Ingress, Services, ...) or part of Kubernetes resources (names, labels,
resources requests and limits, ...).
+a full list and simple description is done in
+`kubernetes/common/common/documentation.rst`.
+
Service template
----------------
--- /dev/null
+.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. http://creativecommons.org/licenses/by/4.0
+.. Copyright 2018 Amdocs, Bell Canada
+
+.. Links
+.. _hardcoded-certiticates-label:
+
+ONAP Hardcoded certificates
+###########################
+
+ONAP current installation have hardcoded certificates.
+Here's the list of these certificates:
+
+ +-----------------------------------------------------------------------------------------------------------------------------+
+ | Project | ONAP Certificate | Own Certificate | Path |
+ +============+==================+==================+==========================================================================+
+ | VID | No | Yes | kubernetes/vid/resources/cert |
+ +------------+------------------+------------------+--------------------------------------------------------------------------+
+ | AAI | Yes | No | aai/oom/resources/config/haproxy/aai.pem |
+ +------------+------------------+------------------+--------------------------------------------------------------------------+
+ | AAI | Yes | No | aai/oom/resources/config/aai/aai_keystore |
+ +------------+------------------+------------------+--------------------------------------------------------------------------+
+ | AAI | Yes | No | aai/oom/components/aai-search-data/resources/config/auth/tomcat_keystore |
+ +------------+------------------+------------------+--------------------------------------------------------------------------+
+ | AAI | No | Yes | aai/oom/components/aai-babel/resources/config/auth/tomcat_keystore |
+ +------------+------------------+------------------+--------------------------------------------------------------------------+
+ | AAI | Yes | Yes | aai/oom/components/aai-model-loaderresources/config/auth/tomcat_keystore |
+ +------------+------------------+------------------+--------------------------------------------------------------------------+
- :ref:`user-guide-label` - a guide for operators of an ONAP instance
- :ref:`developer-guide-label` - a guide for developers of OOM and ONAP
- :ref:`cloud-setup-guide-label` - a guide for those setting up cloud environments that ONAP will use
+- :ref:`hardcoded-certiticates-label` - the list of all hardcoded certificates sets in ONAP installation
The :ref:`release-notes-label` for OOM describe the incremental features per release.
> chmod 600 ~/.ssh/onap-key
+Create Network
+==============
+
+An internal network is required in order to deploy our VMs that will host
+Kubernetes.
+
+.. image:: images/network/network_1.png
+
+.. image:: images/network/network_2.png
+
+.. image:: images/network/network_3.png
+
+.. Note::
+ It's better to have one network per deployment and obviously the name of this
+ network should be unique.
+
+Now we need to create a router to attach this network to outside:
+
+.. image:: images/network/network_4.png
+
+Create Security Group
+=====================
+
+A specific security group is also required
+
+.. image:: images/sg/sg_1.png
+
+then click on `manage rules` of the newly created security group.
+And finally click on `Add Rule` and create the following one:
+
+.. image:: images/sg/sg_2.png
+
+.. Note::
+ the security is clearly not good here and the right SG will be proposed in a
+ future version
+
Create Kubernetes Control Plane VMs
===================================
Networking
----------
+Use the created network:
+
.. image:: images/cp_vms/control_plane_4.png
Security Groups
---------------
+Use the created security group:
+
.. image:: images/cp_vms/control_plane_5.png
Key Pair
Apply customization script for Control Plane VMs
------------------------------------------------
-Click :download:`openstack-k8s-controlnode.sh <openstack-k8s-controlnode.sh>`
+Click :download:`openstack-k8s-controlnode.sh <openstack-k8s-controlnode.sh>`
to download the script.
.. literalinclude:: openstack-k8s-controlnode.sh
Launch new VM instances
-----------------------
-The number and size of Worker VMs is depenedent on the size of the ONAP deployment.
-By default, all ONAP applications are deployed. It's possible to customize the deployment
+The number and size of Worker VMs is depenedent on the size of the ONAP deployment.
+By default, all ONAP applications are deployed. It's possible to customize the deployment
and enable a subset of the ONAP applications. For the purpose of this guide, however,
-we will deploy 12 Kubernetes Workers that have been sized to handle the entire ONAP
+we will deploy 12 Kubernetes Workers that have been sized to handle the entire ONAP
application workload.
.. image:: images/wk_vms/worker_1.png
https://storage.googleapis.com/kubernetes-release/release/v1.15.2/bin/linux/amd64/kubectl
https://storage.googleapis.com/kubernetes-release/release/v1.15.2/bin/darwin/amd64/kubectl
+You only need to install kubectl where you'll launch kubernetes command. This
+can be any machines of the kubernetes cluster or a machine that has IP access
+to the APIs.
+Usually, we use the first controller as it has also access to internal
+Kubernetes services, which can be convenient.
+
Validate deployment
-------------------
resources:
small:
limits:
- cpu: 20m
+ cpu: 200m
memory: 280Mi
requests:
cpu: 1m
small:
limits:
cpu: 100m
- memory: 30Mi
+ memory: 400Mi
requests:
cpu: 25m
memory: 10Mi
cpu: 400m
memory: 1Gi
requests:
- cpu: 10m
+ cpu: 25m
memory: 100Mi
unlimited: {}
-Subproject commit ac0ea8aa12226ac95683838e92d22928eb221630
+Subproject commit 40aacd4952fc1d8a37f4ad44c89bef093762b81c
env:
# This sets the port that CDT will use to connect to the main appc container.
# The 11 is the node port suffix that is used in the main appc oom templates
- # for nodePort4. This value will be configured in appc main chart in appc-cdt section.
+ # for nodePort3. This value will be configured in appc main chart in appc-cdt section.
- name: CDT_PORT
- value: "{{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.nodePort4 }}"
+ value: "{{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.nodePort3 }}"
volumeMounts:
- mountPath: /etc/localtime
name: localtime
APPC_HOME=${APPC_HOME:-/opt/onap/appc}
MYSQL_PASSWD=${MYSQL_ROOT_PASSWORD}
-APPC_DB_USER=${APPC_DB_USER:-appcctl}
-APPC_DB_PASSWD=${APPC_DB_PASSWD:-appcctl}
-APPC_DB_DATABASE=${SDN_DB_DATABASE:-appcctl}
+APPC_DB_USER=${APPC_DB_USER}
+APPC_DB_PASSWD=${APPC_DB_PASSWD}
+APPC_DB_DATABASE={{.Values.config.appcdb.dbName}}
+SDNC_DB_DATABASE={{.Values.config.sdncdb.dbName}}
# Create tablespace and user account
if [ -f ${APPC_HOME}/data/appcctl.dump ]
then
- mysql -h {{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}} -u root -p${MYSQL_PASSWD} appcctl < ${APPC_HOME}/data/appcctl.dump
+ mysql -h {{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}} -u root -p${MYSQL_PASSWD} ${APPC_DB_DATABASE} < ${APPC_HOME}/data/appcctl.dump
fi
if [ -f ${APPC_HOME}/data/sdnctl.dump ]
then
- mysql -h {{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}} -u root -p${MYSQL_PASSWD} sdnctl < ${APPC_HOME}/data/sdnctl.dump
+ mysql -h {{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}} -u root -p${MYSQL_PASSWD} ${SDNC_DB_DATABASE} < ${APPC_HOME}/data/sdnctl.dump
fi
if [ -f ${APPC_HOME}/data/sqlData.dump ]
then
- mysql -h {{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}} -u root -p${MYSQL_PASSWD} sdnctl < ${APPC_HOME}/data/sqlData.dump
+ mysql -h {{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}} -u root -p${MYSQL_PASSWD} ${SDNC_DB_DATABASE} < ${APPC_HOME}/data/sqlData.dump
fi
appc.topology.dg.version=2.0.0
# TEMP - Properties that might be needed to make the AAI-APPC connection
-org.onap.appc.db.url.appcctl=jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}:3306/appcctl
-org.onap.appc.db.user.appcctl=appcctl
-org.onap.appc.db.pass.appcctl=appcctl
+org.onap.appc.db.url.appcctl=jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}:3306/{{.Values.config.appcdb.dbName}}
+org.onap.appc.db.user.appcctl=${APPC_DB_USER}
+org.onap.appc.db.pass.appcctl=${APPC_DB_PASSWD}
-org.onap.appc.db.url.sdnctl=jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}:3306/sdnctl
-org.onap.appc.db.user.sdnctl=sdnctl
-org.onap.appc.db.pass.sdnctl=gamma
+org.onap.appc.db.url.sdnctl=jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}:3306/{{.Values.config.sdncdb.dbName}}
+org.onap.appc.db.user.sdnctl=${SDNC_DB_USER}
+org.onap.appc.db.pass.sdnctl=${SDNC_DB_PASSWD}
### ###
org.onap.ccsdk.sli.dbtype=jdbc
org.onap.ccsdk.sli.jdbc.hosts=dbhost
-org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}:3306/sdnctl
+org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}:3306/{{.Values.config.sdncdb.dbName}}
org.onap.ccsdk.sli.jdbc.driver=org.mariadb.jdbc.Driver
-org.onap.ccsdk.sli.jdbc.database=sdnctl
-org.onap.ccsdk.sli.jdbc.user=sdnctl
-org.onap.ccsdk.sli.jdbc.password=gamma
+org.onap.ccsdk.sli.jdbc.database={{.Values.config.sdncdb.dbName}}
+org.onap.ccsdk.sli.jdbc.user=${SDNC_DB_USER}
+org.onap.ccsdk.sli.jdbc.password=${SDNC_DB_PASSWD}
org.onap.ccsdk.sli.jdbc.connection.name=sdnctldb01
org.onap.ccsdk.sli.jdbc.connection.timeout=50
org.onap.ccsdk.sli.jdbc.request.timeout=100
org.onap.ccsdk.sli.jdbc.limit.min=10
org.onap.ccsdk.sli.jdbc.limit.max=20
org.onap.dblib.connection.recovery=false
-
org.onap.ccsdk.sli.dbtype = dblib
#Note : the next 4 fields are only used if org.onap.ccsdk.sli.dbtype = jdbc
-org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}:3306/sdnctl
-org.onap.ccsdk.sli.jdbc.database=sdnctl
-org.onap.ccsdk.sli.jdbc.user=sdnctl
-org.onap.ccsdk.sli.jdbc.password=gamma
+org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}:3306/{{.Values.config.sdncdb.dbName}}
+org.onap.ccsdk.sli.jdbc.database={{.Values.config.sdncdb.dbName}}
+org.onap.ccsdk.sli.jdbc.user=${SDNC_DB_USER}
+org.onap.ccsdk.sli.jdbc.password=${SDNC_DB_PASSWD}
org.xml.sax.driver=org.apache.xerces.parsers.SAXParser
-
# ECOMP is a trademark and service mark of AT&T Intellectual Property.
###
-MYSQL_USER=${MYSQL_USER:-sdnctl}
-MYSQL_PWD=${MYSQL_PWD:-gamma}
-MYSQL_DB=${MYSQL_DB:-sdnctl}
+MYSQL_USER=${SDNC_DB_USER}
+MYSQL_PWD=${SDNC_DB_PASSWD}
+MYSQL_DB={{.Values.config.sdncdb.dbName}}
MYSQL_HOST=${MYSQL_HOST:-{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}}
mysql --user=${MYSQL_USER} --password=${MYSQL_PWD} --host=${MYSQL_HOST} ${MYSQL_DB} <<-END
###
org.onap.ccsdk.sli.dbtype = jdbc
-org.onap.ccsdk.sli.jdbc.url = jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}:3306/sdnctl
-org.onap.ccsdk.sli.jdbc.database = sdnctl
-org.onap.ccsdk.sli.jdbc.user = sdnctl
-org.onap.ccsdk.sli.jdbc.password = gamma
-
+org.onap.ccsdk.sli.jdbc.url = jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}:3306/{{.Values.config.sdncdb.dbName}}
+org.onap.ccsdk.sli.jdbc.database = {{.Values.config.sdncdb.dbName}}
+org.onap.ccsdk.sli.jdbc.user = ${SDNC_DB_USER}
+org.onap.ccsdk.sli.jdbc.password = ${SDNC_DB_PASSWD}
SDNC_HOME=${SDNC_HOME:-/opt/onap/ccsdk}
MYSQL_PASSWD=${MYSQL_ROOT_PASSWORD}
-SDNC_DB_USER=${SDNC_DB_USER:-sdnctl}
-SDNC_DB_PASSWD=${SDNC_DB_PASSWD:-gamma}
-SDNC_DB_DATABASE=${SDN_DB_DATABASE:-sdnctl}
+SDNC_DB_USER=${SDNC_DB_USER}
+SDNC_DB_PASSWD=${SDNC_DB_PASSWD}
+SDNC_DB_DATABASE={{.Values.config.sdncdb.dbName}}
# Create tablespace and user account
if [ -f ${SDNC_HOME}/data/odlsli.dump ]
then
-mysql -h {{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}} -u root -p${MYSQL_PASSWD} sdnctl < ${SDNC_HOME}/data/odlsli.dump
+mysql -h {{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}} -u root -p${MYSQL_PASSWD} ${SDNC_DB_DATABASE} < ${SDNC_HOME}/data/odlsli.dump
fi
org.onap.ccsdk.sli.dbtype=jdbc
org.onap.ccsdk.sli.jdbc.hosts=dbhost
-org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}:3306/sdnctl
+org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}:3306/{{.Values.config.sdncdb.dbName}}
org.onap.ccsdk.sli.jdbc.driver=org.mariadb.jdbc.Driver
-org.onap.ccsdk.sli.jdbc.database=sdnctl
-org.onap.ccsdk.sli.jdbc.user=sdnctl
-org.onap.ccsdk.sli.jdbc.password=gamma
+org.onap.ccsdk.sli.jdbc.database={{.Values.config.sdncdb.dbName}}
+org.onap.ccsdk.sli.jdbc.user=${SDNC_DB_USER}
+org.onap.ccsdk.sli.jdbc.password=${SDNC_DB_PASSWD}
org.onap.ccsdk.sli.jdbc.connection.name=sdnctldb01
org.onap.ccsdk.sli.jdbc.connection.timeout=50
org.onap.ccsdk.sli.jdbc.request.timeout=100
org.onap.ccsdk.sli.jdbc.limit.min=10
org.onap.ccsdk.sli.jdbc.limit.max=20
org.onap.dblib.connection.recovery=false
-
org.onap.ccsdk.sli.dbtype = dblib
#Note : the next 4 fields are only used if org.onap.ccsdk.sli.dbtype = jdbc
-org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}:3306/sdnctl
-org.onap.ccsdk.sli.jdbc.database=sdnctl
-org.onap.ccsdk.sli.jdbc.user=sdnctl
-org.onap.ccsdk.sli.jdbc.password=gamma
+org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}:3306/{{.Values.config.sdncdb.dbName}}
+org.onap.ccsdk.sli.jdbc.database={{.Values.config.sdncdb.dbName}}
+org.onap.ccsdk.sli.jdbc.user=${SDNC_DB_USER}
+org.onap.ccsdk.sli.jdbc.password=${SDNC_DB_PASSWD}
org.xml.sax.driver=org.apache.xerces.parsers.SAXParser
-
# ============LICENSE_END=========================================================
###
-MYSQL_USER=${MYSQL_USER:-sdnctl}
-MYSQL_PWD=${MYSQL_PWD:-gamma}
-MYSQL_DB=${MYSQL_DB:-sdnctl}
+MYSQL_USER=${SDNC_DB_USER}
+MYSQL_PWD=${SDNC_DB_PASSWD}
+MYSQL_DB={{.Values.config.sdncdb.dbName}}
MYSQL_HOST=${MYSQL_HOST:-{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}}
mysql --user=${MYSQL_USER} --password=${MYSQL_PWD} --host=${MYSQL_HOST} ${MYSQL_DB} <<-END
SELECT module, rpc, version, mode from SVC_LOGIC where active='Y';
END
-
###
org.onap.ccsdk.sli.dbtype = jdbc
-org.onap.ccsdk.sli.jdbc.url = jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}:3306/sdnctl
-org.onap.ccsdk.sli.jdbc.database = sdnctl
-org.onap.ccsdk.sli.jdbc.user = sdnctl
-org.onap.ccsdk.sli.jdbc.password = gamma
-
+org.onap.ccsdk.sli.jdbc.url = jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}:3306/{{.Values.config.sdncdb.dbName}}
+org.onap.ccsdk.sli.jdbc.database = {{.Values.config.sdncdb.dbName}}
+org.onap.ccsdk.sli.jdbc.user = ${SDNC_DB_USER}
+org.onap.ccsdk.sli.jdbc.password = ${SDNC_DB_PASSWD}
# See the License for the specific language governing permissions and
# limitations under the License.
-{{ include "common.secret" . }}
+{{ include "common.secretFast" . }}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: "{{ .Values.service.portName }}-8282"
+ name: "{{ .Values.service.portName }}-8443"
- port: {{ .Values.service.externalPort2 }}
targetPort: {{ .Values.service.internalPort2 }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: "{{ .Values.service.portName }}-8443"
+ name: "{{ .Values.service.portName }}-1830"
- port: {{ .Values.service.externalPort3 }}
targetPort: {{ .Values.service.internalPort3 }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort3 }}
- name: "{{ .Values.service.portName }}-1830"
- - port: {{ .Values.service.externalPort4 }}
- targetPort: {{ .Values.service.internalPort4 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort4 }}
name: "{{ .Values.service.portName }}-9090"
{{- else -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}-8282
+ name: {{ .Values.service.portName }}-8443
- port: {{ .Values.service.externalPort2 }}
targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName }}-8443
+ name: {{ .Values.service.portName }}-1830
- port: {{ .Values.service.externalPort3 }}
targetPort: {{ .Values.service.internalPort3 }}
- name: {{ .Values.service.portName }}-1830
- - port: {{ .Values.service.externalPort4 }}
- targetPort: {{ .Values.service.internalPort4 }}
name: {{ .Values.service.portName }}-9090
{{- end}}
selector:
release: {{ include "common.release" . }}
spec:
initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; chmod 0755 /config/${PFILE}; done"
+ env:
+ - name: APPC_DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "appcdb-user-creds" "key" "login") | indent 10 }}
+ - name: APPC_DB_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "appcdb-user-creds" "key" "password") | indent 10 }}
+ - name: SDNC_DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdncdb-user-creds" "key" "login") | indent 10 }}
+ - name: SDNC_DB_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdncdb-user-creds" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input/appc-data-properties
+ name: onap-appc-data-properties-input
+ - mountPath: /config-input/appc-svclogic-config
+ name: onap-appc-svclogic-config-input
+ - mountPath: /config-input/sdnc-data-properties
+ name: onap-sdnc-data-properties-input
+ - mountPath: /config-input/sdnc-svclogic-config
+ name: onap-sdnc-svclogic-config-input
+ - mountPath: /config/appc-data-properties
+ name: onap-appc-data-properties
+ - mountPath: /config/appc-svclogic-config
+ name: onap-appc-svclogic-config
+ - mountPath: /config/sdnc-data-properties
+ name: onap-sdnc-data-properties
+ - mountPath: /config/sdnc-svclogic-config
+ name: onap-sdnc-svclogic-config
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+
- name: {{ include "common.name" . }}-readiness
command:
- /root/ready.py
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- name: MYSQL_ROOT_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}}
+ - name: APPC_DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "appcdb-user-creds" "key" "login") | indent 14 }}
+ - name: APPC_DB_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "appcdb-user-creds" "key" "password") | indent 14 }}
+ - name: SDNC_DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdncdb-user-creds" "key" "login") | indent 14 }}
+ - name: SDNC_DB_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdncdb-user-creds" "key" "password") | indent 14 }}
- name: SDNC_CONFIG_DIR
value: "{{ .Values.config.configDir }}"
- name: APPC_CONFIG_DIR
name: onap-appc-data-properties
subPath: cadi.properties
- mountPath: /opt/onap/appc/data/properties/aaa-app-config.xml
- name: onap-appc-data-properties
+ name: onap-appc-data-properties-input
subPath: aaa-app-config.xml
- mountPath: /opt/onap/appc/data/properties/bath_config.csv
name: onap-appc-data-properties
emptyDir: {}
- name: data-filebeat
emptyDir: {}
- - name: onap-appc-data-properties
+ - name: onap-appc-data-properties-input
configMap:
name: {{ include "common.fullname" . }}-onap-appc-data-properties
- - name: onap-appc-svclogic-config
+ - name: onap-appc-svclogic-config-input
configMap:
name: {{ include "common.fullname" . }}-onap-appc-svclogic-config
- name: onap-appc-svclogic-bin
configMap:
name: {{ include "common.fullname" . }}-onap-appc-bin
defaultMode: 0755
- - name: onap-sdnc-data-properties
+ - name: onap-sdnc-data-properties-input
configMap:
name: {{ include "common.fullname" . }}-onap-sdnc-data-properties
- - name: onap-sdnc-svclogic-config
+ - name: onap-sdnc-svclogic-config-input
configMap:
name: {{ include "common.fullname" . }}-onap-sdnc-svclogic-config
- name: onap-sdnc-svclogic-bin
configMap:
name: {{ include "common.fullname" . }}-onap-sdnc-bin
defaultMode: 0755
+ - name: onap-appc-data-properties
+ emptyDir:
+ medium: Memory
+ - name: onap-appc-svclogic-config
+ emptyDir:
+ medium: Memory
+ - name: onap-sdnc-data-properties
+ emptyDir:
+ medium: Memory
+ - name: onap-sdnc-svclogic-config
+ emptyDir:
+ medium: Memory
{{ if not .Values.persistence.enabled }}
- name: {{ include "common.fullname" . }}-data
emptyDir: {}
readinessImage: readiness-check:2.0.0
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ # envsusbt
+ envsubstImage: dibi/envsubst
persistence:
mountPath: /dockerdata-nfs
#################################################################
secrets:
- uid: "db-root-pass"
- externalSecret: '{{- include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (index .Values "mariadb-galera" "nameOverride")) }}'
+ name: '{{ include "common.release" . }}-appc-db-root-pass'
+ externalSecret: '{{ .Values.config.dbRootPassExternalSecret }}'
type: password
+ password: '{{ .Values.config.dbRootPass }}'
+ - uid: 'appcdb-user-creds'
+ name: '{{ include "common.release" . }}-appcdb-user-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.appcdb.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.appcdb.userName }}'
+ password: '{{ .Values.config.appcdb.password }}'
+ - uid: 'sdncdb-user-creds'
+ name: '{{ include "common.release" . }}-sdncdb-user-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.sdncdb.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.sdncdb.userName }}'
+ password: '{{ .Values.config.sdncdb.password }}'
+
#################################################################
# Application configuration defaults.
# application configuration
config:
+# dbRootPassExternalSecret: some secret
+# dbRootPass: password
+ appcdb:
+ # Warning: changing this config option may not work.
+ # It seems that the DB name is hardcoded.
+ dbName: appcctl
+ userName: appcctl
+ password: appcctl
+ # userCredsExternalSecret: some secret
+ sdncdb:
+ # Warning: changing this config option may not work.
+ # It seems that the DB name is hardcoded.
+ dbName: sdnctl
+ userName: sdnctl
+ password: gamma
+ # userCredsExternalSecret: some secret
odlUid: 100
odlGid: 101
ansibleServiceName: appc-ansible-server
ansiblePort: 8000
- userName: my-user
- userPassword: my-password
- mysqlDatabase: my-database
mariadbGaleraSVCName: appc-dbhost
mariadbGaleraContName: appc-db
enableAAF: true
mariadb-galera:
nameOverride: appc-db
+ config:
+ mariadbRootPasswordExternalSecret: '{{ include "common.release" . }}-appc-db-root-pass'
service:
name: appc-dbhost
portName: appc-dbhost
dgbuilder:
nameOverride: appc-dgbuilder
config:
+ db:
+ rootPasswordExternalSecret: '{{ include "common.release" . }}-appc-db-root-pass'
+ userCredentialsExternalSecret: '{{ include "common.release" . }}-sdncdb-user-creds'
dbPodName: appc-db
dbServiceName: appc-dbhost
service:
name: appc-dgbuilder
-#passing value to cdt chart. value of nodePort4 will be same as appc.service.nodePort4.
+#passing value to cdt chart. value of nodePort3 will be same as appc.service.nodePort3.
appc-cdt:
- nodePort4: 11
+ nodePort3: 11
# default number of instances
replicaCount: 1
name: appc
portName: appc
- internalPort: 8181
- externalPort: 8282
- nodePort: "08"
-
- internalPort2: 8443
- externalPort2: 8443
- nodePort2: 30
+ internalPort: 8443
+ externalPort: 8443
+ nodePort: 30
- externalPort3: 1830
- nodePort3: 31
+ externalPort2: 1830
+ nodePort2: 31
clusterPort: 2550
- internalPort4: 9191
- externalPort4: 9090
- nodePort4: 11
+ internalPort3: 9191
+ externalPort3: 9090
+ nodePort3: 11
## Persist data to a persitent volume
persistence:
blueprintsprocessor.grpcPort=9111
# db
-blueprintsprocessor.db.url=jdbc:mysql://cds-db:3306/sdnctl
-blueprintsprocessor.db.username=sdnctl
-blueprintsprocessor.db.password=sdnctl
+blueprintsprocessor.db.url=jdbc:mysql://{{.Values.config.cdsDB.dbServer}}:{{.Values.config.cdsDB.dbPort}}/{{.Values.config.cdsDB.dbName}}
+blueprintsprocessor.db.username=${CDS_DB_USERNAME}
+blueprintsprocessor.db.password=${CDS_DB_PASSWORD}
blueprintsprocessor.db.driverClassName=org.mariadb.jdbc.Driver
blueprintsprocessor.db.hibernateHbm2ddlAuto=update
blueprintsprocessor.db.hibernateDDLAuto=update
# processor-db endpoint
blueprintsprocessor.db.processor-db.type=maria-db
-blueprintsprocessor.db.processor-db.url=jdbc:mysql://mariadb-galera:3306/sdnctl
+blueprintsprocessor.db.processor-db.url=jdbc:mysql://{{.Values.config.cdsDB.dbServer}}:{{.Values.config.cdsDB.dbPort}}/{{.Values.config.cdsDB.dbName}}
blueprintsprocessor.db.processor-db.username=root
-blueprintsprocessor.db.processor-db.password=secretpassword
+blueprintsprocessor.db.processor-db.password=${CDS_DB_ROOT_PASSWORD}
# Python executor
blueprints.processor.functions.python.executor.executionPath=/opt/app/onap/scripts/jython/ccsdk_blueprints
security.user.password: {bcrypt}$2a$10$duaUzVUVW0YPQCSIbGEkQOXwafZGwQ/b32/Ys4R1iwSSawFgz7QNu
security.user.name: ccsdkapps
+# Error Managements
+error.catalog.applicationId=cds
+error.catalog.type=properties
+error.catalog.errorDefinitionFileDirectory=/opt/app/onap/config
+
# SDN-C's ODL Restconf Connection Details
blueprintsprocessor.restconfEnabled=true
blueprintsprocessor.restclient.sdncodl.type=basic-auth
blueprintsprocessor.messageproducer.self-service-api.topic=cds-producer
-blueprintprocessor.remoteScriptCommand.enabled=true
-
#Encrypted username and password for health check service
endpoints.user.name=eHbVUbJAj4AG2522cSbrOQ==
endpoints.user.password=eHbVUbJAj4AG2522cSbrOQ==
--- /dev/null
+#
+# Copyright © 2020 IBM, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+org.onap.ccsdk.cds.blueprintsprocessor.generic_failure=cause=Internal error in Blueprint Processor run time.,action=Contact CDS administrator team.
+org.onap.ccsdk.cds.blueprintsprocessor.resource_path_missing=cause=Resource path missing or wrong.,action=Please reload your artifact in run time.
+org.onap.ccsdk.cds.blueprintsprocessor.resource_writing_fail=cause=Fail to write resources files.,action=Please reload your files and make sure it is in the right format.
+org.onap.ccsdk.cds.blueprintsprocessor.io_file_interrupt=cause=IO file system interruption.,action=Please reload your file and make sure it is in the right format.
+org.onap.ccsdk.cds.blueprintsprocessor.invalid_request_format=cause=bad request provided.,action=Verify the request payload.
+org.onap.ccsdk.cds.blueprintsprocessor.unauthorized_request=cause=The request requires user authentication.,action=Please provide the right credentials.
+org.onap.ccsdk.cds.blueprintsprocessor.request_not_found=cause=Request mapping doesn't exist.,action=Please verify your request.
+org.onap.ccsdk.cds.blueprintsprocessor.conflict_adding_resource=cause=Duplicated entry while saving resource.,action=Please make the saving model doesn't exist.
+org.onap.ccsdk.cds.blueprintsprocessor.duplicate_data=cause=Duplicated data - was expecting one result, got more than one.,action=Please provide single resource at a time.
+org.onap.ccsdk.cds.blueprintsprocessor.resource_not_found=cause=No response was found for this request in the server.,action=Provide the ID to find the resource.
+org.onap.ccsdk.cds.blueprintsprocessor.unsupported_media_type=cause=An invalid media was provided.,action=Please make sure your media or artifact is in the proper structure or format.
+
+# Self Service API
+org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.generic_failure=cause=Internal error in Self Service API.,action=Verify the request and try again.
+org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.generic_process_failure=cause=Internal error while processing REST call to the Self Service API.,action=Verify the request and try again.
+org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.invalid_file_extension=cause=Failed trying to upload a non ZIP file format.,action=Please reload your file and make sure it is in ZIP format.
+org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.resource_path_missing=cause=Resource path missing or wrong.,action=Please reload your artifact in run time.
+org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.resource_writing_fail=cause=Fail to write resources files.,action=Please reload your files and make sure it is in the right format.
+org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.io_file_interrupt=cause=IO file system interruption.,action=Please reload your file and make sure it is in the right format.
+org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.invalid_request_format=cause=bad request provided.,action=Verify the request payload.
+org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.unauthorized_request=cause=The request requires user authentication.,action=Please provide the right credentials.
+org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.request_not_found=cause=Request mapping doesn't exist.,action=Please verify your request.
+org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.conflict_adding_resource=cause=Duplicated entry while saving resource.,action=Please make the saving model doesn't exist.
+org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.duplicate_data=cause=Duplicated data - was expecting one result, got more than one.,action=Please provide single resource at a time.
+org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.resource_not_found=cause=No response was found for this request in the server.,action=Provide the ID to find the resource.
+org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.unsupported_media_type=cause=An invalid media was provided.,action=Please make sure your media or artifact is in the proper structure or format.
+
+# Designer API
+org.onap.ccsdk.cds.blueprintsprocessor.designer.api.generic_failure=cause=Internal error while processing REST call to the Designer API.,action=Verify the request and try again.
+org.onap.ccsdk.cds.blueprintsprocessor.designer.api.invalid_file_extension=cause=Failed trying to upload a non ZIP file format.,action=Please reload your file and make sure it is in ZIP format.
+org.onap.ccsdk.cds.blueprintsprocessor.designer.api.resource_path_missing=cause=Resource path missing or wrong.,action=Please reload your artifact in run time.
+org.onap.ccsdk.cds.blueprintsprocessor.designer.api.resource_writing_fail=cause=Fail to write resources files.,action=Please reload your files and make sure it is in the right format.
+org.onap.ccsdk.cds.blueprintsprocessor.designer.api.io_file_interrupt=cause=IO file system interruption.,action=Please reload your file and make sure it is in the right format.
+org.onap.ccsdk.cds.blueprintsprocessor.designer.api.invalid_request_format=cause=bad request provided.,action=Verify the request payload.
+org.onap.ccsdk.cds.blueprintsprocessor.designer.api.unauthorized_request=cause=The request requires user authentication.,action=Please provide the right credentials.
+org.onap.ccsdk.cds.blueprintsprocessor.designer.api.request_not_found=cause=Request mapping doesn't exist.,action=Please verify your request.
+org.onap.ccsdk.cds.blueprintsprocessor.designer.api.conflict_adding_resource=cause=Duplicated entry while saving resource.,action=Please make the saving model doesn't exist.
+org.onap.ccsdk.cds.blueprintsprocessor.designer.api.duplicate_data=cause=Duplicated data - was expecting one result, got more than one.,action=Please provide single resource at a time.
+org.onap.ccsdk.cds.blueprintsprocessor.designer.api.resource_not_found=cause=No response was found for this request in the server.,action=Provide the ID to find the resource.
+org.onap.ccsdk.cds.blueprintsprocessor.designer.api.unsupported_media_type=cause=An invalid media was provided.,action=Please make sure your media or artifact is in the proper structure or format.
+
+# Resource API
+org.onap.ccsdk.cds.blueprintsprocessor.resource.api.generic_failure=cause=Internal error while processing REST call to the Resource API.,action=Verify the request and try again.
+org.onap.ccsdk.cds.blueprintsprocessor.resource.api.invalid_file_extension=cause=Failed trying to upload a non ZIP file format.,action=Please reload your file and make sure it is in ZIP format.
+org.onap.ccsdk.cds.blueprintsprocessor.resource.api.resource_path_missing=cause=Resource path missing or wrong.,action=Please reload your artifact in run time.
+org.onap.ccsdk.cds.blueprintsprocessor.resource.api.resource_writing_fail=cause=Fail to write resources files.,action=Please reload your files and make sure it is in the right format.
+org.onap.ccsdk.cds.blueprintsprocessor.resource.api.io_file_interrupt=cause=IO file system interruption.,action=Please reload your file and make sure it is in the right format.
+org.onap.ccsdk.cds.blueprintsprocessor.resource.api.invalid_request_format=cause=bad request provided.,action=Verify the request payload.
+org.onap.ccsdk.cds.blueprintsprocessor.resource.api.unauthorized_request=cause=The request requires user authentication.,action=Please provide the right credentials.
+org.onap.ccsdk.cds.blueprintsprocessor.resource.api.request_not_found=cause=Request mapping doesn't exist.,action=Please verify your request.
+org.onap.ccsdk.cds.blueprintsprocessor.resource.api.conflict_adding_resource=cause=Duplicated entry while saving resource.,action=Please make the saving model doesn't exist.
+org.onap.ccsdk.cds.blueprintsprocessor.resource.api.duplicate_data=cause=Duplicated data - was expecting one result, got more than one.,action=Please provide single resource at a time.
+org.onap.ccsdk.cds.blueprintsprocessor.resource.api.resource_not_found=cause=No response was found for this request in the server.,action=Provide the ID to find the resource.
+org.onap.ccsdk.cds.blueprintsprocessor.resource.api.unsupported_media_type=cause=An invalid media was provided.,action=Please make sure your media or artifact is in the proper structure or format.
+
+
+# Configs API
+org.onap.ccsdk.cds.blueprintsprocessor.configs.api.generic_failure=cause=Internal error while processing REST call to the Configs API.,action=Verify the request and try again.
+org.onap.ccsdk.cds.blueprintsprocessor.configs.api.resource_path_missing=cause=Resource path missing or wrong.,action=Please reload your artifact in run time.
+org.onap.ccsdk.cds.blueprintsprocessor.configs.api.io_file_interrupt=cause=IO file system interruption.,action=Please reload your file and make sure it is in the right format.
+org.onap.ccsdk.cds.blueprintsprocessor.configs.api.invalid_request_format=cause=bad request provided.,action=Verify the request payload.
+org.onap.ccsdk.cds.blueprintsprocessor.configs.api.unauthorized_request=cause=The request requires user authentication.,action=Please provide the right credentials.
+org.onap.ccsdk.cds.blueprintsprocessor.configs.api.request_not_found=cause=Request mapping doesn't exist.,action=Please verify your request.
+org.onap.ccsdk.cds.blueprintsprocessor.configs.api.conflict_adding_resource=cause=Duplicated entry while saving resource.,action=Please make the saving model doesn't exist.
+org.onap.ccsdk.cds.blueprintsprocessor.configs.api.duplicate_data=cause=Duplicated data - was expecting one result, got more than one.,action=Please provide single resource at a time.
+org.onap.ccsdk.cds.blueprintsprocessor.configs.api.resource_not_found=cause=No response was found for this request in the server.,action=Provide the ID to find the resource.
+
+# Python Executor
+org.onap.ccsdk.cds.blueprintsprocessor.functions.python.executor.generic_failure=cause=Internal error in Blueprint Processor run time.,action=Contact CDS administrator team.
+
+# Resource resolution
+org.onap.ccsdk.cds.blueprintsprocessor.resource.resolution.invalid_request_format=cause=bad request provided.,action=Verify the request payload.
+org.onap.ccsdk.cds.blueprintsprocessor.resource.resolution.resource_not_found=cause=No response was found for this resolution in CDS.,action=Verify definition of the resource in CBA.
+org.onap.ccsdk.cds.blueprintsprocessor.resource.resolution.internal_error=cause=Internal error while processing Resource Resolution.,action=Verify the payload.
+
+org.onap.ccsdk.cds.sdclistener.generic_failure=cause=Internal error in SDC Listener.,action=Contact CDS administrator team.
# Copyright (c) 2019 IBM, Bell Canada
+# Copyright (c) 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
release: {{ include "common.release" . }}
spec:
initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1 .`; do envsubst '${CDS_DB_USERNAME},${CDS_DB_PASSWORD},${CDS_DB_ROOT_PASSWORD}' <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: CDS_DB_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cds-db-user-creds" "key" "login") | indent 10}}
+ - name: CDS_DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cds-db-user-creds" "key" "password") | indent 10}}
+ - name: CDS_DB_ROOT_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cds-db-root-pass" "key" "password") | indent 10}}
+
+ volumeMounts:
+ - mountPath: /config-input/application.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: application.properties
+ - mountPath: /config
+ name: processed-config
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+
- command:
- /root/ready.py
args:
name: localtime
readOnly: true
- mountPath: {{ .Values.config.appConfigDir }}/application.properties
- name: {{ include "common.fullname" . }}-config
+ name: processed-config
subPath: application.properties
+ - mountPath: {{ .Values.config.appConfigDir }}/error-messages_en.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: error-messages_en.properties
- mountPath: {{ .Values.config.appConfigDir }}/logback.xml
name: {{ include "common.fullname" . }}-config
subPath: logback.xml
items:
- key: application.properties
path: application.properties
+ - key: error-messages_en.properties
+ path: error-messages_en.properties
- key: logback.xml
path: logback.xml
- key: hazelcast.yaml
- name: {{ include "common.fullname" . }}-blueprints
persistentVolumeClaim:
claimName: {{ include "common.release" . }}-cds-blueprints
+ - name: processed-config
+ emptyDir:
+ medium: Memory
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-description: ONAP VFC - Catalog
-name: vfc-catalog
-version: 5.0.0
\ No newline at end of file
+{{ include "common.secretFast" . }}
# Copyright (c) 2019 IBM, Bell Canada
+# Copyright (c) 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
persistence:
mountPath: /dockerdata-nfs
+ # envsusbt
+ envsubstImage: dibi/envsubst
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: 'cds-db-user-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.cdsDB.dbCredsExternalSecret) . }}'
+ login: '{{ .Values.config.cdsDB.dbUser }}'
+ password: '{{ .Values.config.cdsDB.dbPassword }}'
+ passwordPolicy: required
+ - uid: 'cds-db-root-pass'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.config.cdsDB.dbRootPassExternalSecret) . }}'
+ password: '{{ .Values.config.cdsDB.dbRootPassword }}'
+ passwordPolicy: required
+
#################################################################
# Application configuration defaults.
#################################################################
config:
appConfigDir: /opt/app/onap/config
useScriptCompileCache: true
+ cdsDB:
+ dbServer: cds-db
+ dbPort: 3306
+ dbName: sdnctl
+ # dbUser: sdnctl
+ # dbPassword: sdnctl
+ # dbCredsExternalSecret: <some secret name>
+ # dbRootPassword: password
+ # dbRootPassExternalSecret
# default number of instances
replicaCount: 1
# custom kafka cluster.
dmaapEnabled: true
+
# probe configuration parameters
liveness:
initialDelaySeconds: 120
service:
http:
- type: NodePort
+ type: ClusterIP
portName: blueprints-processor-http
internalPort: 8080
externalPort: 8080
- nodePort: 99
grpc:
type: ClusterIP
portName: blueprints-processor-grpc
listenerservice:
config:
- asdcAddress: sdc-be:8443 #SDC-BE
- messageBusAddress: message-router #Message-Router
- user: vid #SDC-username
+ asdcAddress: sdc-be.{{include "common.namespace" .}}:8443 #SDC-BE
+ messageBusAddress: message-router.{{include "common.namespace" .}} #Message-Router
+ user: cds #SDC-username
password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U #SDC-password
pollingInterval: 15
pollingTimeout: 60
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-description: ONAP Message Router Kafka Service
-name: message-router-mirrormaker
-version: 5.0.0
-
+{{ include "common.secretFast" . }}
+# Copyright © 2020 Samsung Electronics
# Copyright © 2019 Orange, Bell Canada
# Copyright © 2017 Amdocs, Bell Canada
#
persistence:
mountPath: /dockerdata-nfs
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - name: &dbUserSecretName '{{ include "common.release" . }}-cds-db-secret'
+ uid: 'cds-db-secret'
+ type: basicAuth
+ externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "cds-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}'
+ login: '{{ index .Values "mariadb-galera" "config" "userName" }}'
+ password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}'
+ - name: &dbRootPasswordSecretName '{{ include "common.release" . }}-cds-db-root-pass'
+ uid: 'cds-db-root-pass'
+ type: password
+ externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "mariadbRootPasswordExternalSecret")) .) (hasSuffix "cds-db-root-pass" (index .Values "mariadb-galera" "config" "mariadbRootPasswordExternalSecret"))}}'
+ password: '{{ index .Values "mariadb-galera" "config" "mariadbRootPassword" }}'
+
#################################################################
# Application configuration defaults.
#################################################################
ingress:
enabled: false
-
mariadb-galera:
config:
- userName: sdnctl
- userPassword: sdnctl
- mariadbRootPassword: sdnctl
- mysqlDatabase: sdnctl
- nameOverride: cds-db
+ userName: sdnctl
+ # userPassword: sdnctl
+ userCredentialsExternalSecret: *dbUserSecretName
+ mariadbRootPasswordExternalSecret: *dbRootPasswordSecretName
+ mysqlDatabase: &mysqlDbName sdnctl
+ nameOverride: &dbServer cds-db
service:
name: cds-db
portName: cds-db
enabled: true
mountSubPath: cds/data
+cds-blueprints-processor:
+ config:
+ cdsDB:
+ dbServer: *dbServer
+ dbPort: 3306
+ dbName: *mysqlDbName
+ dbCredsExternalSecret: *dbUserSecretName
+ dbRootPassExternalSecret: *dbRootPasswordSecretName
+
#Resource Limit flavor -By Default using small
flavor: small
#segregation for different envionment (Small and Large)
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-dashboard-elasticsearch:5.0.2
+image: onap/clamp-dashboard-elasticsearch:5.0.3
pullPolicy: Always
# flag to enable debugging - application support required
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-dashboard-kibana:5.0.2
+image: onap/clamp-dashboard-kibana:5.0.3
pullPolicy: Always
# flag to enable debugging - application support required
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-dashboard-logstash:5.0.2
+image: onap/clamp-dashboard-logstash:5.0.3
pullPolicy: Always
# flag to enable debugging - application support required
--- /dev/null
+.. This work is licensed under a Creative Commons Attribution 4.0 International
+.. License.
+.. http://creativecommons.org/licenses/by/4.0
+.. Copyright 2020 Orange. All rights reserved.
+
+.. _developer-guide-label:
+
+
+Current given templating functions
+==================================
+
+
+In order to have a consistent deployments of ONAP components, several templating
+functions are proposed in `kubernets/common/common/templates` folder.
+This file list them and gives examples for the most used.
+All these templating functions have a description in their own file, here we
+only give an overview.
+
+* conditional functions
+
+ +----------------------------------------------------+-----------------------+
+ | Function | File |
+ +----------------------------------------------------+-----------------------+
+ | `common.needPV` | `_storage.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.onServiceMesh` | `_serviceMesh.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.common.needTLS` | `_service.tpl` |
+ +----------------------------------------------------+-----------------------+
+
+* template generation functions
+
+ +----------------------------------------------------+-----------------------+
+ | Function | File |
+ +----------------------------------------------------+-----------------------+
+ | `common.masterPassword` | `_createPassword.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.createPassword` | `_createPassword.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.secret.genName` | `_secret.yaml` |
+ +----------------------------------------------------+-----------------------+
+ | `common.secret.getSecretName` | `_secret.yaml` |
+ +----------------------------------------------------+-----------------------+
+ | `common.secret.envFromSecret` | `_secret.yaml` |
+ +----------------------------------------------------+-----------------------+
+ | `common.secret` | `_secret.yaml` |
+ +----------------------------------------------------+-----------------------+
+ | `ingress.config.port` | `_ingress.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `ingress.config.annotations.ssl` | `_ingress.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `ingress.config.annotations` | `_ingress.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.ingress` | `_ingress.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.labels` | `_labels.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.matchLabels` | `_labels.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.resourceMetadata` | `_labels.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.templateMetadata` | `_labels.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.selectors` | `_labels.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.name` | `_name.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.fullname` | `_name.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.fullnameExplicit` | `_name.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.release` | `_name.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.chart` | `_name.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.namespace` | `_namespace.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.repository` | `_repository.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.repository.secret` | `_repository.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.flavor` | `_resources.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.resources` | `_resources.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.storageClass` | `_storage.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.replicaPV` | `_storage.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.servicename` | `_service.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.serviceMetadata` | `_service.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.servicePorts` | `_service.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.genericService` | `_service.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.service` | `_service.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.headlessService` | `_service.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.mariadb.secret.rootPassUID` | `_mariadb.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.mariadb.secret.rootPassSecretName` | `_mariadb.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.mariadb.secret.userCredentialsUID` | `_mariadb.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.mariadb.secret.userCredentialsSecretName` | `_mariadb.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.mariadbService` | `_mariadb.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.mariadbPort` | `_mariadb.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.mariadbSecret` | `_mariadb.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.mariadbSecretParam` | `_mariadb.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.postgres.secret.rootPassUID` | `_postgres.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.postgres.secret.rootPassSecretName` | `_postgres.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.postgres.secret.userCredentialsUID` | `_postgres.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.postgres.secret.userCredentialsSecretName` | `_postgres.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.postgres.secret.primaryPasswordUID` | `_postgres.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.postgres.secret.primaryPasswordSecretName` | `_postgres.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.tplValue` | `_tplValue.tpl` |
+ +----------------------------------------------------+-----------------------+
+
+
+Passwords
+---------
+
+These functions are defined in
+`kubernetes/common/common/templates/_createPassword.tpl`.
+
+* `common.masterPassword`: Resolve the master password to be used to derive
+ other passwords.
+* `common.createPassword`: Generate a new password based on masterPassword.
+
+Secrets
+-------
+
+These functions are defined in
+`kubernetes/common/common/templates/_secret.yaml`.
+
+* `common.secret.genName`: Generate a secret name based on provided name or UID.
+* `common.secret.getSecretName`: Get the real secret name by UID or name, based
+ on the configuration provided by user.
+* `common.secret.envFromSecret`: Convenience template which can be used to
+ easily set the value of environment variable to the value of a key in a
+ secret.
+* `common.secret`: Define secrets to be used by chart.
+
+The most widely use templates is the last (`common.secret`).
+It should be the only (except license part) line of your secret file:
+
+.. code-block:: yaml
+
+ {{ include "common.secret" . }}
+
+In order to have the right values set, you need to create the right
+configuration in `values.yaml` (example taken from mariadb configuration):
+
+.. code-block:: yaml
+
+ secrets:
+ - uid: 'db-root-password'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}'
+ password: '{{ .Values.config.dbRootPassword }}'
+ - uid: 'db-user-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.db.userName }}'
+ password: '{{ .Values.config.dbSdnctlPassword }}'
+
+Ingress
+-------
+
+These functions are defined in
+`kubernetes/common/common/templates/_ingress.tpl`.
+
+* `ingress.config.port`: generate the port path on an Ingress resource.
+* `ingress.config.annotations.ssl`: generate the ssl annotations of an Ingress
+ resource.
+* `ingress.config.annotations`: generate the annotations of an Ingress resource.
+* `common.ingress`: generate an Ingress resource (if needed).
+
+The most widely use templates is the last (`common.ingress`) .
+
+It should be the only (except license part) line of your ingress file:
+
+.. code-block:: yaml
+
+ {{ include "common.ingress" . }}
+
+In order to have the right values set, you need to create the right
+configuration in `values.yaml` (example taken from clamp configuration):
+
+.. code-block:: yaml
+
+ ingress:
+ enabled: false
+ service:
+ - baseaddr: "clamp"
+ name: "clamp"
+ port: 443
+ config:
+ ssl: "redirect"
+
+Labels
+------
+
+These functions are defined in `kubernetes/common/common/templates/_labels.tpl`.
+
+The goal of these functions is to always create the right labels for all the
+resource in a consistent way.
+
+* `common.labels`: generate the common labels for a resource
+* `common.matchLabels`: generate the labels to match (to be used in conjunction
+ with `common.labels` or `common.resourceMetadata`)
+* `common.resourceMetadata`: generate the "top" metadatas for a resource
+ (Deployment, StatefulSet, Service, ConfigMap, ...)
+* `common.templateMetadata`: generate the metadata put in the template part
+ (for example `spec.template.metadata` for a Deployment)
+* `common.selectors`: generate the right selectors for Service / Deployment /
+ StatefulSet, ... (to be used in conjunction with `common.labels` or
+ `common.resourceMetadata`)
+
+
+Here's an example of use of these functions in a Deployment template (example
+taken on nbi):
+
+.. code-block:: yaml
+
+ apiVersion: apps/v1
+ kind: Deployment
+ metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+ spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ ...
+
+Name
+----
+
+These functions are defined in `kubernetes/common/common/templates/_name.tpl`.
+
+The goal of these functions is to always name the resource the same way.
+
+* `common.name`: Generate the name for a chart.
+* `common.fullname`: Create a default fully qualified application name.
+* `common.fullnameExplicit`: The same as common.full name but based on passed
+ dictionary instead of trying to figure out chart name on its own.
+* `common.release`: Retrieve the "original" release from the component release.
+* `common.chart`: Generate the chart name
+
+Here's an example of use of these functions in a Deployment template (example
+taken on mariadb-galera):
+
+.. code-block:: yaml
+
+ apiVersion: apps/v1beta1
+ kind: StatefulSet
+ ...
+ spec:
+ serviceName: {{ .Values.service.name }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ ...
+ spec:
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+ {{ toYaml .Values.nodeSelector | indent 8 }}
+ {{- end }}
+ volumes:
+ {{- if .Values.externalConfig }}
+ - name: config
+ configMap:
+ name: {{ include "common.fullname" . }}-external-config
+ {{- end}}
+ ...
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ ...
+
+Namespace
+---------
+
+These functions are defined in
+`kubernetes/common/common/templates/_namespace.tpl`.
+
+The goal of these functions is to always retrieve the namespace the same way.
+
+* `common.namespace`: Generate the namespace for a chart. Shouldn't be used
+ directly but use `common.resourceMetadata` (which uses it).
+
+
+Repository
+----------
+
+These functions are defined in
+`kubernetes/common/common/templates/_repository.tpl`.
+
+The goal of these functions is to generate image name the same way.
+
+* `common.repository`: Resolve the name of the common image repository.
+* `common.repository.secret`: Resolve the image repository secret token.
+
+
+Resources
+---------
+
+These functions are defined in
+`kubernetes/common/common/templates/_resources.tpl`.
+
+The goal of these functions is to generate resources for pods the same way.
+
+* `common.flavor`: Resolve the name of the common resource limit/request flavor.
+ Shouldn't be used alone.
+* `common.resources`: Resolve the resource limit/request flavor using the
+ desired flavor value.
+
+
+Storage
+-------
+
+These functions are defined in
+`kubernetes/common/common/templates/_storage.tpl`.
+
+The goal of these functions is to generate storage part of Deployment /
+Statefulset and storage resource (PV, PVC, ...) in a consistent way.
+
+* `common.storageClass`: Expand the name of the storage class.
+* `common.needPV`: Calculate if we need a PV. If a storageClass is provided,
+ then we don't need.
+* `common.replicaPV`: Generate N PV for a statefulset
+
+
+Pod
+---
+
+These functions are defined in `kubernetes/common/common/templates/_pod.tpl`.
+
+* `common.containerPorts`: generate the port list for containers. See Service
+ part to know how to declare the port list.
+
+Here's an example of use of these functions in a Deployment template (example
+taken on nbi):
+
+.. code-block:: yaml
+
+ apiVersion: apps/v1
+ kind: Deployment
+ ...
+ spec:
+ ...
+ template:
+ ...
+ spec:
+ containers:
+ - name: {{ include "common.name" . }}
+ ports: {{- include "common.containerPorts" . | nindent 8 }
+
+
+Service
+-------
+
+These functions are defined in
+`kubernetes/common/common/templates/_service.tpl`.
+
+The goal of these functions is to generate services in a consistent way.
+
+* `common.servicename`: Expand the service name for a chart.
+* `common.serviceMetadata`: Define the metadata of Service. Shouldn't be used
+ directly but used through `common.service` or `common.headlessService`.
+* `common.servicePorts`: Define the ports of Service. Shouldn't be used directly
+ but used through `common.service` or `common.headlessService`.
+* `common.genericService`: Template for creating any Service. Shouldn't be used
+ directly but used through `common.service` or `common.headlessService`. May be
+ used if you want to create a Service with some specificities (on the ports for
+ example).
+* `common.needTLS`: Calculate if we need to use TLS ports on services
+* `common.service`: Create service template.
+* `common.headlessService`: Create headless service template
+
+
+The most widely used templates are the two last (`common.service` and
+`common.headlessService`).
+It should use with only one (except license part) line of your service (or
+service-headless) file:
+
+.. code-block:: yaml
+
+ {{ include "common.service" . }}
+
+In order to have the right values set, you need to create the right
+configuration in `values.yaml` (example taken from nbi configuration + other
+part):
+
+.. code-block:: yaml
+
+ service:
+ type: NodePort
+ name: nbi
+ annotations:
+ my: super-annotation
+ ports:
+ - name: api
+ port: 8443
+ plain_port: 8080
+ port_protocol: http
+ nodePort: 74
+ - name: tcp-raw
+ port: 8459
+ nodePort: 89
+
+
+would generate:
+
+.. code-block:: yaml
+
+ apiVersion: v1
+ kind: Service
+ metadata:
+ annotations:
+ my: super-annotation
+ name: nbi
+ namespace: default
+ labels:
+ app.kubernetes.io/name: nbi
+ helm.sh/chart: nbi-5.0.0
+ app.kubernetes.io/instance: release
+ app.kubernetes.io/managed-by: Tiller
+ spec:
+ ports:
+ - port: 8443
+ targetPort: api
+ name: https-api
+ nodePort: 30274
+ - port: 8459
+ targetPort: tcp-raw
+ name: tcp-raw
+ nodePort: 30289
+ type: NodePort
+ selector:
+ app.kubernetes.io/name: nbi
+ app.kubernetes.io/instance: release
+
+
+`plain_port` is used only if we mandate to use http (see ServiceMesh part).
+Today a port can be http or https but not both.
+headless configuration is equivalent (example taken from cassandra):
+
+.. code-block:: yaml
+
+ service:
+ name: cassandra
+ headless:
+ suffix: ""
+ annotations:
+ service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
+ publishNotReadyAddresses: true
+ headlessPorts:
+ - name: tcp-intra
+ port: 7000
+ - name: tls
+ port: 7001
+ - name: tcp-jmx
+ port: 7199
+ - name: tcp-cql
+ port: 9042
+ - name: tcp-thrift
+ port: 9160
+ - name: tcp-agent
+ port: 61621
+
+
+ServiceMesh
+-----------
+
+These functions are defined in
+`kubernetes/common/common/templates/_serviceMesh.tpl`.
+
+The goal of these functions is to handle onboarding of ONAP on service mesh.
+
+* `common.onServiceMesh`: Calculate if we if we are on service mesh
+
+
+
+MariaDB
+-------
+
+These functions are defined in
+`kubernetes/common/common/templates/_mariadb.tpl`.
+
+The goal of these functions is to simplify use of mariadb and its different
+values.
+
+* `common.mariadb.secret.rootPassUID`: UID of mariadb root password
+* `common.mariadb.secret.rootPassSecretName`: Name of mariadb root password
+ secret
+* `common.mariadb.secret.userCredentialsUID`: UID of mariadb user credentials
+* `common.mariadb.secret.userCredentialsSecretName`: Name of mariadb user
+ credentials secret
+* `common.mariadbService`: Choose the name of the mariadb service to use
+* `common.mariadbPort`: Choose the value of mariadb port to use
+* `common.mariadbSecret`: Choose the value of secret to retrieve user value
+* `common.mariadbSecretParam`: Choose the value of secret param to retrieve user
+ value
+
+PostgreSQL
+----------
+
+These functions are defined in
+`kubernetes/common/common/templates/_postgres.tpl`.
+
+The goal of these functions is to simplify use of postgres and its different
+values.
+
+* `common.postgres.secret.rootPassUID`: UID of postgres root password
+* `common.postgres.secret.rootPassSecretName`: Name of postgres root password
+ secret
+* `common.postgres.secret.userCredentialsUID`: UID of postgres user credentials
+* `common.postgres.secret.userCredentialsSecretName`: Name of postgres user
+ credentials secret
+* `common.postgres.secret.primaryPasswordUID`: UID of postgres primary password
+* `common.postgres.secret.primaryPasswordSecretName`: Name of postgres primary
+ credentials secret
+
+
+Utilities
+---------
+
+These functions are defined in
+`kubernetes/common/common/templates/_tplValue.tpl`.
+
+The goal of these functions is provide utility function, usually used in other
+templating functions.
+
+* `common.tplValue`: Renders a value that contains template.
--- /dev/null
+{{/*
+# Copyright © 2020 Amdocs, Bell Canada, highstreet technologies GmbH
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{/*
+ common templates to enable aaf configs for applictaions
+
+ Parameter for aafConfig to be defined in values.yaml
+ aafConfig: --> if a different key is used, call templates with argument (dict "aafRoot" "<yourkey>" "dot" .)
+ # additional scripts can be defined to handle certs
+ addconfig: true|false
+ fqdn: "sdnc"
+ image: onap/aaf/aaf_agent:2.1.15
+ app_ns: "org.osaaf.aaf"
+ fqi: "sdnc@sdnc.onap.org"
+ fqi_namespace: org.onap.sdnc
+ public_fqdn: "aaf.osaaf.org"
+ aafDeployFqi: "deployer@people.osaaf.org"
+ aafDeployPass: demo123456!
+ cadi_latitude: "38.0"
+ cadi_longitude: "-72.0"
+ persistence:
+ enabled: true
+ config.volumeReclaimPolicy: Delete
+ config.accessMode: ReadWriteMany
+ config.size: 40M
+ config.storageClass: "manual"
+ config.mountPath: "/dockerdata-nfs"
+ config.mountSubPath: "sdnc/aaf"
+ # secrets configuration, Note: create a secrets template
+ secrets:
+ - uid: aaf-deploy-creds
+ type: basicAuth
+ externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDiabled" .Values.global.aafEnabled }}'
+ login: '{{ .Values.aafConfig.aafDeployFqi }}'
+ password: '{{ .Values.aafConfig.aafDeployPass }}'
+ passwordPolicy: required
+
+ In deployments/jobs/stateful include:
+ initContainers:
+ {{ include "common.aaf-config" . | nindent XX}}
+
+ containers:
+ volumeMounts:
+ {{- if .Values.global.aafEnabled }}
+ - mountPath: "/opt/app/osaaf"
+ name: {{ include "common.fullname" . }}-aaf-config-vol
+ {{- end }}
+ volumes:
+ {{- include "common.aaf-config-volumes" . | nindent XX}}
+
+ If persistence.enabled = true
+ Create pvc:
+ {{ include "common.aaf-config-pvc" . }}
+ Create pv
+ {{ include "common.aaf-config-pv" . }}
+
+*/}}
+{{- define "common.aaf-config" -}}
+{{- $dot := default . .dot -}}
+{{- $aafRoot := default "aafConfig" .aafRoot -}}
+{{ if .Values.global.aafEnabled }}
+- name: {{ include "common.name" . }}-aaf-readiness
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /root/ready.py
+ args:
+ - --container-name
+ - aaf-locate
+ - --container-name
+ - aaf-cm
+ - --container-name
+ - aaf-service
+
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+- name: {{ include "common.name" . }}-aaf-config
+ image: {{ .Values.global.repository }}/{{index .Values $aafRoot "image" }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: "/opt/app/osaaf"
+ name: {{ include "common.fullname" . }}-aaf-config-vol
+ {{- if (index .Values $aafRoot "addconfig") }}
+ - name: aaf-add-config
+ mountPath: /opt/app/aaf_config/bin/aaf-add-config.sh
+ subPath: aaf-add-config.sh
+ {{- end }}
+ command:
+ - sh
+ - -c
+ - |
+ #!/usr/bin/env bash
+ /opt/app/aaf_config/bin/agent.sh
+ {{- if (index .Values $aafRoot "addconfig") }}
+ /opt/app/aaf_config/bin/aaf-add-config.sh
+ {{- end }}
+ env:
+ - name: APP_FQI
+ value: "{{ index .Values $aafRoot "fqi" }}"
+ - name: aaf_locate_url
+ value: "https://aaf-locate.{{ .Release.Namespace}}:8095"
+ - name: aaf_locator_container
+ value: "oom"
+ - name: aaf_locator_container_ns
+ value: "{{ .Release.Namespace }}"
+ - name: aaf_locator_fqdn
+ value: "{{ index .Values $aafRoot "fqdn" }}"
+ - name: aaf_locator_app_ns
+ value: "{{ index .Values $aafRoot "app_ns" }}"
+ - name: DEPLOY_FQI
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aaf-deploy-creds" "key" "login") | indent 6 }}
+ - name: DEPLOY_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aaf-deploy-creds" "key" "password") | indent 6 }}
+ #Note: want to put this on Nodes, evenutally
+ - name: cadi_longitude
+ value: "{{ default "52.3" (index .Values $aafRoot "cadi_longitude") }}"
+ - name: cadi_latitude
+ value: "{{ default "13.2" (index .Values $aafRoot "cadi_latitude") }}"
+ #Hello specific. Clients don't don't need this, unless Registering with AAF Locator
+ - name: aaf_locator_public_fqdn
+ value: "{{ (index .Values $aafRoot "public_fqdn") | default "" }}"
+{{- end -}}
+{{- end -}}
+
+
+{{- define "common.aaf-config-volume-mountpath" -}}
+{{ if .Values.global.aafEnabled }}
+- mountPath: "/opt/app/osaaf"
+ name: {{ include "common.fullname" . }}-aaf-config-vol
+{{- end -}}
+{{- end -}}
+
+{{- define "common.aaf-config-volumes" -}}
+{{ if .Values.global.aafEnabled }}
+{{- $dot := default . .dot -}}
+{{- $aafRoot := default "aafConfig" .aafRoot -}}
+- name: {{ include "common.fullname" . }}-aaf-config-vol
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}-aaf-config-pvc
+{{- if (index .Values $aafRoot "addconfig") }}
+- name: aaf-add-config
+ configMap:
+ name: {{ include "common.fullname" . }}-aaf-add-config
+ defaultMode: 0700
+{{- end }}
+{{- end -}}
+{{- end }}
+
+{{- define "common.aaf-config-pv" -}}
+{{- $dot := default . .dot -}}
+{{- $aafRoot := default "aafConfig" .aafRoot -}}
+metadata:
+ name: {{ include "common.fullname" . }}-aaf-config-pv
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}-aaf-config-pv
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+ name: {{ include "common.fullname" . }}
+spec:
+ capacity:
+ storage: {{ index .Values $aafRoot "persistence" "config" "size"}}
+ accessModes:
+ - {{ index .Values $aafRoot "persistence" "config" "accessMode" }}
+ persistentVolumeReclaimPolicy: {{ index .Values $aafRoot "persistence" "config" "volumeReclaimPolicy" }}
+ hostPath:
+ path: {{ index .Values $aafRoot "persistence" "config" "mountPath" }}/{{ .Release.Name }}/{{ index .Values $aafRoot "persistence" "config" "mountSubPath" }}
+{{- if (index .Values $aafRoot "persistence" "config" "storageClass") }}
+{{- if (eq "-" (index .Values $aafRoot "persistence" "config" "storageClass")) }}
+ storageClassName: ""
+{{- else }}
+ storageClassName: "{{ index .Values $aafRoot "persistence" "config" "storageClass" }}"
+{{- end }}
+{{- end }}
+{{- end -}}
+
+{{- define "common.aaf-config-pvc" -}}
+{{- $dot := default . .dot -}}
+{{- $aafRoot := default "aafConfig" .aafRoot -}}
+metadata:
+ name: {{ include "common.fullname" . }}-aaf-config-pvc
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+{{- if (index .Values $aafRoot "persistence" "annotations") }}
+ annotations:
+{{ toYaml (index .Values $aafRoot "persistence" "annotations" ) | indent 4 }}
+{{- end }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}-aaf-config-pv
+ accessModes:
+ - {{ index .Values $aafRoot "persistence" "config" "accessMode" }}
+ resources:
+ requests:
+ storage: {{ index .Values $aafRoot "persistence" "config" "size" }}
+{{- if (index .Values $aafRoot "persistence" "config" "storageClass") }}
+{{- if (eq "-" (index .Values $aafRoot "persistence" "config" "storageClass")) }}
+ storageClassName: ""
+{{- else }}
+ storageClassName: "{{ index .Values $aafRoot "persistence" "config" "storageClass" }}"
+{{- end }}
+{{- end }}
+{{- end -}}
{{/*
Common labels
+The function takes several arguments (inside a dictionary):
+ - .dot : environment (.)
+ - .labels : labels to add (dict)
*/}}
{{- define "common.labels" -}}
-app.kubernetes.io/name: {{ include "common.name" . }}
-helm.sh/chart: {{ include "common.chart" . }}
-app.kubernetes.io/instance: {{ include "common.release" . }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- $dot := default . .dot -}}
+app.kubernetes.io/name: {{ include "common.name" $dot }}
+helm.sh/chart: {{ include "common.chart" $dot }}
+app.kubernetes.io/instance: {{ include "common.release" $dot }}
+app.kubernetes.io/managed-by: {{ $dot.Release.Service }}
+{{ if .labels }}
+{{- include "common.tplValue" (dict "value" .labels "context" $dot) }}
+{{- end -}}
{{- end -}}
{{/*
Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector
+The function takes several arguments (inside a dictionary):
+ - .dot : environment (.)
+ - .matchLabels: selectors/matchlLabels to add (dict)
*/}}
{{- define "common.matchLabels" -}}
-app.kubernetes.io/name: {{ include "common.name" . }}
-app.kubernetes.io/instance: {{ include "common.release" . }}
+{{- $dot := default . .dot -}}
+{{- if not .matchLabels.nameNoMatch -}}
+app.kubernetes.io/name: {{ include "common.name" $dot }}
+{{- end }}
+app.kubernetes.io/instance: {{ include "common.release" $dot }}
+{{ if .matchLabels }}
+{{$_ := unset .matchLabels "nameNoMatch"}}
+{{- include "common.tplValue" (dict "value" .matchLabels "context" $dot) }}
+{{- end -}}
{{- end -}}
{{/*
Generate "top" metadata for Deployment / StatefulSet / ...
+ The function takes several arguments (inside a dictionary):
+ - .dot : environment (.)
+ - .labels: labels to add (dict)
+ - .suffix: suffix to name
+
*/}}
{{- define "common.resourceMetadata" -}}
-name: {{ include "common.fullname" . }}
-namespace: {{ include "common.namespace" . }}
-labels: {{- include "common.labels" . | nindent 2 }}
+{{- $dot := default . .dot -}}
+{{- $suffix := default "" .suffix -}}
+{{- $labels := default (dict) .labels -}}
+{{- $annotations := default (dict) .annotations -}}
+name: {{ include "common.fullname" (dict "suffix" $suffix "dot" $dot )}}
+namespace: {{ include "common.namespace" $dot }}
+labels: {{- include "common.labels" (dict "labels" $labels "dot" $dot ) | nindent 2 }}
+{{- if $annotations }}
+annotations: {{- include "common.tplValue" (dict "value" $annotations "context" $dot) | nindent 2}}
+{{- end -}}
{{- end -}}
{{/*
Generate selectors for Deployment / StatefulSet / ...
+ The function takes several arguments (inside a dictionary):
+ - .dot : environment (.)
+ - .matchLabels: labels to add (dict)
*/}}
{{- define "common.selectors" -}}
-matchLabels: {{- include "common.matchLabels" . | nindent 2 }}
+{{- $dot := default . .dot -}}
+{{- $matchLabels := default (dict) .matchLabels -}}
+matchLabels: {{- include "common.matchLabels" (dict "matchLabels" $matchLabels "dot" $dot) | nindent 2 }}
{{- end -}}
{{/*
Generate "template" metadata for Deployment / StatefulSet / ...
+ The function takes several arguments (inside a dictionary)
+ - .dot : environment (.)
+ - .labels: labels to add (dict)
*/}}
{{- define "common.templateMetadata" -}}
-{{- if .Values.podAnnotations }}
-annotations: {{- include "common.tplValue" (dict "value" .Values.podAnnotations "context" $) | nindent 2 }}
+{{- $dot := default . .dot -}}
+{{- $labels := default (dict) .labels -}}
+{{- if $dot.Values.podAnnotations }}
+annotations: {{- include "common.tplValue" (dict "value" $dot.Values.podAnnotations "context" $) | nindent 2 }}
{{- end }}
-labels: {{- include "common.labels" . | nindent 2 }}
-name: {{ include "common.name" . }}
+labels: {{- include "common.labels" (dict "labels" $labels "dot" $dot) | nindent 2 }}
+name: {{ include "common.name" $dot }}
{{- end -}}
{{/*
Expand the name of a chart.
+ The function takes from one to two arguments (inside a dictionary):
+ - .dot : environment (.)
+ - .suffix : add a suffix to the name
*/}}
{{- define "common.name" -}}
- {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+ {{- $dot := default . .dot -}}
+ {{- $suffix := .suffix -}}
+ {{- default $dot.Chart.Name $dot.Values.nameOverride | trunc 63 | trimSuffix "-" -}}{{ if $suffix }}{{ print "-" $suffix }}{{ end }}
{{- end -}}
{{/*
{{- define "common.fullnameExplicit" -}}
{{- $dot := .dot }}
{{- $name := .chartName }}
- {{- printf "%s-%s" (include "common.release" $dot) $name | trunc 63 | trimSuffix "-" -}}
+ {{- $suffix := default "" .suffix -}}
+ {{- printf "%s-%s-%s" (include "common.release" $dot) $name $suffix | trunc 63 | trimSuffix "-" | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified application name.
Truncated at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+ Usage:
+ include "common.fullname" .
+ include "common.fullname" (dict "suffix" "mySuffix" "dot" .)
+ The function takes from one to two arguments:
+ - .dot : environment (.)
+ - .suffix : add a suffix to the fullname
*/}}
{{- define "common.fullname" -}}
- {{- $name := default .Chart.Name .Values.nameOverride -}}
- {{- include "common.fullnameExplicit" (dict "dot" . "chartName" $name) }}
+{{- $dot := default . .dot -}}
+{{- $suffix := default "" .suffix -}}
+ {{- $name := default $dot.Chart.Name $dot.Values.nameOverride -}}
+ {{- include "common.fullnameExplicit" (dict "dot" $dot "chartName" $name "suffix" $suffix) }}
{{- end -}}
{{/*
Will use first ".Values.service.ports" list.
Will append ports from ".Values.service.headlessPorts" only if port number is
not already in port list.
+ Will add tls port AND plain port if both_tls_and_plain is set to true
*/}}
{{- define "common.containerPorts" -}}
{{- $ports := default (list) .Values.service.ports }}
{{- $portsNumber := list }}
+{{- $both_tls_and_plain:= default false .Values.service.both_tls_and_plain }}
{{- range $index, $port := $ports }}
{{- $portsNumber = append $portsNumber $port.port }}
{{- end }}
{{- $ports = append $ports $port }}
{{- end }}
{{- end }}
+{{- $global := . }}
{{- range $index, $port := $ports }}
+{{- if (include "common.needTLS" $global) }}
- containerPort: {{ $port.port }}
+{{- else }}
+- containerPort: {{ default $port.port $port.plain_port }}
+{{- end }}
name: {{ $port.name }}
+{{- if (and $port.plain_port (and (include "common.needTLS" $global) $both_tls_and_plain)) }}
+- containerPort: {{ $port.plain_port }}
+ name: {{ $port.name }}-plain
+{{- end }}
{{- end }}
{{- end -}}
The template takes two arguments:
- .global: environment (.)
- .name: name of the secret
+ - .annotations: annotations which should be used
Example call:
{{ include "common.secret._header" (dict "global" . "name" "myFancyName") }}
chart: {{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}
release: {{ include "common.release" $global }}
heritage: {{ $global.Release.Service }}
+{{- if .annotations }}
+ annotations: {{- include "common.tplValue" (dict "value" .annotations "context" $global) | nindent 4 }}
+{{- end }}
type: Opaque
{{- end -}}
{{- end }}
{{- end -}}
+{{/*
+ For internal use only!
+
+ Pick a value based on "user input" and generation policy.
+
+ The template takes below arguments:
+ - .global: environment (.)
+ - .secretName: name of the secret where the value will be placed
+ - .secretEnv: map of values which configures this secret. This can contain below keys:
+ - value: Value of secret key provided by user (can be a template inside a string)
+ - policy: What to do if value is missing or empty. Possible options are:
+ - generate: Generate a new password deriving it from master password
+ - required: Fail the deployment if value has not been provided
+ Defaults to generate.
+ - name: Name of the key to which this value should be assigned
+*/}}
+{{- define "common.secret._valueFast" -}}
+ {{- $global := .global }}
+ {{- $name := .secretName }}
+ {{- $secretEnv := .secretEnv }}
+ {{- $value := $secretEnv.value }}
+ {{- $policy := default "generate" $secretEnv.policy }}
+
+ {{- if $value }}
+ {{- $value | quote }}
+ {{- else if eq $policy "generate" }}
+ {{- include "common.createPassword" (dict "dot" $global "uid" $name) | quote }}
+ {{- else }}
+ {{- fail (printf "Value for %s secret %s key not provided" $name $secretEnv.name) }}
+ {{- end }}
+{{- end -}}
+
{{/*
Generate a secret name based on provided name or UID.
{{- default (printf "%s-%s" $fullname $uid) $name }}
{{- end -}}
+{{- define "common.secret.genNameFast" -}}
+ {{- $global := .global }}
+ {{- $uid := (default "" .uid) }}
+ {{- $name := (default "" .name) }}
+ {{- $fullname := ne (default "" .chartName) "" | ternary (include "common.fullnameExplicit" (dict "dot" $global "chartName" .chartName)) (include "common.fullname" $global) }}
+ {{- default (printf "%s-%s" $fullname $uid) $name }}
+{{- end -}}
+
{{/*
Get the real secret name by UID or name, based on the configuration provided by user.
User may decide to not create a new secret but reuse existing one for this deployment
{{- $uid := tpl (default "" .uid) $global }}
{{- $targetName := default (include "common.secret.genName" (dict "global" $global "uid" $uid "name" .name)) $name}}
{{- range $secret := $global.Values.secrets }}
- {{- $givenName := tpl (default "" $secret.name) $global }}
{{- $currUID := tpl (default "" $secret.uid) $global }}
+ {{- $givenName := tpl (default "" $secret.name) $global }}
{{- $currName := default (include "common.secret.genName" (dict "global" $global "uid" $currUID "name" $secret.name)) $givenName }}
{{- if or (eq $uid $currUID) (eq $currName $targetName) }}
{{- $externalSecret := tpl (default "" $secret.externalSecret) $global }}
{{- end }}
{{- end -}}
+{{- define "common.secret.getSecretNameFast" -}}
+ {{- $global := .global }}
+ {{- include "common.secret.buildCache" $global }}
+ {{- $secretsCache := $global.Values._secretsCache }}
+ {{- $uid := tpl .uid $global }}
+ {{- $secret := index $secretsCache $uid }}
+ {{- $secret.realName }}
+{{- end -}}
+
+{{- define "common.secret.buildCache" -}}
+ {{- $global := . }}
+ {{- if not $global.Values._secretsCache }}
+ {{- $secretCache := dict }}
+ {{- range $secret := .Values.secrets }}
+ {{- $entry := dict }}
+ {{- $uid := tpl (default "" $secret.uid) $global }}
+ {{- $keys := keys $secret }}
+ {{- range $key := (without $keys "annotations" "filePaths" )}}
+ {{- $_ := set $entry $key (tpl (index $secret $key) $global) }}
+ {{- end }}
+ {{- if $secret.annotations }}
+ {{- $_ := set $entry "annotations" $secret.annotations }}
+ {{- end }}
+ {{- if $secret.filePaths }}
+ {{- $_ := set $entry "filePaths" $secret.filePaths }}
+ {{- end }}
+ {{- $realName := default (include "common.secret.genNameFast" (dict "global" $global "uid" $uid "name" $entry.name) ) $entry.externalSecret }}
+ {{- $_ := set $entry "realName" $realName }}
+ {{- $_ := set $secretCache $uid $entry }}
+ {{- end }}
+ {{- $_ := set $global.Values "_secretsCache" $secretCache }}
+ {{- end }}
+{{- end -}}
+
{{/*
Convenience template which can be used to easily set the value of environment variable
to the value of a key in a secret.
key: {{ $key }}
{{- end -}}
+{{- define "common.secret.envFromSecretFast" -}}
+ {{- $key := .key }}
+valueFrom:
+ secretKeyRef:
+ name: {{ include "common.secret.getSecretNameFast" . }}
+ key: {{ $key }}
+{{- end -}}
+
{{/*
Define secrets to be used by chart.
Every secret has a type which is one of:
- name:
Overrides default secret name generation and allows to set immutable
and globaly unique name
+ - annotations:
+ List of annotations to be used while defining a secret
To allow sharing a secret between the components and allow to pre-deploy secrets
before ONAP deployment it is possible to use already existing secret instead of
{{- range $secret := .Values.secrets }}
{{- $uid := tpl (default "" $secret.uid) $global }}
{{- $name := include "common.secret.genName" (dict "global" $global "uid" $uid "name" $secret.name) }}
+ {{- $annotations := default "" $secret.annotations }}
{{- $type := default "generic" $secret.type }}
{{- $externalSecret := tpl (default "" $secret.externalSecret) $global }}
{{- if not $externalSecret }}
---
- {{ include "common.secret._header" (dict "global" $global "name" $name) }}
+ {{ include "common.secret._header" (dict "global" $global "name" $name "annotations" $annotations) }}
{{- if eq $type "generic" }}
data:
{{- end }}
{{- end }}
{{- end -}}
+
+{{/*
+ Define secrets to be used by chart.
+ Every secret has a type which is one of:
+ - generic:
+ Generic secret template that allows to input some raw data (from files).
+ File Input can be passed as list of files (filePaths) or as a single string
+ (filePath)
+ - genericKV:
+ Type of secret which allows you to define a list of key value pairs.
+ The list is assiged to envs value. Every item may define below items:
+ - name:
+ Identifier of this value within secret
+ - value:
+ String that defines a value associated with given key.
+ This can be a simple string or a template.
+ - policy:
+ Defines what to do if value is not provided by the user.
+ Available options are:
+ - generate:
+ Generate a value by derriving it from master password
+ - required:
+ Fail the deployment
+ - password:
+ Type of secret that holds only the password.
+ Only two items can be defined for this type:
+ - password:
+ Equivalent of value field from genericKV
+ - policy:
+ The same meaning as for genericKV policy field
+ - basicAuth:
+ Type of secret that holds both username and password.
+ Below fields are available:
+ - login:
+ The value for login key.
+ This can be a simple string or a template.
+ Providing a value for login is always required.
+ - password:
+ The value for password key.
+ This can be a simple string or a template.
+ - passwordPolicy:
+ The same meaning as the policy field in genericKV.
+ Only the policy for password can be set.
+
+ Every secret can be identified using:
+ - uid:
+ A string to be appended to the chart fullname to generate a secret name.
+ - name:
+ Overrides default secret name generation and allows to set immutable
+ and globaly unique name
+ - annotations:
+ List of annotations to be used while defining a secret
+
+ To allow sharing a secret between the components and allow to pre-deploy secrets
+ before ONAP deployment it is possible to use already existing secret instead of
+ creating a new one. For this purpose externalSecret field can be used. If value of
+ this field is evaluated to true no new secret is created, only the name of the
+ secret is aliased to the external one.
+
+ Example usage:
+ secrets.yaml:
+ {{ include "common.secretFast" . }}
+
+ values.yaml:
+ mysqlLogin: "root"
+
+ mysqlExternalSecret: "some-other-secret-name"
+
+ secrets:
+ - uid: "mysql"
+ externalSecret: '{{ tpl .Values.passExternalSecret . }}'
+ type: basicAuth
+ login: '{{ .Values.mysqlLogin }}'
+ mysqlPassword: '{{ .Values.mysqlPassword }}'
+ passwordPolicy: generate
+
+ In the above example new secret is not going to be created.
+ Already existing one (some-other-secret-name) is going to be used.
+ To force creating a new one, just make sure that mysqlExternalSecret
+ is not set.
+
+*/}}
+{{- define "common.secretFast" -}}
+ {{- $global := . }}
+ {{- include "common.secret.buildCache" $global }}
+ {{- range $secret := .Values._secretsCache }}
+ {{- $uid := $secret.uid }}
+ {{- $externalSecret := $secret.externalSecret }}
+ {{- if not $externalSecret }}
+ {{- $name := $secret.realName }}
+ {{- $annotations := default "" $secret.annotations }}
+ {{- $type := default "generic" $secret.type }}
+---
+ {{ include "common.secret._header" (dict "global" $global "name" $name "annotations" $annotations) }}
+
+ {{- if eq $type "generic" }}
+data:
+ {{- range $curFilePath := $secret.filePaths }}
+ {{ tpl ($global.Files.Glob $curFilePath).AsSecrets $global | indent 2 }}
+ {{- end }}
+ {{- if $secret.filePath }}
+ {{ tpl ($global.Files.Glob $secret.filePath).AsSecrets $global | indent 2 }}
+ {{- end }}
+ {{- else if eq $type "genericKV" }}
+stringData:
+ {{- if $secret.envs }}
+ {{- range $secretEnv := $secret.envs }}
+ {{- $valueDesc := (dict "global" $global "secretName" $name "secretEnv" $secretEnv) }}
+ {{ $secretEnv.name }}: {{ include "common.secret._valueFast" $valueDesc }}
+ {{- end }}
+ {{- end }}
+ {{- else if eq $type "password" }}
+ {{- $secretEnv := (dict "policy" (default "generate" $secret.policy) "name" "password" "value" $secret.password) }}
+ {{- $valueDesc := (dict "global" $global "secretName" $name "secretEnv" $secretEnv) }}
+stringData:
+ password: {{ include "common.secret._valueFast" $valueDesc }}
+ {{- else if eq $type "basicAuth" }}
+stringData:
+ {{- $secretEnv := (dict "policy" "required" "name" "login" "value" $secret.login) }}
+ {{- $valueDesc := (dict "global" $global "secretName" $name "secretEnv" $secretEnv) }}
+ login: {{ include "common.secret._valueFast" $valueDesc }}
+ {{- $secretEnv := (dict "policy" (default "generate" $secret.passwordPolicy) "name" "password" "value" $secret.password) }}
+ {{- $valueDesc := (dict "global" $global "secretName" $name "secretEnv" $secretEnv) }}
+ password: {{ include "common.secret._valueFast" $valueDesc }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+{{- end -}}
{{- end -}}
{{/* Define the metadata of Service
- The function takes from one to three arguments (inside a dictionary):
+ The function takes from one to four arguments (inside a dictionary):
- .dot : environment (.)
- .suffix : a string which will be added at the end of the name (with a '-').
- .annotations: the annotations to add
+ - .msb_informations: msb information in order to create msb annotation
+ - .labels : labels to add
Usage example:
{{ include "common.serviceMetadata" ( dict "suffix" "myService" "dot" .) }}
{{ include "common.serviceMetadata" ( dict "annotations" .Values.service.annotation "dot" .) }}
{{- $dot := default . .dot -}}
{{- $suffix := default "" .suffix -}}
{{- $annotations := default "" .annotations -}}
-{{- if $annotations -}}
-annotations: {{- include "common.tplValue" (dict "value" $annotations "context" $dot) | nindent 2 }}
+ {{- $msb_informations := default "" .msb_informations -}}
+ {{- $labels := default (dict) .labels -}}
+{{- if or $annotations $msb_informations -}}
+annotations:
+{{- if $annotations }}
+{{ include "common.tplValue" (dict "value" $annotations "context" $dot) | indent 2 }}
+{{- end }}
+{{- if $msb_informations }}
+ msb.onap.org/service-info: '[
+ {
+ "serviceName": "{{ include "common.servicename" $dot }}",
+ "version": "{{ default "v1" $msb_informations.version }}",
+ "url": "{{ default "/" $msb_informations.url }}",
+ "protocol": "{{ default "REST" $msb_informations.protocol }}",
+ "port": "{{ $msb_informations.port }}",
+ "visualRange":"{{ default "1" $msb_informations.visualRange }}"
+ }
+ ]'
+{{- end}}
{{- end }}
name: {{ include "common.servicename" $dot }}{{ if $suffix }}{{ print "-" $suffix }}{{ end }}
namespace: {{ include "common.namespace" $dot }}
-labels: {{- include "common.labels" $dot | nindent 2 -}}
+labels: {{- include "common.labels" (dict "labels" $labels "dot" $dot) | nindent 2 -}}
{{- end -}}
{{/* Define the ports of Service
The function takes three arguments (inside a dictionary):
- .dot : environment (.)
- .ports : an array of ports
- - .portType: the type of the service
- - .prefix: NodePort prefix to be used
-
+ - .serviceType: the type of the service
+ - .add_plain_port: add tls port AND plain port
*/}}
{{- define "common.servicePorts" -}}
-{{- $portType := .portType -}}
-{{- $dot := .dot -}}
-{{- range $index, $port := .ports }}
-{{- $portPrefix := default "nodePortPrefix" $port.prefix }}
+{{- $serviceType := .serviceType }}
+{{- $dot := .dot }}
+{{- $add_plain_port := default false .add_plain_port }}
+{{- range $index, $port := .ports }}
+{{- if (include "common.needTLS" $dot) }}
- port: {{ $port.port }}
targetPort: {{ $port.name }}
- {{- if (eq $portType "NodePort") }}
- nodePort: {{ index $dot.Values "global" $portPrefix | default (index $dot.Values $portPrefix) }}{{ $port.nodePort }}
- {{- end }}
+{{- if $port.port_protocol }}
+ name: {{ printf "%ss-%s" $port.port_protocol $port.name }}
+{{- else }}
name: {{ $port.name }}
-{{- end -}}
+{{- end }}
+{{- if (eq $serviceType "NodePort") }}
+ nodePort: {{ $dot.Values.global.nodePortPrefix | default $dot.Values.nodePortPrefix }}{{ $port.nodePort }}
+{{- end }}
+{{- else }}
+- port: {{ default $port.port $port.plain_port }}
+ targetPort: {{ $port.name }}
+{{- if $port.port_protocol }}
+ name: {{ printf "%s-%s" $port.port_protocol $port.name }}
+{{- else }}
+ name: {{ $port.name }}
+{{- end }}
+{{- end }}
+{{- if (and (and (include "common.needTLS" $dot) $add_plain_port) $port.plain_port) }}
+{{- if (eq $serviceType "ClusterIP") }}
+- port: {{ $port.plain_port }}
+ targetPort: {{ $port.name }}-plain
+{{- if $port.port_protocol }}
+ name: {{ printf "%s-%s" $port.port_protocol $port.name }}
+{{- else }}
+ name: {{ $port.name }}-plain
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
{{- end -}}
{{/* Create generic service template
The function takes several arguments (inside a dictionary):
- .dot : environment (.)
- .ports : an array of ports
- - .portType: the type of the service
+ - .serviceType: the type of the service
- .suffix : a string which will be added at the end of the name (with a '-')
- .annotations: the annotations to add
+ - .msb_informations: msb information in order to create msb annotation
- .publishNotReadyAddresses: if we publish not ready address
- .headless: if the service is headless
+ - .add_plain_port: add tls port AND plain port
+ - .labels : labels to add (dict)
+ - .matchLabels: selectors/machLabels to add (dict)
+ - .sessionAffinity: ClientIP - enables sticky sessions based on client IP, default: None
*/}}
{{- define "common.genericService" -}}
{{- $dot := default . .dot -}}
{{- $suffix := default "" .suffix -}}
{{- $annotations := default "" .annotations -}}
+{{- $msb_informations := default "" .msb_informations -}}
{{- $publishNotReadyAddresses := default false .publishNotReadyAddresses -}}
-{{- $portType := .portType -}}
+{{- $serviceType := .serviceType -}}
{{- $ports := .ports -}}
{{- $headless := default false .headless -}}
+{{- $add_plain_port := default false .add_plain_port }}
+{{- $labels := default (dict) .labels -}}
+{{- $matchLabels := default (dict) .matchLabels -}}
+{{- $sessionAffinity := default "None" $dot.Values.service.sessionAffinity -}}
apiVersion: v1
kind: Service
-metadata: {{ include "common.serviceMetadata" (dict "suffix" $suffix "annotations" $annotations "dot" $dot ) | nindent 2 }}
+metadata: {{ include "common.serviceMetadata" (dict "suffix" $suffix "annotations" $annotations "msb_informations" $msb_informations "labels" $labels "dot" $dot) | nindent 2 }}
spec:
{{- if $headless }}
clusterIP: None
{{- end }}
- ports: {{- include "common.servicePorts" (dict "portType" $portType "ports" $ports "dot" $dot) | nindent 4 }}
+ ports: {{- include "common.servicePorts" (dict "serviceType" $serviceType "ports" $ports "dot" $dot "add_plain_port" $add_plain_port) | nindent 4 }}
{{- if $publishNotReadyAddresses }}
publishNotReadyAddresses: true
{{- end }}
- type: {{ $portType }}
- selector: {{- include "common.matchLabels" $dot | nindent 4 }}
+ type: {{ $serviceType }}
+ selector: {{- include "common.matchLabels" (dict "matchLabels" $matchLabels "dot" $dot) | nindent 4 }}
+ sessionAffinity: {{ $sessionAffinity }}
{{- end -}}
-{{/* Create service template */}}
+{{/*
+ Create service template
+ Will create one or two service templates according to this table:
+
+ | serviceType | both_tls_and_plain | result |
+ |---------------|--------------------|--------------|
+ | ClusterIP | any | one Service |
+ | Not ClusterIP | not present | one Service |
+ | Not ClusterIP | false | one Service |
+ | Not ClusterIP | true | two Services |
+
+ If two services are created, one is ClusterIP with both crypted and plain
+ ports and the other one is NodePort (or LoadBalancer) with crypted port only.
+*/}}
{{- define "common.service" -}}
-{{- $suffix := default "" .Values.service.suffix -}}
-{{- $annotations := default "" .Values.service.annotations -}}
-{{- $publishNotReadyAddresses := default false .Values.service.publishNotReadyAddresses -}}
-{{- $portType := .Values.service.type -}}
-{{- $ports := .Values.service.ports -}}
-{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "portType" $portType) }}
+{{- $dot := default . .dot -}}
+{{- $suffix := default "" $dot.Values.service.suffix -}}
+{{- $annotations := default "" $dot.Values.service.annotations -}}
+{{- $publishNotReadyAddresses := default false $dot.Values.service.publishNotReadyAddresses -}}
+{{- $msb_informations := default "" $dot.Values.service.msb -}}
+{{- $serviceType := $dot.Values.service.type -}}
+{{- $ports := $dot.Values.service.ports -}}
+{{- $both_tls_and_plain:= default false $dot.Values.service.both_tls_and_plain }}
+{{- $labels := default (dict) .labels -}}
+{{- $matchLabels := default (dict) .matchLabels -}}
+
+{{- if (and (include "common.needTLS" .) $both_tls_and_plain) }}
+{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "msb_informations" $msb_informations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" "ClusterIP" "add_plain_port" true $labels "matchLabels" $matchLabels) }}
+{{- if (ne $serviceType "ClusterIP") }}
+---
+{{- if $suffix }}
+{{- $suffix = printf "%s-external" $suffix }}
+{{- else }}
+{{- $suffix = "external" }}
+{{- end }}
+{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" $serviceType $labels "matchLabels" $matchLabels) }}
+{{- end }}
+{{- else }}
+{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" $serviceType $labels "matchLabels" $matchLabels) }}
+{{- end }}
{{- end -}}
{{/* Create headless service template */}}
{{- define "common.headlessService" -}}
-{{- $suffix := include "common._makeHeadlessSuffix" . -}}
-{{- $annotations := default "" .Values.service.headless.annotations -}}
-{{- $publishNotReadyAddresses := default false .Values.service.headless.publishNotReadyAddresses -}}
-{{- $ports := .Values.service.headlessPorts -}}
-{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "portType" "ClusterIP" "headless" true ) }}
+{{- $dot := default . .dot -}}
+{{- $suffix := include "common._makeHeadlessSuffix" $dot -}}
+{{- $annotations := default "" $dot.Values.service.headless.annotations -}}
+{{- $publishNotReadyAddresses := default false $dot.Values.service.headless.publishNotReadyAddresses -}}
+{{- $ports := $dot.Values.service.headlessPorts -}}
+{{- $labels := default (dict) .labels -}}
+{{- $matchLabels := default (dict) .matchLabels -}}
+{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" $dot "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" "ClusterIP" "headless" true "labels" $labels "matchLabels" $matchLabels) }}
{{- end -}}
{{/*
{{- print "headless" }}
{{- end }}
{{- end -}}
+
+{{/*
+ Calculate if we need to use TLS ports.
+ We use TLS by default unless we're on service mesh with TLS.
+ We can also override this behavior with override toggles:
+ - .Values.global.tlsEnabled : override default TLS behavior for all charts
+ - .Values.tlsOverride : override global and default TLS on a per chart basis
+
+ this will give these combinations:
+ | tlsOverride | global.tlsEnabled | global.serviceMesh.enabled | global.serviceMesh.tls | result |
+ |-------------|-------------------|----------------------------|------------------------|--------|
+ | not present | not present | not present | any | true |
+ | not present | not present | false | any | true |
+ | not present | not present | true | false | true |
+ | not present | not present | true | true | false |
+ | not present | true | any | any | true |
+ | not present | false | any | any | false |
+ | true | any | any | any | true |
+ | false | any | any | any | false |
+
+*/}}
+{{- define "common.needTLS" -}}
+{{- if hasKey .Values "tlsOverride" }}
+{{- if .Values.tlsOverride -}}
+true
+{{- end }}
+{{- else }}
+{{- if hasKey .Values.global "tlsEnabled" }}
+{{- if .Values.global.tlsEnabled }}
+true
+{{- end }}
+{{- else }}
+{{- if not (include "common.onServiceMesh" .) -}}
+true
+{{- else }}
+{{- if not (default false .Values.global.serviceMesh.tls) -}}
+true
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end -}}
--- /dev/null
+{{/*
+# Copyright © 2020 Amdocs, Bell Canada, Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+
+{/*
+ Calculate if we are on service mesh.
+*/}}
+{{- define "common.onServiceMesh" -}}
+{{- if .Values.global.serviceMesh -}}
+{{- if (default false .Values.global.serviceMesh.enabled) -}}
+true
+{{- end -}}
+{{- end -}}
+{{- end -}}
# limitations under the License.
*/}}
+{{/*
+ Give the root folder for ONAP when using host pathes
+*/}}
+{{- define "common.persistencePath" -}}
+{{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }}
+{{- end -}}
+
{{/*
Expand the name of the storage class.
The value "common.fullname"-data is used by default,
{{- end -}}
{{- end -}}
+{{/*
+ Generate a PV
+*/}}
+{{- define "common.PV" -}}
+{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
+{{- if (include "common.needPV" .) -}}
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+ name: {{ include "common.fullname" . }}-data
+ namespace: {{ include "common.namespace" . }}
+ labels: {{- include "common.labels" . | nindent 4 }}
+spec:
+ capacity:
+ storage: {{ .Values.persistence.size }}
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ storageClassName: "{{ include "common.fullname" . }}-data"
+ persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
+ hostPath:
+ path: {{ include "common.persistencePath" . }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
{{/*
Generate N PV for a statefulset
*/}}
persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }}
storageClassName: "{{ include "common.fullname" $global }}-data"
hostPath:
- path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.mountSubPath }}-{{$i}}
+ path: {{ include "common.persistencePath" $global }}-{{$i}}
+{{- end -}}
+{{- end -}}
{{- end -}}
{{- end -}}
+
+{{/*
+ Generate a PVC
+*/}}
+{{- define "common.PVC" -}}
+{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+{{- if .Values.persistence.annotations }}
+ annotations:
+{{ toYaml .Values.persistence.annotations | indent 4 }}
+{{- end }}
+spec:
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ storageClassName: {{ include "common.storageClass" . }}
+ resources:
+ requests:
+ storage: {{ .Values.persistence.size }}
{{- end -}}
{{- end -}}
+{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
+{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: extensions/v1beta1
kind: Deployment
- "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
env:
- name: DB_USER
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- name: DB_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
- name: HTTP_USER
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "http-user-creds" "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "http-user-creds" "key" "login") | indent 10 }}
- name: HTTP_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "http-user-creds" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "http-user-creds" "key" "password") | indent 10 }}
- name: HTTP_ADMIN_USER
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "admin-creds" "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "admin-creds" "key" "login") | indent 10 }}
- name: HTTP_ADMIN_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "admin-creds" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "admin-creds" "key" "password") | indent 10 }}
- name: HTTP_NODE_USER
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "node-creds" "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "node-creds" "key" "login") | indent 10 }}
- name: HTTP_NODE_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "node-creds" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "node-creds" "key" "password") | indent 10 }}
- name: REST_CONF_USER
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "restconf-creds" "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restconf-creds" "key" "login") | indent 10 }}
- name: REST_CONF_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "restconf-creds" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restconf-creds" "key" "password") | indent 10 }}
volumeMounts:
- mountPath: /config-input
name: config-input
+{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada
# Copyright © 2020 Samsung Electronics
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
-{{ include "common.secret" . }}
+{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
echo "Backup Successful!!!"
env:
- name: DB_PASS
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" (include "common.mariadb.secret.rootPassUID" .) "key" "password") | indent 14}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mariadb.secret.rootPassUID" .) "key" "password") | indent 14}}
volumeMounts:
- name: backup-dir
mountPath: /backup
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
- name: MYSQL_ROOT_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" (include "common.mariadb.secret.rootPassUID" .) "key" "password") | indent 14}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mariadb.secret.rootPassUID" .) "key" "password") | indent 14}}
command:
- /bin/bash
- -c
+{{/*
# Copyright © 2018 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{- if .Values.externalConfig }}
apiVersion: v1
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
+
{{- $global := . }}
{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }}
{{- if eq "True" (include "common.needPV" .) -}}
+{{/*
# Copyright © 2018 Amdocs, Bell Canada
# Copyright © 2019 Samsung Electronics
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-{{ include "common.secret" . }}
+*/}}
+
+{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2018 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
+{{/*
# Copyright © 2019 Amdocs, Bell Canada, Orange, Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1beta1
kind: StatefulSet
apiVersion: v1
fieldPath: metadata.namespace
- name: MYSQL_USER
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" (include "common.mariadb.secret.userCredentialsUID" .) "key" "login") | indent 14}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mariadb.secret.userCredentialsUID" .) "key" "login") | indent 14}}
- name: MYSQL_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" (include "common.mariadb.secret.userCredentialsUID" .) "key" "password") | indent 14}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mariadb.secret.userCredentialsUID" .) "key" "password") | indent 14}}
- name: MYSQL_DATABASE
value: {{ default "" .Values.config.mysqlDatabase | quote }}
- name: MYSQL_ROOT_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" (include "common.mariadb.secret.rootPassUID" .) "key" "password") | indent 14}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mariadb.secret.rootPassUID" .) "key" "password") | indent 14}}
ports:
- containerPort: {{ .Values.service.internalPort }}
name: {{ .Values.service.portName }}
+{{/*
# Copyright (C) 2018 AT&T Intellectual Property.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: extensions/v1beta1
kind: Deployment
- name: SPRING_PROFILE
value: "{{ .Values.config.springProfile }}"
- name: NENG_DB_USER
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "neng-db-secret" "key" "login") | indent 10}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "neng-db-secret" "key" "login") | indent 10}}
- name: NENG_DB_PASS
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "neng-db-secret" "key" "password") | indent 10}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "neng-db-secret" "key" "password") | indent 10}}
- name: NENG_DB_URL
value: jdbc:mysql://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{ index .Values "mariadb-galera" "config" "mysqlDatabase" }}
- name: POL_CLIENT_AUTH
+{{/*
# Copyright (c) 2018 Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
-{{ include "common.secret" . }}
+{{ include "common.secretFast" . }}
---
apiVersion: v1
data:
+{{/*
# Copyright (C) 2018 AT&T Intellectual Property.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
+
apiVersion: v1
kind: Service
metadata:
--- /dev/null
+--- System Setup
+SET application_name="container_setup";
+
+CREATE EXTENSION IF NOT EXISTS pg_stat_statements;
+CREATE EXTENSION IF NOT EXISTS pgaudit;
+
+ALTER USER postgres PASSWORD '${PG_ROOT_PASSWORD}';
+
+CREATE USER ${PG_PRIMARY_USER} WITH REPLICATION;
+ALTER USER ${PG_PRIMARY_USER} PASSWORD '${PG_PRIMARY_PASSWORD}';
+
+CREATE USER "${PG_USER}" LOGIN;
+ALTER USER "${PG_USER}" PASSWORD '${PG_PASSWORD}';
+
+CREATE DATABASE ${PG_DATABASE};
+GRANT ALL PRIVILEGES ON DATABASE ${PG_DATABASE} TO "${PG_USER}";
+
+CREATE TABLE IF NOT EXISTS primarytable (key varchar(20), value varchar(20));
+GRANT ALL ON primarytable TO ${PG_PRIMARY_USER};
+
+--- PG_DATABASE Setup
+
+\c ${PG_DATABASE}
+
+CREATE EXTENSION IF NOT EXISTS pg_stat_statements;
+CREATE EXTENSION IF NOT EXISTS pgaudit;
+
+--- Verify permissions via PG_USER
+
+\c ${PG_DATABASE} "${PG_USER}";
+
+CREATE SCHEMA IF NOT EXISTS "${PG_USER}";
+
+CREATE TABLE IF NOT EXISTS "${PG_USER}".testtable (
+ name varchar(30) PRIMARY KEY,
+ value varchar(50) NOT NULL,
+ updatedt timestamp NOT NULL
+);
+
+INSERT INTO "${PG_USER}".testtable (name, value, updatedt) VALUES ('CPU', '256', now());
name: "{{ index $dot.Values "container" "name" $pgMode }}"
spec:
initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: PG_PRIMARY_USER
+ value: primaryuser
+ - name: PG_PRIMARY_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.primaryPasswordUID" .) "key" "password") | indent 10 }}
+ - name: PG_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "login") | indent 10 }}
+ - name: PG_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "password") | indent 10 }}
+ - name: PG_DATABASE
+ value: "{{ $dot.Values.config.pgDatabase }}"
+ - name: PG_ROOT_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.rootPassUID" .) "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input/setup.sql
+ name: config
+ subPath: setup.sql
+ - mountPath: /config
+ name: pgconf
+ image: "{{ $dot.Values.global.envsubstImage }}"
+ imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
+ name: {{ include "common.name" $dot }}-update-config
+
- name: init-sysctl
command:
- /bin/sh
- name: PG_PRIMARY_PORT
value: "{{ $dot.Values.service.internalPort }}"
- name: PG_PRIMARY_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.primaryPasswordUID" .) "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.primaryPasswordUID" .) "key" "password") | indent 10 }}
- name: PG_USER
- {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "login") | indent 10 }}
- name: PG_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "password") | indent 10 }}
- name: PG_DATABASE
value: "{{ $dot.Values.config.pgDatabase }}"
- name: PG_ROOT_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.rootPassUID" .) "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.rootPassUID" .) "key" "password") | indent 10 }}
volumeMounts:
- - name: pool-hba-conf
+ - name: config
mountPath: /pgconf/pool_hba.conf
subPath: pool_hba.conf
+ - name: pgconf
+ mountPath: /pgconf/setup.sql
+ subPath: setup.sql
- mountPath: /pgdata
name: {{ include "common.fullname" $dot }}-data
- mountPath: /backup
{{- else }}
emptyDir: {}
{{ end }}
- - name: pool-hba-conf
+ - name: config
configMap:
name: {{ include "common.fullname" $dot }}
-{{- end -}}
\ No newline at end of file
+ - name: pgconf
+ emptyDir:
+ medium: Memory
+{{- end -}}
# # See the License for the specific language governing permissions and
# # limitations under the License.
*/}}
-{{ include "common.secret" . }}
+{{ include "common.secretFast" . }}
readinessRepository: oomk8s
readinessImage: readiness-check:2.0.0
+ # envsusbt
+ envsubstImage: dibi/envsubst
+
#################################################################
# Secrets metaconfig
#################################################################
name: consul-server
portName: consul-join
internalPort: 8301
- type2: NodePort
+ type2: ClusterIP
portName2: consul-ui
internalPort2: 8500
nodePort2: 70
$0 [cluster_domain] [helm_chart_args ...]
[cluster_domain] Default value simpledemo.onap.org
[helm_chart_args...] Optional arguments passed to helm install command
+$0 --help This message
+$0 --info Display howto configure target machine
==usage
}
if [[ $# -eq 1 ]] && [[ $1 == "-h" || $1 == "--help" ]]; then
usage
+elif [[ $# -eq 1 ]] && [[ $1 == "--info" ]]; then
+ target_machine_notice_info
else
deploy $@
fi
kind: ConfigMap
apiVersion: v1
data:
- enable-underscores-in-headers: "on"
+ enable-underscores-in-headers: "true"
metadata:
name: nginx-configuration
namespace: ingress-nginx
--- /dev/null
+kind: Service
+apiVersion: v1
+metadata:
+ name: ingress-nginx
+ namespace: ingress-nginx
+ labels:
+ app.kubernetes.io/name: ingress-nginx
+ app.kubernetes.io/part-of: ingress-nginx
+ annotations:
+ service.beta.kubernetes.io/aws-load-balancer-type: nlb
+spec:
+ externalTrafficPolicy: Local
+ type: LoadBalancer
+ selector:
+ app.kubernetes.io/name: ingress-nginx
+ app.kubernetes.io/part-of: ingress-nginx
+ ports:
+ - name: http
+ port: 80
+ targetPort: http
+ - name: https
+ port: 443
+ targetPort: https
+
#============LICENSE_START========================================================
#=================================================================================
-# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2018 Amdocs, Bell Canada
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
{
"cert_path": "/opt/app/osaaf",
"image": "{{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}",
+ "component_cert_dir": "/opt/dcae/cacert",
"component_ca_cert_path": "/opt/dcae/cacert/cacert.pem",
"ca_cert_configmap": "{{ include "common.fullname" . }}-dcae-cacert"
}
{{ if .Values.componentImages.hv_ves }}
tag_version: {{ include "common.repository" . }}/{{ .Values.componentImages.hv_ves }}
{{ end }}
+use_tls: true
+security_ssl_disable: false
\ No newline at end of file
- dcae-config-binding-service\r
- --container-name\r
- dcae-db\r
+ - --container-name\r
+ - dcae-inventory-api\r
- "-t"\r
- "15"\r
+\r
env:\r
- name: NAMESPACE\r
valueFrom:\r
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.9.0
+image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.12.2
default_k8s_location: central
# DCAE component images to be deployed via Cloudify Manager
holmes_rules: onap/holmes/rule-management:1.2.7
holmes_engine: onap/holmes/engine-management:1.2.6
tca: onap/org.onap.dcaegen2.deployments.tca-cdap-container:1.2.2
- #placeholder until tca-gen2 release image is available
- #tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.0.0
- ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.5.3
+ tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.0.0
+ ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.5.4
snmptrap: onap/org.onap.dcaegen2.collectors.snmptrap:1.4.0
- prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.0
- hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.3.0
+ prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.2
+ hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.4.0
# Resource Limit flavor -By Default using small
flavor: small
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.cm-container:2.0.2
+image: onap/org.onap.dcaegen2.deployments.cm-container:2.1.0
pullPolicy: Always
# name of shared ConfigMap with kubeconfig for multiple clusters
path: /healthcheck
service:
- type: NodePort
+ type: ClusterIP
name: config-binding-service
# TLS service
secure:
#============LICENSE_START========================================================
# ================================================================================
-# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.ccsdk.dashboard.ccsdk-app-os:1.3.0
+image: onap/org.onap.ccsdk.dashboard.ccsdk-app-os:1.3.2
pullPolicy: Always
# probe configuration parameters
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.deployment-handler:4.2.0
+image: onap/org.onap.dcaegen2.platform.deployment-handler:4.3.0
pullPolicy: Always
# probe configuration parameters
fieldPath: metadata.namespace
- name: init-tls
env:
+ - name: aaf_locator_fqdn
+ value: dcae
- name: POD_IP
valueFrom:
fieldRef:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
resources: {}
volumeMounts:
- - mountPath: /opt/tls/shared
+ - mountPath: /opt/app/osaaf
name: tls-info
containers:
- name: {{ include "common.name" . }}
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
tlsRepository: nexus3.onap.org:10001
- tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:1.0.3
+ tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
repositoryCred:
user: docker
password: docker
"policy_engine": {
"url": "https://{{ .Values.config.address.policy_xacml_pdp }}:6969",
"path_decision": "/policy/pdpx/v1/decision",
- "path_notifications": "/pdp/notifications",
- "path_api": "/pdp/api/",
"headers": {
"Accept": "application/json",
"Content-Type": "application/json",
- "ClientAuth": "cHl0aG9uOnRlc3Q=",
"Authorization": "Basic aGVhbHRoY2hlY2s6emIhWHp0RzM0",
"Environment": "TEST"
},
"target_entity": "policy_engine",
"tls_ca_mode": "cert_directory",
- "tls_wss_ca_mode": "cert_directory",
- "timeout_in_secs": 60,
- "ws_ping_interval_in_secs": 180
+ "timeout_in_secs": 60
+ },
+ "dmaap_mr" : {
+ "url" : "https://message-router:3904/events/unauthenticated.POLICY-NOTIFICATION/policy-handler/ph1",
+ "query": {
+ "timeout": 15000
+ },
+ "headers" : {
+ "Content-Type" : "application/json"
+ },
+ "target_entity" : "dmaap_mr",
+ "tls_ca_mode" : "cert_directory",
+ "timeout_in_secs": 60
},
"deploy_handler": {
"target_entity": "deployment_handler",
#============LICENSE_START========================================================
# ================================================================================
-# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.policy-handler:5.0.0
+image: onap/org.onap.dcaegen2.platform.policy-handler:5.1.0
pullPolicy: Always
# probe configuration parameters
service:
type: ClusterIP
name: policy-handler
- externalPort: 25577
+ externalPort: 80
internalPort: 25577
global:
nodePortPrefix: 302
tlsRepository: nexus3.onap.org:10001
-# Have to use locally-define tlsImage until inventory API can use 2.x.y
-# tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
+ tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
consulLoaderRepository: nexus3.onap.org:10001
consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
redis:
--- /dev/null
+#============LICENSE_START========================================================
+#=================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: v1
+description: ONAP DCAE MOD
+name: dcaemod
+version: 6.0.0
--- /dev/null
+# Copyright © 2020 AT&T Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+make-dcaemod: make-dcaemod-distributor-api make-dcaemod-genprocessor make-dcaemod-designtool make-dcaemod-onboarding-api make-dcaemod-runtime-api make-dcaemod-nifi-registry
+
+make-dcaemod-distributor-api:
+ cd components && helm dep up dcaemod-genprocessor && helm lint dcaemod-genprocessor
+
+make-dcaemod-genprocessor:
+ cd components && helm dep up dcaemod-distributor-api && helm lint dcaemod-distributor-api
+
+make-dcaemod-designtool:
+ cd components && helm dep up dcaemod-designtool && helm lint dcaemod-designtool
+
+make-dcaemod-onboarding-api:
+ cd components && helm dep up dcaemod-onboarding-api && helm lint dcaemod-onboarding-api
+
+make-dcaemod-runtime-api:
+ cd components && helm dep up dcaemod-runtime-api && helm lint dcaemod-runtime-api
+
+make-dcaemod-nifi-registry:
+ cd components && helm dep up dcaemod-nifi-registry && helm lint dcaemod-nifi-registry
+
+clean:
+ @find . -type f -name '*.tgz' -delete
+ @find . -type f -name '*.lock' -delete
--- /dev/null
+#============LICENSE_START========================================================
+#=================================================================================
+# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: v1
+description: ONAP DCAE MOD Design Tool
+name: dcaemod-designtool
+version: 6.0.0
--- /dev/null
+#============LICENSE_START========================================================
+#=================================================================================
+# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: common
+ version: ~5.x-0
+ repository: '@local'
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ replicas: 1
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ initContainers:
+ - name: {{ include "common.name" . }}-readiness
+ image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /root/ready.py
+ args:
+ - --container-name
+ - dcaemod-genprocessor-http
+ - --container-name
+ - dcaemod-nifi-registry
+ - --container-name
+ - dcaemod-distributor-api
+ - "-t"
+ - "15"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ - name: {{ include "common.name" . }}-create-bucket
+ image: {{ .Values.config.curlImage }}
+ args:
+ - -kv
+ - -X
+ - POST
+ - -H
+ - "Content-Type: application/json"
+ - --data-binary
+ - '{"name": "dcaemod-flows"}'
+ - http://dcaemod-nifi-registry:18080/nifi-registry-api/buckets
+
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.liveness.port }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ readinessProbe:
+ httpGet:
+ path: {{ .Values.readiness.path }}
+ port: {{ .Values.readiness.port }}
+ scheme: {{ .Values.readiness.scheme }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ env:
+ - name: NIFI_DCAE_JARS_INDEX_URL
+ value: {{ .Values.config.nifiJarsIndexURL }}
+ - name: NIFI_DCAE_DISTRIBUTOR_API_URL
+ value: {{ .Values.config.distributorAPIURL }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# ================================================================================
+# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+{{ include "common.ingress" . }}
\ No newline at end of file
-#!/bin/bash
-# ============LICENSE_START=======================================================
-# ONAP
+#============LICENSE_START========================================================
# ================================================================================
-# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
-# http://www.apache.org/licenses/LICENSE-2.0
+# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# limitations under the License.
# ============LICENSE_END=========================================================
-
-docker-entrypoint.sh nexus
\ No newline at end of file
+{{ include "common.service" . }}
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
+#============LICENSE_START========================================================
+#=================================================================================
+# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
-# http://www.apache.org/licenses/LICENSE-2.0
+# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+# ============LICENSE_END=========================================================
#################################################################
# Global configuration defaults.
#################################################################
global:
+ persistence: {}
nodePortPrefix: 302
+ nodePortPrefixExt: 304
readinessRepository: oomk8s
readinessImage: readiness-check:2.0.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- persistence: {}
- ubuntuInitRepository: registry.hub.docker.com
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/dmaap/kafka111:1.0.1
-pullPolicy: Always
-ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
-
-zookeeper:
- name: message-router-zookeeper
- port: 2181
-messagerouter:
- container: message-router
+ ingress:
+ enabled: true
+ virtualhost:
+ enabled: false
-# flag to enable debugging - application support required
-debugEnabled: false
+config:
+ nifiJarsIndexURL: http://dcaemod-genprocessor/nifi-jars
+ distributorAPIURL: /distributor
+ curlImage: curlimages/curl:7.68.0
-# default number of instances
-replicaCount: 1
-kafkaHeapOptions: -Xmx4G -Xms2G
+# application image
+repository: nexus3.onap.org:10001
+image: onap/org.onap.dcaegen2.platform.mod.designtool-web:1.0.0
-nodeSelector: {}
+service:
+ type: ClusterIP
+ name: dcaemod-designtool
+ ports:
+ - name: http
+ port: 8080
-affinity: {}
+ingress:
+ enabled: true
+ service:
+ - baseaddr: "nifi"
+ name: "dcaemod-designtool"
+ port: 8080
+ - baseaddr: "nifi-api"
+ name: "dcaemod-designtool"
+ port: 8080
+ config:
+ ssl: "none"
# probe configuration parameters
liveness:
- initialDelaySeconds: 60
- periodSeconds: 20
- timeoutSeconds: 5
+ initialDelaySeconds: 90
+ periodSeconds: 30
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
+ port: http
readiness:
initialDelaySeconds: 60
periodSeconds: 20
- timeoutSeconds: 5
-
-
-service:
- type: NodePort
- name: message-router-mirrormaker
- portName: message-router-mirrormaker
- internalPort: 9092
-
-
-
-ingress:
- enabled: false
+ path: /nifi-api/system-diagnostics
+ scheme: HTTP
+ port: http
# Resource Limit flavor -By Default using small
-flavor: large
+flavor: small
# Segregation for Different environment (Small and Large)
resources:
small:
limits:
- cpu: 2000m
- memory: 4Gi
+ cpu: 2
+ memory: 2Gi
requests:
- cpu: 500m
+ cpu: 1
memory: 1Gi
large:
limits:
- cpu: 4000m
- memory: 8Gi
+ cpu: 4
+ memory: 4Gi
requests:
- cpu: 1000m
+ cpu: 2
memory: 2Gi
unlimited: {}
-
--- /dev/null
+#============LICENSE_START========================================================
+#=================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: v1
+description: ONAP DCAE MOD Distributor API
+name: dcaemod-distributor-api
+version: 6.0.0
--- /dev/null
+#============LICENSE_START========================================================
+#=================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: common
+ version: ~5.x-0
+ repository: '@local'
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ replicas: 1
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ initContainers:
+ - name: {{ include "common.name" . }}-readiness
+ image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /root/ready.py
+ args:
+ - --container-name
+ - dcaemod-runtime-api
+ - --container-name
+ - dcaemod-nifi-registry
+ - --container-name
+ - dcaemod-onboarding-api
+ - "-t"
+ - "15"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.liveness.port }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ readinessProbe:
+ httpGet:
+ path: {{ .Values.readiness.path }}
+ port: {{ .Values.readiness.port }}
+ scheme: {{ .Values.readiness.scheme }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ - name: NIFI_REGISTRY_URL
+ value: {{ .Values.config.nifiRegistryURL }}
+ - name : ONBOARDING_API_URL
+ value: {{ .Values.config.onboardingAPIURL }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# ================================================================================
+# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+{{ include "common.ingress" . }}
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+{{ include "common.service" . }}
\ No newline at end of file
--- /dev/null
+#============LICENSE_START========================================================
+#=================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ persistence: {}
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
+
+ ingress:
+ enabled: true
+ virtualhost:
+ enabled: false
+
+config:
+ nifiRegistryURL: http://dcaemod-nifi-registry:18080/nifi-registry-api
+ onboardingAPIURL: http://dcaemod-onboarding-api/onboarding
+
+# application image
+repository: nexus3.onap.org:10001
+image: onap/org.onap.dcaegen2.platform.mod.distributorapi:1.0.0
+
+service:
+ type: ClusterIP
+ name: dcaemod-distributor-api
+ ports:
+ - name: http
+ port: 80
+
+ingress:
+ enabled: true
+ service:
+ - baseaddr: "distributor"
+ name: dcaemod-distributor-api
+ port: 80
+ config:
+ ssl: "none"
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 60
+ periodSeconds: 30
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+ port: http
+
+readiness:
+ initialDelaySeconds: 60
+ periodSeconds: 20
+ # Should have a proper readiness endpoint
+ # This will be OK as long as we have a small number
+ # of distribution targets
+ path: /distributor/distribution-targets
+ scheme: HTTP
+ port: http
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 2
+ memory: 2Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 4
+ memory: 4Gi
+ requests:
+ cpu: 2
+ memory: 2Gi
+ unlimited: {}
--- /dev/null
+#============LICENSE_START========================================================
+#=================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: v1
+description: ONAP DCAE MOD Genprocessor
+name: dcaemod-genprocessor
+version: 6.0.0
--- /dev/null
+#============LICENSE_START========================================================
+#=================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: common
+ version: ~5.x-0
+ repository: '@local'
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ replicas: 1
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.liveness.port }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.readiness.port }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ - name: GENPROC_ONBOARDING_API_HOST
+ value: {{ .Values.config.onboardingAPIURL }}
+ volumeMounts:
+ - mountPath: /work/
+ name: genprocessor-data
+ resources: {{ include "common.resources" . | nindent 12 }}
+ - name: {{ include "common.name" . }}-http
+ image: "{{ include "common.repository" . }}/{{ .Values.httpImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /www/data
+ name: genprocessor-data
+ readOnly: true
+ volumes:
+ - name: genprocessor-data
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# ================================================================================
+# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+{{ include "common.ingress" . }}
\ No newline at end of file
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+{{ include "common.PV" . }}
--- /dev/null
+# ================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+{{ include "common.PVC" . }}
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+{{ include "common.service" . }}
--- /dev/null
+#============LICENSE_START========================================================
+#=================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ persistence: {}
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
+ ingress:
+ enabled: true
+ virtualhost:
+ enabled: false
+
+config:
+ onboardingAPIURL: http://dcaemod-onboarding-api/onboarding
+
+# application image
+repository: nexus3.onap.org:10001
+image: onap/org.onap.dcaegen2.platform.mod.genprocessor-job:1.0.0
+httpImage: onap/org.onap.dcaegen2.platform.mod.genprocessor-http:1.0.0
+
+service:
+ type: ClusterIP
+ name: dcaemod-genprocessor
+ ports:
+ - name: http
+ port: 80
+
+ingress:
+ enabled: true
+ service:
+ - baseaddr: "nifi-jars"
+ name: dcaemod-genprocessor
+ port: 80
+ config:
+ ssl: "none"
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 60
+ periodSeconds: 30
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+ port: http
+
+readiness:
+ initialDelaySeconds: 60
+ periodSeconds: 20
+ port: http
+ # Should have a proper readiness endpoint or script
+
+# Parameters for persistent storage
+persistence:
+ enabled: true
+# Only the genprocessor-job writes, genprocessor-http mounts readOnly
+ accessMode: ReadWriteMany
+ size: 4Gi
+ mountPath: /dockerdata-nfs
+ mountSubPath: dcae-mod-genprocessor/data
+ volumeReclaimPolicy: Retain
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 2
+ memory: 2Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 4
+ memory: 4Gi
+ requests:
+ cpu: 2
+ memory: 2Gi
+ unlimited: {}
--- /dev/null
+#============LICENSE_START========================================================
+#=================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: v1
+description: ONAP DCAE MOD Nifi Registry
+name: dcaemod-nifi-registry
+version: 6.0.0
--- /dev/null
+#============LICENSE_START========================================================
+#=================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: common
+ version: ~5.x-0
+ repository: '@local'
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ replicas: 1
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ initContainers:
+ # nifi-registry app runs as user "nifi", uid 1000, group "nifi", gid 1000
+ # the volume is mounted with root permissions
+ # this initContainer changes ownership to uid 1000 gid 1000
+ # (tried using a securityContext in the pod spec, but it didn't seem to work)
+ - name: set-permissions
+ image: busybox:latest
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - sh
+ - -c
+ - chown -R 1000:1000 /opt/nifi-registry/nifi-registry-0.4.0/flow_storage
+ volumeMounts:
+ - mountPath: /opt/nifi-registry/nifi-registry-0.4.0/flow_storage
+ name: flow-storage
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.liveness.port }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.readiness.port }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ volumeMounts:
+ - mountPath: /opt/nifi-registry/nifi-registry-0.4.0/flow_storage
+ name: flow-storage
+ resources: {{ include "common.resources" . | nindent 12 }}
+ env:
+ - name: NIFI_REGISTRY_DB_URL
+ value: {{ .Values.config.dbURL }}
+ - name: NIFI_REGISTRY_DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dbsecret" "key" "login") | indent 12 }}
+ - name: NIFI_REGISTRY_DB_PASS
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dbsecret" "key" "password") | indent 12 }}
+ volumes:
+ - name: flow-storage
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+
+{{ include "common.PV" . }}
--- /dev/null
+# ================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+{{ include "common.PVC" . }}
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+{{ include "common.secretFast" . }}
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+{{ include "common.service" . }}
--- /dev/null
+#============LICENSE_START========================================================
+#=================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ persistence: {}
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
+
+config:
+ dbURL: jdbc:h2:./database/nifi-registry-primary
+ dbUser: nobody
+ dbPassword: nobody
+
+secrets:
+ - uid: "dbsecret"
+ type: basicAuth
+ login: '{{ .Values.config.dbUser }}'
+ password: '{{ .Values.config.dbPassword }}'
+ passwordPolicy: generate
+
+# application image
+repository: docker.io
+image: apache/nifi-registry:0.5.0
+
+service:
+ type: ClusterIP
+ name: dcaemod-nifi-registry
+ ports:
+ - name: http
+ port: 18080
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 60
+ periodSeconds: 30
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+ port: http
+
+readiness:
+ initialDelaySeconds: 60
+ periodSeconds: 20
+ port: http
+ # Should have a proper readiness endpoint or script
+
+# Parameters for persistent storage
+persistence:
+ enabled: true
+ accessMode: ReadWriteOnce
+ size: 4Gi
+ mountPath: /dockerdata-nfs
+ mountSubPath: dcae-mod-nifi-registry/data
+ volumeReclaimPolicy: Retain
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 2
+ memory: 2Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 4
+ memory: 4Gi
+ requests:
+ cpu: 2
+ memory: 2Gi
+ unlimited: {}
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
--- /dev/null
+#============LICENSE_START========================================================
+#=================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: v1
+description: ONAP DCAE MOD Onboarding API
+name: dcaemod-onboarding-api
+version: 6.0.0
--- /dev/null
+#============LICENSE_START========================================================
+#=================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: common
+ version: ~5.x-0
+ repository: '@local'
+ - name: postgres
+ version: ~5.x-0
+ repository: '@local'
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ replicas: 1
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ initContainers:
+ - name: {{ include "common.name" . }}-readiness
+ image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /root/ready.py
+ args:
+ - --container-name
+ - {{ .Values.postgres.nameOverride }}
+ - "-t"
+ - "15"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ containers:
+ - name: {{ include "common.name" . }}
+ command:
+ - sh
+ args:
+ - -c
+ - 'PG_CONN=postgresql://${PG_USER}:${PG_PASSWORD}@${PG_ADDR}:${PG_PORT}/${PG_DB_NAME} ./start.sh'
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.liveness.port }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.readiness.port }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ env:
+ - name: PG_ADDR
+ value: {{ .Values.postgres.service.name2 }}
+ # This should be kept in secret but it needs a fix in postgres common chart
+ - name: PG_USER
+ value: postgres
+ - name: PG_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14 }}
+ - name: PG_PORT
+ value: "5432"
+ - name: PG_DB_NAME
+ value: dcae_onboarding_db
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# ================================================================================
+# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+{{ include "common.ingress" . }}
\ No newline at end of file
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-logging-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
\ No newline at end of file
+{{ include "common.secretFast" . }}
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+{{ include "common.service" . }}
--- /dev/null
+#============LICENSE_START========================================================
+#=================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
+ ingress:
+ enabled: true
+ virtualhost:
+ enabled: false
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-root-pass
+ name: &rootPassSecretName '{{ include "common.release" . }}-dcaemod-db-root-pass'
+ type: password
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "dcaemod-db-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret)}}'
+ password: '{{ .Values.postgres.config.pgRootPassword }}'
+ - uid: db-primary-pass
+ name: &primaryPassSecretName '{{ include "common.release" . }}-dcaemod-db-primary-pass'
+ type: password
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgPrimaryPasswordExternalSecret) .) (hasSuffix "dcaemod-db-primary-pass" .Values.postgres.config.pgPrimaryPasswordExternalSecret)}}'
+ password: '{{ .Values.postgres.config.pgPrimaryPassword }}'
+
+service:
+ type: ClusterIP
+ name: dcaemod-onboarding-api
+ ports:
+ - name: http
+ port: 80
+ingress:
+ enabled: true
+ service:
+ - baseaddr: "onboarding"
+ name: dcaemod-onboarding-api
+ port: 80
+ config:
+ ssl: "none"
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 60
+ periodSeconds: 30
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+ port: http
+
+readiness:
+ initialDelaySeconds: 60
+ periodSeconds: 20
+ port: http
+ # Should have a proper readiness endpoint or script
+
+# postgres values--overriding defaults in the postgres subchart
+postgres:
+ nameOverride: dcaemod-db
+ service:
+ name: dcaemod-postgres
+ name2: dcaemod-pg-primary
+ name3: dcaemod-pg-replica
+ suffix: svc.cluster.local
+ container:
+ name:
+ primary: dcaemod-pg-primary
+ replica: dcaemod-pg-replica
+ config:
+ pgPrimaryPasswordExternalSecret: *primaryPassSecretName
+ pgRootPasswordExternalSecret: *rootPassSecretName
+ persistence:
+ mountSubPath: dcaemod/data
+ mountInitPath: dcaemod
+
+# application image
+repository: nexus3.onap.org:10001
+image: onap/org.onap.dcaegen2.platform.mod.onboardingapi:2.12.0
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 2
+ memory: 2Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 4
+ memory: 4Gi
+ requests:
+ cpu: 2
+ memory: 2Gi
+ unlimited: {}
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
--- /dev/null
+#============LICENSE_START========================================================
+#=================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: v1
+description: ONAP DCAE MOD Runtime API
+name: dcaemod-runtime-api
+version: 6.0.0
--- /dev/null
+#============LICENSE_START========================================================
+#=================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: common
+ version: ~5.x-0
+ repository: '@local'
+
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ replicas: 1
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.liveness.port }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.readiness.port }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ env:
+ - name: DASHBOARD_URL
+ value: {{ .Values.config.dashboardURL }}
+ - name: DASHBOARD_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dashsecret" "key" "login") | indent 14 }}
+ - name: DASHBOARD_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dashsecret" "key" "password") | indent 14 }}
+ - name: ONAP_TOPICURL
+ value: {{ .Values.config.mrTopicURL }}
+ - name: ONAP_IMPORT_CLOUDIFYPLUGIN
+ value: {{ .Values.config.importCloudify }}
+ - name: ONAP_IMPORT_K8SPLUGIN
+ value: {{ .Values.config.importK8S }}
+ - name: ONAP_IMPORT_POLICYPLUGIN
+ value: {{ .Values.config.importPolicy }}
+ - name: ONAP_INPORT_POSTGRESPLUGIN
+ value: {{ .Values.config.importPostgres }}
+ - name: ONAP_IMPORT_CLAMPPLUGIN
+ value: {{ .Values.config.importClamp }}
+ - name: ONAP_IMPORT_DMAAPPLUGIN
+ value: {{ .Values.config.importDMaaP }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+{{ include "common.secretFast" . }}
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+{{ include "common.service" . }}
--- /dev/null
+#============LICENSE_START========================================================
+#=================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
+
+config:
+ dashboardURL: https://inventory:8080/dcae-service-types
+ # The dashboard credentials aren't actually used, since
+ # the inventory API and the dashboard pass-through to the
+ # inventory API don't require authentication.
+ # Since the password doesn't matter, we let it be
+ # generated by the common secret template.
+ dashboardUser: nobody
+ #dashboardPassword: doesntmatter
+ mrTopicURL: http://message-router:3904/events
+ importCloudify: https://www.getcloudify.org/spec/cloudify/4.5.5/types.yaml
+ importK8S: https://nexus.onap.org/service/local/repositories/raw/content/org.onap.dcaegen2.platform.plugins/R6/k8splugin/1.7.2/k8splugin_types.yaml
+ importPolicy: https://nexus.onap.org/service/local/repositories/raw/content/org.onap.dcaegen2.platform.plugins/R6/dcaepolicyplugin/2.4.0/dcaepolicyplugin_types.yaml
+ importPostgres: https://nexus.onap.org/service/local/repositories/raw/content/org.onap.ccsdk.platform.plugins/type_files/pgaas/1.1.0/pgaas_types.yaml
+ importClamp: https://nexus.onap.org/service/local/repositories/raw/content/org.onap.dcaegen2.platform.plugins/R6/clamppolicyplugin/1.1.0/clamppolicyplugin_types.yaml
+ importDMaaP: https://nexus.onap.org/content/repositories/raw/org.onap.ccsdk.platform.plugins/type_files/dmaap/dmaap.yaml
+
+secrets:
+ - uid: "dashsecret"
+ type: basicAuth
+ login: '{{ .Values.config.dashboardUser }}'
+ password: '{{ .Values.config.dashboardPassword }}'
+ passwordPolicy: generate
+
+service:
+ type: ClusterIP
+ name: dcaemod-runtime-api
+ ports:
+ - name: http
+ port: 9090
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 60
+ periodSeconds: 30
+ port: http
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 60
+ periodSeconds: 20
+ port: http
+ # Should have a proper readiness endpoint or script
+
+# application image
+repository: nexus3.onap.org:10001
+image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.0.0
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 2
+ memory: 2Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 4
+ memory: 4Gi
+ requests:
+ cpu: 2
+ memory: 2Gi
+ unlimited: {}
--- /dev/null
+# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~5.x-0
+ repository: '@local'
+ - name: dcaemod-genprocessor
+ version: ~6.x-0
+ repository: 'file://components/dcaemod-genprocessor'
+ condition: dcaemod-genprocessor.enabled
+ - name: dcaemod-distributor-api
+ version: ~6.x-0
+ repository: 'file://components/dcaemod-distributor-api'
+ - name: dcaemod-designtool
+ version: ~6.x-0
+ repository: 'file://components/dcaemod-designtool'
+ - name: dcaemod-onboarding-api
+ version: ~6.x-0
+ repository: 'file://components/dcaemod-onboarding-api'
+ - name: dcaemod-runtime-api
+ version: ~6.x-0
+ repository: 'file://components/dcaemod-runtime-api'
+ - name: dcaemod-nifi-registry
+ version: ~6.x-0
+ repository: 'file://components/dcaemod-nifi-registry'
\ No newline at end of file
# Environment settings for starting a container
DMAAPBC_WAIT_TO_EXIT=Y
-
+DMAAPBC_KSTOREFILE=/opt/app/osaaf/local/org.onap.dmaap-bc.jks
# See the License for the specific language governing permissions and
# limitations under the License.
-#####################################################
-#
-# ONAP Casablanca oom configurable deployment params:
-#
-#####################################################
-
#####################################################
#
# Hooks for specific environment configurations
#
#####################################################
-# Indicator for whether to use AAF
+# Indicator for whether to use AAF for authentication
UseAAF: {{ .Values.global.aafEnabled }}
-# csit: stubs out some southbound APIs for csit
-csit: No
+# Stub out southbound calls for Unit Test cases to run. e.g. not timeout
+# Comment out in other environments to get default (No)
+#UnitTest: Yes
-# name of this DMaaP instance (deprecated)
-#DmaapName: demo
#####################################################
#
# Settings for Southbound API: Datarouter
#
#####################################################
-# FQDN of DR Prov Server (deprecated)
-#DR.provhost: dcae-drps.domain.not.set
# URI to retrieve dynamic DR configuration
ProvisioningURI: /internal/prov
# indicator for handling feed delete:
# DeleteOnDR - means use the DR API to DELETE a feed. (default for backwards compatibility)
-# SimulateDelete - means preserve the feed on DR (after cleaning it up), and mark as DELETED in DBCL. Better for cfy environments.
+# SimulateDelete - means preserve the feed on DR (after cleaning it up), and mark as DELETED in DBCL. Better for cloudify environments.
Feed.deleteHandling: SimulateDelete
+###########################################################
+# The following properties default to match ONAP DR instance.
+# However, there are some non-ONAP DR instances that require other values.
+# Sets the X-DR-ON-BEHALF-OF HTTP Header value
+#DR.onBehalfHeader:
+# Value for the Content-Type Header in DR Feed API
+#DR.feedContentType:
+# Value for the Content-Type Header in DR Subscription API
+#DR.subContentType:
+#
+# END OF properties helpful for non-ONAP DR instance.
+############################################################
+
#####################################################
#
# Settings for Soutbound API: Postgresql
# In a multi-site, MR cluster deployment, use the CNAME DNS entry which resolves to the primary central MR
MR.CentralCname: {{ .Values.dmaapMessageRouterService }}
+# Indicator for whether we want hostname verification on SSL connection to MR
+MR.hostnameVerify: false
+
# MR Client Delete Level thoroughness:
# 0 = don't delete
# 1 = delete from persistent store
# Use Basic Authentication when provisioning topics
MR.authentication: basicAuth
+# MR topic name style (default is FQTN_LEGACY_FORMAT)
+#MR.topicStyle: FQTN_LEGACY_FORMAT
+#
+# end of MR Related Properties
+################################################################################
+
#####################################################
#
# Identity that is owner of any created namespaces for topics
aaf.NsOwnerIdentity: {{ .Values.adminUser }}
-# location of the codec keyfile used to decrypt passwords in this properties file before they are passed to AAF
-CredentialCodeKeyfile: etc/LocalKey
# this overrides the Class used for Decryption.
# This allows for a plugin encryption/decryption method if needed.
# Call this Class for decryption at runtime.
#AafDecryption.Class: com.company.proprietaryDecryptor
+# location of the codec keyfile used to decrypt passwords in this properties file before they are passed to AAF
+# Not used in ONAP, but possibly used with Decryption override class.
+#CredentialCodeKeyfile: etc/LocalKey
+
+#
+# endof AAF Properties
+####################################################
+
#####################################################
#
# pwd for Identity used to publish MM prov cmds
MM.ProvUserPwd: demo123456!
-# AAF Role of MirrorMaker agent subscribed to prov cmds
+# AAF Role of MirrorMaker agent subscribed to prov cmds.
MM.AgentRole: org.onal.dmaap-bc-mm-prov.agent
+#####################################################
+#
+# Certificate Management
+#
+#####################################################
+
+# Indicates how we are expecting certificates to be provided:
+# cadi - a set of artifacts will be downloaded from AAF at deployment time, and details will be in a cadi properties file
+# legacy (default) - artifacts will be installed manually or some other way and details will be in this file
+CertificateManagement: cadi
+
+# When CertificateManagement is cadi, then this is where all the cadi properties will be.
+# Note that the cadi properties include where the cert is, and the encrypted passwords to read.
+cadi.properties: /opt/app/osaaf/local/org.onap.dmaap-bc.props
+
+###########################################################################################
+# When CertificateManagement is legacy, we need to provide more details about cert handling:
+#CertificateManagement: legacy
+# the type of keystore for https (for legacy CertificateManagment only)
+#KeyStoreType: jks
+
+# path to the keystore file (for legacy CertificateManagment only)
+#KeyStoreFile: etc/keystore
+
+# password for the https keystore (for legacy CertificateManagment only)
+#KeyStorePassword: Y@Y5f&gm?PAz,CVQL,lk[VAF
+# password for the private key in the https keystore (for legacy CertificateManagment only)
+#KeyPassword: changeit
+
+# type of truststore for https (for legacy CertificateManagment only)
+#TrustStoreType: jks
+
+# path to the truststore for https (for legacy CertificateManagment only)
+#TrustStoreFile: etc/org.onap.dmaap-bc.trust.jks
+
+# password for the https truststore (for legacy CertificateManagment only)
+#TrustStorePassword: changeit
+#
+# END OF legacy CertificateManagement properties
+###########################################################################################
+
+
#####################################################
#
# HTTP Server Configuration
# set to 0 if no certificates are available.
IntHttpsPort: 8443
-# external port number for https taking port mapping into account
-ExtHttpsPort: 443
-
-# the type of keystore for https
-KeyStoreType: jks
-
-# path to the keystore file
-KeyStoreFile: etc/keystore
-
-# password for the https keystore
-KeyStorePassword: Y@Y5f&gm?PAz,CVQL,lk[VAF
-# password for the private key in the https keystore
-KeyPassword: Y@Y5f&gm?PAz,CVQL,lk[VAF
-# type of truststore for https
-TrustStoreType: jks
-
-# path to the truststore for https
-TrustStoreFile: etc/org.onap.dmaap-bc.trust.jks
-
-# password for the https truststore
-TrustStorePassword: 8b&R5%l$l:@jSWz@FCs;rhY*
-
-# path to the file used to trigger an orderly shutdown
-QuiesceFile: etc/SHUTDOWN
inHttpsPort: 0
+
+#####################################################
+#
+# Deprecated
+#
+#####################################################
+# csit: stubs out some southbound APIs for csit (deprecated)
+#csit: No
+# name of this DMaaP instance (deprecated)
+#DmaapName: demo
+# external port number for https taking port mapping into account (deprecated)
+#ExtHttpsPort: 443
+# path to the file used to trigger an orderly shutdown (deprecated)
+#QuiesceFile: etc/SHUTDOWN
+# FQDN of DR Prov Server (deprecated)
+#DR.provhost: dcae-drps.domain.not.set
+# root of topic namespace (decrecated)
+#topicNsRoot: org.onap.dcae.dmaap
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
+{{- if or .Values.global.aafEnabled .Values.PG.enabled }}
initContainers:
{{- if .Values.global.aafEnabled }}
- - command:
+ - name: {{ include "common.name" . }}-aaf-readiness
+ command:
- /root/ready.py
args:
- --container-name
- aaf-locate
+ - --container-name
+ - aaf-cm
+ - --container-name
+ - aaf-service
env:
- name: NAMESPACE
valueFrom:
fieldPath: metadata.namespace
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-aaf-readiness
- - name: {{ include "common.name" . }}-dbc-aaf-config
+ - name: {{ include "common.name" . }}-aaf-config
image: "{{ include "common.repository" . }}/{{ .Values.global.aafAgentImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["bash","-c","exec /opt/app/aaf_config/bin/agent.sh"]
volumeMounts:
- mountPath: {{ .Values.persistence.aafCredsPath }}
- name: {{ include "common.name" . }}-aaf-config
+ name: {{ include "common.name" . }}-aaf-config-vol
env:
- name: APP_FQI
value: "{{ .Values.aafConfig.fqi }}"
value: "{{ .Values.aafConfig.cadiLongitude }}"
- name: cadi_latitude
value: "{{ .Values.aafConfig.cadiLatitude }}"
+ - name: {{ include "common.name" . }}-permission-fixer
+ image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: {{ .Values.persistence.aafCredsPath }}
+ name: {{ include "common.name" . }}-aaf-config-vol
+ command: ["chown","-Rf","1000:1001", "/opt/app/"]
+# See AAF-425 for explanation of why this is needed.
+# This artifact is provisioned in AAF for both pks12 and jks format and apparently
+# the cadi library is not using the jks password on the jks keystore.
+# So, this attempts to "fix" the credential property file until this is fixed properly.
+ - name: {{ include "common.name" . }}-cred-fixer
+ image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: {{ .Values.persistence.aafCredsPath }}
+ name: {{ include "common.name" . }}-aaf-config-vol
+ command: ["/bin/sh"]
+ args: [ "-c", "sed -i -e '/cadi_keystore_password=/d' -e '/cadi_keystore_password_jks/p' -e 's/cadi_keystore_password_jks/cadi_keystore_password/' -e 's/dmaap-bc.p12/dmaap-bc.jks/' /opt/app/osaaf/local/org.onap.dmaap-bc.cred.props" ]
+
{{- end }}
{{- if .Values.PG.enabled }}
- - command:
+ - name: {{ include "common.name" . }}-postgres-readiness
+ command:
- /root/ready.py
args:
- --container-name
fieldPath: metadata.namespace
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-postgres-readiness
-{{- end}}
+{{- end }}
+{{- end }}
containers:
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ image: "{{ .Values.repository }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- - containerPort: {{ .Values.service.internalPort2 }}
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
{{ if eq .Values.liveness.enabled true -}}
livenessProbe:
httpGet:
- port: {{ .Values.service.internalPort }}
- path: /webapi/info
+ port: {{ .Values.liveness.port }}
+ path: /webapi/topics
+ scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
readinessProbe:
httpGet:
- host: {{ .Values.dmaapMessageRouterService }}
- port: 3904
- path: /topics
+ port: {{ .Values.readiness.port }}
+ path: /webapi/topics
+ scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- {{ end -}}
volumeMounts:
- mountPath: /etc/localtime
name: localtime
readOnly: true
+ - mountPath: {{ .Values.persistence.aafCredsPath }}
+ name: {{ include "common.name" . }}-aaf-config-vol
# NOTE: on the following several configMaps, careful to include / at end
# since there may be more than one file in each mountPath
- name: {{ include "common.name" . }}-config
mountPath: /opt/app/config/conf/
- - name: {{ include "common.name" . }}-aaf-config
- mountPath: /opt/app/dmaapbc/etc/org.onap.dmaap-bc.props
- subPath: org.onap.dmaap-bc.props
- resources:
-{{ include "common.resources" . }}
+ resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
{{- end -}}
{{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
+ affinity: {{ toYaml .Values.affinity | nindent 10 }}
{{- end }}
volumes:
- name: localtime
- name: {{ include "common.name" . }}-config
configMap:
name: {{ include "common.fullname" . }}-config
- - name: {{ include "common.name" . }}-aaf-config
- configMap:
- name: {{ include "common.fullname" . }}-aaf-config
+ - name: {{ include "common.name" . }}-aaf-config-vol
+ emptyDir: {}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
kind: Job
metadata:
name: {{ include "common.fullname" . }}-post-install
- labels:
- app.kubernetes.io/managed-by: {{.Release.Service | quote }}
- app.kubernetes.io/instance: {{include "common.release" . | quote }}
- helm.sh/chart: "{{.Chart.Name}}-{{.Chart.Version}}"
- release: {{ include "common.release" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels: {{- include "common.labels" . | nindent 4 }}
annotations:
# This is what defines this resource as a hook. Without this line, the
# job is considered part of the release.
"helm.sh/hook-delete-policy": hook-succeeded
spec:
template:
- metadata:
- name: {{ include "common.fullname" . }}
- labels:
- app.kubernetes.io/managed-by: {{.Release.Service | quote }}
- app.kubernetes.io/instance: {{include "common.release" . | quote }}
- helm.sh/chart: "{{.Chart.Name}}-{{.Chart.Version}}"
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
restartPolicy: Never
-
containers:
- name: post-install-job
image: "{{ include "common.repository" . }}/{{ .Values.global.clientImage }}"
- name: DELAY
value: "0"
- name: PROTO
+{{- if (include "common.needTLS" .) }}
value: "https"
- name: PORT
value: "8443"
+{{- else }}
+ value: "http"
+ - name: PORT
+ value: "8080"
+{{- end }}
- name: REQUESTID
value: "{{.Chart.Name}}-post-install"
volumeMounts:
mountPath: /opt/app/config/dmaap/
- name: {{ include "common.fullname" . }}-dbc-dcaelocations
mountPath: /opt/app/config/dcaeLocations/
- resources:
-{{ include "common.resources" . | indent 10 }}
+ resources: {{ include "common.resources" . | nindent 10 }}
{{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 8 }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
{{- end -}}
{{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 8 }}
+ affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
volumes:
- name: localtime
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Values.service.name }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- {{- if .Values.global.allow_http }}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.name }}
- {{- end}}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.name }}2
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.name }}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.name }}2
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }}
# application images
repository: nexus3.onap.org:10001
-image: onap/dmaap/dmaap-bc:1.1.5
+#repository: 10.12.7.57:5000
+image: onap/dmaap/dmaap-bc:2.0.4
# application configuration
#AAF local config
aafConfig:
- aafDeployFqi: dmaap-bc@dmaap-bc.onap.org
+ aafDeployFqi: deployer@people.osaaf.org
aafDeployPass: demo123456!
fqdn: dmaap-bc
fqi: dmaap-bc@dmaap-bc.onap.org
cadiLongitude: 0.0
persistence:
- aafCredsPath: /opt/app/osaaf/local
+ aafCredsPath: /opt/app/osaaf/local/
# for Casablanca default deployment, leave this true to
# get a topic namespace that matches MR. When set to false,
periodSeconds: 10
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
- enabled: false
+ port: api
+ enabled: true
readiness:
initialDelaySeconds: 10
periodSeconds: 10
+ port: api
service:
type: NodePort
name: dmaap-bc
- portName: dmaap-bc
- portName2: dmaap-bc
- externalPort: 8080
- internalPort: 8080
- externalPort2: 8443
- internalPort2: 8443
- nodePort: 41
- nodePort2: 42
+ ports:
+ - name: api
+ port: 8443
+ plain_port: 8080
+ port_protocol: http
+ nodePort: 42
# application configuration override for postgres
{{- if .Values.global.aafEnabled }}
{{- $global := . }}
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
-{{- if eq "True" (include "common.needPV" .) -}}
+{{- if (include "common.needPV" .) -}}
{{- range $i := until (int $global.Values.replicaCount)}}
---
kind: PersistentVolume
labels:
app: {{ include "common.name" $global }}
chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" . }}"
+ release: "{{ include "common.release" $global }}"
heritage: "{{ $global.Release.Service }}"
name: {{ include "common.fullname" $global }}-aaf-props
spec:
storageClassName: "{{ include "common.fullname" $global }}-data-aaf-props"
persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }}
hostPath:
- path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ $global.Values.persistence.aafCredsMountSubPath }}-{{$i}}
+ path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.aafCredsMountSubPath }}-{{$i}}
{{if ne $i (int $global.Values.replicaCount) }}
---
{{- end -}}
---
{{- $global := . }}
{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }}
-{{- if eq "True" (include "common.needPV" .) -}}
+{{- if (include "common.needPV" .) -}}
{{- range $i := until (int $global.Values.replicaCount)}}
kind: PersistentVolume
apiVersion: v1
labels:
app: {{ include "common.fullname" $global }}
chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" . }}"
+ release: "{{ include "common.release" $global }}"
heritage: "{{ $global.Release.Service }}"
name: {{ include "common.fullname" $global }}-event-logs
spec:
persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }}
storageClassName: "{{ include "common.fullname" $global }}-data-event-logs"
hostPath:
- path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ $global.Values.persistence.eventLogsMountSubPath }}-{{$i}}
+ path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.eventLogsMountSubPath }}-{{$i}}
{{if ne $i (int $global.Values.replicaCount) }}
---
{{- end -}}
{{- $global := . }}
{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }}
-{{- if eq "True" (include "common.needPV" .) -}}
+{{- if (include "common.needPV" .) -}}
{{- range $i := until (int $global.Values.replicaCount)}}
kind: PersistentVolume
apiVersion: v1
labels:
app: {{ include "common.fullname" $global }}
chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" . }}"
+ release: "{{ include "common.release" $global }}"
heritage: "{{ $global.Release.Service }}"
name: {{ include "common.fullname" $global }}-spool-data
spec:
persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }}
storageClassName: "{{ include "common.fullname" $global }}-data"
hostPath:
- path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ $global.Values.persistence.spoolMountSubPath }}-{{$i}}
+ path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.spoolMountSubPath }}-{{$i}}
{{if ne $i (int $global.Values.replicaCount) }}
---
{{- end -}}
#################################################################
global:
loggingDirectory: /var/log/onap/datarouter
+ persistence: {}
#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/dmaap/datarouter-node:2.1.4
+image: onap/dmaap/datarouter-node:2.1.5
pullPolicy: Always
# flag to enable debugging - application support required
## Persist data to a persitent volume
persistence:
+ enabled: true
volumeReclaimPolicy: Retain
accessMode: ReadWriteOnce
mountPath: /dockerdata-nfs
#AAF local config
aafConfig:
- aafDeployFqi: dmaap-dr@dmaap-dr.onap.org
+ aafDeployFqi: deployer@people.osaaf.org
aafDeployPass: demo123456!
fqdn: dmaap-dr-node
fqi: dmaap-dr-node@dmaap-dr.onap.org
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- name: DB_USERNAME
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "dmaap-dr-db-user-secret" "key" "login") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-dr-db-user-secret" "key" "login") | indent 12 }}
- name: DB_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "dmaap-dr-db-user-secret" "key" "password") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-dr-db-user-secret" "key" "password") | indent 12 }}
volumeMounts:
{{- if .Values.global.aafEnabled }}
- mountPath: {{ .Values.persistence.aafCredsPath }}
# See the License for the specific language governing permissions and
# limitations under the License.
-{{ include "common.secret" . }}
+{{ include "common.secretFast" . }}
global:
nodePortPrefix: 302
loggingDirectory: /opt/app/datartr/logs
+ persistence: {}
#################################################################
# Secrets metaconfig
# Application configuration defaults.
#################################################################
# application image
-image: onap/dmaap/datarouter-prov:2.1.4
+image: onap/dmaap/datarouter-prov:2.1.5
pullPolicy: Always
# flag to enable debugging - application support required
## Persist data to a persitent volume
persistence:
+ enabled: true
volumeReclaimPolicy: Retain
accessMode: ReadWriteOnce
mountPath: /dockerdata-nfs
#AAF local config
aafConfig:
- aafDeployFqi: dmaap-dr@dmaap-dr.onap.org
+ aafDeployFqi: deployer@people.osaaf.org
aafDeployPass: demo123456!
fqdn: dmaap-dr-prov
fqi: dmaap-dr-prov@dmaap-dr.onap.org
aaf_env=DEV
aaf_lur=org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm
-cadi_truststore=/opt/kafka/config/org.onap.dmaap.mr.trust.jks
-cadi_truststore_password=enc:gvXm0E9p-_SRNw5_feOUE7wqXBxgxV3S_bdAyB08Sq9F35cCUZHWgQyKIDtTAbEw
+cadi_truststore=/etc/kafka/secrets/cert/org.onap.dmaap.mr.trust.jks
+cadi_truststore_password=enc:mN6GiIzFQxKGDzAXDOs7b4j8DdIX02QrZ9QOWNRpxV3rD6whPCfizSMZkJwxi_FJ
-cadi_keyfile=/opt/kafka/config/org.onap.dmaap.mr.keyfile
+cadi_keyfile=/etc/kafka/secrets/cert/org.onap.dmaap.mr.keyfile
cadi_alias=dmaapmr@mr.dmaap.onap.org
-cadi_keystore=/opt/kafka/config/org.onap.dmaap.mr.p12
-cadi_keystore_password=enc:pLMCzQzk-OP7IpYNi0TPtQSkNcraFAdarZG8HbdOKq4BycW6g_7mfhphLhOZo6ht
+cadi_keystore=/etc/kafka/secrets/cert/org.onap.dmaap.mr.p12
+cadi_keystore_password=enc:_JJT2gAEkRzXla5xfDIHal8pIoIB5iIos3USvZQT6sL-l14LpI5fRFR_QIGUCh5W
cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US
-
cadi_loglevel=INFO
cadi_protocols=TLSv1.1,TLSv1.2
cadi_latitude=37.78187
--- /dev/null
+jmxUrl: service:jmx:rmi:///jndi/rmi://localhost:{{ .Values.jmx.port }}/jmxrmi
+lowercaseOutputName: true
+lowercaseOutputLabelNames: true
+ssl: false
+rules:
+- pattern : kafka.server<type=ReplicaManager, name=(.+)><>(Value|OneMinuteRate)
+ name: "cp_kafka_server_replicamanager_$1"
+- pattern : kafka.controller<type=KafkaController, name=(.+)><>Value
+ name: "cp_kafka_controller_kafkacontroller_$1"
+- pattern : kafka.server<type=BrokerTopicMetrics, name=(.+)><>OneMinuteRate
+ name: "cp_kafka_server_brokertopicmetrics_$1"
+- pattern : kafka.network<type=RequestMetrics, name=RequestsPerSec, request=(.+)><>OneMinuteRate
+ name: "cp_kafka_network_requestmetrics_requestspersec_$1"
+- pattern : kafka.network<type=SocketServer, name=NetworkProcessorAvgIdlePercent><>Value
+ name: "cp_kafka_network_socketserver_networkprocessoravgidlepercent"
+- pattern : kafka.server<type=ReplicaFetcherManager, name=MaxLag, clientId=(.+)><>Value
+ name: "cp_kafka_server_replicafetchermanager_maxlag_$1"
+- pattern : kafka.server<type=KafkaRequestHandlerPool, name=RequestHandlerAvgIdlePercent><>OneMinuteRate
+ name: "cp_kafka_kafkarequesthandlerpool_requesthandleravgidlepercent"
+- pattern : kafka.controller<type=ControllerStats, name=(.+)><>OneMinuteRate
+ name: "cp_kafka_controller_controllerstats_$1"
+- pattern : kafka.server<type=SessionExpireListener, name=(.+)><>OneMinuteRate
+ name: "cp_kafka_server_sessionexpirelistener_$1"
+++ /dev/null
-log4j.rootLogger=INFO, stdout, kafkaAppender
-
-log4j.appender.stdout=org.apache.log4j.ConsoleAppender
-log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
-log4j.appender.stdout.layout.ConversionPattern=[%d] %p %m (%c)%n
-
-log4j.appender.kafkaAppender=org.apache.log4j.DailyRollingFileAppender
-log4j.appender.kafkaAppender.DatePattern='.'yyyy-MM-dd-HH
-log4j.appender.kafkaAppender.File=${kafka.logs.dir}/server.log
-log4j.appender.kafkaAppender.layout=org.apache.log4j.PatternLayout
-log4j.appender.kafkaAppender.layout.ConversionPattern=[%d] %p %m (%c)%n
-
-log4j.appender.stateChangeAppender=org.apache.log4j.DailyRollingFileAppender
-log4j.appender.stateChangeAppender.DatePattern='.'yyyy-MM-dd-HH
-log4j.appender.stateChangeAppender.File=${kafka.logs.dir}/state-change.log
-log4j.appender.stateChangeAppender.layout=org.apache.log4j.PatternLayout
-log4j.appender.stateChangeAppender.layout.ConversionPattern=[%d] %p %m (%c)%n
-
-log4j.appender.requestAppender=org.apache.log4j.DailyRollingFileAppender
-log4j.appender.requestAppender.DatePattern='.'yyyy-MM-dd-HH
-log4j.appender.requestAppender.File=${kafka.logs.dir}/kafka-request.log
-log4j.appender.requestAppender.layout=org.apache.log4j.PatternLayout
-log4j.appender.requestAppender.layout.ConversionPattern=[%d] %p %m (%c)%n
-
-log4j.appender.cleanerAppender=org.apache.log4j.DailyRollingFileAppender
-log4j.appender.cleanerAppender.DatePattern='.'yyyy-MM-dd-HH
-log4j.appender.cleanerAppender.File=${kafka.logs.dir}/log-cleaner.log
-log4j.appender.cleanerAppender.layout=org.apache.log4j.PatternLayout
-log4j.appender.cleanerAppender.layout.ConversionPattern=[%d] %p %m (%c)%n
-
-log4j.appender.controllerAppender=org.apache.log4j.DailyRollingFileAppender
-log4j.appender.controllerAppender.DatePattern='.'yyyy-MM-dd-HH
-log4j.appender.controllerAppender.File=${kafka.logs.dir}/controller.log
-log4j.appender.controllerAppender.layout=org.apache.log4j.PatternLayout
-log4j.appender.controllerAppender.layout.ConversionPattern=[%d] %p %m (%c)%n
-
-log4j.appender.authorizerAppender=org.apache.log4j.DailyRollingFileAppender
-log4j.appender.authorizerAppender.DatePattern='.'yyyy-MM-dd-HH
-log4j.appender.authorizerAppender.File=${kafka.logs.dir}/kafka-authorizer.log
-log4j.appender.authorizerAppender.layout=org.apache.log4j.PatternLayout
-log4j.appender.authorizerAppender.layout.ConversionPattern=[%d] %p %m (%c)%n
-
-# Change the two lines below to adjust ZK client logging
-log4j.logger.org.I0Itec.zkclient.ZkClient=INFO
-log4j.logger.org.apache.zookeeper=INFO
-
-# Change the two lines below to adjust the general broker logging level (output to server.log and stdout)
-log4j.logger.kafka=INFO
-log4j.logger.org.apache.kafka=INFO
-
-# Change to DEBUG or TRACE to enable request logging
-log4j.logger.kafka.request.logger=WARN, requestAppender
-log4j.additivity.kafka.request.logger=false
-
-# Uncomment the lines below and change log4j.logger.kafka.network.RequestChannel$ to TRACE for additional output
-# related to the handling of requests
-#log4j.logger.kafka.network.Processor=TRACE, requestAppender
-#log4j.logger.kafka.server.KafkaApis=TRACE, requestAppender
-#log4j.additivity.kafka.server.KafkaApis=false
-log4j.logger.kafka.network.RequestChannel$=WARN, requestAppender
-log4j.additivity.kafka.network.RequestChannel$=false
-
-log4j.logger.kafka.controller=TRACE, controllerAppender
-log4j.additivity.kafka.controller=false
-
-log4j.logger.kafka.log.LogCleaner=INFO, cleanerAppender
-log4j.additivity.kafka.log.LogCleaner=false
-
-log4j.logger.state.change.logger=TRACE, stateChangeAppender
-log4j.additivity.state.change.logger=false
-
-# Access denials are logged at INFO level, change to DEBUG to also log allowed accesses
-log4j.logger.kafka.authorizer.logger=INFO, authorizerAppender
-log4j.additivity.kafka.authorizer.logger=false
+++ /dev/null
-############################# Socket Server Settings #############################
-
-# The address the socket server listens on. It will get the value returned from
-# java.net.InetAddress.getCanonicalHostName() if not configured.
-# FORMAT:
-# listeners = listener_name://host_name:port
-# EXAMPLE:
-# listeners = PLAINTEXT://your.host.name:9092
-listeners=EXTERNAL_SASL_PLAINTEXT://0.0.0.0:9093,INTERNAL_SASL_PLAINTEXT://0.0.0.0:9092
-
-# Maps listener names to security protocols, the default is for them to be the same. See the config documentation for more details
-listener.security.protocol.map=INTERNAL_SASL_PLAINTEXT:SASL_PLAINTEXT,EXTERNAL_SASL_PLAINTEXT:SASL_PLAINTEXT
-
-# The number of threads that the server uses for receiving requests from the network and sending responses to the network
-num.network.threads=3
-
-# The number of threads that the server uses for processing requests, which may include disk I/O
-num.io.threads=8
-
-# The send buffer (SO_SNDBUF) used by the socket server
-socket.send.buffer.bytes=102400
-
-#The number of hours to keep a log file before deleting it
-log.retention.hours=168
-#The maximum size of the log before deleting it
-log.retention.bytes=21474836480
-
-# The receive buffer (SO_RCVBUF) used by the socket server
-socket.receive.buffer.bytes=102400
-
-# The maximum size of a request that the socket server will accept (protection against OOM)
-socket.request.max.bytes=104857600
-
-
-############################# Log Basics #############################
-
-# A comma separated list of directories under which to store log files
-log.dirs=/opt/kafka/data
-
-# The default number of log partitions per topic. More partitions allow greater
-# parallelism for consumption, but this will also result in more files across
-# the brokers.
-num.partitions={{ .Values.defaultpartitions }}
-
-# The number of threads per data directory to be used for log recovery at startup and flushing at shutdown.
-# This value is recommended to be increased for installations with data dirs located in RAID array.
-num.recovery.threads.per.data.dir=1
-
-############################# Internal Topic Settings #############################
-# The replication factor for the group metadata internal topics "__consumer_offsets" and "__transaction_state"
-# For anything other than development testing, a value greater than 1 is recommended for to ensure availability such as 3.
-offsets.topic.replication.factor={{ .Values.replicaCount }}
-transaction.state.log.replication.factor=1
-transaction.state.log.min.isr=1
-
-############################# Log Flush Policy #############################
-
-# Messages are immediately written to the filesystem but by default we only fsync() to sync
-# the OS cache lazily. The following configurations control the flush of data to disk.
-# There are a few important trade-offs here:
-# 1. Durability: Unflushed data may be lost if you are not using replication.
-# 2. Latency: Very large flush intervals may lead to latency spikes when the flush does occur as there will be a lot of data to flush.
-# 3. Throughput: The flush is generally the most expensive operation, and a small flush interval may lead to excessive seeks.
-# The settings below allow one to configure the flush policy to flush data after a period of time or
-# every N messages (or both). This can be done globally and overridden on a per-topic basis.
-
-# The number of messages to accept before forcing a flush of data to disk
-#log.flush.interval.messages=10000
-
-# The maximum amount of time a message can sit in a log before we force a flush
-#log.flush.interval.ms=1000
-
-############################# Log Retention Policy #############################
-
-# The following configurations control the disposal of log segments. The policy can
-# be set to delete segments after a period of time, or after a given size has accumulated.
-# A segment will be deleted whenever *either* of these criteria are met. Deletion always happens
-# from the end of the log.
-
-# The minimum age of a log file to be eligible for deletion due to age
-log.retention.hours=168
-
-# A size-based retention policy for logs. Segments are pruned from the log unless the remaining
-# segments drop below log.retention.bytes. Functions independently of log.retention.hours.
-#log.retention.bytes=1073741824
-
-# The maximum size of a log segment file. When this size is reached a new log segment will be created.
-log.segment.bytes=1073741824
-
-# The interval at which log segments are checked to see if they can be deleted according
-# to the retention policies
-log.retention.check.interval.ms=300000
-
-############################# Zookeeper #############################
-
-# Zookeeper connection string (see zookeeper docs for details).
-# This is a comma separated host:port pairs, each corresponding to a zk
-# server. e.g. "127.0.0.1:3000,127.0.0.1:3001,127.0.0.1:3002".
-# You can also append an optional chroot string to the urls to specify the
-# root directory for all kafka znodes.
-zookeeper.connect={{ include "common.release" . }}-{{.Values.zookeeper.name}}-0.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}},{{ include "common.release" . }}-{{.Values.zookeeper.name}}-1.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}},{{ include "common.release" . }}-{{.Values.zookeeper.name}}-2.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}}
-
-# Timeout in ms for connecting to zookeeper
-zookeeper.connection.timeout.ms=6000
-
-
-############################# Group Coordinator Settings #############################
-
-# The following configuration specifies the time, in milliseconds, that the GroupCoordinator will delay the initial consumer rebalance.
-# The rebalance will be further delayed by the value of group.initial.rebalance.delay.ms as new members join the group, up to a maximum of max.poll.interval.ms.
-# The default value for this is 3 seconds.
-# We override this to 0 here as it makes for a better out-of-the-box experience for development and testing.
-# However, in production environments the default value of 3 seconds is more suitable as this will help to avoid unnecessary, and potentially expensive, rebalances during application startup.
-group.initial.rebalance.delay.ms=0
-
-inter.broker.listener.name=INTERNAL_SASL_PLAINTEXT
-default.replication.factor={{ .Values.replicaCount }}
-delete.topic.enable=true
-sasl.enabled.mechanisms=PLAIN
-authorizer.class.name=org.onap.dmaap.kafkaAuthorize.KafkaCustomAuthorizer
-version=1.1.1
-sasl.mechanism.inter.broker.protocol=PLAIN
--- /dev/null
+KafkaServer {
+ org.onap.dmaap.kafkaAuthorize.PlainLoginModule1 required
+ username="${KAFKA_ADMIN}"
+ password="${KAFKA_PSWD}"
+ user_${KAFKA_ADMIN}="${KAFKA_PSWD}";
+};
+Client {
+ org.apache.zookeeper.server.auth.DigestLoginModule required
+ username="${ZK_ADMIN}"
+ password="${ZK_PSWD}";
+ };
--- /dev/null
+Client {
+ org.apache.zookeeper.server.auth.DigestLoginModule required
+ username="${ZK_ADMIN}"
+ password="${ZK_PSWD}";
+ };
\ No newline at end of file
# See the License for the specific language governing permissions and
# limitations under the License.
+{{- if .Values.global.aafEnabled }}
apiVersion: v1
kind: ConfigMap
metadata:
- name: {{ include "common.fullname" . }}-server-prop-configmap
+ name: {{ include "common.fullname" . }}-cadi-prop-configmap
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
data:
-{{ tpl (.Files.Glob "resources/config/server.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/cadi.properties").AsConfig . | indent 2 }}
---
apiVersion: v1
kind: ConfigMap
metadata:
- name: {{ include "common.fullname" . }}-cadi-prop-configmap
+ name: {{ include "common.fullname" . }}-jaas-configmap
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
data:
-{{ tpl (.Files.Glob "resources/config/cadi.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/jaas/kafka_server_jaas.conf").AsConfig . | indent 2 }}
---
+{{- else }}
apiVersion: v1
kind: ConfigMap
metadata:
- name: {{ include "common.fullname" . }}-log4j-prop-configmap
+ name: {{ include "common.fullname" . }}-jaas-configmap
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
data:
-{{ tpl (.Files.Glob "resources/config/log4j.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/jaas/zk_client_jaas.conf").AsConfig . | indent 2 }}
---
+{{- end }}
+{{- if .Values.prometheus.jmx.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-prometheus-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/jmx-kafka-prometheus.yml").AsConfig . | indent 2 }}
+---
+{{- end }}
\ No newline at end of file
--- /dev/null
+# Copyright © 2020 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
-# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
labels:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
+ {{- if .Values.prometheus.jmx.enabled }}
+ annotations:
+ prometheus.io/scrape: "true"
+ prometheus.io/port: {{ .Values.prometheus.jmx.port | quote }}
+ {{- end }}
spec:
podAntiAffinity:
{{if eq .Values.podAntiAffinityType "hard" -}}
operator: In
values:
- {{ include "common.name" . }}
+ - key: "release"
+ operator: In
+ values:
+ - {{ include "common.release" . }}
topologyKey: "kubernetes.io/hostname"
{{- if .Values.nodeAffinity }}
nodeAffinity:
- {{ toYaml .Values.nodeAffinity | indent 10 }}
+ {{ toYaml .Values.nodeAffinity | indent 10 }}
{{- end }}
initContainers:
- name: {{ include "common.name" . }}-initcontainer
- sh
- -exec
- |
- chown -R 1000:1000 /opt/kafka/data;
- rm -rf '/opt/kafka/data/lost+found';
- cp /opt/kafka/tmpconfig/server.properties /opt/kafka/config/;
- chown 1000:1000 /opt/kafka/config/server.properties;
- cd /opt/kafka/config;
- ls;
+ chown -R 1000:0 /var/lib/kafka/data;
image: "{{ .Values.busyBoxRepository }}/{{ .Values.busyBoxImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- - mountPath: /opt/kafka/data
+ - mountPath: /var/lib/kafka/data
name: kafka-data
- - mountPath: /opt/kafka/tmpconfig/server.properties
- subPath: server.properties
- name: server
- - mountPath: /opt/kafka/config
- name: config-data
name: {{ include "common.name" . }}-permission-fixer
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/etc/kafka/secrets/jaas/${PFILE}; done"
+ env:
+ - name: ZK_ADMIN
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "zk-client" "key" "login") | indent 10 }}
+ - name: ZK_PSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "zk-client" "key" "password") | indent 10 }}
+ - name: KAFKA_ADMIN
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "kafka-admin" "key" "login") | indent 10 }}
+ - name: KAFKA_PSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "kafka-admin" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /etc/kafka/secrets/jaas
+ name: jaas-config
+ - mountPath: /config-input
+ name: jaas
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
containers:
+ {{- if .Values.prometheus.jmx.enabled }}
+ - name: prometheus-jmx-exporter
+ image: "{{ .Values.prometheus.jmx.imageRepository }}/{{ .Values.prometheus.jmx.image }}:{{ .Values.prometheus.jmx.imageTag }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - java
+ - -XX:+UnlockExperimentalVMOptions
+ - -XX:+UseCGroupMemoryLimitForHeap
+ - -XX:MaxRAMFraction=1
+ - -XshowSettings:vm
+ - -jar
+ - jmx_prometheus_httpserver.jar
+ - {{ .Values.prometheus.jmx.port | quote }}
+ - /etc/jmx-kafka/jmx-kafka-prometheus.yml
+ ports:
+ - containerPort: {{ .Values.prometheus.jmx.port }}
+ resources:
+{{ toYaml .Values.prometheus.jmx.resources | indent 10 }}
+ volumeMounts:
+ - name: jmx-config
+ mountPath: /etc/jmx-kafka
+ {{- end }}
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- -exc
- |
export KAFKA_BROKER_ID=${HOSTNAME##*-} && \
- export ENDPOINT_PORT=$(( $KAFKA_BROKER_ID + {{ .Values.service.baseNodePort }} )) && \
+ {{- if .Values.global.aafEnabled }}
export KAFKA_ADVERTISED_LISTENERS=EXTERNAL_SASL_PLAINTEXT://$(HOST_IP):$(( $KAFKA_BROKER_ID + {{ .Values.service.baseNodePort }} )),INTERNAL_SASL_PLAINTEXT://:{{ .Values.service.internalPort }} && \
- exec start-kafka.sh
+ {{ else }}
+ export KAFKA_ADVERTISED_LISTENERS=EXTERNAL_PLAINTEXT://$(HOST_IP):$(( $KAFKA_BROKER_ID + {{ .Values.service.baseNodePort }} )),INTERNAL_PLAINTEXT://:{{ .Values.service.internalPort }} && \
+ {{- end }}
+ exec /etc/confluent/docker/run
resources:
{{ include "common.resources" . | indent 12 }}
ports:
- containerPort: {{ .Values.service.internalPort }}
- containerPort: {{ .Values.service.externalPort }}
+ {{- if .Values.prometheus.jmx.enabled }}
+ - containerPort: {{ .Values.jmx.port }}
+ name: jmx
+ {{- end }}
{{ if eq .Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
fieldRef:
apiVersion: v1
fieldPath: status.hostIP
+ - name: KAFKA_ZOOKEEPER_CONNECT
+ value: {{ include "common.release" . }}-{{.Values.zookeeper.name}}-0.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}},{{ include "common.release" . }}-{{.Values.zookeeper.name}}-1.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}},{{ include "common.release" . }}-{{.Values.zookeeper.name}}-2.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}}
+ - name: KAFKA_CONFLUENT_SUPPORT_METRICS_ENABLE
+ value: "{{ .Values.kafka.enableSupport }}"
+ - name: KAFKA_OPTS
+ value: "{{ .Values.kafka.jaasOptions }}"
+ {{- if .Values.global.aafEnabled }}
+ - name: KAFKA_OPTS
+ value: "{{ .Values.kafka.jaasOptionsAaf }}"
- name: aaf_locate_url
value: https://aaf-locate.{{ include "common.namespace" . }}:8095
-
+ - name: KAFKA_LISTENER_SECURITY_PROTOCOL_MAP
+ value: "{{ .Values.kafka.protocolMapAaf }}"
+ - name: KAFKA_LISTENERS
+ value: "{{ .Values.kafka.listenersAaf }}"
+ - name: KAFKA_SASL_ENABLED_MECHANISMS
+ value: "{{ .Values.kafka.saslMech }}"
+ - name: KAFKA_INTER_BROKER_LISTENER_NAME
+ value: "{{ .Values.kafka.interBrokerListernerAaf }}"
+ - name: KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL
+ value: "{{ .Values.kafka.saslInterBrokerProtocol }}"
+ - name: KAFKA_AUTHORIZER_CLASS_NAME
+ value: "{{ .Values.kafka.authorizer }}"
+ {{ else }}
+ - name: KAFKA_OPTS
+ value: "{{ .Values.kafka.jaasOptions }}"
+ - name: KAFKA_LISTENER_SECURITY_PROTOCOL_MAP
+ value: "{{ .Values.kafka.protocolMap }}"
+ - name: KAFKA_LISTENERS
+ value: "{{ .Values.kafka.listeners }}"
+ - name: KAFKA_INTER_BROKER_LISTENER_NAME
+ value: "{{ .Values.kafka.interBrokerListerner }}"
+ {{- end }}
+ {{- range $key, $value := .Values.configurationOverrides }}
+ - name: {{ printf "KAFKA_%s" $key | replace "." "_" | upper | quote }}
+ value: {{ $value | quote }}
+ {{- end }}
+ {{- if .Values.jmx.port }}
+ - name: KAFKA_JMX_PORT
+ value: "{{ .Values.jmx.port }}"
+ {{- end }}
+ - name: enableCadi
+ value: "{{ .Values.global.aafEnabled }}"
volumeMounts:
- mountPath: /etc/localtime
name: localtime
readOnly: true
- mountPath: /var/run/docker.sock
name: docker-socket
- - mountPath: /opt/kafka/tmpconfig/server.properties
- subPath: server.properties
- name: server
- - mountPath: /opt/kafka/config/server.properties
- subPath: server.properties
- name: config-data
- - mountPath: /opt/kafka/config/log4j.properties
- subPath: log4j.properties
- name: log4j
- - mountPath: /opt/kafka/config/cadi.properties
+ {{- if .Values.global.aafEnabled }}
+ - mountPath: /etc/kafka/data/cadi.properties
subPath: cadi.properties
name: cadi
- - mountPath: /opt/kafka/data
+ {{ end }}
+ - name: jaas-config
+ mountPath: /etc/kafka/secrets/jaas
+ - mountPath: /var/lib/kafka/data
name: kafka-data
{{- if .Values.tolerations }}
tolerations:
- name: localtime
hostPath:
path: /etc/localtime
- - name: config-data
- emptyDir: {}
+ - name: jaas-config
+ emptyDir:
+ medium: Memory
- name: docker-socket
hostPath:
path: /var/run/docker.sock
- - name: server
- configMap:
- name: {{ include "common.fullname" . }}-server-prop-configmap
- - name: log4j
- configMap:
- name: {{ include "common.fullname" . }}-log4j-prop-configmap
+ {{- if .Values.global.aafEnabled }}
- name: cadi
configMap:
name: {{ include "common.fullname" . }}-cadi-prop-configmap
+ {{ end }}
+ - name: jaas
+ configMap:
+ name: {{ include "common.fullname" . }}-jaas-configmap
+ {{- if .Values.prometheus.jmx.enabled }}
+ - name: jmx-config
+ configMap:
+ name: {{ include "common.fullname" . }}-prometheus-configmap
+ {{- end }}
{{ if not .Values.persistence.enabled }}
- name: kafka-data
emptyDir: {}
loggingImage: beats/filebeat:5.5.0
persistence: {}
ubuntuInitRepository: registry.hub.docker.com
+ envsubstImage: dibi/envsubst
#################################################################
# Application configuration defaults.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/dmaap/kafka111:1.0.1
+image: onap/dmaap/kafka111:1.0.4
pullPolicy: Always
ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
busyBoxImage: busybox:1.30
name: message-router-zookeeper
port: 2181
+kafka:
+ heapOptions: -Xmx5G -Xms1G
+ jaasOptions: -Djava.security.auth.login.config=/etc/kafka/secrets/jaas/zk_client_jaas.conf
+ jaasOptionsAaf: -Djava.security.auth.login.config=/etc/kafka/secrets/jaas/kafka_server_jaas.conf
+ enableSupport: false
+ protocolMapAaf: INTERNAL_SASL_PLAINTEXT:SASL_PLAINTEXT,EXTERNAL_SASL_PLAINTEXT:SASL_PLAINTEXT
+ protocolMap: INTERNAL_PLAINTEXT:PLAINTEXT,EXTERNAL_PLAINTEXT:PLAINTEXT
+ listenersAaf: EXTERNAL_SASL_PLAINTEXT://0.0.0.0:9091,INTERNAL_SASL_PLAINTEXT://0.0.0.0:9092
+ listeners: EXTERNAL_PLAINTEXT://0.0.0.0:9091,INTERNAL_PLAINTEXT://0.0.0.0:9092
+ authorizer: org.onap.dmaap.kafkaAuthorize.KafkaCustomAuthorizer
+ saslInterBrokerProtocol: PLAIN
+ saslMech: PLAIN
+ interBrokerListernerAaf: INTERNAL_SASL_PLAINTEXT
+ interBrokerListerner: INTERNAL_PLAINTEXT
+
+
+configurationOverrides:
+ "offsets.topic.replication.factor": "3"
+ "log.dirs": "/var/lib/kafka/data"
+ "log.retention.hours": "168"
+ "num.partitions": "3"
+ "offsets.topic.replication.factor": "3"
+ "transaction.state.log.replication.factor": "1"
+ "transaction.state.log.min.isr": "1"
+ "num.recovery.threads.per.data.dir": "5"
+ "log.retention.hours": "168"
+ "zookeeper.connection.timeout.ms": "6000"
+ "default.replication.factor": "3"
+
+jmx:
+ port: 5555
+
+prometheus:
+ jmx:
+ enabled: false
+ image: solsson/kafka-prometheus-jmx-exporter@sha256
+ imageTag: 6f82e2b0464f50da8104acd7363fb9b995001ddff77d248379f8788e78946143
+ imageRepository: docker.io
+ port: 5556
+
+jaas:
+ config:
+ zkClient: kafka
+ zkClientPassword: kafka_secret
+ kafkaAdminUser: admin
+ kafkaAdminPassword: admin_secret
+ #kafkaAdminUserExternal: some secret
+ #zkClientPasswordExternal: some secret
+
+
+secrets:
+ - uid: zk-client
+ type: basicAuth
+ externalSecret: '{{ .Values.jaas.config.zkClientPasswordExternal}}'
+ login: '{{ .Values.jaas.config.zkClient }}'
+ password: '{{ .Values.jaas.config.zkClientPassword }}'
+ passwordPolicy: required
+ - uid: kafka-admin
+ type: basicAuth
+ externalSecret: '{{ .Values.jaas.config.kafkaAdminUserExternal}}'
+ login: '{{ .Values.jaas.config.kafkaAdminUser }}'
+ password: '{{ .Values.jaas.config.kafkaAdminPassword }}'
+ passwordPolicy: required
+
# flag to enable debugging - application support required
debugEnabled: false
# default number of instances
replicaCount: 3
-#Kafka custom authorizer class name
-kafkaCustomAuthorizer: org.onap.dmaap.kafkaAuthorize.KafkaCustomAuthorizer
-deleteTopicEnable: true
# To access Kafka outside cluster, this value must be set to hard and the number of nodes in K8S cluster must be equal or greater then replica count
podAntiAffinityType: soft
# probe configuration parameters
liveness:
- initialDelaySeconds: 60
- periodSeconds: 10
- timeoutSeconds: 1
+ initialDelaySeconds: 70
+ periodSeconds: 20
+ timeoutSeconds: 10
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
readiness:
- initialDelaySeconds: 60
- periodSeconds: 10
- timeoutSeconds: 1
+ initialDelaySeconds: 90
+ periodSeconds: 20
+ timeoutSeconds: 100
## Persist data to a persitent volume
persistence:
name: message-router-kafka
portName: message-router-kafka
internalPort: 9092
- externalPort: 9093
+ internalSSLPort: 9093
+ externalPort: 9091
baseNodePort: 30490
+++ /dev/null
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright © 2018 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1beta1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- serviceName: {{ .Values.service.name }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - name: {{ include "common.name" . }}-initcontainer
- image: "{{ .Values.global.ubuntuInitRepository }}/{{ .Values.ubuntuInitImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- - command:
- - /root/ready.py
- args:
- - --container-name
- - {{ .Values.messagerouter.container }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - sh
- - -exc
- - |
- exec start-mirrormaker.sh
- resources:
-{{ include "common.resources" . | indent 12 }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- {{ if eq .Values.liveness.enabled true }}
- livenessProbe:
- exec:
- command:
- - sh
- - -c
- - "touch /tmp/lprobe.txt"
- - "rm /tmp/lprobe.txt"
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
- {{ end }}
- readinessProbe:
- exec:
- command:
- - sh
- - -c
- - "touch /tmp/rprobe.txt"
- - "rm /tmp/rprobe.txt"
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
- env:
- - name: KAFKA_HEAP_OPTS
- value: "{{ .Values.kafkaHeapOptions }}"
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /var/run/docker.sock
- name: docker-socket
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: docker-socket
- hostPath:
- path: /var/run/docker.sock
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+jmxUrl: service:jmx:rmi:///jndi/rmi://localhost:{{ .Values.jmx.port }}/jmxrmi
+lowercaseOutputName: true
+lowercaseOutputLabelNames: true
+ssl: false
+rules:
+- pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+)><>(\\w+)"
+ name: "message-router-zookeeper_$2"
+- pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+), name1=replica.(\\d+)><>(\\w+)"
+ name: "message-router-zookeeper_$3"
+ labels:
+ replicaId: "$2"
+- pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+), name1=replica.(\\d+), name2=(\\w+)><>(\\w+)"
+ name: "message-router-zookeeper_$4"
+ labels:
+ replicaId: "$2"
+ memberType: "$3"
+- pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+), name1=replica.(\\d+), name2=(\\w+), name3=(\\w+)><>(\\w+)"
+ name: "message-router-zookeeper_$4_$5"
+ labels:
+ replicaId: "$2"
+ memberType: "$3"
--- /dev/null
+Server {
+ org.apache.zookeeper.server.auth.DigestLoginModule required
+ user_${ZK_ADMIN}="${ZK_PSWD}";
+};
\ No newline at end of file
--- /dev/null
+# Copyright © 2020 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if .Values.prometheus.jmx.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-prometheus-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/jmx-zookeeper-prometheus.yml").AsConfig . | indent 2 }}
+---
+{{ end }}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-jaas-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ (.Files.Glob "resources/config/zk_server_jaas.conf").AsConfig | indent 2 }}
\ No newline at end of file
--- /dev/null
+# Copyright © 2020 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
labels:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
+ {{- if .Values.prometheus.jmx.enabled }}
+ annotations:
+ prometheus.io/scrape: "true"
+ prometheus.io/port: {{ .Values.prometheus.jmx.port | quote }}
+ {{- end }}
spec:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
operator: In
values:
- {{ include "common.name" . }}
+ - key: "release"
+ operator: In
+ values:
+ - {{ include "common.release" . }}
topologyKey: "kubernetes.io/hostname"
{{- if .Values.nodeAffinity }}
nodeAffinity:
- sh
- -exec
- >
- chown -R 1000:1000 /tmp/zookeeper/apikeys;
+ chown -R 1000:0 /tmp/zookeeper/apikeys;
image: "{{ .Values.busyBoxRepository }}/{{ .Values.busyBoxImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- mountPath: /tmp/zookeeper/apikeys
name: zookeeper-data
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/etc/zookeeper/secrets/jaas/${PFILE}; done"
+ env:
+ - name: ZK_ADMIN
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "zk-admin" "key" "login") | indent 10 }}
+ - name: ZK_PSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "zk-admin" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /etc/zookeeper/secrets/jaas
+ name: jaas-config
+ - mountPath: /config-input
+ name: jaas
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
containers:
+ {{- if .Values.prometheus.jmx.enabled }}
+ - name: prometheus-jmx-exporter
+ image: "{{ .Values.prometheus.jmx.imageRepository }}/{{ .Values.prometheus.jmx.image }}:{{ .Values.prometheus.jmx.imageTag }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - java
+ - -XX:+UnlockExperimentalVMOptions
+ - -XX:+UseCGroupMemoryLimitForHeap
+ - -XX:MaxRAMFraction=1
+ - -XshowSettings:vm
+ - -jar
+ - jmx_prometheus_httpserver.jar
+ - {{ .Values.prometheus.jmx.port | quote }}
+ - /etc/jmx-zookeeper/jmx-zookeeper-prometheus.yml
+ ports:
+ - containerPort: {{ .Values.prometheus.jmx.port }}
+ resources:
+{{ toYaml .Values.prometheus.jmx.resources | indent 10 }}
+ volumeMounts:
+ - name: jmx-config
+ mountPath: /etc/jmx-zookeeper
+ {{- end }}
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ .Values.service.serverPortName }}
- containerPort: {{ .Values.service.leaderElectionPort }}
name: {{ .Values.service.leaderElectionPortName }}
+ {{- if .Values.prometheus.jmx.enabled }}
+ - containerPort: {{ .Values.jmx.port }}
+ name: jmx
+ {{- end }}
{{ if eq .Values.liveness.enabled true }}
livenessProbe:
exec:
- command:
- - sh
- - -c
- - "zookeeper-ready.sh 2181"
+ command: ['/bin/bash', '-c', 'echo "ruok" | nc -w 2 -q 2 localhost 2181 | grep imok']
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
{{ end }}
readinessProbe:
exec:
- command:
- - sh
- - -c
- - "zookeeper-ready.sh 2181"
+ command: ['/bin/bash', '-c', 'echo "ruok" | nc -w 2 -q 2 localhost 2181 | grep imok']
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
+ resources:
+{{ toYaml .Values.resources | indent 10 }}
env:
- - name: ZK_REPLICAS
+ - name : KAFKA_HEAP_OPTS
+ value: "{{ .Values.zkConfig.heapOptions }}"
+ {{- if .Values.jmx.port }}
+ - name : KAFKA_JMX_PORT
+ value: "{{ .Values.jmx.port }}"
+ {{- end }}
+ - name : ZOOKEEPER_REPLICAS
value: "{{ .Values.replicaCount }}"
- - name: ZK_INIT_LIMIT
- value: "{{ .Values.zk.initLimit }}"
- - name: ZK_SYNC_LIMIT
- value: "{{ .Values.zk.syncLimit }}"
+ - name : ZOOKEEPER_TICK_TIME
+ value: "{{ .Values.zkConfig.tickTime }}"
+ - name : ZOOKEEPER_SYNC_LIMIT
+ value: "{{ .Values.zkConfig.syncLimit }}"
+ - name : ZOOKEEPER_INIT_LIMIT
+ value: "{{ .Values.zkConfig.initLimit }}"
+ - name : ZOOKEEPER_MAX_CLIENT_CNXNS
+ value: "{{ .Values.zkConfig.maxClientCnxns }}"
+ - name : ZOOKEEPER_AUTOPURGE_SNAP_RETAIN_COUNT
+ value: "{{ .Values.zkConfig.autoPurgeSnapRetainCount}}"
+ - name : ZOOKEEPER_AUTOPURGE_PURGE_INTERVAL
+ value: "{{ .Values.zkConfig.autoPurgePurgeInterval}}"
+ - name: ZOOKEEPER_CLIENT_PORT
+ value: "{{ .Values.zkConfig.clientPort }}"
+ - name: KAFKA_OPTS
+ value: "{{ .Values.zkConfig.kafkaOpts }}"
+ - name: EXTRA_ARGS
+ value: "{{ .Values.zkConfig.extraArgs }}"
+ - name: ZOOKEEPER_SERVER_ID
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ command:
+ - "bash"
+ - "-c"
+ - |
+ ZOOKEEPER_SERVER_ID=$((${HOSTNAME##*-}+1)) \
+ /etc/confluent/docker/run
volumeMounts:
- mountPath: /etc/localtime
name: localtime
readOnly: true
- mountPath: /var/lib/zookeeper/data
name: zookeeper-data
+ - name: jaas-config
+ mountPath: /etc/zookeeper/secrets/jaas
{{- if .Values.tolerations }}
tolerations:
{{ toYaml .Values.tolerations | indent 10 }}
- name: localtime
hostPath:
path: /etc/localtime
+ - name: jaas-config
+ emptyDir:
+ medium: Memory
+ - name: docker-socket
+ hostPath:
+ path: /var/run/docker.sock
+ - name: jaas
+ configMap:
+ name: {{ include "common.fullname" . }}-jaas-configmap
+ {{- if .Values.prometheus.jmx.enabled }}
+ - name: jmx-config
+ configMap:
+ name: {{ include "common.fullname" . }}-prometheus-configmap
+ {{- end }}
{{ if not .Values.persistence.enabled }}
- name: zookeeper-data
emptyDir: {}
{{ else }}
volumeClaimTemplates:
- metadata:
- name: zookeeper-data
+ name: zookeeper-data
labels:
- app: {{ include "common.fullname" . }}
+ app: {{ include "common.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ include "common.release" . }}"
heritage: "{{ .Release.Service }}"
loggingImage: beats/filebeat:5.5.0
ubuntuInitRepository: registry.hub.docker.com
persistence: {}
+ envsubstImage: dibi/envsubst
#################################################################
# Application configuration defaults.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/dmaap/zookeeper:6.0.0
+image: onap/dmaap/zookeeper:6.0.2
pullPolicy: Always
ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
busyBoxImage: busybox:1.30
# flag to enable debugging - application support required
debugEnabled: false
-# application configuration
-config:
- # gerrit branch where the latest code is checked in
- gerritBranch: master
- # gerrit project where the latest code is checked in
- gerritProject: http://gerrit.onap.org/r/dmaap/messagerouter/messageservice.git
# default number of instances
replicaCount: 3
# probe configuration parameters
liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- timeoutSeconds: 1
+ initialDelaySeconds: 40
+ periodSeconds: 20
+ timeoutSeconds: 10
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
- timeoutSeconds: 1
+ initialDelaySeconds: 40
+ periodSeconds: 20
+ timeoutSeconds: 10
#Zookeeper properties
-zk:
- initLimit: 5
- syncLimit: 2
+zkConfig:
+ tickTime: 2000
+ syncLimit: 5
+ initLimit: 10
+ maxClientCnxns: 200
+ autoPurgeSnapRetainCount: 3
+ autoPurgePurgeInterval: 24
+ heapOptions: -Xmx2G -Xms2G
+ kafkaOpts: -Dzookeeper.authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider
+ extraArgs: -Djava.security.auth.login.config=/etc/zookeeper/secrets/jaas/zk_server_jaas.conf
+ clientPort: 2181
+
+jmx:
+ port: 5555
+
+prometheus:
+ jmx:
+ enabled: false
+ image: solsson/kafka-prometheus-jmx-exporter@sha256
+ imageTag: 6f82e2b0464f50da8104acd7363fb9b995001ddff77d248379f8788e78946143
+ imageRepository: docker.io
+ port: 5556
+
+jaas:
+ config:
+ zkAdminUser: kafka
+ zkAdminPassword: kafka_secret
+ #zkAdminPasswordExternal= some password
+
+secrets:
+ - uid: zk-admin
+ type: basicAuth
+ externalSecret: '{{ .Values.jaas.config.zkAdminPasswordExternal}}'
+ login: '{{ .Values.jaas.config.zkAdminUser }}'
+ password: '{{ .Values.jaas.config.zkAdminPassword }}'
+ passwordPolicy: required
## Persist data to a persitent volume
persistence:
aaf_lur=org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm
cadi_truststore=/appl/dmaapMR1/etc/org.onap.dmaap.mr.trust.jks
-cadi_truststore_password=enc:gvXm0E9p-_SRNw5_feOUE7wqXBxgxV3S_bdAyB08Sq9F35cCUZHWgQyKIDtTAbEw
+cadi_truststore_password=enc:mN6GiIzFQxKGDzAXDOs7b4j8DdIX02QrZ9QOWNRpxV3rD6whPCfizSMZkJwxi_FJ
cadi_keyfile=/appl/dmaapMR1/etc/org.onap.dmaap.mr.keyfile
cadi_alias=dmaapmr@mr.dmaap.onap.org
cadi_keystore=/appl/dmaapMR1/etc/org.onap.dmaap.mr.p12
-cadi_keystore_password=enc:pLMCzQzk-OP7IpYNi0TPtQSkNcraFAdarZG8HbdOKq4BycW6g_7mfhphLhOZo6ht
+cadi_keystore_password=enc:_JJT2gAEkRzXla5xfDIHal8pIoIB5iIos3USvZQT6sL-l14LpI5fRFR_QIGUCh5W
cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US
-
cadi_loglevel=INFO
cadi_protocols=TLSv1.1,TLSv1.2
cadi_latitude=37.78187
-cadi_longitude=-122.26147
+cadi_longitude=-122.26147
\ No newline at end of file
--- /dev/null
+jmxUrl: service:jmx:rmi:///jndi/rmi://localhost:{{ .Values.prometheus.jmx.targetPort }}/jmxrmi
+lowercaseOutputName: true
+lowercaseOutputLabelNames: true
+ssl: false
\ No newline at end of file
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
-
+
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
- ============LICENSE_END=========================================================
+ ============LICENSE_END=========================================================
-->
<configuration scan="true" scanPeriod="3 seconds" debug="false">
- <contextName>${module.ajsc.namespace.name}</contextName>
- <jmxConfigurator />
- <property name="logDirectory" value="${AJSC_HOME}/log" />
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
- <filter class="ch.qos.logback.classic.filter.LevelFilter">
- <level>ERROR</level>
- <onMatch>ACCEPT</onMatch>
- <onMismatch>DENY</onMismatch>
- </filter>
- <encoder>
- <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n
- </pattern>
- </encoder>
- </appender>
-
- <appender name="INFO"
- class="ch.qos.logback.core.ConsoleAppender">
- <filter class="ch.qos.logback.classic.filter.LevelFilter">
- <level>INFO</level>
- <onMatch>ACCEPT</onMatch>
- <onMismatch>DENY</onMismatch>
- </filter>
- </appender>
-
- <appender name="DEBUG" class="ch.qos.logback.core.ConsoleAppender">
-
- <encoder>
- <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
- </encoder>
- </appender>
-
- <appender name="ERROR" class="ch.qos.logback.core.ConsoleAppender">
- class="ch.qos.logback.core.ConsoleAppender">
- <filter class="ch.qos.logback.classic.filter.LevelFilter">
- <level>ERROR</level>
- <onMatch>ACCEPT</onMatch>
- <onMismatch>DENY</onMismatch>
- </filter>
- <encoder>
- <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
- </encoder>
- </appender>
-
-
- <!-- Msgrtr related loggers -->
- <logger name="org.onap.dmaap.dmf.mr.service" level="INFO" />
- <logger name="org.onap.dmaap.dmf.mr.service.impl" level="INFO" />
-
- <logger name="org.onap.dmaap.dmf.mr.resources" level="INFO" />
- <logger name="org.onap.dmaap.dmf.mr.resources.streamReaders" level="INFO" />
-
- <logger name="org.onap.dmaap.dmf.mr.backends" level="INFO" />
- <logger name="org.onap.dmaap.dmf.mr.backends.kafka" level="INFO" />
- <logger name="org.onap.dmaap.dmf.mr.backends.memory" level="INFO" />
-
- <logger name="org.onap.dmaap.dmf.mr.beans" level="INFO" />
-
- <logger name="org.onap.dmaap.dmf.mr.constants" level="INFO" />
-
- <logger name="org.onap.dmaap.dmf.mr.exception" level="INFO" />
-
- <logger name="org.onap.dmaap.dmf.mr.listener" level="INFO" />
-
- <logger name="org.onap.dmaap.dmf.mr.metabroker" level="INFO" />
-
- <logger name="org.onap.dmaap.dmf.mr.metrics.publisher" level="INFO" />
- <logger name="org.onap.dmaap.dmf.mr.metrics.publisher.impl" level="INFO" />
-
-
-
- <logger name="org.onap.dmaap.dmf.mr.security" level="INFO" />
- <logger name="org.onap.dmaap.dmf.mr.security.impl" level="INFO" />
-
- <logger name="org.onap.dmaap.dmf.mr.transaction" level="INFO" />
- <logger name="com.att.dmf.mr.transaction.impl" level="INFO" />
-
- <logger name="org.onap.dmaap.dmf.mr.metabroker" level="INFO" />
- <logger name="org.onap.dmaap.dmf.mr.metabroker" level="INFO" />
-
- <logger name="org.onap.dmaap.dmf.mr.utils" level="INFO" />
- <logger name="org.onap.dmaap.mr.filter" level="INFO" />
-
- <!--<logger name="com.att.nsa.cambria.*" level="INFO" />-->
-
- <!-- Msgrtr loggers in ajsc -->
- <logger name="org.onap.dmaap.service" level="INFO" />
- <logger name="org.onap.dmaap" level="INFO" />
-
-
- <!-- Spring related loggers -->
- <logger name="org.springframework" level="WARN" additivity="false"/>
- <logger name="org.springframework.beans" level="WARN" additivity="false"/>
- <logger name="org.springframework.web" level="WARN" additivity="false" />
- <logger name="com.blog.spring.jms" level="WARN" additivity="false" />
-
- <!-- AJSC Services (bootstrap services) -->
- <logger name="ajsc" level="WARN" additivity="false"/>
- <logger name="ajsc.RouteMgmtService" level="INFO" additivity="false"/>
- <logger name="ajsc.ComputeService" level="INFO" additivity="false" />
- <logger name="ajsc.VandelayService" level="WARN" additivity="false"/>
- <logger name="ajsc.FilePersistenceService" level="WARN" additivity="false"/>
- <logger name="ajsc.UserDefinedJarService" level="WARN" additivity="false" />
- <logger name="ajsc.UserDefinedBeansDefService" level="WARN" additivity="false" />
- <logger name="ajsc.LoggingConfigurationService" level="WARN" additivity="false" />
-
- <!-- AJSC related loggers (DME2 Registration, csi logging, restlet, servlet
- logging) -->
- <logger name="ajsc.utils" level="WARN" additivity="false"/>
- <logger name="ajsc.utils.DME2Helper" level="INFO" additivity="false" />
- <logger name="ajsc.filters" level="DEBUG" additivity="false" />
- <logger name="ajsc.beans.interceptors" level="DEBUG" additivity="false" />
- <logger name="ajsc.restlet" level="DEBUG" additivity="false" />
- <logger name="ajsc.servlet" level="DEBUG" additivity="false" />
- <logger name="com.att" level="WARN" additivity="false" />
- <logger name="com.att.ajsc.csi.logging" level="WARN" additivity="false" />
- <logger name="com.att.ajsc.filemonitor" level="WARN" additivity="false"/>
-
- <logger name="com.att.nsa.dmaap.util" level="INFO" additivity="false"/>
- <logger name="com.att.cadi.filter" level="INFO" additivity="false" />
-
-
- <!-- Other Loggers that may help troubleshoot -->
- <logger name="net.sf" level="WARN" additivity="false" />
- <logger name="org.apache.commons.httpclient" level="WARN" additivity="false"/>
- <logger name="org.apache.commons" level="WARN" additivity="false" />
- <logger name="org.apache.coyote" level="WARN" additivity="false"/>
- <logger name="org.apache.jasper" level="WARN" additivity="false"/>
-
- <!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging.
- May aid in troubleshooting) -->
- <logger name="org.apache.camel" level="WARN" additivity="false" />
- <logger name="org.apache.cxf" level="WARN" additivity="false" />
- <logger name="org.apache.camel.processor.interceptor" level="WARN" additivity="false"/>
- <logger name="org.apache.cxf.jaxrs.interceptor" level="WARN" additivity="false" />
- <logger name="org.apache.cxf.service" level="WARN" additivity="false" />
- <logger name="org.restlet" level="DEBUG" additivity="false" />
- <logger name="org.apache.camel.component.restlet" level="DEBUG" additivity="false" />
- <logger name="org.apache.kafka" level="DEBUG" additivity="false" />
- <logger name="org.apache.zookeeper" level="INFO" additivity="false" />
- <logger name="org.I0Itec.zkclient" level="DEBUG" additivity="false" />
-
- <!-- logback internals logging -->
- <logger name="ch.qos.logback.classic" level="INFO" additivity="false"/>
- <logger name="ch.qos.logback.core" level="INFO" additivity="false" />
-
- <!-- logback jms appenders & loggers definition starts here -->
- <!-- logback jms appenders & loggers definition starts here -->
- <appender name="auditLogs"
- class="ch.qos.logback.core.ConsoleAppender">
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- </filter>
- <encoder>
- <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
- </encoder>
- </appender>
- <appender name="perfLogs"
- class="ch.qos.logback.core.ConsoleAppender">
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- </filter>
- <encoder>
- <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
- </encoder>
- </appender>
- <appender name="ASYNC-audit" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>1000</queueSize>
- <discardingThreshold>0</discardingThreshold>
- <appender-ref ref="Audit-Record-Queue" />
- </appender>
-
- <logger name="AuditRecord" level="INFO" additivity="FALSE">
- <appender-ref ref="STDOUT" />
- </logger>
- <logger name="AuditRecord_DirectCall" level="INFO" additivity="FALSE">
- <appender-ref ref="STDOUT" />
- </logger>
- <appender name="ASYNC-perf" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>1000</queueSize>
- <discardingThreshold>0</discardingThreshold>
- <appender-ref ref="Performance-Tracker-Queue" />
- </appender>
- <logger name="PerfTrackerRecord" level="INFO" additivity="FALSE">
- <appender-ref ref="ASYNC-perf" />
- <appender-ref ref="perfLogs" />
- </logger>
- <!-- logback jms appenders & loggers definition ends here -->
-
- <root level="DEBUG">
- <appender-ref ref="DEBUG" />
- <appender-ref ref="ERROR" />
- <appender-ref ref="INFO" />
- <appender-ref ref="STDOUT" />
- </root>
-
-</configuration>
\ No newline at end of file
+ <contextName>${module.ajsc.namespace.name}</contextName>
+ <jmxConfigurator />
+ <property name="logDirectory" value="${AJSC_HOME}/log" />
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>ERROR</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ <encoder>
+ <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n
+ </pattern>
+ </encoder>
+ </appender>
+
+ <appender name="INFO" class="ch.qos.logback.core.ConsoleAppender">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>INFO</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ </appender>
+
+ <appender name="DEBUG" class="ch.qos.logback.core.ConsoleAppender">
+
+ <encoder>
+ <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="ERROR" class="ch.qos.logback.core.ConsoleAppender"> class="ch.qos.logback.core.ConsoleAppender">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>ERROR</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ <encoder>
+ <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
+ </encoder>
+ </appender>
+
+
+ <!-- Msgrtr related loggers -->
+ <logger name="org.onap.dmaap.dmf.mr.service" level="INFO" />
+ <logger name="org.onap.dmaap.dmf.mr.service.impl" level="INFO" />
+
+ <logger name="org.onap.dmaap.dmf.mr.resources" level="INFO" />
+ <logger name="org.onap.dmaap.dmf.mr.resources.streamReaders" level="INFO" />
+
+ <logger name="org.onap.dmaap.dmf.mr.backends" level="INFO" />
+ <logger name="org.onap.dmaap.dmf.mr.backends.kafka" level="INFO" />
+ <logger name="org.onap.dmaap.dmf.mr.backends.memory" level="INFO" />
+
+ <logger name="org.onap.dmaap.dmf.mr.beans" level="INFO" />
+
+ <logger name="org.onap.dmaap.dmf.mr.constants" level="INFO" />
+
+ <logger name="org.onap.dmaap.dmf.mr.exception" level="INFO" />
+
+ <logger name="org.onap.dmaap.dmf.mr.listener" level="INFO" />
+
+ <logger name="org.onap.dmaap.dmf.mr.metabroker" level="INFO" />
+
+ <logger name="org.onap.dmaap.dmf.mr.metrics.publisher" level="INFO" />
+ <logger name="org.onap.dmaap.dmf.mr.metrics.publisher.impl" level="INFO" />
+
+
+
+ <logger name="org.onap.dmaap.dmf.mr.security" level="INFO" />
+ <logger name="org.onap.dmaap.dmf.mr.security.impl" level="INFO" />
+
+ <logger name="org.onap.dmaap.dmf.mr.transaction" level="INFO" />
+ <logger name="com.att.dmf.mr.transaction.impl" level="INFO" />
+
+ <logger name="org.onap.dmaap.dmf.mr.metabroker" level="INFO" />
+ <logger name="org.onap.dmaap.dmf.mr.metabroker" level="INFO" />
+
+ <logger name="org.onap.dmaap.dmf.mr.utils" level="INFO" />
+ <logger name="org.onap.dmaap.mr.filter" level="INFO" />
+
+ <!--<logger name="com.att.nsa.cambria.*" level="INFO" />-->
+
+ <!-- Msgrtr loggers in ajsc -->
+ <logger name="org.onap.dmaap.service" level="INFO" />
+ <logger name="org.onap.dmaap" level="INFO" />
+
+
+ <!-- Spring related loggers -->
+ <logger name="org.springframework" level="WARN" additivity="false"/>
+ <logger name="org.springframework.beans" level="WARN" additivity="false"/>
+ <logger name="org.springframework.web" level="WARN" additivity="false" />
+ <logger name="com.blog.spring.jms" level="WARN" additivity="false" />
+
+ <!-- AJSC Services (bootstrap services) -->
+ <logger name="ajsc" level="WARN" additivity="false"/>
+ <logger name="ajsc.RouteMgmtService" level="INFO" additivity="false"/>
+ <logger name="ajsc.ComputeService" level="INFO" additivity="false" />
+ <logger name="ajsc.VandelayService" level="WARN" additivity="false"/>
+ <logger name="ajsc.FilePersistenceService" level="WARN" additivity="false"/>
+ <logger name="ajsc.UserDefinedJarService" level="WARN" additivity="false" />
+ <logger name="ajsc.UserDefinedBeansDefService" level="WARN" additivity="false" />
+ <logger name="ajsc.LoggingConfigurationService" level="WARN" additivity="false" />
+
+ <!-- AJSC related loggers (DME2 Registration, csi logging, restlet, servlet
+ logging) -->
+ <logger name="ajsc.utils" level="WARN" additivity="false"/>
+ <logger name="ajsc.utils.DME2Helper" level="INFO" additivity="false" />
+ <logger name="ajsc.filters" level="DEBUG" additivity="false" />
+ <logger name="ajsc.beans.interceptors" level="DEBUG" additivity="false" />
+ <logger name="ajsc.restlet" level="DEBUG" additivity="false" />
+ <logger name="ajsc.servlet" level="DEBUG" additivity="false" />
+ <logger name="com.att" level="WARN" additivity="false" />
+ <logger name="com.att.ajsc.csi.logging" level="WARN" additivity="false" />
+ <logger name="com.att.ajsc.filemonitor" level="WARN" additivity="false"/>
+
+ <logger name="com.att.nsa.dmaap.util" level="INFO" additivity="false"/>
+ <logger name="com.att.cadi.filter" level="INFO" additivity="false" />
+
+
+ <!-- Other Loggers that may help troubleshoot -->
+ <logger name="net.sf" level="WARN" additivity="false" />
+ <logger name="org.apache.commons.httpclient" level="WARN" additivity="false"/>
+ <logger name="org.apache.commons" level="WARN" additivity="false" />
+ <logger name="org.apache.coyote" level="WARN" additivity="false"/>
+ <logger name="org.apache.jasper" level="WARN" additivity="false"/>
+
+ <!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging.
+ May aid in troubleshooting) -->
+ <logger name="org.apache.camel" level="WARN" additivity="false" />
+ <logger name="org.apache.cxf" level="WARN" additivity="false" />
+ <logger name="org.apache.camel.processor.interceptor" level="WARN" additivity="false"/>
+ <logger name="org.apache.cxf.jaxrs.interceptor" level="WARN" additivity="false" />
+ <logger name="org.apache.cxf.service" level="WARN" additivity="false" />
+ <logger name="org.restlet" level="DEBUG" additivity="false" />
+ <logger name="org.apache.camel.component.restlet" level="DEBUG" additivity="false" />
+ <logger name="org.apache.kafka" level="DEBUG" additivity="false" />
+ <logger name="org.apache.zookeeper" level="INFO" additivity="false" />
+ <logger name="org.I0Itec.zkclient" level="DEBUG" additivity="false" />
+
+ <!-- logback internals logging -->
+ <logger name="ch.qos.logback.classic" level="INFO" additivity="false"/>
+ <logger name="ch.qos.logback.core" level="INFO" additivity="false" />
+
+ <!-- logback jms appenders & loggers definition starts here -->
+ <!-- logback jms appenders & loggers definition starts here -->
+ <appender name="auditLogs" class="ch.qos.logback.core.ConsoleAppender">
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ </filter>
+ <encoder>
+ <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
+ </encoder>
+ </appender>
+ <appender name="perfLogs" class="ch.qos.logback.core.ConsoleAppender">
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ </filter>
+ <encoder>
+ <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
+ </encoder>
+ </appender>
+ <appender name="ASYNC-audit" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>1000</queueSize>
+ <discardingThreshold>0</discardingThreshold>
+ <appender-ref ref="Audit-Record-Queue" />
+ </appender>
+
+ <logger name="AuditRecord" level="INFO" additivity="FALSE">
+ <appender-ref ref="STDOUT" />
+ </logger>
+ <logger name="AuditRecord_DirectCall" level="INFO" additivity="FALSE">
+ <appender-ref ref="STDOUT" />
+ </logger>
+ <appender name="ASYNC-perf" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>1000</queueSize>
+ <discardingThreshold>0</discardingThreshold>
+ <appender-ref ref="Performance-Tracker-Queue" />
+ </appender>
+ <logger name="PerfTrackerRecord" level="INFO" additivity="FALSE">
+ <appender-ref ref="ASYNC-perf" />
+ <appender-ref ref="perfLogs" />
+ </logger>
+ <!-- logback jms appenders & loggers definition ends here -->
+
+ <root level="DEBUG">
+ <appender-ref ref="DEBUG" />
+ <appender-ref ref="ERROR" />
+ <appender-ref ref="INFO" />
+ <appender-ref ref="STDOUT" />
+ </root>
+
+</configuration>
{
"topicName": "mirrormakeragent",
"topicDescription": "the topic used to provision the MM agent whitelist",
- "replicationCase": "REPLICATION_NONE",
+ "replicationCase": "REPLICATION_NONE",
"owner": "dmaap",
"txenabled": false,
"partitionCount": "1",
"dcaeLocationName": "san-francisco",
"clientIdentity": "dmaap-bc-mm-prov@dmaap-bc-mm-prov.onap.org",
"action": [
- "pub",
+ "pub",
"sub",
- "view"
+ "view"
]
-
},
- {
+ {
"dcaeLocationName": "san-francisco",
"clientIdentity": "dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org",
"action": [
- "pub",
+ "pub",
"sub",
- "view"
+ "view"
]
-
},
- {
+ {
"dcaeLocationName": "san-francisco",
"clientIdentity": "demo@people.osaaf.org",
"action": [
- "pub",
+ "pub",
"sub",
- "view"
+ "view"
]
-
}
-
]
-}
-
+}
\ No newline at end of file
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-
apiVersion: v1
kind: ConfigMap
metadata:
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/topics/*.json").AsConfig . | indent 2 }}
+---
+{{- if .Values.prometheus.jmx.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-prometheus-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/dmaap/jmx-mrservice-prometheus.yml").AsConfig . | indent 2 }}
+---
+{{ end }}
+
+{{- if .Values.global.aafEnabled }}
+# Copyright © 2020 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "common.fullname" . }}-dbc-topics
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
+{{- end }}
\ No newline at end of file
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "{{ include "common.servicename" . }}",
- "version": "v1",
- "url": "/",
- "protocol": "REST",
- "port": "{{.Values.service.internalPort}}",
- "visualRange":"1"
- }
- ]'
-
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- {{- if .Values.global.allow_http }}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}-{{ .Values.service.externalPort }}
- {{- end}}
- - port: {{ .Values.service.externalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.portName }}-{{ .Values.service.externalPort2 }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }}
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: apps/v1beta1
+
+apiVersion: apps/v1
kind: StatefulSet
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ serviceName: {{ include "common.servicename" . }}
replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- command:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
+ {{- if .Values.prometheus.jmx.enabled }}
+ - name: prometheus-jmx-exporter
+ image: "{{ .Values.prometheus.jmx.imageRepository }}/{{ .Values.prometheus.jmx.image }}:{{ .Values.prometheus.jmx.imageTag }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - java
+ - -XX:+UnlockExperimentalVMOptions
+ - -XX:+UseCGroupMemoryLimitForHeap
+ - -XX:MaxRAMFraction=1
+ - -XshowSettings:vm
+ - -jar
+ - jmx_prometheus_httpserver.jar
+ - {{ .Values.prometheus.jmx.port | quote }}
+ - /etc/jmx-kafka/jmx-mrservice-prometheus.yml
+ ports:
+ - containerPort: {{ .Values.prometheus.jmx.port }}
+ resources:
+ volumeMounts:
+ - name: jmx-config
+ mountPath: /etc/jmx-kafka
+ {{- end }}
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.externalPort }}
- - containerPort: {{ .Values.service.externalPort2 }}
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
- port: {{ .Values.service.externalPort }}
+ port: {{ .Values.liveness.port }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
{{ end -}}
readinessProbe:
tcpSocket:
- port: {{ .Values.service.externalPort }}
+ port: {{ .Values.readiness.port }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
- mountPath: /appl/dmaapMR1/etc/keyfile
subPath: mykey
name: mykey
- resources:
-{{ include "common.resources" . }}
+ resources: {{ include "common.resources" . | nindent 12 }}
volumes:
- name: localtime
hostPath:
- name: cadi
configMap:
name: {{ include "common.fullname" . }}-cadi-prop-configmap
+ {{- if .Values.prometheus.jmx.enabled }}
+ - name: jmx-config
+ configMap:
+ name: {{ include "common.fullname" . }}-prometheus-configmap
+ {{- end }}
- name: mykey
secret:
secretName: {{ include "common.fullname" . }}-secret
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/dmaap/dmaap-mr:1.1.17
+image: onap/dmaap/dmaap-mr:1.1.18
pullPolicy: Always
kafka:
timeoutSeconds: 1
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
+ port: api
enabled: true
readiness:
initialDelaySeconds: 70
periodSeconds: 10
timeoutSeconds: 1
+ port: api
service:
type: NodePort
name: message-router
- portName: message-router
- externalPort: 3904
- nodePort: 27
- externalPort2: 3905
- nodePort2: 26
+ both_tls_and_plain: true
+ msb:
+ port: api
+ url: "/"
+ version: "v1"
+ protocol: "REST"
+ visualRange: "1"
+ ports:
+ - name: api
+ port: 3905
+ plain_port: 3904
+ port_protocol: http
+ nodePort: 26
+
+prometheus:
+ jmx:
+ enabled: false
+ image: solsson/kafka-prometheus-jmx-exporter@sha256
+ imageTag: 6f82e2b0464f50da8104acd7363fb9b995001ddff77d248379f8788e78946143
+ imageRepository: docker.io
+ port: 5556
+ targetPort: 5555
ingress:
enabled: false
busyBoxRepository: docker.io
#Global DMaaP app config
- allow_http: true
+ allow_http: false
#Logstash config
logstashServiceName: log-ls
# application image
repository: nexus3.onap.org:10001
-image: onap/aai/esr-server:1.5.1
+image: onap/aai/esr-server:1.5.2
pullPolicy: Always
msbaddr: msb-iag.{{ include "common.namespace" . }}:443
- name: MYSQL_ADDR
value: {{ (index .Values "mariadb-galera" "service" "name") }}:{{ (index .Values "mariadb-galera" "service" "internalPort") }}
- name: MYSQL_ROOT_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 12}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 12}}
volumeMounts:
- name: {{ include "common.fullname" . }}-etsicatalog
mountPath: /service/modeling/etsicatalog/static
# See the License for the specific language governing permissions and
# limitations under the License.
-{{ include "common.secret" . }}
+{{ include "common.secretFast" . }}
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/multicloud/openstack-fcaps:1.5.3
+image: onap/multicloud/openstack-fcaps:1.5.5
pullPolicy: Always
#Istio sidecar injection policy
"sdcConfiguration":{
"parameterClassName":"org.onap.policy.distribution.reception.handling.sdc.SdcReceptionHandlerConfigurationParameterGroup",
"parameters":{
- "asdcAddress": "sdc-be:8443",
+ "asdcAddress": "sdc-be.{{ include "common.namespace" . }}:8443",
"messageBusAddress": [
- "message-router"
+ "message-router.{{ include "common.namespace" . }}"
],
"user": "multicloud",
"password": "Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U",
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/multicloud/openstack-pike:1.4.1
+image: onap/multicloud/openstack-pike:1.5.5
pullPolicy: Always
#Istio sidecar injection policy
"sdcConfiguration":{
"parameterClassName":"org.onap.policy.distribution.reception.handling.sdc.SdcReceptionHandlerConfigurationParameterGroup",
"parameters":{
- "asdcAddress": "sdc-be:8443",
+ "asdcAddress": "sdc-be.{{ include "common.namespace" . }}:8443",
"messageBusAddress": [
- "message-router"
+ "message-router.{{ include "common.namespace" . }}"
],
"user": "multicloud",
"password": "Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U",
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/multicloud/openstack-starlingx:1.5.3
+image: onap/multicloud/openstack-starlingx:1.5.5
pullPolicy: Always
#Istio sidecar injection policy
"sdcConfiguration":{
"parameterClassName":"org.onap.policy.distribution.reception.handling.sdc.SdcReceptionHandlerConfigurationParameterGroup",
"parameters":{
- "asdcAddress": "sdc-be:8443",
+ "asdcAddress": "sdc-be.{{ include "common.namespace" . }}:8443",
"messageBusAddress": [
- "message-router"
+ "message-router.{{ include "common.namespace" . }}"
],
"user": "multicloud",
"password": "Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U",
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/multicloud/openstack-windriver:1.5.3
+image: onap/multicloud/openstack-windriver:1.5.5
pullPolicy: Always
#Istio sidecar injection policy
- name: SPRING_DATASOURCE_URL
value: jdbc:mariadb://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{ index .Values "mariadb-galera" "config" "mysqlDatabase" }}
- name: SPRING_DATASOURCE_USERNAME
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "nbi-db-secret" "key" "login") | indent 14 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nbi-db-secret" "key" "login") | indent 14 }}
- name: SPRING_DATASOURCE_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "nbi-db-secret" "key" "password") | indent 14 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nbi-db-secret" "key" "password") | indent 14 }}
- name: SPRING_DATA_MONGODB_HOST
value: {{ .Values.mongo.service.name }}.{{ include "common.namespace" . }}
- name: SPRING_DATA_MONGODB_PORT
# See the License for the specific language governing permissions and
# limitations under the License.
-{{ include "common.secret" . }}
+{{ include "common.secretFast" . }}
# application image
repository: nexus3.onap.org:10001
-image: onap/externalapi/nbi:5.0.1
+image: onap/externalapi/nbi:6.0.0
pullPolicy: IfNotPresent
sdc_authorization: Basic YWFpOktwOGJKNFNYc3pNMFdYbGhhazNlSGxjc2UyZ0F3ODR2YW9HR21KdlV5MlU=
aai_authorization: Basic QUFJOkFBSQ==
version: ~6.x-0
repository: '@local'
condition: dcaegen2.enabled
+ - name: dcaemod
+ version: ~6.x-0
+ repository: '@local'
+ condition: dcaemod.enabled
- name: dmaap
version: ~5.x-0
repository: '@local'
--- /dev/null
+# Copyright © 2019 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration overrides.
+#
+# These overrides will affect all helm charts (ie. applications)
+# that are listed below and are 'enabled'.
+#################################################################
+global:
+ # Change to an unused port prefix range to prevent port conflicts
+ # with other instances running within the same k8s cluster
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+
+ # ONAP Repository
+ # Uncomment the following to enable the use of a single docker
+ # repository but ONLY if your repository mirrors all ONAP
+ # docker images. This includes all images from dockerhub and
+ # any other repository that hosts images for ONAP components.
+ #repository: nexus3.onap.org:10001
+ repositoryCred:
+ user: docker
+ password: docker
+
+ # readiness check - temporary repo until images migrated to nexus3
+ readinessRepository: oomk8s
+ # logging agent - temporary repo until images migrated to nexus3
+ loggingRepository: docker.elastic.co
+
+ # image pull policy
+ pullPolicy: IfNotPresent
+
+ # default mount path root directory referenced
+ # by persistent volumes and log files
+ persistence:
+ mountPath: /dockerdata-nfs
+ enableDefaultStorageclass: false
+ parameters: {}
+ storageclassProvisioner: kubernetes.io/no-provisioner
+ volumeReclaimPolicy: Retain
+
+ # override default resource limit flavor for all charts
+ flavor: small
+
+ # flag to enable debugging - application support required
+ debugEnabled: false
+
+ #Global ingress configuration
+ ingress:
+ enabled: false
+ virtualhost:
+ enabled: true
+ baseurl: "simpledemo.onap.org"
+#################################################################
+# Enable/disable and configure helm charts (ie. applications)
+# to customize the ONAP deployment.
+#################################################################
+aaf:
+ enabled: true
+aai:
+ enabled: true
+appc:
+ enabled: false
+ config:
+ openStackType: OpenStackProvider
+ openStackName: OpenStack
+ openStackKeyStoneUrl: http://localhost:8181/apidoc/explorer/index.html
+ openStackServiceTenantName: default
+ openStackDomain: default
+ openStackUserName: admin
+ openStackEncryptedPassword: admin
+cassandra:
+ enabled: true
+cds:
+ enabled: true
+clamp:
+ enabled: false
+cli:
+ enabled: false
+consul:
+ enabled: false
+contrib:
+ enabled: false
+dcaegen2:
+ enabled: false
+pnda:
+ enabled: false
+dmaap:
+ enabled: true
+esr:
+ enabled: true
+log:
+ enabled: true
+sniro-emulator:
+ enabled: false
+oof:
+ enabled: true
+mariadb-galera:
+ enabled: true
+msb:
+ enabled: true
+multicloud:
+ enabled: false
+nbi:
+ enabled: false
+ config:
+ # openstack configuration
+ openStackRegion: "Yolo"
+ openStackVNFTenantId: "1234"
+policy:
+ enabled: true
+pomba:
+ enabled: false
+portal:
+ enabled: true
+robot:
+ enabled: false
+ config:
+ # openStackEncryptedPasswordHere should match the encrypted string used in SO and APPC and overridden per environment
+ openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e"
+sdc:
+ enabled: true
+sdnc:
+ enabled: false
+
+ replicaCount: 1
+
+ mysql:
+ replicaCount: 1
+so:
+ enabled: true
+
+ replicaCount: 1
+
+ liveness:
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: false
+
+ # so server configuration
+ config:
+ # message router configuration
+ dmaapTopic: "AUTO"
+ # openstack configuration
+ openStackUserName: "vnf_user"
+ openStackRegion: "RegionOne"
+ openStackKeyStoneUrl: "http://1.2.3.4:5000"
+ openStackServiceTenantName: "service"
+ openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e"
+
+uui:
+ enabled: true
+vfc:
+ enabled: false
+vid:
+ enabled: false
+vnfsdk:
+ enabled: false
+modeling:
+ enabled: false
enabled: true
dcaegen2:
enabled: true
+dcaemod:
+ enabled: true
dmaap:
enabled: true
esr:
virtualhost:
enabled: true
baseurl: "simpledemo.onap.org"
+
+ # Global Service Mesh configuration
+ # POC Mode, don't use it in production
+ serviceMesh:
+ enabled: false
+ tls: true
+
+ # Disabling AAF
+ # POC Mode, don't use it in production
+ aafEnabled: true
+
+ # TLS
+ # Set to false if you want to disable TLS for NodePorts. Be aware that this
+ # will loosen your security.
+ # if set this element will force or not tls even if serviceMesh.tls is set.
+ # tlsEnabled: false
+
+
+# Example of specific for the components where you want to disable TLS only for
+# it:
+# if set this element will force or not tls even if global.serviceMesh.tls and
+# global.tlsEnabled is set otherwise.
+# robot:
+# tlsOverride: false
+
+ # Global storage configuration
+ # Set to "-" for default, or with the name of the storage class
+ # Please note that if you use AAF, CDS, SDC, Netbox or Robot, you need a
+ # storageclass with RWX capabilities (or set specific configuration for these
+ # components).
+ # persistence:
+ # storageClass: "-"
+
+# Example of specific for the components which requires RWX:
+# aaf:
+# persistence:
+# storageClassOverride: "My_RWX_Storage_Class"
+# contrib:
+# netbox:
+# netbox-app:
+# persistence:
+# storageClassOverride: "My_RWX_Storage_Class"
+# cds:
+# cds-blueprints-processor:
+# persistence:
+# storageClassOverride: "My_RWX_Storage_Class"
+# sdc:
+# sdc-onboarding-be:
+# persistence:
+# storageClassOverride: "My_RWX_Storage_Class"
+
#################################################################
# Enable/disable and configure helm charts (ie. applications)
# to customize the ONAP deployment.
enabled: false
dcaegen2:
enabled: false
+dcaemod:
+ enabled: false
pnda:
enabled: false
dmaap:
#table_prefix = sdnc
# Base URL for SDN-C, up to and including the version. (string value)
-#server_url = https://controller:8443/restconf/
-server_url = https://sdncodl-conexus-e2e.ecomp.cci.att.com:8543/restconf/
+server_url = https://controller:8443/restconf/
# Basic Authentication Username (string value)
#username = <None>
# Retry Numbers for SDNC Rest Call (string value)
#sdnc_retries = 3
-
[service_controller]
#
BRMS_UEB_API_SECRET=
#Dependency.json file version
-BRMS_DEPENDENCY_VERSION=1.5.3
-BRMS_MODELS_DEPENDENCY_VERSION=2.1.4
+BRMS_DEPENDENCY_VERSION=1.6.0
+BRMS_MODELS_DEPENDENCY_VERSION=2.2.2
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018-2019 AT&T
+# Modifications Copyright © 2018-2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-pe:1.5.2
+image: onap/policy-pe:1.6.1
pullPolicy: Always
# flag to enable debugging - application support required
# Copyright © 2017-2018 Amdocs, Bell Canada.
-# Modifications Copyright (C) 2018-2019 AT&T Intellectual Property.
+# Modifications Copyright (C) 2018-2020 AT&T Intellectual Property.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
POLICY_HOME=/opt/app/policy
POLICY_LOGS=/var/log/onap/policy/pdpd
-JAVA_HOME=/usr/lib/jvm/java-1.8-openjdk
# Telemetry credentials
SNAPSHOT_REPOSITORY_URL=http://{{.Values.global.nexus.nameOverride}}:{{.Values.nexus.port}}/nexus/content/repositories/snapshots/
RELEASE_REPOSITORY_ID=policy-nexus-releases
RELEASE_REPOSITORY_URL=http://{{.Values.global.nexus.nameOverride}}:{{.Values.nexus.port}}/nexus/content/repositories/releases/
+REPOSITORY_OFFLINE={{.Values.nexus.offline}}
# Relational (SQL) DB access
# PAP-PDP configuration channel
POLICY_PDP_PAP_TOPIC=POLICY-PDP-PAP
+POLICY_PDP_PAP_GROUP=defaultGroup
# Symmetric Key for encoded sensitive data
# PDP-X
PDP_HOST=policy-xacml-pdp
+PDP_PORT=6969
+PDP_CONTEXT_URI=policy/pdpx/v1/
+GUARD_DISABLED=false
# DCAE DMaaP
# AAI
-AAI_URL=https://aai.{{.Release.Namespace}}:8443
+AAI_HOST=aai.{{.Release.Namespace}}
+AAI_PORT=8443
+AAI_CONTEXT_URI=
# MSO
-SO_URL=http://so.{{.Release.Namespace}}:8080/onap/so/infra
+SO_HOST=so.{{.Release.Namespace}}
+SO_PORT=8080
+SO_CONTEXT_URI=onap/so/infra/
+SO_URL=https://so.{{.Release.Namespace}}:8080/onap/so/infra
# VFC
-VFC_URL=
+VFC_HOST=
+VFC_PORT=
+VFC_CONTEXT_URI=api/nslcm/v1/
# SDNC
-SDNC_URL=http://sdnc.{{.Release.Namespace}}:8282/restconf/operations
+SDNC_HOST=sdnc.{{.Release.Namespace}}
+SDNC_PORT=8282
+SDNC_CONTEXT_URI=restconf/operations/
# CDS
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ============LICENSE_START=======================================================
+ ONAP
+ ================================================================================
+ Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ ============LICENSE_END=========================================================
+-->
+
+
+<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">
+
+ <offline>{{.Values.nexus.offline}}</offline>
+
+ <profiles>
+
+ <profile>
+ <id>policy-local</id>
+
+ <repositories>
+ <repository>
+ <id>file-repository</id>
+ <url>file:${user.home}/.m2/file-repository</url>
+ <releases>
+ <enabled>true</enabled>
+ <updatePolicy>always</updatePolicy>
+ </releases>
+ <snapshots>
+ <enabled>true</enabled>
+ <updatePolicy>always</updatePolicy>
+ </snapshots>
+ </repository>
+ </repositories>
+
+ </profile>
+
+ <profile>
+ <id>policy-releases</id>
+
+ <repositories>
+ <repository>
+ <id>${env.RELEASE_REPOSITORY_ID}</id>
+ <url>${env.RELEASE_REPOSITORY_URL}</url>
+ <releases>
+ <enabled>true</enabled>
+ <updatePolicy>always</updatePolicy>
+ </releases>
+ <snapshots>
+ <enabled>false</enabled>
+ </snapshots>
+ </repository>
+ </repositories>
+
+ </profile>
+
+ <profile>
+ <id>policy-snapshots</id>
+
+ <repositories>
+ <repository>
+ <id>${env.SNAPSHOT_REPOSITORY_ID}</id>
+ <url>${env.SNAPSHOT_REPOSITORY_URL}</url>
+ <releases>
+ <enabled>false</enabled>
+ </releases>
+ <snapshots>
+ <enabled>true</enabled>
+ <updatePolicy>always</updatePolicy>
+ </snapshots>
+ </repository>
+ </repositories>
+
+ </profile>
+
+ <profile>
+ <id>onap-releases</id>
+
+ <repositories>
+ <repository>
+ <id>onap-releases</id>
+ <name>onap-releases</name>
+ <url>https://nexus.onap.org/content/repositories/releases/</url>
+ <releases>
+ <enabled>true</enabled>
+ </releases>
+ <snapshots>
+ <enabled>false</enabled>
+ </snapshots>
+ </repository>
+ </repositories>
+
+ </profile>
+
+ <profile>
+
+ <id>onap-snapshots</id>
+
+ <repositories>
+ <repository>
+ <id>onap-snapshots</id>
+ <name>onap-snapshots</name>
+ <url>https://nexus.onap.org/content/repositories/snapshots/</url>
+ <releases>
+ <enabled>false</enabled>
+ </releases>
+ <snapshots>
+ <enabled>true</enabled>
+ </snapshots>
+ </repository>
+ </repositories>
+
+ </profile>
+
+ </profiles>
+
+ <activeProfiles>
+ <activeProfile>policy-local</activeProfile>
+ <activeProfile>policy-releases</activeProfile>
+ <activeProfile>policy-snapshots</activeProfile>
+ <activeProfile>onap-releases</activeProfile>
+ <activeProfile>onap-snapshots</activeProfile>
+ </activeProfiles>
+
+ <servers>
+ <server>
+ <id>${env.SNAPSHOT_REPOSITORY_ID}</id>
+ <username>${env.REPOSITORY_USERNAME}</username>
+ <password>${env.REPOSITORY_PASSWORD}</password>
+ </server>
+ <server>
+ <id>${env.RELEASE_REPOSITORY_ID}</id>
+ <username>${env.REPOSITORY_USERNAME}</username>
+ <password>${env.REPOSITORY_PASSWORD}</password>
+ </server>
+ </servers>
+
+</settings>
REPOSITORY_USERNAME={{.Values.nexus.user}}
REPOSITORY_PASSWORD={{.Values.nexus.password}}
-SQL_USER={{.Values.db.user}}
-SQL_PASSWORD={{.Values.db.password}}
-
PDPD_CONFIGURATION_API_KEY={{.Values.dmaap.brmsgw.key}}
PDPD_CONFIGURATION_API_SECRET={{.Values.dmaap.brmsgw.secret}}
# See the License for the specific language governing permissions and
# limitations under the License.
+{{ include "common.secret" . }}
+---
apiVersion: v1
kind: Secret
metadata:
env:
- name: REPLICAS
value: "{{ .Values.replicaCount }}"
+ - name: SQL_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
+ - name: SQL_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
volumeMounts:
- mountPath: /etc/localtime
name: localtime
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018-2019 AT&T
+# Modifications Copyright © 2018-2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
loggingImage: beats/filebeat:5.5.0
ubuntuImage: ubuntu:16.04
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
+ login: '{{ .Values.db.user }}'
+ password: '{{ .Values.db.password }}'
+ passwordPolicy: required
+
#################################################################
# Application configuration defaults.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-pdpd-cl:1.5.3
+image: onap/policy-pdpd-cl:1.6.0
pullPolicy: Always
# flag to enable debugging - application support required
user: admin
password: admin123
port: 8081
+ offline: true
db:
user: policy_user
apiVersion: v1
description: ONAP Policy Administration (PAP)
-name: policy-pap
+name: pap
version: 5.0.0
"topicSources" : [{
"topic" : "POLICY-PDP-PAP",
"servers" : [ "message-router" ],
+ "useHttps": true,
"topicCommInfrastructure" : "dmaap"
}],
"topicSinks" : [{
"topic" : "POLICY-PDP-PAP",
"servers" : [ "message-router" ],
+ "useHttps" : true,
"topicCommInfrastructure" : "dmaap"
},
{
"topic" : "POLICY-NOTIFICATION",
"servers" : [ "message-router" ],
+ "useHttps" : true,
"topicCommInfrastructure" : "dmaap"
}]
- }
+ },
+ "healthCheckRestClientParameters":[{
+ "clientName": "api",
+ "hostname": "policy-api",
+ "port": 6969,
+ "userName": "healthcheck",
+ "password": "zb!XztG34",
+ "useHttps": true,
+ "basePath": "policy/api/v1/healthcheck"
+ },
+ {
+ "clientName": "distribution",
+ "hostname": "policy-distribution",
+ "port": 6969,
+ "userName": "healthcheck",
+ "password": "zb!XztG34",
+ "useHttps": true,
+ "basePath": "healthcheck"
+ }]
}
# ============LICENSE_START=======================================================
# Copyright (C) 2019 Nordix Foundation.
-# Modifications Copyright (C) 2019 AT&T Intellectual Property.
+# Modifications Copyright (C) 2019-2020 AT&T Intellectual Property.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-pap:2.1.2
+image: onap/policy-pap:2.2.0
pullPolicy: Always
# flag to enable debugging - application support required
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2018,2019 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-pe:1.5.2
+image: onap/policy-pe:1.6.1
pullPolicy: Always
# flag to enable debugging - application support required
"https": true
},
"pdpStatusParameters":{
+ "pdpGroup": "defaultGroup",
"timeIntervalMs": 120000,
"pdpType":"apex",
"description":"Pdp Heartbeat",
- "supportedPolicyTypes":[{"name":"onap.policies.controlloop.operational.Apex","version":"1.0.0"}]
+ "supportedPolicyTypes": [
+ {
+ "name": "onap.policies.controlloop.operational.Apex",
+ "version": "1.0.0"
+ },
+ {
+ "name": "onap.policies.native.Apex",
+ "version": "1.0.0"
+ },
+ {
+ "name": "onap.policies.controlloop.operational.common.Apex",
+ "version": "1.0.0"
+ }
+ ]
},
"topicParameterGroup": {
"topicSources" : [{
"topic" : "POLICY-PDP-PAP",
"servers" : [ "message-router" ],
+ "useHttps" : true,
"topicCommInfrastructure" : "dmaap"
}],
"topicSinks" : [{
"topic" : "POLICY-PDP-PAP",
"servers" : [ "message-router" ],
+ "useHttps" : true,
"topicCommInfrastructure" : "dmaap"
}]
}
# ============LICENSE_START=======================================================
# Copyright (C) 2018 Ericsson. All rights reserved.
-# Modifications Copyright (C) 2019 AT&T Intellectual Property.
+# Modifications Copyright (C) 2019-2020 AT&T Intellectual Property.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-apex-pdp:2.2.2
+image: onap/policy-apex-pdp:2.3.0
pullPolicy: Always
# flag to enable debugging - application support required
# ============LICENSE_START=======================================================
-# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
"databaseUser": "{{ .Values.global.mariadb.config.userName }}",
"databasePassword": "{{ .Values.global.mariadb.config.userPassword | b64enc }}",
"persistenceUnit": "PolicyMariaDb"
- }
+ },
+ "preloadPolicyTypes": [
+ "policytypes/onap.policies.monitoring.cdap.tca.hi.lo.app.yaml",
+ "policytypes/onap.policies.monitoring.dcaegen2.collectors.datafile.datafile-app-server.yaml",
+ "policytypes/onap.policies.Optimization.yaml",
+ "policytypes/onap.policies.optimization.Resource.yaml",
+ "policytypes/onap.policies.optimization.Service.yaml",
+ "policytypes/onap.policies.optimization.resource.AffinityPolicy.yaml",
+ "policytypes/onap.policies.optimization.resource.DistancePolicy.yaml",
+ "policytypes/onap.policies.optimization.resource.HpaPolicy.yaml",
+ "policytypes/onap.policies.optimization.resource.OptimizationPolicy.yaml",
+ "policytypes/onap.policies.optimization.resource.PciPolicy.yaml",
+ "policytypes/onap.policies.optimization.service.QueryPolicy.yaml",
+ "policytypes/onap.policies.optimization.service.SubscriberPolicy.yaml",
+ "policytypes/onap.policies.optimization.resource.Vim_fit.yaml",
+ "policytypes/onap.policies.optimization.resource.VnfPolicy.yaml",
+ "policytypes/onap.policies.controlloop.guard.Common.yaml",
+ "policytypes/onap.policies.controlloop.guard.common.Blacklist.yaml",
+ "policytypes/onap.policies.controlloop.guard.common.FrequencyLimiter.yaml",
+ "policytypes/onap.policies.controlloop.guard.common.MinMax.yaml",
+ "policytypes/onap.policies.controlloop.guard.coordination.FirstBlocksSecond.yaml",
+ "policytypes/onap.policies.controlloop.Operational.yaml",
+ "policytypes/onap.policies.Naming.yaml",
+ "policytypes/onap.policies.native.Drools.yaml",
+ "policytypes/onap.policies.native.Xacml.yaml",
+ "policytypes/onap.policies.native.Apex.yaml",
+ "policytypes/onap.policies.controlloop.operational.Common.yaml",
+ "policytypes/onap.policies.controlloop.operational.common.Apex.yaml",
+ "policytypes/onap.policies.controlloop.operational.common.Drools.yaml"
+ ],
+ "preloadPolicies" : [
+ "policies/sdnc.policy.naming.input.tosca.yaml"
+ ]
}
# ============LICENSE_START=======================================================
-# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-api:2.1.2
+image: onap/policy-api:2.2.1
pullPolicy: Always
# flag to enable debugging - application support required
# See the License for the specific language governing permissions and
# limitations under the License.
-JAVA_HOME=/usr/lib/jvm/java-1.8-openjdk
+JAVA_HOME=/usr/local/openjdk-11
POLICY_HOME=/opt/app/policy
POLICY_LOGS=/var/log/onap
KEYSTORE_PASSWD=Pol1cy_0nap
# ============LICENSE_START=======================================================
# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modifications Copyright (C) 2020 AT&T Intellectual Property.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
"receptionHandlerConfigurationName":"sdcConfiguration",
"pluginHandlerParameters":{
"policyDecoders":{
- "CsarDecoder":{
- "decoderType":"CsarDecoder",
- "decoderClassName":"org.onap.policy.distribution.reception.decoding.pdpx.PolicyDecoderCsarPdpx",
+ "HpaDecoder":{
+ "decoderType":"HpaDecoder",
+ "decoderClassName":"org.onap.policy.distribution.reception.decoding.hpa.PolicyDecoderCsarHpa",
"decoderConfigurationName": "csarToOptimizationPolicyConfiguration"
},
- "ApexDecoder":{
- "decoderType":"ApexDecoder",
+ "ToscaPolicyDecoder":{
+ "decoderType":"ToscaPolicyDecoder",
"decoderClassName":"org.onap.policy.distribution.reception.decoding.policy.file.PolicyDecoderFileInCsarToPolicy",
- "decoderConfigurationName": "apexDecoderConfiguration"
+ "decoderConfigurationName": "toscaPolicyDecoderConfiguration"
}
},
"policyForwarders":{
- "PAPEngineForwarder":{
- "forwarderType":"PAPEngine",
- "forwarderClassName":"org.onap.policy.distribution.forwarding.xacml.pdp.XacmlPdpPolicyForwarder",
- "forwarderConfigurationName": "xacmlPdpConfiguration"
- },
- "ApexForwarder":{
- "forwarderType":"ApexForwarder",
- "forwarderClassName":"org.onap.policy.distribution.forwarding.apex.pdp.ApexPdpPolicyForwarder",
- "forwarderConfigurationName": "apexForwarderConfiguration"
- },
"LifeCycleApiForwarder":{
"forwarderType":"LifeCycleAPI",
"forwarderClassName":"org.onap.policy.distribution.forwarding.lifecycle.api.LifecycleApiPolicyForwarder",
"keystorePassword": "null",
"activeserverTlsAuth": false,
"isFilterinEmptyResources": true,
- "isUseHttpsWithDmaap": false
+ "isUseHttpsWithDmaap": true
}
}
},
"policyDecoderConfigurationParameters":{
"csarToOptimizationPolicyConfiguration":{
- "parameterClassName":"org.onap.policy.distribution.reception.decoding.pdpx.PolicyDecoderCsarPdpxConfigurationParameterGroup",
+ "parameterClassName": "org.onap.policy.distribution.reception.decoding.hpa.PolicyDecoderCsarHpaParameters",
"parameters":{
"policyNamePrefix": "oofCasablanca",
"onapName": "OOF",
"riskLevel": "2"
}
},
- "apexDecoderConfiguration":{
+ "toscaPolicyDecoderConfiguration":{
"parameterClassName":"org.onap.policy.distribution.reception.decoding.policy.file.PolicyDecoderFileInCsarToPolicyParameterGroup",
"parameters":{
- "policyFileName": "apex_policy",
- "policyTypeFileName": "apex_policy_type"
+ "policyFileName": "tosca_policy",
+ "policyTypeFileName": "tosca_policy_type"
}
}
},
"policyForwarderConfigurationParameters":{
- "xacmlPdpConfiguration":{
- "parameterClassName":"org.onap.policy.distribution.forwarding.xacml.pdp.XacmlPdpPolicyForwarderParameterGroup",
- "parameters":{
- "useHttps": true,
- "hostname": "pdp",
- "port": 8081,
- "userName": "testpdp",
- "password": "alpha123",
- "clientAuth": "cHl0aG9uOnRlc3Q=",
- "isManaged": true,
- "pdpGroup": "default"
- }
- },
- "apexForwarderConfiguration":{
- "parameterClassName":"org.onap.policy.distribution.forwarding.apex.pdp.ApexPdpPolicyForwarderParameterGroup",
- "parameters":{
- "hostname":"policy-apex-pdp",
- "port":"12345",
- "ignoreConflicts": true,
- "forceUpdate": true
- }
- },
"lifecycleApiConfiguration":{
"parameterClassName":"org.onap.policy.distribution.forwarding.lifecycle.api.LifecycleApiForwarderParameters",
"parameters":{
# ============LICENSE_START=======================================================
# Copyright (C) 2018 Ericsson. All rights reserved.
-# Modifications Copyright (C) 2019 AT&T Intellectual Property.
+# Modifications Copyright (C) 2019-2020 AT&T Intellectual Property.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-distribution:2.2.1
+image: onap/policy-distribution:2.3.0
pullPolicy: Always
# flag to enable debugging - application support required
# ============LICENSE_START=======================================================
-# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
"topicSources" : [{
"topic" : "POLICY-PDP-PAP",
"servers" : [ "message-router" ],
+ "useHttps" : true,
"topicCommInfrastructure" : "dmaap"
}],
"topicSinks" : [{
"topic" : "POLICY-PDP-PAP",
"servers" : [ "message-router" ],
+ "useHttps" : true,
"topicCommInfrastructure" : "dmaap"
}]
}
# ============LICENSE_START=======================================================
-# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-xacml-pdp:2.1.2
+image: onap/policy-xacml-pdp:2.2.0
pullPolicy: Always
# flag to enable debugging - application support required
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018-2019 AT&T
+# Modifications Copyright © 2018-2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
pdp:
nameOverride: pdp
pap:
- nameOverride: policy
+ nameOverride: pap
drools:
nameOverride: drools
brmwgw:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-pe:1.5.2
+image: onap/policy-pe:1.6.1
mariadb_image: library/mariadb:10
pullPolicy: Always
type: {{ .Values.service.type }}
ports:
{{ if or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer") -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.portName }}2
- - port: {{ .Values.service.externalPort3 }}
- targetPort: {{ .Values.service.internalPort3 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort3 }}
- name: {{ .Values.service.portName }}3
- port: {{ .Values.service.externalPort4 }}
targetPort: {{ .Values.service.internalPort4 }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort4 }}
#cookie domain
cookie_domain = onap.org
+
+{{- if .Values.global.aafEnabled }}
+# External Access System Basic Auth Credentials & Rest endpoint(These credentials doesn't work as these are place holders for now)
+ext_central_access_user_name = aaf_admin@people.osaaf.org
+ext_central_access_password = thiswillbereplacedatruntime
+ext_central_access_url = {{ .Values.aafURL }}/authz/
+ext_central_access_user_domain = @people.osaaf.org
+
+# External Central Auth system access
+remote_centralized_system_access = true
+{{- end }}
\ No newline at end of file
--- /dev/null
+<?xml version='1.0' encoding='utf-8'?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+ Modifications to this file for use in ONAP are also subject to the Apache-2.0 license.
+-->
+<!-- Note: A "Server" is not itself a "Container", so you may not
+ define subcomponents such as "Valves" at this level.
+ Documentation at /docs/config/server.html
+ -->
+<Server port="8005" shutdown="SHUTDOWN">
+ <Listener className="org.apache.catalina.startup.VersionLoggerListener" logArgs="false"/>
+ <!-- Security listener. Documentation at /docs/config/listeners.html
+ <Listener className="org.apache.catalina.security.SecurityListener" />
+ -->
+ <!--APR library loader. Documentation at /docs/apr.html -->
+ <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
+ <!-- Prevent memory leaks due to use of particular java/javax APIs-->
+ <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
+ <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
+ <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
+
+ <!-- Global JNDI resources
+ Documentation at /docs/jndi-resources-howto.html
+ -->
+ <GlobalNamingResources>
+ <!-- Editable user database that can also be used by
+ UserDatabaseRealm to authenticate users
+ -->
+ <Resource name="UserDatabase" auth="Container"
+ type="org.apache.catalina.UserDatabase"
+ description="User database that can be updated and saved"
+ factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
+ pathname="conf/tomcat-users.xml" />
+ </GlobalNamingResources>
+
+ <!-- A "Service" is a collection of one or more "Connectors" that share
+ a single "Container" Note: A "Service" is not itself a "Container",
+ so you may not define subcomponents such as "Valves" at this level.
+ Documentation at /docs/config/service.html
+ -->
+ <Service name="Catalina">
+
+ <!--The connectors can use a shared executor, you can define one or more named thread pools-->
+ <!--
+ <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
+ maxThreads="150" minSpareThreads="4"/>
+ -->
+
+
+ <!-- A "Connector" represents an endpoint by which requests are received
+ and responses are returned. Documentation at :
+ Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
+ Java AJP Connector: /docs/config/ajp.html
+ APR (HTTP/AJP) Connector: /docs/apr.html
+ Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
+ -->
+ <Connector port="8080" protocol="HTTP/1.1"
+ connectionTimeout="20000"
+ {{ if .Values.global.aafEnabled }}
+ redirectPort="8443"
+ {{ end }}
+ />
+ <!-- A "Connector" using the shared thread pool-->
+ <!--
+ <Connector executor="tomcatThreadPool"
+ port="8080" protocol="HTTP/1.1"
+ connectionTimeout="20000"
+ redirectPort="8443" />
+ -->
+ <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443
+ This connector uses the NIO implementation that requires the JSSE
+ style configuration. When using the APR/native implementation, the
+ OpenSSL style configuration is required as described in the APR/native
+ documentation -->
+ <!--
+ <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
+ maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
+ clientAuth="false" sslProtocol="TLS" />
+ -->
+ {{ if .Values.global.aafEnabled }}
+ <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
+ maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
+ keystoreFile="{{.Values.persistence.aafCredsPath}}/{{.Values.aafConfig.keystoreFile}}"
+ keystorePass="${javax.net.ssl.keyStorePassword}"
+ clientAuth="false" sslProtocol="TLS" />
+ {{ end }}
+ <!-- Define an AJP 1.3 Connector on port 8009 -->
+ <Connector port="8009" protocol="AJP/1.3"
+ {{ if .Values.global.aafEnabled }}
+ redirectPort="8443"
+ {{ end }}
+ />
+
+
+ <!-- An Engine represents the entry point (within Catalina) that processes
+ every request. The Engine implementation for Tomcat stand alone
+ analyzes the HTTP headers included with the request, and passes them
+ on to the appropriate Host (virtual host).
+ Documentation at /docs/config/engine.html -->
+
+ <!-- You should set jvmRoute to support load-balancing via AJP ie :
+ <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
+ -->
+ <Engine name="Catalina" defaultHost="localhost">
+
+ <!--For clustering, please take a look at documentation at:
+ /docs/cluster-howto.html (simple how to)
+ /docs/config/cluster.html (reference documentation) -->
+ <!--
+ <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
+ -->
+
+ <!-- Use the LockOutRealm to prevent attempts to guess user passwords
+ via a brute-force attack -->
+ <Realm className="org.apache.catalina.realm.LockOutRealm">
+ <!-- This Realm uses the UserDatabase configured in the global JNDI
+ resources under the key "UserDatabase". Any edits
+ that are performed against this UserDatabase are immediately
+ available for use by the Realm. -->
+ <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
+ resourceName="UserDatabase"/>
+ </Realm>
+
+ <Host name="localhost" appBase="webapps"
+ unpackWARs="true" autoDeploy="true">
+
+ <!-- SingleSignOn valve, share authentication between web applications
+ Documentation at: /docs/config/valve.html -->
+ <!--
+ <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
+ -->
+ <!-- Access log processes all example.
+ Documentation at: /docs/config/valve.html
+ Note: The pattern used is equivalent to using pattern="common" -->
+ <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
+ prefix="localhost_access_log" suffix=".txt"
+ pattern="%h %l %u %t "%r" %s %b" />
+ </Host>
+ </Engine>
+ </Service>
+</Server>
\ No newline at end of file
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/deliveries/properties/ONAPPORTALSDK/*").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/server/*").AsConfig . | indent 2 }}
\ No newline at end of file
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2018,2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ {{- if .Values.global.aafEnabled }}
+ - name: {{ include "common.name" . }}-aaf-readiness
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /root/ready.py
+ args:
+ - --container-name
+ - aaf-locate
+ - --container-name
+ - aaf-cm
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ - name: {{ include "common.name" . }}-aaf-config
+ image: "{{ include "common.repository" . }}/{{ .Values.global.aafAgentImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command: ["bash","-c"]
+ args: ["/opt/app/aaf_config/bin/agent.sh;/opt/app/aaf_config/bin/agent.sh local showpass \
+ {{.Values.aafConfig.fqi}} {{ .Values.aafConfig.fqdn }} > {{ .Values.persistence.aafCredsPath }}/mycreds.prop"]
+ volumeMounts:
+ - mountPath: {{ .Values.persistence.aafCredsPath }}
+ name: {{ include "common.fullname" . }}-aaf-config-vol
+ env:
+ - name: APP_FQI
+ value: "{{ .Values.aafConfig.fqi }}"
+ - name: aaf_locate_url
+ value: "https://aaf-locate.{{ .Release.Namespace }}:8095"
+ - name: aaf_locator_container
+ value: "{{ .Values.global.aafLocatorContainer }}"
+ - name: aaf_locator_container_ns
+ value: "{{ .Release.Namespace }}"
+ - name: aaf_locator_fqdn
+ value: "{{ .Values.aafConfig.fqdn }}"
+ - name: aaf_locator_public_fqdn
+ value: "{{.Values.aafConfig.publicFqdn}}"
+ - name: aaf_locator_app_ns
+ value: "{{ .Values.global.aafAppNs }}"
+ - name: DEPLOY_FQI
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aaf-deploy-creds" "key" "login") | indent 12 }}
+ - name: DEPLOY_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aaf-deploy-creds" "key" "password") | indent 12 }}
+ - name: cadi_longitude
+ value: "{{ .Values.aafConfig.cadiLongitude }}"
+ - name: cadi_latitude
+ value: "{{ .Values.aafConfig.cadiLatitude }}"
+ {{ end }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /start-apache-tomcat.sh
- - -b
- - "{{ .Values.global.env.tomcatDir }}"
+ command: ["bash","-c"]
+ {{- if .Values.global.aafEnabled }}
+ args: ["export $(grep '^c' {{ .Values.persistence.aafCredsPath }}/mycreds.prop | xargs -0);\
+ export _JAVA_OPTIONS=\"-Djavax.net.ssl.trustStorePassword=$cadi_truststore_password \
+ -Djavax.net.ssl.keyStorePassword=$cadi_keystore_password_p12\";\
+ cat /dev/null > {{ .Values.persistence.aafCredsPath }}/mycreds.prop;\
+ /start-apache-tomcat.sh -b {{ .Values.global.env.tomcatDir }}"]
+ env:
+ - name: _CATALINA_OPTS
+ value: >
+ -Djavax.net.ssl.keyStore="{{ .Values.persistence.aafCredsPath }}/{{ .Values.aafConfig.keystoreFile }}"
+ -Djavax.net.ssl.trustStore="{{ .Values.persistence.aafCredsPath }}/{{ .Values.aafConfig.truststoreFile }}"
+ {{- else }}
+ args: ["/start-apache-tomcat.sh -b {{ .Values.global.env.tomcatDir }}"]
+ {{- end }}
ports:
- containerPort: {{ .Values.service.internalPort }}
{{- if eq .Values.liveness.enabled true }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
+ {{- if .Values.global.aafEnabled }}
+ - mountPath: {{ .Values.persistence.aafCredsPath }}
+ name: {{ include "common.fullname" . }}-aaf-config-vol
+ {{- end }}
+ - name: properties-onapportalsdk
+ mountPath: "{{ .Values.global.env.tomcatDir }}/conf/server.xml"
+ subPath: server.xml
- mountPath: /etc/localtime
name: localtime
readOnly: true
emptyDir: {}
- name: portal-tomcat-logs
emptyDir: {}
+ {{- if .Values.global.aafEnabled }}
+ - name: {{ include "common.fullname" . }}-aaf-config-vol
+ emptyDir:
+ medium: Memory
+ {{- end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2018, 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
readinessImage: readiness-check:2.0.0
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
-
+ persistence: {}
+ #AAF global config overrides
+ aafEnabled: true
+ aafAgentImage: onap/aaf/aaf_agent:2.1.15
+ aafAppNs: org.osaaf.aaf
+ aafLocatorContainer: oom
#################################################################
# Application configuration defaults.
#################################################################
+secrets:
+ - uid: aaf-deploy-creds
+ type: basicAuth
+ externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDiabled" .Values.global.aafEnabled }}'
+ login: '{{ .Values.aafConfig.aafDeployFqi }}'
+ password: '{{ .Values.aafConfig.aafDeployPass }}'
+ passwordPolicy: required
+
+## Persist cert data to a memory volume
+persistence:
+ aafCredsPath: /opt/app/osaaf/local
+
# application image
repository: nexus3.onap.org:10001
image: onap/portal-sdk:2.6.0
pullPolicy: Always
+#AAF service
+aafURL: https://aaf-service:8100/
+aafLocateUrl: https://aaf-locate:8095
+
+#AAF local config
+aafConfig:
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: portal
+ fqi: portal@portal.onap.org
+ publicFqdn: portal.onap.org
+ cadiLatitude: 0.0
+ cadiLongitude: 0.0
+ keystoreFile: "org.onap.portal.p12"
+ truststoreFile: "org.onap.portal.trust.jks"
+
# flag to enable debugging - application support required
debugEnabled: false
type: NodePort
name: portal-sdk
portName: portal-sdk
- internalPort: 8080
- externalPort: 8080
+ internalPort: 8443
+ externalPort: 8443
nodePort: 12
mariadb:
service:
- baseaddr: portalsdk
name: "portal-sdk"
- port: 8080
+ port: 8443
config:
ssl: "none"
-Subproject commit 591bfdea4f1d833abee3c7e60f084da546d9082a
+Subproject commit a8e1918a02156ecec86409948d400669c2e67bb7
readinessProbe:
exec:
command:
- - "/var/lib/ready-probe.sh"
+ - "/var/lib/jetty/ready-probe.sh"
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
fieldPath: status.podIP
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
- mountPath: /root/chef-solo/environments/
+ mountPath: /var/lib/jetty/chef-solo/environments/
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
- mountPath: /root/chef-solo/environments/
+ mountPath: /home/sdc/chef-solo/environments/
+ - name: sdc-logs
+ mountPath: /var/lib/jetty/logs
env:
- name: ENVNAME
value: {{ .Values.global.env.name }}
configMap:
name: {{ include "common.release" . }}-sdc-environments-configmap
defaultMode: 0755
+ - name: sdc-logs
+ emptyDir: {}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
restartPolicy: Never
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-backend:1.6.1
-backendInitImage: onap/sdc-backend-init:1.6.1
+image: onap/sdc-backend:1.6.3
+backendInitImage: onap/sdc-backend-init:1.6.3
pullPolicy: Always
# flag to enable debugging - application support required
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
- mountPath: /root/chef-solo/environments/
+ mountPath: /home/sdc/chef-solo/environments/
- name: {{ include "common.fullname" . }}-chef-cache
- mountPath: /root/chef-solo/cache
+ mountPath: /home/sdc/chef-solo/cache
env:
- name: ENVNAME
value: {{ .Values.global.env.name }}
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-cassandra:1.6.1
-cassandraInitImage: onap/sdc-cassandra-init:1.6.1
+image: onap/sdc-cassandra:1.6.3
+cassandraInitImage: onap/sdc-cassandra-init:1.6.3
pullPolicy: Always
fieldPath: status.podIP
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
- mountPath: /root/chef-solo/environments/
+ mountPath: /var/lib/jetty/chef-solo/environments/
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
- mountPath: /root/chef-solo/environments
+ mountPath: /var/lib/jetty/chef-solo/environments
env:
- name: ENVNAME
value: {{ .Values.global.env.name }}
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/dcae-be:1.3.2
+image: onap/dcae-be:1.3.3
pullPolicy: Always
-backendInitImage: onap/dcae-tools:1.3.2
+backendInitImage: onap/dcae-tools:v1.3.3
# flag to enable debugging - application support required
debugEnabled: false
fieldPath: status.podIP
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
- mountPath: /root/chef-solo/environments/
+ mountPath: /var/lib/jetty/chef-solo/environments/
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/dcae-dt:1.3.2
+image: onap/dcae-dt:1.3.3
pullPolicy: IfNotPresent
config:
javaOptions: -XX:MaxPermSize=256m -Xmx1024m -Dconfig.home=config -Dlog.home=/var/lib/jetty/logs/ -Dlogging.config=config/dcae-dt/logback-spring.xml
fieldPath: status.podIP
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
- mountPath: /root/chef-solo/environments/
+ mountPath: /var/lib/jetty/chef-solo/environments/
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/dcae-fe:1.3.2
+image: onap/dcae-fe:1.3.3
pullPolicy: Always
config:
javaOptions: -XX:MaxPermSize=256m -Xmx1024m -Dconfig.home=config -Dlog.home=/var/lib/jetty/logs/ -Dlogging.config=config/dcae-fe/logback-spring.xml
fieldPath: status.podIP
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
- mountPath: /root/chef-solo/environments/
+ mountPath: /var/lib/jetty/chef-solo/environments/
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/dcae-tosca-app:1.3.1
+image: onap/dcae-tosca-app:1.3.3
pullPolicy: Always
# flag to enable debugging - application support required
value: {{ .Values.config.javaOptions }}
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
- mountPath: /root/chef-solo/environments/
+ mountPath: /var/lib/jetty/chef-solo/environments/
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
spec:
type: {{ .Values.service.type }}
ports:
+ {{ if not .Values.global.security.disableHttp }}
+ # setting http port only if enabled
{{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
name: {{ .Values.service.portName }}
- - port: {{ .Values.service.internalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.portName }}2
{{- else -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
name: {{ .Values.service.portName }}
+ {{ end }}
+ {{ end }}
+
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.internalPort2 }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
+ name: {{ .Values.service.portName }}2
+ {{- else -}}
- port: {{ .Values.service.externalPort2 }}
targetPort: {{ .Values.service.internalPort2 }}
name: {{ .Values.service.portName }}2
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-frontend:1.6.1
+image: onap/sdc-frontend:1.6.3
pullPolicy: Always
config:
livenessProbe:
exec:
command:
- - "/var/lib/ready-probe.sh"
+ - "/var/lib/jetty/ready-probe.sh"
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
readinessProbe:
exec:
command:
- - "/var/lib/ready-probe.sh"
+ - "/var/lib/jetty/ready-probe.sh"
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
value: {{ .Values.cert.certDir }}
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
- mountPath: /root/chef-solo/environments/
+ mountPath: /var/lib/jetty/chef-solo/environments/
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
- mountPath: /root/chef-solo/environments/
+ mountPath: /home/sdc/chef-solo/environments/
env:
- name: ENVNAME
value: {{ .Values.global.env.name }}
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-onboard-backend:1.6.1
-onboardingInitImage: onap/sdc-onboard-cassandra-init:1.6.1
+image: onap/sdc-onboard-backend:1.6.3
+onboardingInitImage: onap/sdc-onboard-cassandra-init:1.6.3
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/workflow-backend:1.6.1
-configInitImage: onap/workflow-init:1.6.1
+image: onap/workflow-backend:1.6.2
+configInitImage: onap/workflow-init:1.6.2
pullPolicy: Always
initJob:
serverSSLEnabled: true
serverSSLKeyStoreType: jks
- serverSSLKeyStorePath: /etc/keystore
+ serverSSLKeyStorePath: /home/sdc/etc/keystore
serverSSLTrustStoreType: jks
- serverSSLTrustStorePath: /etc/truststore
+ serverSSLTrustStorePath: /home/sdc/etc/truststore
cassandraSSLEnabled: false
- cassandraTrustStorePath: /etc/truststore
+ cassandraTrustStorePath: /home/sdc/etc/truststore
# default number of instances
replicaCount: 1
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/workflow-frontend:1.6.1
+image: onap/workflow-frontend:1.6.2
pullPolicy: Always
# flag to enable debugging - application support required
"chef_type": "environment",
"default_attributes": {
- "disableHttp": true,
+ "disableHttp": {{ .Values.global.security.disableHttp }},
"CS_VIP": "{{.Values.global.cassandra.serviceName}}.{{include "common.namespace" .}}",
"BE_VIP": "sdc-be.{{include "common.namespace" .}}",
"ONBOARDING_BE_VIP": "sdc-onboarding-be.{{include "common.namespace" .}}",
"private": "eth0"
},
"ECompP": {
- "ecomp_rest_url": "http://portal-app.{{include "common.namespace" .}}:8989/ONAPPORTAL/auxapi",
+ "ecomp_rest_url": "https://portal-app.{{include "common.namespace" .}}:8443/ONAPPORTAL/auxapi",
"ueb_url_list": "message-router.{{include "common.namespace" .}}, message-router.{{include "common.namespace" .}}",
"app_secret": "XftIATw9Jr3VzAcPqt3NnJOu",
"app_key": "x9UfO7JsDn8BESVX",
"inbox_name": "ECOMP-PORTAL-INBOX",
- "ecomp_redirect_url": "http://portal-app.{{include "common.namespace" .}}:8989/ONAPPORTAL/login.htm",
+ "ecomp_redirect_url": "https://portal-app.{{include "common.namespace" .}}:30225/ONAPPORTAL/login.htm",
"app_topic_name": "ECOMP-PORTAL-OUTBOX-SDC1",
"decryption_key": "AGLDdG4D04BKm2IxIWEr8o=="
},
replicaCount: 3
clusterName: cassandra
dataCenter: Pod
-
+ security:
+ disableHttp: true
config:
logstashServiceName: log-ls
logstashPort: 5044
passwordPolicy: required
- uid: ueb-creds
type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.config.odlCredsExternalSecret) . }}'
+ externalSecret: '{{ tpl (default "" .Values.config.uebCredsExternalSecret) . }}'
login: '{{ .Values.config.uebUser }}'
password: '{{ .Values.config.uebPassword }}'
passwordPolicy: required
- name: mariadb-galera
version: ~5.x-0
repository: '@local'
- condition: config.localDBCluster
-
+ condition: .global.mariadbGalera.localCluster
ETC_DIR=${ETC_DIR:-${SDNC_HOME}/data}
BIN_DIR=${BIN_DIR-${SDNC_HOME}/bin}
MYSQL_HOST=${MYSQL_HOST:-dbhost}
-MYSQL_PASSWORD=${MYSQL_PASSWORD:-openECOMP1.0}
+MYSQL_PASSWORD=${MYSQL_ROOT_PASSWORD}
-SDNC_DB_USER=${SDNC_DB_USER:-sdnctl}
-SDNC_DB_PASSWORD=${SDNC_DB_PASSWORD:-gamma}
-SDNC_DB_DATABASE=${SDN_DB_DATABASE:-sdnctl}
+SDNC_DB_USER=${SDNC_DB_USER}
+SDNC_DB_PASSWORD=${SDNC_DB_PASSWORD}
+SDNC_DB_DATABASE=${SDNC_DB_DATABASE}
# Create tablespace and user account
# load schema
if [ -f ${ETC_DIR}/sdnctl.dump ]
then
- mysql -h ${MYSQL_HOST} -u root -p${MYSQL_PASSWORD} sdnctl < ${ETC_DIR}/sdnctl.dump
+ mysql -h ${MYSQL_HOST} -u root -p${MYSQL_PASSWORD} ${SDNC_DB_DATABASE} < ${ETC_DIR}/sdnctl.dump
fi
for datafile in ${ETC_DIR}/*.data.dump
do
- mysql -h ${MYSQL_HOST} -u root -p${MYSQL_PASSWORD} sdnctl < $datafile
+ mysql -h ${MYSQL_HOST} -u root -p${MYSQL_PASSWORD} ${SDNC_DB_DATABASE} < $datafile
done
# Create VNIs 100-199
addToFeatureBoot odl-jolokia
#${ODL_HOME}/bin/client feature:install odl-mdsal-clustering
#${ODL_HOME}/bin/client feature:install odl-jolokia
-
+
echo "Update cluster information statically"
hm=$(hostname)
# Install SDN-C platform components if not already installed and start container
ODL_HOME=${ODL_HOME:-/opt/opendaylight/current}
-ODL_ADMIN_USERNAME=${ODL_ADMIN_USERNAME:-admin}
-ODL_ADMIN_PASSWORD=${ODL_ADMIN_PASSWORD:-Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U}
+ODL_ADMIN_USERNAME=${ODL_ADMIN_USERNAME}
+ODL_ADMIN_PASSWORD=${ODL_ADMIN_PASSWORD}
SDNC_HOME=${SDNC_HOME:-/opt/onap/sdnc}
SDNC_BIN=${SDNC_BIN:-/opt/onap/sdnc/bin}
CCSDK_HOME=${CCSDK_HOME:-/opt/onap/ccsdk}
exec ${ODL_HOME}/bin/karaf server
-
# ============LICENSE_START=======================================================
# openECOMP : SDN-C
# ================================================================================
-# Copyright (C) 2018 ONAP Intellectual Property. All rights
-# reserved.
+# Copyright (C) 2018 ONAP Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
org.onap.ccsdk.sli.adaptors.aai.ssl.trust.psswd=changeit
org.onap.ccsdk.sli.adaptors.aai.host.certificate.ignore=true
-org.onap.ccsdk.sli.adaptors.aai.client.name=sdnc@sdnc.onap.org
-org.onap.ccsdk.sli.adaptors.aai.client.psswd=demo123456!
+org.onap.ccsdk.sli.adaptors.aai.client.name=${AAI_CLIENT_NAME}
+org.onap.ccsdk.sli.adaptors.aai.client.psswd=${AAI_CLIENT_PASSWORD}
org.onap.ccsdk.sli.adaptors.aai.application=openECOMP
#
org.onap.ccsdk.features.blueprints.adaptors.modelservice.type=generic
org.onap.ccsdk.features.blueprints.adaptors.modelservice.enable=true
org.onap.ccsdk.features.blueprints.adaptors.modelservice.url=http://controller-blueprints:8080/api/v1/
-org.onap.ccsdk.features.blueprints.adaptors.modelservice.user=ccsdkapps
-org.onap.ccsdk.features.blueprints.adaptors.modelservice.passwd=ccsdkapps
+org.onap.ccsdk.features.blueprints.adaptors.modelservice.user=${MODELSERVICE_USER}
+org.onap.ccsdk.features.blueprints.adaptors.modelservice.passwd=${MODELSERVICE_PASSWORD}
# Generic RESTCONF Adaptor
org.onap.ccsdk.features.blueprints.adaptors.restconf.type=generic
org.onap.ccsdk.features.blueprints.adaptors.restconf.enable=true
-org.onap.ccsdk.features.blueprints.adaptors.restconf.user=admin
-org.onap.ccsdk.features.blueprints.adaptors.restconf.passwd={{ .Values.config.odlPassword}}
+org.onap.ccsdk.features.blueprints.adaptors.restconf.user=${RESTCONF_USER}
+org.onap.ccsdk.features.blueprints.adaptors.restconf.passwd=${RESTCONF_PASSWORD}
org.onap.ccsdk.features.blueprints.adaptors.restconf.url=http://sdnc:8282/restconf/
###
# ============LICENSE_START=======================================================
-# Copyright (C) 2018 AT&T Intellectual Property. All rights
-# reserved.
+# Copyright (C) 2018 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
###
org.onap.ccsdk.sli.dbtype=jdbc
org.onap.ccsdk.sli.jdbc.hosts=sdnctldb01
-org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.mariadbGalera.serviceName}}.{{.Release.Namespace}}:{{.Values.config.mariadbGalera.internalPort}}/sdnctl
+org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{include "common.mariadbService" $}}:{{include "common.mariadbPort" $}}/{{$.Values.config.dbSdnctlDatabase}}
org.onap.ccsdk.sli.jdbc.driver=org.mariadb.jdbc.Driver
-org.onap.ccsdk.sli.jdbc.database=sdnctl
-org.onap.ccsdk.sli.jdbc.user=sdnctl
-org.onap.ccsdk.sli.jdbc.password={{.Values.config.dbSdnctlPassword}}
+org.onap.ccsdk.sli.jdbc.database={{$.Values.config.dbSdnctlDatabase}}
+org.onap.ccsdk.sli.jdbc.user=${SDNC_DB_USER}
+org.onap.ccsdk.sli.jdbc.password=${SDNC_DB_PASSWORD}
org.onap.ccsdk.sli.jdbc.connection.name=sdnctldb01
org.onap.ccsdk.sli.jdbc.connection.timeout=50
org.onap.ccsdk.sli.jdbc.request.timeout=100
#ANSIBLE
ansible.agenturl=http://{{.Values.config.ansibleServiceName}}:{{.Values.config.ansiblePort}}/Dispatch
-ansible.user=sdnc
-ansible.password=sdnc
+ansible.user=${ANSIBLE_USER}
+ansible.password=${ANSIBLE_PASSWORD}
ansible.lcm.localparameters=
ansible.nodelist=
ansible.timeout=60
lcm.restconf.configscaleout.templatefile=lcm-restconf-configscaleout.json
lcm.restconf.configscaleout.urlpath=/restconf/config/vlb-business-vnf-onap-plugin:vlb-business-vnf-onap-plugin/vdns-instances/vdns-instance/
lcm.restconf.configscaleout.geturlpath=/restconf/operational/health-vnf-onap-plugin:health-vnf-onap-plugin-state/health-check
-lcm.restconf.configscaleout.user=admin
-lcm.restconf.configscaleout.password=admin
-lcm.restconf.user=admin
-lcm.restconf.password=admin
+lcm.restconf.configscaleout.user=${SCALEOUT_USER}
+lcm.restconf.configscaleout.password=${SCALEOUT_PASSWORD}
+lcm.restconf.user=${RESTCONF_USER}
+lcm.restconf.password=${RESTCONF_PASSWORD}
lcm.restconf.port=8183
#DMAAP
# Configuration file for Netbox client
org.onap.ccsdk.sli.adaptors.netbox.url=http://netbox-app.{{.Release.Namespace}}:8001
-org.onap.ccsdk.sli.adaptors.netbox.apikey=onceuponatimeiplayedwithnetbox20180814
\ No newline at end of file
+org.onap.ccsdk.sli.adaptors.netbox.apikey=${NETBOX_API_KEY}
\ No newline at end of file
# ============LICENSE_START=======================================================
# openECOMP : SDN-C
# ================================================================================
-# Copyright (C) 2017 AT&T Intellectual Property. All rights
-# reserved.
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
###
org.onap.ccsdk.sli.dbtype = jdbc
-org.onap.ccsdk.sli.jdbc.url = jdbc:mysql://{{.Values.config.mariadbGalera.serviceName}}.{{.Release.Namespace}}:{{.Values.config.mariadbGalera.internalPort}}/sdnctl
-org.onap.ccsdk.sli.jdbc.database = sdnctl
-org.onap.ccsdk.sli.jdbc.user = sdnctl
-org.onap.ccsdk.sli.jdbc.password = {{.Values.config.dbSdnctlPassword}}
-
+org.onap.ccsdk.sli.jdbc.url = jdbc:mysql://{{include "common.mariadbService" $}}:{{include "common.mariadbPort" $}}/{{$.Values.config.dbSdnctlDatabase}}
+org.onap.ccsdk.sli.jdbc.database = {{$.Values.config.dbSdnctlDatabase}}
+org.onap.ccsdk.sli.jdbc.user = ${SDNC_DB_USER}
+org.onap.ccsdk.sli.jdbc.password = ${SDNC_DB_PASSWORD}
name: {{ include "common.name" . }}
spec:
initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: AAI_CLIENT_NAME
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aai-user-creds" "key" "login") | indent 10 }}
+ - name: AAI_CLIENT_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aai-user-creds" "key" "password") | indent 10 }}
+ - name: MODELSERVICE_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "modeling-user-creds" "key" "login") | indent 10 }}
+ - name: MODELSERVICE_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "modeling-user-creds" "key" "password") | indent 10 }}
+ - name: RESTCONF_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "restconf-creds" "key" "login") | indent 10 }}
+ - name: RESTCONF_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "restconf-creds" "key" "password") | indent 10 }}
+ - name: ANSIBLE_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "ansible-creds" "key" "login") | indent 10 }}
+ - name: ANSIBLE_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "ansible-creds" "key" "password") | indent 10 }}
+ - name: SCALEOUT_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "scaleout-creds" "key" "login") | indent 10 }}
+ - name: SCALEOUT_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "scaleout-creds" "key" "password") | indent 10 }}
+ - name: NETBOX_APIKEY
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "netbox-apikey" "key" "password") | indent 10 }}
+ - name: SDNC_DB_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ - name: SDNC_DB_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: config-input
+ - mountPath: /config
+ name: properties
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+
- name: {{ include "common.name" . }}-readiness
command:
- /root/ready.py
args:
- --container-name
- - {{ .Values.config.mariadbGalera.chartName }}
+ - {{ include "common.mariadbService" . }}
env:
- name: NAMESPACE
valueFrom:
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
- - name: MYSQL_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}
- key: db-root-password
+ - name: MYSQL_ROOT_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-password" "key" "password") | indent 12 }}
+ - name: ODL_ADMIN_USERNAME
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "login") | indent 12 }}
- name: ODL_ADMIN_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}-odl
- key: odl-password
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "password") | indent 12 }}
+ - name: SDNC_DB_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
- name: SDNC_DB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}-sdnctl
- key: db-sdnctl-password
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
- name: MYSQL_HOST
- value: "{{.Values.config.mariadbGalera.serviceName}}.{{.Release.Namespace}}"
+ value: {{ include "common.mariadbService" . }}
- name: SDNC_HOME
value: "{{.Values.config.sdncHome}}"
- name: ETC_DIR
value: "{{.Values.config.etcDir}}"
- name: BIN_DIR
value: "{{.Values.config.binDir}}"
- - name: SDNC_DB_USER
- value: "{{.Values.config.dbSdnctlUser}}"
- name: SDNC_DB_DATABASE
value: "{{.Values.config.dbSdnctlDatabase}}"
volumeMounts:
configMap:
name: {{ include "common.fullname" . }}-bin
defaultMode: 0755
- - name: properties
+ - name: config-input
configMap:
name: {{ include "common.fullname" . }}-properties
defaultMode: 0644
+ - name: properties
+ emptyDir:
+ medium: Memory
restartPolicy: Never
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
-
+++ /dev/null
-{{ if .Values.global.aafEnabled }}
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-aaf
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ .Release.Name }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
- aaf-password: {{ .Values.aaf_init.deploy_pass | b64enc | quote }}
-{{ end }}
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
- db-root-password: {{ .Values.config.dbRootPassword | b64enc | quote }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-odl
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
- odl-password: {{ .Values.config.odlPassword | b64enc | quote }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-sdnctl
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
- db-sdnctl-password: {{ .Values.config.dbSdnctlPassword | b64enc | quote }}
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secret" . }}
}
]'
spec:
- type: {{ .Values.service.type }}
+ type: NodePort
ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
+ - name: "{{ .Values.service.portName }}-restconf"
{{ if not .Values.global.aafEnabled }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort4 }}
- {{ end }}
- name: "{{ .Values.service.portName }}-8282"
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: "{{ .Values.service.portName }}-8202"
- - port: {{ .Values.service.externalPort3 }}
- targetPort: {{ .Values.service.internalPort3 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort3 }}
- name: "{{ .Values.service.portName }}-8280"
- - port: {{ .Values.service.externalPort4 }}
+ port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ {{- else -}}
+ port: {{ .Values.service.externalPort4 }}
targetPort: {{ .Values.service.internalPort4 }}
- {{ if .Values.global.aafEnabled }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort4 }}
{{ end }}
- name: "{{ .Values.service.portName }}-8443"
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort4 }}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: "{{ .Values.service.name }}-oam"
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: ClusterIP
+ ports:
+ - name: "{{ .Values.service.portName }}-restconf-alt"
+ {{ if .Values.global.aafEnabled }}
+ port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
+ {{- else -}}
+ port: {{ .Values.service.internalPort4 }}
+ target: {{ .Values.service.internalPort4 }}
+ {{ end }}
+ - name: "{{ .Values.service.portName }}-karaf"
+ port: {{ .Values.service.externalPort2 }}
+ targetPort: {{ .Values.service.internalPort2 }}
selector:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
release: {{ include "common.release" . }}
spec:
initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: AAI_CLIENT_NAME
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aai-user-creds" "key" "login") | indent 10 }}
+ - name: AAI_CLIENT_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aai-user-creds" "key" "password") | indent 10 }}
+ - name: MODELSERVICE_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "modeling-user-creds" "key" "login") | indent 10 }}
+ - name: MODELSERVICE_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "modeling-user-creds" "key" "password") | indent 10 }}
+ - name: RESTCONF_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "restconf-creds" "key" "login") | indent 10 }}
+ - name: RESTCONF_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "restconf-creds" "key" "password") | indent 10 }}
+ - name: ANSIBLE_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "ansible-creds" "key" "login") | indent 10 }}
+ - name: ANSIBLE_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "ansible-creds" "key" "password") | indent 10 }}
+ - name: SCALEOUT_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "scaleout-creds" "key" "login") | indent 10 }}
+ - name: SCALEOUT_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "scaleout-creds" "key" "password") | indent 10 }}
+ - name: NETBOX_APIKEY
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "netbox-apikey" "key" "password") | indent 10 }}
+ - name: SDNC_DB_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ - name: SDNC_DB_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: config-input
+ - mountPath: /config
+ name: properties
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+
- command:
- /root/ready.py
args:
- --container-name
- - {{ .Values.config.mariadbGalera.chartName }}
+ - {{ include "common.mariadbService" . }}
env:
- name: NAMESPACE
valueFrom:
- name: aaf_locator_app_ns
value: "{{ .Values.aaf_init.app_ns }}"
- name: DEPLOY_FQI
- value: "{{ .Values.aaf_init.deploy_fqi }}"
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aaf-creds" "key" "login") | indent 12 }}
- name: DEPLOY_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" .}}-aaf
- key: aaf-password
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aaf-creds" "key" "password") | indent 12 }}
- name: cadi_longitude
value: "{{ .Values.aaf_init.cadi_longitude }}"
- name: cadi_latitude
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- - name: MYSQL_ROOT_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}
- key: db-root-password
- - name: ODL_ADMIN_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}-odl
- key: odl-password
- - name: SDNC_DB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}-sdnctl
- key: db-sdnctl-password
- - name: SDNC_CONFIG_DIR
- value: "{{ .Values.config.configDir }}"
- - name: ENABLE_ODL_CLUSTER
- value: "{{ .Values.config.enableClustering }}"
- - name: MY_ODL_CLUSTER
- value: "{{ .Values.config.myODLCluster }}"
- - name: PEER_ODL_CLUSTER
- value: "{{ .Values.config.peerODLCluster }}"
- - name: IS_PRIMARY_CLUSTER
- value: "{{ .Values.config.isPrimaryCluster }}"
- - name: GEO_ENABLED
- value: "{{ .Values.config.geoEnabled}}"
- - name: SDNC_AAF_ENABLED
- value: "{{ .Values.global.aafEnabled}}"
- - name: SDNC_REPLICAS
- value: "{{ .Values.replicaCount }}"
- - name: MYSQL_HOST
- value: "{{.Values.config.mariadbGalera.serviceName}}.{{.Release.Namespace}}"
- - name: JAVA_HOME
- value: "{{ .Values.config.javaHome}}"
+ - name: MYSQL_ROOT_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-password" "key" "password") | indent 12 }}
+ - name: ODL_ADMIN_USERNAME
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "login") | indent 12 }}
+ - name: ODL_ADMIN_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "password") | indent 12 }}
+ - name: SDNC_DB_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
+ - name: SDNC_DB_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
+ - name: SDNC_CONFIG_DIR
+ value: "{{ .Values.config.configDir }}"
+ - name: ENABLE_ODL_CLUSTER
+ value: "{{ .Values.config.enableClustering }}"
+ - name: MY_ODL_CLUSTER
+ value: "{{ .Values.config.myODLCluster }}"
+ - name: PEER_ODL_CLUSTER
+ value: "{{ .Values.config.peerODLCluster }}"
+ - name: IS_PRIMARY_CLUSTER
+ value: "{{ .Values.config.isPrimaryCluster }}"
+ - name: GEO_ENABLED
+ value: "{{ .Values.config.geoEnabled}}"
+ - name: SDNC_AAF_ENABLED
+ value: "{{ .Values.global.aafEnabled}}"
+ - name: SDNC_REPLICAS
+ value: "{{ .Values.replicaCount }}"
+ - name: MYSQL_HOST
+ value: {{ include "common.mariadbService" . }}
+ - name: JAVA_HOME
+ value: "{{ .Values.config.javaHome}}"
volumeMounts:
- mountPath: /etc/localtime
name: localtime
configMap:
name: {{ include "common.fullname" . }}-bin
defaultMode: 0755
- - name: properties
+ - name: config-input
configMap:
name: {{ include "common.fullname" . }}-properties
defaultMode: 0644
+ - name: properties
+ emptyDir:
+ medium: Memory
- name: {{ include "common.fullname" . }}-certs
{{ if .Values.certpersistence.enabled }}
persistentVolumeClaim:
persistence:
mountPath: /dockerdata-nfs
aafEnabled: true
+ # envsusbt
+ envsubstImage: dibi/envsubst
+ mariadbGalera:
+ #This flag allows SO to instantiate its own mariadb-galera cluster
+ #If shared instance is used, this chart assumes that DB already exists
+ localCluster: false
+ service: mariadb-galera
+ internalPort: 3306
+ nameOverride: mariadb-galera
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-root-password
+ name: '{{ include "common.release" . }}-sdnc-db-root-password'
+ type: password
+ externalSecret: '{{ .Values.global.mariadbGalera.localCluster | ternary (default (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (index .Values "mariadb-galera" "nameOverride"))) (index .Values "mariadb-galera" "config" "mariadbRootPasswordExternalSecret")) (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) }}'
+ password: '{{ (index .Values "mariadb-galera" "config" "mariadbRootPassword" }}'
+ - uid: db-secret
+ name: &dbSecretName '{{ include "common.release" . }}-sdnc-db-secret'
+ type: basicAuth
+ # This is a nasty trick that allows you override this secret using external one
+ # with the same field that is used to pass this to subchart
+ externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "sdnc-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}'
+ login: '{{ index .Values "mariadb-galera" "config" "userName" }}'
+ password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}'
+ - uid: odl-creds
+ name: &odlCredsSecretName '{{ include "common.release" . }}-sdnc-odl-creds'
+ type: basicAuth
+ externalSecret: '{{ .Values.config.odlCredsExternalSecret }}'
+ login: '{{ .Values.config.odlUser }}'
+ password: '{{ .Values.config.odlPassword }}'
+ # For now this is left hardcoded but should be revisited in a future
+ passwordPolicy: required
+ - uid: aaf-creds
+ type: basicAuth
+ externalSecret: '{{ ternary (tpl (default "" .Values.aaf_init.aafDeployCredsExternalSecret) .) "aafIsDiabled" .Values.global.aafEnabled }}'
+ login: '{{ .Values.aaf_init.deploy_fqi }}'
+ password: '{{ .Values.aaf_init.deploy_pass }}'
+ passwordPolicy: required
+ - uid: netbox-apikey
+ type: password
+ externalSecret: '{{ .Values.config.netboxApikeyExternalSecret }}'
+ password: '{{ .Values.config.netboxApikey }}'
+ passwordPolicy: required
+ - uid: aai-user-creds
+ type: basicAuth
+ externalSecret: '{{ .Values.config.aaiCredsExternalSecret}}'
+ login: '{{ .Values.config.aaiUser }}'
+ password: '{{ .Values.config.aaiPassword }}'
+ passwordPolicy: required
+ - uid: modeling-user-creds
+ type: basicAuth
+ externalSecret: '{{ .Values.config.modelingCredsExternalSecret}}'
+ login: '{{ .Values.config.modelingUser }}'
+ password: '{{ .Values.config.modelingPassword }}'
+ passwordPolicy: required
+ - uid: restconf-creds
+ type: basicAuth
+ externalSecret: '{{ .Values.config.restconfCredsExternalSecret}}'
+ login: '{{ .Values.config.restconfUser }}'
+ password: '{{ .Values.config.restconfPassword }}'
+ passwordPolicy: required
+ - uid: ansible-creds
+ name: &ansibleSecretName '{{ include "common.release" . }}-sdnc-ansible-creds'
+ type: basicAuth
+ externalSecret: '{{ .Values.config.ansibleCredsExternalSecret}}'
+ login: '{{ .Values.config.ansibleUser }}'
+ password: '{{ .Values.config.ansiblePassword }}'
+ passwordPolicy: required
+ - uid: scaleout-creds
+ type: basicAuth
+ externalSecret: '{{ .Values.config.scaleoutCredsExternalSecret}}'
+ login: '{{ .Values.config.scaleoutUser }}'
+ password: '{{ .Values.config.scaleoutPassword }}'
+ passwordPolicy: required
#################################################################
# Application configuration defaults.
config:
odlUid: 100
odlGid: 101
+ odlUser: admin
odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
- dbRootPassword: secretpassword
- dbSdnctlUser: sdnctl
- dbSdnctlDatabase: sdnctl
- dbSdnctlPassword: gamma
+ # odlCredsExternalSecret: some secret
+ netboxApikey: onceuponatimeiplayedwithnetbox20180814
+ # netboxApikeyExternalSecret: some secret
+ aaiUser: sdnc@sdnc.onap.org
+ aaiPassword: demo123456!
+ # aaiCredsExternalSecret: some secret
+ modelingUser: ccsdkapps
+ modelingPassword: ccsdkapps
+ # modelingCredsExternalSecret: some secret
+ restconfUser: admin
+ restconfPassword: admin
+ # restconfCredsExternalSecret: some secret
+ scaleoutUser: admin
+ scaleoutPassword: admin
+ # scaleoutExternalSecret: some secret
+ ansibleUser: sdnc
+ ansiblePassword: sdnc
+ # ansibleCredsExternalSecret: some secret
+ dbSdnctlDatabase: &sdncDbName sdnctl
enableClustering: true
sdncHome: /opt/onap/sdnc
binDir: /opt/onap/sdnc/bin
parallelGCThreads : 3
numberGGLogFiles: 10
-
-
- #local Mariadb-galera cluster
- localDBCluster: false
-
- #Shared mariadb-galera details
- mariadbGalera:
- chartName: mariadb-galera
- serviceName: mariadb-galera
- internalPort: 3306
-
# dependency / sub-chart configuration
aaf_init:
agentImage: onap/aaf/aaf_agent:2.1.15
cadi_latitude: "38.0"
cadi_longitude: "-72.0"
+mariadb-galera: &mariadbGalera
+ nameOverride: sdnc-db
+ config: &mariadbGaleraConfig
+ rootPasswordExternalSecret: '{{ ternary (include "common.release" .)-sdnc-db-root-password "" .Values.global.mariadbGalera.localCluster }}'
+ userName: sdnctl
+ userCredentialsExternalSecret: *dbSecretName
+ service:
+ name: sdnc-dbhost
+ internalPort: 3306
+ sdnctlPrefix: sdnc
+ persistence:
+ mountSubPath: sdnc/mariadb-galera
+ enabled: true
+ replicaCount: 1
+
cds:
enabled: false
dmaap-listener:
nameOverride: sdnc-dmaap-listener
+ mariadb-galera:
+ <<: *mariadbGalera
+ config:
+ <<: *mariadbGaleraConfig
+ mysqlDatabase: *sdncDbName
config:
sdncChartName: sdnc
- mysqlChartName: mariadb-galera
dmaapPort: 3904
sdncPort: 8282
configDir: /opt/onap/sdnc/data/properties
- odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+ odlCredsExternalSecret: *odlCredsSecretName
ueb-listener:
+ mariadb-galera:
+ <<: *mariadbGalera
+ config:
+ <<: *mariadbGaleraConfig
+ mysqlDatabase: *sdncDbName
nameOverride: sdnc-ueb-listener
config:
sdncPort: 8282
sdncChartName: sdnc
- mysqlChartName: mariadb-galera
configDir: /opt/onap/sdnc/data/properties
- odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+ odlCredsExternalSecret: *odlCredsSecretName
sdnc-portal:
+ mariadb-galera:
+ <<: *mariadbGalera
+ config:
+ <<: *mariadbGaleraConfig
+ mysqlDatabase: *sdncDbName
config:
sdncChartName: sdnc
- mysqlChartName: mariadb-galera
configDir: /opt/onap/sdnc/data/properties
- dbRootPassword: secretpassword
- dbSdnctlPassword: gamma
- odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+ odlCredsExternalSecret: *odlCredsSecretName
sdnc-ansible-server:
+ config:
+ restCredsExternalSecret: *ansibleSecretName
+ mariadb-galera:
+ <<: *mariadbGalera
+ config:
+ <<: *mariadbGaleraConfig
+ mysqlDatabase: ansible
service:
name: sdnc-ansible-server
internalPort: 8000
- config:
- mysqlServiceName: mariadb-galera
-
-mariadb-galera:
- nameOverride: sdnc-db
- service:
- name: sdnc-dbhost
- internalPort: 3306
- sdnctlPrefix: sdnc
- persistence:
- mountSubPath: sdnc/mariadb-galera
- enabled: true
- replicaCount: 1
dgbuilder:
nameOverride: sdnc-dgbuilder
config:
+ db:
+ dbName: *sdncDbName
+ rootPasswordExternalSecret: '{{ ternary (printf "%s-sdnc-db-root-password" (include "common.release" .)) (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" "mariadb-galera")) .Values.global.mariadbGalera.localCluster }}'
+ userCredentialsExternalSecret: *dbSecretName
dbPodName: mariadb-galera
dbServiceName: mariadb-galera
- dbRootPassword: secretpassword
- dbSdnctlPassword: gamma
+ # This should be revisited and changed to plain text
dgUserPassword: cc03e747a6afbbcbf8be7668acfebee5
+ mariadb-galera:
service:
name: sdnc-dgbuilder
nodePort: "03"
#port
externalPort: 8282
- nodePort: "02"
externalPort2: 8202
- nodePort2: "08"
externalPort3: 8280
- nodePort3: 46
externalPort4: 8443
nodePort4: 67
si:
svc:
types: PORT-MIRROR,PPROBE
+ dmaap:
+ host: http://message-router.{{ include "common.namespace" . }}:3904
+ timeout: 30000
+ lcm:
+ path: '/restconf/operations/LCM:'
+ actionTimeout: 300000
+ dmapp:
+ readTopic: SDNC-LCM-WRITE
+ writeTopic: SDNC-LCM-READ
appc:
client:
topic:
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-log
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
+
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.readwrite.port
- name: DB_USERNAME
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.rolename
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- name: DB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
- name: DB_ADMIN_USERNAME
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.rolename
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- name: DB_ADMIN_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.password
- {{- if eq .Values.global.security.aaf.enabled true }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
+ {{- if eq .Values.global.security.aaf.enabled true }}
- name: TRUSTSTORE
value: /app/org.onap.so.trust.jks
- name: TRUSTSTORE_PASSWORD
- name: config
mountPath: /app/config
readOnly: true
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
{{ include "helpers.livenessProbe" .| indent 8 }}
ports:
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
protocol: TCP
+ # Filebeat sidecar container
+ - name: {{ include "common.name" . }}-filebeat-onap
+ image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ mountPath: /usr/share/filebeat/data
+ - name: logs
+ mountPath: /var/log/onap/so
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
volumes:
- name: logs
emptyDir: {}
- name: config
configMap:
name: {{ include "common.fullname" . }}-app-configmap
+ - name: {{ include "common.fullname" . }}-log-conf
+ configMap:
+ name: {{ include "common.fullname" . }}-log
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ configMap:
+ name: {{ .Release.Name }}-so-filebeat-configmap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
persistence:
mountPath: /dockerdata-nfs
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-user-creds
+ name: '{{ include "common.release" . }}-so-bpmn-infra-db-user-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ passwordPolicy: required
+ - uid: db-admin-creds
+ name: '{{ include "common.release" . }}-so-bpmn-infra-db-admin-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ passwordPolicy: required
+
+
#################################################################
# Application configuration defaults.
#################################################################
image: onap/so/bpmn-infra:1.5.3
pullPolicy: Always
+db:
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
replicaCount: 1
minReadySeconds: 10
containerPort: 8081
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.readwrite.port
- name: DB_USERNAME
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.rolename
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- name: DB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
- name: DB_ADMIN_USERNAME
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.rolename
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- name: DB_ADMIN_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
{{- if eq .Values.global.security.aaf.enabled true }}
- name: TRUSTSTORE
value: /app/org.onap.so.trust.jks
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
persistence:
mountPath: /dockerdata-nfs
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-user-creds
+ name: '{{ include "common.release" . }}-so-catalog-db-adapter-db-user-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ passwordPolicy: required
+ - uid: db-admin-creds
+ name: '{{ include "common.release" . }}-so-catalog-db-adapter-db-admin-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ passwordPolicy: required
+
#################################################################
# Application configuration defaults.
#################################################################
image: onap/so/catalog-db-adapter:1.5.3
pullPolicy: Always
+db:
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
+
replicaCount: 1
minReadySeconds: 10
containerPort: 8082
echo "Creating camundabpmn database . . ." 1>/tmp/mariadb-camundabpmn.log 2>&1
-mysql -uroot -p$MYSQL_ROOT_PASSWORD << 'EOF' || exit 1
-DROP DATABASE IF EXISTS `camundabpmn`;
-CREATE DATABASE `camundabpmn`;
-DROP USER IF EXISTS 'camundauser';
-CREATE USER 'camundauser';
-GRANT ALL on camundabpmn.* to 'camundauser' identified by 'camunda123' with GRANT OPTION;
+mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1
+DROP DATABASE IF EXISTS camundabpmn;
+CREATE DATABASE camundabpmn;
+DROP USER IF EXISTS '${CAMUNDA_DB_USER}';
+CREATE USER '${CAMUNDA_DB_USER}';
+GRANT ALL on camundabpmn.* to '${CAMUNDA_DB_USER}' identified by '${CAMUNDA_DB_PASSWORD}' with GRANT OPTION;
FLUSH PRIVILEGES;
EOF
echo "Creating requestdb database . . ." 1>/tmp/mariadb-requestdb.log 2>&1
-mysql -uroot -p$MYSQL_ROOT_PASSWORD << 'EOF' || exit 1
-DROP DATABASE IF EXISTS `requestdb`;
-CREATE DATABASE /*!32312 IF NOT EXISTS*/ `requestdb` /*!40100 DEFAULT CHARACTER SET latin1 */;
-DROP USER IF EXISTS 'requestuser';
-CREATE USER 'requestuser';
-GRANT ALL on requestdb.* to 'requestuser' identified by 'request123' with GRANT OPTION;
+mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1
+DROP DATABASE IF EXISTS requestdb;
+CREATE DATABASE /*!32312 IF NOT EXISTS*/ requestdb /*!40100 DEFAULT CHARACTER SET latin1 */;
+DROP USER IF EXISTS '${REQUEST_DB_USER}';
+CREATE USER '${REQUEST_DB_USER}';
+GRANT ALL on requestdb.* to '${REQUEST_DB_USER}' identified by '${REQUEST_DB_PASSWORD}' with GRANT OPTION;
FLUSH PRIVILEGES;
EOF
echo "Creating catalogdb database . . ." 1>/tmp/mariadb-catalogdb.log 2>&1
-mysql -uroot -p$MYSQL_ROOT_PASSWORD << 'EOF' || exit 1
-DROP DATABASE IF EXISTS `catalogdb`;
-CREATE DATABASE /*!32312 IF NOT EXISTS*/ `catalogdb` /*!40100 DEFAULT CHARACTER SET latin1 */;
-DROP USER IF EXISTS 'cataloguser';
-CREATE USER 'cataloguser';
-GRANT ALL on catalogdb.* to 'cataloguser' identified by 'catalog123' with GRANT OPTION;
+mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1
+DROP DATABASE IF EXISTS catalogdb;
+CREATE DATABASE /*!32312 IF NOT EXISTS*/ catalogdb /*!40100 DEFAULT CHARACTER SET latin1 */;
+DROP USER IF EXISTS '${CATALOG_DB_USER}';
+CREATE USER '${CATALOG_DB_USER}';
+GRANT ALL on catalogdb.* to '${CATALOG_DB_USER}' identified by '${CATALOG_DB_PASSWORD}' with GRANT OPTION;
FLUSH PRIVILEGES;
EOF
echo "Creating so user . . ." 1>/tmp/mariadb-so-user.log 2>&1
-mysql -uroot -p$MYSQL_ROOT_PASSWORD << 'EOF' || exit 1
-DROP USER IF EXISTS 'so_user';
-CREATE USER 'so_user';
-GRANT USAGE ON *.* TO 'so_user'@'%' IDENTIFIED BY 'so_User123';
-GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON `requestdb`.* TO 'so_user'@'%';
-GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON `catalogdb`.* TO 'so_user'@'%';
-GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON `camundabpmn`.* TO 'so_user'@'%';
+mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1
+DROP USER IF EXISTS '${DB_USER}';
+CREATE USER '${DB_USER}';
+GRANT USAGE ON *.* TO '${DB_USER}'@'%' IDENTIFIED BY '${DB_PASSWORD}';
+GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON requestdb.* TO '${DB_USER}'@'%';
+GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON catalogdb.* TO '${DB_USER}'@'%';
+GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON camundabpmn.* TO '${DB_USER}'@'%';
FLUSH PRIVILEGES;
EOF
echo "Creating so admin user . . ." 1>/tmp/mariadb-so-admin.log 2>&1
-mysql -uroot -p$MYSQL_ROOT_PASSWORD << 'EOF' || exit 1
-DROP USER IF EXISTS 'so_admin';
-CREATE USER 'so_admin';
-GRANT USAGE ON *.* TO 'so_admin'@'%' IDENTIFIED BY 'so_Admin123';
-GRANT ALL PRIVILEGES ON `camundabpmn`.* TO 'so_admin'@'%' WITH GRANT OPTION;
-GRANT ALL PRIVILEGES ON `requestdb`.* TO 'so_admin'@'%' WITH GRANT OPTION;
-GRANT ALL PRIVILEGES ON `catalogdb`.* TO 'so_admin'@'%' WITH GRANT OPTION;
+mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1
+DROP USER IF EXISTS '${DB_ADMIN}';
+CREATE USER '${DB_ADMIN}';
+GRANT USAGE ON *.* TO '${DB_ADMIN}'@'%' IDENTIFIED BY '${DB_ADMIN_PASSWORD}';
+GRANT ALL PRIVILEGES ON camundabpmn.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION;
+GRANT ALL PRIVILEGES ON requestdb.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION;
+GRANT ALL PRIVILEGES ON catalogdb.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION;
FLUSH PRIVILEGES;
EOF
- name: DB_HOST
value: {{ .Values.global.migration.dbHost }}
- name: DB_USER
- value: {{ .Values.global.migration.dbUser }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-backup-creds" "key" "login") | indent 10 }}
- name: DB_PORT
value: "{{ .Values.global.migration.dbPort }}"
- name: DB_PASS
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}-migration
- key: db-root-password-backup
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-backup-creds" "key" "password") | indent 10 }}
command:
- /bin/bash
- -c
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.readwrite.port
- name: MYSQL_ROOT_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}
- key: db-root-password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 10 }}
+ - name: DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
+ - name: DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
+ - name: DB_ADMIN
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
+ - name: DB_ADMIN_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
+ - name: CAMUNDA_DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "camunda-db-creds" "key" "login") | indent 10 }}
+ - name: CAMUNDA_DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "camunda-db-creds" "key" "password") | indent 10 }}
+ - name: REQUEST_DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "request-db-creds" "key" "login") | indent 10 }}
+ - name: REQUEST_DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "request-db-creds" "key" "password") | indent 10 }}
+ - name: CATALOG_DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "catalog-db-creds" "key" "login") | indent 10 }}
+ - name: CATALOG_DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "catalog-db-creds" "key" "password") | indent 10 }}
volumeMounts:
- mountPath: /etc/localtime
name: localtime
# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
- db-root-password: {{ .Values.global.mariadbGalera.mariadbRootPassword | b64enc | quote }}
-{{- if .Values.global.migration.enabled }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-migration
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- "helm.sh/hook": pre-upgrade,pre-install
- "helm.sh/hook-weight": "0"
- "helm.sh/hook-delete-policy": before-hook-creation
-type: Opaque
-data:
- db-root-password-backup: {{ .Values.global.migration.dbPassword | b64enc | quote }}
-{{- end }}
+
+{{ include "common.secretFast" . }}
readinessImage: readiness-check:2.0.2
ubuntuInitRepository: registry.hub.docker.com
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-root-pass
+ name: '{{ include "common.release" . }}-so-mariadb-root-pass'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.db.rootPasswordExternalSecret) . }}'
+ password: '{{ .Values.db.rootPassword }}'
+ passwordPolicy: required
+ - uid: db-backup-creds
+ name: '{{ include "common.release" . }}-so-mariadb-backup-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.backupCredsExternalSecret) . }}'
+ login: '{{ .Values.db.backupUser }}'
+ password: '{{ .Values.db.backupPassword }}'
+ passwordPolicy: required
+ annotations:
+ helm.sh/hook: pre-upgrade,pre-install
+ helm.sh/hook-weight: "0"
+ helm.sh/hook-delete-policy: before-hook-creation
+ - uid: db-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ - uid: db-admin-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ - uid: camunda-db-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.camunda.dbCredsExternalSecret) . }}'
+ login: '{{ .Values.db.camunda.userName }}'
+ password: '{{ .Values.db.camunda.password }}'
+ - uid: request-db-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.request.dbCredsExternalSecret) . }}'
+ login: '{{ .Values.db.request.userName }}'
+ password: '{{ .Values.db.request.password }}'
+ - uid: catalog-db-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.catalog.dbCredsExternalSecret) . }}'
+ login: '{{ .Values.db.catalog.userName }}'
+ password: '{{ .Values.db.catalog.password }}'
+
+
+
#################################################################
# Application configuration defaults.
#################################################################
pullPolicy: Always
ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
+# db config
+db:
+ rootPassword: secretpassword
+ # rootPasswordExternalSecret: some secret
+ backupPassword: secretpassword
+ backupUser: root
+ # backupCredsExternalSecret: some secret
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
+ camunda:
+ userName: camundauser
+ password: camunda123
+ # dbCredsExternalSecret: some secret
+ request:
+ userName: requestuser
+ password: request123
+ # dbCredsExternalSecret: some secret
+ catalog:
+ userName: cataloguser
+ password: catalog123
+ # dbCredsExternalSecret: some secret
+
# application configuration
config:
# gerrit branch where the latest heat code is checked in
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.readwrite.port
- name: DB_USERNAME
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.rolename
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- name: DB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
- name: DB_ADMIN_USERNAME
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.rolename
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- name: DB_ADMIN_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
name: {{ include "common.fullname" . }}-app-configmap
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
-
-
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
persistence:
mountPath: /dockerdata-nfs
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ passwordPolicy: required
+ - uid: db-admin-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ passwordPolicy: required
+
#################################################################
# Application configuration defaults.
#################################################################
image: onap/so/so-monitoring:1.5.3
pullPolicy: Always
+db:
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
+
replicaCount: 1
minReadySeconds: 10
containerPort: 9091
logPath: app/logs/
app: so-monitoring
service:
- type: NodePort
+#Since this is a feature for monitoring the service type is changed to internal, users can change it to NodePort on need basis...
+ type: ClusterIP
nodePort: 24
internalPort: 9091
externalPort: 9091
ssl: "none"
nodeSelector: {}
tolerations: []
-affinity: {}
\ No newline at end of file
+affinity: {}
auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.encrypted "value2" .Values.mso.auth )}}
logPath: ./logs/openstack
msb-ip: msb-iag.{{ include "common.namespace" . }}
- msb-port: 80
+ msb-port: 443
+ msb-scheme: https
workflow:
endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/sobpmnengine
msoKey: {{ .Values.mso.msoKey }}
config:
+ {{ if eq .Values.global.security.aaf.enabled true }}
cadi: {{ include "cadi.keys" . | nindent 8}}
+ {{- else }}
+ cadi:
+ aafId: {{ .Values.mso.basicUser }}
+ {{- end }}
catalog:
db:
spring:
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-log
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
\ No newline at end of file
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.readwrite.port
- name: DB_USERNAME
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.rolename
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- name: DB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
- name: DB_ADMIN_USERNAME
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.rolename
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- name: DB_ADMIN_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
{{- if eq .Values.global.security.aaf.enabled true }}
- name: TRUSTSTORE
value: /app/org.onap.so.trust.jks
- name: config
mountPath: /app/config
readOnly: true
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
{{ include "helpers.livenessProbe" .| indent 8 }}
ports:
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
protocol: TCP
+ # Filebeat sidecar container
+ - name: {{ include "common.name" . }}-filebeat-onap
+ image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ mountPath: /usr/share/filebeat/data
+ - name: logs
+ mountPath: /var/log/onap/so
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
volumes:
- name: logs
emptyDir: {}
- name: config
configMap:
name: {{ include "common.fullname" . }}-app-configmap
+ - name: {{ include "common.fullname" . }}-log-conf
+ configMap:
+ name: {{ include "common.fullname" . }}-log
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ configMap:
+ name: {{ .Release.Name }}-so-filebeat-configmap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
persistence:
mountPath: /dockerdata-nfs
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ passwordPolicy: required
+ - uid: db-admin-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ passwordPolicy: required
+
#################################################################
# Application configuration defaults.
#################################################################
pullPolicy: Always
repository: nexus3.onap.org:10001
+db:
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
+
replicaCount: 1
minReadySeconds: 10
containerPort: 8087
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.readwrite.port
- name: DB_USERNAME
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.rolename
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- name: DB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
- name: DB_ADMIN_USERNAME
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.rolename
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- name: DB_ADMIN_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
{{- if eq .Values.global.security.aaf.enabled true }}
- name: TRUSTSTORE
value: /app/org.onap.so.trust.jks
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
persistence:
mountPath: /dockerdata-nfs
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ passwordPolicy: required
+ - uid: db-admin-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ passwordPolicy: required
+
#################################################################
# Application configuration defaults.
#################################################################
image: onap/so/request-db-adapter:1.5.3
pullPolicy: Always
+db:
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
+
replicaCount: 1
minReadySeconds: 10
containerPort: 8083
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-log
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.readwrite.port
- name: DB_USERNAME
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.rolename
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- name: DB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
- name: DB_ADMIN_USERNAME
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.rolename
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- name: DB_ADMIN_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
{{- if eq .Values.global.security.aaf.enabled true }}
- name: TRUSTSTORE
value: /app/org.onap.so.trust.jks
- name: config
mountPath: /app/config
readOnly: true
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
{{ include "helpers.livenessProbe" .| indent 8 }}
ports:
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
protocol: TCP
+ # Filebeat sidecar container
+ - name: {{ include "common.name" . }}-filebeat-onap
+ image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ mountPath: /usr/share/filebeat/data
+ - name: logs
+ mountPath: /var/log/onap/so
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
volumes:
- name: logs
emptyDir: {}
- name: config
configMap:
name: {{ include "common.fullname" . }}-app-configmap
+ - name: {{ include "common.fullname" . }}-log-conf
+ configMap:
+ name: {{ include "common.fullname" . }}-log
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ configMap:
+ name: {{ .Release.Name }}-so-filebeat-configmap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
persistence:
mountPath: /dockerdata-nfs
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ passwordPolicy: required
+ - uid: db-admin-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ passwordPolicy: required
+
#################################################################
# Application configuration defaults.
#################################################################
image: onap/so/sdc-controller:1.5.3
pullPolicy: Always
+db:
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
+
replicaCount: 1
minReadySeconds: 10
containerPort: 8085
rollback: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf
bpelauth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.sdnc.bpelauth )}}
bpelurl: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/SDNCAdapterCallbackService
+ opticalservice:
+ optical-service-create:
+ create: POST|270000|sdncurl13|sdnc-request-header|org:onap:sdnc:northbound:optical-service
+ optical-service-delete:
+ delete: POST|270000|sdncurl13|sdnc-request-header|org:onap:sdnc:northbound:optical-service
generic-resource:
network-topology-operation:
create: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
sdncurl10: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/GENERIC-RESOURCE-API:'
sdncurl11: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/VNFTOPOLOGYAIC-API:'
sdncurl12: 'http://sdnc.{{ include "common.namespace" . }}:8282/'
+ sdncurl13: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/opticalservice:'
sdncurl5: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/config'
sdncurl6: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/VNF-API:'
sdncurl7: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/L3UCPE-API:'
sdncurl8: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/NBNC-API:'
sdncurl9: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/NORTHBOUND-API:service-topology-operation'
+ sdncurl20: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/LCM:'
service:
infra:
service-topology-infra-activate-operation: POST|90000|sdncurl9|sdnc-request-header|com:att:sdnctl:northbound-api:v1
vfmodule:
'':
query: GET|60000|sdncurl12|
+ lcm:
+ download-n-e-sw: POST|1800000|sdncurl20|common-header|org:onap:ccsdk:sli:northbound:lcm
+ activate-n-e-sw: POST|300000|sdncurl20|common-header|org:onap:ccsdk:sli:northbound:lcm
+ upgrade-pre-check: POST|180000|sdncurl20|common-header|org:onap:ccsdk:sli:northbound:lcm
+ upgrade-post-check: POST|180000|sdncurl20|common-header|org:onap:ccsdk:sli:northbound:lcm
+ default: POST|180000|sdncurl20|common-header|org:onap:ccsdk:sli:northbound:lcm
network:
encryptionKey: {{ index .Values.org.onap.so.adapters.sdnc.network.encryptionKey }}
spring:
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-log
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.readwrite.port
- name: DB_USERNAME
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.rolename
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- name: DB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
- name: DB_ADMIN_USERNAME
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.rolename
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- name: DB_ADMIN_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
{{- if eq .Values.global.security.aaf.enabled true }}
- name: TRUSTSTORE
value: /app/org.onap.so.trust.jks
- name: config
mountPath: /app/config
readOnly: true
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
{{ include "helpers.livenessProbe" .| indent 8 }}
ports:
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
protocol: TCP
+ # Filebeat sidecar container
+ - name: {{ include "common.name" . }}-filebeat-onap
+ image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ mountPath: /usr/share/filebeat/data
+ - name: logs
+ mountPath: /var/log/onap/so
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
volumes:
- name: logs
emptyDir: {}
- name: config
configMap:
name: {{ include "common.fullname" . }}-app-configmap
+ - name: {{ include "common.fullname" . }}-log-conf
+ configMap:
+ name: {{ include "common.fullname" . }}-log
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ configMap:
+ name: {{ .Release.Name }}-so-filebeat-configmap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
persistence:
mountPath: /dockerdata-nfs
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ passwordPolicy: required
+ - uid: db-admin-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ passwordPolicy: required
+
#################################################################
# Application configuration defaults.
#################################################################
image: onap/so/sdnc-adapter:1.5.3
pullPolicy: Always
+db:
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
+
replicaCount: 1
minReadySeconds: 10
containerPort: 8086
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.readwrite.port
- name: DB_USERNAME
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.rolename
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- name: DB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
- name: DB_ADMIN_USERNAME
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.rolename
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- name: DB_ADMIN_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
{{- if eq .Values.global.security.aaf.enabled true }}
- name: TRUSTSTORE
value: /app/org.onap.so.trust.jks
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
persistence:
mountPath: /dockerdata-nfs
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ passwordPolicy: required
+ - uid: db-admin-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ passwordPolicy: required
+
#################################################################
# Application configuration defaults.
#################################################################
image: onap/so/vfc-adapter:1.5.3
pullPolicy: Always
+db:
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
+
replicaCount: 1
minReadySeconds: 10
containerPort: 8084
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-log
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/log/filebeat/filebeat.yml").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ .Release.Name }}-so-filebeat-configmap
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/log/filebeat/filebeat.yml").AsConfig . | indent 2 }}
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.readwrite.port
- name: DB_USERNAME
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.rolename
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- name: DB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
- name: DB_ADMIN_USERNAME
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.rolename
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- name: DB_ADMIN_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
{{- if eq .Values.global.security.aaf.enabled true }}
- name: TRUSTSTORE
value: /app/org.onap.so.trust.jks
- name: config
mountPath: /app/config
readOnly: true
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
{{ include "helpers.livenessProbe" .| indent 8 }}
ports:
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
protocol: TCP
+ # Filebeat sidecar container
+ - name: {{ include "common.name" . }}-filebeat-onap
+ image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ mountPath: /usr/share/filebeat/data
+ - name: logs
+ mountPath: /var/log/onap/so
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
volumes:
- name: logs
emptyDir: {}
- name: config
configMap:
name: {{ include "common.fullname" . }}-app-configmap
+ - name: {{ include "common.fullname" . }}-log-conf
+ configMap:
+ name: {{ include "common.fullname" . }}-log
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ configMap:
+ name: {{ .Release.Name }}-so-filebeat-configmap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
repository: nexus3.onap.org:10001
readinessRepository: oomk8s
readinessImage: readiness-check:2.0.2
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
mariadbGalera:
nameOverride: mariadb-galera
serviceName: mariadb-galera
servicePort: "3306"
- mariadbRootPassword: secretpassword
+ # mariadbRootPassword: secretpassword
+ # rootPasswordExternalSecret: some secret
#This flag allows SO to instantiate its own mariadb-galera cluster,
#serviceName and nameOverride should be so-mariadb-galera if this flag is enabled
localCluster: false
dbPort: 3306
dbUser: root
dbPassword: secretpassword
+ # dbCredsExternalSecret: some secret
msbEnabled: true
security:
aaf:
certs:
trustStorePassword: b25hcDRzbw==
keyStorePassword: c280b25hcA==
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-root-pass
+ name: &dbRootPassSecretName '{{ include "common.release" . }}-so-db-root-pass'
+ type: password
+ externalSecret: '{{ ternary .Values.global.mariadbGalera.rootPasswordExternalSecret (default (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) .Values.global.mariadbGalera.rootPasswordExternalSecret) .Values.global.mariadbGalera.localCluster }}'
+ password: '{{ .Values.global.mariadbGalera.mariadbRootpassword }}'
+ - uid: db-backup-creds
+ name: &dbBackupCredsSecretName '{{ include "common.release" . }}-so-db-backup-creds'
+ type: basicAuth
+ externalSecret: '{{ ternary .Values.global.migration.dbCredsExternalSecret "migrationDisabled" .Values.global.migration.enabled }}'
+ login: '{{ ternary .Values.global.migration.dbUser "migrationDisabled" .Values.global.migration.enabled }}'
+ password: '{{ ternary .Values.global.migration.dbPassword "migrationDisabled" .Values.global.migration.enabled }}'
+ passwordPolicy: required
+ annotations:
+ helm.sh/hook: pre-upgrade,pre-install
+ helm.sh/hook-weight: "0"
+ helm.sh/hook-delete-policy: before-hook-creation
+ - uid: db-user-creds
+ name: &dbUserCredsSecretName '{{ include "common.release" . }}-so-db-user-creds'
+ type: basicAuth
+ externalSecret: '{{ .Values.dbCreds.userCredsExternalSecret }}'
+ login: '{{ .Values.dbCreds.userName }}'
+ password: '{{ .Values.dbCreds.userPassword }}'
+ passwordPolicy: generate
+ - uid: db-admin-creds
+ name: &dbAdminCredsSecretName '{{ include "common.release" . }}-so-db-admin-creds'
+ type: basicAuth
+ externalSecret: '{{ .Values.dbCreds.adminCredsExternalSecret }}'
+ login: '{{ .Values.dbCreds.adminName }}'
+ password: '{{ .Values.dbCreds.adminPassword }}'
+ passwordPolicy: generate
+
#################################################################
# Application configuration defaults.
#################################################################
+
+dbSecrets: &dbSecrets
+ userCredsExternalSecret: *dbUserCredsSecretName
+ adminCredsExternalSecret: *dbAdminCredsSecretName
+
+# unused in this, just to pass to subcharts
+dbCreds:
+ userName: so_user
+ adminName: so_admin
+
repository: nexus3.onap.org:10001
image: onap/so/api-handler-infra:1.5.3
pullPolicy: Always
nodeSelector: {}
affinity: {}
+# application configuration
+config:
+ logstashServiceName: log-ls
+ logstashPort: 5044
+
+
#Used only if localCluster is enabled. Instantiates SO's own cassandra cluster
#helm deploy demo local/onap --namespace onap --verbose --set so.enabled=true \
# --set so.global.mariadbGalera.localCluster=true \
# --set so.global.mariadbGalera.nameOverride=so-mariadb-galera \
# --set so.global.mariadbGalera.serviceName=so-mariadb-galera
mariadb-galera:
+ config:
+ mariadbRootPasswordExternalSecret: *dbRootPassSecretName
nameOverride: so-mariadb-galera
replicaCount: 1
service:
auth: 51EA5414022D7BE536E7516C4D1A6361416921849B72C0D6FC1C7F262FD9F2BBC2AD124190A332D9845A188AD80955567A4F975C84C221EEA8243BFD92FFE6896CDD1EA16ADD34E1E3D47D4A
health:
auth: basic bXNvX2FkbWlufHBhc3N3b3JkMSQ=
+
so-bpmn-infra:
+ db:
+ <<: *dbSecrets
cds:
auth: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw==
aai:
vnfm:
adapter:
auth: Basic dm5mbTpwYXNzd29yZDEk
+
so-catalog-db-adapter:
+ db:
+ <<: *dbSecrets
mso:
config:
cadi:
adapters:
db:
auth: Basic YnBlbDpwYXNzd29yZDEk
+
so-openstack-adapter:
+ db:
+ <<: *dbSecrets
aaf:
auth:
encrypted: 7F182B0C05D58A23A1C4966B9CDC9E0B8BC5CD53BC8C7B4083D869F8D53E9BDC3EFD55C94B1D3F
mso:
msoKey: 07a7159d3bf51a0e53be7a8f89699be7
auth: BEA8637716A7EB617DF472BA6552D22F68C1CB17B0D094D77DDA562F4ADAAC4457CAB848E1A4
+ basicUser: poBpmn
config:
cadi:
aafId: so@so.onap.org
noAuthn: /manage/health
db:
auth: Basic YnBlbDpwYXNzd29yZDEk
+
so-request-db-adapter:
+ db:
+ <<: *dbSecrets
mso:
config:
cadi:
adapters:
requestDb:
auth: Basic YnBlbDpwYXNzd29yZDEk
+
so-sdc-controller:
+ db:
+ <<: *dbSecrets
aai:
auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
mso:
asdc-controller1:
password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F
so-sdnc-adapter:
+ db:
+ <<: *dbSecrets
org:
onap:
so:
auth: Basic YnBlbDpwYXNzd29yZDEk
rest:
aafEncrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
+
so-vfc-adapter:
+ db:
+ <<: *dbSecrets
mso:
config:
cadi:
aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
apiEnforcement: org.onap.so.vnfmAdapterPerm
noAuthn: /manage/health
+
+so-monitoring:
+ db:
+ <<: *dbSecrets
+
+so-mariadb:
+ db:
+ rootPasswordExternalSecretLocalDb: *dbRootPassSecretName
+ rootPasswordExternalSecret: '{{ ternary .Values.db.rootPasswordExternalSecretLocalDb (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) .Values.global.mariadbGalera.localCluster }}'
+ backupCredsExternalSecret: *dbBackupCredsSecretName
+ userCredsExternalSecret: *dbUserCredsSecretName
+ adminCredsExternalSecret: *dbAdminCredsSecretName
# application image
repository: nexus3.onap.org:10001
-image: onap/usecase-ui-server:2.0.1
+image: onap/usecase-ui-server:3.0.1
pullPolicy: Always
# application configuration
resources:
small:
limits:
- cpu: 250m
- memory: 500Mi
+ cpu: 1.5
+ memory: 350Mi
requests:
- cpu: 250m
- memory: 500Mi
+ cpu: 1
+ memory: 245Mi
large:
limits:
- cpu: 500m
+ cpu: 2
memory: 500Mi
requests:
- cpu: 500m
+ cpu: 1
memory: 500Mi
unlimited: {}
command:
- /bin/bash
- -c
- - /home/uui/tomcat/bin/catalina.sh run
+ - /home/uui/uuiStartup.sh
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
"path":"/iui/usecaseui",
"protocol": "UI",
"port": "{{ .Values.service.internalPort }}",
- "visualRange":"1"
+ "visualRange":"1",
+ "enable_ssl": true
}
]'
spec:
# application image
repository: nexus3.onap.org:10001
-image: onap/usecase-ui:2.0.1
+image: onap/usecase-ui:3.0.1
pullPolicy: Always
# application configuration
type: NodePort
name: uui
portName: uui
- internalPort: 8080
+ internalPort: 8443
nodePort: 98
ingress:
service:
- baseaddr: uui
name: "uui"
- port: 8080
+ port: 8443
config:
ssl: "none"
+++ /dev/null
-version: 1
-disable_existing_loggers: False
-
-loggers:
- catalog:
- handlers: [cataloglocal_handler, catalog_handler]
- level: "DEBUG"
- propagate: False
- django:
- handlers: [django_handler]
- level: "DEBUG"
- propagate: False
-handlers:
- cataloglocal_handler:
- level: "DEBUG"
- class:
- "logging.handlers.RotatingFileHandler"
- filename: "logs/runtime_catalog.log"
- formatter:
- "standard"
- maxBytes: 52428800
- backupCount: 10
- catalog_handler:
- level: "DEBUG"
- class:
- "logging.handlers.RotatingFileHandler"
- filename: "/var/log/onap/vfc/catalog/runtime_catalog.log"
- formatter:
- "mdcFormat"
- maxBytes: 52428800
- backupCount: 10
- django_handler:
- level: "DEBUG"
- class:
- "logging.handlers.RotatingFileHandler"
- filename: "logs/django.log"
- formatter:
- "standard"
- maxBytes: 52428800
- backupCount: 10
-formatters:
- standard:
- format:
- "%(asctime)s:[%(name)s]:[%(filename)s]-[%(lineno)d] [%(levelname)s]:%(message)s"
- mdcFormat:
- format:
- "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t"
- mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}"
- datefmt: "%Y-%m-%d %H:%M:%S"
- (): onaplogging.mdcformatter.MDCFormatter
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- annotations:
- sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
- spec:
- initContainers:
- - command:
- - /root/ready.py
- args:
- - --container-name
- - vfc-mariadb
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{ if .Values.liveness.enabled }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: MSB_PROTO
- value: "{{ .Values.global.config.msbprotocol }}"
- - name: SSL_ENABLED
- value: "{{ .Values.global.config.ssl_enabled }}"
- - name: MSB_ADDR
- value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- - name: MYSQL_ADDR
- value: "{{ .Values.global.config.dbServiceName }}:{{ .Values.global.config.dbPort }}"
- - name: MYSQL_AUTH
- value: "{{ .Values.global.config.dbUser }}:{{ .Values.global.config.mariadbRootPassword }}"
- - name: REDIS_ADDR
- value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
- volumeMounts:
- - name: {{ include "common.fullname" . }}-catalog
- mountPath: /service/vfc/nfvo/catalog/static
- - name: {{ include "common.fullname" . }}-localtime
- mountPath: /etc/localtime
- readOnly: true
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
- - name: {{ include "common.fullname" . }}-logconfig
- mountPath: /opt/vfc/catalog/config/log.yml
- subPath: log.yml
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
-
- # side car containers
- - name: {{ include "common.name" . }}-filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
-
- volumes:
- - name: {{ include "common.fullname" . }}-catalog
- {{- if .Values.persistence.enabled }}
- persistentVolumeClaim:
- claimName: {{ include "common.fullname" . }}
- {{- else }}
- emptyDir: {}
- {{- end }}
- - name: {{ include "common.fullname" . }}-localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-logconfig
- configMap:
- name : {{ include "common.fullname" . }}-logging-configmap
-
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ include "common.release" . }}-vfc-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-{{- if eq "True" (include "common.needPV" .) -}}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- name: {{ include "common.fullname" . }}
-spec:
- capacity:
- storage: {{ .Values.persistence.size}}
- accessModes:
- - {{ .Values.persistence.accessMode }}
- persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
- storageClassName: "{{ include "common.fullname" . }}-data"
- hostPath:
- path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }}
-{{- end -}}
-{{- end -}}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
-{{- if .Values.persistence.annotations }}
- annotations:
-{{ toYaml .Values.persistence.annotations | indent 4 }}
-{{- end }}
-spec:
- accessModes:
- - {{ .Values.persistence.accessMode }}
- storageClassName: {{ include "common.storageClass" . }}
- resources:
- requests:
- storage: {{ .Values.persistence.size }}
-{{- end -}}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "catalog",
- "version": "v1",
- "url": "/api/catalog/v1",
- "protocol": "REST",
- "port": "{{.Values.service.externalPort}}",
- "enable_ssl": {{ .Values.global.config.ssl_enabled }},
- "visualRange":"1"
- }
- ]'
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-flavor: small
-
-repository: nexus3.onap.org:10001
-image: onap/vfc/catalog:1.3.4
-pullPolicy: Always
-
-#Istio sidecar injection policy
-istioSidecar: true
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-config: {}
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 120
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-## Persist data to a persitent volume
-persistence:
- enabled: true
- ## A manually managed Persistent Volume and Claim
- ## Requires persistence.enabled: true
- ## If defined, PVC must be created manually before volume will be bound
- # existingClaim:
- volumeReclaimPolicy: Retain
- ## database data Persistent Volume Storage Class
- ## If defined, storageClassName: <storageClass>
- ## If set to "-", storageClassName: "", which disables dynamic provisioning
- ## If undefined (the default) or set to null, no storageClassName spec is
- ## set, choosing the default provisioner. (gp2 on AWS, standard on
- ## GKE, AWS & OpenStack)
- ##
- # storageClass: "-"
- accessMode: ReadWriteOnce
- size: 2Gi
- mountPath: /dockerdata-nfs
- mountSubPath: vfc/catalog
-
-service:
- type: ClusterIP
- name: vfc-catalog
- portName: vfc-catalog
- externalPort: 8806
- internalPort: 8806
-# nodePort: 30806
-
-ingress:
- enabled: false
-
-# Configure resource requests and limits
-resources:
- small:
- limits:
- cpu: 200m
- memory: 500Mi
- requests:
- cpu: 100m
- memory: 250Mi
- large:
- limits:
- cpu: 400m
- memory: 1000Mi
- requests:
- cpu: 200m
- memory: 500Mi
- unlimited: {}
\ No newline at end of file
value: "{{ .Values.config.vescollectorServiceName }}:{{ .Values.config.vescollectorPort }}"
- name: VES_AUTHINFO
value: "{{ .Values.config.vescollectorUser }}:{{ .Values.config.vescollectorPassword }}"
+ - name: REG_TO_MSB_WHEN_START
+ value: "{{ .Values.global.config.reg_to_msb_when_start }}"
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/emsdriver:1.3.0
+image: onap/vfc/emsdriver:1.3.1
pullPolicy: Always
#Istio sidecar injection policy
value: "{{ .Values.global.config.ssl_enabled }}"
- name: MSB_ADDR
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
+ - name: REG_TO_MSB_WHEN_START
+ value: "{{ .Values.global.config.reg_to_msb_when_start }}"
volumeMounts:
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/gvnfmdriver:1.3.5
+image: onap/vfc/gvnfmdriver:1.3.8
pullPolicy: Always
#Istio sidecar injection policy
value: "{{ .Values.global.config.ssl_enabled }}"
- name: MSB_ADDR
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
+ - name: REG_TO_MSB_WHEN_START
+ value: "{{ .Values.global.config.reg_to_msb_when_start }}"
volumeMounts:
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/nfvo/svnfm/huawei:1.3.0
+image: onap/vfc/nfvo/svnfm/huawei:1.3.6
pullPolicy: Always
#Istio sidecar injection policy
value: "{{ .Values.global.config.ssl_enabled }}"
- name: MSB_ADDR
value: "{{ .Values.global.config.msbServiceName}}:{{ .Values.global.config.msbPort }}"
+ - name: REG_TO_MSB_WHEN_START
+ value: "{{ .Values.global.config.reg_to_msb_when_start }}"
volumeMounts:
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/jujudriver:1.3.1
+image: onap/vfc/jujudriver:1.3.8
pullPolicy: Always
#Istio sidecar injection policy
value: "{{ .Values.global.config.ssl_enabled }}"
- name: MSB_ADDR
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
+ - name: REG_TO_MSB_WHEN_START
+ value: "{{ .Values.global.config.reg_to_msb_when_start }}"
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/multivimproxy:1.3.0
+image: onap/vfc/multivimproxy:1.3.1
pullPolicy: Always
#Istio sidecar injection policy
value: "{{ .Values.global.config.ssl_enabled }}"
- name: MSB_ADDR
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
+ - name: REG_TO_MSB_WHEN_START
+ value: "{{ .Values.global.config.reg_to_msb_when_start }}"
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/nfvo/svnfm/nokiav2:1.3.0
+image: onap/vfc/nfvo/svnfm/nokiav2:1.3.6
pullPolicy: Always
#Istio sidecar injection policy
- /root/ready.py
args:
- --container-name
- - vfc-mariadb
+ - {{ .Values.config.mariadbService }}
env:
- name: NAMESPACE
valueFrom:
name: {{ include "common.name" . }}-readiness
containers:
- name: {{ include "common.name" . }}
+ command:
+ - sh
+ args:
+ - -c
+ - 'MYSQL_AUTH=${MYSQL_ROOT_USER}:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh'
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
- name: MSB_ADDR
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: MYSQL_ADDR
- value: "{{ .Values.global.config.dbServiceName }}:{{ .Values.global.config.dbPort }}"
- - name: MYSQL_AUTH
- value: "{{ .Values.global.config.dbUser }}:{{ .Values.global.config.mariadbRootPassword }}"
+ value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
+ - name: MYSQL_ROOT_USER
+ value: "{{ .Values.global.config.mariadb_admin }}"
+ - name: MYSQL_ROOT_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}}
- name: REDIS_ADDR
value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
- name: REG_TO_MSB_WHEN_START
--- /dev/null
+# Copyright (c) 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: "db-root-pass"
+ externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}'
+ type: password
+ password: '{{ .Values.config.mariadbRootPassword }}'
+ policy: required
+
#################################################################
# Application configuration defaults.
#################################################################
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/nslcm:1.3.4
+image: onap/vfc/nslcm:1.3.8
pullPolicy: Always
#Istio sidecar injection policy
debugEnabled: false
# application configuration
-config: {}
+config:
+ mariadbService: vfc-mariadb
+ mariadbPort: 3306
+ # mariadbRootPassword: secretpassword
+ # mariadbRootPasswordExternalSecret: some secret
+
# default number of instances
replicaCount: 1
requests:
cpu: 200m
memory: 500Mi
- unlimited: {}
\ No newline at end of file
+ unlimited: {}
env:
- name: MSB_ADDR
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
+ - name: REG_TO_MSB_WHEN_START
+ value: "{{ .Values.global.config.reg_to_msb_when_start }}"
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/db:1.3.1
+image: onap/vfc/db:1.3.3
pullPolicy: Always
# flag to enable debugging - application support required
value: "{{ .Values.global.config.ssl_enabled }}"
- name: MSB_ADDR
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
+ - name: REG_TO_MSB_WHEN_START
+ value: "{{ .Values.global.config.reg_to_msb_when_start }}"
volumeMounts:
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/resmanagement:1.3.0
+image: onap/vfc/resmanagement:1.3.1
pullPolicy: Always
#Istio sidecar injection policy
- /root/ready.py
args:
- --container-name
- - vfc-mariadb
+ - {{ .Values.config.mariadbService }}
env:
- name: NAMESPACE
valueFrom:
name: {{ include "common.name" . }}-readiness
containers:
- name: {{ include "common.name" . }}
+ command:
+ - sh
+ args:
+ - -c
+ - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh'
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
- name: MSB_ADDR
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: MYSQL_ADDR
- value: "{{ .Values.global.config.dbServiceName }}:{{ .Values.global.config.dbPort }}"
- - name: MYSQL_AUTH
- value: "{{ .Values.global.config.dbUser }}:{{ .Values.global.config.mariadbRootPassword }}"
+ value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
+ - name: MYSQL_ROOT_USER
+ value: "{{ .Values.global.config.mariadb_admin }}"
+ - name: MYSQL_ROOT_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}}
- name: REDIS_ADDR
value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
+ - name: REG_TO_MSB_WHEN_START
+ value: "{{ .Values.global.config.reg_to_msb_when_start }}"
volumeMounts:
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
--- /dev/null
+# Copyright (c) 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: "db-root-pass"
+ externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}'
+ type: password
+ password: '{{ .Values.config.mariadbRootPassword }}'
+ policy: required
+
#################################################################
# Application configuration defaults.
#################################################################
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/vnflcm:1.3.4
+image: onap/vfc/vnflcm:1.3.8
pullPolicy: Always
#Istio sidecar injection policy
debugEnabled: false
# application configuration
-config: {}
+config:
+ mariadbService: vfc-mariadb
+ mariadbPort: 3306
+ # mariadbRootPassword: secretpassword
+ # mariadbRootPasswordExternalSecret: some secret
+
# default number of instances
replicaCount: 1
requests:
cpu: 200m
memory: 500Mi
- unlimited: {}
\ No newline at end of file
+ unlimited: {}
- /root/ready.py
args:
- --container-name
- - vfc-mariadb
+ - {{ .Values.config.mariadbService }}
env:
- name: NAMESPACE
valueFrom:
name: {{ include "common.name" . }}-readiness
containers:
- name: {{ include "common.name" . }}
+ command:
+ - sh
+ args:
+ - -c
+ - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh'
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
- name: MSB_ADDR
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: MYSQL_ADDR
- value: "{{ .Values.global.config.dbServiceName }}:{{ .Values.global.config.dbPort }}"
+ value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
- name: REDIS_ADDR
value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
- - name: MYSQL_AUTH
- value: "{{ .Values.global.config.dbUser }}:{{ .Values.global.config.mariadbRootPassword }}"
-
+ - name: MYSQL_ROOT_USER
+ value: "{{ .Values.global.config.mariadb_admin }}"
+ - name: MYSQL_ROOT_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}}
+ - name: REG_TO_MSB_WHEN_START
+ value: "{{ .Values.global.config.reg_to_msb_when_start }}"
volumeMounts:
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
--- /dev/null
+# Copyright (c) 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: "db-root-pass"
+ externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}'
+ type: password
+ password: '{{ .Values.config.mariadbRootPassword }}'
+ policy: required
+
#################################################################
# Application configuration defaults.
#################################################################
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/vnfmgr:1.3.4
+image: onap/vfc/vnfmgr:1.3.8
pullPolicy: Always
#Istio sidecar injection policy
debugEnabled: false
# application configuration
-config: {}
+config:
+ mariadbService: vfc-mariadb
+ mariadbPort: 3306
+ # mariadbRootPassword: secretpassword
+ # mariadbRootPasswordExternalSecret: some secret
# default number of instances
replicaCount: 1
requests:
cpu: 200m
memory: 500Mi
- unlimited: {}
\ No newline at end of file
+ unlimited: {}
- /root/ready.py
args:
- --container-name
- - vfc-mariadb
+ - {{ .Values.config.mariadbService }}
env:
- name: NAMESPACE
valueFrom:
name: {{ include "common.name" . }}-readiness
containers:
- name: {{ include "common.name" . }}
+ command:
+ - sh
+ args:
+ - -c
+ - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh'
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
- name: MSB_ADDR
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: MYSQL_ADDR
- value: "{{ .Values.global.config.dbServiceName }}:{{ .Values.global.config.dbPort }}"
+ value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
- name: REDIS_ADDR
value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
- - name: MYSQL_AUTH
- value: "{{ .Values.global.config.dbUser }}:{{ .Values.global.config.mariadbRootPassword }}"
+ - name: MYSQL_ROOT_USER
+ value: "{{ .Values.global.config.mariadb_admin }}"
+ - name: MYSQL_ROOT_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}}
+ - name: REG_TO_MSB_WHEN_START
+ value: "{{ .Values.global.config.reg_to_msb_when_start }}"
volumeMounts:
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
--- /dev/null
+# Copyright (c) 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: "db-root-pass"
+ externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}'
+ type: password
+ password: '{{ .Values.config.mariadbRootPassword }}'
+ policy: required
+
#################################################################
# Application configuration defaults.
#################################################################
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/vnfres:1.3.4
+image: onap/vfc/vnfres:1.3.7
pullPolicy: Always
#Istio sidecar injection policy
debugEnabled: false
# application configuration
-config: {}
+config:
+ mariadbService: vfc-mariadb
+ mariadbPort: 3306
+ # mariadbRootPassword: secretpassword
+ # mariadbRootPasswordExternalSecret: some secret
+
# default number of instances
replicaCount: 1
requests:
cpu: 200m
memory: 500Mi
- unlimited: {}
\ No newline at end of file
+ unlimited: {}
value: "{{ .Values.global.config.msbServiceName }}"
- name: OPENPALETTE_MSB_PORT
value: "{{ .Values.global.config.msbPort | default 80 }}"
+ - name: REG_TO_MSB_WHEN_START
+ value: "{{ .Values.global.config.reg_to_msb_when_start }}"
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/wfengine-activiti:1.3.0
+image: onap/vfc/wfengine-activiti:1.3.3
pullPolicy: Always
#Istio sidecar injection policy
value: "{{ .Values.global.config.msbServiceName }}"
- name: OPENPALETTE_MSB_PORT
value: "{{ .Values.global.config.msbPort | default 80 }}"
+ - name: REG_TO_MSB_WHEN_START
+ value: "{{ .Values.global.config.reg_to_msb_when_start }}"
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/wfengine-mgrservice:1.3.0
+image: onap/vfc/wfengine-mgrservice:1.3.3
pullPolicy: Always
#Istio sidecar injection policy
value: "{{ .Values.global.config.ssl_enabled }}"
- name: MSB_ADDR
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
+ - name: REG_TO_MSB_WHEN_START
+ value: "{{ .Values.global.config.reg_to_msb_when_start }}"
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/ztesdncdriver:1.3.0
+image: onap/vfc/ztesdncdriver:1.3.1
pullPolicy: Always
#Istio sidecar injection policy
value: "{{ .Values.global.config.ssl_enabled }}"
- name: MSB_ADDR
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
+ - name: REG_TO_MSB_WHEN_START
+ value: "{{ .Values.global.config.reg_to_msb_when_start }}"
volumeMounts:
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/ztevnfmdriver:1.3.1
+image: onap/vfc/ztevnfmdriver:1.3.6
pullPolicy: Always
#Istio sidecar injection policy
--- /dev/null
+# Copyright (c) 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
msbprotocol: https
msbServiceName: msb-iag
msbPort: 443
- dbServiceName: vfc-db
- dbPort: 3306
- dbUser: root
- mariadbRootPassword: secretpassword
redisServiceName: vfc-redis
redisPort: 6379
+# Becaue now oom can register the microservice to msb automatically,
+# If it is set to false, vfc contanier will not register again, if it is
+# set to true, vfc will register by itself.
+# we use this flag to determine who is responbile for serice registeration
+# and it can reduce duplicate registration.
reg_to_msb_when_start: False
+ mariadb_admin: root
persistence:
mountPath: /dockerdata-nfs
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: "db-root-pass"
+ name: &dbRootPassSecret '{{ include "common.release" . }}-vfc-db-root-pass'
+ type: password
+ password: '{{ .Values.config.mariadbRootPassword }}'
+
# application configuration
config:
logstashServiceName: log-ls
logstashPort: 5044
mariadb-galera:
+ config:
+ mariadbRootPasswordExternalSecret: *dbRootPassSecret
nameOverride: vfc-mariadb
service:
- name: vfc-db
- portName: vfc-db
+ name: vfc-mariadb
+ portName: vfc-mariadb
nfsprovisionerPrefix: vfc
persistence:
mountSubPath: vfc/data
enabled: true
disableNfsProvisioner: true
-catalog:
+db: &dbConfig
+ mariadbService: vfc-mariadb
+ mariadbPort: 3306
+ mariadbRootPasswordExternalSecret: *dbRootPassSecret
+
+vfc-nslcm:
config:
- dbPodName: vfc-db
- dbServiceName: vfc-db
-nslcm:
+ << : *dbConfig
+
+vfc-vnflcm:
config:
- dbPodName: vfc-db
- dbServiceName: vfc-db
+ << : *dbConfig
+
+vfc-vnfmgr:
+ config:
+ << : *dbConfig
+
+vfc-vnfres:
+ config:
+ << : *dbConfig
+
# sub-chart configuration
vfc-workflow:
service:
- name: VID_MYSQL_DBNAME
value: {{ index .Values "mariadb-galera" "config" "mysqlDatabase" }}
- name: VID_MYSQL_USER
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "vid-db-user-secret" "key" "login") | indent 14 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "vid-db-user-secret" "key" "login") | indent 14 }}
- name: VID_MYSQL_PASS
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "vid-db-user-secret" "key" "password") | indent 14 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "vid-db-user-secret" "key" "password") | indent 14 }}
- name: VID_MYSQL_MAXCONNECTIONS
value: "{{ .Values.config.vidmysqlmaxconnections }}"
volumeMounts:
- /dbcmd-config/db_cmd.sh
env:
- name: MYSQL_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "vid-db-user-secret" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "vid-db-user-secret" "key" "password") | indent 10 }}
- name: MYSQL_HOST
value: {{ index .Values "mariadb-galera" "service" "name" }}
- name: MYSQL_USER
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "vid-db-user-secret" "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "vid-db-user-secret" "key" "login") | indent 10 }}
- name: MYSQL_PORT
value: "{{ index .Values "mariadb-galera" "service" "internalPort" }}"
restartPolicy: Never
# See the License for the specific language governing permissions and
# limitations under the License.
-{{ include "common.secret" . }}
+{{ include "common.secretFast" . }}
---
apiVersion: v1
kind: Secret
# application image
repository: nexus3.onap.org:10001
-image: onap/vid:6.0.2
+image: onap/vid:6.0.4
pullPolicy: Always
# mariadb image for initializing
userName: vidadmin
# userCredentialsExternalSecret: some secret
# userPassword: password
- vidkeystorepassword: '\^7w\!f+aR\{EJcTRsDuA7x\,+c\!'
+ vidkeystorepassword: 'F:.\,csU\&ew8\;tdVitnfo\}O\!g'
asdcclientrestauth: "Basic dmlkOktwOGJKNFNYc3pNMFdYbGhhazNlSGxjc2UyZ0F3ODR2YW9HR21KdlV5MlU="
asdcclientrestport: "8443"
vidaaiport: "8443"
name: refrepo
portName: refrepo
nodePort: 97
- internalPort: 8702
+ internalPort: 8703
ingress:
enabled: false