# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 13.0.0
+version: 13.0.1
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
- name: repositoryGenerator
version: ~13.x-0
repository: '@local'
- - name: serviceAccount
- version: ~13.x-0
- repository: '@local'
-
data:
{{- range $key, $val := .Values.env }}
{{ $key }}: {{ $val | quote }}
- {{- end -}}
\ No newline at end of file
+ {{- end -}}
+ {{- range $key, $val := .Values.global.env }}
+ {{ $key }}: {{ $val | quote }}
+ {{- end -}}
replicas: {{ .Values.replicaCount }}
revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
template:
- metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ metadata:
+ annotations:
+ checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+ {{- include "common.templateMetadata" . | indent 6 }}
spec:
{{- include "common.imagePullSecrets" . | nindent 6 }}
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
containers:
- name: {{ .Chart.Name }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image.imageName }}:{{ .Values.image.tag | default .Chart.AppVersion }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
port: {{ .Values.service.port }}
initialDelaySeconds: {{ .Values.probes.liveness.initialDelaySeconds }}
failureThreshold: {{ .Values.probes.liveness.failureThreshold }}
+ resources: {{ include "common.resources" . | nindent 12 }}
-global: {}
+global:
+ env:
+ KEYCLOAK_URL: http://keycloak-keycloakx-http.keycloak
+ KEYCLOAK_REALM: ONAP
+ COLLECTOR_HOST: jaeger-collector.istio-system
+ COLLECTOR_PORT: 9411
-# Default values for bff.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
+## Default values for portal-ng-bff.
+## This is a YAML-formatted file.
+## Declare variables to be passed into your templates.
+
+##
+## Specifies the details of the Docker image to be used for deployment.
+##
image:
+ ## The name of the Docker image.
imageName: onap/portal-ng/bff
+ ## The policy that indicates when the image should be pulled.
+ ## "Always" means the image will be pulled on every deployment.
pullPolicy: Always
- # Overrides the image tag whose default value is the chart appVersion.
+ ## Overrides the image tag. The default is the chart appVersion.
+ ## An empty value means the default tag will be used.
# tag: 0.1.0
+## Number of Pods to deploy
replicaCount: 2
-# Specifies how many old replicas will be retained in a deployment
+## Specifies how many old replicas will be retained in a deployment
revisionHistoryLimit: 2
-# Custom selector label (for bigger namespaces with other components)
+## Custom selector label (for bigger namespaces with other components)
partOf: portal
+##
+## Service
+##
service:
+ ## Use ClusterIP as the service type to expose the service on an internal IP
type: ClusterIP
port: 9080
+ ## The port on which the service is exposed
ports:
- name: http
port: 9080
+##
+## Autoscaling
+##
autoscaling:
+ ## Autoscaling is disabled. When set to true, the Horizontal Pod Autoscaler is enabled.
enabled: false
+ ## Minimum number of replicas to maintain.
minReplicas: 1
- maxReplicas: 100
+ ## Maximum number of replicas to maintain.
+ maxReplicas: 2
+ ## Target CPU utilization percentage at which the Horizontal Pod Autoscaler adds or removes replicas.
targetCPUUtilizationPercentage: 80
+resources:
+ small:
+ limits:
+ cpu: "4"
+ memory: "1Gi"
+ requests:
+ cpu: "50m"
+ memory: "256Mi"
+ large:
+ limits:
+ cpu: "2"
+ memory: "1Gi"
+ requests:
+ cpu: "100m"
+ memory: "256Mi"
+ unlimited: {}
+
+##
+## Readiness and liveness probes
+##
probes:
+ # Configuration of the readiness probe to check if the container is ready.
readiness:
+ ## Wait before performing the first probe
initialDelaySeconds: 20
+ ## Number of consecutive failures allowed before marking probe as failed.
failureThreshold: 4
+ # Configuration of the liveness probe to check if the container is alive.
liveness:
+ ## Wait before performing the first probe
initialDelaySeconds: 20
+ ## Number of consecutive failures allowed before marking probe as failed.
failureThreshold: 4
env:
- KEYCLOAK_URL: http://keycloakx-http.keycloak/auth
- KEYCLOAK_REALM: ONAP
HISTORY_URL: http://portal-ng-history:9002
PREFERENCES_URL: http://portal-ng-preferences:9001
TRACING_ENABLED: true
- COLLECTOR_HOST: jaeger-collector.istio-system
- COLLECTOR_PORT: 9411
secretEnv:
KEYCLOAK_CLIENT_ID: portal-bff
KEYCLOAK_CLIENT_SECRET: pKOuVH1bwRZoNzp5P5t4GV8CqcCJYVtr
-#Pods Service Account
-serviceAccount:
- nameOverride: portal-ng-bff
- roles:
- - read
-
+securityContext:
+ user_id: 65534
+ group_id: 65534
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 13.0.0
+version: 13.0.1
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
namespace: {{ include "common.namespace" . }}
data:
{{- range $key, $val := .Values.env }}
- {{ $key }}: {{ $val | quote }}
- {{- end -}}
\ No newline at end of file
+ {{ $key }}: {{ $val | quote }}
+ {{- end -}}
+ {{- range $key, $val := .Values.global.env }}
+ {{ $key }}: {{ $val | quote }}
+ {{- end -}}
replicas: {{ .Values.replicaCount }}
revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
template:
- metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ metadata:
+ annotations:
+ checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+ {{- include "common.templateMetadata" . | indent 6 }}
spec:
{{- include "common.imagePullSecrets" . | nindent 6 }}
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
containers:
- name: {{ .Chart.Name }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image.imageName }}:{{ .Values.image.tag | default .Chart.AppVersion }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
path: /actuator/health/readiness
port: {{ .Values.service.port }}
initialDelaySeconds: {{ .Values.probes.readiness.initialDelaySeconds }}
- failureThreshold: {{ .Values.probes.readiness.failureThreshold }}
\ No newline at end of file
+ failureThreshold: {{ .Values.probes.readiness.failureThreshold }}
+ resources: {{ include "common.resources" . | nindent 12 }}
-global: {}
+global:
+ env:
+ KEYCLOAK_URL: http://keycloak-keycloakx-http.keycloak
+ KEYCLOAK_REALM: ONAP
+ COLLECTOR_HOST: jaeger-collector.istio-system
+ COLLECTOR_PORT: 9411
image:
imageName: onap/portal-ng/history
- name: http
port: 9002
+resources:
+ small:
+ limits:
+ cpu: "500m"
+ memory: "512Mi"
+ requests:
+ cpu: "100m"
+ memory: "256Mi"
+ large:
+ limits:
+ cpu: "2"
+ memory: "1Gi"
+ requests:
+ cpu: "200m"
+ memory: "256Mi"
+ unlimited: {}
+
autoscaling:
enabled: false
minReplicas: 1
probes:
readiness:
- initialDelaySeconds: 20
- failureThreshold: 4
+ initialDelaySeconds: 30
+ failureThreshold: 5
liveness:
- initialDelaySeconds: 20
- failureThreshold: 4
+ initialDelaySeconds: 30
+ failureThreshold: 5
secretEnv:
MONGO_USERNAME: dbuser
MONGO_DATABASE: history
env:
- KEYCLOAK_URL: http://keycloakx-http.keycloak
- KEYCLOAK_REALM: ONAP
MONGO_HOST: history-mongodb
MONGO_PORT: 27017
TRACING_ENABLED: true
- COLLECTOR_HOST: jaeger-collector.istio-system
- COLLECTOR_PORT: 9411
mongodb:
nameOverride: history-mongodb
nameOverride: portal-ng-history
roles:
- read
+
+securityContext:
+ user_id: 65534
+ group_id: 65534
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 13.0.0
+version: 13.0.1
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
- name: mongodb
version: ~14.12.x-0
repository: '@local'
-
-
namespace: {{ include "common.namespace" . }}
data:
{{- range $key, $val := .Values.env }}
- {{ $key }}: {{ $val | quote }}
- {{- end -}}
\ No newline at end of file
+ {{ $key }}: {{ $val | quote }}
+ {{- end -}}
+ {{- range $key, $val := .Values.global.env }}
+ {{ $key }}: {{ $val | quote }}
+ {{- end -}}
replicas: {{ .Values.replicaCount }}
revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
template:
- metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ metadata:
+ annotations:
+ checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+ {{- include "common.templateMetadata" . | indent 6 }}
spec:
{{- include "common.imagePullSecrets" . | nindent 6 }}
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
containers:
- name: {{ .Chart.Name }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image.imageName }}:{{ .Values.image.tag | default .Chart.AppVersion }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
path: /actuator/health/readiness
port: {{ .Values.service.port }}
initialDelaySeconds: {{ .Values.probes.readiness.initialDelaySeconds }}
- failureThreshold: {{ .Values.probes.readiness.failureThreshold }}
\ No newline at end of file
+ failureThreshold: {{ .Values.probes.readiness.failureThreshold }}
+ resources: {{ include "common.resources" . | nindent 12 }}
-global: {}
+global:
+ env:
+ KEYCLOAK_URL: http://keycloak-keycloakx-http.keycloak
+ KEYCLOAK_REALM: ONAP
+ COLLECTOR_HOST: jaeger-collector.istio-system
+ COLLECTOR_PORT: 9411
# Default values for preferences.
# This is a YAML-formatted file.
- name: http
port: 9001
+resources:
+ small:
+ limits:
+ cpu: "500m"
+ memory: "512Mi"
+ requests:
+ cpu: "100m"
+ memory: "256Mi"
+ large:
+ limits:
+ cpu: "2"
+ memory: "1Gi"
+ requests:
+ cpu: "200m"
+ memory: "256Mi"
+ unlimited: {}
+
autoscaling:
enabled: false
minReplicas: 1
probes:
readiness:
- initialDelaySeconds: 20
- failureThreshold: 4
+ initialDelaySeconds: 30
+ failureThreshold: 5
liveness:
- initialDelaySeconds: 20
- failureThreshold: 4
+ initialDelaySeconds: 30
+ failureThreshold: 5
secretEnv:
MONGO_USERNAME: dbuser
MONGO_DATABASE: Preferences
env:
- KEYCLOAK_URL: http://keycloakx-http.keycloak
- KEYCLOAK_REALM: ONAP
MONGO_HOST: preferences-mongodb
MONGO_PORT: 27017
TRACING_ENABLED: true
- COLLECTOR_HOST: jaeger-collector.istio-system
- COLLECTOR_PORT: 9411
mongodb:
nameOverride: preferences-mongodb
nameOverride: portal-ng-preferences
roles:
- read
+
+securityContext:
+ user_id: 65534
+ group_id: 65534
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 13.0.0
+version: 13.0.1
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: 0.1.0
+appVersion: 0.1.2
dependencies:
- name: common
--- /dev/null
+{
+ "portal_admin": {{ .Values.acl.portal_admin | toPrettyJson }},
+ "portal_operator": {{ .Values.acl.portal_operator | toPrettyJson }},
+ "portal_designer": {{ .Values.acl.portal_designer | toPrettyJson }}
+}
// Environment variables
window["env"]["customStyleEnabled"] = "{{ .Values.env.CUSTOM_STYLE_ENABLED }}";
- window["env"]["keycloak"]["hostname"] = "{{ .Values.env.KEYCLOAK_HOSTNAME }}";
- window["env"]["keycloak"]["realm"] = "{{ .Values.env.KEYCLOAK_REALM }}";
+ window["env"]["keycloak"]["hostname"] = "{{ .Values.env.KEYCLOAK_EXTERNAL_URL }}";
+ window["env"]["keycloak"]["realm"] = "{{ .Values.env.KEYCLOAK_REALM | default .Values.global.env.KEYCLOAK_REALM }}";
window['env']['keycloak']['clientId'] = '{{ .Values.env.KEYCLOAK_CLIENT_ID }}';
window["env"]["loggingEnabled"]= '{{ .Values.env.LOGGING_ENABLED }}';
})(this);
-resolver {{ .Values.env.CLUSTER_NAMESERVER_IP }};
+resolver {{ .Values.env.NAME_SERVER }};
server {
listen {{ .Values.env.NGINX_PORT }};
+ listen [::]:{{.Values.env.NGINX_PORT}}; # listen on ipv6
location / {
root /usr/share/nginx/html;
index index.html;
proxy_http_version 1.1;
}
location /auth/ {
- set $upstream {{ .Values.env.KEYCLOAK_INTERNAL_URL }};
+ set $upstream {{ .Values.env.KEYCLOAK_URL | default .Values.global.env.KEYCLOAK_URL }}.svc.cluster.local;
rewrite /auth/(.*) /$1 break;
add_header Access-Control-Allow-Origin *;
proxy_pass $upstream/$1$is_args$args;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
-gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
\ No newline at end of file
+gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
apiVersion: v1
kind: ConfigMap
metadata:
- name: {{ include "common.fullname" . }}-env-js
+ name: {{ include "common.fullname" . }}-assets
labels:
app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
data:
-{{ tpl (.Files.Glob "resources/assets/env.js").AsConfig . | nindent 2 }}
+ env_js: {{ tpl (.Files.Get "resources/assets/env.js") . | quote }}
+ acl_json: {{ tpl (.Files.Get "resources/assets/acl.json") . | quote }}
+ version_json: {{ tpl (.Files.Get "resources/assets/version.json") . | quote }}
{{/*
-# Copyright © 2024 Deutsche Telekom
+# Copyright © 2022 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
+---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-nginx-config
+ namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
data:
-{{ tpl (.Files.Glob "resources/default.conf").AsConfig . | nindent 2 }}
+{{ tpl (.Files.Glob "resources/default.conf").AsConfig . | indent 2 }}
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
data:
{{- range $key, $val := .Values.env }}
{{ $key }}: {{ $val | quote }}
{{- end -}}
+ {{- range $key, $val := .Values.global.env }}
+ {{ $key }}: {{ $val | quote }}
+ {{- end -}}
replicas: {{ .Values.replicaCount }}
revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
template:
- metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ metadata:
+ annotations:
+ checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+ {{- include "common.templateMetadata" . | indent 6 }}
spec:
{{- include "common.imagePullSecrets" . | nindent 6 }}
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
containers:
- name: {{ .Chart.Name }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image.imageName }}:{{ .Values.image.tag | default .Chart.AppVersion }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
mountPath: /etc/nginx/conf.d/default.conf
subPath: default.conf
readOnly: true
- - name: env-js
+ - name: assets
mountPath: /usr/share/nginx/html/assets/env.js
subPath: env.js
readOnly: true
- - name: version-json
+ - name: assets
+ mountPath: /usr/share/nginx/html/assets/acl.json
+ subPath: acl.json
+ readOnly: true
+ - name: assets
mountPath: /usr/share/nginx/html/assets/version.json
subPath: version.json
readOnly: true
- name: nginx-config
configMap:
name: {{ include "common.fullname" . }}-nginx-config
- - name: env-js
- configMap:
- name: {{ include "common.fullname" . }}-env-js
- - name: version-json
+ - name: assets
configMap:
- name: {{ include "common.fullname" . }}-version-json
+ name: {{ include "common.fullname" . }}-assets
+ items:
+ - key: env_js
+ path: env.js
+ - key: acl_json
+ path: acl.json
+ - key: version_json
+ path: version.json
- name: tmp-volume
emptyDir:
sizeLimit: 64Mi
# limitations under the License.
global:
+ env:
+ KEYCLOAK_URL: http://keycloak-keycloakx-http.keycloak
+ KEYCLOAK_REALM: ONAP
ingress:
virtualhost:
# Default Ingress base URL
internalPort: 8080
ports:
- name: http
- port: 80
+ port: 8080
port_protocol: http
ingress:
service:
- baseaddr: "portal-ng-ui"
name: "portal-ng-ui"
- port: 80
+ port: 8080
config:
ssl: "redirect"
-resources: {}
+resources:
+ small:
+ limits:
+ cpu: "2"
+ memory: "1Gi"
+ requests:
+ cpu: "50m"
+ memory: "128Mi"
+ large:
+ limits:
+ cpu: "4"
+ memory: "2Gi"
+ requests:
+ cpu: "100m"
+ memory: "256Mi"
+ unlimited: {}
autoscaling:
enabled: false
affinity: {}
env:
+ NAME_SERVER: coredns.kube-system
+ KEYCLOAK_EXTERNAL_URL: https://keycloak-ui.simpledemo.onap.org
BFF_URL: http://portal-ng-bff.onap.svc.cluster.local:9080
NGINX_PORT: 8080
- KEYCLOAK_REALM: ONAP
- KEYCLOAK_INTERNAL_URL: http://keycloakx-http.keycloak.svc.cluster.local
- KEYCLOAK_HOSTNAME: https://keycloak-ui.simpledemo.onap.org
- CLUSTER_NAMESERVER_IP: 1.2.3.4
#Pods Service Account
serviceAccount:
HOLMES_URL: "holmes-rule-mgmt-ui"
AAI_URL: "aai-sparkybe-api"
SDNCDG_URL: "sdnc-dgbuilder-ui"
- SDNCODL_URL: "sdnc-web-ui"
\ No newline at end of file
+ SDNCODL_URL: "sdnc-web-ui"
+
+acl:
+ portal_admin:
+ - users.administration.list
+ - users.administration.detail
+ - users.administration.create
+ - users.administration.edit
+ - users.administration.delete
+ - dashboard.tile.USER_LAST_ACTION_TILE
+ portal_operator:
+ - dashboard.tile.USER_LAST_ACTION_TILE
+ portal_designer:
+ - dashboard.tile.USER_LAST_ACTION_TILE
+
+securityContext:
+ user_id: 101
+ group_id: 101
Code Review / oom.git / commitdiff