# If you get an application startup failure that the port is already taken
# If thats not it, please check if the key-store file path makes sense
server.local.startpath=/opt/app/aai-graphadmin/resources/
-server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties
server.port=8449
--- /dev/null
+{{- define "aai.waitForSchemaCreation" -}}
+- name: wait-for-schema-creation
+ image: "{{ include "repositoryGenerator.image.curl" . }}"
+ imagePullPolicy: IfNotPresent
+ command: ["/bin/sh", "-c"]
+ args:
+ - |
+ URL="{{ required "URL is required" (.Values.schemaInitCheckURL | default "http://aai-graphadmin:8449/isSchemaInitialized") }}"
+ AUTH="{{ printf "%s:%s" (index .Values.global.config.basic.auth.users 0).username (index .Values.global.config.basic.auth.users 0).password }}"
+ while true; do
+ RESPONSE=$(curl -u $AUTH -s $URL)
+ if [ "$RESPONSE" = "true" ]; then
+ echo "Request successful. Schema is initialized."
+ exit 0
+ else
+ echo "Request unsuccessful. Schema is not yet initialized. Retrying in 3 seconds..."
+ sleep 3
+ fi
+ done
+ {{ include "common.containerSecurityContext" . | indent 2 | trim }}
+{{- end -}}
+
+{{- define "aai.waitForSchemaService" -}}
+- name: wait-for-schema-service
+ image: "{{ include "repositoryGenerator.image.curl" . }}"
+ imagePullPolicy: IfNotPresent
+ command: ["/bin/sh", "-c"]
+ args:
+ - |
+ URL="{{ required "URL is required" (.Values.schemaInitCheckURL | default "http://aai-schema-service:8452/aai/schema-service/util/echo") }}"
+ AUTH="{{ printf "%s:%s" (index .Values.global.config.basic.auth.users 0).username (index .Values.global.config.basic.auth.users 0).password }}"
+ while true; do
+ if curl --fail --header 'X-FromAppId: graphadmin' --header 'X-TransactionId: someTransaction' -u $AUTH -s $URL; then
+ echo "Request successful. Schema-service is available"
+ exit 0
+ else
+ echo "Request unsuccessful. Schema-service is not available yet. Retrying in 3 seconds..."
+ sleep 3
+ fi
+ done
+ {{ include "common.containerSecurityContext" . | indent 2 | trim }}
+{{- end -}}
terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }}
{{- if .Values.global.initContainers.enabled }}
initContainers:
- {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.waitForWithCreateSchemaDisabled ) | indent 6 | trim }}
+ {{- if not .Values.createDbSchemaViaJob.enabled }}
+ {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.waitForCassandraService ) | indent 8 | trim }}
+ - name: {{ include "common.name" . }}-create-db-schema
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | nindent 10 | trim }}
+ command:
+ - sh
+ args:
+ - -c
+ - |
+ {{- if include "common.onServiceMesh" . }}
+ echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
+ sh docker-entrypoint.sh createDBSchema.sh;
+ {{ include "common.serviceMesh.killSidecar" . | indent 11 | trim }}
+ env:
+ {{- if .Values.config.debug.enabled }}
+ - name: JVM_OPTS
+ value: {{ .Values.config.debug.args | quote }}
+ {{- end }}
+ {{- if .Values.config.env }}
+ {{- range $key,$value := .Values.config.env }}
+ - name: {{ $key | upper | quote}}
+ value: {{ $value | quote}}
+ {{- end }}
+ {{- end }}
+ - name: BOOTSTRAP_SERVERS
+ value: {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ - name: JAAS_CONFIG
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.release" . }}-{{ .Values.global.aaiGraphKafkaUser }}
+ key: sasl.jaas.config
+ {{- if .Values.config.debug.enabled }}
+ ports:
+ - containerPort: {{ .Values.service.debugPort }}
+ name: {{ .Values.service.debugPortName }}
+ {{- end }}
+ volumeMounts:
+ - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties
+ name: config
+ subPath: janusgraph-realtime.properties
+ - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties
+ name: properties
+ subPath: aaiconfig.properties
+ - mountPath: /opt/aai/logroot/AAI-GA
+ name: logs
+ - mountPath: /opt/app/aai-graphadmin/resources/logback.xml
+ name: config
+ subPath: logback.xml
+ - mountPath: /opt/app/aai-graphadmin/resources/localhost-access-logback.xml
+ name: config
+ subPath: localhost-access-logback.xml
+ - mountPath: /opt/app/aai-graphadmin/resources/application.properties
+ name: properties
+ subPath: application.properties
+ resources: {{ include "common.resources" . | nindent 12 }}
+ {{- end }}
{{- end }}
{{ include "common.podSecurityContext" . | indent 6 | trim }}
containers:
# then it is your job to ensure that there are no connections to the database
*/}}
+{{/* the new default is schema creation via graphadmin init container. This will be removed in the future. */}}
+{{- if .Values.createDbSchemaViaJob.enabled }}
{{- if and ( not .Values.global.jobs.migration.enabled ) ( .Values.global.jobs.createSchema.enabled ) }}
apiVersion: batch/v1
kind: Job
labels: {{- include "common.labels" (dict "labels" .Values.labels "ignoreHelmChart" .Values.ignoreHelmChart "dot" . "suffix" "job") | nindent 8 }}
name: {{ include "common.name" . }}
spec:
- initContainers:
- {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.waitForWithCreateSchemaDisabled) | indent 6 | trim }}
{{ include "common.podSecurityContext" . | indent 6 | trim }}
containers:
- name: {{ include "common.name" . }}-job
restartPolicy: Never
{{- include "common.imagePullSecrets" . | nindent 6 }}
{{- end }}
+{{- end }}
version:
# Current version of the REST API
api:
- default: v29
+ default: v30
# Specifies which version the depth parameter is configurable
depth: v11
# List of all the supported versions of the API
- list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28,v29
+ list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28,v29,v30
# Specifies from which version related link should appear
related:
link: v11
echo:
enabled: true
+## Can be used to restore the old behaviour of having a separate job for schema creation
+createDbSchemaViaJob:
+ enabled: false
+
readinessCheck:
- waitForWithCreateSchemaEnabled:
+ waitForSchemaCreationJob:
jobs:
- '{{ include "common.release" . }}-aai-graphadmin-create-db-schema'
- waitForWithCreateSchemaDisabled:
- services:
- - '{{ .Values.global.cassandra.serviceName }}'
- - aai-schema-service
- waitForCassandra:
- containers:
- - aai-schema-service
- apps:
- - cassandra
waitForLocalCassandra:
containers:
- aai-schema-service
{{ if .Values.global.config.basic.auth.enabled }}
aai.tools.enableBasicAuth=true
-aai.tools.username={{ .Values.global.config.basic.auth.username }}
-aai.tools.password={{ .Values.global.config.basic.auth.passwd }}
+aai.tools.username={{ (index .Values.global.config.basic.auth.users 0).username }}
+aai.tools.password={{ (index .Values.global.config.basic.auth.users 0).password }}
{{ end }}
aai.notification.current.version={{ .Values.global.config.schema.version.api.default }}
+++ /dev/null
-
-spring.autoconfigure.exclude=\
- org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,\
- org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration
-
-multi.tenancy.enabled={{ .Values.config.keycloak.multiTenancy.enabled }}
-keycloak.auth-server-url=http://{{ .Values.config.keycloak.host }}:{{ .Values.config.keycloak.port }}/auth
-keycloak.realm={{ .Values.config.keycloak.realm }}
-keycloak.resource={{ .Values.config.keycloak.resource }}
-keycloak.public-client=true
-keycloak.principal-attribute=preferred_username
-
-keycloak.ssl-required=external
-keycloak.bearer-only=true
# If you get an application startup failure that the port is already taken
# If thats not it, please check if the key-store file path makes sense
server.local.startpath=aai-resources/src/main/resources/
-server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties
server.port=8447
# but doesn't show up in micrometer metrics
aai.actuator.echo.enabled={{ .Values.actuator.echo.enabled }}
aai.graph.properties.path=${server.local.startpath}/etc/appprops/janusgraph-realtime.properties
+
+aai.basic-auth.enabled={{ .Values.global.config.basic.auth.enabled }}
+{{- range $index, $user := .Values.global.config.basic.auth.users }}
+aai.basic-auth.users[{{ $index }}].username={{ $user.username }}
+aai.basic-auth.users[{{ $index }}].password={{ $user.password }}
+{{- end }}
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# format : username: password[,rolename ...]
-# default username/password: AAI/AAI, MSO/MSO, ModelLoader/ModelLoader...
-*/ -}}
-AAI:OBF:1gfr1ev31gg7,admin
-MSO:OBF:1jzx1lz31k01,admin
-SDNC:OBF:1itr1i0l1i151isv,admin
-DCAE:OBF:1g8u1f9d1f991g8w,admin
-POLICY:OBF:1mk61i171ima1im41i0j1mko,admin
-ASDC:OBF:1f991j0u1j001f9d,admin
-ModelLoader:OBF:1qvu1v2h1sov1sar1wfw1j7j1wg21saj1sov1v1x1qxw,admin
-AaiUI:OBF:1gfr1p571unz1p4j1gg7,admin
-OOF:OBF:1img1ke71ily,admin
-aai@aai.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
-so@so.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
-sdnc@sdnc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
-dcae@dcae.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
-policy@policy.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
-sdc@sdc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
-oof@oof.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
-pomba@pomba.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
-vfc@vfc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
--- /dev/null
+{{- define "aai.waitForSchemaCreation" -}}
+- name: wait-for-schema-creation
+ image: "{{ include "repositoryGenerator.image.curl" . }}"
+ imagePullPolicy: IfNotPresent
+ command: ["/bin/sh", "-c"]
+ args:
+ - |
+ URL="{{ required "URL is required" (.Values.schemaInitCheckURL | default "http://aai-graphadmin:8449/isSchemaInitialized") }}"
+ AUTH="{{ printf "%s:%s" (index .Values.global.config.basic.auth.users 0).username (index .Values.global.config.basic.auth.users 0).password }}"
+ while true; do
+ RESPONSE=$(curl -u $AUTH -s $URL)
+ if [ "$RESPONSE" = "true" ]; then
+ echo "Request successful. Schema is initialized."
+ exit 0
+ else
+ echo "Request unsuccessful. Schema is not yet initialized. Retrying in 3 seconds..."
+ sleep 3
+ fi
+ done
+ {{ include "common.containerSecurityContext" . | indent 2 | trim }}
+{{- end -}}
{{ tpl (.Files.Glob "resources/config/janusgraph-realtime.properties").AsConfig . | indent 2 }}
{{ tpl (.Files.Glob "resources/config/aaiconfig.properties").AsConfig . | indent 2 }}
{{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }}
-{{ tpl (.Files.Glob "resources/config/application-keycloak.properties").AsConfig . | indent 2 }}
-{{ tpl (.Files.Glob "resources/config/realm.properties").AsConfig . | indent 2 }}
{{- if .Values.global.jobs.migration.enabled }}
{{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_migration) | nindent 8 }}
{{- else if .Values.global.jobs.createSchema.enabled }}
- {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_createSchema) | nindent 8 }}
- {{- else }}
- {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_cassandra) | nindent 8 }}
+ {{ include "aai.waitForSchemaCreation" . | nindent 6 }}
{{- end }}
containers:
- name: {{ include "common.name" . }}
- mountPath: /opt/app/aai-resources/resources/logback.xml
name: {{ include "common.fullname" . }}-config
subPath: logback.xml
- - mountPath: /opt/app/aai-resources/resources/etc/auth/realm.properties
- name: {{ include "common.fullname" . }}-config
- subPath: realm.properties
- mountPath: /opt/app/aai-resources/resources/application.properties
name: {{ include "common.fullname" . }}-config
subPath: application.properties
- - mountPath: /opt/app/aai-resources/resources/application-keycloak.properties
- name: {{ include "common.fullname" . }}-config
- subPath: application-keycloak.properties
- mountPath: /tmp
name: tmp
ports:
basic:
auth:
enabled: true
- username: AAI
- passwd: AAI
+ users:
+ - username: aai@aai.onap.org
+ password: demo123456!
+ - username: so@so.onap.org
+ password: demo123456!
+ - username: sdnc@sdnc.onap.org
+ password: demo123456!
+ - username: dcae@dcae.onap.org
+ password: demo123456!
+ - username: policy@policy.onap.org
+ password: demo123456!
+ - username: sdc@sdc.onap.org
+ password: demo123456!
+ - username: AAI
+ password: AAI
+ - username: DCAE
+ password: DCAE
+ - username: MSO
+ password: MSO
+ - username: POLICY
+ password: POLICY
+ - username: ASDC
+ password: ASDC
+ - username: ModelLoader
+ password: ModelLoader
+ - username: AaiUI
+ password: AaiUI
# Active spring profiles for the resources microservice
profiles:
version:
# Current version of the REST API
api:
- default: v29
+ default: v30
# Specifies which version the depth parameter is configurable
depth: v11
# List of all the supported versions of the API
- list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28,v29
+ list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28,v29,v30
# Specifies from which version related link should appear
related:
link: v11
url: external-system
# application image
-image: onap/aai-resources:1.15.4
+image: onap/aai-resources:1.15.5
pullPolicy: Always
restartPolicy: Always
flavor: small
# Configuration for the resources deployment
config:
- # configure keycloak according to your environment.
- # don't forget to add keycloak in active profiles above (global.config.profiles)
- keycloak:
- host: keycloak.your.domain
- port: 8180
- # Specifies a set of users, credentials, roles, and groups
- realm: aai-resources
- # Used by any client application for enabling fine-grained authorization for their protected resources
- resource: aai-resources-app
- # If set to true, additional criteria will be added that match the data-owner property with the given role
- # to the user in keycloak
- multiTenancy:
- enabled: true
janusgraph:
caching:
# enable when running read-heavy workloads
dbMetric: WARN
logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
-# To make logback capping values configurable
-logback:
- logToFileEnabled: false
- maxHistory: 7
- totalSizeCap: 1GB
- queueSize: 1000
-
-accessLogback:
- livenessAccessLogEnabled: false # false: do not log kubernetes liveness probes
- logToFileEnabled: false
- maxHistory: 7
- totalSizeCap: 1GB
#################################################################
# Secrets metaconfig
#################################################################
spring.application.name=aai-schema-service
spring.jersey.type=filter
-
spring.main.allow-bean-definition-overriding=true
+spring.sleuth.enabled={{ .Values.tracing.enabled }}
+spring.zipkin.baseUrl={{ .Values.tracing.collector.baseUrl }}
+spring.sleuth.trace-id128=true
+spring.sleuth.sampler.probability={{ .Values.tracing.sampling.probability }}
+spring.sleuth.propagation.type=w3c, b3
+spring.sleuth.supports-join=false
server.servlet.context-path=/
spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration
{{ include "common.log.sidecar" . | nindent 6 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: aai-common-aai-auth-mount
- secret:
- secretName: aai-common-aai-auth
- name: aai-schema-service
emptyDir:
sizeLimit: {{ .Values.volumes.aaiSizeLimit }}
version:
# Current version of the REST API
api:
- default: v29
+ default: v30
# Specifies which version the depth parameter is configurable
depth: v11
# List of all the supported versions of the API
- list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28,v29
+ list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28,v29,v30
# Specifies from which version related link should appear
related:
link: v11
label: v12
# application image
-image: onap/aai-schema-service:1.12.5
+image: onap/aai-schema-service:1.12.9
pullPolicy: Always
restartPolicy: Always
flavor: small
- "-Djava.rmi.server.hostname=127.0.0.1"
# number of ReplicaSets that should be retained for the Deployment
-revisionHistoryLimit: 2
+revisionHistoryLimit: 1
updateStrategy:
type: RollingUpdate
# probe configuration parameters
liveness:
+ enabled: true
initialDelaySeconds: 60
periodSeconds: 60
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: false
readiness:
initialDelaySeconds: 60
path: /var/log/onap
level:
root: INFO
+ base: INFO # base package (org.onap.aai)
logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
volumes:
podAnnotations:
checksum/config: '{{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}'
+
+tracing:
+ enabled: false
+ collector:
+ baseUrl: http://jaeger-collector.istio-system:9411
+ sampling:
+ probability: 1.0 # percentage of requests that are sampled (between 0-1/0%-100%)
{{/*
-# Copyright (c) 2017 Amdocs, Bell Canada
-# Modifications Copyright (c) 2018 AT&T
-# Modifications Copyright (c) 2020 Nokia
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2020 Nokia
# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
apiVersion: apps/v1
kind: Deployment
-metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+metadata: {{- include "common.resourceMetadata" (dict "annotations" .Values.annotations "dot" .) | nindent 2 }}
spec:
selector: {{- include "common.selectors" . | nindent 4 }}
{{- if .Values.debug.enabled }}
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
+ {{- end }}
readinessProbe:
tcpSocket:
port: {{ .Values.service.internalPort }}
{{ if or (.Values.global.config.basic.auth.enabled) ( include "common.onServiceMesh" .) }}
aai.tools.enableBasicAuth=true
-aai.tools.username={{ .Values.global.config.basic.auth.username }}
-aai.tools.password={{ .Values.global.config.basic.auth.passwd }}
+aai.tools.username={{ (index .Values.global.config.basic.auth.users 0).username }}
+aai.tools.password={{ (index .Values.global.config.basic.auth.users 0).password }}
{{ end }}
aai.notification.current.version={{ .Values.global.config.schema.version.api.default }}
+++ /dev/null
-spring.autoconfigure.exclude=\
- org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,\
- org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration
-
-multi.tenancy.enabled={{ .Values.config.keycloak.multiTenancy.enabled }}
-keycloak.auth-server-url=http://{{ .Values.config.keycloak.host }}:{{ .Values.config.keycloak.port }}/auth
-keycloak.realm={{ .Values.config.keycloak.realm }}
-keycloak.resource={{ .Values.config.keycloak.resource }}
-keycloak.public-client=false
-keycloak.principal-attribute=preferred_username
-
-keycloak.ssl-required=external
-keycloak.bearer-only=true
spring.main.allow-bean-definition-overriding=true
server.servlet.context-path=${schema.uri.base.path}
-spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration,org.keycloak.adapters.springboot.KeycloakAutoConfiguration,org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration,org.springframework.boot.actuate.autoconfigure.security.servlet.ManagementWebSecurityAutoConfiguration
+spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration,org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration,org.springframework.boot.actuate.autoconfigure.security.servlet.ManagementWebSecurityAutoConfiguration
spring.profiles.active={{ .Values.global.config.profiles.active }}
spring.jersey.application-path=/
# If you get an application startup failure that the port is already taken
# If thats not it, please check if the key-store file path makes sense
server.local.startpath=aai-traversal/src/main/resources/
-server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties
server.port=8446
# but doesn't show up in micrometer metrics
aai.actuator.echo.enabled={{ .Values.actuator.echo.enabled }}
aai.graph.properties.path=${server.local.startpath}/etc/appprops/janusgraph-realtime.properties
+
+aai.basic-auth.enabled={{ .Values.global.config.basic.auth.enabled }}
+{{- range $index, $user := .Values.global.config.basic.auth.users }}
+aai.basic-auth.users[{{ $index }}].username={{ $user.username }}
+aai.basic-auth.users[{{ $index }}].password={{ $user.password }}
+{{- end }}
--- /dev/null
+{{- define "aai.waitForSchemaCreation" -}}
+- name: wait-for-schema-creation
+ image: "{{ include "repositoryGenerator.image.curl" . }}"
+ imagePullPolicy: IfNotPresent
+ command: ["/bin/sh", "-c"]
+ args:
+ - |
+ URL="{{ required "URL is required" (.Values.schemaInitCheckURL | default "http://aai-graphadmin:8449/isSchemaInitialized") }}"
+ AUTH="{{ printf "%s:%s" (index .Values.global.config.basic.auth.users 0).username (index .Values.global.config.basic.auth.users 0).password }}"
+ while true; do
+ RESPONSE=$(curl -u $AUTH -s $URL)
+ if [ "$RESPONSE" = "true" ]; then
+ echo "Request successful. Schema is initialized."
+ exit 0
+ else
+ echo "Request unsuccessful. Schema is not yet initialized. Retrying in 3 seconds..."
+ sleep 3
+ fi
+ done
+ {{ include "common.containerSecurityContext" . | indent 2 | trim }}
+{{- end -}}
{{ tpl (.Files.Glob "resources/config/janusgraph-realtime.properties").AsConfig . | indent 2 }}
{{ tpl (.Files.Glob "resources/config/aaiconfig.properties").AsConfig . | indent 2 }}
{{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }}
-{{ tpl (.Files.Glob "resources/config/application-keycloak.properties").AsConfig . | indent 2 }}
-{{ tpl (.Files.Glob "resources/config/realm.properties").AsConfig . | indent 2 }}
{{- if .Values.global.jobs.migration.enabled }}
{{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_migration) | nindent 8 }}
{{- else if .Values.global.jobs.createSchema.enabled }}
- {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_createSchema) | nindent 8 }}
+ {{ include "aai.waitForSchemaCreation" . | nindent 6 }}
{{- else }}
{{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_cassandra) | nindent 8 }}
{{- end }}
- mountPath: /opt/app/aai-traversal/resources/logback.xml
name: {{ include "common.fullname" . }}-config
subPath: logback.xml
- - mountPath: /opt/app/aai-traversal/resources/etc/auth/realm.properties
- name: {{ include "common.fullname" . }}-config
- subPath: realm.properties
- mountPath: /opt/app/aai-traversal/resources/application.properties
name: {{ include "common.fullname" . }}-config
subPath: application.properties
- - mountPath: /opt/app/aai-traversal/resources/application-keycloak.properties
- name: {{ include "common.fullname" . }}-config
- subPath: application-keycloak.properties
- mountPath: /tmp
name: tmp
ports:
spec:
{{ include "common.podSecurityContext" . | indent 6 | trim }}
initContainers:
- {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_service) | nindent 6 }}
+ {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_traversal) | nindent 6 }}
- name: {{ include "common.name" . }}-wait-for-aai-haproxy
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
basic:
auth:
enabled: true
- username: AAI
- passwd: AAI
+ users:
+ - username: aai@aai.onap.org
+ password: demo123456!
+ - username: AAI
+ password: AAI
+ - username: DCAE
+ password: DCAE
+ - username: MSO
+ password: MSO
+ - username: POLICY
+ password: POLICY
+ - username: ASDC
+ password: ASDC
+ - username: ModelLoader
+ password: ModelLoader
+ - username: AaiUI
+ password: AaiUI
# Active spring profiles for the resources microservice
profiles:
version:
# Current version of the REST API
api:
- default: v29
+ default: v30
# Specifies which version the depth parameter is configurable
depth: v11
# List of all the supported versions of the API
- list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28,v29
+ list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28,v29,v30
# Specifies from which version related link should appear
related:
link: v11
someConfig: random
# application image
-image: onap/aai-traversal:1.15.4
+image: onap/aai-traversal:1.15.5
pullPolicy: Always
restartPolicy: Always
flavor: small
# application configuration
config:
-
- # configure keycloak according to your environment.
- # don't forget to add keycloak in active profiles above (global.config.profiles)
- keycloak:
- host: keycloak.your.domain
- port: 8180
- # Specifies a set of users, credentials, roles, and groups
- realm: aai-traversal
- # Used by any client application for enabling fine-grained authorization for their protected resources
- resource: aai-traversal-app
- # If set to true, additional criteria will be added into traversal query to returns all the vertices that match
- # the data-owner property with the given role to the user in keycloak
- multiTenancy:
- enabled: true
janusgraph:
caching:
# enable when running read-heavy workloads
services:
- '{{ .Values.global.cassandra.serviceName }}'
- aai-schema-service
- wait_for_service:
+ wait_for_traversal:
services:
- - aai
+ - aai-traversal
jobAnnotations:
"helm.sh/hook": pre-upgrade,pre-rollback,post-install
apiVersion: apps/v1
kind: Deployment
-metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+metadata: {{- include "common.resourceMetadata" (dict "annotations" .Values.annotations "dot" .) | nindent 2 }}
spec:
selector:
matchLabels:
terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }}
{{ include "common.podSecurityContext" . | indent 6 | trim }}
initContainers:
- {{ include "common.readinessCheck.waitFor" . | indent 6 | trim}}
- command: ["/bin/sh","-c"]
args: ['cp -R /usr/local/etc/haproxy /usr/local/etc/haproxy_rw/']
image: '{{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}'
readinessProbe:
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- httpGet:
- path: /aai/util/echo
+ tcpSocket:
port: {{ .Values.service.internalPort }}
- scheme: HTTP
- httpHeaders:
- - name: X-FromAppId
- value: OOM_ReadinessCheck
- {{ if .Values.global.installSidecarSecurity }}
- - name: Authorization
- value: Basic YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==
- {{ end }}
- - name: X-TransactionId
- value: OOM_ReadinessCheck_TID
- - name: Accept
- value: application/json
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 8 }}
version:
# Current version of the REST API
api:
- default: v29
+ default: v30
# Specifies which version the depth parameter is configurable
depth: v11
# List of all the supported versions of the API
- list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28,v29
+ list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28,v29,v30
# Specifies from which version related link should appear
related:
link: v11
# IP address of name server is needed in nginx configuration. The secure endpoint for logging with Keycloak need the ip address in the config file.
# You can find this ip address in the /etc/resolv.conf This file is generated by k8s. The name server ip address is in all k8s cluster the same.
NAME_SERVER: coredns.kube-system
+ # hold interval in seconds
+ DNS_REFRESH_INTERVAL: 5
# default number of instances
replicaCount: 1
user_id: 99
group_id: 99
-readinessCheck:
- wait_for:
- services:
- - aai-resources
- - aai-traversal
- - aai-graphadmin
-
volumes:
haProxySizeLimit: 20Mi
Code Review / oom.git / commitdiff