.. This work is licensed under a Creative Commons Attribution 4.0 International License.
.. http://creativecommons.org/licenses/by/4.0
.. Copyright 2018 Amdocs, Bell Canada
+.. _master_index:
OOM Documentation Repository
.. International License.
.. http://creativecommons.org/licenses/by/4.0
.. Copyright 2019 Amdocs, Bell Canada
+.. _oom_cloud_setup_guide:
.. Links
.. _Microsoft Azure: https://wiki.onap.org/display/DW/Cloud+Native+Deployment#CloudNativeDeployment-MicrosoftAzure
+------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
| AAI/MODEL-LOADER | Yes | Yes | No | aai/oom/components/aai-model-loaderresources/config/auth/tomcat_keystore |
+------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | APPC | Yes | No | No | kubernetes/appc/resources/config/certs/org.onap.appc.keyfile |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | APPC | Yes | No | No | kubernetes/appc/resources/config/certs/org.onap.appc.p12 |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
| SDC | Yes | No? | No? | kubernetes/sdc/resources/cert |
+------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
| SO | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
+------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
| SO/VNFM | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
+------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | SO/VNFM | No | Yes? | Yes | kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jks |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
| VID | No | Yes | No | kubernetes/vid/resources/cert |
+------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | OOF/OOF-CMSO | Yes | No | No | kubernetes/oof/charts/oof-cmso/resources/certs |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | OOF/OOF-HAS | Yes | No | No | kubernetes/oof/charts/oof-has/resources/config |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | OOF/OOF-OSDF | Yes | No | No | kubernetes/oof/resources/config |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
.. This work is licensed under a Creative Commons Attribution 4.0 International License.
.. http://creativecommons.org/licenses/by/4.0
.. Copyright 2018 Amdocs, Bell Canada
+.. _oom_project_description:
ONAP Operations Manager Project
###############################
.. Creative Commons Attribution 4.0 International License.
.. http://creativecommons.org/licenses/by/4.0
.. Copyright 2019 Amdocs, Bell Canada
-
+.. _oom_quickstart_guide:
.. _quick-start-label:
OOM Quick Start Guide
.. This work is licensed under a Creative Commons Attribution 4.0 International License.
.. http://creativecommons.org/licenses/by/4.0
.. Copyright 2018 Amdocs, Bell Canada
+.. _oom_user_guide:
.. Links
.. _Curated applications for Kubernetes: https://github.com/kubernetes/charts
.. http://creativecommons.org/licenses/by/4.0
.. Copyright 2017 Bell Canada & Amdocs Intellectual Property. All rights
.. reserved.
+.. _release_notes:
.. Links
.. _release-notes-label:
* Automated rolling upgrades for applications
* In-place schema and data migrations
* Blue-Green deployment environment migration (e.g. Pre-prod to Prod)
- * Upgrades from embedded database instance into shared database instance
+ * Upgrades from embedded database instance into shared database instance
* Release-to-release upgrade support delivered for the following projects
* [`OOM-52 <https://jira.onap.org/browse/OOM-52>`_] - OOM ONAP Configuration Management - Parameterization of docker images
* [`OOM-53 <https://jira.onap.org/browse/OOM-53>`_] - OOM ONAP Configuration Management - Parameterization for Sizing
* [`OOM-63 <https://jira.onap.org/browse/OOM-63>`_] - Kubernetes cluster created by TOSCA description
-* [`OOM-85 <https://jira.onap.org/browse/OOM-85>`_] - Test the code in the “Lab” project environment
+* [`OOM-85 <https://jira.onap.org/browse/OOM-85>`_] - Test the code in the "Lab" project environment
* [`OOM-86 <https://jira.onap.org/browse/OOM-86>`_] - Monitoring the health status of ONAP components
* [`OOM-87 <https://jira.onap.org/browse/OOM-87>`_] - Configure TOSCA description via dashboard
* [`OOM-88 <https://jira.onap.org/browse/OOM-88>`_] - Deploy Holmes on K8S cluster by TOSCA description
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
+ initContainers:
+ - name: fix-permission
+ command:
+ - /bin/sh
+ args:
+ - -c
+ - |
+ chmod -R 775 /opt/app/aaf/status
+ chown -R 1000:1000 /opt/app/aaf/status
+ chmod -R 775 /var/lib/cassandra
+ chown -R 1000:1000 /var/lib/cassandra
+ image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /opt/app/aaf/status
+ name: aaf-status-vol
+ - mountPath: /var/lib/cassandra
+ name: aaf-cass-vol
containers:
- name: {{ include "common.name" . }}
image: {{ .Values.global.repository }}/{{.Values.global.aaf.cass.image}}
value: {{.Values.global.aaf.cass.cluster_name}}
- name: CASSANDRA_DC
value: {{.Values.global.aaf.cass.dc}}
+ - name: CQLSH
+ value: "/opt/cassandra/bin/cqlsh"
- name: HEAP_NEWSIZE
value: {{.Values.global.aaf.cass.heap_new_size}}
- name: MAX_HEAP_SIZE
# Copyright © 2017 Amdocs, Bell Canada
+# Modifications © 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
flavor: small
#################################################################
release: {{ include "common.release" . }}
spec:
initContainers:
+ - name: fix-permission
+ command:
+ - /bin/sh
+ args:
+ - -c
+ - |
+ chmod -R 775 /opt/app/aaf/status
+ chown -R 1000:1000 /opt/app/aaf/status
+ chmod -R 775 /opt/app/osaaf
+ chown -R 1000:1000 /opt/app/osaaf
+ image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /opt/app/aaf/status
+ name: aaf-status-vol
+ - mountPath: /opt/app/osaaf
+ name: aaf-config-vol
- name: {{ include "common.name" . }}-config-container
image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["bash","-c","cd /opt/app/aaf_config && bin/pod_wait.sh config aaf-service remove && bin/agent.sh"]
+ command: ["bash","-c","cd /opt/app/aaf_config && bin/pod_wait.sh config aaf-service aaf-locate remove && bin/agent.sh"]
volumeMounts:
- mountPath: "/opt/app/osaaf"
name: aaf-config-vol
# Copyright © 2017 Amdocs, Bell Canada
+# Modifications © 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
flavor: small
+
#################################################################
# Application configuration defaults.
#################################################################
release: {{ include "common.release" . }}
spec:
initContainers:
+ - name: fix-permission
+ command:
+ - /bin/sh
+ args:
+ - -c
+ - |
+ chmod -R 775 /opt/app/aaf/status
+ chown -R 1000:1000 /opt/app/aaf/status
+ chmod -R 775 /opt/app/osaaf
+ chown -R 1000:1000 /opt/app/osaaf
+ image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /opt/app/osaaf
+ name: aaf-config-vol
+ - mountPath: /opt/app/aaf/status
+ name: aaf-status-vol
- name: {{ include "common.name" . }}-config-container
image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["bash","-c","cd /opt/app/aaf_config && bin/pod_wait.sh config aaf-service remove && bin/agent.sh"]
+ command: ["bash","-c","cd /opt/app/aaf_config && bin/pod_wait.sh config aaf-service aaf-locate remove && bin/agent.sh"]
volumeMounts:
- mountPath: "/opt/app/osaaf"
name: aaf-config-vol
# Copyright © 2017 Amdocs, Bell Canada
+# Modifications © 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
flavor: small
+
#################################################################
# Application configuration defaults.
#################################################################
release: {{ include "common.release" . }}
spec:
initContainers:
+ - name: fix-permission
+ command:
+ - /bin/sh
+ args:
+ - -c
+ - |
+ chmod -R 775 /opt/app/aaf/status
+ chown -R 1000:1000 /opt/app/aaf/status
+ chmod -R 775 /opt/app/osaaf
+ chown -R 1000:1000 /opt/app/osaaf
+ image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /opt/app/osaaf
+ name: aaf-config-vol
+ - mountPath: /opt/app/aaf/status
+ name: aaf-status-vol
- name: {{ include "common.name" . }}-config-container
image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["bash","-c","cd /opt/app/aaf_config && bin/pod_wait.sh config aaf-service remove && bin/agent.sh"]
+ command: ["bash","-c","cd /opt/app/aaf_config && bin/pod_wait.sh config aaf-service aaf-locate remove && bin/agent.sh"]
volumeMounts:
- mountPath: "/opt/app/osaaf"
name: aaf-config-vol
-
# Copyright © 2017 Amdocs, Bell Canada
+# Modifications © 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
flavor: small
#################################################################
# Application configuration defaults.
name: {{ include "common.fullname" . }}
spec:
capacity:
- storage: {{ .Values.persistence.config.size}}
+ storage: {{ .Values.persistence.size}}
accessModes:
- - {{ .Values.persistence.config.accessMode }}
- persistentVolumeReclaimPolicy: {{ .Values.persistence.config.volumeReclaimPolicy }}
+ - {{ .Values.persistence.accessMode }}
+ persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
hostPath:
path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }}
storageClassName: "{{ include "common.fullname" . }}-data"
release: {{ include "common.release" . }}
spec:
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: aaf-hello-vol
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: aaf-hello-vol
{{- if and .Values.persistence.enabled }}
- persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-aaf-hello-pvc
+ persistentVolumeClaim:
+ claimName: {{ include "common.release" . }}-aaf-hello-pvc
{{- else }}
- emptyDir: {}
+ emptyDir: {}
{{- end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
initContainers:
- - name: {{ include "common.name" . }}-config
+ - name: fix-permission
+ command: ["/bin/sh","-c","chmod -R 775 /opt/app/osaaf/local && chown -R 1000:1000 /opt/app/osaaf"]
+ image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: "/opt/app/osaaf/local"
+ name: aaf-hello-vol
+ - name: {{ include "common.name" . }}-config-container
image: {{ .Values.global.repository }}/{{.Values.aaf_init.image}}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command: ["bash","-c","cd /opt/app/aaf_config && bin/agent.sh"]
+# command: ["bash","-c","cd /opt/app/aaf_config && echo Sleeping && sleep 480"]
+# command: ["bash","-c","chown 1000:1000 /opt/app/osaaf && cd /opt/app/aaf_config && sleep 480"]
volumeMounts:
- - mountPath: "/opt/app/osaaf"
+ - mountPath: "/opt/app/osaaf/local"
name: aaf-hello-vol
-# NOTE: Before this, need Liveness Attached to aaf-certman
- command: ["bash","-c","exec /opt/app/aaf_config/bin/agent.sh"]
env:
- name: APP_FQI
value: "{{ .Values.aaf_init.fqi }}"
- name: aaf_locate_url
- value: "https://aaf-locate.{{ .Release.Namespace}}:8095"
+ value: "https://aaf-locate.{{ .Release.Namespace}}:{{.Values.global.aaf.locate.internal_port}}"
- name: aaf_locator_container
value: "oom"
- name: aaf_locator_container_ns
value: "{{ .Release.Namespace }}"
+# This should the APP's FQDN to be put in Locator
+# This MUST match what is entered for AAF Certificate Artifacts
- name: aaf_locator_fqdn
- value: "{{ .Values.aaf_init.fqdn }}"
- - name: aaf_locator_app_ns
- value: "{{ .Values.aaf_init.app_ns }}"
- - name: DEPLOY_FQI
- value: "deployer@people.osaaf.org"
-# Note: We want to put this in Secrets or at LEAST ConfigMaps
- - name: DEPLOY_PASSWORD
- value: "demo123456!"
-# Note: want to put this on Nodes, evenutally
- - name: cadi_longitude
- value: "{{ .Values.aaf_init.cadi_longitude }}"
- - name: cadi_latitude
- value: "{{ .Values.aaf_init.cadi_latitude }}"
+ value: "{{.Values.aaf_init.fqdn}}"
# Hello specific. Clients don't don't need this, unless Registering with AAF Locator
+# This should be the APP's PUBLIC FQDN, if applicable
- name: aaf_locator_public_fqdn
- value: "{{.Values.global.aaf.public_fqdn}}"
+ value: "{{.Values.aaf_init.locator_public_fqdn}}"
+ - name: LATITUDE
+ value: "{{ .Values.aaf_init.cadi_latitude }}"
+ - name: LONGITUDE
+ value: "{{ .Values.aaf_init.cadi_longitude }}"
+# Note: We want to put this in Secrets or at LEAST ConfigMaps
+ - name: "DEPLOY_FQI"
+ value: "deployer@people.osaaf.org"
+# Note: want to put this on Nodes, evenutally
+ - name: "DEPLOY_PASSWORD"
+ value: "demo123456!"
+# CONTAINER Definition
containers:
- name: {{ include "common.name" . }}
command: ["bash","-c","cd /opt/app/aaf && if [ ! -d /opt/app/osaaf/etc ]; then cp -Rf etc logs /opt/app/osaaf; fi && exec bin/hello"]
image: {{ .Values.global.repository }}/{{.Values.service.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- - mountPath: "/opt/app/osaaf"
+ - mountPath: "/opt/app/osaaf/local"
name: aaf-hello-vol
- mountPath: /etc/localtime
name: localtime
# Copyright © 2017 Amdocs, Bell Canada
+# Modifications © 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
flavor: small
+
#################################################################
# Application configuration defaults.
#################################################################
aaf_init:
# You might want this in your own app. For AAF, we store in global
# replicas: 1
- fqdn: "aaf-hello"
- image: onap/aaf/aaf_agent:2.1.15
- app_ns: "org.osaaf.aaf"
+ image: onap/aaf/aaf_agent:2.1.20
fqi: "aaf@aaf.osaaf.org"
+# This MUST match what is put in AAF's "Artifact" for Certificates
fqdn: "aaf-hello"
- public_fqdn: "aaf.osaaf.org"
+# What is put in Locator for External Access
+ locator_public_fqdn: "aaf.osaaf.org"
+ app_ns: "org.osaaf.aaf"
deploy_fqi: "deployer@people.osaaf.org"
cadi_latitude: "38.0"
cadi_longitude: "-72.0"
service:
- image: onap/aaf/aaf_hello:2.1.15
+ image: onap/aaf/aaf_hello:2.1.20
port: "8130"
public_port: "31119"
persistence:
- enabled: true
+ enabled: false
#existingClaim:
# You will want "Reatan" in non-Hello Example.
volumeReclaimPolicy: Delete
release: {{ include "common.release" . }}
spec:
initContainers:
+ - name: fix-permission
+ command:
+ - /bin/sh
+ args:
+ - -c
+ - |
+ chmod -R 775 /opt/app/aaf/status
+ chown -R 1000:1000 /opt/app/aaf/status
+ chmod -R 775 /opt/app/osaaf
+ chown -R 1000:1000 /opt/app/osaaf
+ image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /opt/app/aaf/status
+ name: aaf-status-vol
+ - mountPath: /opt/app/osaaf
+ name: aaf-config-vol
- name: {{ include "common.name" . }}-config-container
image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
# Copyright © 2017 Amdocs, Bell Canada
+# Modifications © 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
flavor: small
#################################################################
# Application configuration defaults.
release: {{ include "common.release" . }}
spec:
initContainers:
+ - name: fix-permission
+ command:
+ - /bin/sh
+ args:
+ - -c
+ - |
+ chmod -R 775 /opt/app/aaf/status
+ chown -R 1000:1000 /opt/app/aaf/status
+ chmod -R 775 /opt/app/osaaf
+ chown -R 1000:1000 /opt/app/osaaf
+ image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /opt/app/aaf/status
+ name: aaf-status-vol
+ - mountPath: /opt/app/osaaf
+ name: aaf-config-vol
- name: {{ include "common.name" . }}-config-container
image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
# Copyright © 2017 Amdocs, Bell Canada
+# Modifications © 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
flavor: small
+
#################################################################
# Application configuration defaults.
#################################################################
release: {{ include "common.release" . }}
spec:
initContainers:
+ - name: fix-permission
+ command:
+ - /bin/sh
+ args:
+ - -c
+ - |
+ chmod -R 775 /opt/app/aaf/status
+ chown -R 1000:1000 /opt/app/aaf/status
+ chmod -R 775 /opt/app/osaaf
+ chown -R 1000:1000 /opt/app/osaaf
+ image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /opt/app/aaf/status
+ name: aaf-status-vol
+ - mountPath: /opt/app/osaaf
+ name: aaf-config-vol
- name: {{ include "common.name" . }}-config-container
image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
# Copyright © 2017 Amdocs, Bell Canada
+# Modifications © 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
flavor: small
+
#################################################################
# Application configuration defaults.
#################################################################
# Copyright 2018 Intel Corporation, Inc
+# Modifications © 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
spec:
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
+{{- if .Values.persistence.enabled }}
+ initContainers:
+ - name: fix-permission
+ command:
+ - /bin/sh
+ args:
+ - -c
+ - |
+ chmod -R 775 /quorumclient/auth
+ chown -R 100:1000 /quorumclient/auth
+ image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /quorumclient/auth
+ name: {{ include "common.fullname" . }}-data
+{{- end }}
containers:
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
name: {{ include "common.name" . }}
# Copyright 2018 Intel Corporation, Inc
+# Modifications © 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# Global configuration defaults.
#################################################################
global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
persistence: {}
#################################################################
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/aaf/smsquorumclient:4.0.0
+image: onap/aaf/smsquorumclient:4.0.2
pullPolicy: Always
# flag to enable debugging - application support required
# Copyright 2018 Intel Corporation, Inc
+# Modifications © 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
+{{- if .Values.persistence.enabled }}
+ initContainers:
+ - name: fix-permission
+ command:
+ - /bin/sh
+ args:
+ - -c
+ - |
+ chmod -R 775 /consul/data
+ chown -R 100:1000 /consul/data
+ image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /consul/data
+ name: {{ include "common.fullname" . }}-data
+{{- end }}
containers:
- image: "{{ include "common.repository" . }}/{{ .Values.image.vault }}"
name: {{ include "common.name" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["vault","server","-config","/vault/config/config.json"]
+ args: ["server"]
ports:
- containerPort: {{ .Values.service.internalPort }}
volumeMounts:
- image: "{{ include "common.repository" . }}/{{ .Values.image.consul }}"
name: {{ include "common.name" . }}-backend
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["consul","agent","-server","-client","0.0.0.0","-bootstrap-expect=1","-config-file","/consul/config/config.json"]
+ args: ["agent","-server","-bind","0.0.0.0","-bootstrap-expect=1","-config-file","/consul/config/config.json"]
ports:
- name: http
containerPort: 8500
# Copyright 2018 Intel Corporation, Inc
+# Modifications © 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# Global configuration defaults.
#################################################################
global:
- nodePortPrefix: 302
persistence: {}
# application image
repository: nexus3.onap.org:10001
image:
- consul: library/consul:1.0.6
- vault: library/vault:0.10.0
+ consul: library/consul:1.7.1
+ vault: library/vault:1.3.3
pullPolicy: Always
# flag to enable debugging - application support required
# Copyright 2018 Intel Corporation, Inc
+# Modifications © 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
release: {{ include "common.release" . }}
spec:
initContainers:
- - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- command:
- - /root/ready.py
- args:
- - --container-name
- - "aaf-sms-vault"
- - --container-name
- - "aaf-sms-vault-backend"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
+ - name: fix-permission
+ command:
+ - /bin/sh
+ args:
+ - -c
+ - |
+ chmod -R 775 /sms/auth
+ chown -R 1000:1000 /sms/auth
+ image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /sms/auth
+ name: {{ include "common.fullname" . }}-auth
+ - name: {{ include "common.name" . }}-readiness
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /root/ready.py
+ args:
+ - --container-name
+ - "aaf-sms-vault"
+ - --container-name
+ - "aaf-sms-vault-backend"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
containers:
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
# Copyright 2018 Intel Corporation, Inc
+# Modifications © 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
persistence: {}
+
flavor: small
#################################################################
# Application configuration defaults.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/aaf/sms:4.0.1
+image: onap/aaf/sms:4.0.2
pullPolicy: Always
# flag to enable debugging - application support required
# Global configuration defaults.
#################################################################
global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- ubuntuInitRepository: oomk8s
- ubuntuInitImage: ubuntu-init:1.0.0
tpm:
enabled: false
# if enabled, nodeselector will use the below
# Copyright © 2017 Amdocs, Bell Canada
+# Modifications © 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#################################################################
global:
nodePortPrefix: 302
+ # Readiness image
readinessRepository: oomk8s
readinessImage: readiness-check:2.0.2
+ # Ubuntu Init image
ubuntuInitRepository: registry.hub.docker.com
ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
+ # Logging image
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+ # BusyBox image
+ busyboxRepository: registry.hub.docker.com
+ busyboxImage: library/busybox:latest
persistence:
enabled: true
# Standard OOM
aaf:
readiness: false
- image: onap/aaf/aaf_core:2.1.15
+ image: onap/aaf/aaf_core:2.1.20
aaf_env: "DEV"
public_fqdn: "aaf.osaaf.org"
aaf_release: "El Alto"
cadi_x509_issuers: "CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US"
config:
- image: onap/aaf/aaf_config:2.1.15
+ image: onap/aaf/aaf_config:2.1.20
cass:
replicas: 1
- image: onap/aaf/aaf_cass:2.1.15
+ image: onap/aaf/aaf_cass:2.1.20
fqdn: "aaf-cass"
cluster_name: "osaaf"
heap_new_size: "512M"
public_port: 31115
hello:
replicas: 0
+# Note: as hello is a sample app, find values in charts/aaf-hello/values.yaml
+
#################################################################
# Application configuration defaults.
mountPath: /dockerdata-nfs
mountSubPath: "cass"
+
resources: {}
-Subproject commit ab137ca81f5d4f9eb3d442f37f8e7ea52d7757f0
+Subproject commit 0c4cd899d53538202c23030ab278984897aede94
# SDN-C's ODL Restconf Connection Details
blueprintsprocessor.restconfEnabled=true
blueprintsprocessor.restclient.sdncodl.type=basic-auth
-blueprintsprocessor.restclient.sdncodl.url=http://sdnc:8282/
+blueprintsprocessor.restclient.sdncodl.url=http://{{ .Values.global.sdncOamService }}:{{ .Values.global.sdncOamPort }}/
blueprintsprocessor.restclient.sdncodl.username=admin
blueprintsprocessor.restclient.sdncodl.password=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
blueprintsprocessor.grpcclient.py-executor.type=tls-auth
# Config Data REST client settings
blueprintsprocessor.restclient.sdnc.type=basic-auth
-blueprintsprocessor.restclient.sdnc.url=http://sdnc:8282
+blueprintsprocessor.restclient.sdnc.url=http://{{ .Values.global.sdncOamService }}:{{ .Values.global.sdncOamPort }}
blueprintsprocessor.restclient.sdnc.username=admin
blueprintsprocessor.restclient.sdnc.password=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
# envsusbt
envsubstImage: dibi/envsubst
+ #This configuration specifies Service and port for SDNC OAM interface
+ sdncOamService: sdnc-oam
+ sdncOamPort: 8282
+
#################################################################
# Secrets metaconfig
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-backend:5.0.2
+image: onap/clamp-backend:5.0.3
pullPolicy: Always
# flag to enable debugging - application support required
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-frontend:5.0.2
+image: onap/clamp-frontend:5.0.3
pullPolicy: Always
# flag to enable debugging - application support required
{{- default $name .Values.service.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
+{{/*
+ Resolve the prefix node port to use. We look at these different values in
+ order of priority (first found, first chosen)
+ - .Values.service.nodePortPrefixOverride: override value for nodePort which
+ will be use locally;
+ - .Values.global.nodePortPrefix : global value for nodePort which will
+ be used for all charts (unless
+ previous one is used);
+ - .Values.global.nodePortPrefixExt : global value for nodePort which will
+ be used for all charts (unless
+ previous one is used) if
+ useNodePortExt is set to true in
+ service or on port;
+ - .Values.service.nodePortPrefix : value used on a pert chart basis if
+ no other version exists.
+
+ The function takes two arguments (inside a dictionary):
+ - .dot : environment (.)
+ - .useNodePortExt : does the port use the "extended" nodeport part or the
+ normal one?
+*/}}
+{{- define "common.nodePortPrefix" -}}
+{{- $dot := default . .dot -}}
+{{- $useNodePortExt := default false .useNodePortExt -}}
+{{- if or $useNodePortExt $dot.Values.service.useNodePortExt -}}
+{{ $dot.Values.service.nodePortPrefixOverride | default $dot.Values.global.nodePortPrefixExt | default $dot.Values.nodePortPrefix }}
+{{- else -}}
+{{ $dot.Values.service.nodePortPrefixOverride | default $dot.Values.global.nodePortPrefix | default $dot.Values.nodePortPrefix }}
+{{- end -}}
+{{- end -}}
+
{{/* Define the metadata of Service
The function takes from one to four arguments (inside a dictionary):
- .dot : environment (.)
name: {{ $port.name }}
{{- end }}
{{- if (eq $serviceType "NodePort") }}
- nodePort: {{ $dot.Values.global.nodePortPrefix | default $dot.Values.nodePortPrefix }}{{ $port.nodePort }}
+ nodePort: {{ include "common.nodePortPrefix" (dict "dot" $dot "portNodePortExt" $port.useNodePortExt) }}{{ $port.nodePort }}
{{- end }}
{{- else }}
- port: {{ default $port.port $port.plain_port }}
# application configuration
config:
# .mariadbRootPasswordExternalSecret: 'some-external-secret'
- mariadbRootPassword: secretpassword
+ # mariadbRootPassword: secretpassword
# .userCredentialsExternalSecret: 'some-external-secret'
userName: my-user
# userPassword: my-password
--- /dev/null
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+make-contrib: make-contrib-awx make-contrib-netbox make-contrib-core
+
+make-contrib-awx:
+ cd components && helm dep up awx && helm lint awx
+
+make-contrib-netbox:
+ cd components && helm dep up netbox && helm lint netbox
+
+make-contrib-core:
+ helm dep up . && helm lint .
+
+clean:
+ @find . -type f -name '*.tgz' -delete
+ @find . -type f -name '*.lock' -delete
dependencies:
- name: common
version: ~6.x-0
- repository: '@local'
\ No newline at end of file
+ repository: '@local'
+ - name: netbox
+ version: ~6.x-0
+ repository: 'file://components/netbox'
+ condition: netbox.enabled
+ - name: awx
+ version: ~6.x-0
+ repository: 'file://components/awx'
+ condition: awx.enabled
"dmaap": {
"username": "notused",
"password": "doesnotmatter",
- "owner": "dcaecm",
- "protocol": "http"
- }
+ "owner": "dcaecm"
+ }
}
\ No newline at end of file
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.12.4
+image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.12.5
default_k8s_location: central
# DCAE component images to be deployed via Cloudify Manager
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.0.2
+image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.0.3
# Resource Limit flavor -By Default using small
flavor: small
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/msb/msb_discovery:1.2.5
+image: onap/msb/msb_discovery:1.2.6
pullPolicy: Always
istioSidecar: true
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/msb/msb_apigateway:1.2.5
+image: onap/msb/msb_apigateway:1.2.6
pullPolicy: Always
istioSidecar: true
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/msb/msb_apigateway:1.2.5
+image: onap/msb/msb_apigateway:1.2.6
pullPolicy: Always
istioSidecar: true
-Dserver.ssl.key-store-password=$cadi_keystore_password_p12 \
-Djavax.net.ssl.trustStoreType=jks\
-Djava.security.egd=file:/dev/./urandom -Dserver.port=8443"
- {{- if eq "DEBUG" .Values.config.loglevel }}
- export JAVA_DEBUG="-Djavax.net.debug=all"
- {{- end }}
- exec java -XX:+UseContainerSupport $JAVA_DEBUG $JAVA_OPTS -jar /opt/onap/app.jar
+ exec java -XX:+UseContainerSupport $JAVA_OPTS -jar /opt/onap/app.jar
{{- end }}
{{ if .Values.liveness.enabled }}
livenessProbe:
value: {{ .Values.so_authorization }}
{{- end }}
- name: DMAAP_HOST
- value: "http://message-router.{{ include "common.namespace" . }}:3904"
+ value: "https://message-router.{{ include "common.namespace" . }}:3905"
- name: LOGGING_LEVEL_ORG_ONAP_NBI
value: {{ .Values.config.loglevel }}
- name: MSB_ENABLED
# application image
repository: nexus3.onap.org:10001
-image: onap/externalapi/nbi:6.0.1
+image: onap/externalapi/nbi:6.0.2
pullPolicy: IfNotPresent
sdc_authorization: Basic YWFpOktwOGJKNFNYc3pNMFdYbGhhazNlSGxjc2UyZ0F3ODR2YW9HR21KdlV5MlU=
aai_authorization: Basic QUFJOkFBSQ==
multicloud:
enabled: false
nbi:
- enabled: false
+ enabled: true
config:
# openstack configuration
openStackRegion: "Yolo"
# to customize the ONAP deployment.
#################################################################
aaf:
- enabled: false
+ enabled: true
aai:
enabled: false
appc:
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+ - name: {{ include "common.name" . }}-chown
+ command: ["/bin/sh", "-c", "chown -Rf 1000:1000 /share/"]
+ image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /share/logs
- name: db-init
image: "{{ include "common.repository" . }}/{{ .Values.dbinit.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
# application image
repository: nexus3.onap.org:10001
-image: onap/optf-cmso-optimizer:2.1.1
+image: onap/optf-cmso-optimizer:2.2.0
pullPolicy: Always
#init container image
dbinit:
- image: onap/optf-cmso-dbinit:2.1.1
+ image: onap/optf-cmso-dbinit:2.2.0
# flag to enable debugging - application support required
debugEnabled: false
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+ - name: {{ include "common.name" . }}-chown
+ command: ["/bin/sh", "-c", "chown -Rf 1000:1000 /share/"]
+ image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /share/logs
- name: db-init
image: "{{ include "common.repository" . }}/{{ .Values.dbinit.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
# application image
repository: nexus3.onap.org:10001
-image: onap/optf-cmso-service:2.1.1
-robotimage: onap/optf-cmso-robot:2.1.1
+image: onap/optf-cmso-service:2.2.0
+robotimage: onap/optf-cmso-robot:2.2.0
pullPolicy: Always
#init container image
dbinit:
- image: onap/optf-cmso-dbinit:2.1.1
+ image: onap/optf-cmso-dbinit:2.2.0
# flag to enable debugging - application support required
debugEnabled: false
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
+ initContainers:
+ - name: {{ include "common.name" . }}-chown
+ command: ["/bin/sh", "-c", "chown -Rf 1000:1000 /share/"]
+ image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /share/logs
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
readinessRepository: oomk8s
readinessImage: readiness-check:2.0.0
authentication: proprietary-auth
-
subChartsOnly:
enabled: true
# application image
repository: nexus3.onap.org:10001
-image: onap/optf-cmso-ticketmgt:2.1.1
+image: onap/optf-cmso-ticketmgt:2.2.0
pullPolicy: Always
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
+ initContainers:
+ - name: {{ include "common.name" . }}-chown
+ command: ["/bin/sh", "-c", "chown -Rf 1000:1000 /share/"]
+ image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /share/logs
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
# application image
repository: nexus3.onap.org:10001
-image: onap/optf-cmso-topology:2.1.1
+image: onap/optf-cmso-topology:2.2.0
pullPolicy: Always
-liD-IR8Y1MHqPDTUqq3AaTtqnWn5jCpfIRBlyi6xY4A0fbQz8ZPlTZPHkshRt0dHdST3R7TIvTyQ
-JpTCeBNBu2df3vBbUzsN0rIpPG9TGjzmE7cRu4V4kfefSqsIj-S7OTAaWaWpwGWJYLLCB2sQALkS
-f68VWdupUEw3g9jqCU1QzjKOnLGvhlp6Qrc1xG4Z5Ar8WERw-C3DqTWUKANoEvjWkvH2rAywzj93
-pmspvd5fQfH1rp1ACNvnPrRb_oYNfwPrNpE7Sb4LvM1muoiKMDF64IDO0TkxhjHZ9wpJgVsnowby
-qmokqf39dMRRk3S1IEpOiBGyLS_885JDj_XJKYRQsjvkTzjpFJ7wE2-HDZEVWCITvtS9-Xorm5TI
-3iU4rjMDew5fkBnjoKuSOS7Lksva4ouZOCiUkDos1jAJ5XMDEQm4BcPHtcW6PpC602-qRcgnNjjP
-wOPdF7hCm27ZTai3lAtNGByR7oBr9r5Uma-soORFvg8drV8Rgh0lax-poFVhoEH7RhKPIzYpSco9
-jnpURzi_epTjAhjjup-erTv2GAIllKsSEHZLbfsFWlNUZTOx58PSB0jBN5m_8HxTyNm0zsm0Cb7U
-KsjPduQ5ZblsfRIJwqpOBXoof7WerKReMZSOdgjZUNueiuEImVH9_SYOdKZhkluSi4yfEtme7CCP
-kZ2JhdiT5km3SeonalhU2MUsx60krxyQ1mnjI4jS9QagUME4mujdvM_L7mtjcPZVSfXUn49whakE
-J-NQV6q2iZgN2IxsT_uCnlZYwnE5i-IbQkQAEu13m6ETsMmf0cwPnKaSwRhb8G48EkJhTL-GP9Z0
--EsIKT7lQt7kfX-mmNoEirTg9gQAaN3uxLmdHvXpeJdlETnnaLYYJJ3h-SL0e_5Yz2SpdsEwZ3Bk
-PtR-QvlYKDhG1nhPOna65ctCzn81PZOUP3lsO6MSTOK6D6Taxfh1TYEBAvzCP0BfFBodw4lSglFP
-I5IfdiJmomTGARa36nC_O5YzH_jBWLQrgd2gxI5H5bB-5zqzu79SGX9o2_LRVY_LVV0BmI3xSYOI
-vziYYC1XyTY6blfdiOM5a5KjraErxSTEFZVFrsx4OQ_dLA0woVtixawrIy1rgfQr49U1oIRe8BgN
-j3eis_UQAbPbmdbEe1qtXnvi6T7trHskzt6K-vTgo5ITJkr-F2Sds_QgNdaFBGuES6X5RwRGlbHT
-Tl_M8Ja_1K-RMNKJRssoRTKstpwnrhk9IcoSwYcLykbDLgeC0mhSMHOOuWv1RGRaZdzObc5YA1eB
-idQmzy5xAHzNxPHHrB-fpjFJRYv_QZY9qZcGvP58d6bHO0upxbj-BBt9zfc7Qt0JLU6EAdYbW5TI
-2v4JImikrx6KvtoK8vcjJMTDAanTVB31J65tat0rq9wYKxUdjBJLzkT3psYs_DRtYQc0i02YTD7t
-dWya0-3p1Yrt0em3XGb8JAh2PA3BsQKmvKAOc054wf_B8n8saxSFw1WQL30vU5c4-Z_p53HfaUYd
-Qg7DZskzgwBRy48sLJNCrn81RtxXfQP1XtPEZs-AAlTUslHoUdoQ1cwrYEgkNT1cjk6sLI_oKSK-
-dDICBnlYLrZRBS3sH8K38WaIh1WRY6vbGVDs1tUectUpng_-Khavd0Crw7D_CE6T7Rnfcn0pnTV-
-HW1PIXejFsONQn-2c3a9HZ-v6Hg4JL6UWm-qgBPC5118ymO0LfmrviAFAC6Wt3WFiNzrvx9Jggus
-lE0qvLVfkQVZXAy-hSPHlYZmtxk5voVsf60qPoDN2-NdpWz62M9PrXd_A03YGxzt0G6J4VXExRES
-xqLeGNGB496AfX_vEub97sR8xcbbUXsyt12uVnygifGyND60coikaKrMktv2OLOLEl8AudLp0ZNA
-oOoYJZqfUnQqaLt0dNmNa5OtzYjf7f6bYX0V8XLTHlFqZ6QzqYGFMPNhDYjqtet6d--Q8t7_5S5C
-RfXP8Wh8CjbEh2_rsr9rvy1nhM_Cptxc0BFXcS5Dt_R4vjd2G4B_LEC4Hy1s_rZThzUVxRCl
\ No newline at end of file
+dX1X5XcwStbiOmKV2k-px6nukVP3Ucg3mB6Rx3IyAyAQOZx8nU-TBK9kOV635VI5559pLF6z7jGR
+BcBfEgQtiO93vGKsSfkiVjorFz5UDqqXvoW6kFz4yQHBYR8cfFIRQ4L6mitfrs6gsM0d7CBqBz29
+I5lyzeSzmaPmJDP92jw--y3cvGRYYNLGvl3U3IIeCFX9IkDY29OZazaQaihAZx2trjLZKEeuzLN1
+6JQGbKEqCCRzZ46TXnH1DKRPxxV2aNzb_3I8402XUmlGBPf0Ucyj2wlBWrSApVVaxKKIEgIjf7vs
+x2fEMD-ye--2MkalDZ6Tm_x75GFKiia7Uc2fBBb4xHGZZEmKTh4php1Gu3v1bVY8hjXXVTpF-WXm
+cm9T4uczm_CgnKE4PtqLnYQg87LI8ONbWIE5jkgu1D4lhWkzO8nMrQlnFT0HlB-CRGu_xRsIWvnc
+bTA8K4iKJMHm7IhRfrBFNRBSq8AH_9LoUfTQ62C-Nt8g6Wu7ox6fO_dus1S9H9ndNzos31IVrn1h
+5QHxuBCUORISWjGoEQSM6spz3pyvbNMgKpkkg2izwXzDwc3RbqOgiSY8WtpKXuWceU-Ltl_npFpO
+O1suykGF6fnuql87ERJ7mcEiNd8L2_GuxTr-0YbbWgCK2IBDyfNc6ayTcjN0huoF72umE0ODQ0aK
+0HUAWAV4W6cWXEj7iOpMx1jkDURbWEdPetlz-LZKv7aN3s65Cl4Nib7ltWrs9ilP5J-KUKTkUPpM
+poBWXVZf4IjNx3H2KFzdLeGSXO3kG46tQDeeloFuY2yk1FWeyS9xLS60H2komdIW6qRVVBzeJHRN
+7dYMK5AhAgOghhe5XBhH1yHVdjLJuOMXPRrXe8dTyNU6fD1rHuvGukwSLW9lXsQkJBENfsIxY-At
+-j6Gm54G_Dz5k7tu7ThpCREVxNoBDMOBC_RemS0P-pqHSEpxEc0OjLQbVSPBQRa3eaRiqLMz_dop
+FGJt56UE73Qn0HWQw16lSdKSDtuSlByEwbQ8fRFN6e2f6DCHwW81kPpfJBcoPgO4RcoazNfbLXGI
+c3q9SSpOy6r33lPT8ZigURWiNqgO2NgWswAhaN1lllbXooQxhmTnokTxi8lbQ45ZMI0n5TKFJVAB
+TtEpi4VESECsda-Rlt2w-SE9QMSSxbdYcoMutupHoj2EuRcEDAW9ghLcfBqBkGapS_Vk-E7VYBqT
+mCzuKx5WdvNj9RFCIHq7U6axpddRd7XGgKhQwyLo075DLlpULcXjHegh2Dv_U-CgwMc7J4NfCNYL
+atLIkKAhxiaHt7nkhSVKsJK89-7_NQd-OubYnUNMREoEBJautCFfyiL5fooEb2Vdu1S-27fAYk3f
+9Zv4j_lwldSGBkNZg8vKGsSLgl9acdXld_zyUI9iGe-cj5eibI7LLpaxRL9UyBJWvElyDdTQvTZL
+DdpWmy3QF9GUGx0AwZixPixXdIHmmu2yOu1kFqNAjHqfVfoyNETlGrQRM5IPQ6RmBhWC3Iv5mSNA
+FZ0J95bvy9_HS718wAhlEiw4B6FGnTR8KZozfOtr2ihh8QybBgvvJrs-68RIB56gWyavbn-aAnXi
+zTI1YYCVzBDVv4XPzqK4itVl5gPb3KCHPUSlrVhkPLXAUix3b4-nu4pk8veAE1CYZCIy_GqPNUOT
+LqLl4-WMHodF7SLNzvPSqgolCC1TjnuO1ysOHlK86W7nZPyrpnideiLbGs6G51cG0pIcDIyWNm6d
+9TXQTiRx87cZxRxEEFz57ftjqy3qhg_sw2ziFWOeItEO6OaOgwfH2OtMToeBWiJepyfG1eB4n7jH
+OsTQLSvCt2gHI1zXyCtYBZKeZI2dxO6cOdh5ljIuS0rABHe1BP2ZkKmJIXoEPFstJlAz4GPaghL4
+8rCndhdyoW7CayzBAAe5balYq63qjqUD_eOIp-pHcEe0Mfbmzu4CDSK8-40Qia6ApskFsRCkzu1V
+Pf1fH6-3rvQZFqt6irr_7HWUFhGRcXw9kBOy8h24nTawv-L6eydW5iX0pwRMz_QfHo_Krm6O
\ No newline at end of file
keystoreFile: "org.onap.oof.jks"
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
- keystorePassword: N{$tSp*U)RQzjqE;)%4z;Pv[
+ keystorePassword: OA7*y0PEGTma?$be2z#0$:L]
truststorePassword:
authentication: aaf-auth
+ busyBoxImage: busybox:1.30
+ busyBoxRepository: docker.io
flavor: small
image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["/bin/bash","-c"]
- args: ["nginx && /usr/local/bin/uwsgi -s /run/conductor/uwsgi.sock --chmod-socket=777 --wsgi-file /etc/nginx/conductor.wsgi --callable application --set port=80 --die-on-term --exit-on-reload --logto /opt/conductor-uwsgi.log --pidfile /run/conductor/conductor-uwsgi.pid --enable-threads --workers 6 --master --vacuum --single-interpreter --socket-timeout 10 --max-worker-lifetime 300 --max-requests 100 --no-defer-accept --logfile-chown --logfile-chmod 664 --protocol=uwsgi --socket 0.0.0.0:80"]
+ args: ["nginx && /usr/local/bin/uwsgi -s /run/conductor/uwsgi.sock --chmod-socket=777 --wsgi-file /etc/nginx/conductor.wsgi --callable application --set port=80 --die-on-term --exit-on-reload --logto /var/log/conductor-uwsgi.log --pidfile /run/conductor/conductor-uwsgi.pid --enable-threads --workers 6 --master --vacuum --single-interpreter --socket-timeout 10 --max-worker-lifetime 300 --max-requests 100 --no-defer-accept --logfile-chown --logfile-chmod 664 --protocol=uwsgi --socket 0.0.0.0:80"]
ports:
- containerPort: {{ .Values.liveness.periodSeconds }}
# disable liveness probe when breakpoints set in debugger
class=handlers.TimedRotatingFileHandler
level=NOTSET
formatter=generic
-args=('application.log','midnight', 1, 10)
+args=('/var/log/application.log','midnight', 1, 10)
[handler_audithand]
class=handlers.TimedRotatingFileHandler
level=INFO
formatter=audit
-args=('audit.log', 'midnight', 1, 10)
+args=('/var/log/audit.log', 'midnight', 1, 10)
[handler_metrichand]
class=handlers.TimedRotatingFileHandler
level=INFO
formatter=metric
-args=('metric.log','midnight', 1, 10)
+args=('/var/log/metric.log','midnight', 1, 10)
[handler_errhand]
class=handlers.TimedRotatingFileHandler
level=ERROR
formatter=error
-args=('error.log','midnight', 1, 10)
+args=('/var/log/error.log','midnight', 1, 10)
[handler_debughand]
class=handlers.TimedRotatingFileHandler
level=DEBUG
formatter=generic
-args=('debug.log','midnight', 1, 10)
+args=('/var/log/debug.log','midnight', 1, 10)
[formatters]
keys=generic,audit,metric,error
release: {{ include "common.release" . }}
spec:
initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1 *.conf`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: JDBC_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ - name: JDBC_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: pe
+ - mountPath: /config
+ name: pe-processed
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
- command:
- /root/ready.py
args:
name: pe-brmsgw
subPath: brmsgw.conf
- mountPath: /tmp/policy-install/config/base.conf
- name: pe
+ name: pe-processed
subPath: base.conf
- mountPath: /tmp/policy-install/do-start.sh
name: pe-scripts
configMap:
name: {{ include "common.fullname" . }}-pe-configmap
defaultMode: 0755
+ - name: pe-processed
+ emptyDir:
+ medium: Memory
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
nodePortPrefix: 302
readinessRepository: oomk8s
readinessImage: readiness-check:2.0.2
+ envsubstImage: dibi/envsubst
#################################################################
# Secrets metaconfig
--- /dev/null
+###
+# ============LICENSE_START=======================================================
+# feature-healthcheck
+# ================================================================================
+# Copyright (C) 2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+###
+
+http.server.services=HEALTHCHECK
+http.server.services.HEALTHCHECK.host=0.0.0.0
+http.server.services.HEALTHCHECK.port=6969
+http.server.services.HEALTHCHECK.restClasses=org.onap.policy.drools.healthcheck.RestHealthCheck
+http.server.services.HEALTHCHECK.managed=false
+http.server.services.HEALTHCHECK.swagger=true
+http.server.services.HEALTHCHECK.userName=${envd:HEALTHCHECK_USER}
+http.server.services.HEALTHCHECK.password=${envd:HEALTHCHECK_PASSWORD}
+http.server.services.HEALTHCHECK.https=true
+http.server.services.HEALTHCHECK.aaf=${envd:AAF:false}
+http.server.services.HEALTHCHECK.serialization.provider=org.onap.policy.common.gson.JacksonHandler,org.onap.policy.common.endpoints.http.server.YamlJacksonHandler
+
+http.client.services=PAP
+
+http.client.services.PAP.host={{ .Values.global.pap.nameOverride }}
+http.client.services.PAP.port=9091
+http.client.services.PAP.contextUriPath=pap/test
+http.client.services.PAP.https=true
+http.client.services.PAP.userName=${envd:PAP_LEGACY_USERNAME}
+http.client.services.PAP.password=${envd:PAP_LEGACY_PASSWORD}
+
+http.client.services.PDP.host={{ .Values.global.pdp.nameOverride }}
+http.client.services.PDP.port=8081
+http.client.services.PDP.contextUriPath=pdp/test
+http.client.services.PDP.https=true
+http.client.services.PDP.userName=${envd:PDP_LEGACY_USERNAME}
+http.client.services.PDP.password=${envd:PDP_LEGACY_PASSWORD}
PAP_USERNAME={{.Values.pap.user}}
PAP_PASSWORD={{.Values.pap.password}}
+PAP_LEGACY_USERNAME={{.Values.papl.user}}
+PAP_LEGACY_PASSWORD={{.Values.papl.password}}
+
PDP_USERNAME={{.Values.pdp.user}}
PDP_PASSWORD={{.Values.pdp.password}}
+PDP_LEGACY_USERNAME={{.Values.pdpl.user}}
+PDP_LEGACY_PASSWORD={{.Values.pdpl.password}}
+
AAI_USERNAME={{.Values.aai.user}}
AAI_PASSWORD={{.Values.aai.password}}
user: healthcheck
password: zb!XztG34
+papl:
+ user: testpap
+ password: alpha123
+
+pdpl:
+ user: testpdp
+ password: alpha123
+
aai:
user: policy@policy.onap.org
password: demo123456!
"implementation": "org.onap.policy.models.provider.impl.DatabasePolicyModelsProviderImpl",
"databaseDriver": "org.mariadb.jdbc.Driver",
"databaseUrl": "jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/{{ .Values.global.mariadb.config.mysqlDatabase }}",
- "databaseUser": "{{ .Values.global.mariadb.config.userName }}",
- "databasePassword": "{{ .Values.global.mariadb.config.userPassword | b64enc }}",
+ "databaseUser": "${SQL_USER}",
+ "databasePassword": "${SQL_PASSWORD_BASE64}",
"persistenceUnit": "PolicyMariaDb"
},
"topicParameterGroup": {
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+
+ - command:
+ - sh
+ args:
+ - -c
+ - "export SQL_PASSWORD_BASE64=`echo -n ${SQL_PASSWORD} | base64`; cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: SQL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ - name: SQL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: papconfig
+ - mountPath: /config
+ name: papconfig-processed
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
name: localtime
readOnly: true
- mountPath: /opt/app/policy/pap/etc/mounted
- name: papconfig
+ name: papconfig-processed
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
configMap:
name: {{ include "common.fullname" . }}-configmap
defaultMode: 0755
+ - name: papconfig-processed
+ emptyDir:
+ medium: Memory
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
#################################################################
global:
persistence: {}
+ envsubstImage: dibi/envsubst
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
+ login: '{{ .Values.db.user }}'
+ password: '{{ .Values.db.password }}'
+ passwordPolicy: required
#################################################################
# Application configuration defaults.
# application configuration
+db:
+ user: policy_user
+ password: policy_user
+
# default number of instances
replicaCount: 1
release: {{ include "common.release" . }}
spec:
initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1 *.conf`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: JDBC_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ - name: JDBC_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: pe
+ - mountPath: /config
+ name: pe-processed
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
- command:
- /root/ready.py
args:
name: localtime
readOnly: true
- mountPath: /tmp/policy-install/config/base.conf
- name: pe
+ name: pe-processed
subPath: base.conf
- mountPath: /tmp/policy-install/config/pdp-tweaks.sh
name: pe-pdp
configMap:
name: {{ include "common.fullname" . }}-pe-configmap
defaultMode: 0755
+ - name: pe-processed
+ emptyDir:
+ medium: Memory
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
"implementation": "org.onap.policy.models.provider.impl.DatabasePolicyModelsProviderImpl",
"databaseDriver": "org.mariadb.jdbc.Driver",
"databaseUrl": "jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/policyadmin",
- "databaseUser": "{{ .Values.global.mariadb.config.userName }}",
- "databasePassword": "{{ .Values.global.mariadb.config.userPassword | b64enc }}",
+ "databaseUser": "${SQL_USER}",
+ "databasePassword": "${SQL_PASSWORD_BASE64}",
"persistenceUnit": "PolicyMariaDb"
},
"preloadPolicyTypes": [
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+
+ - command:
+ - sh
+ args:
+ - -c
+ - "export SQL_PASSWORD_BASE64=`echo -n ${SQL_PASSWORD} | base64`; cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: SQL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
+ - name: SQL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: apiconfig
+ - mountPath: /config
+ name: apiconfig-processed
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
name: localtime
readOnly: true
- mountPath: /opt/app/policy/api/etc/mounted
- name: apiconfig
+ name: apiconfig-processed
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
configMap:
name: {{ include "common.fullname" . }}-configmap
defaultMode: 0755
+ - name: apiconfig-processed
+ emptyDir:
+ medium: Memory
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
global:
nodePortPrefix: 304
persistence: {}
+ envsubstImage: dibi/envsubst
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
+ login: '{{ .Values.db.user }}'
+ password: '{{ .Values.db.password }}'
+ passwordPolicy: required
#################################################################
# Application configuration defaults.
debugEnabled: false
# application configuration
+db:
+ user: policy_user
+ password: policy_user
# default number of instances
replicaCount: 1
JDBC_DRIVER=org.mariadb.jdbc.Driver
JDBC_URL=jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/onap_sdk?connectTimeout=30000&socketTimeout=60000&log=true&sessionVariables=max_statement_time=30
JDBC_LOG_URL=jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/log?connectTimeout=30000&socketTimeout=60000&log=true&sessionVariables=max_statement_time=30
-JDBC_USER={{ .Values.global.mariadb.config.userName }}
-JDBC_PASSWORD={{ .Values.global.mariadb.config.userPassword }}
+
+JDBC_USER=${JDBC_USER}
+JDBC_PASSWORD=${JDBC_PASSWORD}
site_name=site_1
fp_monitor_interval=30
release: {{ include "common.release" . }}
spec:
initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1 *.conf`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: JDBC_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ - name: JDBC_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: pe
+ - mountPath: /config
+ name: pe-processed
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
- command:
- /root/ready.py
args:
name: pe-pap
subPath: console.conf
- mountPath: /tmp/policy-install/config/base.conf
- name: pe
+ name: pe-processed
subPath: base.conf
- mountPath: /tmp/policy-install/do-start.sh
name: pe-scripts
configMap:
name: {{ include "common.fullname" . }}-pe-configmap
defaultMode: 0755
+ - name: pe-processed
+ emptyDir:
+ medium: Memory
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
- /dbcmd-config/db.sh
env:
- name: MYSQL_ROOT_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}-secret
- key: db-root-password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-password" "key" "password") | indent 10 }}
- name: MYSQL_HOST
value: "{{ index .Values "mariadb-galera" "service" "name" }}"
- name: MYSQL_USER
- value: "{{ index .Values "mariadb-galera" "config" "userName" }}"
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- name: MYSQL_PORT
value: "{{ index .Values "mariadb-galera" "service" "internalPort" }}"
restartPolicy: Never
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-secret
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
- db-user-password: {{ index .Values "mariadb-galera" "config" "userPassword" | b64enc | quote }}
- db-root-password: {{ index .Values "mariadb-galera" "config" "mariadbRootPassword" | b64enc | quote }}
+{{ include "common.secretFast" . }}
readinessImage: readiness-check:2.0.2
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ envsubstImage: dibi/envsubst
ubuntuImage: ubuntu:16.04
pdp:
nameOverride: pdp
# '&mariadbConfig' means we "store" the values for later use in the file
# with '*mariadbConfig' pointer.
config: &mariadbConfig
- userName: policy_user
- userPassword: policy_user
- mariadbRootPassword: secret
mysqlDatabase: policyadmin
service: &mariadbService
name: policy-mariadb
portName: mysql-policy
internalPort: 3306
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-root-password
+ name: &dbRootPassSecretName '{{ include "common.release" . }}-policy-db-root-password'
+ type: password
+ externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "mariadbRootPasswordExternalSecret")) .) (hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "config" "mariadbRootPasswordExternalSecret"))}}'
+ password: '{{ (index .Values "mariadb-galera" "config" "mariadbRootPassword") }}'
+ policy: generate
+ - uid: db-secret
+ name: &dbSecretName '{{ include "common.release" . }}-policy-db-secret'
+ type: basicAuth
+ externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "policy-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}'
+ login: '{{ index .Values "mariadb-galera" "config" "userName" }}'
+ password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}'
+ passwordPolicy: generate
+
#################################################################
# Application configuration defaults.
#################################################################
subChartsOnly:
enabled: true
+db: &dbSecretsHook
+ credsExternalSecret: *dbSecretName
+
pap:
nameOverride: pap
+ db: *dbSecretsHook
pdp:
nameOverride: pdp
+ db: *dbSecretsHook
drools:
nameOverride: drools
-brmwgw:
+ db: *dbSecretsHook
+brmsgw:
nameOverride: brmsgw
+ db: *dbSecretsHook
+policy-api:
+ db: *dbSecretsHook
+policy-xacml-pdp:
+ db: *dbSecretsHook
+
nexus:
nameOverride: nexus
mariadb-galera:
# mariadb-galera.config and global.mariadb.config must be equals
- config: *mariadbConfig
+ config:
+ <<: *mariadbConfig
+ userName: policy_user
+ mariadbRootPasswordExternalSecret: *dbRootPassSecretName
+ userCredentialsExternalSecret: *dbSecretName
nameOverride: policy-mariadb
# mariadb-galera.service and global.mariadb.service must be equals
service: *mariadbService
# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright © 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#External system notification URL
external_system_notification_url= https://jira.onap.org/browse/
+#cookie domain
+cookie_domain = onap.org
+
+{{- if .Values.global.aafEnabled }}
# External Access System Basic Auth Credentials & Rest endpoint(These credentials doesn't work as these are place holders for now)
ext_central_access_user_name = aaf_admin@people.osaaf.org
-ext_central_access_password = VTCIC7wfMI0Zy61wkqKQC0bF0EK2YmL2JLl1fQU2YC4=
-ext_central_access_url = https://aaf-service:8100/authz/
+ext_central_access_password = thiswillbereplacedatruntime
+ext_central_access_url = {{ .Values.aafURL }}/authz/
ext_central_access_user_domain = @people.osaaf.org
# External Central Auth system access
remote_centralized_system_access = true
-
-#cookie domain
-cookie_domain = onap.org
+{{- end }}
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-
+
Modifications to this file for use in ONAP are also subject to the Apache-2.0 license.
-->
<!-- Note: A "Server" is not itself a "Container", so you may not
Documentation at /docs/config/server.html
-->
<Server port="8005" shutdown="SHUTDOWN">
- <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
+ <Listener className="org.apache.catalina.startup.VersionLoggerListener" logArgs="false"/>
<!-- Security listener. Documentation at /docs/config/listeners.html
<Listener className="org.apache.catalina.security.SecurityListener" />
-->
-->
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
- redirectPort="8443" />
+ {{ if .Values.global.aafEnabled }}
+ redirectPort="8443"
+ {{ end }}
+ />
<!-- A "Connector" using the shared thread pool-->
<!--
<Connector executor="tomcatThreadPool"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->
-
- <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
+ {{ if .Values.global.aafEnabled }}
+ <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
- keystoreFile="{{.Values.global.keystoreFile}}" keystorePass="{{.Values.global.keypass}}"
+ keystoreFile="{{.Values.aafConfig.credsPath}}/{{.Values.aafConfig.keystoreFile}}"
+ keystorePass="${javax.net.ssl.keyStorePassword}"
clientAuth="false" sslProtocol="TLS" />
-
+ {{ end }}
<!-- Define an AJP 1.3 Connector on port 8009 -->
- <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
+ <Connector port="8009" protocol="AJP/1.3"
+ {{ if .Values.global.aafEnabled }}
+ redirectPort="8443"
+ {{ end }}
+ />
<!-- An Engine represents the entry point (within Catalina) that processes
# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
data:
{{ tpl (.Files.Glob "resources/config/deliveries/properties/ONAPPORTAL/*").AsConfig . | indent 2 }}
{{ tpl (.Files.Glob "resources/server/*").AsConfig . | indent 2 }}
+
+{{ if .Values.global.aafEnabled }}
+{{- if .Values.aafConfig.addconfig -}}
+---
+apiVersion: v1
+kind: ConfigMap
+{{- $suffix := "aaf-add-config" }}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }}
+data:
+ aaf-add-config.sh: |-
+ /opt/app/aaf_config/bin/agent.sh;/opt/app/aaf_config/bin/agent.sh local showpass \
+ {{.Values.aafConfig.fqi}} {{ .Values.aafConfig.fqdn }} > {{ .Values.aafConfig.credsPath }}/mycreds.prop
+{{- end -}}
+{{- end -}}
# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ {{- if .Values.global.aafEnabled }}
+{{ include "common.aaf-config" . | indent 6 }}
+ {{- end }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /start-apache-tomcat.sh
- - -i
- - ""
- - -n
- - ""
- - -b
- - "{{ .Values.global.env.tomcatDir }}"
+ command: ["bash","-c"]
+ {{- if .Values.global.aafEnabled }}
+ args: ["export $(grep '^c' {{ .Values.aafConfig.credsPath }}/mycreds.prop | xargs -0);\
+ export _JAVA_OPTIONS=\"-Djavax.net.ssl.trustStorePassword=$cadi_truststore_password \
+ -Djavax.net.ssl.keyStorePassword=$cadi_keystore_password_p12\";\
+ /start-apache-tomcat.sh -i \"\" -n \"\" -b {{ .Values.global.env.tomcatDir }}"]
env:
- - name: CATALINA_OPTS
+ - name: _CATALINA_OPTS
value: >
- -Djavax.net.ssl.keyStore={{ .Values.global.env.tomcatDir }}/{{ .Values.global.truststoreFile}}
- -Djavax.net.ssl.keyStorePassword={{ .Values.global.trustpass }}
- -Djavax.net.ssl.trustStore={{ .Values.global.env.tomcatDir }}/{{ .Values.global.truststoreFile}}
- -Djavax.net.ssl.trustStorePassword={{ .Values.global.trustpass }}
- - name: javax.net.ssl.keyStore
- value: {{ .Values.global.env.tomcatDir }}/{{ .Values.global.truststoreFile}}
- - name: javax.net.ssl.keyStorePassword
- value: {{ .Values.global.trustpass }}
- - name: javax.net.ssl.trustStore
- value: {{ .Values.global.env.tomcatDir }}/{{ .Values.global.truststoreFile}}
- - name: javax.net.ssl.trustStorePassword
- value: {{ .Values.global.trustpass }}
+ -Djavax.net.ssl.keyStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.keystoreFile }}"
+ -Djavax.net.ssl.trustStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.truststoreFile }}"
+ {{- else }}
+ args: ["/start-apache-tomcat.sh -i "" -n "" -b {{ .Values.global.env.tomcatDir }}"]
+ {{- end }}
ports:
- containerPort: {{ .Values.service.internalPort }}
- containerPort: {{ .Values.service.internalPort2 }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
+ {{- if .Values.global.aafEnabled }}
+{{ include "common.aaf-config-volume-mountpath" . | indent 8 }}
+ {{- end }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
- name: properties-onapportal
mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/web.xml"
subPath: web.xml
- - name: authz-onapportal
- mountPath: "{{ .Values.global.env.tomcatDir }}/{{ .Values.global.keystoreFile}}"
- subPath: {{ .Values.global.keystoreFile}}
- - name: authz-onapportal
- mountPath: "{{ .Values.global.env.tomcatDir }}/{{ .Values.global.truststoreFile}}"
- subPath: {{ .Values.global.truststoreFile}}
- name: var-log-onap
mountPath: /var/log/onap
resources:
-{{ include "common.resources" . | indent 12 }}
+{{ include "common.resources" . }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
- name: var-log-onap
mountPath: /var/log/onap
volumes:
+ {{- if .Values.global.aafEnabled }}
+{{ include "common.aaf-config-volumes" . | indent 8 }}
+ {{- end }}
- name: localtime
hostPath:
path: /etc/localtime
configMap:
name: {{ include "common.fullname" . }}-onapportal
defaultMode: 0755
- - name: authz-onapportal
- secret:
- secretName: {{ include "common.fullname" . }}-authz-onapportal
- name: filebeat-conf
configMap:
name: portal-filebeat
# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright © 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-authz-onapportal
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }}
+{{ include "common.secretFast" . }}
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2018,2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
readinessImage: readiness-check:2.0.0
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ #AAF service
+ aafEnabled: true
+ aafAgentImage: onap/aaf/aaf_agent:2.1.20
#################################################################
# Application configuration defaults.
#################################################################
+
# application image
repository: nexus3.onap.org:10001
-image: onap/portal-app:2.6.0
+image: onap/portal-app:3.2.0
pullPolicy: Always
+#AAF local config
+
+aafURL: https://aaf-service:8100/
+aafConfig:
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: portal
+ fqi: portal@portal.onap.org
+ publicFqdn: portal.onap.org
+ cadi_latitude: "38.0"
+ cadi_longitude: "-72.0"
+ credsPath: /opt/app/osaaf/local
+ app_ns: org.osaaf.aaf
+ permission_user: 1000
+ permission_group: 999
+ addconfig: true
+ secret_uid: &aaf_secret_uid portal-app-aaf-deploy-creds
+ keystoreFile: "org.onap.portal.p12"
+ truststoreFile: "org.onap.portal.trust.jks"
+
+secrets:
+ - uid: *aaf_secret_uid
+ type: basicAuth
+ externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDiabled" .Values.global.aafEnabled }}'
+ login: '{{ .Values.aafConfig.aafDeployFqi }}'
+ password: '{{ .Values.aafConfig.aafDeployPass }}'
+ passwordPolicy: required
+
# default number of instances
replicaCount: 1
# application image
repository: nexus3.onap.org:10001
-image: onap/portal-db:2.6.0
+image: onap/portal-db:3.2.0
pullPolicy: Always
readinessImage: readiness-check:2.0.0
{{ if .Values.global.aafEnabled }}
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
- keystoreFile="{{.Values.persistence.aafCredsPath}}/{{.Values.aafConfig.keystoreFile}}"
+ keystoreFile="{{.Values.aafConfig.credsPath}}/{{.Values.aafConfig.keystoreFile}}"
keystorePass="${javax.net.ssl.keyStorePassword}"
clientAuth="false" sslProtocol="TLS" />
{{ end }}
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2018, 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/deliveries/properties/ONAPPORTALSDK/*").AsConfig . | indent 2 }}
-{{ tpl (.Files.Glob "resources/server/*").AsConfig . | indent 2 }}
\ No newline at end of file
+{{ tpl (.Files.Glob "resources/server/*").AsConfig . | indent 2 }}
+
+{{ if .Values.global.aafEnabled }}
+{{- if .Values.aafConfig.addconfig -}}
+---
+apiVersion: v1
+kind: ConfigMap
+{{- $suffix := "aaf-add-config" }}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }}
+data:
+ aaf-add-config.sh: |-
+ /opt/app/aaf_config/bin/agent.sh;/opt/app/aaf_config/bin/agent.sh local showpass \
+ {{.Values.aafConfig.fqi}} {{ .Values.aafConfig.fqdn }} > {{ .Values.aafConfig.credsPath }}/mycreds.prop
+{{- end -}}
+{{- end -}}
\ No newline at end of file
apiVersion: v1
fieldPath: metadata.namespace
{{- if .Values.global.aafEnabled }}
- - name: {{ include "common.name" . }}-aaf-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /root/ready.py
- args:
- - --container-name
- - aaf-locate
- - --container-name
- - aaf-cm
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- - name: {{ include "common.name" . }}-aaf-config
- image: "{{ include "common.repository" . }}/{{ .Values.global.aafAgentImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["bash","-c"]
- args: ["/opt/app/aaf_config/bin/agent.sh;/opt/app/aaf_config/bin/agent.sh local showpass \
- {{.Values.aafConfig.fqi}} {{ .Values.aafConfig.fqdn }} > {{ .Values.persistence.aafCredsPath }}/mycreds.prop"]
- volumeMounts:
- - mountPath: {{ .Values.persistence.aafCredsPath }}
- name: {{ include "common.fullname" . }}-aaf-config-vol
- env:
- - name: APP_FQI
- value: "{{ .Values.aafConfig.fqi }}"
- - name: aaf_locate_url
- value: "https://aaf-locate.{{ .Release.Namespace }}:8095"
- - name: aaf_locator_container
- value: "{{ .Values.global.aafLocatorContainer }}"
- - name: aaf_locator_container_ns
- value: "{{ .Release.Namespace }}"
- - name: aaf_locator_fqdn
- value: "{{ .Values.aafConfig.fqdn }}"
- - name: aaf_locator_public_fqdn
- value: "{{.Values.aafConfig.publicFqdn}}"
- - name: aaf_locator_app_ns
- value: "{{ .Values.global.aafAppNs }}"
- - name: DEPLOY_FQI
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aaf-deploy-creds" "key" "login") | indent 12 }}
- - name: DEPLOY_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aaf-deploy-creds" "key" "password") | indent 12 }}
- - name: cadi_longitude
- value: "{{ .Values.aafConfig.cadiLongitude }}"
- - name: cadi_latitude
- value: "{{ .Values.aafConfig.cadiLatitude }}"
- {{ end }}
+{{ include "common.aaf-config" . | indent 6 }}
+ {{- end }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["bash","-c"]
{{- if .Values.global.aafEnabled }}
- args: ["export $(grep '^c' {{ .Values.persistence.aafCredsPath }}/mycreds.prop | xargs -0);\
+ args: ["export $(grep '^c' {{ .Values.aafConfig.credsPath }}/mycreds.prop | xargs -0);\
export _JAVA_OPTIONS=\"-Djavax.net.ssl.trustStorePassword=$cadi_truststore_password \
-Djavax.net.ssl.keyStorePassword=$cadi_keystore_password_p12\";\
- cat /dev/null > {{ .Values.persistence.aafCredsPath }}/mycreds.prop;\
/start-apache-tomcat.sh -b {{ .Values.global.env.tomcatDir }}"]
env:
- name: _CATALINA_OPTS
value: >
- -Djavax.net.ssl.keyStore="{{ .Values.persistence.aafCredsPath }}/{{ .Values.aafConfig.keystoreFile }}"
- -Djavax.net.ssl.trustStore="{{ .Values.persistence.aafCredsPath }}/{{ .Values.aafConfig.truststoreFile }}"
+ -Djavax.net.ssl.keyStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.keystoreFile }}"
+ -Djavax.net.ssl.trustStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.truststoreFile }}"
{{- else }}
args: ["/start-apache-tomcat.sh -b {{ .Values.global.env.tomcatDir }}"]
{{- end }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
{{- if .Values.global.aafEnabled }}
- - mountPath: {{ .Values.persistence.aafCredsPath }}
- name: {{ include "common.fullname" . }}-aaf-config-vol
+{{ include "common.aaf-config-volume-mountpath" . | indent 8 }}
{{- end }}
- name: properties-onapportalsdk
mountPath: "{{ .Values.global.env.tomcatDir }}/conf/server.xml"
- name: var-log-onap
mountPath: /var/log/onap
resources:
-{{ include "common.resources" . | indent 12 }}
+{{ include "common.resources" . }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
- name: portal-tomcat-logs
emptyDir: {}
{{- if .Values.global.aafEnabled }}
- - name: {{ include "common.fullname" . }}-aaf-config-vol
- emptyDir:
- medium: Memory
+{{ include "common.aaf-config-volumes" . | indent 8 }}
{{- end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
persistence: {}
- #AAF global config overrides
+ #AAF service
aafEnabled: true
- aafAgentImage: onap/aaf/aaf_agent:2.1.15
- aafAppNs: org.osaaf.aaf
- aafLocatorContainer: oom
+ aafAgentImage: onap/aaf/aaf_agent:2.1.20
+
#################################################################
# Application configuration defaults.
#################################################################
-secrets:
- - uid: aaf-deploy-creds
- type: basicAuth
- externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDiabled" .Values.global.aafEnabled }}'
- login: '{{ .Values.aafConfig.aafDeployFqi }}'
- password: '{{ .Values.aafConfig.aafDeployPass }}'
- passwordPolicy: required
-
-## Persist cert data to a memory volume
-persistence:
- aafCredsPath: /opt/app/osaaf/local
# application image
repository: nexus3.onap.org:10001
-image: onap/portal-sdk:2.6.0
+image: onap/portal-sdk:3.2.0
pullPolicy: Always
-#AAF service
-aafURL: https://aaf-service:8100/
-aafLocateUrl: https://aaf-locate:8095
-
#AAF local config
+aafURL: https://aaf-service:8100/
aafConfig:
aafDeployFqi: deployer@people.osaaf.org
aafDeployPass: demo123456!
fqdn: portal
fqi: portal@portal.onap.org
publicFqdn: portal.onap.org
- cadiLatitude: 0.0
- cadiLongitude: 0.0
+ cadi_latitude: "38.0"
+ cadi_longitude: "-72.0"
+ credsPath: /opt/app/osaaf/local
+ app_ns: org.osaaf.aaf
+ permission_user: 1000
+ permission_group: 999
+ addconfig: true
+ secret_uid: &aaf_secret_uid portal-sdk-aaf-deploy-creds
keystoreFile: "org.onap.portal.p12"
truststoreFile: "org.onap.portal.trust.jks"
+secrets:
+ - uid: *aaf_secret_uid
+ type: basicAuth
+ externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDiabled" .Values.global.aafEnabled }}'
+ login: '{{ .Values.aafConfig.aafDeployFqi }}'
+ password: '{{ .Values.aafConfig.aafDeployPass }}'
+ passwordPolicy: required
+
# flag to enable debugging - application support required
debugEnabled: false
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/portal-wms:2.6.0
+image: onap/portal-wms:3.2.0
pullPolicy: Always
# flag to enable debugging - application support required
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2018, 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
portalFEPort: "30225"
# application's front end hostname. Must be resolvable on the client side environment
portalHostName: "portal.api.simpledemo.onap.org"
- keystoreFile: "keystoreONAPPortal.p12"
- truststoreFile: "truststoreONAPall.jks"
- keypass: ",@{9!OOv%HO@#c+0Z}axu!xV"
- trustpass: "changeit"
-
config:
logstashServiceName: log-ls
logstashPort: 5044
-
portal-mariadb:
nameOverride: portal-db
-
mariadb:
service:
name: portal-db
zookeeper:
service:
name: portal-zookeeper
-
messageRouter:
service:
name: message-router
-
ingress:
enabled: false
\ No newline at end of file
-Subproject commit 7f37c3cd610edd911a8b68e2118212d9ec8149d6
+Subproject commit a995fce78ae63d33a0c48d825001ed7faea3b18f
DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt
sdnc.odl.user=${ODL_USER}
sdnc.odl.password=${ODL_PASSWORD}
-sdnc.odl.url-base=http://sdnc.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations
\ No newline at end of file
+sdnc.odl.url-base=http://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations
\ No newline at end of file
DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt
sdnc.odl.user=${ODL_USER}
sdnc.odl.password=${ODL_PASSWORD}
-sdnc.odl.url-base=http://sdnc.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations
+sdnc.odl.url-base=http://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations
--- /dev/null
+TransportType=HTTPNOAUTH
+Latitude =50.000000
+Longitude =-100.000000
+Version =1.0
+ServiceName=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}
+Environment =TEST
+Partner =
+routeOffer=MR1
+SubContextPath =/
+Protocol =http
+MethodType =GET
+username =UNUSED
+password =UNUSED
+contenttype =application/json
+authKey=UNUSED
+authDate=UNUSED
+host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}
+topic=CM-NOTIFICATION
+group=users
+id=sdnc1
+timeout=15000
+limit=1000
+filter=
+AFT_DME2_EXCHANGE_REQUEST_HANDLERS=com.att.nsa.test.PreferredRouteRequestHandler
+AFT_DME2_EXCHANGE_REPLY_HANDLERS=com.att.nsa.test.PreferredRouteReplyHandler
+AFT_DME2_REQ_TRACE_ON=true
+AFT_ENVIRONMENT=AFTUAT
+AFT_DME2_EP_CONN_TIMEOUT=15000
+AFT_DME2_ROUNDTRIP_TIMEOUT_MS=240000
+AFT_DME2_EP_READ_TIMEOUT_MS=50000
+sessionstickinessrequired=NO
+DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt
+sdnc.odl.user=${ODL_USER}
+sdnc.odl.password=${ODL_PASSWORD}
+sdnc.odl.url-base=https://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations
--- /dev/null
+TransportType=HTTPNOAUTH
+Latitude =50.000000
+Longitude =-100.000000
+Version =1.0
+ServiceName=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}
+Environment =TEST
+Partner =
+routeOffer=MR1
+SubContextPath =/
+Protocol =http
+MethodType =GET
+username =UNUSED
+password =UNUSED
+contenttype =application/json
+authKey=UNUSED
+authDate=UNUSED
+host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}
+topic=A1-P
+group=users
+id=sdnc1
+timeout=15000
+limit=1000
+filter=
+AFT_DME2_EXCHANGE_REQUEST_HANDLERS=com.att.nsa.test.PreferredRouteRequestHandler
+AFT_DME2_EXCHANGE_REPLY_HANDLERS=com.att.nsa.test.PreferredRouteReplyHandler
+AFT_DME2_REQ_TRACE_ON=true
+AFT_ENVIRONMENT=AFTUAT
+AFT_DME2_EP_CONN_TIMEOUT=15000
+AFT_DME2_ROUNDTRIP_TIMEOUT_MS=240000
+AFT_DME2_EP_READ_TIMEOUT_MS=50000
+sessionstickinessrequired=NO
+DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt
+sdnc.odl.user=${ODL_USER}
+sdnc.odl.password=${ODL_PASSWORD}
+sdnc.odl.url-base=https://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations
--- /dev/null
+TransportType=HTTPNOAUTH
+Latitude =50.000000
+Longitude =-100.000000
+Version =1.0
+ServiceName=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}
+Environment =TEST
+Partner =
+routeOffer=MR1
+SubContextPath =/
+Protocol =http
+MethodType =GET
+username =UNUSED
+password =UNUSED
+contenttype =application/json
+authKey=UNUSED
+authDate=UNUSED
+host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}
+topic=SDNR-CL
+group=users
+id=sdnc1
+timeout=15000
+limit=1000
+filter=
+AFT_DME2_EXCHANGE_REQUEST_HANDLERS=com.att.nsa.test.PreferredRouteRequestHandler
+AFT_DME2_EXCHANGE_REPLY_HANDLERS=com.att.nsa.test.PreferredRouteReplyHandler
+AFT_DME2_REQ_TRACE_ON=true
+AFT_ENVIRONMENT=AFTUAT
+AFT_DME2_EP_CONN_TIMEOUT=15000
+AFT_DME2_ROUNDTRIP_TIMEOUT_MS=240000
+AFT_DME2_EP_READ_TIMEOUT_MS=50000
+sessionstickinessrequired=NO
+DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt
+sdnc.odl.user=$(ODL_USER}
+sdnc.odl.password=${ODL_PASSWORD}
+sdnc.odl.url-base=https://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations
DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt
sdnc.odl.user=${ODL_USER}
sdnc.odl.password=${ODL_PASSWORD}
-sdnc.odl.url-base=http://sdnc.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations
\ No newline at end of file
+sdnc.odl.url-base=http://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations
\ No newline at end of file
- mountPath: {{ .Values.config.configDir }}/aai.properties
name: properties
subPath: aai.properties
+ - mountPath: {{ .Values.config.configDir }}/dmaap-consumer-CMNotify.properties
+ name: properties
+ subPath: dmaap-consumer-CMNotify.properties
+ - mountPath: {{ .Values.config.configDir }}/dmaap-consumer-a1Adapter-policy.properties
+ name: properties
+ subPath: dmaap-consumer-a1Adapter-policy.properties
+ - mountPath: {{ .Values.config.configDir }}/dmaap-consumer-oofpcipoc.properties
+ name: properties
+ subPath: dmaap-consumer-oofpcipoc.properties
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdnc-dmaap-listener-image:1.8.0
+image: onap/sdnc-dmaap-listener-image:1.8.1
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdnc-ansible-server-image:1.8.0
+image: onap/sdnc-ansible-server-image:1.8.1
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/admportal-sdnc-image:1.8.0
+image: onap/admportal-sdnc-image:1.8.1
config:
dbFabricDB: mysql
dbFabricUser: admin
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdnc-ueb-listener-image:1.8.0
+image: onap/sdnc-ueb-listener-image:1.8.1
pullPolicy: Always
# flag to enable debugging - application support required
# ============LICENSE_START=======================================================
# SDNC
# ================================================================================
+# Copyright © 2020 Samsung Electronics
# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
if $SDNC_AAF_ENABLED; then
- export SDNC_STORE_DIR=/opt/app/osaaf/local
- export SDNC_CONFIG_DIR=/opt/app/osaaf/local
+ export SDNC_AAF_STORE_DIR=/opt/app/osaaf/local
+ export SDNC_AAF_CONFIG_DIR=/opt/app/osaaf/local
export SDNC_KEYPASS=`cat /opt/app/osaaf/local/.pass`
export SDNC_KEYSTORE=org.onap.sdnc.p12
sed -i '/cadi_prop_files/d' $ODL_HOME/etc/system.properties
- echo "cadi_prop_files=$SDNC_CONFIG_DIR/org.onap.sdnc.props" >> $ODL_HOME/etc/system.properties
+ echo "cadi_prop_files=$SDNC_AAF_CONFIG_DIR/org.onap.sdnc.props" >> $ODL_HOME/etc/system.properties
sed -i '/org.ops4j.pax.web.ssl.keystore/d' $ODL_HOME/etc/custom.properties
sed -i '/org.ops4j.pax.web.ssl.password/d' $ODL_HOME/etc/custom.properties
sed -i '/org.ops4j.pax.web.ssl.keypassword/d' $ODL_HOME/etc/custom.properties
- echo org.ops4j.pax.web.ssl.keystore=$SDNC_STORE_DIR/$SDNC_KEYSTORE >> $ODL_HOME/etc/custom.properties
+ echo org.ops4j.pax.web.ssl.keystore=$SDNC_AAF_STORE_DIR/$SDNC_KEYSTORE >> $ODL_HOME/etc/custom.properties
echo org.ops4j.pax.web.ssl.password=$SDNC_KEYPASS >> $ODL_HOME/etc/custom.properties
echo org.ops4j.pax.web.ssl.keypassword=$SDNC_KEYPASS >> $ODL_HOME/etc/custom.properties
fi
{{/*
+# Copyright © 2020 Samsung Electronics
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
- mountPath: {{ .Values.config.binDir }}/installSdncDb.sh
name: bin
subPath: installSdncDb.sh
+ - mountPath: {{ .Values.config.ccsdkConfigDir }}/aaiclient.properties
+ name: properties
+ subPath: aaiclient.properties
- mountPath: {{ .Values.config.configDir }}/aaiclient.properties
name: properties
subPath: aaiclient.properties
+# Copyright © 2020 Samsung Electronics
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# application images
repository: nexus3.onap.org:10001
pullPolicy: Always
-image: onap/sdnc-image:1.8.0
+image: onap/sdnc-image:1.8.1
# flag to enable debugging - application support required
peerODLCluster: 127.0.0.1
isPrimaryCluster: true
configDir: /opt/onap/sdnc/data/properties
+ ccsdkConfigDir: /opt/onap/ccsdk/data/properties
dmaapTopic: SUCCESS
dmaapPort: 3904
logstashServiceName: log-ls
pollTimeout: 7500
pollInterval: 15
mso:
+ adapters:
+ requestDb:
+ endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.db.auth )}}
auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.encrypted "value2" .Values.mso.auth )}}
logPath: ./logs/openstack
msb-ip: msb-iag.{{ include "common.namespace" . }}
trustStorePassword: {{ .Values.global.client.certs.trustStorePassword }}
keyStorePassword: {{ .Values.global.client.certs.keyStorePassword}}
type: Opaque
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.release" . }}-so-truststore-secret
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }}
etsi-catalog-manager:
vnfpkgm:
{{- if .Values.global.msbEnabled }}
- endpoint: http://msb-iag.{{ include "common.namespace" . }}:80/api/vnfpkgm/v1
+ endpoint: https://msb-iag.{{ include "common.namespace" . }}:443/api/vnfpkgm/v1
+ http:
+ client:
+ ssl:
+ trust-store: ${TRUSTSTORE}
+ trust-store-password: ${TRUSTSTORE_PASSWORD}
{{- else }}
endpoint: http://modeling-etsicatalog.{{ include "common.namespace" . }}:8806/api/vnfpkgm/v1
{{- end }}
-
image: {{ include "common.repository" . }}/{{ .Values.image }}
resources:
{{ include "common.resources" . | indent 12 }}
- {{- if eq .Values.global.security.aaf.enabled true }}
env:
- name: TRUSTSTORE
- value: /app/org.onap.so.trust.jks
+ value: {{ .Values.global.client.certs.truststore }}
- name: TRUSTSTORE_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Release.Name}}-so-client-certs-secret
key: trustStorePassword
+ {{ if eq .Values.global.security.aaf.enabled true }}
- name: KEYSTORE
- value: /app/org.onap.so.jks
+ value: {{ .Values.global.client.certs.keystore }}
- name: KEYSTORE_PASSWORD
valueFrom:
secretKeyRef:
- name: config
mountPath: /app/config
readOnly: true
+ - name: {{ include "common.fullname" . }}-truststore
+ mountPath: /app/client
+ readonly: true
livenessProbe:
tcpSocket:
port: {{ index .Values.livenessProbe.port }}
- name: config
configMap:
name: {{ include "common.fullname" . }}-app-configmap
+ - name: {{ include "common.fullname" . }}-truststore
+ secret:
+ secretName: {{ include "common.release" . }}-so-truststore-secret
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
+aai:
+ endpoint: https://aai.{{ include "common.namespace" . }}:8443
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.aai.auth )}}
server:
port: {{ index .Values.containerPort }}
tomcat:
defaultCloudOwner: onap
cadi:
cadiLoglevel: DEBUG
- cadiKeyFile: /app/org.onap.so.keyfile
- cadiTrustStore: /app/org.onap.so.trust.jks
+ cadiKeyFile: /app/client/org.onap.so.keyfile
+ cadiTrustStore: /app/client/org.onap.so.trust.jks
cadiTruststorePassword: enc:MFpuxKeYK6Eo6QXjDUjtOBbp0FthY7SB4mKSIJm_RWC
cadiLatitude: 38.4329
cadiLongitude: -90.43248
msoKey: 07a7159d3bf51a0e53be7a8f89699be7
client:
certs:
- trustStorePassword: b25hcDRzbw==
+ truststore: /app/client/org.onap.so.trust.jks
+ keystore: /app/client/org.onap.so.jks
+ trustStorePassword: LHN4Iy5DKlcpXXdWZ0pDNmNjRkhJIzpI
keyStorePassword: c280b25hcA==
certificates:
path: /etc/ssl/certs
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/gvnfmdriver:1.3.8
+image: onap/vfc/gvnfmdriver:1.3.9
pullPolicy: Always
#Istio sidecar injection policy
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/nslcm:1.3.8
+image: onap/vfc/nslcm:1.3.9
pullPolicy: Always
#Istio sidecar injection policy
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/vnflcm:1.3.8
+image: onap/vfc/vnflcm:1.3.9
pullPolicy: Always
#Istio sidecar injection policy