passwordPolicy: required
repository: nexus3.onap.org:10001
-image: onap/ccsdk-oran-a1policymanagementservice:1.0.0
+image: onap/ccsdk-oran-a1policymanagementservice:1.1.0
pullPolicy: IfNotPresent
replicaCount: 1
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
spec:
- replicas: {{ .Values.replicaCount }}
template:
metadata:
labels:
{{- if .Values.affinity }}
affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
- resources: {{ include "common.resources" . | nindent 10 }}
volumes:
- name: {{ include "common.fullname" . }}-data
persistentVolumeClaim:
kind: Job
metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- replicas: {{ .Values.replicaCount }}
serviceName:
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
kind: Job
metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- replicas: {{ .Values.replicaCount }}
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- name: common
version: ~6.x-0
repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
\ No newline at end of file
######## Start OpenDistro for Elasticsearch Security Demo Configuration ########
# WARNING: revise all the lines below before you go into production
+{{- if .Values.global.aafEnabled }}
+opendistro_security.ssl.transport.pemcert_filepath: {{ .Values.certInitializer.clamp_pem }}
+opendistro_security.ssl.transport.pemkey_filepath: {{ .Values.certInitializer.clamp_key }}
+opendistro_security.ssl.transport.pemtrustedcas_filepath: {{ .Values.certInitializer.clamp_ca_certs_pem }}
+opendistro_security.ssl.http.pemcert_filepath: {{ .Values.certInitializer.clamp_pem }}
+opendistro_security.ssl.http.pemkey_filepath: {{ .Values.certInitializer.clamp_key }}
+opendistro_security.ssl.http.pemtrustedcas_filepath: {{ .Values.certInitializer.clamp_ca_certs_pem }}
+{{- else }}
opendistro_security.ssl.transport.pemcert_filepath: esnode.pem
opendistro_security.ssl.transport.pemkey_filepath: esnode-key.pem
opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem
-opendistro_security.ssl.transport.enforce_hostname_verification: false
-opendistro_security.ssl.http.enabled: {{.Values.security.ssl.enabled}}
opendistro_security.ssl.http.pemcert_filepath: esnode.pem
opendistro_security.ssl.http.pemkey_filepath: esnode-key.pem
opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem
+{{- end }}
+opendistro_security.ssl.transport.enforce_hostname_verification: false
+opendistro_security.ssl.http.enabled: {{.Values.security.ssl.enabled}}
+
opendistro_security.allow_unsafe_democertificates: true
opendistro_security.allow_default_init_securityindex: true
opendistro_security.authcz.admin_dn:
mountPath: /usr/share/elasticsearch/logs/
- name: {{ include "common.fullname" . }}-data
mountPath: /usr/share/elasticsearch/data/
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- if .Values.global.aafEnabled }}
+ command:
+ - sh
+ args:
+ - -c
+ - |
+ cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_key }} /usr/share/elasticsearch/config/{{ .Values.certInitializer.clamp_key }}
+ cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_pem }} /usr/share/elasticsearch/config/{{ .Values.certInitializer.clamp_pem }}
+ cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }} /usr/share/elasticsearch/config/{{ .Values.certInitializer.clamp_ca_certs_pem }}
+ /usr/local/bin/docker-entrypoint.sh
+ {{- end }}
ports:
- containerPort: {{ .Values.service.internalPort }}
name: {{ include "common.servicename" . }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
env:
- volumeMounts:
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
- volumes:
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
nodePortPrefix: 302
repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ==
persistence: {}
+ centralizedLoggingEnabled: true
+ #AAF service
+ aafEnabled: true
+
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+ permission_user: 1000
+ permission_group: 999
+ addconfig: true
+ keystoreFile: "org.onap.clamp.p12"
+ truststoreFile: "org.onap.clamp.trust.jks"
+ keyFile: "org.onap.clamp.keyfile"
+ truststoreFileONAP: "truststoreONAPall.jks"
+ clamp_key: "org.onap.clamp.crt.key"
+ clamp_pem: "org.onap.clamp.key.pem"
+ clamp_ca_certs_pem: "clamp-ca-certs.pem"
+ nameOverride: clamp-es-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: clamp
+ fqi: clamp@clamp.onap.org
+ public_fqdn: clamp.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop;
+ export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0);
+ cd {{ .Values.credsPath }};
+ openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }};
+ openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }};
+ openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }};
+ chmod a+rx *;
+
flavor: small
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-dashboard-elasticsearch:5.0.3
+image: onap/clamp-dashboard-elasticsearch:5.0.4
pullPolicy: Always
# flag to enable debugging - application support required
- name: common
version: ~6.x-0
repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
\ No newline at end of file
server.port: {{.Values.service.externalPort}}
server.ssl.enabled: {{.Values.config.sslEnabled}}
+{{- if .Values.global.aafEnabled }}
+server.ssl.certificate: {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_pem }}
+server.ssl.key: {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_key }}
+{{ else }}
server.ssl.certificate: {{.Values.config.sslPemCertFilePath}}
server.ssl.key: {{.Values.config.sslPemkeyFilePath}}
-
+{{- end }}
# The URL of the Elasticsearch instance to use for all your queries.
elasticsearch.hosts: ${elasticsearch_base_url}
image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
env:
- name: elasticsearch_base_url
value: "{{ternary "https" "http" .Values.security.ssl.enabled}}://{{.Values.config.elasticsearchServiceName}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.config.elasticsearchPort}}"
- volumeMounts:
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
- volumes:
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ==
readinessImage: onap/oom/readiness:3.0.1
persistence: {}
+ centralizedLoggingEnabled: true
+ #AAF service
+ aafEnabled: true
+
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+ permission_user: 1000
+ permission_group: 999
+ addconfig: true
+ keystoreFile: "org.onap.clamp.p12"
+ truststoreFile: "org.onap.clamp.trust.jks"
+ keyFile: "org.onap.clamp.keyfile"
+ truststoreFileONAP: "truststoreONAPall.jks"
+ clamp_key: "org.onap.clamp.crt.key"
+ clamp_pem: "org.onap.clamp.key.pem"
+ clamp_ca_certs_pem: "clamp-ca-certs.pem"
+ nameOverride: clamp-kibana-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: clamp
+ fqi: clamp@clamp.onap.org
+ public_fqdn: clamp.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop;
+ export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0);
+ cd {{ .Values.credsPath }};
+ openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }};
+ openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }};
+ openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }};
+ chmod a+rx *;
+
flavor: small
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-dashboard-kibana:5.0.3
+image: onap/clamp-dashboard-kibana:5.0.4
pullPolicy: Always
# flag to enable debugging - application support required
- name: common
version: ~6.x-0
repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
\ No newline at end of file
request_timeout => 30
schedule => { "every" => "1m" }
codec => "plain"
+{{- if .Values.global.aafEnabled }}
+ cacert => "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }}"
+{{- else }}
cacert => "/certs.d/aafca.pem"
+{{- end }}
}
}
if "error" in [tags] {
elasticsearch {
+ ilm_enabled => false
codec => "json"
+{{- if .Values.global.aafEnabled }}
+ cacert => "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }}"
+{{- else }}
cacert => "/clamp-cert/ca-certs.pem"
+{{- end }}
ssl_certificate_verification => false
hosts => ["${elasticsearch_base_url}"]
user => ["${logstash_user}"]
} else if "event-cl-aggs" in [tags] {
elasticsearch {
+ ilm_enabled => false
codec => "json"
hosts => ["${elasticsearch_base_url}"]
+{{- if .Values.global.aafEnabled }}
+ cacert => "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }}"
+{{- else }}
cacert => "/clamp-cert/ca-certs.pem"
+{{- end }}
ssl_certificate_verification => false
user => ["${logstash_user}"]
password => ["${logstash_pwd}"]
} else {
elasticsearch {
+ ilm_enabled => false
codec => "json"
hosts => ["${elasticsearch_base_url}"]
+{{- if .Values.global.aafEnabled }}
+ cacert => "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }}"
+{{- else }}
cacert => "/clamp-cert/ca-certs.pem"
+{{- end }}
ssl_certificate_verification => false
user => ["${logstash_user}"]
password => ["${logstash_pwd}"]
image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
periodSeconds: {{ .Values.liveness.periodSeconds }}
timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
{{ end -}}
- volumeMounts:
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
- volumes:
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ==
readinessImage: onap/oom/readiness:3.0.1
persistence: {}
+ centralizedLoggingEnabled: true
+ #AAF service
+ aafEnabled: true
+
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+ permission_user: 1000
+ permission_group: 999
+ addconfig: true
+ keystoreFile: "org.onap.clamp.p12"
+ truststoreFile: "org.onap.clamp.trust.jks"
+ keyFile: "org.onap.clamp.keyfile"
+ truststoreFileONAP: "truststoreONAPall.jks"
+ clamp_key: "org.onap.clamp.crt.key"
+ clamp_pem: "org.onap.clamp.key.pem"
+ clamp_ca_certs_pem: "clamp-ca-certs.pem"
+ nameOverride: clamp-logstash-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: clamp
+ fqi: clamp@clamp.onap.org
+ public_fqdn: clamp.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop;
+ export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0);
+ cd {{ .Values.credsPath }};
+ openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }};
+ openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }};
+ openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }};
+ chmod a+rx *;
+
flavor: small
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-dashboard-logstash:5.0.3
+image: onap/clamp-dashboard-logstash:5.0.4
pullPolicy: Always
# flag to enable debugging - application support required
global:
platform:
certServiceClient:
- image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.0.0
+ image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.0
+ secretName: oom-cert-service-client-tls-secret
envVariables:
# Certificate related
cmpv2Organization: "Linux-Foundation"
requestTimeout: "30000"
keystorePassword: "secret"
truststorePassword: "secret"
+ certPostProcessor:
+ image: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.1.0
+
- name: http-transport
port: 9300
-image: bitnami/elasticsearch:6.8.6-debian-9-r23
+image: bitnami/elasticsearch:7.6.1
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
## master acts as master only node, choose 'no' if no further data nodes are deployed)
dedicatednode: "yes"
## dedicatednode: "no"
-image: bitnami/elasticsearch:6.8.6-debian-9-r23
+image: bitnami/elasticsearch:7.6.1
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
enabled: true
# application image
-image: bitnami/elasticsearch:6.8.6-debian-9-r23
+image: bitnami/elasticsearch:7.6.1
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
"state": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.cmpv2State }}",
"organizational_unit": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.cmpv2OrganizationalUnit }}",
"location": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.cmpv2Location }}",
+ "cert_secret_name": "{{ .Values.cmpv2Config.global.platform.certServiceClient.secretName }}",
"keystore_password": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.keystorePassword }}",
"truststore_password": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.truststorePassword }}"
+ },
+ "truststore_merger":
+ {
+ "image_tag": "{{ .Values.global.tlsRepository }}/{{ .Values.cmpv2Config.global.platform.certPostProcessor.image }}"
}
}
-
#============LICENSE_START========================================================
# ================================================================================
-# Copyright (c) 2017-2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2017-2020 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2018 Amdocs, Bell Canada
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
- name: CMADDR
value: {{ .Values.config.address.cm.host }}
- name: CMPASS
- valueFrom:
- secretKeyRef:
- name: {{ include "common.name" . }}-cmpass
- key: password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cm-pass" "key" "password") | indent 14}}
- name: CMPROTO
value: {{ .Values.config.address.cm.proto }}
- name: CMPORT
#============LICENSE_START========================================================
# ================================================================================
-# Copyright (c) 2017-2018 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2017-2020 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2018 Amdocs, Bell Canada
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# limitations under the License.
# ============LICENSE_END=========================================================
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.name" . }}-cmpass
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
- password: YWRtaW4=
----
{{ include "common.secretFast" . }}
externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "dcae-bootstrap-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}'
password: '{{ .Values.postgres.config.pgRootpassword }}'
policy: generate
+ - uid: 'cm-pass'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}'
+ password: '{{ .Values.config.cloudifyManagerPassword }}'
config:
logstashServiceName: log-ls
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:2.0.4
+image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:2.1.4
default_k8s_location: central
# DCAE component images to be deployed via Cloudify Manager
holmes_rules: onap/holmes/rule-management:1.2.7
holmes_engine: onap/holmes/engine-management:1.2.6
tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.2.0
- ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.7.3
+ ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.7.5
snmptrap: onap/org.onap.dcaegen2.collectors.snmptrap:1.4.0
- prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.2
- hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.4.0
+ prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.4
+ hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.5.0
# Resource Limit flavor -By Default using small
flavor: small
#============LICENSE_START========================================================
# ================================================================================
-# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2018 Amdocs, Bell Canada
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
name: cm-persistent
- mountPath: /opt/onap/certs
name: tls-info
+ - mountPath: /opt/onap/cm-secrets
+ name: cm-secrets
+ readOnly: true
securityContext:
privileged: True
volumes:
{{- end }}
- emptyDir: {}
name: tls-info
+ - name: cm-secrets
+ secret:
+ secretName: {{ include "common.secret.getSecretNameFast" (dict "global" . "uid" "cm-pass") }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
annotations:
kubernetes.io/service-account.name: default
type: kubernetes.io/service-account-token
+---
+{{ include "common.secretFast" . }}
#============LICENSE_START========================================================
# ================================================================================
-# Copyright (c) 2018-2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2018 Amdocs, Bell Canada
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
user: docker
password: docker
+secrets:
+ - uid: 'cm-pass'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}'
+ password: '{{ .Values.config.cloudifyManagerPassword }}'
+ policy: required
+
config:
+ cloudifyManagerPassword: "override me"
logstashServiceName: log-ls
logstashPort: 5044
# Addresses of other ONAP entities
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.cm-container:3.1.0
+image: onap/org.onap.dcaegen2.deployments.cm-container:3.3.1
pullPolicy: Always
# name of shared ConfigMap with kubeconfig for multiple clusters
port: {{ .Values.service.secure.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
+ {{ end }}
readinessProbe:
httpGet:
scheme: "HTTPS"
port: {{ .Values.service.insecure.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
+ {{ end }}
readinessProbe:
httpGet:
scheme: "HTTP"
#============LICENSE_START========================================================
# ================================================================================
-# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- name: postgres_port
value: "{{ .Values.postgres.config.pgPort }}"
- name: cloudify_password
- value: admin
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cm-pass" "key" "password") | indent 14 }}
- name: dhandler_url
value: {{ .Values.config.dhandler_url }}
- name: cfy_url
{{/*
# Copyright © 2020 Samsung Electronics
-# #
-# # Licensed under the Apache License, Version 2.0 (the "License");
-# # you may not use this file except in compliance with the License.
-# # You may obtain a copy of the License at
-# #
-# # http://www.apache.org/licenses/LICENSE-2.0
-# #
-# # Unless required by applicable law or agreed to in writing, software
-# # distributed under the License is distributed on an "AS IS" BASIS,
-# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# # See the License for the specific language governing permissions and
-# # limitations under the License.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
*/}}
+
{{ include "common.secretFast" . }}
login: '{{ .Values.postgres.config.pgUserName }}'
password: '{{ .Values.postgres.config.pgUserPassword }}'
passwordPolicy: generate
+ - uid: 'cm-pass'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}'
+ password: '{{ .Values.config.cloudifyManagerPassword }}'
+ policy: required
config:
+ cloudifyManagerPassword: "override me"
logstashServiceName: log-ls
logstashPort: 5044
dhandler_url: https://deployment-handler:8443
#============LICENSE_START========================================================
# ================================================================================
-# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2020 Nokia
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
- name: CLOUDIFY_USER
value: admin
- name: CLOUDIFY_PASSWORD
- value: admin
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cm-pass" "key" "password") | indent 14 }}
- name: CONFIG_BINDING_SERVICE
value: config-binding-service
- name: NODE_EXTRA_CA_CERTS
--- /dev/null
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
user: docker
password: docker
+secrets:
+ - uid: 'cm-pass'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}'
+ password: '{{ .Values.config.cloudifyManagerPassword }}'
+ policy: required
+
config:
+ cloudifyManagerPassword: "override me"
logstashServiceName: log-ls
logstashPort: 5044
# Addresses of other ONAP entities
#============LICENSE_START========================================================
# ================================================================================
-# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- name: CLOUDIFY_USER
value: admin
- name: CLOUDIFY_PASSWORD
- value: admin
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cm-pass" "key" "password") | indent 14 }}
- name: CONFIG_BINDING_SERVICE
value: config-binding-service
- name: POD_IP
--- /dev/null
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
user: docker
password: docker
+secrets:
+ - uid: 'cm-pass'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}'
+ password: '{{ .Values.config.cloudifyManagerPassword }}'
+ policy: required
+
config:
+ cloudifyManagerPassword: "override me"
logstashServiceName: log-ls
logstashPort: 5044
# Addresses of other ONAP entities
--- /dev/null
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
# Copyright © 2018 Amdocs, Bell Canada
# Modifications Copyright © 2018-2019 AT&T
+# Modifications Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
busyboxRepository: docker.io
busyboxImage: library/busybox:1.30
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+- name: &cmPassSecretName '{{ include "common.release" . }}-dcaegen2-cm-pass'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}'
+ password: '{{ .Values.config.cloudifyManagerPassword }}'
+
+config: {}
+
+# To work around DCAEGEN2-2450, set password strength to "basic"
+# to ensure password contains only alphanumerics
+passwordStrengthOverride: basic
+
# Enable all DCAE components by default
dcae-bootstrap:
enabled: true
+ config:
+ cloudifyManagerPasswordExternalSecret: *cmPassSecretName
dcae-cloudify-manager:
enabled: true
+ config:
+ cloudifyManagerPasswordExternalSecret: *cmPassSecretName
dcae-config-binding-service:
enabled: true
dcae-dashboard:
enabled: true
+ config:
+ cloudifyManagerPasswordExternalSecret: *cmPassSecretName
dcae-deployment-handler:
enabled: true
+ config:
+ cloudifyManagerPasswordExternalSecret: *cmPassSecretName
dcae-healthcheck:
enabled: true
dcae-inventory-api:
enabled: true
dcae-policy-handler:
enabled: true
+ config:
+ cloudifyManagerPasswordExternalSecret: *cmPassSecretName
dcae-servicechange-handler:
enabled: true
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.0.6
+image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.1.0
# Resource Limit flavor -By Default using small
flavor: small
# Application configuration defaults.
#################################################################
# application image
-image: onap/dmaap/datarouter-node:2.1.6
+image: onap/dmaap/datarouter-node:2.1.7
pullPolicy: Always
# flag to enable debugging - application support required
# Application configuration defaults.
#################################################################
# application image
-image: onap/dmaap/datarouter-prov:2.1.6
+image: onap/dmaap/datarouter-prov:2.1.7
pullPolicy: Always
# flag to enable debugging - application support required
-# Copyright (c) 2020 Samsung Electronics
+{{/*# Copyright (c) 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.secretFast" . }}
cmpv2Enabled: true
platform:
certServiceClient:
- image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.0.0
+ image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.0
secret:
name: oom-cert-service-client-tls-secret
mountPath: /etc/onap/oom/certservice/certs/
image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["/bin/bash","-c"]
- args: ["/usr/local/bin/uwsgi -s /run/conductor/uwsgi.sock --chmod-socket=777 --wsgi-file /etc/nginx/conductor.wsgi --callable application --set port={{ .Values.uwsgi.internalPort }} --die-on-term --exit-on-reload --logto /var/log/conductor/conductor-uwsgi.log --pidfile /run/conductor/conductor-uwsgi.pid --enable-threads --workers 6 --master --vacuum --single-interpreter --socket-timeout 10 --max-worker-lifetime 300 --max-requests 100 --no-defer-accept --logfile-chown --logfile-chmod 664 --protocol=uwsgi --socket 0.0.0.0:{{ .Values.uwsgi.internalPort }}"]
+ args: ["/usr/local/bin/uwsgi -s /run/conductor/uwsgi.sock --chmod-socket=777 --wsgi-file /etc/nginx/conductor.wsgi --callable application --set port={{ .Values.uwsgi.internalPort }} --die-on-term --exit-on-reload --pidfile /run/conductor/conductor-uwsgi.pid --enable-threads --workers 6 --master --vacuum --single-interpreter --socket-timeout 10 --max-worker-lifetime 300 --max-requests 100 --no-defer-accept --protocol=uwsgi --socket 0.0.0.0:{{ .Values.uwsgi.internalPort }}"]
ports:
- containerPort: {{ .Values.uwsgi.internalPort }}
# disable liveness probe when breakpoints set in debugger
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T,VMware
+# Modifications Copyright (C) 2020 Wipro Limited.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
[handler_consoleHandler]
class=StreamHandler
-level=NOTSET
+level=INFO
formatter=generic
args=(sys.stdout,)
--- /dev/null
+version: 1
+disable_existing_loggers: True
+
+loggers:
+ error:
+ handlers: [error_handler, console_handler]
+ level: "WARN"
+ propagate: True
+ debug:
+ handlers: [debug_handler, console_handler]
+ level: "DEBUG"
+ propagate: True
+ metrics:
+ handlers: [metrics_handler, console_handler]
+ level: "INFO"
+ propagate: True
+ audit:
+ handlers: [audit_handler, console_handler]
+ level: "INFO"
+ propagate: True
+handlers:
+ debug_handler:
+ level: "DEBUG"
+ class: "logging.handlers.TimedRotatingFileHandler"
+ filename: "logs/debug.log"
+ formatter: "debugFormat"
+ when: midnight
+ interval: 1
+ utc: True
+ delay: False
+ backupCount: 10
+ error_handler:
+ level: "WARN"
+ class: "logging.handlers.TimedRotatingFileHandler"
+ filename: "logs/error.log"
+ formatter: "errorFormat"
+ when: midnight
+ interval: 1
+ utc: True
+ delay: False
+ backupCount: 10
+ metrics_handler:
+ level: "INFO"
+ class: "logging.handlers.TimedRotatingFileHandler"
+ filename: "logs/metrics.log"
+ formatter: "metricsFormat"
+ when: midnight
+ interval: 1
+ utc: True
+ delay: False
+ backupCount: 10
+ audit_handler:
+ level: "INFO"
+ class: "logging.handlers.TimedRotatingFileHandler"
+ filename: "logs/audit.log"
+ formatter: "auditFormat"
+ when: midnight
+ interval: 1
+ utc: True
+ delay: False
+ backupCount: 10
+ console_handler:
+ level: "DEBUG"
+ class: "logging.StreamHandler"
+ formatter: "metricsFormat"
+
+formatters:
+ standard:
+ format: "%(asctime)s|||||%(name)s||%(thread)||%(funcName)s||%(levelname)s||%(message)s"
+ debugFormat:
+ format: "%(mdc)s"
+ datefmt: "%Y-%m-%dT%H:%M:%S"
+ mdcfmt: "%(asctime)s.%(msecs)03d+00:00|{requestID}|%(threadName)s|{server}|%(levelname)s|%(message)s"
+ (): osdf.logging.oof_mdc_formatter.OOFMDCFormatter
+ errorFormat:
+ format: "%(mdc)s"
+ datefmt: "%Y-%m-%dT%H:%M:%S"
+ mdcfmt: "%(asctime)s.%(msecs)03d+00:00|{requestID}|%(threadName)s|{serviceName}|{partnerName}\
+ |{targetEntity}|{targetServiceName}|%(levelname)s|{errorCode}|{errorDescription}|%(message)s"
+ (): osdf.logging.oof_mdc_formatter.OOFMDCFormatter
+ auditFormat:
+ format: "%(mdc)s"
+ datefmt: "%Y-%m-%dT%H:%M:%S"
+ mdcfmt: "{entryTimestamp}+00:00|%(asctime)s.%(msecs)03d+00:00|{requestID}|{serviceInstanceID}\
+ |%(threadName)s|{server}|{serviceName}|{partnerName}|{statusCode}|{responseCode}|{responseDescription}\
+ |{instanceUUID}|%(levelname)s|{severity}|{serverIPAddress}|{timer}|{server}|{IPAddress}||{unused}\
+ |{processKey}|{customField1}|{customField2}|{customField3}|{customField4}|%(message)s"
+ (): osdf.logging.oof_mdc_formatter.OOFMDCFormatter
+ metricsFormat:
+ format: "%(mdc)s"
+ datefmt: "%Y-%m-%dT%H:%M:%S"
+ mdcfmt: "{entryTimestamp}+00:00|%(asctime)s.%(msecs)03d+00:00|{requestID}|{serviceInstanceID}\
+ |%(threadName)s|{server}|{serviceName}|{partnerName}|{targetEntity}|{targetServiceName}|{statusCode}|{responseCode}|{responseDescription}\
+ |{instanceUUID}|%(levelname)s|{severity}|{serverIPAddress}|{timer}|{server}|{IPAddress}||{unused}\
+ |{processKey}|{TargetVirtualEntity}|{customField1}|{customField2}|{customField3}|{customField4}|%(message)s"
+ (): osdf.logging.oof_mdc_formatter.OOFMDCFormatter
+ mdcFormat:
+ format: "%(asctime)s.%(msecs)03d+00:00|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s"
+ mdcfmt: "{requestID} {invocationID} {serviceName} {serverIPAddress}"
+ (): osdf.logging.oof_mdc_formatter.OOFMDCFormatter
+
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T,VMware
+# Modifications Copyright (C) 2020 Wipro Limited.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- mountPath: /opt/osdf/config/common_config.yaml
name: {{ include "common.fullname" . }}-config
subPath: common_config.yaml
+ - mountPath: /opt/osdf/config/log.yml
+ name: {{ include "common.fullname" . }}-config
+ subPath: log.yml
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
path: aaf_root_ca.cer
- key: common_config.yaml
path: common_config.yaml
+ - key: log.yml
+ path: log.yml
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
EXCLUDES := dist resources templates charts
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell helm version --template "{{.Version}}")
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+else
@if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+endif
@helm repo index $(PACKAGE_DIR)
clean:
EXCLUDES :=
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell helm version --template "{{.Version}}")
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+else
@if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+endif
@helm repo index $(PACKAGE_DIR)
clean:
-# Copyright © 2020, Nokia
+{{/*# Copyright © 2020, Nokia
# Modifications Copyright © 2020, Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
-# limitations under the License.
+# limitations under the License.*/}}
{{- if .Values.global.cmpv2Enabled }}
apiVersion: apps/v1
-# Copyright © 2020, Nokia
+{{/*# Copyright © 2020, Nokia
# Modifications Copyright © 2020, Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
-# limitations under the License.
+# limitations under the License.*/}}
{{- if .Values.global.cmpv2Enabled }}
{{ include "common.secretFast" . }}
-# Copyright © 2020, Nokia
+{{/*# Copyright © 2020, Nokia
# Modifications Copyright © 2020, Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
-# limitations under the License.
+# limitations under the License.*/}}
{{- if .Values.global.cmpv2Enabled }}
{{ include "common.service" . }}
{{ end -}}
\ No newline at end of file
# Deployment configuration
repository: nexus3.onap.org:10001
-image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.0.0
+image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.1.0
pullPolicy: Always
replicaCount: 1
"persistenceUnit": "PolicyMariaDb"
},
"preloadPolicyTypes": [
- "policytypes/onap.policies.monitoring.cdap.tca.hi.lo.app.yaml",
+ "policytypes/onap.policies.monitoring.tcagen2.yaml",
"policytypes/onap.policies.monitoring.dcaegen2.collectors.datafile.datafile-app-server.yaml",
"policytypes/onap.policies.Optimization.yaml",
"policytypes/onap.policies.optimization.Resource.yaml",
"policytypes/onap.policies.controlloop.guard.common.Blacklist.yaml",
"policytypes/onap.policies.controlloop.guard.common.FrequencyLimiter.yaml",
"policytypes/onap.policies.controlloop.guard.common.MinMax.yaml",
+ "policytypes/onap.policies.controlloop.guard.common.Filter.yaml",
"policytypes/onap.policies.controlloop.guard.coordination.FirstBlocksSecond.yaml",
- "policytypes/onap.policies.controlloop.Operational.yaml",
"policytypes/onap.policies.Naming.yaml",
+ "policytypes/onap.policies.Match.yaml",
"policytypes/onap.policies.native.Drools.yaml",
"policytypes/onap.policies.native.Xacml.yaml",
"policytypes/onap.policies.native.Apex.yaml",
readOnly: true
- mountPath: /opt/app/policy/pdpx/etc/mounted
name: pdpxconfig-processed
- emptyDir:
- medium: Memory
resources:
{{ include "common.resources" . }}
{{- if .Values.nodeSelector }}
EXCLUDES := dist resources templates charts docker
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell helm version --template "{{.Version}}")
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+else
@if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+endif
@helm repo index $(PACKAGE_DIR)
clean:
EXCLUDES :=
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell helm version --template "{{.Version}}")
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+else
@if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+endif
@helm repo index $(PACKAGE_DIR)
clean:
--- /dev/null
+# Encrypted Properties
+cipher.enc.key = ${CIPHER_ENC_KEY}
<!-- specify the component name -->\r
<property name="componentName" value="onapportal"></property>\r
\r
+ <!-- specify the application name -->\r
+ <property name="application_name" value="Portal"></property>\r
<!-- specify the base path of the log directory -->\r
<property name="logDirPrefix" value="/var/log/onap"></property>\r
\r
value="%X{MetricsLogBeginTimestamp}|%X{MetricsLogEndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{TargetVisualEntity}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}| %msg%n" />\r
\r
<property name="errorLoggerPattern"\r
- value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{ClassName}|%X{AlertSeverity}|%X{ErrorCode}|%X{ErrorDescription}| %msg%n" />\r
+ value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{AlertSeverity}|%X{ErrorCode}|%X{ErrorDescription}| %msg%n" />\r
\r
<property name="defaultLoggerPattern"\r
value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ClassName}| %msg%n" />\r
<appender-ref ref="asyncEELFServer" /> </logger> <logger name="com.att.eelf.policy"\r
level="info" additivity="false"> <appender-ref ref="asyncEELFPolicy" /> </logger> -->\r
\r
- <logger name="com.att.eelf.audit" level="info" additivity="false">\r
+ <logger name="EELFAudit" level="info" additivity="false">\r
<appender-ref ref="asyncEELFAudit" />\r
</logger>\r
\r
- <logger name="com.att.eelf.metrics" level="info" additivity="false">\r
+ <logger name="EELFMetrics" level="info" additivity="false">\r
<appender-ref ref="asyncEELFMetrics" />\r
</logger>\r
\r
- <logger name="com.att.eelf.error" level="info" additivity="false">\r
+ <logger name="EELFError" level="info" additivity="false">\r
<appender-ref ref="asyncEELFError" />\r
</logger>\r
\r
\r
<root level="INFO">\r
<appender-ref ref="asyncEELF" />\r
+ <appender-ref ref="STDOUT" />\r
</root>\r
\r
</configuration>\r
#By default it's eventual
music.atomic.get = false
-music.atomic.put = true
+music.atomic.put = false
cassandra.host={{.Values.cassandra.service.name}}
-cassandra.user={{.Values.cassandra.config.cassandraUsername}}
-cassandra.password={{.Values.cassandra.config.cassandraPassword}}
+cassandra.user=${CASSA_USER}
+cassandra.password=${CASSA_PASSWORD}
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ - name: {{ include "common.name" . }}-portal-config
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command: ["/bin/sh"]
+ args: [ "-c", "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"]
+ env:
+ - name: CASSA_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-cass" "key" "login") | indent 12 }}
+ - name: CASSA_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-cass" "key" "password") | indent 12 }}
+ - name: CIPHER_ENC_KEY
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cipher-enc-key" "key" "password") | indent 12 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: properties-onapportal-scrubbed
+ - mountPath: /config
+ name: properties-onapportal
{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
- name: properties-onapportal
mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/classes/portal.properties"
subPath: portal.properties
+ - name: properties-onapportal
+ mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/classes/key.properties"
+ subPath: key.properties
- name: properties-onapportal
mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/classes/music.properties"
subPath: music.properties
- name: properties-onapportal
mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/web.xml"
subPath: web.xml
+ - name: properties-onapportal
+ mountPath: "{{ .Values.global.env.tomcatDir }}/temp"
- name: var-log-onap
mountPath: /var/log/onap
resources:
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
{{- end -}}
- {{- if .Values.affinity }}
+{{- if .Values.affinity }}
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
hostPath:
path: /etc/localtime
- name: properties-onapportal
+ emptyDir:
+ medium: Memory
+ - name: properties-onapportal-scrubbed
configMap:
name: {{ include "common.fullname" . }}-onapportal
defaultMode: 0755
readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ envsubstImage: dibi/envsubst
#AAF service
aafEnabled: true
+################################################################
+# Secrets metaconfig
+#################################################################
+
+secrets:
+ - uid: portal-cass
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.cassandra.config.cassandraExternalSecret) . }}'
+ login: '{{ .Values.cassandra.config.cassandraUsername }}'
+ password: '{{ .Values.cassandra.config.cassandraPassword }}'
+ passwordPolicy: required
+ - uid: cipher-enc-key
+ type: password
+ externalSecret: '{{ .Values.config.cipherEncKeyExternalSecret}}'
+ password: '{{ .Values.config.cipherEncKey }}'
+ passwordPolicy: required
+
#################################################################
# Application configuration defaults.
#################################################################
image: onap/portal-app:3.2.3
pullPolicy: Always
+# application configuration
+config:
+ # cipherEncKeyExternalSecret: some secret
+ cipherEncKey: AGLDdG4D04BKm2IxIWEr8o==!
+
#AAF local config
aafURL: https://aaf-service:8100/authz/
service:
name: portal-cassandra
config:
+ # cassandraExternalSecret: some secret
cassandraUsername: root
cassandraPassword: Aa123456
messageRouter:
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- name: CASSUSER
- value: "{{ .Values.config.cassandraUsername }}"
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 12}}
- name: CASSPASS
- value: "{{ .Values.config.cassandraPassword }}"
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "password") | indent 12}}
- name: JVM_OPTS
value: "{{ .Values.config.cassandraJvmOpts }}"
- name: POD_IP
--- /dev/null
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
image: onap/music/cassandra_music:3.0.0
pullPolicy: Always
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: 'db-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.cassandraExternalSecret) . }}'
+ login: '{{ .Values.config.cassandraUsername }}'
+ password: '{{ .Values.config.cassandraPassword }}'
+
# application configuration
config:
cassandraUsername: root
cassandraPassword: Aa123456
+# cassandraCredsExternalSecret: some secret
cassandraJvmOpts: -Xmx2536m -Xms2536m
# default number of instances
*/
-- app_url is the FE, app_rest_endpoint is the BE
--portal-sdk => TODO: doesn't open a node port yet
-update fn_app set app_url = 'https://{{.Values.config.portalSdkHostName}}:{{.Values.config.portalSdkPort}}/ONAPPORTALSDK/welcome.htm', app_rest_endpoint = 'https://portal-sdk:8080/ONAPPORTALSDK/api/v3' where app_name = 'xDemo App';
+update fn_app set app_url = 'https://{{.Values.config.portalSdkHostName}}:{{.Values.config.portalSdkPort}}/ONAPPORTALSDK/welcome.htm', app_rest_endpoint = 'https://portal-sdk:8443/ONAPPORTALSDK/api/v3' where app_name = 'xDemo App';
--dmaap-bc => the dmaap-bc doesn't open a node port..
update fn_app set app_url = 'http://{{.Values.config.dmaapBcHostName}}:{{.Values.config.dmaapBcPort}}/ECOMPDBCAPP/dbc#/dmaap', app_rest_endpoint = 'http://dmaap-bc:8989/ECOMPDBCAPP/api/v2' where app_name = 'DMaaP Bus Ctrl';
--sdc-be => 8443:30204
-- aai sparky
update fn_app set app_username='aaiui', app_password='4LK69amiIFtuzcl6Gsv97Tt7MLhzo03aoOx7dTvdjKQ=', ueb_key='ueb_key_7' where app_id = 7;
+-- Disabled Policy APP
+UPDATE fn_app fa SET fa.enabled = 'N' WHERE app_name = 'Policy';
+
/*
Replace spaces with underscores for role names to match AAF role names
value: "{{ .Values.service.internalPort }}"
- name: DB_PASS
valueFrom:
- secretKeyRef: {name: {{ include "common.fullname" . }}, key: db-root-password}
+ secretKeyRef:
+ name: {{ include "common.fullname" . }}
+ key: db-root-password
command:
- /bin/sh
- -x
--- /dev/null
+###
+# ============LICENSE_START==========================================
+# ONAP Portal SDK
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+#
+###
+
+# Properties read by the ECOMP Framework library (epsdk-fw)
+cipher.enc.key = ${CIPHER_ENC_KEY}
<!--<jmxConfigurator /> -->\r
<!-- specify the component name -->\r
<property name="componentName" value="onapsdk"></property>\r
+ <!-- specify the application name -->\r
+ <property name="application_name" value="PortalSDK"></property>\r
<!-- specify the base path of the log directory -->\r
<property name="logDirPrefix" value="/var/log/onap"></property>\r
<!-- The directories where logs are written -->\r
<!-- 1610 Logging Fields Format Revisions -->\r
<property name="auditLoggerPattern" value="%X{AuditLogBeginTimestamp}|%X{AuditLogEndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}| %msg%n" />\r
<property name="metricsLoggerPattern" value="%X{MetricsLogBeginTimestamp}|%X{MetricsLogEndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{TargetVisualEntity}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}| %msg%n" />\r
- <property name="errorLoggerPattern" value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{ClassName}|%X{AlertSeverity}|%X{ErrorCode}|%X{ErrorDescription}| %msg%n" />\r
+ <property name="errorLoggerPattern" value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{AlertSeverity}|%X{ErrorCode}|%X{ErrorDescription}| %msg%n" />\r
<property name="defaultLoggerPattern" value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ClassName}| %msg%n" />\r
<!-- use %class so library logging calls yield their class name -->\r
<property name="applicationLoggerPattern" value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%class{36}| %msg%n" />\r
<logger name="org.onap.eelf" level="info" additivity="false">\r
<appender-ref ref="asyncEELF" />\r
</logger>\r
- <logger name="org.onap.eelf.audit" level="info" additivity="false">\r
+ <logger name="EELFAudit" level="info" additivity="false">\r
<appender-ref ref="asyncEELFAudit" />\r
</logger>\r
<logger name="org.onap.eelf.debug" level="debug" additivity="false">\r
<appender-ref ref="asyncEELFDebug" />\r
</logger>\r
- <logger name="org.onap.eelf.error" level="info" additivity="false">\r
+ <logger name="EELFError" level="info" additivity="false">\r
<appender-ref ref="asyncEELFError" />\r
</logger>\r
- <logger name="org.onap.eelf.metrics" level="info" additivity="false">\r
+ <logger name="EELFMetrics" level="info" additivity="false">\r
<appender-ref ref="asyncEELFMetrics" />\r
</logger>\r
<root level="DEBUG">\r
<appender-ref ref="asyncEELF" />\r
+ <appender-ref ref="STDOUT" />\r
</root>\r
</configuration>\r
#By default it's eventual
music.atomic.get = false
-music.atomic.put = true
+music.atomic.put = false
cassandra.host={{.Values.cassandra.service.name}}
-cassandra.user={{.Values.cassandra.config.cassandraUsername}}
-cassandra.password={{.Values.cassandra.config.cassandraPassword}}
+cassandra.user=${CASSA_USER}
+cassandra.password=${CASSA_PASSWORD}
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ - name: {{ include "common.name" . }}-portalsdk-config
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command: ["/bin/sh"]
+ args: [ "-c", "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"]
+ env:
+ - name: CASSA_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-cass" "key" "login") | indent 12 }}
+ - name: CASSA_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-cass" "key" "password") | indent 12 }}
+ - name: CIPHER_ENC_KEY
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cipher-enc-key" "key" "password") | indent 12 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: properties-onapportalsdk-scrubbed
+ - mountPath: /config
+ name: properties-onapportalsdk
{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
- name: properties-onapportalsdk
mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTALSDK/WEB-INF/classes/portal.properties"
subPath: portal.properties
+ - name: properties-onapportalsdk
+ mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/classes/key.properties"
+ subPath: key.properties
- name: properties-onapportalsdk
mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTALSDK/WEB-INF/classes/music.properties"
subPath: music.properties
hostPath:
path: /etc/localtime
- name: properties-onapportalsdk
+ emptyDir:
+ medium: Memory
+ - name: properties-onapportalsdk-scrubbed
configMap:
name: {{ include "common.fullname" . }}-onapportalsdk
defaultMode: 0755
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
persistence: {}
+ envsubstImage: dibi/envsubst
#AAF service
aafEnabled: true
+################################################################
+# Secrets metaconfig
+#################################################################
+
+secrets:
+ - uid: portal-cass
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.cassandra.config.cassandraExternalSecret) . }}'
+ login: '{{ .Values.cassandra.config.cassandraUsername }}'
+ password: '{{ .Values.cassandra.config.cassandraPassword }}'
+ passwordPolicy: required
+ - uid: cipher-enc-key
+ type: password
+ externalSecret: '{{ .Values.config.cipherEncKeyExternalSecret}}'
+ password: '{{ .Values.config.cipherEncKey }}'
+ passwordPolicy: required
+
#################################################################
# Application configuration defaults.
#################################################################
image: onap/portal-sdk:3.2.0
pullPolicy: Always
+# application configuration
+config:
+ # cipherEncKeyExternalSecret: some secret
+ cipherEncKey: AGLDdG4D04BKm2IxIWEr8o==
+
+
#AAF local config
aafURL: https://aaf-service:8100/authz/
certInitializer:
service:
name: portal-cassandra
config:
+ # cassandraExternalSecret: some secret
cassandraUsername: root
cassandraPassword: Aa123456
messageRouter:
--- /dev/null
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
portalFEPort: "30225"
# application's front end hostname. Must be resolvable on the client side environment
portalHostName: "portal.api.simpledemo.onap.org"
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: portal-cass
+ name: &dbSecretName '{{ include "common.release" . }}-portal-cass-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.casandraCredsExternalSecret) . }}'
+ login: '{{ .Values.config.cassandraUsername }}'
+ password: '{{ .Values.config.cassandraPassword }}'
+
config:
logstashServiceName: log-ls
logstashPort: 5044
+ cassandraUsername: root
+# cassandraPassword: Aa123456
+# casandraCredsExternalSecret: some secret
+
portal-mariadb:
nameOverride: portal-db
mariadb:
service:
name: portal-cassandra
config:
- cassandraUsername: root
- cassandraPassword: Aa123456
+ cassandraExternalSecret: *dbSecretName
+portal-app:
+ cassandra:
+ config:
+ cassandraExternalSecret: *dbSecretName
+portal-sdk:
+ cassandra:
+ config:
+ cassandraExternalSecret: *dbSecretName
messageRouter:
service:
name: message-router
-Subproject commit b093c77b4faa2c4f0bfc67e481f724b6d67c7229
+Subproject commit 0611262fbb68714cfdb922f13ffb009b58a43f71
EXCLUDES := dist resources templates charts docker
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell helm version --template "{{.Version}}")
+
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
all: $(HELM_CHARTS)
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+else
@if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+endif
+
@helm repo index $(PACKAGE_DIR)
clean:
EXCLUDES :=
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell helm version --template "{{.Version}}")
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+else
@if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+endif
@helm repo index $(PACKAGE_DIR)
clean:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
- mountPath: /home/sdc/chef-solo/environments/
+ mountPath: /home/onap/chef-solo/environments/
- name: sdc-logs
mountPath: /var/lib/jetty/logs
env:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-backend:1.6.7
-backendInitImage: onap/sdc-backend-init:1.6.7
+image: onap/sdc-backend-all-plugins:1.7.1
+backendInitImage: onap/sdc-backend-init:1.7.1
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-cassandra:1.6.7
-cassandraInitImage: onap/sdc-cassandra-init:1.6.7
+image: onap/sdc-cassandra:1.7.1
+cassandraInitImage: onap/sdc-cassandra-init:1.7.1
pullPolicy: Always
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-frontend:1.6.7
+image: onap/sdc-frontend:1.7.1
pullPolicy: Always
config:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-onboard-backend:1.6.7
-onboardingInitImage: onap/sdc-onboard-cassandra-init:1.6.7
+image: onap/sdc-onboard-backend:1.7.1
+onboardingInitImage: onap/sdc-onboard-cassandra-init:1.7.1
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/workflow-backend:1.6.4
-configInitImage: onap/workflow-init:1.6.4
+image: onap/sdc-workflow-backend:1.7.0
+configInitImage: onap/sdc-workflow-init:1.7.0
pullPolicy: Always
initJob:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/workflow-frontend:1.6.4
+image: onap/sdc-workflow-frontend:1.7.0
pullPolicy: Always
# flag to enable debugging - application support required
EXCLUDES := dist resources templates charts
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell helm version --template "{{.Version}}")
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+else
@if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+endif
@helm repo index $(PACKAGE_DIR)
clean:
EXCLUDES :=
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell helm version --template "{{.Version}}")
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+else
@if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+endif
@helm repo index $(PACKAGE_DIR)
clean:
targetPort: {{ .Values.service.internalPort4 }}
{{ end }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort4 }}
- {{ if .Values.config.sdnr.enabled }}
- Session Affinity: ClientIP
- {{ end }}
+ {{ if .Values.config.sdnr.enabled }}
+ sessionAffinity: ClientIP
+ {{ end }}
selector:
app.kubernetes.io/name: {{ include "common.name" . }}
app.kubernetes.io/instance: {{ include "common.release" . }}
readOnly: true
- name: {{ include "common.fullname" . }}-truststore
mountPath: /app/client
- readonly: true
+ readOnly: true
livenessProbe:
tcpSocket:
port: {{ index .Values.livenessProbe.port }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- - name: MSB_PROTO
- value: "{{ .Values.global.config.msbprotocol }}"
+ - name: MSB_HOST
+ value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: SSL_ENABLED
value: "{{ .Values.global.config.ssl_enabled }}"
- - name: MSB_ADDR
- value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: REG_TO_MSB_WHEN_START
value: "{{ .Values.global.config.reg_to_msb_when_start }}"
volumeMounts:
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/gvnfmdriver:1.3.9
+image: onap/vfc/gvnfmdriver:1.4.0
pullPolicy: Always
#Istio sidecar injection policy
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- - name: MSB_PROTO
- value: "{{ .Values.global.config.msbprotocol }}"
+ - name: MSB_HOST
+ value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: SSL_ENABLED
value: "{{ .Values.global.config.ssl_enabled }}"
- - name: MSB_ADDR
- value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: MYSQL_ADDR
value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
- name: MYSQL_ROOT_USER
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/nslcm:1.3.9
+image: onap/vfc/nslcm:1.4.0
pullPolicy: Always
#Istio sidecar injection policy
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: MSB_ADDR
- value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- - name: REG_TO_MSB_WHEN_START
- value: "{{ .Values.global.config.reg_to_msb_when_start }}"
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/db:1.3.3
+image: onap/vfc/db:1.3.4
pullPolicy: Always
# flag to enable debugging - application support required
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- - name: MSB_PROTO
- value: "{{ .Values.global.config.msbprotocol }}"
+ - name: MSB_HOST
+ value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: SSL_ENABLED
value: "{{ .Values.global.config.ssl_enabled }}"
- - name: MSB_ADDR
- value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: MYSQL_ADDR
value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
- name: MYSQL_ROOT_USER
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/vnflcm:1.3.9
+image: onap/vfc/vnflcm:1.4.0
pullPolicy: Always
#Istio sidecar injection policy
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- - name: MSB_PROTO
- value: "{{ .Values.global.config.msbprotocol }}"
+ - name: MSB_HOST
+ value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: SSL_ENABLED
value: "{{ .Values.global.config.ssl_enabled }}"
- - name: MSB_ADDR
- value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: MYSQL_ADDR
value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
- name: REDIS_HOST
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/vnfmgr:1.3.8
+image: onap/vfc/vnfmgr:1.3.9
pullPolicy: Always
#Istio sidecar injection policy
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- - name: MSB_PROTO
- value: "{{ .Values.global.config.msbprotocol }}"
+ - name: MSB_HOST
+ value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: SSL_ENABLED
value: "{{ .Values.global.config.ssl_enabled }}"
- - name: MSB_ADDR
- value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: MYSQL_ADDR
value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
- name: REDIS_HOST
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/vnfres:1.3.7
+image: onap/vfc/vnfres:1.3.8
pullPolicy: Always
#Istio sidecar injection policy
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- - name: MSB_PROTO
- value: "{{ .Values.global.config.msbprotocol }}"
+ - name: MSB_HOST
+ value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: SSL_ENABLED
value: "{{ .Values.global.config.ssl_enabled }}"
- - name: MSB_ADDR
- value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: REG_TO_MSB_WHEN_START
value: "{{ .Values.global.config.reg_to_msb_when_start }}"
volumeMounts:
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/ztevnfmdriver:1.3.6
+image: onap/vfc/ztevnfmdriver:1.3.7
pullPolicy: Always
#Istio sidecar injection policy
name: {{ include "common.name" . }}
resources:
{{ include "common.resources" . | indent 12 }}
- volumes:
+ volumeMounts:
- mountPath: /service/webapps/ROOT/WEB-INF/classes/mybatis/configuration/configuration.xml
name: init-data
subPath: configuration.xml