:
image:
- optf_has: onap/optf-has:2.3.0
+ optf_has: onap/optf-has:2.3.1
#################################################################
# secrets metaconfig
global:
image:
- optf_has: onap/optf-has:2.3.0
+ optf_has: onap/optf-has:2.3.1
#################################################################
# secrets metaconfig
# Base URL for DCAE, up to and not including the version, and without a
# trailing slash. (string value)
-server_url = https://{{.Values.config.dcae.service}}.{{ include "common.namespace" . }}:{{.Values.config.dcae.port}}
+server_url = http://{{.Values.config.dcae.service}}.{{ include "common.namespace" . }}:{{.Values.config.dcae.port}}
# Timeout for DCAE Rest Call (string value)
#dcae_rest_timeout = 30
# Password for DCAE. (string value)
#password =
-get_slice_config_url = "/api/v1/slices-config"
\ No newline at end of file
+get_slice_config_url = "/api/v1/slices-config"
global:
commonConfigPrefix: onap-oof-has
image:
- optf_has: onap/optf-has:2.3.0
+ optf_has: onap/optf-has:2.3.1
persistence:
enabled: true
resources: *etcd-resources
# Python doesn't support well dollar sign in password
-passwordStrengthOverride: basic
\ No newline at end of file
+passwordStrengthOverride: basic
# Application configuration defaults.
#################################################################
# application image
-image: onap/optf-osdf:3.0.6
+image: onap/optf-osdf:3.0.7
pullPolicy: Always
# flag to enable debugging - application support required
# ============LICENSE_START=======================================================
# Copyright (C) 2018 Ericsson. All rights reserved.
# Modifications Copyright (C) 2020 AT&T Intellectual Property.
+# Modifications Copyright © 2022 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }}
- name: RESTSERVER_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "password") | indent 10 }}
+{{- if .Values.config.useStrimziKafka }}
+ - name: JAASLOGIN
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-kafka-user" "key" "sasl.jaas.config") | indent 10 }}
+{{- end }}
volumeMounts:
- mountPath: /config-input
name: apexconfig-input
# ============LICENSE_START=======================================================
# Copyright (C) 2018 Ericsson. All rights reserved.
# Modifications Copyright (C) 2019-2021 AT&T Intellectual Property.
+# Modifications Copyright © 2022 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
password: '{{ .Values.certStores.keyStorePassword }}'
passwordPolicy: required
+ - uid: policy-kafka-user
+ externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
+ type: genericKV
+ envs:
+ - name: sasl.jaas.config
+ value: '{{ .Values.config.someConfig }}'
+ policy: generate
#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-apex-pdp:2.7.3
+image: onap/policy-apex-pdp:2.8.0
pullPolicy: Always
# flag to enable debugging - application support required
chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
release: '{{ include "common.release" . }}'
heritage: '{{ .Release.Service }}'
+
+# application configuration
+config:
+# Event consumption (kafka) properties
+ useStrimziKafka: true
+ kafkaBootstrap: strimzi-kafka-bootstrap
+ kafka:
+ consumer:
+ groupId: policy-group
+ app:
+ listener:
+ policyPdpPapTopic: policy-pdp-pap
+# If targeting a custom kafka cluster, ie useStrimziKakfa: false
+# uncomment below config and target your kafka bootstrap servers,
+# along with any other security config.
+#
+# eventConsumption:
+# spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
+# spring.kafka.security.protocol: PLAINTEXT
+# spring.kafka.consumer.group-id: policy-group
+#
+# Any new property can be added in the env by setting in overrides in the format mentioned below
+# All the added properties must be in "key: value" format instead of yaml.
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-api:2.6.3
+image: onap/policy-api:2.7.0
pullPolicy: Always
# flag to enable debugging - application support required
password: ${RESTSERVER_PASSWORD}
{{- if .Values.config.useStrimziKafka }}
kafka:
+ consumer:
+ group-id: {{ .Values.config.kafka.consumer.groupId }}
bootstrap-servers: {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
security.protocol: SASL_PLAINTEXT
properties.sasl:
mechanism: SCRAM-SHA-512
jaas.config: ${JAASLOGIN}
{{ else }}
-{{ toYaml .Values.config.eventPublisher | nindent 2 }}
+{{ toYaml .Values.config.eventConsumption | nindent 2 }}
{{- end }}
-{{- if .Values.config.additional }}
-{{ toYaml .Values.config.additional | nindent 2 }}
-{{- end }}
security:
enable-csrf: false
- ${topicServer:message-router}
topicCommInfrastructure: dmaap
useHttps: true
+# If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below
+# clampAutomationCompositionTopics:
+# topicSources:
+# - topic: policy-acruntime-participant
+# servers:
+# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
+# topicCommInfrastructure: kafka
+# fetchTimeout: 15000
+# useHttps: true
+# additionalProps:
+# security.protocol: SASL_PLAINTEXT
+# sasl.mechanism: SCRAM-SHA-512
+# sasl.jaas.config: ${JAASLOGIN}
+# topicSinks:
+# - topic: policy-acruntime-participant
+# servers:
+# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
+# topicCommInfrastructure: kafka
+# useHttps: true
+# additionalProps:
+# security.protocol: SASL_PLAINTEXT
+# sasl.mechanism: SCRAM-SHA-512
+# sasl.jaas.config: ${JAASLOGIN}
management:
endpoints:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-ac-http-ppnt:6.2.3
+image: onap/policy-clamp-ac-http-ppnt:6.3.0
pullPolicy: Always
# application configuration
user:
name: ${RESTSERVER_USER}
password: ${RESTSERVER_PASSWORD}
-{{- if .Values.config.useStrimziKafka }}
kafka:
+ consumer:
+ group-id: {{ .Values.config.kafka.consumer.groupId }}
+{{- if .Values.config.useStrimziKafka }}
bootstrap-servers: {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
security.protocol: SASL_PLAINTEXT
properties.sasl:
mechanism: SCRAM-SHA-512
jaas.config: ${JAASLOGIN}
{{ else }}
-{{ toYaml .Values.config.eventPublisher | nindent 2 }}
+{{ toYaml .Values.config.eventConsumption | nindent 2 }}
{{- end }}
-{{- if .Values.config.additional }}
-{{ toYaml .Values.config.additional | nindent 2 }}
-{{- end }}
security:
enable-csrf: false
topicCommInfrastructure: dmaap
useHttps: true
+# If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below
+# clampAutomationCompositionTopics:
+# topicSources:
+# -
+# topic: policy-acruntime-participant
+# servers:
+# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
+# topicCommInfrastructure: kafka
+# fetchTimeout: 15000
+# useHttps: true
+# additionalProps:
+# security.protocol: SASL_PLAINTEXT
+# sasl.mechanism: SCRAM-SHA-512
+# sasl.jaas.config: ${JAASLOGIN}
+# topicSinks:
+# -
+# topic: policy-acruntime-participant
+# servers:
+# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
+# topicCommInfrastructure: kafka
+# useHttps: true
+# additionalProps:
+# security.protocol: SASL_PLAINTEXT
+# sasl.mechanism: SCRAM-SHA-512
+# sasl.jaas.config: ${JAASLOGIN}
+
management:
endpoints:
web:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-ac-k8s-ppnt:6.2.3
+image: onap/policy-clamp-ac-k8s-ppnt:6.3.0
pullPolicy: Always
# flag to enable debugging - application support required
user:
name: ${RESTSERVER_USER}
password: ${RESTSERVER_PASSWORD}
-{{- if .Values.config.useStrimziKafka }}
kafka:
+ consumer:
+ group-id: {{ .Values.config.kafka.consumer.groupId }}
+{{- if .Values.config.useStrimziKafka }}
bootstrap-servers: {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
security.protocol: SASL_PLAINTEXT
properties.sasl:
mechanism: SCRAM-SHA-512
jaas.config: ${JAASLOGIN}
{{ else }}
-{{ toYaml .Values.config.eventPublisher | nindent 2 }}
+{{ toYaml .Values.config.eventConsumption | nindent 2 }}
{{- end }}
-{{- if .Values.config.additional }}
-{{ toYaml .Values.config.additional | nindent 2 }}
-{{- end }}
security:
enable-csrf: false
topicCommInfrastructure: dmaap
useHttps: true
+# If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below
+# clampAutomationCompositionTopics:
+# topicSources:
+# -
+# topic: policy-acruntime-participant
+# servers:
+# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
+# topicCommInfrastructure: kafka
+# fetchTimeout: 15000
+# useHttps: true
+# additionalProps:
+# security.protocol: SASL_PLAINTEXT
+# sasl.mechanism: SCRAM-SHA-512
+# sasl.jaas.config: ${JAASLOGIN}
+# topicSinks:
+# -
+# topic: policy-acruntime-participant
+# servers:
+# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
+# topicCommInfrastructure: kafka
+# useHttps: true
+# additionalProps:
+# security.protocol: SASL_PLAINTEXT
+# sasl.mechanism: SCRAM-SHA-512
+# sasl.jaas.config: ${JAASLOGIN}
+
management:
endpoints:
web:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-ac-pf-ppnt:6.2.3
+image: onap/policy-clamp-ac-pf-ppnt:6.3.0
pullPolicy: Always
# flag to enable debugging - application support required
flavor: small
# application image
-image: onap/policy-clamp-backend:6.2.3
+image: onap/policy-clamp-backend:6.3.0
pullPolicy: Always
# flag to enable debugging - application support required
hibernate:
dialect: org.hibernate.dialect.MariaDB103Dialect
format_sql: true
-{{- if .Values.config.useStrimziKafka }}
kafka:
+ consumer:
+ group-id: {{ .Values.config.kafka.consumer.groupId }}
+{{- if .Values.config.useStrimziKafka }}
bootstrap-servers: {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
security.protocol: SASL_PLAINTEXT
properties.sasl:
mechanism: SCRAM-SHA-512
jaas.config: ${JAASLOGIN}
{{ else }}
-{{ toYaml .Values.config.eventPublisher | nindent 2 }}
-{{- end }}
-
-{{- if .Values.config.additional }}
-{{ toYaml .Values.config.additional | nindent 2 }}
+{{ toYaml .Values.config.eventConsumption | nindent 2 }}
{{- end }}
security:
topicCommInfrastructure: dmaap
useHttps: true
+# If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below
+# topicParameterGroup:
+# topicSources:
+# -
+# topic: policy-acruntime-participant
+# servers:
+# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
+# topicCommInfrastructure: kafka
+# useHttps: true
+# fetchTimeout: 15000
+# additionalProps:
+# security.protocol: SASL_PLAINTEXT
+# sasl.mechanism: SCRAM-SHA-512
+# sasl.jaas.config: ${JAASLOGIN}
+# topicSinks:
+# -
+# topic: policy-acruntime-participant
+# servers:
+# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
+# topicCommInfrastructure: kafka
+# useHttps: true
+# additionalProps:
+# security.protocol: SASL_PLAINTEXT
+# sasl.mechanism: SCRAM-SHA-512
+# sasl.jaas.config: ${JAASLOGIN}
+
management:
endpoints:
web:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-runtime-acm:6.2.3
+image: onap/policy-clamp-runtime-acm:6.3.0
pullPolicy: Always
# flag to enable debugging - application support required
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-distribution:2.7.3
+image: onap/policy-distribution:2.8.0
pullPolicy: Always
# flag to enable debugging - application support required
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-pdpd-cl:1.10.3
+image: onap/policy-pdpd-cl:1.11.0
pullPolicy: Always
# flag to enable debugging - application support required
flavor: small
# application image
-image: onap/policy-gui:2.2.3
+image: onap/policy-gui:2.3.0
pullPolicy: Always
# flag to enable debugging - application support required
# ============LICENSE_START=======================================================
# Copyright (C) 2022 Bell Canada. All rights reserved.
+# Modifications Copyright © 2022 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
naming:
physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
implicit-strategy: org.onap.policy.common.spring.utils.CustomImplicitNamingStrategy
-{{- if .Values.config.useStrimziKafka }}
kafka:
+ consumer:
+ group-id: {{ .Values.config.kafka.consumer.groupId }}
+{{- if .Values.config.useStrimziKafka }}
bootstrap-servers: {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
security.protocol: SASL_PLAINTEXT
properties.sasl:
mechanism: SCRAM-SHA-512
jaas.config: ${JAASLOGIN}
{{ else }}
-{{ toYaml .Values.config.eventPublisher | nindent 2 }}
-{{- end }}
-
-{{- if .Values.config.additional }}
-{{ toYaml .Values.config.additional | nindent 2 }}
+{{ toYaml .Values.config.eventConsumption | nindent 2 }}
{{- end }}
server:
- message-router
useHttps: true
topicCommInfrastructure: dmaap
+# If Strimzi Kafka to be used for communication, replace following configuration for topicSources and topicSinks
+# servers:
+# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
+# topicCommInfrastructure: kafka
+# additionalProps:
+# security.protocol: SASL_PLAINTEXT
+# sasl.mechanism: SCRAM-SHA-512
+# sasl.jaas.config: ${JAASLOGIN}
+
healthCheckRestClientParameters:
- clientName: api
hostname: policy-api
# Copyright (C) 2019 Nordix Foundation.
# Modifications Copyright (C) 2019-2021 AT&T Intellectual Property.
# Modifications Copyright (C) 2020-2022 Bell Canada. All rights reserved.
+# Modifications Copyright © 2022 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-pap:2.6.3
+image: onap/policy-pap:2.7.0
pullPolicy: Always
# flag to enable debugging - application support required
kafkaBootstrap: strimzi-kafka-bootstrap
kafka:
consumer:
- groupId: poicy-group
+ groupId: policy-group
app:
listener:
policyPdpPapTopic: policy-pdp-pap
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-xacml-pdp:2.6.3
+image: onap/policy-xacml-pdp:2.7.0
pullPolicy: Always
# flag to enable debugging - application support required
{{/*
# Copyright © 2022 Nordix Foundation
+# Modifications Copyright © 2022 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- resource:
type: group
name: {{ .Values.config.acRuntimeTopic.consumer.groupId }}
- operation: Read
+ operation: All
- resource:
type: topic
name: {{ .Values.config.acRuntimeTopic.name }}
- operation: Read
+ operation: All
- resource:
type: topic
- name: {{ .Values.config.acRuntimeTopic.name }}
- operation: Write
+ name: {{ .Values.config.policyPdpPapTopic.name }}
+ operation: All
+ - resource:
+ type: topic
+ name: {{ .Values.config.policyHeartbeatTopic.name }}
+ operation: All
+ - resource:
+ type: topic
+ name: {{ .Values.config.policyNotificationTopic.name }}
+ operation: All
{{- end }}
segmentBytes: 1073741824
consumer:
groupId: policy-group
+ someConfig: blah
mariadb-galera:
# mariadb-galera.config and global.mariadb.config must be equals
# only use the root password if the database has already been initializaed
# so that it won't try to fill in a password file when it hasn't been set yet
extraArgs=""
- if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
+ if [ "$DATABASE_ALREADY_EXISTS" = "false" ]; then
extraArgs=${extraArgs}" --dont-use-mysql-root-password"
fi
if echo 'SELECT 1' |docker_process_sql ${extraArgs} --database=mysql >/dev/null 2>&1; then
fi
# there's no database, so it needs to be initialized
- if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
+ if [ "$DATABASE_ALREADY_EXISTS" = "false" ]; then
docker_verify_minimum_env
# check dir permissions to reduce likelihood of half-initialized database
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdc-backend-all-plugins:1.11.6
-backendInitImage: onap/sdc-backend-init:1.11.6
+image: onap/sdc-backend-all-plugins:1.11.8
+backendInitImage: onap/sdc-backend-init:1.11.8
pullPolicy: Always
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-cassandra:1.11.6
-cassandraInitImage: onap/sdc-cassandra-init:1.11.6
+image: onap/sdc-cassandra:1.11.8
+cassandraInitImage: onap/sdc-cassandra-init:1.11.8
pullPolicy: Always
config:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdc-frontend:1.11.6
+image: onap/sdc-frontend:1.11.8
pullPolicy: Always
config:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdc-onboard-backend:1.11.6
-onboardingInitImage: onap/sdc-onboard-cassandra-init:1.11.6
+image: onap/sdc-onboard-backend:1.11.8
+onboardingInitImage: onap/sdc-onboard-cassandra-init:1.11.8
pullPolicy: Always
# flag to enable debugging - application support required
type: tls
configuration:
bootstrap:
- nodePort: {{ .Values.global.nodePortPrefixExt }}91
+ nodePort: {{ .Values.global.nodePortPrefixExt }}93
brokers:
- broker: 0
- nodePort: {{ .Values.global.nodePortPrefixExt }}92
+ nodePort: {{ .Values.global.nodePortPrefixExt }}90
- broker: 1
- nodePort: {{ .Values.global.nodePortPrefixExt }}93
+ nodePort: {{ .Values.global.nodePortPrefixExt }}91
+ - broker: 2
+ nodePort: {{ .Values.global.nodePortPrefixExt }}92
authorization:
type: simple
superUsers: