https://storage.googleapis.com/kubernetes-release/release/v1.15.2/bin/linux/amd64/kubectl
https://storage.googleapis.com/kubernetes-release/release/v1.15.2/bin/darwin/amd64/kubectl
+You only need to install kubectl where you'll launch kubernetes command. This
+can be any machines of the kubernetes cluster or a machine that has IP access
+to the APIs.
+Usually, we use the first controller as it has also access to internal
+Kubernetes services, which can be convenient.
+
Validate deployment
-------------------
env:
# This sets the port that CDT will use to connect to the main appc container.
# The 11 is the node port suffix that is used in the main appc oom templates
- # for nodePort4. This value will be configured in appc main chart in appc-cdt section.
+ # for nodePort3. This value will be configured in appc main chart in appc-cdt section.
- name: CDT_PORT
- value: "{{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.nodePort4 }}"
+ value: "{{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.nodePort3 }}"
volumeMounts:
- mountPath: /etc/localtime
name: localtime
APPC_HOME=${APPC_HOME:-/opt/onap/appc}
MYSQL_PASSWD=${MYSQL_ROOT_PASSWORD}
-APPC_DB_USER=${APPC_DB_USER:-appcctl}
-APPC_DB_PASSWD=${APPC_DB_PASSWD:-appcctl}
-APPC_DB_DATABASE=${SDN_DB_DATABASE:-appcctl}
+APPC_DB_USER=${APPC_DB_USER}
+APPC_DB_PASSWD=${APPC_DB_PASSWD}
+APPC_DB_DATABASE={{.Values.config.appcdb.dbName}}
+SDNC_DB_DATABASE={{.Values.config.sdncdb.dbName}}
# Create tablespace and user account
if [ -f ${APPC_HOME}/data/appcctl.dump ]
then
- mysql -h {{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}} -u root -p${MYSQL_PASSWD} appcctl < ${APPC_HOME}/data/appcctl.dump
+ mysql -h {{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}} -u root -p${MYSQL_PASSWD} ${APPC_DB_DATABASE} < ${APPC_HOME}/data/appcctl.dump
fi
if [ -f ${APPC_HOME}/data/sdnctl.dump ]
then
- mysql -h {{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}} -u root -p${MYSQL_PASSWD} sdnctl < ${APPC_HOME}/data/sdnctl.dump
+ mysql -h {{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}} -u root -p${MYSQL_PASSWD} ${SDNC_DB_DATABASE} < ${APPC_HOME}/data/sdnctl.dump
fi
if [ -f ${APPC_HOME}/data/sqlData.dump ]
then
- mysql -h {{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}} -u root -p${MYSQL_PASSWD} sdnctl < ${APPC_HOME}/data/sqlData.dump
+ mysql -h {{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}} -u root -p${MYSQL_PASSWD} ${SDNC_DB_DATABASE} < ${APPC_HOME}/data/sqlData.dump
fi
appc.topology.dg.version=2.0.0
# TEMP - Properties that might be needed to make the AAI-APPC connection
-org.onap.appc.db.url.appcctl=jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}:3306/appcctl
-org.onap.appc.db.user.appcctl=appcctl
-org.onap.appc.db.pass.appcctl=appcctl
+org.onap.appc.db.url.appcctl=jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}:3306/{{.Values.config.appcdb.dbName}}
+org.onap.appc.db.user.appcctl=${APPC_DB_USER}
+org.onap.appc.db.pass.appcctl=${APPC_DB_PASSWD}
-org.onap.appc.db.url.sdnctl=jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}:3306/sdnctl
-org.onap.appc.db.user.sdnctl=sdnctl
-org.onap.appc.db.pass.sdnctl=gamma
+org.onap.appc.db.url.sdnctl=jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}:3306/{{.Values.config.sdncdb.dbName}}
+org.onap.appc.db.user.sdnctl=${SDNC_DB_USER}
+org.onap.appc.db.pass.sdnctl=${SDNC_DB_PASSWD}
### ###
org.onap.ccsdk.sli.dbtype=jdbc
org.onap.ccsdk.sli.jdbc.hosts=dbhost
-org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}:3306/sdnctl
+org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}:3306/{{.Values.config.sdncdb.dbName}}
org.onap.ccsdk.sli.jdbc.driver=org.mariadb.jdbc.Driver
-org.onap.ccsdk.sli.jdbc.database=sdnctl
-org.onap.ccsdk.sli.jdbc.user=sdnctl
-org.onap.ccsdk.sli.jdbc.password=gamma
+org.onap.ccsdk.sli.jdbc.database={{.Values.config.sdncdb.dbName}}
+org.onap.ccsdk.sli.jdbc.user=${SDNC_DB_USER}
+org.onap.ccsdk.sli.jdbc.password=${SDNC_DB_PASSWD}
org.onap.ccsdk.sli.jdbc.connection.name=sdnctldb01
org.onap.ccsdk.sli.jdbc.connection.timeout=50
org.onap.ccsdk.sli.jdbc.request.timeout=100
org.onap.ccsdk.sli.jdbc.limit.min=10
org.onap.ccsdk.sli.jdbc.limit.max=20
org.onap.dblib.connection.recovery=false
-
org.onap.ccsdk.sli.dbtype = dblib
#Note : the next 4 fields are only used if org.onap.ccsdk.sli.dbtype = jdbc
-org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}:3306/sdnctl
-org.onap.ccsdk.sli.jdbc.database=sdnctl
-org.onap.ccsdk.sli.jdbc.user=sdnctl
-org.onap.ccsdk.sli.jdbc.password=gamma
+org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}:3306/{{.Values.config.sdncdb.dbName}}
+org.onap.ccsdk.sli.jdbc.database={{.Values.config.sdncdb.dbName}}
+org.onap.ccsdk.sli.jdbc.user=${SDNC_DB_USER}
+org.onap.ccsdk.sli.jdbc.password=${SDNC_DB_PASSWD}
org.xml.sax.driver=org.apache.xerces.parsers.SAXParser
-
# ECOMP is a trademark and service mark of AT&T Intellectual Property.
###
-MYSQL_USER=${MYSQL_USER:-sdnctl}
-MYSQL_PWD=${MYSQL_PWD:-gamma}
-MYSQL_DB=${MYSQL_DB:-sdnctl}
+MYSQL_USER=${SDNC_DB_USER}
+MYSQL_PWD=${SDNC_DB_PASSWD}
+MYSQL_DB={{.Values.config.sdncdb.dbName}}
MYSQL_HOST=${MYSQL_HOST:-{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}}
mysql --user=${MYSQL_USER} --password=${MYSQL_PWD} --host=${MYSQL_HOST} ${MYSQL_DB} <<-END
###
org.onap.ccsdk.sli.dbtype = jdbc
-org.onap.ccsdk.sli.jdbc.url = jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}:3306/sdnctl
-org.onap.ccsdk.sli.jdbc.database = sdnctl
-org.onap.ccsdk.sli.jdbc.user = sdnctl
-org.onap.ccsdk.sli.jdbc.password = gamma
-
+org.onap.ccsdk.sli.jdbc.url = jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}:3306/{{.Values.config.sdncdb.dbName}}
+org.onap.ccsdk.sli.jdbc.database = {{.Values.config.sdncdb.dbName}}
+org.onap.ccsdk.sli.jdbc.user = ${SDNC_DB_USER}
+org.onap.ccsdk.sli.jdbc.password = ${SDNC_DB_PASSWD}
SDNC_HOME=${SDNC_HOME:-/opt/onap/ccsdk}
MYSQL_PASSWD=${MYSQL_ROOT_PASSWORD}
-SDNC_DB_USER=${SDNC_DB_USER:-sdnctl}
-SDNC_DB_PASSWD=${SDNC_DB_PASSWD:-gamma}
-SDNC_DB_DATABASE=${SDN_DB_DATABASE:-sdnctl}
+SDNC_DB_USER=${SDNC_DB_USER}
+SDNC_DB_PASSWD=${SDNC_DB_PASSWD}
+SDNC_DB_DATABASE={{.Values.config.sdncdb.dbName}}
# Create tablespace and user account
if [ -f ${SDNC_HOME}/data/odlsli.dump ]
then
-mysql -h {{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}} -u root -p${MYSQL_PASSWD} sdnctl < ${SDNC_HOME}/data/odlsli.dump
+mysql -h {{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}} -u root -p${MYSQL_PASSWD} ${SDNC_DB_DATABASE} < ${SDNC_HOME}/data/odlsli.dump
fi
org.onap.ccsdk.sli.dbtype=jdbc
org.onap.ccsdk.sli.jdbc.hosts=dbhost
-org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}:3306/sdnctl
+org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}:3306/{{.Values.config.sdncdb.dbName}}
org.onap.ccsdk.sli.jdbc.driver=org.mariadb.jdbc.Driver
-org.onap.ccsdk.sli.jdbc.database=sdnctl
-org.onap.ccsdk.sli.jdbc.user=sdnctl
-org.onap.ccsdk.sli.jdbc.password=gamma
+org.onap.ccsdk.sli.jdbc.database={{.Values.config.sdncdb.dbName}}
+org.onap.ccsdk.sli.jdbc.user=${SDNC_DB_USER}
+org.onap.ccsdk.sli.jdbc.password=${SDNC_DB_PASSWD}
org.onap.ccsdk.sli.jdbc.connection.name=sdnctldb01
org.onap.ccsdk.sli.jdbc.connection.timeout=50
org.onap.ccsdk.sli.jdbc.request.timeout=100
org.onap.ccsdk.sli.jdbc.limit.min=10
org.onap.ccsdk.sli.jdbc.limit.max=20
org.onap.dblib.connection.recovery=false
-
org.onap.ccsdk.sli.dbtype = dblib
#Note : the next 4 fields are only used if org.onap.ccsdk.sli.dbtype = jdbc
-org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}:3306/sdnctl
-org.onap.ccsdk.sli.jdbc.database=sdnctl
-org.onap.ccsdk.sli.jdbc.user=sdnctl
-org.onap.ccsdk.sli.jdbc.password=gamma
+org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}:3306/{{.Values.config.sdncdb.dbName}}
+org.onap.ccsdk.sli.jdbc.database={{.Values.config.sdncdb.dbName}}
+org.onap.ccsdk.sli.jdbc.user=${SDNC_DB_USER}
+org.onap.ccsdk.sli.jdbc.password=${SDNC_DB_PASSWD}
org.xml.sax.driver=org.apache.xerces.parsers.SAXParser
-
# ============LICENSE_END=========================================================
###
-MYSQL_USER=${MYSQL_USER:-sdnctl}
-MYSQL_PWD=${MYSQL_PWD:-gamma}
-MYSQL_DB=${MYSQL_DB:-sdnctl}
+MYSQL_USER=${SDNC_DB_USER}
+MYSQL_PWD=${SDNC_DB_PASSWD}
+MYSQL_DB={{.Values.config.sdncdb.dbName}}
MYSQL_HOST=${MYSQL_HOST:-{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}}
mysql --user=${MYSQL_USER} --password=${MYSQL_PWD} --host=${MYSQL_HOST} ${MYSQL_DB} <<-END
SELECT module, rpc, version, mode from SVC_LOGIC where active='Y';
END
-
###
org.onap.ccsdk.sli.dbtype = jdbc
-org.onap.ccsdk.sli.jdbc.url = jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}:3306/sdnctl
-org.onap.ccsdk.sli.jdbc.database = sdnctl
-org.onap.ccsdk.sli.jdbc.user = sdnctl
-org.onap.ccsdk.sli.jdbc.password = gamma
-
+org.onap.ccsdk.sli.jdbc.url = jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}:3306/{{.Values.config.sdncdb.dbName}}
+org.onap.ccsdk.sli.jdbc.database = {{.Values.config.sdncdb.dbName}}
+org.onap.ccsdk.sli.jdbc.user = ${SDNC_DB_USER}
+org.onap.ccsdk.sli.jdbc.password = ${SDNC_DB_PASSWD}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: "{{ .Values.service.portName }}-8282"
+ name: "{{ .Values.service.portName }}-8443"
- port: {{ .Values.service.externalPort2 }}
targetPort: {{ .Values.service.internalPort2 }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: "{{ .Values.service.portName }}-8443"
+ name: "{{ .Values.service.portName }}-1830"
- port: {{ .Values.service.externalPort3 }}
targetPort: {{ .Values.service.internalPort3 }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort3 }}
- name: "{{ .Values.service.portName }}-1830"
- - port: {{ .Values.service.externalPort4 }}
- targetPort: {{ .Values.service.internalPort4 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort4 }}
name: "{{ .Values.service.portName }}-9090"
{{- else -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}-8282
+ name: {{ .Values.service.portName }}-8443
- port: {{ .Values.service.externalPort2 }}
targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName }}-8443
+ name: {{ .Values.service.portName }}-1830
- port: {{ .Values.service.externalPort3 }}
targetPort: {{ .Values.service.internalPort3 }}
- name: {{ .Values.service.portName }}-1830
- - port: {{ .Values.service.externalPort4 }}
- targetPort: {{ .Values.service.internalPort4 }}
name: {{ .Values.service.portName }}-9090
{{- end}}
selector:
release: {{ include "common.release" . }}
spec:
initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; chmod 0755 /config/${PFILE}; done"
+ env:
+ - name: APPC_DB_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "appcdb-user-creds" "key" "login") | indent 10 }}
+ - name: APPC_DB_PASSWD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "appcdb-user-creds" "key" "password") | indent 10 }}
+ - name: SDNC_DB_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "sdncdb-user-creds" "key" "login") | indent 10 }}
+ - name: SDNC_DB_PASSWD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "sdncdb-user-creds" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input/appc-data-properties
+ name: onap-appc-data-properties-input
+ - mountPath: /config-input/appc-svclogic-config
+ name: onap-appc-svclogic-config-input
+ - mountPath: /config-input/sdnc-data-properties
+ name: onap-sdnc-data-properties-input
+ - mountPath: /config-input/sdnc-svclogic-config
+ name: onap-sdnc-svclogic-config-input
+ - mountPath: /config/appc-data-properties
+ name: onap-appc-data-properties
+ - mountPath: /config/appc-svclogic-config
+ name: onap-appc-svclogic-config
+ - mountPath: /config/sdnc-data-properties
+ name: onap-sdnc-data-properties
+ - mountPath: /config/sdnc-svclogic-config
+ name: onap-sdnc-svclogic-config
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+
- name: {{ include "common.name" . }}-readiness
command:
- /root/ready.py
env:
- name: MYSQL_ROOT_PASSWORD
{{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}}
+ - name: APPC_DB_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "appcdb-user-creds" "key" "login") | indent 14 }}
+ - name: APPC_DB_PASSWD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "appcdb-user-creds" "key" "password") | indent 14 }}
+ - name: SDNC_DB_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "sdncdb-user-creds" "key" "login") | indent 14 }}
+ - name: SDNC_DB_PASSWD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "sdncdb-user-creds" "key" "password") | indent 14 }}
- name: SDNC_CONFIG_DIR
value: "{{ .Values.config.configDir }}"
- name: APPC_CONFIG_DIR
name: onap-appc-data-properties
subPath: cadi.properties
- mountPath: /opt/onap/appc/data/properties/aaa-app-config.xml
- name: onap-appc-data-properties
+ name: onap-appc-data-properties-input
subPath: aaa-app-config.xml
- mountPath: /opt/onap/appc/data/properties/bath_config.csv
name: onap-appc-data-properties
emptyDir: {}
- name: data-filebeat
emptyDir: {}
- - name: onap-appc-data-properties
+ - name: onap-appc-data-properties-input
configMap:
name: {{ include "common.fullname" . }}-onap-appc-data-properties
- - name: onap-appc-svclogic-config
+ - name: onap-appc-svclogic-config-input
configMap:
name: {{ include "common.fullname" . }}-onap-appc-svclogic-config
- name: onap-appc-svclogic-bin
configMap:
name: {{ include "common.fullname" . }}-onap-appc-bin
defaultMode: 0755
- - name: onap-sdnc-data-properties
+ - name: onap-sdnc-data-properties-input
configMap:
name: {{ include "common.fullname" . }}-onap-sdnc-data-properties
- - name: onap-sdnc-svclogic-config
+ - name: onap-sdnc-svclogic-config-input
configMap:
name: {{ include "common.fullname" . }}-onap-sdnc-svclogic-config
- name: onap-sdnc-svclogic-bin
configMap:
name: {{ include "common.fullname" . }}-onap-sdnc-bin
defaultMode: 0755
+ - name: onap-appc-data-properties
+ emptyDir:
+ medium: Memory
+ - name: onap-appc-svclogic-config
+ emptyDir:
+ medium: Memory
+ - name: onap-sdnc-data-properties
+ emptyDir:
+ medium: Memory
+ - name: onap-sdnc-svclogic-config
+ emptyDir:
+ medium: Memory
{{ if not .Values.persistence.enabled }}
- name: {{ include "common.fullname" . }}-data
emptyDir: {}
readinessImage: readiness-check:2.0.0
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ # envsusbt
+ envsubstImage: dibi/envsubst
persistence:
mountPath: /dockerdata-nfs
#################################################################
secrets:
- uid: "db-root-pass"
- externalSecret: '{{- include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (index .Values "mariadb-galera" "nameOverride")) }}'
+ name: '{{ include "common.release" . }}-appc-db-root-pass'
+ externalSecret: '{{ .Values.config.dbRootPassExternalSecret }}'
type: password
+ password: '{{ .Values.config.dbRootPass }}'
+ - uid: 'appcdb-user-creds'
+ name: '{{ include "common.release" . }}-appcdb-user-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.appcdb.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.appcdb.userName }}'
+ password: '{{ .Values.config.appcdb.password }}'
+ - uid: 'sdncdb-user-creds'
+ name: '{{ include "common.release" . }}-sdncdb-user-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.sdncdb.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.sdncdb.userName }}'
+ password: '{{ .Values.config.sdncdb.password }}'
+
#################################################################
# Application configuration defaults.
# application configuration
config:
+# dbRootPassExternalSecret: some secret
+# dbRootPass: password
+ appcdb:
+ # Warning: changing this config option may not work.
+ # It seems that the DB name is hardcoded.
+ dbName: appcctl
+ userName: appcctl
+ password: appcctl
+ # userCredsExternalSecret: some secret
+ sdncdb:
+ # Warning: changing this config option may not work.
+ # It seems that the DB name is hardcoded.
+ dbName: sdnctl
+ userName: sdnctl
+ password: gamma
+ # userCredsExternalSecret: some secret
odlUid: 100
odlGid: 101
ansibleServiceName: appc-ansible-server
ansiblePort: 8000
- userName: my-user
- userPassword: my-password
- mysqlDatabase: my-database
mariadbGaleraSVCName: appc-dbhost
mariadbGaleraContName: appc-db
enableAAF: true
mariadb-galera:
nameOverride: appc-db
+ config:
+ mariadbRootPasswordExternalSecret: '{{ include "common.release" . }}-appc-db-root-pass'
service:
name: appc-dbhost
portName: appc-dbhost
dgbuilder:
nameOverride: appc-dgbuilder
config:
+ db:
+ rootPasswordExternalSecret: '{{ include "common.release" . }}-appc-db-root-pass'
+ userCredentialsExternalSecret: '{{ include "common.release" . }}-sdncdb-user-creds'
dbPodName: appc-db
dbServiceName: appc-dbhost
service:
name: appc-dgbuilder
-#passing value to cdt chart. value of nodePort4 will be same as appc.service.nodePort4.
+#passing value to cdt chart. value of nodePort3 will be same as appc.service.nodePort3.
appc-cdt:
- nodePort4: 11
+ nodePort3: 11
# default number of instances
replicaCount: 1
name: appc
portName: appc
- internalPort: 8181
- externalPort: 8282
- nodePort: "08"
-
- internalPort2: 8443
- externalPort2: 8443
- nodePort2: 30
+ internalPort: 8443
+ externalPort: 8443
+ nodePort: 30
- externalPort3: 1830
- nodePort3: 31
+ externalPort2: 1830
+ nodePort2: 31
clusterPort: 2550
- internalPort4: 9191
- externalPort4: 9090
- nodePort4: 11
+ internalPort3: 9191
+ externalPort3: 9090
+ nodePort3: 11
## Persist data to a persitent volume
persistence:
--- /dev/null
+--- System Setup
+SET application_name="container_setup";
+
+CREATE EXTENSION IF NOT EXISTS pg_stat_statements;
+CREATE EXTENSION IF NOT EXISTS pgaudit;
+
+ALTER USER postgres PASSWORD '${PG_ROOT_PASSWORD}';
+
+CREATE USER ${PG_PRIMARY_USER} WITH REPLICATION;
+ALTER USER ${PG_PRIMARY_USER} PASSWORD '${PG_PRIMARY_PASSWORD}';
+
+CREATE USER "${PG_USER}" LOGIN;
+ALTER USER "${PG_USER}" PASSWORD '${PG_PASSWORD}';
+
+CREATE DATABASE ${PG_DATABASE};
+GRANT ALL PRIVILEGES ON DATABASE ${PG_DATABASE} TO "${PG_USER}";
+
+CREATE TABLE IF NOT EXISTS primarytable (key varchar(20), value varchar(20));
+GRANT ALL ON primarytable TO ${PG_PRIMARY_USER};
+
+--- PG_DATABASE Setup
+
+\c ${PG_DATABASE}
+
+CREATE EXTENSION IF NOT EXISTS pg_stat_statements;
+CREATE EXTENSION IF NOT EXISTS pgaudit;
+
+--- Verify permissions via PG_USER
+
+\c ${PG_DATABASE} "${PG_USER}";
+
+CREATE SCHEMA IF NOT EXISTS "${PG_USER}";
+
+CREATE TABLE IF NOT EXISTS "${PG_USER}".testtable (
+ name varchar(30) PRIMARY KEY,
+ value varchar(50) NOT NULL,
+ updatedt timestamp NOT NULL
+);
+
+INSERT INTO "${PG_USER}".testtable (name, value, updatedt) VALUES ('CPU', '256', now());
name: "{{ index $dot.Values "container" "name" $pgMode }}"
spec:
initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: PG_PRIMARY_USER
+ value: primaryuser
+ - name: PG_PRIMARY_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.primaryPasswordUID" .) "key" "password") | indent 10 }}
+ - name: PG_USER
+ {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "login") | indent 10 }}
+ - name: PG_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "password") | indent 10 }}
+ - name: PG_DATABASE
+ value: "{{ $dot.Values.config.pgDatabase }}"
+ - name: PG_ROOT_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.rootPassUID" .) "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input/setup.sql
+ name: config
+ subPath: setup.sql
+ - mountPath: /config
+ name: pgconf
+ image: "{{ $dot.Values.global.envsubstImage }}"
+ imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
+ name: {{ include "common.name" $dot }}-update-config
+
- name: init-sysctl
command:
- /bin/sh
- name: PG_ROOT_PASSWORD
{{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.rootPassUID" .) "key" "password") | indent 10 }}
volumeMounts:
- - name: pool-hba-conf
+ - name: config
mountPath: /pgconf/pool_hba.conf
subPath: pool_hba.conf
+ - name: pgconf
+ mountPath: /pgconf/setup.sql
+ subPath: setup.sql
- mountPath: /pgdata
name: {{ include "common.fullname" $dot }}-data
- mountPath: /backup
{{- else }}
emptyDir: {}
{{ end }}
- - name: pool-hba-conf
+ - name: config
configMap:
name: {{ include "common.fullname" $dot }}
-{{- end -}}
\ No newline at end of file
+ - name: pgconf
+ emptyDir:
+ medium: Memory
+{{- end -}}
readinessRepository: oomk8s
readinessImage: readiness-check:2.0.0
+ # envsusbt
+ envsubstImage: dibi/envsubst
+
#################################################################
# Secrets metaconfig
#################################################################
$0 [cluster_domain] [helm_chart_args ...]
[cluster_domain] Default value simpledemo.onap.org
[helm_chart_args...] Optional arguments passed to helm install command
+$0 --help This message
+$0 --info Display howto configure target machine
==usage
}
if [[ $# -eq 1 ]] && [[ $1 == "-h" || $1 == "--help" ]]; then
usage
+elif [[ $# -eq 1 ]] && [[ $1 == "--info" ]]; then
+ target_machine_notice_info
else
deploy $@
fi
--- /dev/null
+kind: Service
+apiVersion: v1
+metadata:
+ name: ingress-nginx
+ namespace: ingress-nginx
+ labels:
+ app.kubernetes.io/name: ingress-nginx
+ app.kubernetes.io/part-of: ingress-nginx
+ annotations:
+ service.beta.kubernetes.io/aws-load-balancer-type: nlb
+spec:
+ externalTrafficPolicy: Local
+ type: LoadBalancer
+ selector:
+ app.kubernetes.io/name: ingress-nginx
+ app.kubernetes.io/part-of: ingress-nginx
+ ports:
+ - name: http
+ port: 80
+ targetPort: http
+ - name: https
+ port: 443
+ targetPort: https
+
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
--- /dev/null
+#============LICENSE_START========================================================
+#=================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: v1
+description: ONAP DCAE MOD
+name: dcaemod
+version: 6.0.0
--- /dev/null
+# Copyright © 2020 AT&T Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+make-dcaemod: make-dcaemod-distributor-api make-dcaemod-genprocessor make-dcaemod-designtool make-dcaemod-onboarding-api make-dcaemod-runtime-api make-dcaemod-nifi-registry
+
+make-dcaemod-distributor-api:
+ cd components && helm dep up dcaemod-genprocessor && helm lint dcaemod-genprocessor
+
+make-dcaemod-genprocessor:
+ cd components && helm dep up dcaemod-distributor-api && helm lint dcaemod-distributor-api
+
+make-dcaemod-designtool:
+ cd components && helm dep up dcaemod-designtool && helm lint dcaemod-designtool
+
+make-dcaemod-onboarding-api:
+ cd components && helm dep up dcaemod-onboarding-api && helm lint dcaemod-onboarding-api
+
+make-dcaemod-runtime-api:
+ cd components && helm dep up dcaemod-runtime-api && helm lint dcaemod-runtime-api
+
+make-dcaemod-nifi-registry:
+ cd components && helm dep up dcaemod-nifi-registry && helm lint dcaemod-nifi-registry
+
+clean:
+ @find . -type f -name '*.tgz' -delete
+ @find . -type f -name '*.lock' -delete
--- /dev/null
+#============LICENSE_START========================================================
+#=================================================================================
+# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: v1
+description: ONAP DCAE MOD Design Tool
+name: dcaemod-designtool
+version: 6.0.0
--- /dev/null
+#============LICENSE_START========================================================
+#=================================================================================
+# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: common
+ version: ~5.x-0
+ repository: '@local'
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ replicas: 1
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ initContainers:
+ - name: {{ include "common.name" . }}-readiness
+ image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /root/ready.py
+ args:
+ - --container-name
+ - dcaemod-genprocessor-http
+ - --container-name
+ - dcaemod-nifi-registry
+ - --container-name
+ - dcaemod-distributor-api
+ - "-t"
+ - "15"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ - name: {{ include "common.name" . }}-create-bucket
+ image: {{ .Values.config.curlImage }}
+ args:
+ - -kv
+ - -X
+ - POST
+ - -H
+ - "Content-Type: application/json"
+ - --data-binary
+ - '{"name": "dcaemod-flows"}'
+ - http://dcaemod-nifi-registry:18080/nifi-registry-api/buckets
+
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.liveness.port }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ readinessProbe:
+ httpGet:
+ path: {{ .Values.readiness.path }}
+ port: {{ .Values.readiness.port }}
+ scheme: {{ .Values.readiness.scheme }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ env:
+ - name: NIFI_DCAE_JARS_INDEX_URL
+ value: {{ .Values.config.nifiJarsIndexURL }}
+ - name: NIFI_DCAE_DISTRIBUTOR_API_URL
+ value: {{ .Values.config.distributorAPIURL }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# ================================================================================
+# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+{{ include "common.ingress" . }}
\ No newline at end of file
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+{{ include "common.service" . }}
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
+#============LICENSE_START========================================================
+#=================================================================================
+# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
-# http://www.apache.org/licenses/LICENSE-2.0
+# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+# ============LICENSE_END=========================================================
#################################################################
# Global configuration defaults.
#################################################################
global:
+ persistence: {}
nodePortPrefix: 302
+ nodePortPrefixExt: 304
readinessRepository: oomk8s
readinessImage: readiness-check:2.0.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- persistence: {}
- ubuntuInitRepository: registry.hub.docker.com
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/dmaap/kafka111:1.0.1
-pullPolicy: Always
-ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
-
-zookeeper:
- name: message-router-zookeeper
- port: 2181
-messagerouter:
- container: message-router
+ ingress:
+ enabled: true
+ virtualhost:
+ enabled: false
-# flag to enable debugging - application support required
-debugEnabled: false
+config:
+ nifiJarsIndexURL: http://dcaemod-genprocessor/nifi-jars
+ distributorAPIURL: /distributor
+ curlImage: curlimages/curl:7.68.0
-# default number of instances
-replicaCount: 1
-kafkaHeapOptions: -Xmx4G -Xms2G
+# application image
+repository: nexus3.onap.org:10001
+image: onap/org.onap.dcaegen2.platform.mod.designtool-web:1.0.0
-nodeSelector: {}
+service:
+ type: ClusterIP
+ name: dcaemod-designtool
+ ports:
+ - name: http
+ port: 8080
-affinity: {}
+ingress:
+ enabled: true
+ service:
+ - baseaddr: "nifi"
+ name: "dcaemod-designtool"
+ port: 8080
+ - baseaddr: "nifi-api"
+ name: "dcaemod-designtool"
+ port: 8080
+ config:
+ ssl: "none"
# probe configuration parameters
liveness:
- initialDelaySeconds: 60
- periodSeconds: 20
- timeoutSeconds: 5
+ initialDelaySeconds: 90
+ periodSeconds: 30
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
+ port: http
readiness:
initialDelaySeconds: 60
periodSeconds: 20
- timeoutSeconds: 5
-
-
-service:
- type: NodePort
- name: message-router-mirrormaker
- portName: message-router-mirrormaker
- internalPort: 9092
-
-
-
-ingress:
- enabled: false
+ path: /nifi-api/system-diagnostics
+ scheme: HTTP
+ port: http
# Resource Limit flavor -By Default using small
-flavor: large
+flavor: small
# Segregation for Different environment (Small and Large)
resources:
small:
limits:
- cpu: 2000m
- memory: 4Gi
+ cpu: 2
+ memory: 2Gi
requests:
- cpu: 500m
+ cpu: 1
memory: 1Gi
large:
limits:
- cpu: 4000m
- memory: 8Gi
+ cpu: 4
+ memory: 4Gi
requests:
- cpu: 1000m
+ cpu: 2
memory: 2Gi
unlimited: {}
-
--- /dev/null
+#============LICENSE_START========================================================
+#=================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: v1
+description: ONAP DCAE MOD Distributor API
+name: dcaemod-distributor-api
+version: 6.0.0
--- /dev/null
+#============LICENSE_START========================================================
+#=================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: common
+ version: ~5.x-0
+ repository: '@local'
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ replicas: 1
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ initContainers:
+ - name: {{ include "common.name" . }}-readiness
+ image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /root/ready.py
+ args:
+ - --container-name
+ - dcaemod-runtime-api
+ - --container-name
+ - dcaemod-nifi-registry
+ - --container-name
+ - dcaemod-onboarding-api
+ - "-t"
+ - "15"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.liveness.port }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ readinessProbe:
+ httpGet:
+ path: {{ .Values.readiness.path }}
+ port: {{ .Values.readiness.port }}
+ scheme: {{ .Values.readiness.scheme }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ - name: NIFI_REGISTRY_URL
+ value: {{ .Values.config.nifiRegistryURL }}
+ - name : ONBOARDING_API_URL
+ value: {{ .Values.config.onboardingAPIURL }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# ================================================================================
+# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+{{ include "common.ingress" . }}
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+{{ include "common.service" . }}
\ No newline at end of file
--- /dev/null
+#============LICENSE_START========================================================
+#=================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ persistence: {}
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
+
+ ingress:
+ enabled: true
+ virtualhost:
+ enabled: false
+
+config:
+ nifiRegistryURL: http://dcaemod-nifi-registry:18080/nifi-registry-api
+ onboardingAPIURL: http://dcaemod-onboarding-api/onboarding
+
+# application image
+repository: nexus3.onap.org:10001
+image: onap/org.onap.dcaegen2.platform.mod.distributorapi:1.0.0
+
+service:
+ type: ClusterIP
+ name: dcaemod-distributor-api
+ ports:
+ - name: http
+ port: 80
+
+ingress:
+ enabled: true
+ service:
+ - baseaddr: "distributor"
+ name: dcaemod-distributor-api
+ port: 80
+ config:
+ ssl: "none"
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 60
+ periodSeconds: 30
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+ port: http
+
+readiness:
+ initialDelaySeconds: 60
+ periodSeconds: 20
+ # Should have a proper readiness endpoint
+ # This will be OK as long as we have a small number
+ # of distribution targets
+ path: /distributor/distribution-targets
+ scheme: HTTP
+ port: http
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 2
+ memory: 2Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 4
+ memory: 4Gi
+ requests:
+ cpu: 2
+ memory: 2Gi
+ unlimited: {}
--- /dev/null
+#============LICENSE_START========================================================
+#=================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: v1
+description: ONAP DCAE MOD Genprocessor
+name: dcaemod-genprocessor
+version: 6.0.0
--- /dev/null
+#============LICENSE_START========================================================
+#=================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: common
+ version: ~5.x-0
+ repository: '@local'
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ replicas: 1
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.liveness.port }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.readiness.port }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ - name: GENPROC_ONBOARDING_API_HOST
+ value: {{ .Values.config.onboardingAPIURL }}
+ volumeMounts:
+ - mountPath: /work/
+ name: genprocessor-data
+ resources: {{ include "common.resources" . | nindent 12 }}
+ - name: {{ include "common.name" . }}-http
+ image: "{{ include "common.repository" . }}/{{ .Values.httpImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /www/data
+ name: genprocessor-data
+ readOnly: true
+ volumes:
+ - name: genprocessor-data
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# ================================================================================
+# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+{{ include "common.ingress" . }}
\ No newline at end of file
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+{{ include "common.PV" . }}
--- /dev/null
+# ================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+{{ include "common.PVC" . }}
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+{{ include "common.service" . }}
--- /dev/null
+#============LICENSE_START========================================================
+#=================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ persistence: {}
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
+ ingress:
+ enabled: true
+ virtualhost:
+ enabled: false
+
+config:
+ onboardingAPIURL: http://dcaemod-onboarding-api/onboarding
+
+# application image
+repository: nexus3.onap.org:10001
+image: onap/org.onap.dcaegen2.platform.mod.genprocessor-job:1.0.0
+httpImage: onap/org.onap.dcaegen2.platform.mod.genprocessor-http:1.0.0
+
+service:
+ type: ClusterIP
+ name: dcaemod-genprocessor
+ ports:
+ - name: http
+ port: 80
+
+ingress:
+ enabled: true
+ service:
+ - baseaddr: "nifi-jars"
+ name: dcaemod-genprocessor
+ port: 80
+ config:
+ ssl: "none"
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 60
+ periodSeconds: 30
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+ port: http
+
+readiness:
+ initialDelaySeconds: 60
+ periodSeconds: 20
+ port: http
+ # Should have a proper readiness endpoint or script
+
+# Parameters for persistent storage
+persistence:
+ enabled: true
+# Only the genprocessor-job writes, genprocessor-http mounts readOnly
+ accessMode: ReadWriteMany
+ size: 4Gi
+ mountPath: /dockerdata-nfs
+ mountSubPath: dcae-mod-genprocessor/data
+ volumeReclaimPolicy: Retain
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 2
+ memory: 2Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 4
+ memory: 4Gi
+ requests:
+ cpu: 2
+ memory: 2Gi
+ unlimited: {}
--- /dev/null
+#============LICENSE_START========================================================
+#=================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: v1
+description: ONAP DCAE MOD Nifi Registry
+name: dcaemod-nifi-registry
+version: 6.0.0
--- /dev/null
+#============LICENSE_START========================================================
+#=================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: common
+ version: ~5.x-0
+ repository: '@local'
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ replicas: 1
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ initContainers:
+ # nifi-registry app runs as user "nifi", uid 1000, group "nifi", gid 1000
+ # the volume is mounted with root permissions
+ # this initContainer changes ownership to uid 1000 gid 1000
+ # (tried using a securityContext in the pod spec, but it didn't seem to work)
+ - name: set-permissions
+ image: busybox:latest
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - sh
+ - -c
+ - chown -R 1000:1000 /opt/nifi-registry/nifi-registry-0.4.0/flow_storage
+ volumeMounts:
+ - mountPath: /opt/nifi-registry/nifi-registry-0.4.0/flow_storage
+ name: flow-storage
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.liveness.port }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.readiness.port }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ volumeMounts:
+ - mountPath: /opt/nifi-registry/nifi-registry-0.4.0/flow_storage
+ name: flow-storage
+ resources: {{ include "common.resources" . | nindent 12 }}
+ env:
+ - name: NIFI_REGISTRY_DB_URL
+ value: {{ .Values.config.dbURL }}
+ - name: NIFI_REGISTRY_DB_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "dbsecret" "key" "login") | indent 12 }}
+ - name: NIFI_REGISTRY_DB_PASS
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "dbsecret" "key" "password") | indent 12 }}
+ volumes:
+ - name: flow-storage
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+
+{{ include "common.PV" . }}
--- /dev/null
+# ================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+{{ include "common.PVC" . }}
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+{{ include "common.secret" . }}
\ No newline at end of file
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+{{ include "common.service" . }}
--- /dev/null
+#============LICENSE_START========================================================
+#=================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ persistence: {}
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
+
+config:
+ dbURL: jdbc:h2:./database/nifi-registry-primary
+ dbUser: nobody
+ dbPassword: nobody
+
+secrets:
+ - uid: "dbsecret"
+ type: basicAuth
+ login: '{{ .Values.config.dbUser }}'
+ password: '{{ .Values.config.dbPassword }}'
+ passwordPolicy: generate
+
+# application image
+repository: docker.io
+image: apache/nifi-registry:0.5.0
+
+service:
+ type: ClusterIP
+ name: dcaemod-nifi-registry
+ ports:
+ - name: http
+ port: 18080
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 60
+ periodSeconds: 30
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+ port: http
+
+readiness:
+ initialDelaySeconds: 60
+ periodSeconds: 20
+ port: http
+ # Should have a proper readiness endpoint or script
+
+# Parameters for persistent storage
+persistence:
+ enabled: true
+ accessMode: ReadWriteOnce
+ size: 4Gi
+ mountPath: /dockerdata-nfs
+ mountSubPath: dcae-mod-nifi-registry/data
+ volumeReclaimPolicy: Retain
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 2
+ memory: 2Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 4
+ memory: 4Gi
+ requests:
+ cpu: 2
+ memory: 2Gi
+ unlimited: {}
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
--- /dev/null
+#============LICENSE_START========================================================
+#=================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: v1
+description: ONAP DCAE MOD Onboarding API
+name: dcaemod-onboarding-api
+version: 6.0.0
--- /dev/null
+#============LICENSE_START========================================================
+#=================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: common
+ version: ~5.x-0
+ repository: '@local'
+ - name: postgres
+ version: ~5.x-0
+ repository: '@local'
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ replicas: 1
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ initContainers:
+ - name: {{ include "common.name" . }}-readiness
+ image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /root/ready.py
+ args:
+ - --container-name
+ - {{ .Values.postgres.nameOverride }}
+ - "-t"
+ - "15"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ containers:
+ - name: {{ include "common.name" . }}
+ command:
+ - sh
+ args:
+ - -c
+ - 'PG_CONN=postgresql://${PG_USER}:${PG_PASSWORD}@${PG_ADDR}:${PG_PORT}/${PG_DB_NAME} ./start.sh'
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.liveness.port }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.readiness.port }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ env:
+ - name: PG_ADDR
+ value: {{ .Values.postgres.service.name2 }}
+ # This should be kept in secret but it needs a fix in postgres common chart
+ - name: PG_USER
+ value: postgres
+ - name: PG_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14 }}
+ - name: PG_PORT
+ value: "5432"
+ - name: PG_DB_NAME
+ value: dcae_onboarding_db
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# ================================================================================
+# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+{{ include "common.ingress" . }}
\ No newline at end of file
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-description: ONAP Message Router Kafka Service
-name: message-router-mirrormaker
-version: 5.0.0
-
+{{ include "common.secret" . }}
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+{{ include "common.service" . }}
--- /dev/null
+#============LICENSE_START========================================================
+#=================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
+ ingress:
+ enabled: true
+ virtualhost:
+ enabled: false
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-root-pass
+ name: &rootPassSecretName '{{ include "common.release" . }}-dcaemod-db-root-pass'
+ type: password
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "dcaemod-db-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret)}}'
+ password: '{{ .Values.postgres.config.pgRootPassword }}'
+ - uid: db-primary-pass
+ name: &primaryPassSecretName '{{ include "common.release" . }}-dcaemod-db-primary-pass'
+ type: password
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgPrimaryPasswordExternalSecret) .) (hasSuffix "dcaemod-db-primary-pass" .Values.postgres.config.pgPrimaryPasswordExternalSecret)}}'
+ password: '{{ .Values.postgres.config.pgPrimaryPassword }}'
+
+service:
+ type: ClusterIP
+ name: dcaemod-onboarding-api
+ ports:
+ - name: http
+ port: 80
+ingress:
+ enabled: true
+ service:
+ - baseaddr: "onboarding"
+ name: dcaemod-onboarding-api
+ port: 80
+ config:
+ ssl: "none"
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 60
+ periodSeconds: 30
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+ port: http
+
+readiness:
+ initialDelaySeconds: 60
+ periodSeconds: 20
+ port: http
+ # Should have a proper readiness endpoint or script
+
+# postgres values--overriding defaults in the postgres subchart
+postgres:
+ nameOverride: dcaemod-db
+ service:
+ name: dcaemod-postgres
+ name2: dcaemod-pg-primary
+ name3: dcaemod-pg-replica
+ suffix: svc.cluster.local
+ container:
+ name:
+ primary: dcaemod-pg-primary
+ replica: dcaemod-pg-replica
+ config:
+ pgPrimaryPasswordExternalSecret: *primaryPassSecretName
+ pgRootPasswordExternalSecret: *rootPassSecretName
+ persistence:
+ mountSubPath: dcaemod/data
+ mountInitPath: dcaemod
+
+# application image
+repository: nexus3.onap.org:10001
+image: onap/org.onap.dcaegen2.platform.mod.onboardingapi:2.12.0
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 2
+ memory: 2Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 4
+ memory: 4Gi
+ requests:
+ cpu: 2
+ memory: 2Gi
+ unlimited: {}
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
--- /dev/null
+#============LICENSE_START========================================================
+#=================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: v1
+description: ONAP DCAE MOD Runtime API
+name: dcaemod-runtime-api
+version: 6.0.0
--- /dev/null
+#============LICENSE_START========================================================
+#=================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: common
+ version: ~5.x-0
+ repository: '@local'
+
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ replicas: 1
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.liveness.port }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.readiness.port }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ env:
+ - name: DASHBOARD_URL
+ value: {{ .Values.config.dashboardURL }}
+ - name: DASHBOARD_USERNAME
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "dashsecret" "key" "login") | indent 14 }}
+ - name: DASHBOARD_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "dashsecret" "key" "password") | indent 14 }}
+ - name: ONAPDUBLIN_TOPICURL
+ value: {{ .Values.config.mrTopicURL }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+{{ include "common.secret" . }}
\ No newline at end of file
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+{{ include "common.service" . }}
--- /dev/null
+#============LICENSE_START========================================================
+#=================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
+
+config:
+ dashboardURL: https://inventory:8080/dcae-service-types
+ # The dashboard credentials aren't actually used, since
+ # the inventory API and the dashboard pass-through to the
+ # inventory API don't require authentication.
+ # Since the password doesn't matter, we let it be
+ # generated by the common secret template.
+ dashboardUser: nobody
+ #dashboardPassword: doesntmatter
+ mrTopicURL: http://message-router:3904/events
+
+secrets:
+ - uid: "dashsecret"
+ type: basicAuth
+ login: '{{ .Values.config.dashboardUser }}'
+ password: '{{ .Values.config.dashboardPassword }}'
+ passwordPolicy: generate
+
+service:
+ type: ClusterIP
+ name: dcaemod-runtime-api
+ ports:
+ - name: http
+ port: 9090
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 60
+ periodSeconds: 30
+ port: http
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 60
+ periodSeconds: 20
+ port: http
+ # Should have a proper readiness endpoint or script
+
+# application image
+repository: nexus3.onap.org:10001
+image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.0.0
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 2
+ memory: 2Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 4
+ memory: 4Gi
+ requests:
+ cpu: 2
+ memory: 2Gi
+ unlimited: {}
--- /dev/null
+# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~5.x-0
+ repository: '@local'
+ - name: dcaemod-genprocessor
+ version: ~6.x-0
+ repository: 'file://components/dcaemod-genprocessor'
+ condition: dcaemod-genprocessor.enabled
+ - name: dcaemod-distributor-api
+ version: ~6.x-0
+ repository: 'file://components/dcaemod-distributor-api'
+ - name: dcaemod-designtool
+ version: ~6.x-0
+ repository: 'file://components/dcaemod-designtool'
+ - name: dcaemod-onboarding-api
+ version: ~6.x-0
+ repository: 'file://components/dcaemod-onboarding-api'
+ - name: dcaemod-runtime-api
+ version: ~6.x-0
+ repository: 'file://components/dcaemod-runtime-api'
+ - name: dcaemod-nifi-registry
+ version: ~6.x-0
+ repository: 'file://components/dcaemod-nifi-registry'
\ No newline at end of file
# Environment settings for starting a container
DMAAPBC_WAIT_TO_EXIT=Y
-
+DMAAPBC_KSTOREFILE=/opt/app/osaaf/local/org.onap.dmaap-bc.jks
# See the License for the specific language governing permissions and
# limitations under the License.
-#####################################################
-#
-# ONAP Casablanca oom configurable deployment params:
-#
-#####################################################
-
#####################################################
#
# Hooks for specific environment configurations
#
#####################################################
-# Indicator for whether to use AAF
+# Indicator for whether to use AAF for authentication
UseAAF: {{ .Values.global.aafEnabled }}
-# csit: stubs out some southbound APIs for csit
-csit: No
+# Stub out southbound calls for Unit Test cases to run. e.g. not timeout
+# Comment out in other environments to get default (No)
+#UnitTest: Yes
-# name of this DMaaP instance (deprecated)
-#DmaapName: demo
#####################################################
#
# Settings for Southbound API: Datarouter
#
#####################################################
-# FQDN of DR Prov Server (deprecated)
-#DR.provhost: dcae-drps.domain.not.set
# URI to retrieve dynamic DR configuration
ProvisioningURI: /internal/prov
# indicator for handling feed delete:
# DeleteOnDR - means use the DR API to DELETE a feed. (default for backwards compatibility)
-# SimulateDelete - means preserve the feed on DR (after cleaning it up), and mark as DELETED in DBCL. Better for cfy environments.
+# SimulateDelete - means preserve the feed on DR (after cleaning it up), and mark as DELETED in DBCL. Better for cloudify environments.
Feed.deleteHandling: SimulateDelete
+###########################################################
+# The following properties default to match ONAP DR instance.
+# However, there are some non-ONAP DR instances that require other values.
+# Sets the X-DR-ON-BEHALF-OF HTTP Header value
+#DR.onBehalfHeader:
+# Value for the Content-Type Header in DR Feed API
+#DR.feedContentType:
+# Value for the Content-Type Header in DR Subscription API
+#DR.subContentType:
+#
+# END OF properties helpful for non-ONAP DR instance.
+############################################################
+
#####################################################
#
# Settings for Soutbound API: Postgresql
# In a multi-site, MR cluster deployment, use the CNAME DNS entry which resolves to the primary central MR
MR.CentralCname: {{ .Values.dmaapMessageRouterService }}
+# Indicator for whether we want hostname verification on SSL connection to MR
+MR.hostnameVerify: false
+
# MR Client Delete Level thoroughness:
# 0 = don't delete
# 1 = delete from persistent store
# Use Basic Authentication when provisioning topics
MR.authentication: basicAuth
+# MR topic name style (default is FQTN_LEGACY_FORMAT)
+#MR.topicStyle: FQTN_LEGACY_FORMAT
+#
+# end of MR Related Properties
+################################################################################
+
#####################################################
#
# Identity that is owner of any created namespaces for topics
aaf.NsOwnerIdentity: {{ .Values.adminUser }}
-# location of the codec keyfile used to decrypt passwords in this properties file before they are passed to AAF
-CredentialCodeKeyfile: etc/LocalKey
# this overrides the Class used for Decryption.
# This allows for a plugin encryption/decryption method if needed.
# Call this Class for decryption at runtime.
#AafDecryption.Class: com.company.proprietaryDecryptor
+# location of the codec keyfile used to decrypt passwords in this properties file before they are passed to AAF
+# Not used in ONAP, but possibly used with Decryption override class.
+#CredentialCodeKeyfile: etc/LocalKey
+
+#
+# endof AAF Properties
+####################################################
+
#####################################################
#
# pwd for Identity used to publish MM prov cmds
MM.ProvUserPwd: demo123456!
-# AAF Role of MirrorMaker agent subscribed to prov cmds
+# AAF Role of MirrorMaker agent subscribed to prov cmds.
MM.AgentRole: org.onal.dmaap-bc-mm-prov.agent
+#####################################################
+#
+# Certificate Management
+#
+#####################################################
+
+# Indicates how we are expecting certificates to be provided:
+# cadi - a set of artifacts will be downloaded from AAF at deployment time, and details will be in a cadi properties file
+# legacy (default) - artifacts will be installed manually or some other way and details will be in this file
+CertificateManagement: cadi
+
+# When CertificateManagement is cadi, then this is where all the cadi properties will be.
+# Note that the cadi properties include where the cert is, and the encrypted passwords to read.
+cadi.properties: /opt/app/osaaf/local/org.onap.dmaap-bc.props
+
+###########################################################################################
+# When CertificateManagement is legacy, we need to provide more details about cert handling:
+#CertificateManagement: legacy
+# the type of keystore for https (for legacy CertificateManagment only)
+#KeyStoreType: jks
+
+# path to the keystore file (for legacy CertificateManagment only)
+#KeyStoreFile: etc/keystore
+
+# password for the https keystore (for legacy CertificateManagment only)
+#KeyStorePassword: Y@Y5f&gm?PAz,CVQL,lk[VAF
+# password for the private key in the https keystore (for legacy CertificateManagment only)
+#KeyPassword: changeit
+
+# type of truststore for https (for legacy CertificateManagment only)
+#TrustStoreType: jks
+
+# path to the truststore for https (for legacy CertificateManagment only)
+#TrustStoreFile: etc/org.onap.dmaap-bc.trust.jks
+
+# password for the https truststore (for legacy CertificateManagment only)
+#TrustStorePassword: changeit
+#
+# END OF legacy CertificateManagement properties
+###########################################################################################
+
+
#####################################################
#
# HTTP Server Configuration
# set to 0 if no certificates are available.
IntHttpsPort: 8443
-# external port number for https taking port mapping into account
-ExtHttpsPort: 443
-
-# the type of keystore for https
-KeyStoreType: jks
-
-# path to the keystore file
-KeyStoreFile: etc/keystore
-
-# password for the https keystore
-KeyStorePassword: Y@Y5f&gm?PAz,CVQL,lk[VAF
-# password for the private key in the https keystore
-KeyPassword: Y@Y5f&gm?PAz,CVQL,lk[VAF
-# type of truststore for https
-TrustStoreType: jks
-
-# path to the truststore for https
-TrustStoreFile: etc/org.onap.dmaap-bc.trust.jks
-
-# password for the https truststore
-TrustStorePassword: 8b&R5%l$l:@jSWz@FCs;rhY*
-
-# path to the file used to trigger an orderly shutdown
-QuiesceFile: etc/SHUTDOWN
inHttpsPort: 0
+
+#####################################################
+#
+# Deprecated
+#
+#####################################################
+# csit: stubs out some southbound APIs for csit (deprecated)
+#csit: No
+# name of this DMaaP instance (deprecated)
+#DmaapName: demo
+# external port number for https taking port mapping into account (deprecated)
+#ExtHttpsPort: 443
+# path to the file used to trigger an orderly shutdown (deprecated)
+#QuiesceFile: etc/SHUTDOWN
+# FQDN of DR Prov Server (deprecated)
+#DR.provhost: dcae-drps.domain.not.set
+# root of topic namespace (decrecated)
+#topicNsRoot: org.onap.dcae.dmaap
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
+{{- if or .Values.global.aafEnabled .Values.PG.enabled }}
initContainers:
{{- if .Values.global.aafEnabled }}
- - command:
+ - name: {{ include "common.name" . }}-aaf-readiness
+ command:
- /root/ready.py
args:
- --container-name
- aaf-locate
+ - --container-name
+ - aaf-cm
+ - --container-name
+ - aaf-service
env:
- name: NAMESPACE
valueFrom:
fieldPath: metadata.namespace
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-aaf-readiness
- - name: {{ include "common.name" . }}-dbc-aaf-config
+ - name: {{ include "common.name" . }}-aaf-config
image: "{{ include "common.repository" . }}/{{ .Values.global.aafAgentImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["bash","-c","exec /opt/app/aaf_config/bin/agent.sh"]
volumeMounts:
- mountPath: {{ .Values.persistence.aafCredsPath }}
- name: {{ include "common.name" . }}-aaf-config
+ name: {{ include "common.name" . }}-aaf-config-vol
env:
- name: APP_FQI
value: "{{ .Values.aafConfig.fqi }}"
value: "{{ .Values.aafConfig.cadiLongitude }}"
- name: cadi_latitude
value: "{{ .Values.aafConfig.cadiLatitude }}"
+ - name: {{ include "common.name" . }}-permission-fixer
+ image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: {{ .Values.persistence.aafCredsPath }}
+ name: {{ include "common.name" . }}-aaf-config-vol
+ command: ["chown","-Rf","1000:1001", "/opt/app/"]
+# See AAF-425 for explanation of why this is needed.
+# This artifact is provisioned in AAF for both pks12 and jks format and apparently
+# the cadi library is not using the jks password on the jks keystore.
+# So, this attempts to "fix" the credential property file until this is fixed properly.
+ - name: {{ include "common.name" . }}-cred-fixer
+ image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: {{ .Values.persistence.aafCredsPath }}
+ name: {{ include "common.name" . }}-aaf-config-vol
+ command: ["/bin/sh"]
+ args: [ "-c", "sed -i -e '/cadi_keystore_password=/d' -e '/cadi_keystore_password_jks/p' -e 's/cadi_keystore_password_jks/cadi_keystore_password/' -e 's/dmaap-bc.p12/dmaap-bc.jks/' /opt/app/osaaf/local/org.onap.dmaap-bc.cred.props" ]
+
{{- end }}
{{- if .Values.PG.enabled }}
- - command:
+ - name: {{ include "common.name" . }}-postgres-readiness
+ command:
- /root/ready.py
args:
- --container-name
fieldPath: metadata.namespace
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-postgres-readiness
-{{- end}}
+{{- end }}
+{{- end }}
containers:
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ image: "{{ .Values.repository }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- - containerPort: {{ .Values.service.internalPort2 }}
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
{{ if eq .Values.liveness.enabled true -}}
livenessProbe:
httpGet:
- port: {{ .Values.service.internalPort }}
- path: /webapi/info
+ port: {{ .Values.liveness.port }}
+ path: /webapi/topics
+ scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
readinessProbe:
httpGet:
- host: {{ .Values.dmaapMessageRouterService }}
- port: 3904
- path: /topics
+ port: {{ .Values.readiness.port }}
+ path: /webapi/topics
+ scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- {{ end -}}
volumeMounts:
- mountPath: /etc/localtime
name: localtime
readOnly: true
+ - mountPath: {{ .Values.persistence.aafCredsPath }}
+ name: {{ include "common.name" . }}-aaf-config-vol
# NOTE: on the following several configMaps, careful to include / at end
# since there may be more than one file in each mountPath
- name: {{ include "common.name" . }}-config
mountPath: /opt/app/config/conf/
- - name: {{ include "common.name" . }}-aaf-config
- mountPath: /opt/app/dmaapbc/etc/org.onap.dmaap-bc.props
- subPath: org.onap.dmaap-bc.props
- resources:
-{{ include "common.resources" . }}
+ resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
{{- end -}}
{{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
+ affinity: {{ toYaml .Values.affinity | nindent 10 }}
{{- end }}
volumes:
- name: localtime
- name: {{ include "common.name" . }}-config
configMap:
name: {{ include "common.fullname" . }}-config
- - name: {{ include "common.name" . }}-aaf-config
- configMap:
- name: {{ include "common.fullname" . }}-aaf-config
+ - name: {{ include "common.name" . }}-aaf-config-vol
+ emptyDir: {}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
kind: Job
metadata:
name: {{ include "common.fullname" . }}-post-install
- labels:
- app.kubernetes.io/managed-by: {{.Release.Service | quote }}
- app.kubernetes.io/instance: {{include "common.release" . | quote }}
- helm.sh/chart: "{{.Chart.Name}}-{{.Chart.Version}}"
- release: {{ include "common.release" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels: {{- include "common.labels" . | nindent 4 }}
annotations:
# This is what defines this resource as a hook. Without this line, the
# job is considered part of the release.
"helm.sh/hook-delete-policy": hook-succeeded
spec:
template:
- metadata:
- name: {{ include "common.fullname" . }}
- labels:
- app.kubernetes.io/managed-by: {{.Release.Service | quote }}
- app.kubernetes.io/instance: {{include "common.release" . | quote }}
- helm.sh/chart: "{{.Chart.Name}}-{{.Chart.Version}}"
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
restartPolicy: Never
-
containers:
- name: post-install-job
image: "{{ include "common.repository" . }}/{{ .Values.global.clientImage }}"
- name: DELAY
value: "0"
- name: PROTO
+{{- if (include "common.needTLS" .) }}
value: "https"
- name: PORT
value: "8443"
+{{- else }}
+ value: "http"
+ - name: PORT
+ value: "8080"
+{{- end }}
- name: REQUESTID
value: "{{.Chart.Name}}-post-install"
volumeMounts:
mountPath: /opt/app/config/dmaap/
- name: {{ include "common.fullname" . }}-dbc-dcaelocations
mountPath: /opt/app/config/dcaeLocations/
- resources:
-{{ include "common.resources" . | indent 10 }}
+ resources: {{ include "common.resources" . | nindent 10 }}
{{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 8 }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
{{- end -}}
{{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 8 }}
+ affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
volumes:
- name: localtime
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Values.service.name }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- {{- if .Values.global.allow_http }}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.name }}
- {{- end}}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.name }}2
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.name }}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.name }}2
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }}
# application images
repository: nexus3.onap.org:10001
-image: onap/dmaap/dmaap-bc:2.0.3
+#repository: 10.12.7.57:5000
+image: onap/dmaap/dmaap-bc:2.0.4
# application configuration
#AAF local config
aafConfig:
- aafDeployFqi: dmaap-bc@dmaap-bc.onap.org
+ aafDeployFqi: deployer@people.osaaf.org
aafDeployPass: demo123456!
fqdn: dmaap-bc
fqi: dmaap-bc@dmaap-bc.onap.org
cadiLongitude: 0.0
persistence:
- aafCredsPath: /opt/app/osaaf/local
+ aafCredsPath: /opt/app/osaaf/local/
# for Casablanca default deployment, leave this true to
# get a topic namespace that matches MR. When set to false,
periodSeconds: 10
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
- enabled: false
+ port: api
+ enabled: true
readiness:
initialDelaySeconds: 10
periodSeconds: 10
+ port: api
service:
type: NodePort
name: dmaap-bc
- portName: dmaap-bc
- portName2: dmaap-bc
- externalPort: 8080
- internalPort: 8080
- externalPort2: 8443
- internalPort2: 8443
- nodePort: 41
- nodePort2: 42
+ ports:
+ - name: api
+ port: 8443
+ plain_port: 8080
+ port_protocol: http
+ nodePort: 42
# application configuration override for postgres
aaf_env=DEV
aaf_lur=org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm
-cadi_truststore=/opt/kafka/config/org.onap.dmaap.mr.trust.jks
+cadi_truststore=/etc/kafka/secrets/cert/org.onap.dmaap.mr.trust.jks
cadi_truststore_password=enc:gvXm0E9p-_SRNw5_feOUE7wqXBxgxV3S_bdAyB08Sq9F35cCUZHWgQyKIDtTAbEw
-cadi_keyfile=/opt/kafka/config/org.onap.dmaap.mr.keyfile
+cadi_keyfile=/etc/kafka/secrets/cert/org.onap.dmaap.mr.keyfile
cadi_alias=dmaapmr@mr.dmaap.onap.org
-cadi_keystore=/opt/kafka/config/org.onap.dmaap.mr.p12
+cadi_keystore=/etc/kafka/secrets/cert/org.onap.dmaap.mr.p12
cadi_keystore_password=enc:pLMCzQzk-OP7IpYNi0TPtQSkNcraFAdarZG8HbdOKq4BycW6g_7mfhphLhOZo6ht
cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US
--- /dev/null
+jmxUrl: service:jmx:rmi:///jndi/rmi://localhost:{{ .Values.jmx.port }}/jmxrmi
+lowercaseOutputName: true
+lowercaseOutputLabelNames: true
+ssl: false
+rules:
+- pattern : kafka.server<type=ReplicaManager, name=(.+)><>(Value|OneMinuteRate)
+ name: "cp_kafka_server_replicamanager_$1"
+- pattern : kafka.controller<type=KafkaController, name=(.+)><>Value
+ name: "cp_kafka_controller_kafkacontroller_$1"
+- pattern : kafka.server<type=BrokerTopicMetrics, name=(.+)><>OneMinuteRate
+ name: "cp_kafka_server_brokertopicmetrics_$1"
+- pattern : kafka.network<type=RequestMetrics, name=RequestsPerSec, request=(.+)><>OneMinuteRate
+ name: "cp_kafka_network_requestmetrics_requestspersec_$1"
+- pattern : kafka.network<type=SocketServer, name=NetworkProcessorAvgIdlePercent><>Value
+ name: "cp_kafka_network_socketserver_networkprocessoravgidlepercent"
+- pattern : kafka.server<type=ReplicaFetcherManager, name=MaxLag, clientId=(.+)><>Value
+ name: "cp_kafka_server_replicafetchermanager_maxlag_$1"
+- pattern : kafka.server<type=KafkaRequestHandlerPool, name=RequestHandlerAvgIdlePercent><>OneMinuteRate
+ name: "cp_kafka_kafkarequesthandlerpool_requesthandleravgidlepercent"
+- pattern : kafka.controller<type=ControllerStats, name=(.+)><>OneMinuteRate
+ name: "cp_kafka_controller_controllerstats_$1"
+- pattern : kafka.server<type=SessionExpireListener, name=(.+)><>OneMinuteRate
+ name: "cp_kafka_server_sessionexpirelistener_$1"
+++ /dev/null
-log4j.rootLogger=INFO, stdout, kafkaAppender
-
-log4j.appender.stdout=org.apache.log4j.ConsoleAppender
-log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
-log4j.appender.stdout.layout.ConversionPattern=[%d] %p %m (%c)%n
-
-log4j.appender.kafkaAppender=org.apache.log4j.DailyRollingFileAppender
-log4j.appender.kafkaAppender.DatePattern='.'yyyy-MM-dd-HH
-log4j.appender.kafkaAppender.File=${kafka.logs.dir}/server.log
-log4j.appender.kafkaAppender.layout=org.apache.log4j.PatternLayout
-log4j.appender.kafkaAppender.layout.ConversionPattern=[%d] %p %m (%c)%n
-
-log4j.appender.stateChangeAppender=org.apache.log4j.DailyRollingFileAppender
-log4j.appender.stateChangeAppender.DatePattern='.'yyyy-MM-dd-HH
-log4j.appender.stateChangeAppender.File=${kafka.logs.dir}/state-change.log
-log4j.appender.stateChangeAppender.layout=org.apache.log4j.PatternLayout
-log4j.appender.stateChangeAppender.layout.ConversionPattern=[%d] %p %m (%c)%n
-
-log4j.appender.requestAppender=org.apache.log4j.DailyRollingFileAppender
-log4j.appender.requestAppender.DatePattern='.'yyyy-MM-dd-HH
-log4j.appender.requestAppender.File=${kafka.logs.dir}/kafka-request.log
-log4j.appender.requestAppender.layout=org.apache.log4j.PatternLayout
-log4j.appender.requestAppender.layout.ConversionPattern=[%d] %p %m (%c)%n
-
-log4j.appender.cleanerAppender=org.apache.log4j.DailyRollingFileAppender
-log4j.appender.cleanerAppender.DatePattern='.'yyyy-MM-dd-HH
-log4j.appender.cleanerAppender.File=${kafka.logs.dir}/log-cleaner.log
-log4j.appender.cleanerAppender.layout=org.apache.log4j.PatternLayout
-log4j.appender.cleanerAppender.layout.ConversionPattern=[%d] %p %m (%c)%n
-
-log4j.appender.controllerAppender=org.apache.log4j.DailyRollingFileAppender
-log4j.appender.controllerAppender.DatePattern='.'yyyy-MM-dd-HH
-log4j.appender.controllerAppender.File=${kafka.logs.dir}/controller.log
-log4j.appender.controllerAppender.layout=org.apache.log4j.PatternLayout
-log4j.appender.controllerAppender.layout.ConversionPattern=[%d] %p %m (%c)%n
-
-log4j.appender.authorizerAppender=org.apache.log4j.DailyRollingFileAppender
-log4j.appender.authorizerAppender.DatePattern='.'yyyy-MM-dd-HH
-log4j.appender.authorizerAppender.File=${kafka.logs.dir}/kafka-authorizer.log
-log4j.appender.authorizerAppender.layout=org.apache.log4j.PatternLayout
-log4j.appender.authorizerAppender.layout.ConversionPattern=[%d] %p %m (%c)%n
-
-# Change the two lines below to adjust ZK client logging
-log4j.logger.org.I0Itec.zkclient.ZkClient=INFO
-log4j.logger.org.apache.zookeeper=INFO
-
-# Change the two lines below to adjust the general broker logging level (output to server.log and stdout)
-log4j.logger.kafka=INFO
-log4j.logger.org.apache.kafka=INFO
-
-# Change to DEBUG or TRACE to enable request logging
-log4j.logger.kafka.request.logger=WARN, requestAppender
-log4j.additivity.kafka.request.logger=false
-
-# Uncomment the lines below and change log4j.logger.kafka.network.RequestChannel$ to TRACE for additional output
-# related to the handling of requests
-#log4j.logger.kafka.network.Processor=TRACE, requestAppender
-#log4j.logger.kafka.server.KafkaApis=TRACE, requestAppender
-#log4j.additivity.kafka.server.KafkaApis=false
-log4j.logger.kafka.network.RequestChannel$=WARN, requestAppender
-log4j.additivity.kafka.network.RequestChannel$=false
-
-log4j.logger.kafka.controller=TRACE, controllerAppender
-log4j.additivity.kafka.controller=false
-
-log4j.logger.kafka.log.LogCleaner=INFO, cleanerAppender
-log4j.additivity.kafka.log.LogCleaner=false
-
-log4j.logger.state.change.logger=TRACE, stateChangeAppender
-log4j.additivity.state.change.logger=false
-
-# Access denials are logged at INFO level, change to DEBUG to also log allowed accesses
-log4j.logger.kafka.authorizer.logger=INFO, authorizerAppender
-log4j.additivity.kafka.authorizer.logger=false
+++ /dev/null
-############################# Socket Server Settings #############################
-
-# The address the socket server listens on. It will get the value returned from
-# java.net.InetAddress.getCanonicalHostName() if not configured.
-# FORMAT:
-# listeners = listener_name://host_name:port
-# EXAMPLE:
-# listeners = PLAINTEXT://your.host.name:9092
-listeners=EXTERNAL_SASL_PLAINTEXT://0.0.0.0:9093,INTERNAL_SASL_PLAINTEXT://0.0.0.0:9092
-
-# Maps listener names to security protocols, the default is for them to be the same. See the config documentation for more details
-listener.security.protocol.map=INTERNAL_SASL_PLAINTEXT:SASL_PLAINTEXT,EXTERNAL_SASL_PLAINTEXT:SASL_PLAINTEXT
-
-# The number of threads that the server uses for receiving requests from the network and sending responses to the network
-num.network.threads=3
-
-# The number of threads that the server uses for processing requests, which may include disk I/O
-num.io.threads=8
-
-# The send buffer (SO_SNDBUF) used by the socket server
-socket.send.buffer.bytes=102400
-
-#The number of hours to keep a log file before deleting it
-log.retention.hours=168
-#The maximum size of the log before deleting it
-log.retention.bytes=21474836480
-
-# The receive buffer (SO_RCVBUF) used by the socket server
-socket.receive.buffer.bytes=102400
-
-# The maximum size of a request that the socket server will accept (protection against OOM)
-socket.request.max.bytes=104857600
-
-
-############################# Log Basics #############################
-
-# A comma separated list of directories under which to store log files
-log.dirs=/opt/kafka/data
-
-# The default number of log partitions per topic. More partitions allow greater
-# parallelism for consumption, but this will also result in more files across
-# the brokers.
-num.partitions={{ .Values.defaultpartitions }}
-
-# The number of threads per data directory to be used for log recovery at startup and flushing at shutdown.
-# This value is recommended to be increased for installations with data dirs located in RAID array.
-num.recovery.threads.per.data.dir=1
-
-############################# Internal Topic Settings #############################
-# The replication factor for the group metadata internal topics "__consumer_offsets" and "__transaction_state"
-# For anything other than development testing, a value greater than 1 is recommended for to ensure availability such as 3.
-offsets.topic.replication.factor={{ .Values.replicaCount }}
-transaction.state.log.replication.factor=1
-transaction.state.log.min.isr=1
-
-############################# Log Flush Policy #############################
-
-# Messages are immediately written to the filesystem but by default we only fsync() to sync
-# the OS cache lazily. The following configurations control the flush of data to disk.
-# There are a few important trade-offs here:
-# 1. Durability: Unflushed data may be lost if you are not using replication.
-# 2. Latency: Very large flush intervals may lead to latency spikes when the flush does occur as there will be a lot of data to flush.
-# 3. Throughput: The flush is generally the most expensive operation, and a small flush interval may lead to excessive seeks.
-# The settings below allow one to configure the flush policy to flush data after a period of time or
-# every N messages (or both). This can be done globally and overridden on a per-topic basis.
-
-# The number of messages to accept before forcing a flush of data to disk
-#log.flush.interval.messages=10000
-
-# The maximum amount of time a message can sit in a log before we force a flush
-#log.flush.interval.ms=1000
-
-############################# Log Retention Policy #############################
-
-# The following configurations control the disposal of log segments. The policy can
-# be set to delete segments after a period of time, or after a given size has accumulated.
-# A segment will be deleted whenever *either* of these criteria are met. Deletion always happens
-# from the end of the log.
-
-# The minimum age of a log file to be eligible for deletion due to age
-log.retention.hours=168
-
-# A size-based retention policy for logs. Segments are pruned from the log unless the remaining
-# segments drop below log.retention.bytes. Functions independently of log.retention.hours.
-#log.retention.bytes=1073741824
-
-# The maximum size of a log segment file. When this size is reached a new log segment will be created.
-log.segment.bytes=1073741824
-
-# The interval at which log segments are checked to see if they can be deleted according
-# to the retention policies
-log.retention.check.interval.ms=300000
-
-############################# Zookeeper #############################
-
-# Zookeeper connection string (see zookeeper docs for details).
-# This is a comma separated host:port pairs, each corresponding to a zk
-# server. e.g. "127.0.0.1:3000,127.0.0.1:3001,127.0.0.1:3002".
-# You can also append an optional chroot string to the urls to specify the
-# root directory for all kafka znodes.
-zookeeper.connect={{ include "common.release" . }}-{{.Values.zookeeper.name}}-0.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}},{{ include "common.release" . }}-{{.Values.zookeeper.name}}-1.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}},{{ include "common.release" . }}-{{.Values.zookeeper.name}}-2.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}}
-
-# Timeout in ms for connecting to zookeeper
-zookeeper.connection.timeout.ms=6000
-
-
-############################# Group Coordinator Settings #############################
-
-# The following configuration specifies the time, in milliseconds, that the GroupCoordinator will delay the initial consumer rebalance.
-# The rebalance will be further delayed by the value of group.initial.rebalance.delay.ms as new members join the group, up to a maximum of max.poll.interval.ms.
-# The default value for this is 3 seconds.
-# We override this to 0 here as it makes for a better out-of-the-box experience for development and testing.
-# However, in production environments the default value of 3 seconds is more suitable as this will help to avoid unnecessary, and potentially expensive, rebalances during application startup.
-group.initial.rebalance.delay.ms=0
-
-inter.broker.listener.name=INTERNAL_SASL_PLAINTEXT
-default.replication.factor={{ .Values.replicaCount }}
-delete.topic.enable=true
-sasl.enabled.mechanisms=PLAIN
-authorizer.class.name=org.onap.dmaap.kafkaAuthorize.KafkaCustomAuthorizer
-version=1.1.1
-sasl.mechanism.inter.broker.protocol=PLAIN
--- /dev/null
+KafkaServer {
+ org.onap.dmaap.kafkaAuthorize.PlainLoginModule1 required
+ username="${KAFKA_ADMIN}"
+ password="${KAFKA_PSWD}"
+ user_${KAFKA_ADMIN}="${KAFKA_PSWD}";
+};
+Client {
+ org.apache.zookeeper.server.auth.DigestLoginModule required
+ username="${ZK_ADMIN}"
+ password="${ZK_PSWD}";
+ };
--- /dev/null
+Client {
+ org.apache.zookeeper.server.auth.DigestLoginModule required
+ username="${ZK_ADMIN}"
+ password="${ZK_PSWD}";
+ };
\ No newline at end of file
# See the License for the specific language governing permissions and
# limitations under the License.
+{{- if .Values.global.aafEnabled }}
apiVersion: v1
kind: ConfigMap
metadata:
- name: {{ include "common.fullname" . }}-server-prop-configmap
+ name: {{ include "common.fullname" . }}-cadi-prop-configmap
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
data:
-{{ tpl (.Files.Glob "resources/config/server.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/cadi.properties").AsConfig . | indent 2 }}
---
apiVersion: v1
kind: ConfigMap
metadata:
- name: {{ include "common.fullname" . }}-cadi-prop-configmap
+ name: {{ include "common.fullname" . }}-jaas-configmap
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
data:
-{{ tpl (.Files.Glob "resources/config/cadi.properties").AsConfig . | indent 2 }}
----
+{{ tpl (.Files.Glob "resources/jaas/kafka_server_jaas.conf").AsConfig . | indent 2 }}
+
+{{ else }}
apiVersion: v1
kind: ConfigMap
metadata:
- name: {{ include "common.fullname" . }}-log4j-prop-configmap
+ name: {{ include "common.fullname" . }}-jaas-configmap
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
data:
-{{ tpl (.Files.Glob "resources/config/log4j.properties").AsConfig . | indent 2 }}
----
+{{ tpl (.Files.Glob "resources/jaas/zk_client_jaas.conf").AsConfig . | indent 2 }}
+
+{{- end }}
+{{- if .Values.prometheus.jmx.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-prometheus-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ (.Files.Glob "resources/config/jmx-kafka-prometheus.yml").AsConfig | indent 2 }}
+---
+{{- end }}
\ No newline at end of file
--- /dev/null
+# Copyright © 2020 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secret" . }}
\ No newline at end of file
-# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
labels:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
+ {{- if .Values.prometheus.jmx.enabled }}
+ annotations:
+ prometheus.io/scrape: "true"
+ prometheus.io/port: {{ .Values.prometheus.jmx.port | quote }}
+ {{- end }}
spec:
podAntiAffinity:
{{if eq .Values.podAntiAffinityType "hard" -}}
operator: In
values:
- {{ include "common.name" . }}
+ - key: "release"
+ operator: In
+ values:
+ - {{ include "common.release" . }}
topologyKey: "kubernetes.io/hostname"
{{- if .Values.nodeAffinity }}
nodeAffinity:
- {{ toYaml .Values.nodeAffinity | indent 10 }}
+ {{ toYaml .Values.nodeAffinity | indent 10 }}
{{- end }}
initContainers:
- name: {{ include "common.name" . }}-initcontainer
- sh
- -exec
- |
- chown -R 1000:1000 /opt/kafka/data;
- rm -rf '/opt/kafka/data/lost+found';
- cp /opt/kafka/tmpconfig/server.properties /opt/kafka/config/;
- chown 1000:1000 /opt/kafka/config/server.properties;
- cd /opt/kafka/config;
- ls;
+ chown -R 1000:0 /var/lib/kafka/data;
image: "{{ .Values.busyBoxRepository }}/{{ .Values.busyBoxImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- - mountPath: /opt/kafka/data
+ - mountPath: /var/lib/kafka/data
name: kafka-data
- - mountPath: /opt/kafka/tmpconfig/server.properties
- subPath: server.properties
- name: server
- - mountPath: /opt/kafka/config
- name: config-data
name: {{ include "common.name" . }}-permission-fixer
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/etc/kafka/secrets/jaas/${PFILE}; done"
+ env:
+ - name: ZK_ADMIN
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "zk-client" "key" "login") | indent 10 }}
+ - name: ZK_PSWD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "zk-client" "key" "password") | indent 10 }}
+ - name: KAFKA_ADMIN
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "kafka-admin" "key" "login") | indent 10 }}
+ - name: KAFKA_PSWD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "kafka-admin" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /etc/kafka/secrets/jaas
+ name: jaas-config
+ - mountPath: /config-input
+ name: jaas
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
containers:
+ {{- if .Values.prometheus.jmx.enabled }}
+ - name: prometheus-jmx-exporter
+ image: "{{ .Values.prometheus.jmx.imageRepository }}/{{ .Values.prometheus.jmx.image }}:{{ .Values.prometheus.jmx.imageTag }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - java
+ - -XX:+UnlockExperimentalVMOptions
+ - -XX:+UseCGroupMemoryLimitForHeap
+ - -XX:MaxRAMFraction=1
+ - -XshowSettings:vm
+ - -jar
+ - jmx_prometheus_httpserver.jar
+ - {{ .Values.prometheus.jmx.port | quote }}
+ - /etc/jmx-kafka/jmx-kafka-prometheus.yml
+ ports:
+ - containerPort: {{ .Values.prometheus.jmx.port }}
+ resources:
+{{ toYaml .Values.prometheus.jmx.resources | indent 10 }}
+ volumeMounts:
+ - name: jmx-config
+ mountPath: /etc/jmx-kafka
+ {{- end }}
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- -exc
- |
export KAFKA_BROKER_ID=${HOSTNAME##*-} && \
- export ENDPOINT_PORT=$(( $KAFKA_BROKER_ID + {{ .Values.service.baseNodePort }} )) && \
+ {{- if .Values.global.aafEnabled }}
export KAFKA_ADVERTISED_LISTENERS=EXTERNAL_SASL_PLAINTEXT://$(HOST_IP):$(( $KAFKA_BROKER_ID + {{ .Values.service.baseNodePort }} )),INTERNAL_SASL_PLAINTEXT://:{{ .Values.service.internalPort }} && \
- exec start-kafka.sh
+ {{ else }}
+ export KAFKA_ADVERTISED_LISTENERS=EXTERNAL_PLAINTEXT://$(HOST_IP):$(( $KAFKA_BROKER_ID + {{ .Values.service.baseNodePort }} )),INTERNAL_PLAINTEXT://:{{ .Values.service.internalPort }} && \
+ {{- end }}
+ exec /etc/confluent/docker/run
resources:
{{ include "common.resources" . | indent 12 }}
ports:
- containerPort: {{ .Values.service.internalPort }}
- containerPort: {{ .Values.service.externalPort }}
+ {{- if .Values.prometheus.jmx.enabled }}
+ - containerPort: {{ .Values.jmx.port }}
+ name: jmx
+ {{- end }}
{{ if eq .Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
fieldRef:
apiVersion: v1
fieldPath: status.hostIP
+ - name: KAFKA_ZOOKEEPER_CONNECT
+ value: {{ include "common.release" . }}-{{.Values.zookeeper.name}}-0.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}},{{ include "common.release" . }}-{{.Values.zookeeper.name}}-1.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}},{{ include "common.release" . }}-{{.Values.zookeeper.name}}-2.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}}
+ - name: KAFKA_CONFLUENT_SUPPORT_METRICS_ENABLE
+ value: "{{ .Values.kafka.enableSupport }}"
+ - name: KAFKA_OPTS
+ value: "{{ .Values.kafka.jaasOptions }}"
+ {{- if .Values.global.aafEnabled }}
+ - name: KAFKA_OPTS
+ value: "{{ .Values.kafka.jaasOptionsAaf }}"
- name: aaf_locate_url
value: https://aaf-locate.{{ include "common.namespace" . }}:8095
-
+ - name: KAFKA_LISTENER_SECURITY_PROTOCOL_MAP
+ value: "{{ .Values.kafka.protocolMapAaf }}"
+ - name: KAFKA_LISTENERS
+ value: "{{ .Values.kafka.listenersAaf }}"
+ - name: KAFKA_SASL_ENABLED_MECHANISMS
+ value: "{{ .Values.kafka.saslMech }}"
+ - name: KAFKA_INTER_BROKER_LISTENER_NAME
+ value: "{{ .Values.kafka.interBrokerListernerAaf }}"
+ - name: KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL
+ value: "{{ .Values.kafka.saslInterBrokerProtocol }}"
+ - name: KAFKA_AUTHORIZER_CLASS_NAME
+ value: "{{ .Values.kafka.authorizer }}"
+ {{ else }}
+ - name: KAFKA_OPTS
+ value: "{{ .Values.kafka.jaasOptions }}"
+ - name: KAFKA_LISTENER_SECURITY_PROTOCOL_MAP
+ value: "{{ .Values.kafka.protocolMap }}"
+ - name: KAFKA_LISTENERS
+ value: "{{ .Values.kafka.listeners }}"
+ - name: KAFKA_INTER_BROKER_LISTENER_NAME
+ value: "{{ .Values.kafka.interBrokerListerner }}"
+ {{- end }}
+ {{- range $key, $value := .Values.configurationOverrides }}
+ - name: {{ printf "KAFKA_%s" $key | replace "." "_" | upper | quote }}
+ value: {{ $value | quote }}
+ {{- end }}
+ {{- if .Values.jmx.port }}
+ - name: KAFKA_JMX_PORT
+ value: "{{ .Values.jmx.port }}"
+ {{- end }}
+ - name: enableCadi
+ value: "{{ .Values.global.aafEnabled }}"
volumeMounts:
- mountPath: /etc/localtime
name: localtime
readOnly: true
- mountPath: /var/run/docker.sock
name: docker-socket
- - mountPath: /opt/kafka/tmpconfig/server.properties
- subPath: server.properties
- name: server
- - mountPath: /opt/kafka/config/server.properties
- subPath: server.properties
- name: config-data
- - mountPath: /opt/kafka/config/log4j.properties
- subPath: log4j.properties
- name: log4j
- - mountPath: /opt/kafka/config/cadi.properties
+ {{- if .Values.global.aafEnabled }}
+ - mountPath: /etc/kafka/data/cadi.properties
subPath: cadi.properties
name: cadi
- - mountPath: /opt/kafka/data
+ {{ end }}
+ - name: jaas-config
+ mountPath: /etc/kafka/secrets/jaas
+ - mountPath: /var/lib/kafka/data
name: kafka-data
{{- if .Values.tolerations }}
tolerations:
- name: localtime
hostPath:
path: /etc/localtime
- - name: config-data
- emptyDir: {}
+ - name: jaas-config
+ emptyDir:
+ medium: Memory
- name: docker-socket
hostPath:
path: /var/run/docker.sock
- - name: server
- configMap:
- name: {{ include "common.fullname" . }}-server-prop-configmap
- - name: log4j
- configMap:
- name: {{ include "common.fullname" . }}-log4j-prop-configmap
+ {{- if .Values.global.aafEnabled }}
- name: cadi
configMap:
name: {{ include "common.fullname" . }}-cadi-prop-configmap
+ {{ end }}
+ - name: jaas
+ configMap:
+ name: {{ include "common.fullname" . }}-jaas-configmap
+ {{- if .Values.prometheus.jmx.enabled }}
+ - name: jmx-config
+ configMap:
+ name: {{ include "common.fullname" . }}-prometheus-configmap
+ {{- end }}
{{ if not .Values.persistence.enabled }}
- name: kafka-data
emptyDir: {}
storage: {{ .Values.persistence.size | quote }}
{{ end }}
imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
\ No newline at end of file
loggingImage: beats/filebeat:5.5.0
persistence: {}
ubuntuInitRepository: registry.hub.docker.com
+ envsubstImage: dibi/envsubst
#################################################################
# Application configuration defaults.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/dmaap/kafka111:1.0.1
+image: onap/dmaap/kafka111:1.0.3
pullPolicy: Always
ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
busyBoxImage: busybox:1.30
name: message-router-zookeeper
port: 2181
+kafka:
+ heapOptions: -Xmx5G -Xms1G
+ jaasOptions: -Djava.security.auth.login.config=/etc/kafka/secrets/jaas/zk_client_jaas.conf
+ jaasOptionsAaf: -Djava.security.auth.login.config=/etc/kafka/secrets/jaas/kafka_server_jaas.conf
+ enableSupport: false
+ protocolMapAaf: INTERNAL_SASL_PLAINTEXT:SASL_PLAINTEXT,EXTERNAL_SASL_PLAINTEXT:SASL_PLAINTEXT
+ protocolMap: INTERNAL_PLAINTEXT:PLAINTEXT,EXTERNAL_PLAINTEXT:PLAINTEXT
+ listenersAaf: EXTERNAL_SASL_PLAINTEXT://0.0.0.0:9091,INTERNAL_SASL_PLAINTEXT://0.0.0.0:9092
+ listeners: EXTERNAL_PLAINTEXT://0.0.0.0:9091,INTERNAL_PLAINTEXT://0.0.0.0:9092
+ authorizer: org.onap.dmaap.kafkaAuthorize.KafkaCustomAuthorizer
+ saslInterBrokerProtocol: PLAIN
+ saslMech: PLAIN
+ interBrokerListernerAaf: INTERNAL_SASL_PLAINTEXT
+ interBrokerListerner: INTERNAL_PLAINTEXT
+
+
+configurationOverrides:
+ "offsets.topic.replication.factor": "3"
+ "log.dirs": "/var/lib/kafka/data"
+ "log.retention.hours": "168"
+ "num.partitions": "3"
+ "offsets.topic.replication.factor": "3"
+ "transaction.state.log.replication.factor": "1"
+ "transaction.state.log.min.isr": "1"
+ "num.recovery.threads.per.data.dir": "5"
+ "log.retention.hours": "168"
+ "zookeeper.connection.timeout.ms": "6000"
+ "default.replication.factor": "3"
+
+jmx:
+ port: 5555
+
+prometheus:
+ jmx:
+ enabled: false
+ image: solsson/kafka-prometheus-jmx-exporter@sha256
+ imageTag: 6f82e2b0464f50da8104acd7363fb9b995001ddff77d248379f8788e78946143
+ imageRepository: docker.io
+ port: 5556
+
+jaas:
+ config:
+ zkClient: kafka
+ zkClientPassword: kafka_secret
+ kafkaAdminUser: admin
+ kafkaAdminPassword: admin_secret
+ #kafkaAdminUserExternal: some secret
+ #zkClientPasswordExternal: some secret
+
+
+secrets:
+ - uid: zk-client
+ type: basicAuth
+ externalSecret: '{{ .Values.jaas.config.zkClientPasswordExternal}}'
+ login: '{{ .Values.jaas.config.zkClient }}'
+ password: '{{ .Values.jaas.config.zkClientPassword }}'
+ passwordPolicy: required
+ - uid: kafka-admin
+ type: basicAuth
+ externalSecret: '{{ .Values.jaas.config.kafkaAdminUserExternal}}'
+ login: '{{ .Values.jaas.config.kafkaAdminUser }}'
+ password: '{{ .Values.jaas.config.kafkaAdminPassword }}'
+ passwordPolicy: required
+
# flag to enable debugging - application support required
debugEnabled: false
# default number of instances
replicaCount: 3
-#Kafka custom authorizer class name
-kafkaCustomAuthorizer: org.onap.dmaap.kafkaAuthorize.KafkaCustomAuthorizer
-deleteTopicEnable: true
# To access Kafka outside cluster, this value must be set to hard and the number of nodes in K8S cluster must be equal or greater then replica count
podAntiAffinityType: soft
# probe configuration parameters
liveness:
- initialDelaySeconds: 60
- periodSeconds: 10
- timeoutSeconds: 1
+ initialDelaySeconds: 70
+ periodSeconds: 20
+ timeoutSeconds: 10
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
readiness:
- initialDelaySeconds: 60
- periodSeconds: 10
- timeoutSeconds: 1
+ initialDelaySeconds: 90
+ periodSeconds: 20
+ timeoutSeconds: 100
## Persist data to a persitent volume
persistence:
name: message-router-kafka
portName: message-router-kafka
internalPort: 9092
- externalPort: 9093
+ internalSSLPort: 9093
+ externalPort: 9091
baseNodePort: 30490
+++ /dev/null
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright © 2018 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1beta1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- serviceName: {{ .Values.service.name }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - name: {{ include "common.name" . }}-initcontainer
- image: "{{ .Values.global.ubuntuInitRepository }}/{{ .Values.ubuntuInitImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- - command:
- - /root/ready.py
- args:
- - --container-name
- - {{ .Values.messagerouter.container }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - sh
- - -exc
- - |
- exec start-mirrormaker.sh
- resources:
-{{ include "common.resources" . | indent 12 }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- {{ if eq .Values.liveness.enabled true }}
- livenessProbe:
- exec:
- command:
- - sh
- - -c
- - "touch /tmp/lprobe.txt"
- - "rm /tmp/lprobe.txt"
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
- {{ end }}
- readinessProbe:
- exec:
- command:
- - sh
- - -c
- - "touch /tmp/rprobe.txt"
- - "rm /tmp/rprobe.txt"
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
- env:
- - name: KAFKA_HEAP_OPTS
- value: "{{ .Values.kafkaHeapOptions }}"
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /var/run/docker.sock
- name: docker-socket
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: docker-socket
- hostPath:
- path: /var/run/docker.sock
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+jmxUrl: service:jmx:rmi:///jndi/rmi://localhost:{{ .Values.jmx.port }}/jmxrmi
+lowercaseOutputName: true
+lowercaseOutputLabelNames: true
+ssl: false
+rules:
+- pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+)><>(\\w+)"
+ name: "message-router-zookeeper_$2"
+- pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+), name1=replica.(\\d+)><>(\\w+)"
+ name: "message-router-zookeeper_$3"
+ labels:
+ replicaId: "$2"
+- pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+), name1=replica.(\\d+), name2=(\\w+)><>(\\w+)"
+ name: "message-router-zookeeper_$4"
+ labels:
+ replicaId: "$2"
+ memberType: "$3"
+- pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+), name1=replica.(\\d+), name2=(\\w+), name3=(\\w+)><>(\\w+)"
+ name: "message-router-zookeeper_$4_$5"
+ labels:
+ replicaId: "$2"
+ memberType: "$3"
--- /dev/null
+Server {
+ org.apache.zookeeper.server.auth.DigestLoginModule required
+ user_${ZK_ADMIN}="${ZK_PSWD}";
+};
\ No newline at end of file
--- /dev/null
+# Copyright © 2020 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if .Values.prometheus.jmx.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-prometheus-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ (.Files.Glob "resources/config/jmx-zookeeper-prometheus.yml").AsConfig | indent 2 }}
+---
+{{ end }}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-jaas-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ (.Files.Glob "resources/config/zk_server_jaas.conf").AsConfig | indent 2 }}
\ No newline at end of file
--- /dev/null
+# Copyright © 2020 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secret" . }}
labels:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
+ {{- if .Values.prometheus.jmx.enabled }}
+ annotations:
+ prometheus.io/scrape: "true"
+ prometheus.io/port: {{ .Values.prometheus.jmx.port | quote }}
+ {{- end }}
spec:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
operator: In
values:
- {{ include "common.name" . }}
+ - key: "release"
+ operator: In
+ values:
+ - {{ include "common.release" . }}
topologyKey: "kubernetes.io/hostname"
{{- if .Values.nodeAffinity }}
nodeAffinity:
- sh
- -exec
- >
- chown -R 1000:1000 /tmp/zookeeper/apikeys;
+ chown -R 1000:0 /tmp/zookeeper/apikeys;
image: "{{ .Values.busyBoxRepository }}/{{ .Values.busyBoxImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- mountPath: /tmp/zookeeper/apikeys
name: zookeeper-data
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/etc/zookeeper/secrets/jaas/${PFILE}; done"
+ env:
+ - name: ZK_ADMIN
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "zk-admin" "key" "login") | indent 10 }}
+ - name: ZK_PSWD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "zk-admin" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /etc/zookeeper/secrets/jaas
+ name: jaas-config
+ - mountPath: /config-input
+ name: jaas
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
containers:
+ {{- if .Values.prometheus.jmx.enabled }}
+ - name: prometheus-jmx-exporter
+ image: "{{ .Values.prometheus.jmx.imageRepository }}/{{ .Values.prometheus.jmx.image }}:{{ .Values.prometheus.jmx.imageTag }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - java
+ - -XX:+UnlockExperimentalVMOptions
+ - -XX:+UseCGroupMemoryLimitForHeap
+ - -XX:MaxRAMFraction=1
+ - -XshowSettings:vm
+ - -jar
+ - jmx_prometheus_httpserver.jar
+ - {{ .Values.prometheus.jmx.port | quote }}
+ - /etc/jmx-zookeeper/jmx-zookeeper-prometheus.yml
+ ports:
+ - containerPort: {{ .Values.prometheus.jmx.port }}
+ resources:
+{{ toYaml .Values.prometheus.jmx.resources | indent 10 }}
+ volumeMounts:
+ - name: jmx-config
+ mountPath: /etc/jmx-zookeeper
+ {{- end }}
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ .Values.service.serverPortName }}
- containerPort: {{ .Values.service.leaderElectionPort }}
name: {{ .Values.service.leaderElectionPortName }}
+ {{- if .Values.prometheus.jmx.enabled }}
+ - containerPort: {{ .Values.jmx.port }}
+ name: jmx
+ {{- end }}
{{ if eq .Values.liveness.enabled true }}
livenessProbe:
exec:
- command:
- - sh
- - -c
- - "zookeeper-ready.sh 2181"
+ command: ['/bin/bash', '-c', 'echo "ruok" | nc -w 2 -q 2 localhost 2181 | grep imok']
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
{{ end }}
readinessProbe:
exec:
- command:
- - sh
- - -c
- - "zookeeper-ready.sh 2181"
+ command: ['/bin/bash', '-c', 'echo "ruok" | nc -w 2 -q 2 localhost 2181 | grep imok']
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
+ resources:
+{{ toYaml .Values.resources | indent 10 }}
env:
- - name: ZK_REPLICAS
+ - name : KAFKA_HEAP_OPTS
+ value: "{{ .Values.zkConfig.heapOptions }}"
+ {{- if .Values.jmx.port }}
+ - name : KAFKA_JMX_PORT
+ value: "{{ .Values.jmx.port }}"
+ {{- end }}
+ - name : ZOOKEEPER_REPLICAS
value: "{{ .Values.replicaCount }}"
- - name: ZK_INIT_LIMIT
- value: "{{ .Values.zk.initLimit }}"
- - name: ZK_SYNC_LIMIT
- value: "{{ .Values.zk.syncLimit }}"
+ - name : ZOOKEEPER_TICK_TIME
+ value: "{{ .Values.zkConfig.tickTime }}"
+ - name : ZOOKEEPER_SYNC_LIMIT
+ value: "{{ .Values.zkConfig.syncLimit }}"
+ - name : ZOOKEEPER_INIT_LIMIT
+ value: "{{ .Values.zkConfig.initLimit }}"
+ - name : ZOOKEEPER_MAX_CLIENT_CNXNS
+ value: "{{ .Values.zkConfig.maxClientCnxns }}"
+ - name : ZOOKEEPER_AUTOPURGE_SNAP_RETAIN_COUNT
+ value: "{{ .Values.zkConfig.autoPurgeSnapRetainCount}}"
+ - name : ZOOKEEPER_AUTOPURGE_PURGE_INTERVAL
+ value: "{{ .Values.zkConfig.autoPurgePurgeInterval}}"
+ - name: ZOOKEEPER_CLIENT_PORT
+ value: "{{ .Values.zkConfig.clientPort }}"
+ - name: KAFKA_OPTS
+ value: "{{ .Values.zkConfig.kafkaOpts }}"
+ - name: EXTRA_ARGS
+ value: "{{ .Values.zkConfig.extraArgs }}"
+ - name: ZOOKEEPER_SERVER_ID
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ command:
+ - "bash"
+ - "-c"
+ - |
+ ZOOKEEPER_SERVER_ID=$((${HOSTNAME##*-}+1)) \
+ /etc/confluent/docker/run
volumeMounts:
- mountPath: /etc/localtime
name: localtime
readOnly: true
- mountPath: /var/lib/zookeeper/data
name: zookeeper-data
+ - name: jaas-config
+ mountPath: /etc/zookeeper/secrets/jaas
{{- if .Values.tolerations }}
tolerations:
{{ toYaml .Values.tolerations | indent 10 }}
- name: localtime
hostPath:
path: /etc/localtime
+ - name: jaas-config
+ emptyDir:
+ medium: Memory
+ - name: docker-socket
+ hostPath:
+ path: /var/run/docker.sock
+ - name: jaas
+ configMap:
+ name: {{ include "common.fullname" . }}-jaas-configmap
+ {{- if .Values.prometheus.jmx.enabled }}
+ - name: jmx-config
+ configMap:
+ name: {{ include "common.fullname" . }}-prometheus-configmap
+ {{- end }}
{{ if not .Values.persistence.enabled }}
- name: zookeeper-data
emptyDir: {}
{{ else }}
volumeClaimTemplates:
- metadata:
- name: zookeeper-data
+ name: zookeeper-data
labels:
- app: {{ include "common.fullname" . }}
+ app: {{ include "common.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ include "common.release" . }}"
heritage: "{{ .Release.Service }}"
storage: {{ .Values.persistence.size | quote }}
{{ end }}
imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
\ No newline at end of file
loggingImage: beats/filebeat:5.5.0
ubuntuInitRepository: registry.hub.docker.com
persistence: {}
+ envsubstImage: dibi/envsubst
#################################################################
# Application configuration defaults.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/dmaap/zookeeper:6.0.0
+image: onap/dmaap/zookeeper:6.0.2
pullPolicy: Always
ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
busyBoxImage: busybox:1.30
# flag to enable debugging - application support required
debugEnabled: false
-# application configuration
-config:
- # gerrit branch where the latest code is checked in
- gerritBranch: master
- # gerrit project where the latest code is checked in
- gerritProject: http://gerrit.onap.org/r/dmaap/messagerouter/messageservice.git
# default number of instances
replicaCount: 3
# probe configuration parameters
liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- timeoutSeconds: 1
+ initialDelaySeconds: 40
+ periodSeconds: 20
+ timeoutSeconds: 10
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
- timeoutSeconds: 1
+ initialDelaySeconds: 40
+ periodSeconds: 20
+ timeoutSeconds: 10
#Zookeeper properties
-zk:
- initLimit: 5
- syncLimit: 2
+zkConfig:
+ tickTime: 2000
+ syncLimit: 5
+ initLimit: 10
+ maxClientCnxns: 200
+ autoPurgeSnapRetainCount: 3
+ autoPurgePurgeInterval: 24
+ heapOptions: -Xmx2G -Xms2G
+ kafkaOpts: -Dzookeeper.authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider
+ extraArgs: -Djava.security.auth.login.config=/etc/zookeeper/secrets/jaas/zk_server_jaas.conf
+ clientPort: 2181
+
+jmx:
+ port: 5555
+
+prometheus:
+ jmx:
+ enabled: false
+ image: solsson/kafka-prometheus-jmx-exporter@sha256
+ imageTag: 6f82e2b0464f50da8104acd7363fb9b995001ddff77d248379f8788e78946143
+ imageRepository: docker.io
+ port: 5556
+
+jaas:
+ config:
+ zkAdminUser: kafka
+ zkAdminPassword: kafka_secret
+ #zkAdminPasswordExternal= some password
+
+secrets:
+ - uid: zk-admin
+ type: basicAuth
+ externalSecret: '{{ .Values.jaas.config.zkAdminPasswordExternal}}'
+ login: '{{ .Values.jaas.config.zkAdminUser }}'
+ password: '{{ .Values.jaas.config.zkAdminPassword }}'
+ passwordPolicy: required
## Persist data to a persitent volume
persistence:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/multicloud/openstack-fcaps:1.5.3
+image: onap/multicloud/openstack-fcaps:1.5.5
pullPolicy: Always
#Istio sidecar injection policy
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/multicloud/openstack-pike:1.4.1
+image: onap/multicloud/openstack-pike:1.5.5
pullPolicy: Always
#Istio sidecar injection policy
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/multicloud/openstack-starlingx:1.5.3
+image: onap/multicloud/openstack-starlingx:1.5.5
pullPolicy: Always
#Istio sidecar injection policy
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/multicloud/openstack-windriver:1.5.3
+image: onap/multicloud/openstack-windriver:1.5.5
pullPolicy: Always
#Istio sidecar injection policy
# application image
repository: nexus3.onap.org:10001
-image: onap/externalapi/nbi:5.0.1
+image: onap/externalapi/nbi:6.0.0
pullPolicy: IfNotPresent
sdc_authorization: Basic YWFpOktwOGJKNFNYc3pNMFdYbGhhazNlSGxjc2UyZ0F3ODR2YW9HR21KdlV5MlU=
aai_authorization: Basic QUFJOkFBSQ==
version: ~6.x-0
repository: '@local'
condition: dcaegen2.enabled
+ - name: dcaemod
+ version: ~6.x-0
+ repository: '@local'
+ condition: dcaemod.enabled
- name: dmaap
version: ~5.x-0
repository: '@local'
enabled: true
dcaegen2:
enabled: true
+dcaemod:
+ enabled: true
dmaap:
enabled: true
esr:
enabled: false
dcaegen2:
enabled: false
+dcaemod:
+ enabled: false
pnda:
enabled: false
dmaap:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-backend:1.6.1
-backendInitImage: onap/sdc-backend-init:1.6.1
+image: onap/sdc-backend:1.6.2
+backendInitImage: onap/sdc-backend-init:1.6.2
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-cassandra:1.6.1
-cassandraInitImage: onap/sdc-cassandra-init:1.6.1
+image: onap/sdc-cassandra:1.6.2
+cassandraInitImage: onap/sdc-cassandra-init:1.6.2
pullPolicy: Always
spec:
type: {{ .Values.service.type }}
ports:
+ {{ if not .Values.global.security.disableHttp }}
+ # setting http port only if enabled
{{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
name: {{ .Values.service.portName }}
- - port: {{ .Values.service.internalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.portName }}2
{{- else -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
name: {{ .Values.service.portName }}
+ {{ end }}
+ {{ end }}
+
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.internalPort2 }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
+ name: {{ .Values.service.portName }}2
+ {{- else -}}
- port: {{ .Values.service.externalPort2 }}
targetPort: {{ .Values.service.internalPort2 }}
name: {{ .Values.service.portName }}2
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-frontend:1.6.1
+image: onap/sdc-frontend:1.6.2
pullPolicy: Always
config:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-onboard-backend:1.6.1
-onboardingInitImage: onap/sdc-onboard-cassandra-init:1.6.1
+image: onap/sdc-onboard-backend:1.6.2
+onboardingInitImage: onap/sdc-onboard-cassandra-init:1.6.2
pullPolicy: Always
# flag to enable debugging - application support required
"chef_type": "environment",
"default_attributes": {
- "disableHttp": true,
+ "disableHttp": {{ .Values.global.security.disableHttp }},
"CS_VIP": "{{.Values.global.cassandra.serviceName}}.{{include "common.namespace" .}}",
"BE_VIP": "sdc-be.{{include "common.namespace" .}}",
"ONBOARDING_BE_VIP": "sdc-onboarding-be.{{include "common.namespace" .}}",
"private": "eth0"
},
"ECompP": {
- "ecomp_rest_url": "http://portal-app.{{include "common.namespace" .}}:8989/ONAPPORTAL/auxapi",
+ "ecomp_rest_url": "https://portal-app.{{include "common.namespace" .}}:8443/ONAPPORTAL/auxapi",
"ueb_url_list": "message-router.{{include "common.namespace" .}}, message-router.{{include "common.namespace" .}}",
"app_secret": "XftIATw9Jr3VzAcPqt3NnJOu",
"app_key": "x9UfO7JsDn8BESVX",
"inbox_name": "ECOMP-PORTAL-INBOX",
- "ecomp_redirect_url": "http://portal-app.{{include "common.namespace" .}}:8989/ONAPPORTAL/login.htm",
+ "ecomp_redirect_url": "https://portal-app.{{include "common.namespace" .}}:30225/ONAPPORTAL/login.htm",
"app_topic_name": "ECOMP-PORTAL-OUTBOX-SDC1",
"decryption_key": "AGLDdG4D04BKm2IxIWEr8o=="
},
replicaCount: 3
clusterName: cassandra
dataCenter: Pod
-
+ security:
+ disableHttp: true
config:
logstashServiceName: log-ls
logstashPort: 5044
# application image
repository: nexus3.onap.org:10001
-image: onap/usecase-ui-server:2.0.1
+image: onap/usecase-ui-server:2.0.2
pullPolicy: Always
# application configuration
Code Review / oom.git / commitdiff