image: {{ include "repositoryGenerator.image.dbcClient" $dot }}
imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
env:
+ - name: PROTO
+ value: "http"
+ - name: PORT
+ value: "8080"
- name: RESP_CACHE
value: /opt/app/config/cache
- name: REQUESTID
postgresImage: crunchydata/crunchy-postgres:centos8-13.2-4.6.1
readinessImage: onap/oom/readiness:3.0.1
dcaePolicySyncImage: onap/org.onap.dcaegen2.deployments.dcae-services-policy-sync:1.0.1
- dbcClientImage: onap/dmaap/dbc-client:2.0.10
+ dbcClientImage: onap/dmaap/dbc-client:2.0.11
quitQuitImage: onap/oom/readiness:4.1.0
# Default credentials
# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2018 Amdocs,Bell Canada
# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2021-2022 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- name: common
version: ~12.x-0
repository: '@local'
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- name: postgres
version: ~12.x-0
repository: '@local'
- condition: PG.enabled
+ condition: postgres.enabled
- name: repositoryGenerator
version: ~12.x-0
repository: '@local'
- name: serviceAccount
version: ~12.x-0
repository: '@local'
+ - name: readinessCheck
+ version: ~12.x-0
+ repository: '@local'
+++ /dev/null
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# Helm Chart for ONAP DMaaP Applications
-
-ONAP includes the following Kubernetes services available in ONAP Beijing Release (more expected in future):
-
-1) message-router - a message bus for applications
-2) dmaap-prov - an API to provision DMaaP resources
-
-# Service Dependencies
-
-message-router depends on AAF
-dmaap-prov depends on AAF and Postgresql.
# Environment settings for starting a container
DMAAPBC_WAIT_TO_EXIT=Y
-DMAAPBC_KSTOREFILE=/opt/app/osaaf/local/org.onap.dmaap-bc.jks
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-
-
#####################################################
#
# Hooks for specific environment configurations
#
#####################################################
# Indicator for whether to use AAF for authentication
-UseAAF: {{ .Values.global.aafEnabled }}
+UseAAF: false
+
+#####################################################
+#
+# HTTP Server Configuration
+#
+#####################################################
+
+# Allow http access to dbcapi
+HttpAllowed: true
-# Stub out southbound calls for Unit Test cases to run. e.g. not timeout
-# Comment out in other environments to get default (No)
-#UnitTest: Yes
+# listen to http port within this container (server)
+IntHttpPort: 8080
+# listen to https port within this container (server)
+# set to 0 if no certificates are available.
+IntHttpsPort: 0
#####################################################
#
# Settings for Southbound API: Datarouter
#
#####################################################
-
# URI to retrieve dynamic DR configuration
ProvisioningURI: /internal/prov
# indicator for handling feed delete:
# DeleteOnDR - means use the DR API to DELETE a feed. (default for backwards compatibility)
# SimulateDelete - means preserve the feed on DR (after cleaning it up), and mark as DELETED in DBCL. Better for cloudify environments.
-Feed.deleteHandling: SimulateDelete
-
-###########################################################
-# The following properties default to match ONAP DR instance.
-# However, there are some non-ONAP DR instances that require other values.
-# Sets the X-DR-ON-BEHALF-OF HTTP Header value
-#DR.onBehalfHeader:
-# Value for the Content-Type Header in DR Feed API
-#DR.feedContentType:
-# Value for the Content-Type Header in DR Subscription API
-#DR.subContentType:
-#
-# END OF properties helpful for non-ONAP DR instance.
-############################################################
+Feed.deleteHandling: DeleteOnDR
#####################################################
#
# Settings for Soutbound API: Postgresql
#
#####################################################
-# flag indicates if we are using postgresql
-UsePGSQL: {{ .Values.PG.enabled }}
+# flag indicates if we are using postgresql or an in memory db
+UsePGSQL: {{ .Values.usePostgres }}
# postgres host name
# Need to connect to PG primary service, designated by service.name2
# postgres schema name
#DB.schema: {{ .Values.postgres.config.pgDatabase }}
-
# postgres user name
DB.user: ${PG_USER}
# postgres user password
DB.cred: ${PG_PASSWORD}
-
#####################################################
#
# Settings for Soutbound API: Message Router
MR.multisite: false
# FQDN of primary message router.
-# In ONAP Casablanca, there is only 1 message router service, so use that.
-# In a multi-site, MR cluster deployment, use the CNAME DNS entry which resolves to the primary central MR
+# In ONAP, there is only 1 message router service, so use that.
MR.CentralCname: {{ .Values.dmaapMessageRouterService }}
# Indicator for whether we want hostname verification on SSL connection to MR
# 2 = delete from persistent store (DB) and authorization store (AAF)
MR.ClientDeleteLevel: 1
-# namespace of MR Topic Factory
-MR.TopicFactoryNS: org.onap.dmaap.mr.topicFactory
-
-# AAF Role assigned to Topic Manager Identity
-MR.TopicMgrRole: org.onap.dmaap-bc-topic-mgr.client
-
-# MR topic ProjectID (used in certain topic name generation formats)
-MR.projectID: mr
-
# Use Basic Authentication when provisioning topics
-MR.authentication: basicAuth
+MR.authentication: none
-# MR topic name style (default is FQTN_LEGACY_FORMAT)
-#MR.topicStyle: FQTN_LEGACY_FORMAT
+ApiPermission.Class: org.onap.dmaap.dbcapi.authentication.AllowAll
#
# end of MR Related Properties
################################################################################
-
-#####################################################
-#
-# Settings for Southbound API: CADI
-#
-#####################################################
-# path to cadi.properties
-cadi.properties: /opt/app/osaaf/local/org.onap.dmaap-bc.props
-
-#####################################################
-#
-# Settings for Southbound API: AAF proxy
-#
-#####################################################
-# URL of the AAF server
-aaf.URL: {{ .Values.aafURL }}
-
-# TopicMgr Identity
-aaf.TopicMgrUser: {{ .Values.topicMgrUser }}
-
-# Password for TopicMgr identity
-aaf.TopicMgrPassword: {{ .Values.topicMgrPwd }}
-
-# Buscontroller Admin Identity
-aaf.AdminUser: {{ .Values.adminUser }}
-
-# Admin Password
-aaf.AdminPassword: {{ .Values.adminPwd }}
-
-# Identity that is owner of any created namespaces for topics
-aaf.NsOwnerIdentity: {{ .Values.adminUser }}
-
-
-# this overrides the Class used for Decryption.
-# This allows for a plugin encryption/decryption method if needed.
-# Call this Class for decryption at runtime.
-#AafDecryption.Class: com.company.proprietaryDecryptor
-
-# location of the codec keyfile used to decrypt passwords in this properties file before they are passed to AAF
-# Not used in ONAP, but possibly used with Decryption override class.
-#CredentialCodeKeyfile: etc/LocalKey
-
-#
-# endof AAF Properties
-####################################################
-
-
-#####################################################
-#
-# Settings for authorization of DBCAPI
-#
-#####################################################
-# Namespace for URI values for the API used to create AAF permissions
-# e.g. if ApiNamespace is X.Y.dmaapbc.api then for URI /mr_clients we create AAF perm X.Y.dmaapbc.api.mr_clients
-ApiNamespace: org.onap.dmaap-bc.api
-
-# If API authorization is required, then implement a class to enforce it.
-# This overrides the Class used for API permission check.
-ApiPermission.Class: org.onap.dmaap.dbcapi.authentication.AllowAll
-
-#####################################################
-#
-# Settings for Southbound API: MirrorMaker provisioning
-#
-#####################################################
-# AAF Role of client publishing MM prov cmds
-MM.ProvRole: org.onap.dmaap-bc-mm-prov.prov
-
-# AAF identity when publishing MM prov cmds
-MM.ProvUserMechId: dmaap-bc-mm-prov@dmaap-bc-mm-prov.onap.org
-
-# pwd for Identity used to publish MM prov cmds
-MM.ProvUserPwd: demo123456!
-
-# AAF Role of MirrorMaker agent subscribed to prov cmds.
-MM.AgentRole: org.onal.dmaap-bc-mm-prov.agent
-
#####################################################
#
# Certificate Management
#
#####################################################
-
-# Indicates how we are expecting certificates to be provided:
-# cadi - a set of artifacts will be downloaded from AAF at deployment time, and details will be in a cadi properties file
-# legacy (default) - artifacts will be installed manually or some other way and details will be in this file
-CertificateManagement: cadi
-
-# When CertificateManagement is cadi, then this is where all the cadi properties will be.
-# Note that the cadi properties include where the cert is, and the encrypted passwords to read.
-cadi.properties: /opt/app/osaaf/local/org.onap.dmaap-bc.props
-
-###########################################################################################
# When CertificateManagement is legacy, we need to provide more details about cert handling:
#CertificateManagement: legacy
# the type of keystore for https (for legacy CertificateManagment only)
#TrustStorePassword: changeit
#
# END OF legacy CertificateManagement properties
-###########################################################################################
-
-
-#####################################################
-#
-# HTTP Server Configuration
-#
-#####################################################
-
-# Allow http access to dbcapi
-HttpAllowed: true
-
-# listen to http port within this container (server)
-IntHttpPort: 8080
-
-# listen to https port within this container (server)
-# set to 0 if no certificates are available.
-IntHttpsPort: 8443
-
-
-
-inHttpsPort: 0
-
-#####################################################
-#
-# Deprecated
-#
-#####################################################
-# csit: stubs out some southbound APIs for csit (deprecated)
-#csit: No
-# name of this DMaaP instance (deprecated)
-#DmaapName: demo
-# external port number for https taking port mapping into account (deprecated)
-#ExtHttpsPort: 443
-# path to the file used to trigger an orderly shutdown (deprecated)
-#QuiesceFile: etc/SHUTDOWN
-# FQDN of DR Prov Server (deprecated)
-#DR.provhost: dcae-drps.domain.not.set
-# root of topic namespace (decrecated)
-#topicNsRoot: org.onap.dcae.dmaap
+##########################################################################################
{
-
"dcaeLayer": "kubernetes-central",
"dcaeLocationName": "san-francisco"
}
{
-{{ if eq .Values.fixedTopicNamespace true }}
- "dmaapName": "mr",
-{{- else -}}
"dmaapName": "{{ include "common.namespace" . }}",
-{{- end}}
- "drProvUrl": "https://dmaap-dr-prov",
+ "drProvUrl": "http://{{ .Values.dmaapDataRouterProvService }}:8080",
"version": "1",
"topicNsRoot": "org.onap.dmaap",
"bridgeAdminTopic": "DCAE_MM_AGENT"
--- /dev/null
+{
+ "feedName": "dmaapbc-test-feed",
+ "feedVersion": "1.0",
+ "feedDescription": "test provisioning feed",
+ "asprClassification": "unclassified",
+ "owner": "dmaapbc"
+}
\ No newline at end of file
--- /dev/null
+
+<!--
+ ============LICENSE_START==========================================
+ org.onap.dmaap
+ ===================================================================
+ Copyright © 2018 AT&T Intellectual Property. All rights reserved.
+ ===================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ ============LICENSE_END============================================
+ ECOMP is a trademark and service mark of AT&T Intellectual Property.
+-->
+
+<configuration scan="false" scanPeriod="3 seconds">
+ <!--<jmxConfigurator /> -->
+ <!-- directory path for all other type logs -->
+ <property name="logDir" value="logs" />
+ <!-- specify the component name -->
+ <property name="componentName" value="ONAP"/>
+
+ <!-- log file names -->
+ <property name="generalLogName" value="application" />
+ <property name="securityLogName" value="security" />
+ <property name="performanceLogName" value="performance" />
+ <property name="serverLogName" value="server" />
+ <property name="policyLogName" value="policy" />
+ <property name="errorLogName" value="error" />
+ <property name="metricsLogName" value="metrics" />
+ <property name="auditLogName" value="audit" />
+ <property name="debugLogName" value="debug" />
+
+ <property name="defaultPattern" value="%date{ISO8601,UTC}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Timer}|%msg%n" />
+
+ <property name="auditLoggerPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}|%msg%n" />
+ <property name="metricsLoggerPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{TargetVirtualEntity}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}|%msg%n" />
+ <property name="errorLoggerPattern" value="%date{ISO8601,UTC}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%.-5level|%X{ErrorCode}|%X{ErrorDescription}|%msg%n" />
+ <property name="debugLoggerPattern" value="%date{ISO8601,UTC}|%X{RequestId}|%thread|%msg%n" />
+
+ <property name="logDirectory" value="${logDir}/${componentName}" />
+
+ <!-- Example evaluator filter applied against console appender -->
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <pattern>${defaultPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <!-- ============================================================================ -->
+ <!-- EELF Appenders -->
+ <!-- ============================================================================ -->
+
+ <!-- The EELFAppender is used to record events to the general application
+ log -->
+
+
+ <appender name="EELF"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${generalLogName}.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <fileNamePattern>${logDirectory}/${generalLogName}.%i.log.zip
+ </fileNamePattern>
+ <minIndex>1</minIndex>
+ <maxIndex>9</maxIndex>
+ </rollingPolicy>
+ <triggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>50MB</maxFileSize>
+ </triggeringPolicy>
+ <encoder>
+ <pattern>${defaultPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncEELF" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELF" />
+ </appender>
+
+ <!-- EELF Security Appender. This appender is used to record security events
+ to the security log file. Security events are separate from other loggers
+ in EELF so that security log records can be captured and managed in a secure
+ way separate from the other logs. This appender is set to never discard any
+ events. -->
+ <appender name="EELFSecurity"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${securityLogName}.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <fileNamePattern>${logDirectory}/${securityLogName}.%i.log.zip
+ </fileNamePattern>
+ <minIndex>1</minIndex>
+ <maxIndex>9</maxIndex>
+ </rollingPolicy>
+ <triggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>50MB</maxFileSize>
+ </triggeringPolicy>
+ <encoder>
+ <pattern>${defaultPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncEELFSecurity" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <discardingThreshold>0</discardingThreshold>
+ <appender-ref ref="EELFSecurity" />
+ </appender>
+
+ <!-- EELF Performance Appender. This appender is used to record performance
+ records. -->
+ <appender name="EELFPerformance"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${performanceLogName}.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <fileNamePattern>${logDirectory}/${performanceLogName}.%i.log.zip
+ </fileNamePattern>
+ <minIndex>1</minIndex>
+ <maxIndex>9</maxIndex>
+ </rollingPolicy>
+ <triggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>50MB</maxFileSize>
+ </triggeringPolicy>
+ <encoder>
+ <pattern>${defaultPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="asyncEELFPerformance" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFPerformance" />
+ </appender>
+
+ <!-- EELF Server Appender. This appender is used to record Server related
+ logging events. The Server logger and appender are specializations of the
+ EELF application root logger and appender. This can be used to segregate Server
+ events from other components, or it can be eliminated to record these events
+ as part of the application root log. -->
+ <appender name="EELFServer"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${serverLogName}.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <fileNamePattern>${logDirectory}/${serverLogName}.%i.log.zip
+ </fileNamePattern>
+ <minIndex>1</minIndex>
+ <maxIndex>9</maxIndex>
+ </rollingPolicy>
+ <triggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>50MB</maxFileSize>
+ </triggeringPolicy>
+ <encoder>
+ <pattern>${defaultPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="asyncEELFServer" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFServer" />
+ </appender>
+
+
+ <!-- EELF Policy Appender. This appender is used to record Policy engine
+ related logging events. The Policy logger and appender are specializations
+ of the EELF application root logger and appender. This can be used to segregate
+ Policy engine events from other components, or it can be eliminated to record
+ these events as part of the application root log. -->
+ <appender name="EELFPolicy"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${policyLogName}.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <fileNamePattern>${logDirectory}/${policyLogName}.%i.log.zip
+ </fileNamePattern>
+ <minIndex>1</minIndex>
+ <maxIndex>9</maxIndex>
+ </rollingPolicy>
+ <triggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>50MB</maxFileSize>
+ </triggeringPolicy>
+ <encoder>
+ <pattern>${defaultPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="asyncEELFPolicy" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFPolicy" />
+ </appender>
+
+
+ <!-- EELF Audit Appender. This appender is used to record audit engine
+ related logging events. The audit logger and appender are specializations
+ of the EELF application root logger and appender. This can be used to segregate
+ Policy engine events from other components, or it can be eliminated to record
+ these events as part of the application root log. -->
+
+ <appender name="EELFAudit"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${auditLogName}.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <fileNamePattern>${logDirectory}/${auditLogName}.%i.log.zip
+ </fileNamePattern>
+ <minIndex>1</minIndex>
+ <maxIndex>9</maxIndex>
+ </rollingPolicy>
+ <triggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>50MB</maxFileSize>
+ </triggeringPolicy>
+ <encoder>
+ <pattern>${auditLoggerPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFAudit" />
+ </appender>
+
+<appender name="EELFMetrics"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${metricsLogName}.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <fileNamePattern>${logDirectory}/${metricsLogName}.%i.log.zip
+ </fileNamePattern>
+ <minIndex>1</minIndex>
+ <maxIndex>9</maxIndex>
+ </rollingPolicy>
+ <triggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>50MB</maxFileSize>
+ </triggeringPolicy>
+ <encoder>
+ <pattern>${metricsLoggerPattern}</pattern>
+ </encoder>
+ </appender>
+
+
+ <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFMetrics"/>
+ </appender>
+
+ <appender name="EELFError"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${errorLogName}.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <fileNamePattern>${logDirectory}/${errorLogName}.%i.log.zip
+ </fileNamePattern>
+ <minIndex>1</minIndex>
+ <maxIndex>9</maxIndex>
+ </rollingPolicy>
+ <triggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>50MB</maxFileSize>
+ </triggeringPolicy>
+ <encoder>
+ <pattern>${errorLoggerPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFError"/>
+ </appender>
+
+ <appender name="EELFDebug"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${debugLogName}.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <fileNamePattern>${logDirectory}/${debugLogName}.%i.log.zip
+ </fileNamePattern>
+ <minIndex>1</minIndex>
+ <maxIndex>9</maxIndex>
+ </rollingPolicy>
+ <triggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>50MB</maxFileSize>
+ </triggeringPolicy>
+ <encoder>
+ <pattern>${debugLoggerPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFDebug" />
+ <includeCallerData>true</includeCallerData>
+ </appender>
+
+
+ <!-- ============================================================================ -->
+ <!-- EELF loggers -->
+ <!-- ============================================================================ -->
+ <logger name="com.att.eelf" level="info" additivity="false">
+ <appender-ref ref="asyncEELF" />
+ </logger>
+ <logger name="com.att.eelf.security" level="info" additivity="false">
+ <appender-ref ref="asyncEELFSecurity" />
+ </logger>
+ <logger name="com.att.eelf.perf" level="info" additivity="false">
+ <appender-ref ref="asyncEELFPerformance" />
+ </logger>
+ <logger name="com.att.eelf.server" level="info" additivity="false">
+ <appender-ref ref="asyncEELFServer" />
+ </logger>
+ <logger name="com.att.eelf.policy" level="info" additivity="false">
+ <appender-ref ref="asyncEELFPolicy" />
+ </logger>
+
+ <logger name="com.att.eelf.audit" level="info" additivity="false">
+ <appender-ref ref="asyncEELFAudit" />
+ </logger>
+
+ <logger name="com.att.eelf.metrics" level="info" additivity="false">
+ <appender-ref ref="asyncEELFMetrics" />
+ </logger>
+
+
+ <logger name="com.att.eelf.error" level="error" additivity="false">
+ <appender-ref ref="asyncEELFError" />
+ </logger>
+
+ <logger name="com.att.eelf.debug" level="debug" additivity="false">
+ <appender-ref ref="asyncEELFDebug" />
+ </logger>
+
+ <root level="ERROR">
+ <appender-ref ref="asyncEELF" />
+ <appender-ref ref="STDOUT" />
+ </root>
+</configuration>
{
"dcaeLocationName": "san-francisco",
- "fqdn": "message-router",
+ "fqdn": "{{ .Values.dmaapMessageRouterService }}",
"topicProtocol": "http",
"topicPort": "3904"
}
+++ /dev/null
-{
- "topicName": "PNF_READY",
- "topicDescription": "This topic will be used to publish the PNF_READY events generated by the PNF REgistration Handler service in the DCAE platform.",
- "owner": "PNFRegistrationHandler",
- "tnxEnabled": false,
- "clients": [
- {
- "dcaeLocationName": "san-francisco",
- "clientRole": "org.onap.dmaap.mr.PNF_READY.pub",
- "action": [
- "pub",
- "view"
- ]
-
- }
- ]
-}
+++ /dev/null
-{
- "topicName": "PNF_REGISTRATION",
- "topicDescription": "the VES collector will be publishing pnfRegistration events in this topic",
- "owner": "VEScollector",
- "tnxEnabled": false,
- "clients": [
- {
- "dcaeLocationName": "san-francisco",
- "clientRole": "org.onap.dmaap.mr.PNF_REGISTRATION.sub",
- "action": [
- "sub",
- "view"
- ]
-
- }
- ]
-}
+++ /dev/null
-{
- "topicName": "mirrormakeragent",
- "topicDescription": "the topic used to provision the MM agent whitelist",
- "replicationCase": "REPLICATION_NONE",
- "owner": "dmaap",
- "tnxEnabled": false,
- "partitionCount": "1",
- "clients": [
- {
- "dcaeLocationName": "san-francisco",
- "clientIdentity": "dmaap-bc-mm-prov@dmaap-bc-mm-prov.onap.org",
- "action": [
- "pub",
- "sub",
- "view"
- ]
- },
- {
- "dcaeLocationName": "san-francisco",
- "clientIdentity": "dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org",
- "action": [
- "pub",
- "sub",
- "view"
- ]
- },
- {
- "dcaeLocationName": "san-francisco",
- "clientIdentity": "demo@people.osaaf.org",
- "action": [
- "pub",
- "sub",
- "view"
- ]
- }
- ]
-}
\ No newline at end of file
--- /dev/null
+{
+ "topicName": "dmaapbc-test-topic",
+ "topicDescription": "test provisioning topic",
+ "owner": "dmaapbc",
+ "clients": [{
+ "dcaeLocationName": "san-francisco",
+ "clientRole": "org.onap.dmaap.mr.test.pub",
+ "action": [
+ "pub",
+ "view"
+ ]}
+ ]
+}
+++ /dev/null
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright © 2018 Amdocs,Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}-prov)
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
# limitations under the License.
*/}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-log
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/log/logback.xml").AsConfig . | indent 2 }}
+---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-config
namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
---
metadata:
name: {{ include "common.fullname" . }}-dbc-dmaap
namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/dmaap/*.json").AsConfig . | indent 2 }}
---
metadata:
name: {{ include "common.fullname" . }}-dbc-dcaelocations
namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/dcaeLocations/*.json").AsConfig . | indent 2 }}
---
metadata:
name: {{ include "common.fullname" . }}-dr-nodes
namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/dr_nodes/*.json").AsConfig . | indent 2 }}
---
metadata:
name: {{ include "common.fullname" . }}-feeds
namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/feeds/*.json").AsConfig . | indent 2 }}
---
metadata:
name: {{ include "common.fullname" . }}-mr-clusters
namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/mr_clusters/*.json").AsConfig . | indent 2 }}
---
metadata:
name: {{ include "common.fullname" . }}-topics
namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/topics/*.json").AsConfig . | indent 2 }}
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
{{ include "common.podSecurityContext" . | indent 6 | trim}}
-{{- if .Values.PG.enabled }}
- initContainers:
+ initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 6 }}
+ {{- if .Values.usePostgres }}
- command:
- sh
args:
- -c
- "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; done"
env:
- - name: PG_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 10 }}
- - name: PG_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }}
+ - name: PG_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 12 }}
+ - name: PG_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 12 }}
volumeMounts:
- - mountPath: /config-input
- name: {{ include "common.name" . }}-config-input
- - mountPath: /config
- name: {{ include "common.name" . }}-config
- image: {{ include "repositoryGenerator.image.envsubst" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ - mountPath: /config-input
+ name: {{ include "common.name" . }}-config-input
+ - mountPath: /config
+ name: {{ include "common.name" . }}-config
name: {{ include "common.name" . }}-update-config
-{{ include "common.certInitializer.initContainer" . | nindent 6 }}
-{{- if .Values.global.aafEnabled }}
- - name: {{ include "common.name" . }}-permission-fixer
- securityContext:
- runAsUser: 0
- image: {{ include "repositoryGenerator.image.busybox" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- command: ["chown","-Rf","1000:1001", "/opt/app/"]
-# See AAF-425 for explanation of why this is needed.
-# This artifact is provisioned in AAF for both pks12 and jks format and apparently
-# the cadi library is not using the jks password on the jks keystore.
-# So, this attempts to "fix" the credential property file until this is fixed properly.
- - name: {{ include "common.name" . }}-cred-fixer
- image: {{ include "repositoryGenerator.image.busybox" . }}
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- command: ["/bin/sh"]
- args: [ "-c", "sed -i -e '/cadi_keystore_password=/d' -e '/cadi_keystore_password_jks/p' -e 's/cadi_keystore_password_jks/cadi_keystore_password/' -e 's/dmaap-bc.p12/dmaap-bc.jks/' /opt/app/osaaf/local/org.onap.dmaap-bc.cred.props" ]
-{{- end }}
- - name: {{ include "common.name" . }}-postgres-readiness
- securityContext:
- runAsUser: 100
- runAsGroup: 65533
- command:
+ - command:
- /app/ready.py
args:
- --container-name
- {{ .Values.postgres.nameOverride }}
- - --container-name
- - message-router
- - --container-name
- - dmaap-dr-node
+ securityContext:
+ runAsUser: 100
+ runAsGroup: 65533
env:
- name: NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ name: {{ include "common.name" . }}-postgres-readiness
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-{{- end }}
+ {{- end }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
httpGet:
port: {{ .Values.liveness.port }}
path: /webapi/topics
- scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end -}}
httpGet:
port: {{ .Values.readiness.port }}
path: /webapi/topics
- scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
+ volumeMounts:
- mountPath: /etc/localtime
name: localtime
readOnly: true
-# NOTE: on the following several configMaps, careful to include / at end
-# since there may be more than one file in each mountPath
- name: {{ include "common.name" . }}-config
mountPath: /opt/app/config/conf/
- resources: {{ include "common.resources" . | nindent 12 }}
+ - mountPath: /opt/app/dmaapbc/etc/logback.xml
+ name: {{ include "common.fullname" . }}-log-conf
+ subPath: logback.xml
+ resources:
+{{ include "common.resources" . }}
{{- if .Values.nodeSelector }}
nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
{{- end -}}
affinity: {{ toYaml .Values.affinity | nindent 10 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
+ volumes:
- name: localtime
hostPath:
path: /etc/localtime
+ - name: {{ include "common.fullname" . }}-log-conf
+ configMap:
+ name: {{ include "common.fullname" . }}-log
+ {{- if .Values.usePostgres }}
- name: {{ include "common.name" . }}-config-input
configMap:
name: {{ include "common.fullname" . }}-config
- name: {{ include "common.name" . }}-config
emptyDir:
medium: Memory
+ {{- else }}
+ - name: {{ include "common.name" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}-config
+ {{- end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
+{{/*
+ # ============LICENSE_START===================================================
+ # Copyright (C) 2022 Nordix Foundation
+ # ============================================================================
+ # Licensed under the Apache License, Version 2.0 (the "License");
+ # you may not use this file except in compliance with the License.
+ # You may obtain a copy of the License at
+ #
+ # http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # Unless required by applicable law or agreed to in writing, software
+ # distributed under the License is distributed on an "AS IS" BASIS,
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+ #
+ # SPDX-License-Identifier: Apache-2.0
+ # ============LICENSE_END=====================================================
+*/}}
apiVersion: batch/v1
kind: Job
metadata:
- /app/ready.py
args:
- --container-name
- - dmaap-bc
+ - {{ include "common.name" . }}
env:
- name: NAMESPACE
valueFrom:
fieldPath: metadata.namespace
containers:
- name: dmaap-provisioning-job
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.clientImage }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbcClientImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
- name: DELAY
value: "0"
- {{- if or (include "common.onServiceMesh" .) .Values.global.allow_http }}
- name: PROTO
value: "http"
- name: PORT
value: "8080"
- {{ end }}
- name: REQUESTID
value: "{{.Chart.Name}}-dmaap-provisioning"
volumeMounts:
mountPath: /opt/app/config/mr_clusters/
- name: {{ include "common.fullname" . }}-topics
mountPath: /opt/app/config/topics/
- resources: {{ include "common.resources" . | nindent 10 }}
+ resources:
+{{ include "common.resources" . }}
{{ include "common.waitForJobContainer" . | indent 6 | trim }}
{{- if .Values.nodeSelector }}
nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
+{{/*
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
+# Modifications Copyright © 2018 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
{{ include "common.ingress" . }}
-
# Modifications Copyright © 2019 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# Global configuration defaults.
#################################################################
global:
- nodePortPrefix: 302
+ persistence: {}
+#################################################################
+# Secrets metaconfig
+#################################################################
secrets:
- uid: pg-root-pass
name: &pgRootPassSecretName '{{ include "common.release" . }}-dmaap-bc-pg-root-pass'
#################################################################
# Application configuration defaults.
#################################################################
-pullPolicy: Always
-
# application images
-image: onap/dmaap/dmaap-bc:2.0.10
+image: onap/dmaap/dmaap-bc:2.0.11
+pullPolicy: Always
+#DMaaP Bus Controller client image for provisioning at deploy time
+dbcClientImage: onap/dmaap/dbc-client:2.0.11
# application configuration
-dmaapMessageRouterService: message-router
-
-# change the following value to point to Windriver instance maintained
-# by AAF team.
-# e.g.
-#aafURL: https://aaf-onap-test.osaaf.org:8095/proxy/
-aafURL: https://aaf-service:8100/
-aafLocateUrl: https://aaf-locate:8095
-topicMgrUser: dmaap-bc@dmaap-bc.onap.org
-topicMgrPwd: demo123456!
-adminUser: aaf_admin@people.osaaf.org
-adminPwd: demo123456!
-
-#################################################################
-# AAF part
-#################################################################
-certInitializer:
- nameOverride: dmaap-bc-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: dmaap-bc
- fqi: dmaap-bc@dmaap-bc.onap.org
- publicFqdn: dmaap-bc.onap.org
- cadiLatitude: 0.0
- cadiLongitude: 0.0
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
-
-persistence:
- aafCredsPath: /opt/app/osaaf/local/
-
-# for Casablanca default deployment, leave this true to
-# get a topic namespace that matches MR. When set to false,
-# it will compose the topic namespace using the kubernetes namespace value
-fixedTopicNamespace: true
-
-# for quicker deployments in dev, ability to disable using postgres
-PG:
- enabled: true
+dmaapMessageRouterService: &mr_name message-router
+dmaapDataRouterProvService: &dr_prov_name dmaap-dr-prov
+dmaapDataRouterNodeService: &dr_node_name dmaap-dr-node
nodeSelector: {}
affinity: {}
+containerPort: &svc_port 8080
+
+service:
+ type: ClusterIP
+ name: &svc_name dmaap-bc
+ ports:
+ - name: &port http
+ port: *svc_port
+
+ingress:
+ enabled: false
+ service:
+ - baseaddr: "dmaap-bc-api"
+ name: *svc_name
+ port: *svc_port
+ config:
+ ssl: "redirect"
+
# probe configuration parameters
liveness:
initialDelaySeconds: 10
periodSeconds: 10
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
- port: api
+ port: *svc_port
enabled: true
readiness:
initialDelaySeconds: 10
periodSeconds: 10
- port: api
-
-
-service:
- type: NodePort
- name: dmaap-bc
- ports:
- - name: api
- port: 8443
- plain_port: 8080
- port_protocol: http
- nodePort: 42
+ port: *svc_port
+usePostgres: &use_pg true
-# application configuration override for postgres
postgres:
- nameOverride: dbc-pg
+# For Dev deployments, use in memory DB
+# postgres
+# enabled: false
+ enabled: true
+ nameOverride: &pg_name dbc-postgres
service:
- name: dbc-postgres
+ name: *pg_name
name2: dbc-pg-primary
name3: dbc-pg-replica
container:
mountSubPath: dbc/data
mountInitPath: dbc
-ingress:
- enabled: false
- service:
- - baseaddr: "dmaap-bc-api"
- name: "dmaap-bc"
- port: 8443
- plain_port: 8080
- config:
- ssl: "redirect"
-
# Resource Limit flavor -By Default using small
flavor: small
-securityContext:
- user_id: 1000
- group_id: 101
-
# Segregation for Different environment (Small and Large)
resources:
small:
memory: 2Gi
unlimited: {}
+securityContext:
+ user_id: 1000
+ group_id: 101
+
#Pods Service Account
serviceAccount:
- nameOverride: dmaap-bc
+ nameOverride: *svc_name
roles:
- read
+readinessCheck:
+ wait_for:
+ - *mr_name
+ - *dr_node_name
+
wait_for_job_container:
containers:
- - 'dmaap-provisioning-job'
-
+ - 'dmaap-provisioning-job'
\ No newline at end of file
- name: serviceAccount
version: ~12.x-0
repository: '@local'
- - name: certInitializer
+ - name: readinessCheck
version: ~12.x-0
repository: '@local'
+++ /dev/null
-{{/*
-# ============LICENSE_START=======================================================
-# Copyright (C) 2019 The Nordix Foundation. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-*/}}
-
-# dmaap-dr-node filebeat.yml
-filebeat.prospectors:
-#it is mandatory, in our case it's log
-- input_type: log
- #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory.
- paths:
- - /var/log/onap/*/*/*/*.log
- - /var/log/onap/*/*/*.log
- - /var/log/onap/*/*.log
- #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive
- ignore_older: 48h
- # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit
- clean_inactive: 96h
-
-
-# Name of the registry file. If a relative path is used, it is considered relative to the
-# data path. Else full qualified file name.
-#filebeat.registry_file: ${path.data}/registry
-
-
-output.logstash:
- #List of logstash server ip addresses with port number.
- #But, in our case, this will be the loadbalancer IP address.
- #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately.
- hosts: ["{{.Values.global.logstashServiceName}}.{{.Release.Namespace}}:{{.Values.global.logstashPort}}"]
- #If enable will do load balancing among available Logstash, automatically.
- loadbalance: true
-
- #The list of root certificates for server verifications.
- #If certificate_authorities is empty or not set, the trusted
- #certificate authorities of the host system are used.
- #ssl.certificate_authorities: $ssl.certificate_authorities
-
- #The path to the certificate for SSL client authentication. If the certificate is not specified,
- #client authentication is not available.
- #ssl.certificate: $ssl.certificate
-
- #The client certificate key used for client authentication.
- #ssl.key: $ssl.key
-
- #The passphrase used to decrypt an encrypted key stored in the configured key file
- #ssl.key_passphrase: $ssl.key_passphrase
</logger>
- <root level="{{.Values.config.dmaapDrNode.logLevel}}">
+ <root level="{{.Values.logLevel}}">
<appender-ref ref="asyncAudit" />
<appender-ref ref="asyncMetrics" />
<appender-ref ref="asyncDebug" />
#
#ProvisioningURL: ${DRTR_PROV_INTURL}
*/}}
-ProvisioningURL=https://{{ .Values.global.dmaapDrProvName }}:{{ .Values.global.dmaapDrProvExtPort2 }}/internal/prov
+ProvisioningURL=http://{{ .Values.global.dmaapDrProvName }}:8080/internal/prov
#
# URL to upload PUB/DEL/EXP logs
#
#LogUploadURL: ${DRTR_LOG_URL}
-LogUploadURL=https://{{ .Values.global.dmaapDrProvName }}:{{ .Values.global.dmaapDrProvExtPort2 }}/internal/logs
+LogUploadURL=http://{{ .Values.global.dmaapDrProvName }}:8080/internal/logs
#
# The port number for http as seen within the server
#
#IntHttpPort: ${DRTR_NODE_INTHTTPPORT:-8080}
-IntHttpPort={{ include "common.getPort" (dict "global" . "name" "api" "getPlain" true) }}
+IntHttpPort={{ .Values.containerPort }}
#
# The port number for https as seen within the server
#
-IntHttpsPort={{ include "common.getPort" (dict "global" . "name" "api") }}
+IntHttpsPort={{ .Values.containerPort }}
#
# The external port number for https taking port mapping into account
#
# DR_NODE DEFAULT ENABLED TLS PROTOCOLS
NodeHttpsProtocols = TLSv1.1|TLSv1.2
#
+# AAF CADI enabled flag
+CadiEnabled = false
+#
# AAF type to generate permission string
AAFType = org.onap.dmaap-dr.feed
#
# AAF action to generate permission string - default should be publish
AAFAction = publish
#
-# AAF CADI enabled flag
-CadiEnabled = false
-#
# AAF Props file path
-AAFPropsFilePath = {{ .Values.certInitializer.credsPath }}/org.onap.dmaap-dr.props
+AAFPropsFilePath = /opt/app/osaaf/local/org.onap.dmaap-dr.props
+#
+# https security required for publish request
+TlsEnabled = false
\ No newline at end of file
+++ /dev/null
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{.Values.config.dmaapDrNode.externalPort}}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ include "common.getPort" (dict "global" . "name" "api" "getPlain" true) }}
-{{- end }}
apiVersion: v1
kind: ConfigMap
metadata:
- name: {{ include "common.fullname" . }}-configmap
+ name: {{ include "common.fullname" . }}-node-props
namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/node.properties").AsConfig . | indent 2 }}
---
apiVersion: v1
kind: ConfigMap
namespace: {{ include "common.namespace" . }}
data:
{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-dbc-drnodes
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/dr_nodes/*.json").AsConfig . | indent 2 }}
----
-{{ include "common.log.configMap" . }}
+{{/*
+ # ============LICENSE_START===================================================
+ # Copyright (C) 2022 Nordix Foundation, Orange.
+ # ============================================================================
+ # Licensed under the Apache License, Version 2.0 (the "License");
+ # you may not use this file except in compliance with the License.
+ # You may obtain a copy of the License at
+ #
+ # http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # Unless required by applicable law or agreed to in writing, software
+ # distributed under the License is distributed on an "AS IS" BASIS,
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+ #
+ # SPDX-License-Identifier: Apache-2.0
+ # ============LICENSE_END=====================================================
+*/}}
+
{{ include "common.ingress" . }}
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
{{ include "common.podSecurityContext" . | indent 6 | trim}}
- initContainers: {{ include "common.certInitializer.initContainer" . | nindent 8 }}
- - name: {{ include "common.name" . }}-readiness
- securityContext:
- runAsUser: 100
- runAsGroup: 65533
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /app/ready.py
- args:
- - --container-name
- - dmaap-dr-prov
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
+ initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 8 }}
- name: {{ include "common.name" . }}-permission-fixer
securityContext:
runAsUser: 0
image: {{ include "repositoryGenerator.image.busybox" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- - mountPath: {{ .Values.persistence.spool.path }}
- name: {{ include "common.fullname" . }}-spool
- - mountPath: {{ .Values.persistence.event.path }}
- name: {{ include "common.fullname" . }}-event-logs
command: ["chown","-Rf","1000:1001", "/opt/app/"]
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-spool
+ mountPath: {{ .Values.persistence.spool.path }}
+ - name: {{ include "common.fullname" . }}-event-logs
+ mountPath: {{ .Values.persistence.event.path }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
port: {{.Values.readiness.port}}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- - mountPath: {{ .Values.persistence.spool.path }}
- name: {{ include "common.fullname" . }}-spool
- - mountPath: {{ .Values.persistence.event.path }}
- name: {{ include "common.fullname" . }}-event-logs
- - mountPath: /etc/localtime
- name: localtime
- readOnly: false
- - mountPath: /opt/app/datartr/etc/node.properties
- name: {{ include "common.fullname" . }}-config
- subPath: node.properties
- - mountPath: /opt/app/datartr/etc/logback.xml
- name: {{ include "common.fullname" . }}-log-conf
- subPath: logback.xml
- - mountPath: {{ .Values.global.loggingDirectory }}
- name: logs
- resources: {{ include "common.resources" . | nindent 12 }}
+ volumeMounts:
+ - mountPath: {{ .Values.persistence.spool.path }}
+ name: {{ include "common.fullname" . }}-spool
+ - mountPath: {{ .Values.persistence.event.path }}
+ name: {{ include "common.fullname" . }}-event-logs
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: false
+ - mountPath: /opt/app/datartr/etc/node.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: node.properties
+ - mountPath: /opt/app/datartr/etc/logback.xml
+ name: {{ include "common.fullname" . }}-log-conf
+ subPath: logback.xml
+ resources:
+{{ include "common.resources" . }}
{{- if .Values.nodeSelector }}
nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
{{- end -}}
{{- if .Values.affinity }}
affinity: {{ toYaml .Values.affinity | nindent 10 }}
{{- end }}
- # Filebeat sidecar container
- {{ include "common.log.sidecar" . | nindent 8 }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
+ volumes:
- name: localtime
hostPath:
path: /etc/localtime
- name: {{ include "common.fullname" . }}-config
configMap:
- name: {{ include "common.fullname" . }}-configmap
+ name: {{ include "common.fullname" . }}-node-props
items:
- key: node.properties
path: node.properties
- name: {{ include "common.fullname" . }}-log-conf
configMap:
name: {{ include "common.fullname" . }}-log
- {{ include "common.log.volumes" . | nindent 8 }}
- - name: logs
- emptyDir: {}
{{- if not .Values.persistence.enabled }}
- name: {{ include "common.fullname" . }}-event-logs
emptyDir: {}
# Global configuration defaults.
#################################################################
global:
- loggingDirectory: /var/log/onap/datarouter
persistence: {}
- aafEnabled: true
- centralizedLoggingEnabled: true
-
-#################################################################
-# AAF part
-#################################################################
-certInitializer:
- nameOverride: dmaap-dr-node-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: dmaap-dr-node
- fqi: dmaap-dr-node@dmaap-dr.onap.org
- public_fqdn: dmaap-dr.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- aaf_add_config: >
- echo "cadi_keystore_password_p12=$cadi_keystore_password_p12" > {{ .Values.credsPath }}/mycreds.prop
- echo "cadi_truststore_password=$cadi_truststore_password" >> {{ .Values.credsPath }}/mycreds.prop
+ dmaapDrProvName: dmaap-dr-prov
#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/dmaap/datarouter-node:2.1.11
+image: onap/dmaap/datarouter-node:2.1.12
pullPolicy: Always
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration - see parent values chart
-
# default number of instances
replicaCount: 1
affinity: {}
+# application configuration - see parent values chart
+# dr uses the EELF Logging framework https://github.com/att/EELF
+# and supports the following log levels: TRACE, DEBUG, INFO, WARN, ERROR, OFF
+logLevel: "DEBUG"
+
+containerPort: &svc_port 8080
+
+service:
+ type: ClusterIP
+ name: dmaap-dr-node
+ ports:
+ - name: http
+ port: *svc_port
+
+ingress:
+ enabled: false
+ service:
+ - baseaddr: "dmaap-dr-node-api"
+ name: "dmaap-dr-node"
+ port: *svc_port
+ config:
+ ssl: "redirect"
+
# probe configuration parameters
liveness:
initialDelaySeconds: 30
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
- port: api
+ port: *svc_port
readiness:
initialDelaySeconds: 30
periodSeconds: 10
- port: api
+ port: *svc_port
-## Persist data to a persitent volume
+## Persist data to a persistent volume
persistence:
enabled: true
mountPath: /dockerdata-nfs
labels:
app.kubernetes.io/component: event-logs
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets: {}
-
-ingress:
- enabled: false
- service:
- - baseaddr: "dmaap-dr-node-api"
- name: "dmaap-dr-node"
- port: 8443
- plain_port: 8080
- config:
- ssl: "redirect"
-
# Resource Limit flavor -By Default using small
flavor: small
-securityContext:
- user_id: 1000
- group_id: 1000
-
# Segregation for Different environment (Small and Large)
resources:
small:
memory: 2Gi
unlimited: {}
-service:
- type: NodePort
- name: dmaap-dr-node
- useNodePortExt: true
- both_tls_and_plain: true
- annotations:
- service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
- ports:
- - name: api
- port: 8443
- plain_port: 8080
- port_protocol: http
- nodePort: 94
-
-config:
- # dr node server configuration
- dmaapDrNode:
- # dr uses the EELF Logging framework https://github.com/att/EELF
- # and supports the following log levels: TRACE, DEBUG, INFO, WARN, ERROR, OFF
- logLevel: "INFO"
-
#Pods Service Account
serviceAccount:
nameOverride: dmaap-dr-node
roles:
- read
-#Log configuration
-log:
- path: /var/log/onap
+securityContext:
+ user_id: 1000
+ group_id: 1000
+
+readinessCheck:
+ wait_for:
+ - dmaap-dr-prov
- name: mariadb-init
version: ~12.x-0
repository: '@local'
- - name: certInitializer
+ - name: repositoryGenerator
version: ~12.x-0
repository: '@local'
- - name: repositoryGenerator
+ - name: readinessCheck
version: ~12.x-0
repository: '@local'
- name: serviceAccount
+++ /dev/null
-{{/*
-# ============LICENSE_START=======================================================
-# Copyright (C) 2019 The Nordix Foundation. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-*/}}
-
-# dmaap-dr-prov filebeat.yml
-filebeat.prospectors:
-#it is mandatory, in our case it's log
-- input_type: log
- #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory.
- paths:
- - /var/log/onap/*/*/*/*.log
- - /var/log/onap/*/*/*.log
- - /var/log/onap/*/*.log
- - /opt/app/datartr/logs/*.log
- #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive
- ignore_older: 48h
- # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit
- clean_inactive: 96h
-
-
-# Name of the registry file. If a relative path is used, it is considered relative to the
-# data path. Else full qualified file name.
-#filebeat.registry_file: ${path.data}/registry
-
-
-output.logstash:
- #List of logstash server ip addresses with port number.
- #But, in our case, this will be the loadbalancer IP address.
- #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately.
- hosts: ["{{.Values.global.logstashServiceName}}.{{.Release.Namespace}}:{{.Values.global.logstashPort}}"]
- #If enable will do load balancing among available Logstash, automatically.
- loadbalance: true
-
- #The list of root certificates for server verifications.
- #If certificate_authorities is empty or not set, the trusted
- #certificate authorities of the host system are used.
- #ssl.certificate_authorities: $ssl.certificate_authorities
-
- #The path to the certificate for SSL client authentication. If the certificate is not specified,
- #client authentication is not available.
- #ssl.certificate: $ssl.certificate
-
- #The client certificate key used for client authentication.
- #ssl.key: $ssl.key
-
- #The passphrase used to decrypt an encrypted key stored in the configured key file
- #ssl.key_passphrase: $ssl.key_passphrase
<appender-ref ref="asyncEELFDebug" />
</logger>
+ <logger name="com.att.eelf.server" level="info" additivity="false">
+ <appender-ref ref="asyncEELFServer" />
+ </logger>
+
<!-- logger name="com.att.eelf.security" level="info" additivity="false">
<appender-ref ref="asyncEELFSecurity" />
</logger>
<logger name="com.att.eelf.perf" level="info" additivity="false">
<appender-ref ref="asyncEELFPerformance" />
</logger>
- <logger name="com.att.eelf.server" level="info" additivity="false">
- <appender-ref ref="asyncEELFServer" />
- </logger>
+
<logger name="com.att.eelf.policy" level="info" additivity="false">
<appender-ref ref="asyncEELFPolicy" />
</logger>
<appender-ref ref="asyncEELFDebug" />
</logger-->
-
-
-
- <root level="{{.Values.config.dmaapDrProv.logLevel}}">
+ <root level="{{.Values.logLevel}}">
<appender-ref ref="asyncEELF" />
<appender-ref ref="asyncEELFError" />
<appender-ref ref="asyncEELFjettylog" />
<appender-ref ref="asyncEELFDebug" />
<appender-ref ref="STDOUT" />
</root>
-
</configuration>
\ No newline at end of file
#Jetty Server properties
-org.onap.dmaap.datarouter.provserver.http.port = {{.Values.config.dmaapDrProv.internalPort}}
-org.onap.dmaap.datarouter.provserver.https.port = {{.Values.config.dmaapDrProv.internalPort2}}
+org.onap.dmaap.datarouter.provserver.http.port = {{ .Values.containerPort }}
org.onap.dmaap.datarouter.provserver.https.relaxation = true
-org.onap.dmaap.datarouter.provserver.aafprops.path = /opt/app/osaaf/local/org.onap.dmaap-dr.props
+org.onap.dmaap.datarouter.provserver.tlsenabled = false
+org.onap.dmaap.datarouter.nodeserver.http.port = 8080
org.onap.dmaap.datarouter.provserver.accesslog.dir = /opt/app/datartr/logs
org.onap.dmaap.datarouter.provserver.spooldir = /opt/app/datartr/spool
org.onap.dmaap.datarouter.provserver.dbscripts = /opt/app/datartr/etc/misc
org.onap.dmaap.datarouter.provserver.logretention = 30
-#DMAAP-597 (Tech Dept) REST request source IP auth
-# relaxation to accommodate OOM kubernetes deploy
-org.onap.dmaap.datarouter.provserver.isaddressauthenabled = false
-
# Database access
org.onap.dmaap.datarouter.db.driver = org.mariadb.jdbc.Driver
org.onap.dmaap.datarouter.db.url = jdbc:mariadb://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{index .Values "mariadb-galera" "db" "name"}}
org.onap.dmaap.datarouter.db.login = ${DB_USERNAME}
org.onap.dmaap.datarouter.db.password = ${DB_PASSWORD}
-# PROV - DEFAULT ENABLED TLS PROTOCOLS
-org.onap.dmaap.datarouter.provserver.https.include.protocols = TLSv1.1|TLSv1.2
-
-# AAF config
-org.onap.dmaap.datarouter.provserver.cadi.enabled = false
-
-org.onap.dmaap.datarouter.provserver.aaf.feed.type = org.onap.dmaap-dr.feed
-org.onap.dmaap.datarouter.provserver.aaf.sub.type = org.onap.dmaap-dr.sub
-org.onap.dmaap.datarouter.provserver.aaf.instance = legacy
-org.onap.dmaap.datarouter.provserver.aaf.action.publish = publish
-org.onap.dmaap.datarouter.provserver.aaf.action.subscribe = subscribe
+++ /dev/null
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.config.dmaapDrProv.servicetype }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.config.dmaapDrProv.servicetype }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{.Values.config.dmaapDrProv.externalPort}}
-{{- else if contains "ClusterIP" .Values.config.dmaapDrProv.servicetype }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{.Values.config.dmaapDrProv.internalPort}}
-{{- end }}
{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
---
{{ include "common.log.configMap" . }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-dbc-feeds
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/feeds/*.json").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-dbc-drpubs
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/dr_pubs/*.json").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-dbc-drsubs
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/dr_subs/*.json").AsConfig . | indent 2 }}
*/}}
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
{{ include "common.podSecurityContext" . | indent 6 | trim}}
- hostname: {{ .Values.global.dmaapDrProvName }}
- initContainers:
- - name: {{ include "common.name" . }}-readiness
- securityContext:
- runAsUser: 100
- runAsGroup: 65533
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /app/ready.py
- args:
- - --job-name
- - {{ include "common.release" . }}-dmaap-dr-mariadb-init-config-job
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- {{- if .Values.global.aafEnabled }}
-
- {{ include "common.certInitializer.initContainer" . | nindent 8 }}
-
- - name: {{ include "common.name" . }}-permission-fixer
- securityContext:
- runAsUser: 0
- image: {{ include "repositoryGenerator.image.busybox" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- command: ["chown","-Rf","1000:1001", "/opt/app/"]
-
- {{ end }}
+ initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.config.dmaapDrProv.internalPort }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
- tcpSocket:
- port: {{ .Values.config.dmaapDrProv.internalPort }}
+ httpGet:
+ port: {{ .Values.liveness.port }}
+ path: /internal/prov
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end -}}
readinessProbe:
- tcpSocket:
- port: {{ .Values.config.dmaapDrProv.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
+ httpGet:
+ port: {{ .Values.liveness.port }}
+ path: /internal/prov
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
env:
- name: DB_USERNAME
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-dr-db-user-credentials" "key" "login") | indent 12 }}
- name: DB_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-dr-db-user-credentials" "key" "password") | indent 12 }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- - mountPath: /etc/localtime
- name: localtime
- readOnly: false
- - mountPath: /opt/app/datartr/etc/provserver.properties
- name: {{ include "common.fullname" . }}-config
- subPath: provserver.properties
- - mountPath: /opt/app/datartr/etc/logback.xml
- name: {{ include "common.fullname" . }}-log-conf
- subPath: logback.xml
- - mountPath: {{ .Values.global.loggingDirectory }}
- name: logs
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: false
+ - mountPath: /opt/app/datartr/etc/provserver.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: provserver.properties
+ - mountPath: /opt/app/datartr/etc/logback.xml
+ name: {{ include "common.fullname" . }}-log-conf
+ subPath: logback.xml
resources:
{{ include "common.resources" . }}
{{- if .Values.nodeSelector }}
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
- # Filebeat sidecar container
- {{ include "common.log.sidecar" . | nindent 8 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
+ volumes:
- name: localtime
hostPath:
path: /etc/localtime
- name: {{ include "common.fullname" . }}-log-conf
configMap:
name: {{ include "common.fullname" . }}-log
- {{ include "common.log.volumes" . | nindent 6 }}
- - name: logs
- emptyDir: {}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
+{{/*
+ # ============LICENSE_START===================================================
+ # Copyright (C) 2022 Nordix Foundation, Orange.
+ # ============================================================================
+ # Licensed under the Apache License, Version 2.0 (the "License");
+ # you may not use this file except in compliance with the License.
+ # You may obtain a copy of the License at
+ #
+ # http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # Unless required by applicable law or agreed to in writing, software
+ # distributed under the License is distributed on an "AS IS" BASIS,
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+ #
+ # SPDX-License-Identifier: Apache-2.0
+ # ============LICENSE_END=====================================================
+*/}}
+
{{ include "common.ingress" . }}
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ default "dmaap-dr-prov" .Values.global.dmaapDrProvName }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
- msb.onap.org/service-info: '[
- {
- "serviceName": "{{ .Values.global.dmaapDrProvName }}",
- "version": "v1",
- "url": "/",
- "protocol": "REST",
- "port": "{{ .Values.global.dmaapDrProvExtPort2 }}",
- "visualRange":"1"
- }
- ]'
-
-spec:
- type: {{ .Values.config.dmaapDrProv.servicetype }}
- ports:
- {{- if eq .Values.config.dmaapDrProv.servicetype "NodePort" -}}
- {{- if .Values.global.allow_http }}
- - port: {{ .Values.global.dmaapDrProvExtPort }}
- targetPort: {{ .Values.config.dmaapDrProv.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.config.dmaapDrProv.nodePort }}
- name: {{ .Values.config.dmaapDrProv.portName }}
- {{- end}}
- - port: {{ .Values.global.dmaapDrProvExtPort2 }}
- targetPort: {{ .Values.config.dmaapDrProv.internalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.config.dmaapDrProv.nodePort2 }}
- name: {{ .Values.config.dmaapDrProv.portName }}2
- {{- else -}}
- - port: {{ .Values.global.dmaapDrProvExtPort }}
- targetPort: {{ .Values.config.dmaapDrProv.internalPort }}
- name: {{ .Values.config.dmaapDrProv.portName }}
- - port: {{ .Values.global.dmaapDrProvExtPort2 }}
- targetPort: {{ .Values.config.dmaapDrProv.internalPort2 }}
- name: {{ .Values.config.dmaapDrProv.portName }}2
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }}
# Global configuration defaults.
#################################################################
global:
- nodePortPrefix: 302
- loggingDirectory: /opt/app/datartr/logs
- persistence: {}
- centralizedLoggingEnabled: true
mariadbGalera: &mariadbGalera
#This flag allows DMAAP-DR to instantiate its own mariadb-galera cluster
localCluster: false
# Application configuration defaults.
#################################################################
# application image
-image: onap/dmaap/datarouter-prov:2.1.11
+image: onap/dmaap/datarouter-prov:2.1.12
pullPolicy: Always
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration - see parent values chart
-
# default number of instances
replicaCount: 1
affinity: {}
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 30
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 30
- periodSeconds: 10
+containerPort: &svc_port 8080
-## Persist data to a persitent volume
-persistence:
- enabled: true
- volumeReclaimPolicy: Retain
- accessMode: ReadWriteOnce
- mountPath: /dockerdata-nfs
+service:
+ type: ClusterIP
+ name: dmaap-dr-prov
+ ports:
+ - name: &port http
+ port: *svc_port
ingress:
enabled: false
service:
- baseaddr: "dmaap-dr-prov-api"
name: "dmaap-dr-prov"
- port: 8443
- plain_port: 8080
+ port: *svc_port
config:
ssl: "redirect"
-config:
- # dr provisioning server configuration
- dmaapDrProv:
- servicetype: NodePort
- internalPort: 8080
- internalPort2: 8443
- portName: dr-prov-port
- portName2: dr-prov-port2
- nodePort: 59
- nodePort2: 69
- # dr uses the EELF Logging framework https://github.com/att/EELF
- # and supports the following log levels: TRACE, DEBUG, INFO, WARN, ERROR, OFF
- logLevel: "INFO"
+readinessCheck:
+ wait_for:
+ jobs:
+ - '{{ include "common.release" . }}-dmaap-dr-mariadb-init-config-job'
+
+# dr uses the EELF Logging framework https://github.com/att/EELF
+# and supports the following log levels: TRACE, DEBUG, INFO, WARN, ERROR, OFF
+logLevel: "DEBUG"
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 60
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+ port: *svc_port
+
+readiness:
+ initialDelaySeconds: 60
+ periodSeconds: 10
+ port: *svc_port
# mariadb-galera configuration
mariadb-galera:
mysqlDatabase: *mysqlDbName
nameOverride: dmaap-dr-mariadb-init
-#################################################################
-# AAF part
-#################################################################
-certInitializer:
- nameOverride: dmaap-dr-prov-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
-# aafDeployCredsExternalSecret: some secret
- fqdn: dmaap-dr-prov
- fqi: dmaap-dr-prov@dmaap-dr.onap.org
- publicFqdn: dmaap-dr.onap.org
- cadiLatitude: 0.0
- cadiLongitude: 0.0
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
-
-
# Resource Limit flavor -By Default using small
flavor: small
-securityContext:
- user_id: 1000
- group_id: 1000
-
# Segregation for Different environment (Small and Large)
resources:
small:
memory: 2Gi
unlimited: {}
+#Pods Security Context
+securityContext:
+ user_id: 1000
+ group_id: 1000
+
#Pods Service Account
serviceAccount:
nameOverride: dmaap-dr-prov
roles:
- read
-
-#Log configuration
-log:
- path: /var/log/onap
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- name: repositoryGenerator
version: ~12.x-0
repository: '@local'
## if you want to change request.required.acks it can take this one value
#kafka.request.required.acks=-1
kafka.metadata.broker.list={{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
-config.zk.servers=127.0.0.1:{{ .Values.global.zkTunnelService.internalPort }}
+config.zk.servers=127.0.0.1:{{ .Values.zkTunnelService.internalPort }}
consumer.timeout.ms=100
zookeeper.connection.timeout.ms=6000
zookeeper.session.timeout.ms=20000
#100mb
maxcontentlength=10000
-
##############################################################################
-#AAF Properties
-msgRtr.namespace.aaf=org.onap.dmaap.mr.topic
-msgRtr.topicfactory.aaf=org.onap.dmaap.mr.topicFactory|:org.onap.dmaap.mr.topic:
-enforced.topic.name.AAF=org.onap.dmaap.mr
+##AAF Properties
forceAAF=false
useCustomAcls=false
-transidUEBtopicreqd=false
-defaultNSforUEB=org.onap.dmaap.mr
-##############################################################################
-#Mirror Maker Agent
-
-msgRtr.mirrormakeradmin.aaf=org.onap.dmaap.mr.mirrormaker|*|admin
-msgRtr.mirrormakeruser.aaf=org.onap.dmaap.mr.mirrormaker|*|user
-msgRtr.mirrormakeruser.aaf.create=org.onap.dmaap.mr.topicFactory|:org.onap.dmaap.mr.topic:
-msgRtr.mirrormaker.timeout=15000
-msgRtr.mirrormaker.topic=org.onap.dmaap.mr.mirrormakeragent
-msgRtr.mirrormaker.consumergroup=mmagentserver
-msgRtr.mirrormaker.consumerid=1
kafka.max.poll.interval.ms=300000
kafka.heartbeat.interval.ms=60000
+++ /dev/null
-jmxUrl: service:jmx:rmi:///jndi/rmi://localhost:{{ .Values.prometheus.jmx.targetPort }}/jmxrmi
-lowercaseOutputName: true
-lowercaseOutputLabelNames: true
-ssl: false
\ No newline at end of file
+++ /dev/null
-###############################################################################
-# ============LICENSE_START=======================================================
-# org.onap.dmaap
-# ================================================================================
-# Copyright (c) 2017-201 AT&T Intellectual Property. All rights reserved.
-# Copyright (c) 2021 Orange Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-#
-# ECOMP is a trademark and service mark of AT&T Intellectual Property.
-#
-###############################################################################
-#This file is used for defining AJSC system properties for different configuration schemes and is necessary for the AJSC to run properly.
-#The sys-props.properties file is used for running locally. The template.sys-props.properties file will be used when deployed
-#to a SOA/CSI Cloud node. For more information,
-
-#AJSC System Properties. The following properties are required for ALL AJSC services. If you are adding System Properties for your
-#particular service, please add them AFTER all AJSC related System Properties.
-
-#For Cadi Authorization, use value="authentication-scheme-1
-CadiAuthN=authentication-scheme-1
-
-#For Basic Authorization, use value="authentication-scheme-1
-authN=authentication-scheme-2
-
-#Persistence used for AJSC meta-data storage. For most environments, "file" should be used.
-ajscPersistence=file
-
-# If using hawtio for local development, these properties will allow for faster server startup and usage for local development
-hawtio.authenticationEnabled=false
-hawtio.config.pullOnStartup=false
-
-#Removes the extraneous restlet console output
-org.restlet.engine.loggerFacadeClass=org.restlet.ext.slf4j.Slf4jLoggerFacade
-
-#server.host property to be enabled for local DME2 related testing
-#server.host=<Your network IP address>
-
-#Enable/disable SSL (values=true/false). This property also determines which protocol to use (https if true, http otherwise), to register services into GRM through DME2.
-enableSSL=false
-
-#Enable/disable csi logging (values=true/false). This can be disabled during local development
-csiEnable=false
-
-#Enable/disable CAET This can be disabled during local development
-isCAETEnable=true
-
-#Enable/disable EJB Container
-ENABLE_EJB=false
-
-#Enable/disable OSGI
-isOSGIEnable=false
-
-#Configure JMS Queue (WMQ/TIBCO)
-JMS_BROKER=WMQ
-
-#Generate/Skip api docs
-isApiDoc=false
-
-
-#WMQ connectivity
-JMS_WMQ_PROVIDER_URL=aftdsc://AFTUAT/34.07/-84.28
-JMS_WMQ_CONNECTION_FACTORY_NAME=aftdsc://AFTUAT/?service=CSILOG,version=1.0,bindingType=fusionBus,envContext=Q,Q30A=YES
-JMS_WMQ_INITIAL_CONNECTION_FACTORY_NAME=com.att.aft.jms.FusionCtxFactory
-JMS_WMQ_AUDIT_DESTINATION_NAME=queue:///CSILOGQL.M2E.DASHBOARD01.NOT.Q30A
-JMS_WMQ_PERF_DESTINATION_NAME=queue:///CSILOGQL.M2E.PERFORMANCE01.NOT.Q30A
-
-#CSI related variables for CSM framework
-csm.hostname=d1a-m2e-q112m2e1.edc.cingular.net
-
-#Enable/disable endpoint level logging (values=true/false). This can be disabled during local development
-endpointLogging=false
-
-#Enable/disable trail logging and trail logging summary
-enableTrailLogging=false
-enableTrailLoggingSummary=false
-
-#SOA_CLOUD_ENV is used to register your service with dme2 and can be turned off for local development (values=true/false).
-SOA_CLOUD_ENV=false
-
-#CONTINUE_ON_LISTENER_EXCEPTION will exit the application if there is a DME2 exception at the time of registration.
-CONTINUE_ON_LISTENER_EXCEPTION=false
-
-#Jetty Container ThreadCount Configuration Variables
-AJSC_JETTY_ThreadCount_MIN=1
-AJSC_JETTY_ThreadCount_MAX=200
-AJSC_JETTY_IDLETIME_MAX=3000
-
-#Camel Context level default threadPool Profile configuration
-CAMEL_POOL_SIZE=10
-CAMEL_MAX_POOL_SIZE=20
-CAMEL_KEEP_ALIVE_TIME=60
-CAMEL_MAX_QUEUE_SIZE=1000
-
-#File Monitor configurations
-ssf_filemonitor_polling_interval=5
-ssf_filemonitor_threadpool_size=10
-
-#GRM/DME2 System Properties
-AFT_DME2_CONN_IDLE_TIMEOUTMS=5000
-AJSC_ENV=SOACLOUD
-
-SOACLOUD_NAMESPACE=org.onap.dmaap.dev
-SOACLOUD_ENV_CONTEXT=TEST
-SOACLOUD_PROTOCOL=http
-SOACLOUD_ROUTE_OFFER=DEFAULT
-
-AFT_LATITUDE=23.4
-AFT_LONGITUDE=33.6
-AFT_ENVIRONMENT=AFTUAT
-
-#Restlet Component Default Properties
-RESTLET_COMPONENT_CONTROLLER_DAEMON=true
-RESTLET_COMPONENT_CONTROLLER_SLEEP_TIME_MS=100
-RESTLET_COMPONENT_INBOUND_BUFFER_SIZE=8192
-RESTLET_COMPONENT_MIN_THREADS=1
-RESTLET_COMPONENT_MAX_THREADS=10
-RESTLET_COMPONENT_LOW_THREADS=8
-RESTLET_COMPONENT_MAX_QUEUED=0
-RESTLET_COMPONENT_MAX_CONNECTIONS_PER_HOST=-1
-RESTLET_COMPONENT_MAX_TOTAL_CONNECTIONS=-1
-RESTLET_COMPONENT_OUTBOUND_BUFFER_SIZE=8192
-RESTLET_COMPONENT_PERSISTING_CONNECTIONS=true
-RESTLET_COMPONENT_PIPELINING_CONNECTIONS=false
-RESTLET_COMPONENT_THREAD_MAX_IDLE_TIME_MS=60000
-RESTLET_COMPONENT_USE_FORWARDED_HEADER=false
-RESTLET_COMPONENT_REUSE_ADDRESS=true
-
-#Externalized jar and properties file location. In CSI environments, there are a few libs that have been externalized to aid
-#in CSTEM maintenance of the versions of these libs. The most important to the AJSC is the DME2 lib. Not only is this lib necessary
-#for proper registration of your AJSC service on a node, but it is also necessary for running locally as well. Another framework
-#used in CSI envs is the CSM framework. These 2 framework libs are shown as "provided" dependencies within the pom.xml. These
-#dependencies will be copied into the target/commonLibs folder with the normal "mvn clean package" goal of the AJSC. They will
-#then be added to the classpath via AJSC_EXTERNAL_LIB_FOLDERS system property. Any files (mainly property files) that need
-#to be on the classpath should be added to the AJSC_EXTERNAL_PROPERTIES_FOLDERS system property. The default scenario when
-#testing your AJSC service locally will utilize the target/commonLibs directory for DME2 and CSM related artifacts and 2
-#default csm properties files will be used for local testing with anything CSM knorelated.
-#NOTE: we are using maven-replacer-plugin to replace "(doubleUnderscore)basedir(doubleUnderscore)" with ${basedir} within the
-#target directory for running locally. Multiple folder locations can be separated by the pipe ("|") character.
-#Please, NOTE: for running locally, we are setting this system property in the antBuild/build.xml "runLocal" target and in the
-#"runAjsc" profile within the pom.xml. This is to most effectively use maven variables (${basedir}, most specifically. Therefore,
-#when running locally, the following 2 properties should be set within the profile(s) themselves.
-#Example: target/commonLibs|target/otherLibs
-#AJSC_EXTERNAL_LIB_FOLDERS=__basedir__/target/commonLibs
-#AJSC_EXTERNAL_PROPERTIES_FOLDERS=__basedir__/ajsc-shared-config/etc
-#End of AJSC System Properties
-
-#Service System Properties. Please, place any Service related System Properties below.
-
-#msgrtr content length and error message
-#100mb
-maxcontentlength=10000
-msg_size_exceeds=Message size exceeds the default size.
-forceAAF=false
-cadi_prop_files={{.Values.certInitializer.appMountPath}}/local/{{.Values.certInitializer.fqi_namespace}}.properties
\ No newline at end of file
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- {{/*
- ============LICENSE_START=======================================================
- org.onap.dmaap
- ================================================================================
- Copyright © 2017-2021 AT&T Intellectual Property. All rights reserved.
- Copyright © 2021 Orange Intellectual Property. All rights reserved.
- ================================================================================
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- ============LICENSE_END=========================================================
- ECOMP is a trademark and service mark of AT&T Intellectual Property.
-*/}}
--->
-
-<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
-<Configure id="ajsc-server" class="org.eclipse.jetty.server.Server">
- <!-- DO NOT REMOVE!!!! This is setting up the AJSC Context -->
- <New id="ajscContext" class="org.eclipse.jetty.webapp.WebAppContext">
- <Set name="contextPath"><SystemProperty name="AJSC_CONTEXT_PATH" /></Set>
- <Set name="extractWAR">true</Set>
- <Set name="tempDirectory"><SystemProperty name="AJSC_TEMP_DIR" /></Set>
- <Set name="war"><SystemProperty name="AJSC_WAR_PATH" /></Set>
- <Set name="descriptor"><SystemProperty name="AJSC_HOME" />/etc/runner-web.xml</Set>
- <Set name="overrideDescriptor"><SystemProperty name="AJSC_HOME" />/etc/ajsc-override-web.xml</Set>
- <Set name="throwUnavailableOnStartupException">true</Set>
- <Set name="extraClasspath"><SystemProperty name="AJSC_HOME" />/extJars/json-20131018.jar</Set>
- <Set name="servletHandler">
- <New class="org.eclipse.jetty.servlet.ServletHandler">
- <Set name="startWithUnavailable">false</Set>
- </New>
- </Set>
- </New>
-
- <Set name="handler">
- <New id="Contexts" class="org.eclipse.jetty.server.handler.ContextHandlerCollection">
- <Set name="Handlers">
- <Array type="org.eclipse.jetty.webapp.WebAppContext">
- <Item>
- <Ref refid="ajscContext" />
- </Item>
- </Array>
- </Set>
- </New>
- </Set>
-
- <Call name="addBean">
- <Arg>
- <New id="DeploymentManager" class="org.eclipse.jetty.deploy.DeploymentManager">
- <Set name="contexts">
- <Ref refid="Contexts" />
- </Set>
- <Call id="extAppHotDeployProvider" name="addAppProvider">
- <Arg>
- <New class="org.eclipse.jetty.deploy.providers.WebAppProvider">
- <Set name="monitoredDirName"><SystemProperty name="AJSC_HOME" />/extApps</Set>
- <Set name="scanInterval">10</Set>
- <Set name="extractWars">true</Set>
- </New>
- </Arg>
- </Call>
- </New>
- </Arg>
- </Call>
-
- <Call name="addConnector">
- <Arg>
- <New class="org.eclipse.jetty.server.ServerConnector">
- <Arg name="server">
- <Ref refid="ajsc-server" />
- </Arg>
- <Set name="port"><SystemProperty name="AJSC_HTTP_PORT" default="8080" /></Set>
- </New>
- </Arg>
- </Call>
-
-
- <!-- SSL Keystore configuration -->
-
- <New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
- <Set name="KeyStorePath">{{.Values.certInitializer.appMountPath}}/local/{{.Values.certInitializer.fqi_namespace}}.jks</Set>
- <Set name="KeyStorePassword">${KEYSTORE_PASSWORD}</Set>
- <Set name="KeyManagerPassword">${KEYSTORE_PASSWORD}</Set>
- <Set name="WantClientAuth">true</Set>
- </New>
- <Call id="sslConnector" name="addConnector">
- <Arg>
- <New class="org.eclipse.jetty.server.ServerConnector">
- <Arg name="server">
- <Ref refid="ajsc-server" />
- </Arg>
- <Arg name="factories">
- <Array type="org.eclipse.jetty.server.ConnectionFactory">
- <Item>
- <New class="org.eclipse.jetty.server.SslConnectionFactory">
- <Arg name="next">http/1.1</Arg>
- <Arg name="sslContextFactory">
- <Ref refid="sslContextFactory" />
- </Arg>
- </New>
- </Item>
- <Item>
- <New class="org.eclipse.jetty.server.HttpConnectionFactory">
- <Arg name="config">
- <New class="org.eclipse.jetty.server.HttpConfiguration">
- <Call name="addCustomizer">
- <Arg>
- <New class="org.eclipse.jetty.server.SecureRequestCustomizer" />
- </Arg>
- </Call>
- </New>
- </Arg>
- </New>
- </Item>
- </Array>
- </Arg>
- <Set name="port"><SystemProperty name="AJSC_HTTPS_PORT" default="0" /></Set>
- <Set name="idleTimeout">30000</Set>
- </New>
- </Arg>
- </Call>
-
-
- <Get name="ThreadPool">
- <Set name="minThreads"><SystemProperty name="AJSC_JETTY_ThreadCount_MIN" /></Set>
- <Set name="maxThreads"><SystemProperty name="AJSC_JETTY_ThreadCount_MAX" /></Set>
- <Set name="idleTimeout"><SystemProperty name="AJSC_JETTY_IDLETIME_MAX" /></Set>
- <Set name="detailedDump">false</Set>
- </Get>
-
-</Configure>
+++ /dev/null
-aaf_locate_url=https://aaf-locate.onap:8095
-aaf_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1
-aaf_env=DEV
-aaf_lur=org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm
-
-cadi_truststore={{ .Values.certInitializer.appMountPath }}/local/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
-cadi_truststore_password=${TRUSTSTORE_PASSWORD}
-
-cadi_keyfile={{ .Values.certInitializer.appMountPath }}/local/{{ .Values.certInitializer.fqi_namespace }}.keyfile
-
-cadi_alias={{ .Values.certInitializer.fqi }}
-cadi_keystore={{ .Values.certInitializer.appMountPath }}/local/{{ .Values.certInitializer.fqi_namespace }}.p12
-cadi_keystore_password=${KEYSTORE_PASSWORD_P12}
-cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US
-
-cadi_loglevel=INFO
-cadi_protocols=TLSv1.1,TLSv1.2
-cadi_latitude=37.78187
-cadi_longitude=-122.26147
+++ /dev/null
-<?xml version="1.0" encoding="ISO-8859-1"?>
-<!--{{/*
- ============LICENSE_START=======================================================
- org.onap.dmaap
- ================================================================================
- Copyright c 2017 AT&T Intellectual Property. All rights reserved.
- Copyright c 2021 Orange Intellectual Property. All rights reserved.
- ================================================================================
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- ============LICENSE_END=========================================================
-
- ECOMP is a trademark and service mark of AT&T Intellectual Property.*/}}
--->
-<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" metadata-complete="false" version="3.0">
-
- <context-param>
- <param-name>contextConfigLocation</param-name>
- <param-value>/WEB-INF/spring-servlet.xml,
- classpath:applicationContext.xml
-</param-value>
- </context-param>
-
- <context-param>
- <param-name>spring.profiles.default</param-name>
- <param-value>nooauth</param-value>
- </context-param>
-
- <listener>
- <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
- </listener>
-
- <servlet>
- <servlet-name>ManagementServlet</servlet-name>
- <servlet-class>ajsc.ManagementServlet</servlet-class>
- </servlet>
-
- <filter>
- <filter-name>WriteableRequestFilter</filter-name>
- <filter-class>com.att.ajsc.csi.writeablerequestfilter.WriteableRequestFilter</filter-class>
- </filter>
-
- <filter>
- <filter-name>InterceptorFilter</filter-name>
- <filter-class>ajsc.filters.InterceptorFilter</filter-class>
- <init-param>
- <param-name>preProcessor_interceptor_config_file</param-name>
- <param-value>/etc/PreProcessorInterceptors.properties</param-value>
- </init-param>
- <init-param>
- <param-name>postProcessor_interceptor_config_file</param-name>
- <param-value>/etc/PostProcessorInterceptors.properties</param-value>
- </init-param>
-
- </filter>
-
- <!-- Content length filter for Msgrtr -->
- <filter>
- <display-name>DMaaPAuthFilter</display-name>
- <filter-name>DMaaPAuthFilter</filter-name>
- <filter-class>org.onap.dmaap.util.DMaaPAuthFilter</filter-class>
- <init-param>
- <param-name>cadi_prop_files</param-name>
- <param-value>{{.Values.certInitializer.appMountPath}}/local/cadi.properties</param-value>
- </init-param>
- </filter>
-
- <!-- End Content length filter for Msgrtr -->
- <servlet>
- <servlet-name>RestletServlet</servlet-name>
- <servlet-class>ajsc.restlet.RestletSpringServlet</servlet-class>
- <init-param>
- <param-name>org.restlet.component</param-name>
- <param-value>restletComponent</param-value>
- </init-param>
- </servlet>
-
- <servlet>
- <servlet-name>CamelServlet</servlet-name>
- <servlet-class>ajsc.servlet.AjscCamelServlet</servlet-class>
- </servlet>
-
-
- <filter>
- <filter-name>springSecurityFilterChain</filter-name>
- <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
- </filter>
-
- <servlet>
- <servlet-name>spring</servlet-name>
- <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
- <load-on-startup>1</load-on-startup>
- </servlet>
-
- <servlet-mapping>
- <servlet-name>spring</servlet-name>
- <url-pattern>/</url-pattern>
- </servlet-mapping>
-
-</web-app>
+++ /dev/null
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright © 2018 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/dmaap/logback.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-etc
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/etc/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-sys-props
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/dmaap/sys-props.properties").AsConfig . | indent 2 }}
----
-{{- if .Values.prometheus.jmx.enabled }}
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-prometheus-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/dmaap/jmx-mrservice-prometheus.yml").AsConfig . | indent 2 }}
----
-{{ end }}
+
{{/*
-# Copyright © 2020 Orange
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
+# Modifications Copyright © 2018 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
*/}}
-{{ include "common.secretFast" . }}
+{{ include "common.ingress" . }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-# Modifications Copyright © 2021-2022 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-secret
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ (.Files.Glob "resources/config/dmaap/mykey").AsSecrets | indent 2 }}
-type: Opaque
----
-{{ include "common.secretFast" . }}
spec:
selector: {{- include "common.selectors" . | nindent 4 }}
serviceName: {{ include "common.servicename" . }}
- replicas: {{ .Values.replicaCount }}
+ replicas: 1
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- initContainers:
- {{ include "common.certInitializer.initContainer" . | indent 6 | trim }}
- {{- if .Values.global.aafEnabled }}
- - name: {{ include "common.name" . }}-update-config
- command:
- - sh
- args:
- - -c
- - |
- export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0);
- cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- - mountPath: /config
- name: jetty
- - mountPath: /config-input
- name: etc
- image: {{ include "repositoryGenerator.image.envsubst" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- {{- end }}
containers:
- {{- if .Values.prometheus.jmx.enabled }}
- - name: prometheus-jmx-exporter
- image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.prometheus.jmx.image }}:{{ .Values.prometheus.jmx.imageTag }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - java
- - -XX:+UnlockExperimentalVMOptions
- - -XX:+UseCGroupMemoryLimitForHeap
- - -XX:MaxRAMFraction=1
- - -XshowSettings:vm
- - -jar
- - jmx_prometheus_httpserver.jar
- - {{ .Values.prometheus.jmx.port | quote }}
- - /etc/jmx-kafka/jmx-mrservice-prometheus.yml
- ports:
- - containerPort: {{ .Values.prometheus.jmx.port }}
- resources:
- volumeMounts:
- - name: jmx-config
- mountPath: /etc/jmx-kafka
- {{- end }}
- - name: srimzi-zk-entrance
- image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.zookeeper.entrance.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /opt/stunnel/stunnel_run.sh
- ports:
- - containerPort: {{ .Values.global.zkTunnelService.internalPort }}
- name: zoo
- protocol: TCP
- env:
- - name: LOG_LEVEL
- value: debug
- - name: STRIMZI_ZOOKEEPER_CONNECT
- value: '{{ include "common.release" . }}-strimzi-zookeeper-client:{{ .Values.global.zkTunnelService.internalPort }}'
- livenessProbe:
- exec:
- command:
- - /opt/stunnel/stunnel_healthcheck.sh
- - '{{ .Values.global.zkTunnelService.internalPort }}'
- failureThreshold: 3
- initialDelaySeconds: 15
- periodSeconds: 10
- successThreshold: 1
- timeoutSeconds: 5
- readinessProbe:
- exec:
- command:
- - /opt/stunnel/stunnel_healthcheck.sh
- - '{{ .Values.global.zkTunnelService.internalPort }}'
- failureThreshold: 3
- initialDelaySeconds: 15
- periodSeconds: 10
- successThreshold: 1
- timeoutSeconds: 5
- volumeMounts:
- - mountPath: /etc/cluster-operator-certs/
- name: cluster-operator-certs
- - mountPath: /etc/cluster-ca-certs/
- name: cluster-ca-certs
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- {{- if .Values.global.aafEnabled }}
- command:
- - sh
- args:
- - -c
- - |
- cp /jetty-config/ajsc-jetty.xml /appl/dmaapMR1/etc/
- cp /jetty-config/cadi.properties {{ .Values.certInitializer.appMountPath }}/local/cadi.properties
- /bin/sh /appl/startup.sh
- {{- end }}
ports: {{ include "common.containerPorts" . | nindent 10 }}
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
failureThreshold: {{ .Values.startup.failureThreshold }}
env:
- name: JAASLOGIN
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "mr-kafka-admin-secret" "key" "sasl.jaas.config") | indent 12 }}
+ valueFrom:
+ secretKeyRef:
+ name: strimzi-kafka-admin
+ key: sasl.jaas.config
- name: SASLMECH
value: scram-sha-512
- name: enableCadi
- value: "{{ .Values.global.aafEnabled }}"
+ value: "true"
- name: useZkTopicStore
value: "false"
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /appl/dmaapMR1/bundleconfig/etc/appprops/MsgRtrApi.properties
- subPath: MsgRtrApi.properties
- name: appprops
- - mountPath: /appl/dmaapMR1/bundleconfig/etc/logback.xml
- subPath: logback.xml
- name: logback
- {{- if .Values.global.aafEnabled }}
- - mountPath: /appl/dmaapMR1/etc/runner-web.xml
- subPath: runner-web.xml
- name: etc
- - mountPath: /appl/dmaapMR1/bundleconfig/etc/sysprops/sys-props.properties
- subPath: sys-props.properties
- name: sys-props
- - mountPath: /jetty-config
- name: jetty
- {{- end }}
- resources: {{ include "common.resources" . | nindent 12 }}
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /appl/dmaapMR1/bundleconfig/etc/appprops/MsgRtrApi.properties
+ subPath: MsgRtrApi.properties
+ name: appprops
+ - mountPath: /appl/dmaapMR1/bundleconfig/etc/logback.xml
+ subPath: logback.xml
+ name: logback
+ resources:
+{{ include "common.resources" . }}
+ - name: {{ .Values.zkTunnelService.name }}
+ image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.zkTunnelService.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /opt/stunnel/stunnel_run.sh
+ ports:
+ - containerPort: {{ .Values.zkTunnelService.internalPort }}
+ name: {{ .Values.zkTunnelService.portName }}
+ protocol: {{ .Values.zkTunnelService.protocol }}
+ env:
+ - name: LOG_LEVEL
+ value: {{ .Values.zkTunnelService.logLevel }}
+ - name: STRIMZI_ZOOKEEPER_CONNECT
+ value: '{{ include "common.release" . }}-strimzi-zookeeper-client:{{ .Values.zkTunnelService.internalPort }}'
+ livenessProbe:
+ exec:
+ command:
+ - /opt/stunnel/stunnel_healthcheck.sh
+ - '{{ .Values.zkTunnelService.internalPort }}'
+ failureThreshold: 3
+ initialDelaySeconds: 15
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 5
+ readinessProbe:
+ exec:
+ command:
+ - /opt/stunnel/stunnel_healthcheck.sh
+ - '{{ .Values.zkTunnelService.internalPort }}'
+ failureThreshold: 3
+ initialDelaySeconds: 15
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 5
+ volumeMounts:
+ - mountPath: /etc/cluster-operator-certs/
+ name: cluster-operator-certs
+ - mountPath: /etc/cluster-ca-certs/
+ name: cluster-ca-certs
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
+ volumes:
- name: localtime
hostPath:
path: /etc/localtime
- name: appprops
configMap:
name: {{ include "common.fullname" . }}-msgrtrapi-prop-configmap
- - name: etc
- configMap:
- name: {{ include "common.fullname" . }}-etc
- name: logback
configMap:
name: {{ include "common.fullname" . }}-logback-xml-configmap
- {{- if .Values.prometheus.jmx.enabled }}
- - name: jmx-config
- configMap:
- name: {{ include "common.fullname" . }}-prometheus-configmap
- {{- end }}
- - name: sys-props
- configMap:
- name: {{ include "common.fullname" . }}-sys-props
- - name: jetty
- emptyDir: {}
- name: cluster-operator-certs
secret:
defaultMode: 288
matchLabels:
app.kubernetes.io/name: {{ include "common.name" . }}
ports:
- - port: {{ .Values.global.zkTunnelService.internalPort }}
- protocol: TCP
+ - port: {{ .Values.zkTunnelService.internalPort }}
+ protocol: {{ .Values.zkTunnelService.protocol }}
policyTypes:
- Ingress
# Global configuration defaults.
#################################################################
global:
- nodePortPrefix: 302
- zkTunnelService:
- type: ClusterIP
- name: zk-tunnel-svc
- portName: tcp-zk-tunnel
- internalPort: 2181
-
-zookeeper:
- entrance:
- image: scholzj/zoo-entrance:latest
-
-#################################################################
-# AAF part
-#################################################################
-certInitializer:
- nameOverride: dmaap-mr-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: dmaap-mr
- fqi: dmaapmr@mr.dmaap.onap.org
- public_fqdn: mr.dmaap.onap.org
- cadi_longitude: "-122.26147"
- cadi_latitude: "37.78187"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- appMountPath: /appl/dmaapMR1/bundleconfig/etc/sysprops
- fqi_namespace: org.onap.dmaap.mr
- aaf_add_config: |
- cd {{ .Values.credsPath }}
- echo "*** change jks password into shell safe one"
- export KEYSTORE_PASSWD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- keytool -storepasswd -new "${KEYSTORE_PASSWD}" \
- -storepass "${cadi_keystore_password_jks}" \
- -keystore {{ .Values.fqi_namespace }}.jks
- echo "*** set key password as same password as jks keystore password"
- keytool -keypasswd -new "${KEYSTORE_PASSWD}" \
- -keystore {{ .Values.fqi_namespace }}.jks \
- -keypass "${cadi_keystore_password_jks}" \
- -storepass "${KEYSTORE_PASSWD}" -alias {{ .Values.fqi }}
- echo "*** store the passwords"
- echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWD}" > mycreds.prop
- echo "KEYSTORE_PASSWORD_P12=${cadi_keystore_password_p12}" >> mycreds.prop
- echo "TRUSTSTORE_PASSWORD=${cadi_truststore_password}" >> mycreds.prop
- echo "*** give ownership of files to the user"
- chown -R 1000 .
+ persistence: {}
#################################################################
# Application configuration defaults.
image: onap/dmaap/dmaap-mr:1.4.3
pullPolicy: Always
-secrets:
- - uid: mr-kafka-admin-secret
- externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
- type: genericKV
- envs:
- - name: sasl.jaas.config
- value: '{{ .Values.config.someConfig }}'
- policy: generate
+#Strimzi zookeeper_tunnel config
+zkTunnelService:
+ type: ClusterIP
+ name: zk-tunnel-svc
+ portName: tcp-zk-tunnel
+ protocol: TCP
+ internalPort: 2181
+ logLevel: debug
+ image: scholzj/zoo-entrance:latest
-# flag to enable debugging - application support required
-debugEnabled: false
+nodeSelector: {}
-# application configuration
-config:
- someConfig: blah
+affinity: {}
-# default number of instances
-replicaCount: 1
+containerPort: &svc_port 3904
-nodeSelector: {}
+service:
+ type: ClusterIP
+ name: message-router
+ ports:
+ - name: api
+ port: *svc_port
+ port_protocol: http
-affinity: {}
+ingress:
+ enabled: false
+ service:
+ - baseaddr: "dmaap-mr-api"
+ name: "message-router"
+ port: *svc_port
+ config:
+ ssl: "redirect"
# probe configuration parameters
liveness:
failureThreshold: 3
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
- port: api
+ port: *svc_port
enabled: true
readiness:
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
- port: api
+ port: *svc_port
startup:
initialDelaySeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 70
- port: api
-
-service:
- type: NodePort
- name: message-router
- both_tls_and_plain: true
- msb:
- - port: 3904
- url: "/"
- version: "v1"
- protocol: "REST"
- visualRange: "1"
- ports:
- - name: api
- port: 3905
- plain_port: 3904
- port_protocol: http
- nodePort: 26
-
-prometheus:
- jmx:
- enabled: false
- image: solsson/kafka-prometheus-jmx-exporter@sha256
- imageTag: 6f82e2b0464f50da8104acd7363fb9b995001ddff77d248379f8788e78946143
- port: 5556
- targetPort: 5555
-
-ingress:
- enabled: false
- service:
- - baseaddr: "dmaap-mr-api"
- name: "message-router"
- port: 3905
- plain_port: 3904
- config:
- ssl: "redirect"
-
+ port: *svc_port
# Resource Limit flavor -By Default using small
flavor: small
+++ /dev/null
-{{/*
-# ============LICENSE_START=======================================================
-# Copyright (C) 2019 The Nordix Foundation. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-*/}}
-
-filebeat.prospectors:
-#it is mandatory, in our case it's log
-- input_type: log
- #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory.
- paths:
- - /var/log/onap/*/*/*/*.log
- - /var/log/onap/*/*/*.log
- - /var/log/onap/*/*.log
- - /opt/app/datartr/logs/*.log
- #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive
- ignore_older: 48h
- # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit
- clean_inactive: 96h
-
-
-# Name of the registry file. If a relative path is used, it is considered relative to the
-# data path. Else full qualified file name.
-#filebeat.registry_file: ${path.data}/registry
-
-
-output.logstash:
- #List of logstash server ip addresses with port number.
- #But, in our case, this will be the loadbalancer IP address.
- #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately.
- hosts: ["{{.Values.global.logstashServiceName}}.{{.Release.Namespace}}:{{.Values.global.logstashPort}}"]
- #If enable will do load balancing among available Logstash, automatically.
- loadbalance: true
-
- #The list of root certificates for server verifications.
- #If certificate_authorities is empty or not set, the trusted
- #certificate authorities of the host system are used.
- #ssl.certificate_authorities: $ssl.certificate_authorities
-
- #The path to the certificate for SSL client authentication. If the certificate is not specified,
- #client authentication is not available.
- #ssl.certificate: $ssl.certificate
-
- #The client certificate key used for client authentication.
- #ssl.key: $ssl.key
-
- #The passphrase used to decrypt an encrypted key stored in the configured key file
- #ssl.key_passphrase: $ssl.key_passphrase
\ No newline at end of file
# Global configuration defaults.
#################################################################
global:
- nodePortPrefix: 302
- nodePortPrefixExt: 304
- clientImage: onap/dmaap/dbc-client:2.0.10
-
-#Global DMaaP app config
- allow_http: false
-
- #Logstash config
- logstashServiceName: log-ls
- logstashPort: 5044
-
- #dmaap-dr-prov server configuration
- dmaapDrProvName: dmaap-dr-prov
- dmaapDrProvExtPort2: 443
- dmaapDrProvExtPort: 80
-
- #AAF global config overrides
- aafEnabled: true
-
- #Strimzi config
- kafkaStrimziAdminUser: strimzi-kafka-admin
-
+ persistence: {}
#Component overrides
message-router:
enabled: true
- config:
- jaasConfExternalSecret: '{{ .Values.global.kafkaStrimziAdminUser }}'
dmaap-bc:
enabled: true
+ usePostgres: true
+ postgres:
+ enabled: true
dmaap-dr-node:
enabled: true
dmaap-dr-prov:
enabled: true
-dmaap-strimzi:
- enabled: true
#Pods Service Account
serviceAccount:
value: {{ .Values.so_authorization }}
{{- end }}
- name: DMAAP_HOST
- value: "{{ if (include "common.needTLS" .) }}https{{ else }}http{{ end }}://message-router.{{ include "common.namespace" . }}:{{ if (include "common.needTLS" .) }}3905{{ else }}3904{{ end }}"
+ value: "http://message-router.{{ include "common.namespace" . }}:3904"
- name: LOGGING_LEVEL_ORG_ONAP_NBI
value: {{ .Values.config.loglevel }}
- name: MSB_ENABLED
"topicSources" : [{
"topic" : "POLICY-PDP-PAP",
"servers" : [ "message-router" ],
- "useHttps" : {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }},
+ "useHttps" : "false",
"fetchTimeout": 15000,
"topicCommInfrastructure" : "dmaap"
}],
"topicSinks" : [{
"topic" : "POLICY-PDP-PAP",
"servers" : [ "message-router" ],
- "useHttps" : {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }},
+ "useHttps" : "false",
"topicCommInfrastructure" : "dmaap"
}]
}
- ${topicServer:message-router}
topicCommInfrastructure: dmaap
fetchTimeout: 15000
- useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
+ useHttps: "false"
topicSinks:
- topic: POLICY-ACRUNTIME-PARTICIPANT
servers:
- ${topicServer:message-router}
topicCommInfrastructure: dmaap
- useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
+ useHttps: "false"
# If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below
# clampAutomationCompositionTopics:
# topicSources:
- ${topicServer:message-router}
topicCommInfrastructure: dmaap
fetchTimeout: 15000
- useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
+ useHttps: "false"
topicSinks:
-
topic: POLICY-ACRUNTIME-PARTICIPANT
servers:
- ${topicServer:message-router}
topicCommInfrastructure: dmaap
- useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
+ useHttps: "false"
# If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below
# clampAutomationCompositionTopics:
- ${topicServer:message-router}
topicCommInfrastructure: dmaap
fetchTimeout: 15000
- useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
+ useHttps: "false"
topicSinks:
-
topic: POLICY-ACRUNTIME-PARTICIPANT
servers:
- ${topicServer:message-router}
topicCommInfrastructure: dmaap
- useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
+ useHttps: "false"
# If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below
# clampAutomationCompositionTopics:
servers:
- ${topicServer:message-router}
topicCommInfrastructure: dmaap
- useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
+ useHttps: "false"
fetchTimeout: 15000
topicSinks:
-
servers:
- ${topicServer:message-router}
topicCommInfrastructure: dmaap
- useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
+ useHttps: "false"
# If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below
# topicParameterGroup:
# Open DMaaP
DMAAP_SERVERS=message-router
-DMAAP_HTTPS={{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
+DMAAP_HTTPS="false"
# AAI
- topic: POLICY-PDP-PAP
servers:
- message-router
- useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+ useHttps: false
fetchTimeout: 15000
topicCommInfrastructure: dmaap
- topic: POLICY-HEARTBEAT
consumerGroup: policy-pap
servers:
- message-router
- useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+ useHttps: false
fetchTimeout: 15000
topicCommInfrastructure: dmaap
topicSinks:
- topic: POLICY-PDP-PAP
servers:
- message-router
- useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+ useHttps: false
topicCommInfrastructure: dmaap
- topic: POLICY-NOTIFICATION
servers:
- message-router
- useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+ useHttps: false
topicCommInfrastructure: dmaap
# If Strimzi Kafka to be used for communication, replace following configuration for topicSources and topicSinks
# servers:
basePath: healthcheck
- clientName: dmaap
hostname: message-router
- port: {{ (eq "true" (include "common.needTLS" .)) | ternary 3905 3904 }}
- useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+ port: 3904
+ useHttps: false
basePath: topics
management:
"topicSources" : [{
"topic" : "POLICY-PDP-PAP",
"servers" : [ "message-router" ],
- "useHttps" : {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }},
+ "useHttps" : "false",
"fetchTimeout" : 15000,
"topicCommInfrastructure" : "dmaap"
}],
"topicSinks" : [{
"topic" : "POLICY-PDP-PAP",
"servers" : [ "message-router" ],
- "useHttps" : {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }},
+ "useHttps" : "false",
"topicCommInfrastructure" : "dmaap"
}]
}
GLOBAL_INJECTED_DCAE_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dcae-healthcheck") }}'
GLOBAL_INJECTED_DCAE_MS_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dcae-ms-healthcheck") }}'
GLOBAL_INJECTED_DCAE_VES_HOST = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dcae-ves-collector") }}'
-GLOBAL_INJECTED_DMAAP_DR_PROV_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dmaap-dr-prov") }}'
-GLOBAL_INJECTED_DMAAP_DR_NODE_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dmaap-dr-node") }}'
GLOBAL_INJECTED_DNS_IP_ADDR = 'N/A'
GLOBAL_INJECTED_DOCKER_VERSION = '1.2-STAGING-latest'
GLOBAL_INJECTED_EXTERNAL_DNS = 'N/A'
GLOBAL_INJECTED_POMBA_ELASTIC_SEARCH_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "pomba-es") }}'
GLOBAL_INJECTED_POMBA_CONTEX_TAGGREGATOR_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "pomba-contextaggregator") }}'
GLOBAL_INJECTED_KEYSTONE = '{{ .Values.openStackKeyStoneUrl }}'
-GLOBAL_INJECTED_MR_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "message-router") }}'
-GLOBAL_INJECTED_BC_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dmaap-bc") }}'
GLOBAL_INJECTED_MUSIC_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "music") }}'
GLOBAL_INJECTED_NBI_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "nbi") }}'
GLOBAL_INJECTED_NETWORK = '{{ .Values.openStackPrivateNetId }}'
# dcae hv-ves info
GLOBAL_DCAE_HVVES_SERVER_NAME = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dcae-hv-ves-collector") }}'
GLOBAL_DCAE_HVVES_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dcae-hv-ves-collector" "port" 6061) }}'
-# data router info - everything is from the private oam network (also called onap private network)
-GLOBAL_DMAAP_DR_PROV_SERVER_PROTOCOL = 'http{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}'
-GLOBAL_DMAAP_DR_PROV_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dmaap-dr-prov" "port" 443) }}'
-GLOBAL_DMAAP_DR_NODE_SERVER_PROTOCOL = 'http{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}'
-GLOBAL_DMAAP_DR_NODE_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dmapp-dr-node" "port" ( ternary 8443 8080 (eq "true" (include "common.needTLS" . )))) }}'
-# dmaap message router info
+
+#DMAAP
+# message router info - everything is from the private oam network (also called onap private network)
+GLOBAL_MR_SERVER_PROTOCOL = "http"
+GLOBAL_MR_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "message-router" "port" 3904) }}'
+GLOBAL_INJECTED_MR_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "message-router") }}'
GLOBAL_DMAAP_MESSAGE_ROUTER_SERVER_NAME = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "message-router") }}'
GLOBAL_DMAAP_MESSAGE_ROUTER_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "message-router" "port" 3904) }}'
-# dmaap kafka info
-GLOBAL_DMAAP_KAFKA_SERVER_NAME = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "message-router-kafka") }}'
-GLOBAL_DMAAP_KAFKA_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "message-router-kafka" "port" 9092) }}'
-GLOBAL_DMAAP_KAFKA_JAAS_USERNAME = '{{ .Values.kafkaJaasUsername }}'
-GLOBAL_DMAAP_KAFKA_JAAS_PASSWORD = '{{ .Values.kafkaJaasPassword }}'
+# bus controller info
+GLOBAL_INJECTED_BC_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dmaap-bc") }}'
+GLOBAL_BC_SERVER_PROTOCOL = 'http'
+GLOBAL_BC_HTTPS_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dmaap-bc" "port" 8080) }}'
+GLOBAL_BC_USERNAME = '{{ .Values.bcUsername }}'
+GLOBAL_BC_PASSWORD = '{{ .Values.bcPassword }}'
+# data router info - everything is from the private oam network (also called onap private network)
+GLOBAL_DMAAP_DR_PROV_SERVER_PROTOCOL = 'http'
+GLOBAL_DMAAP_DR_PROV_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dmaap-dr-prov" "port" 8080) }}'
+GLOBAL_INJECTED_DMAAP_DR_PROV_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dmaap-dr-prov") }}'
+GLOBAL_DMAAP_DR_NODE_SERVER_PROTOCOL = 'http'
+GLOBAL_DMAAP_DR_NODE_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dmapp-dr-node" "port" 8080) }}'
+GLOBAL_INJECTED_DMAAP_DR_NODE_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dmaap-dr-node") }}'
+
# strimzi kafka
GLOBAL_KAFKA_BOOTSTRAP_SERVICE = '{{ include "common.release" . }}-strimzi-kafka-bootstrap:9092'
-GLOBAL_KAFKA_USER = '{{ .Values.strimziKafkaJaasUsername }}'
+GLOBAL_KAFKA_USER = '{{ .Values.strimziKafkaUsername }}'
+
# DROOL server port and credentials
GLOBAL_DROOLS_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "policy-drools-pdp" "port" 9696) }}'
GLOBAL_DROOLS_USERNAME = '{{ .Values.droolsUsername }}'
# microservice bus info - everything is from the private oam network (also called onap private network)
GLOBAL_MSB_SERVER_PROTOCOL = 'http{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}'
GLOBAL_MSB_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "msb-iag" "port" ( ternary 443 80 (eq "true" (include "common.needTLS" . )))) }}'
-# message router info - everything is from the private oam network (also called onap private network)
-GLOBAL_MR_SERVER_PROTOCOL = "http"
-GLOBAL_MR_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "message-router" "port" 3904) }}'
-# bus controller info
-GLOBAL_BC_SERVER_PROTOCOL = 'http{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}'
-GLOBAL_BC_HTTPS_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dmaap-bc" "port" ( ternary 8443 8080 (eq "true" (include "common.needTLS" . )))) }}'
-GLOBAL_BC_USERNAME = '{{ .Values.bcUsername }}'
-GLOBAL_BC_PASSWORD = '{{ .Values.bcPassword }}'
+
# dcae inventory and deployment handler info
GLOBAL_INVENTORY_SERVER_NAME = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "inventory") }}'
GLOBAL_INVENTORY_SERVER_PROTOCOL = "https"
dcae_ves_colector_https:
enabled: false
https: true
+ message_router:
+ enabled: false
+ https: false
+ dmaap_bc:
+ enabled: true
+ https: false
+ hostname: dmaapbc
dmaap_dr_prov:
enabled: true
- https: true
+ https: false
hostname: dmaapdrprov
dmaap_dr_node:
enabled: true
- https: true
+ https: false
hostname: dmaapdrnode
log_es:
enabled: false
enabled: false
pomba_contextaggregator:
enabled: false
- message_router:
- enabled: false
- https: true
- dmaap_bc:
- enabled: true
- https: true
- hostname: dmaapbc
music:
enabled: false
https: true
hostname: blueprintsprocessorhttp
dcae_hv_ves_collector:
enabled: false
- message_router_kafka:
- enabled: false
inventory:
enabled: false
https: true
vidPassword: "Kp8bJ4SXszM0WX"
vidHealthUsername: "Default"
vidHealthPassword: "AppPassword!1"
+
# DMAAP BC
bcUsername: "dmaap-bc@dmaap-bc.onap.org"
bcPassword: "demo123456!"
-# DMAAP KAFKA JAAS
-kafkaJaasUsername: "admin"
-kafkaJaasPassword: "admin_secret"
-
-# STRIMZI KAFKA JAAS
-strimziKafkaJaasUsername: "strimzi-kafka-admin"
+# STRIMZI KAFKA
+strimziKafkaUsername: "strimzi-kafka-admin"
#OOF
oofUsername: "oof@oof.onap.org"