From: Sylvain Desbureaux Date: Tue, 3 Sep 2019 07:36:55 +0000 (+0000) Subject: Merge "Modifying dmaap job labels because of inconsistency with other jobs. Mainly... X-Git-Tag: 5.0.1-ONAP~109 X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=1366ccb457383e633ca67d2d892706f0784cbdf0;hp=21a2b5e67d78ad321e307aa39d5d55aaf37c8353;p=oom.git Merge "Modifying dmaap job labels because of inconsistency with other jobs. Mainly adding release label there." --- diff --git a/docs/release-notes.rst b/docs/release-notes.rst index dc10400dfb..01e3524666 100644 --- a/docs/release-notes.rst +++ b/docs/release-notes.rst @@ -10,6 +10,19 @@ ONAP Operations Manager Release Notes ===================================== +Version 5.0.0 (El Alto Early Drop) +---------------------------------- + +:Release Date: 2019-08-19 + +Summary +------- + +**Software Requirements** + +* Upgraded to Kubernetes 1.15.x and Helm 1.14.x + + Version 4.0.0 (Dublin Release) ------------------------------ diff --git a/kubernetes/aaf/charts/aaf-cass/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-cass/templates/deployment.yaml index c664d034bb..5bbb1d731f 100644 --- a/kubernetes/aaf/charts/aaf-cass/templates/deployment.yaml +++ b/kubernetes/aaf/charts/aaf-cass/templates/deployment.yaml @@ -32,7 +32,7 @@ spec: spec: containers: - name: {{ include "common.name" . }} - image: {{ .Values.global.repository }}/onap/aaf/aaf_cass:{{.Values.global.aaf.imageVersion}} + image: {{ .Values.global.repository }}/{{.Values.global.aaf.cass.image}} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} # installing with cmd "onap" will not only initialize the DB, but add ONAP bootstrap data as well command: ["/bin/bash","/opt/app/aaf/cass_init/cmd.sh","onap"] diff --git a/kubernetes/aaf/charts/aaf-cm/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-cm/templates/deployment.yaml index 87bcaa4b7c..19d762557a 100644 --- a/kubernetes/aaf/charts/aaf-cm/templates/deployment.yaml +++ b/kubernetes/aaf/charts/aaf-cm/templates/deployment.yaml @@ -32,7 +32,7 @@ spec: spec: initContainers: - name: {{ include "common.name" . }}-config-container - image: {{ .Values.global.repository }}/onap/aaf/aaf_config:{{.Values.global.aaf.imageVersion}} + image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["bash","-c","cd /opt/app/aaf_config && bin/pod_wait.sh config aaf-service remove && bin/agent.sh"] volumeMounts: @@ -57,14 +57,14 @@ spec: value: "{{ .Values.global.aaf.aaf_release }}" - name: aaf_locator_container_ns value: "{{ .Release.Namespace }}" - - name: aaf_locator_container - value: "oom" - name: aaf_locator_public_fqdn value: "{{.Values.global.aaf.public_fqdn}}" - name: aaf_locator_name value: "{{.Values.global.aaf.aaf_locator_name}}" - name: aaf_locator_name_oom value: "{{.Values.global.aaf.aaf_locator_name_oom}}" + - name: cm_always_ignore_ips + value: "true" - name: CASSANDRA_CLUSTER value: "{{.Values.global.aaf.cass.fqdn}}.{{ .Release.Namespace }}" # - name: CASSANDRA_USER @@ -76,7 +76,7 @@ spec: containers: - name: {{ include "common.name" . }} command: ["/bin/bash","-c","cd /opt/app/aaf && /bin/bash bin/pod_wait.sh aaf-cm aaf-locate && exec bin/cm"] - image: {{ .Values.global.repository }}/onap/aaf/aaf_cm:{{.Values.global.aaf.imageVersion}} + image: {{ .Values.global.repository }}/{{.Values.global.aaf.image}} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - mountPath: "/opt/app/osaaf" diff --git a/kubernetes/aaf/charts/aaf-fs/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-fs/templates/deployment.yaml index 9f97da96ec..cd72fddb58 100644 --- a/kubernetes/aaf/charts/aaf-fs/templates/deployment.yaml +++ b/kubernetes/aaf/charts/aaf-fs/templates/deployment.yaml @@ -32,7 +32,7 @@ spec: spec: initContainers: - name: {{ include "common.name" . }}-config-container - image: {{ .Values.global.repository }}/onap/aaf/aaf_config:{{.Values.global.aaf.imageVersion}} + image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["bash","-c","cd /opt/app/aaf_config && bin/pod_wait.sh config aaf-service remove && bin/agent.sh"] volumeMounts: @@ -57,14 +57,14 @@ spec: value: "{{ .Values.global.aaf.aaf_release }}" - name: aaf_locator_container_ns value: "{{ .Release.Namespace }}" - - name: aaf_locator_container - value: "oom" - name: aaf_locator_public_fqdn value: "{{.Values.global.aaf.public_fqdn}}" - name: aaf_locator_name value: "{{.Values.global.aaf.aaf_locator_name}}" - name: aaf_locator_name_oom value: "{{.Values.global.aaf.aaf_locator_name_oom}}" + - name: cm_always_ignore_ips + value: "true" - name: CASSANDRA_CLUSTER value: "{{.Values.global.aaf.cass.fqdn}}.{{ .Release.Namespace }}" # - name: CASSANDRA_USER @@ -72,10 +72,11 @@ spec: # - name: CASSANDRA_PASSWORD # value: "" # - name: CASSANDRA_PORT +# value: "" containers: - name: {{ include "common.name" . }} command: ["/bin/bash","-c","cd /opt/app/aaf && /bin/bash bin/pod_wait.sh aaf-fs aaf-locate && exec bin/fs"] - image: {{ .Values.global.repository }}/onap/aaf/aaf_fs:{{.Values.global.aaf.imageVersion}} + image: {{ .Values.global.repository }}/{{.Values.global.aaf.image}} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - mountPath: "/opt/app/osaaf" diff --git a/kubernetes/aaf/charts/aaf-gui/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-gui/templates/deployment.yaml index d067b5ec25..4a433cccfd 100644 --- a/kubernetes/aaf/charts/aaf-gui/templates/deployment.yaml +++ b/kubernetes/aaf/charts/aaf-gui/templates/deployment.yaml @@ -32,7 +32,7 @@ spec: spec: initContainers: - name: {{ include "common.name" . }}-config-container - image: {{ .Values.global.repository }}/onap/aaf/aaf_config:{{.Values.global.aaf.imageVersion}} + image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["bash","-c","cd /opt/app/aaf_config && bin/pod_wait.sh config aaf-service remove && bin/agent.sh"] volumeMounts: @@ -57,14 +57,14 @@ spec: value: "{{ .Values.global.aaf.aaf_release }}" - name: aaf_locator_container_ns value: "{{ .Release.Namespace }}" - - name: aaf_locator_container - value: "oom" - name: aaf_locator_public_fqdn value: "{{.Values.global.aaf.public_fqdn}}" - name: aaf_locator_name value: "{{.Values.global.aaf.aaf_locator_name}}" - name: aaf_locator_name_oom value: "{{.Values.global.aaf.aaf_locator_name_oom}}" + - name: cm_always_ignore_ips + value: "true" - name: CASSANDRA_CLUSTER value: "{{.Values.global.aaf.cass.fqdn}}.{{ .Release.Namespace }}" # - name: CASSANDRA_USER @@ -72,10 +72,11 @@ spec: # - name: CASSANDRA_PASSWORD # value: "" # - name: CASSANDRA_PORT +# value: "" containers: - name: {{ include "common.name" . }} command: ["/bin/bash","-c","cd /opt/app/aaf && /bin/bash bin/pod_wait.sh aaf-gui aaf-locate && exec bin/gui"] - image: {{ .Values.global.repository }}/onap/aaf/aaf_gui:{{.Values.global.aaf.imageVersion}} + image: {{ .Values.global.repository }}/{{.Values.global.aaf.image}} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - mountPath: "/opt/app/osaaf" diff --git a/kubernetes/aaf/charts/aaf-hello/templates/NOTES.txt b/kubernetes/aaf/charts/aaf-hello/templates/NOTES.txt index bd74a42cd5..ef4d8e7d23 100644 --- a/kubernetes/aaf/charts/aaf-hello/templates/NOTES.txt +++ b/kubernetes/aaf/charts/aaf-hello/templates/NOTES.txt @@ -12,22 +12,3 @@ # See the License for the specific language governing permissions and # limitations under the License. -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/aaf/charts/aaf-hello/templates/aaf-hello-pv.yaml b/kubernetes/aaf/charts/aaf-hello/templates/aaf-hello-pv.yaml new file mode 100644 index 0000000000..066bf38f2f --- /dev/null +++ b/kubernetes/aaf/charts/aaf-hello/templates/aaf-hello-pv.yaml @@ -0,0 +1,48 @@ +{{- if and .Values.global.persistence.enabled (not .Values.persistence.existingClaim) -}} +######### +## ============LICENSE_START==================================================== +## org.onap.aaf +## =========================================================================== +## Copyright (c) 2017 AT&T Intellectual Property. All rights reserved. +## =========================================================================== +## Licensed under the Apache License, Version 2.0 (the "License"); +## you may not use this file except in compliance with the License. +## You may obtain a copy of the License at +## +## http://www.apache.org/licenses/LICENSE-2.0 +## +## Unless required by applicable law or agreed to in writing, software +## distributed under the License is distributed on an "AS IS" BASIS, +## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +## See the License for the specific language governing permissions and +## limitations under the License. +## ============LICENSE_END==================================================== +## + +kind: PersistentVolume +apiVersion: v1 +metadata: + name: {{ .Release.Name }}-aaf-hello-pv + namespace: {{ include "common.namespace" . }} + labels: + app: {{ .Chart.Name }}-hello + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + name: {{ include "common.fullname" . }} +spec: + capacity: + storage: {{ .Values.persistence.config.size}} + accessModes: + - {{ .Values.persistence.config.accessMode }} + persistentVolumeReclaimPolicy: {{ .Values.persistence.config.volumeReclaimPolicy }} + hostPath: + path: {{ .Values.persistence.config.mountPath }} +{{- if .Values.persistence.config.storageClass }} +{{- if (eq "-" .Values.persistence.config.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.persistence.config.storageClass }}" +{{- end }} +{{- end }} +{{- end -}} diff --git a/kubernetes/aaf/charts/aaf-hello/templates/aaf-hello-pvc.yaml b/kubernetes/aaf/charts/aaf-hello/templates/aaf-hello-pvc.yaml new file mode 100644 index 0000000000..7c45b8bd7f --- /dev/null +++ b/kubernetes/aaf/charts/aaf-hello/templates/aaf-hello-pvc.yaml @@ -0,0 +1,52 @@ +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +######### +## ============LICENSE_START==================================================== +## org.onap.aaf +## =========================================================================== +## Copyright (c) 2017 AT&T Intellectual Property. All rights reserved. +## =========================================================================== +## Licensed under the Apache License, Version 2.0 (the "License"); +## you may not use this file except in compliance with the License. +## You may obtain a copy of the License at +## +## http://www.apache.org/licenses/LICENSE-2.0 +## +## Unless required by applicable law or agreed to in writing, software +## distributed under the License is distributed on an "AS IS" BASIS, +## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +## See the License for the specific language governing permissions and +## limitations under the License. +## ============LICENSE_END==================================================== +## +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ .Release.Name }}-aaf-hello-pvc + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +{{- if .Values.persistence.annotations }} + annotations: +{{ toYaml .Values.persistence.annotations | indent 4 }} +{{- end }} +spec: + selector: + matchLabels: + app: {{ include "common.name" . }}-hello + accessModes: + - {{ .Values.persistence.config.accessMode }} + resources: + requests: + storage: {{ .Values.persistence.config.size }} +{{- if .Values.persistence.config.storageClass }} +{{- if (eq "-" .Values.persistence.config.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.persistence.config.storageClass }}" +{{- end }} +{{- end }} +{{- end -}} + diff --git a/kubernetes/aaf/charts/aaf-hello/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-hello/templates/deployment.yaml index 9faa580023..c5fcf68a58 100644 --- a/kubernetes/aaf/charts/aaf-hello/templates/deployment.yaml +++ b/kubernetes/aaf/charts/aaf-hello/templates/deployment.yaml @@ -11,7 +11,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - apiVersion: extensions/v1beta1 kind: Deployment metadata: @@ -30,75 +29,71 @@ spec: app: {{ include "common.name" . }} release: {{ .Release.Name }} spec: + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: aaf-hello-vol + persistentVolumeClaim: + claimName: {{ .Release.Name }}-aaf-hello-pvc + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" initContainers: - - name: {{ include "common.name" . }}-config-container - image: {{ .Values.global.repository }}/onap/aaf/aaf_agent:{{.Values.global.aaf.imageVersion}} + - name: {{ include "common.name" . }}-config + image: {{ .Values.global.repository }}/{{.Values.aaf_init.image}} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - - mountPath: "/opt/app/osaaf/local" + - mountPath: "/opt/app/osaaf" name: aaf-hello-vol - command: ["bash","-c","/opt/app/aaf_config/bin/pod_wait.sh config nc aaf-cm.{{.Release.Namespace}} 8150 remove && cd /opt/app/osaaf/local && /opt/app/aaf_config/bin/agent.sh"] +# NOTE: Before this, need Liveness Attached to aaf-certman + command: ["bash","-c","exec /opt/app/aaf_config/bin/agent.sh"] env: - - name: aaf_env - value: "{{ .Values.global.aaf.aaf_env }}" - - name: cadi_latitude - value: "{{ .Values.global.aaf.cadi_latitude }}" - - name: cadi_longitude - value: "{{ .Values.global.aaf.cadi_longitude }}" + - name: APP_FQI + value: "{{ .Values.aaf_init.fqi }}" - name: aaf_locate_url - value: "https://aaf-locate.{{ .Release.Namespace}}:{{.Values.global.aaf.locate.internal_port}}" - - name: aaf_locator_container - value: "oom" - - name: aaf_release - value: "{{ .Values.global.aaf.aaf_release }}" - - name: aaf_locator_container_ns - value: "{{ .Release.Namespace }}" + value: "https://aaf-locate.{{ .Release.Namespace}}:8095" - name: aaf_locator_container value: "oom" - name: aaf_locator_container_ns value: "{{ .Release.Namespace }}" + - name: aaf_locator_fqdn + value: "{{ .Values.aaf_init.fqdn }}" - name: aaf_locator_app_ns - value: "org.osaaf.aaf" - - name: "APP_FQDN" - value: "{{ .Values.global.aaf.hello.fqdn }}" - - name: "APP_FQI" - value: "aaf@aaf.osaaf.org" - - name: "DEPLOY_FQI" + value: "{{ .Values.aaf_init.app_ns }}" + - name: DEPLOY_FQI value: "deployer@people.osaaf.org" - - name: "DEPLOY_PASSWORD" +# Note: We want to put this in Secrets or at LEAST ConfigMaps + - name: DEPLOY_PASSWORD value: "demo123456!" -# Hello specific. Clients don't necessarily need this +# Note: want to put this on Nodes, evenutally + - name: cadi_longitude + value: "{{ .Values.aaf_init.cadi_longitude }}" + - name: cadi_latitude + value: "{{ .Values.aaf_init.cadi_latitude }}" +# Hello specific. Clients don't don't need this, unless Registering with AAF Locator - name: aaf_locator_public_fqdn value: "{{.Values.global.aaf.public_fqdn}}" - - name: aaf_locator_name - value: "{{.Values.global.aaf.aaf_locator_name}}" - - name: aaf_locator_name_oom - value: "{{.Values.global.aaf.aaf_locator_name_oom}}" - - name: aaf_locator_fqdn_oom - value: "%N.%CNS" containers: - name: {{ include "common.name" . }} - command: ["/bin/bash","-c","cd /opt/app/aaf && exec bin/hello"] - image: {{ .Values.global.repository }}/onap/aaf/aaf_hello:{{.Values.global.aaf.imageVersion}} + command: ["bash","-c","cd /opt/app/aaf && if [ ! -d /opt/app/osaaf/etc ]; then cp -Rf etc logs /opt/app/osaaf; fi && exec bin/hello"] + image: {{ .Values.global.repository }}/{{.Values.service.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - - mountPath: "/opt/app/osaaf/local" + - mountPath: "/opt/app/osaaf" name: aaf-hello-vol - - mountPath: "/opt/app/aaf/status" - name: aaf-status-vol - mountPath: /etc/localtime name: localtime readOnly: true {{- if eq .Values.liveness.enabled true }} livenessProbe: tcpSocket: - port: {{ .Values.service.internalPort }} + port: {{ .Values.service.port }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} {{ end -}} readinessProbe: tcpSocket: - port: {{ .Values.service.internalPort }} + port: {{ .Values.service.port }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} resources: @@ -111,14 +106,3 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} - volumes: - - name: localtime - hostPath: - path: /etc/localtime - - name: aaf-status-vol - persistentVolumeClaim: - claimName: {{ .Release.Name }}-aaf-status-pvc - - name: aaf-hello-vol - emptyDir: {} - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aaf/charts/aaf-hello/templates/service.yaml b/kubernetes/aaf/charts/aaf-hello/templates/service.yaml index 102e85d39e..ab89171c50 100644 --- a/kubernetes/aaf/charts/aaf-hello/templates/service.yaml +++ b/kubernetes/aaf/charts/aaf-hello/templates/service.yaml @@ -24,8 +24,8 @@ metadata: heritage: {{ .Release.Service }} spec: ports: - - port: {{ .Values.global.aaf.hello.internal_port }} - nodePort: {{ .Values.global.aaf.hello.public_port }} + - port: {{ .Values.service.port }} + nodePort: {{ .Values.service.public_port }} name: aaf-hello selector: app: {{ include "common.name" . }} diff --git a/kubernetes/aaf/charts/aaf-hello/values.yaml b/kubernetes/aaf/charts/aaf-hello/values.yaml index c3ed9e1a64..ea6665c61a 100644 --- a/kubernetes/aaf/charts/aaf-hello/values.yaml +++ b/kubernetes/aaf/charts/aaf-hello/values.yaml @@ -24,7 +24,34 @@ flavor: small # Application configuration defaults. ################################################################# # application image +aaf_init: + # You might want this in your own app. For AAF, we store in global + # replicas: 1 + fqdn: "aaf-hello" + image: onap/aaf/aaf_agent:2.1.15 + app_ns: "org.osaaf.aaf" + fqi: "aaf@aaf.osaaf.org" + fqdn: "aaf-hello" + public_fqdn: "aaf.osaaf.org" + deploy_fqi: "deployer@people.osaaf.org" + cadi_latitude: "38.0" + cadi_longitude: "-72.0" +service: + image: onap/aaf/aaf_hello:2.1.15 + port: "8130" + public_port: "31119" + +persistence: + enabled: true + config: + #existingClaim: + # You will want "Reatan" in non-Hello Example. + volumeReclaimPolicy: Delete + accessMode: ReadWriteMany + size: 40M + storageClass: "manual" + mountPath: "/mnt/data/aaf/hello" nodeSelector: {} @@ -42,15 +69,6 @@ readiness: initialDelaySeconds: 5 periodSeconds: 10 -service: - name: aaf-hello - type: ClusterIP - portName: aaf-hello - #targetPort - internalPort: 8130 - #port - externalPort: 8130 - ingress: enabled: false diff --git a/kubernetes/aaf/charts/aaf-locate/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-locate/templates/deployment.yaml index f504063555..69d16121c9 100644 --- a/kubernetes/aaf/charts/aaf-locate/templates/deployment.yaml +++ b/kubernetes/aaf/charts/aaf-locate/templates/deployment.yaml @@ -32,7 +32,7 @@ spec: spec: initContainers: - name: {{ include "common.name" . }}-config-container - image: {{ .Values.global.repository }}/onap/aaf/aaf_config:{{.Values.global.aaf.imageVersion}} + image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["bash","-c","cd /opt/app/aaf_config && bin/pod_wait.sh config aaf-service remove && bin/agent.sh"] volumeMounts: @@ -57,14 +57,14 @@ spec: value: "{{ .Values.global.aaf.aaf_release }}" - name: aaf_locator_container_ns value: "{{ .Release.Namespace }}" - - name: aaf_locator_container - value: "oom" - name: aaf_locator_public_fqdn value: "{{.Values.global.aaf.public_fqdn}}" - name: aaf_locator_name value: "{{.Values.global.aaf.aaf_locator_name}}" - name: aaf_locator_name_oom value: "{{.Values.global.aaf.aaf_locator_name_oom}}" + - name: cm_always_ignore_ips + value: "true" - name: CASSANDRA_CLUSTER value: "{{.Values.global.aaf.cass.fqdn}}.{{ .Release.Namespace }}" # - name: CASSANDRA_USER @@ -72,10 +72,11 @@ spec: # - name: CASSANDRA_PASSWORD # value: "" # - name: CASSANDRA_PORT +# value: "" containers: - name: {{ include "common.name" . }} command: ["/bin/bash","-c","cd /opt/app/aaf && /bin/bash bin/pod_wait.sh aaf-locate aaf-service && exec bin/locate"] - image: {{ .Values.global.repository }}/onap/aaf/aaf_locate:{{.Values.global.aaf.imageVersion}} + image: {{ .Values.global.repository }}/{{.Values.global.aaf.image}} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - mountPath: "/opt/app/osaaf" diff --git a/kubernetes/aaf/charts/aaf-oauth/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-oauth/templates/deployment.yaml index cc328d5ca6..b371c86541 100644 --- a/kubernetes/aaf/charts/aaf-oauth/templates/deployment.yaml +++ b/kubernetes/aaf/charts/aaf-oauth/templates/deployment.yaml @@ -32,7 +32,7 @@ spec: spec: initContainers: - name: {{ include "common.name" . }}-config-container - image: {{ .Values.global.repository }}/onap/aaf/aaf_config:{{.Values.global.aaf.imageVersion}} + image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["bash","-c","cd /opt/app/aaf_config && bin/pod_wait.sh config aaf-service remove && bin/agent.sh"] volumeMounts: @@ -57,14 +57,14 @@ spec: value: "{{ .Values.global.aaf.aaf_release }}" - name: aaf_locator_container_ns value: "{{ .Release.Namespace }}" - - name: aaf_locator_container - value: "oom" - name: aaf_locator_public_fqdn value: "{{.Values.global.aaf.public_fqdn}}" - name: aaf_locator_name value: "{{.Values.global.aaf.aaf_locator_name}}" - name: aaf_locator_name_oom value: "{{.Values.global.aaf.aaf_locator_name_oom}}" + - name: cm_always_ignore_ips + value: "true" - name: CASSANDRA_CLUSTER value: "{{.Values.global.aaf.cass.fqdn}}.{{ .Release.Namespace }}" # - name: CASSANDRA_USER @@ -72,10 +72,11 @@ spec: # - name: CASSANDRA_PASSWORD # value: "" # - name: CASSANDRA_PORT +# value: "" containers: - name: {{ include "common.name" . }} command: ["/bin/bash","-c","cd /opt/app/aaf && /bin/bash bin/pod_wait.sh aaf-oauth aaf-service && exec bin/oauth"] - image: {{ .Values.global.repository }}/onap/aaf/aaf_oauth:{{.Values.global.aaf.imageVersion}} + image: {{ .Values.global.repository }}/{{.Values.global.aaf.image}} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - mountPath: "/opt/app/osaaf" diff --git a/kubernetes/aaf/charts/aaf-service/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-service/templates/deployment.yaml index 1801bfec0c..1c09718262 100644 --- a/kubernetes/aaf/charts/aaf-service/templates/deployment.yaml +++ b/kubernetes/aaf/charts/aaf-service/templates/deployment.yaml @@ -32,7 +32,7 @@ spec: spec: initContainers: - name: {{ include "common.name" . }}-config-container - image: {{ .Values.global.repository }}/onap/aaf/aaf_config:{{.Values.global.aaf.imageVersion}} + image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["bash","-c","cd /opt/app/aaf_config && bin/pod_wait.sh config nc aaf-cass.{{ .Release.Namespace }} 9042 sleep 15 remove && bin/agent.sh"] volumeMounts: @@ -63,6 +63,8 @@ spec: value: "{{.Values.global.aaf.aaf_locator_name}}" - name: aaf_locator_name_oom value: "{{.Values.global.aaf.aaf_locator_name_oom}}" + - name: cm_always_ignore_ips + value: "true" - name: CASSANDRA_CLUSTER value: "{{.Values.global.aaf.cass.fqdn}}.{{ .Release.Namespace }}" # - name: CASSANDRA_USER @@ -73,9 +75,12 @@ spec: # value: "" containers: - name: {{ include "common.name" . }} - command: ["/bin/bash","-c","cd /opt/app/aaf && bin/pod_wait.sh aaf-service aaf-cass && exec bin/service"] - image: {{ .Values.global.repository }}/onap/aaf/aaf_service:{{.Values.global.aaf.imageVersion}} + command: ["/bin/bash","-c","cd /opt/app/aaf && bin/pod_wait.sh aaf-service aaf-cass && exec bin/service"] + image: {{.Values.global.repository}}/{{.Values.global.aaf.image}} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: cm_always_ignore_ips + value: "true" lifecycle: preStop: exec: diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/service.yaml b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/service.yaml index de6130cb1d..04e9a5a92f 100644 --- a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/service.yaml +++ b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/service.yaml @@ -28,7 +28,7 @@ spec: - name: {{ .Values.service.portName }} {{if eq .Values.service.type "NodePort" -}} port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + nodePort: {{ .Values.global.nodePortPrefix | default "302" }}{{ .Values.service.nodePort }} {{- else -}} port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} diff --git a/kubernetes/aaf/charts/aaf-sms/templates/service.yaml b/kubernetes/aaf/charts/aaf-sms/templates/service.yaml index 5e6bffb89f..18334a301c 100644 --- a/kubernetes/aaf/charts/aaf-sms/templates/service.yaml +++ b/kubernetes/aaf/charts/aaf-sms/templates/service.yaml @@ -28,7 +28,7 @@ spec: - name: {{ .Values.service.PortName }} {{if eq .Values.service.type "NodePort" -}} port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + nodePort: {{ .Values.global.nodePortPrefix | default "302" }}{{ .Values.service.nodePort }} {{- else -}} port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} diff --git a/kubernetes/aaf/values.yaml b/kubernetes/aaf/values.yaml index 1ddb604c02..0109a5e90d 100644 --- a/kubernetes/aaf/values.yaml +++ b/kubernetes/aaf/values.yaml @@ -23,30 +23,35 @@ global: ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 persistence: enabled: true - pullPolicy: Always + # Standard OOM + pullPolicy: "Always" repository: "nexus3.onap.org:10001" - # pullPolicy: IfNotPresent - # repository: "nexus3.onap.org:10003" + + # Use Local + #pullPolicy: IfNotPresent + #repository: "nexus3.onap.org:10003" aaf: - imageVersion: 2.1.13 - #imageVersion: latest readiness: false + image: onap/aaf/aaf_core:2.1.15 aaf_env: "DEV" public_fqdn: "aaf.osaaf.org" - aaf_release: "Dublin" + aaf_release: "El Alto" # DUBLIN ONLY - for M4 compatibility with Casablanca - aaf_locator_name: "public.%NS.%N" - aaf_locator_name_oom: "%NS.%N" + # aaf_locator_name: "public.%NS.%N" + # aaf_locator_name_oom: "%NS.%N" # EL ALTO and Beyond - # aaf_locator_name: "%NS.%N" - # aaf_locator_name_oom: "%CNS.%NS.%N" + aaf_locator_name: "%NS.%N" + aaf_locator_name_oom: "%CNS.%NS.%N" cadi_latitude: "38.0" cadi_longitude: "-72.0" cadi_x509_issuers: "CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US" + config: + image: onap/aaf/aaf_config:2.1.15 cass: replicas: 1 + image: onap/aaf/aaf_cass:2.1.15 fqdn: "aaf-cass" cluster_name: "osaaf" heap_new_size: "512M" @@ -88,9 +93,6 @@ global: public_port: 31115 hello: replicas: 0 - fqdn: "aaf-hello" - internal_port: 8130 - public_port: 31116 ################################################################# # Application configuration defaults. diff --git a/kubernetes/aai b/kubernetes/aai index 8c0fcb68d8..55cb73cadc 160000 --- a/kubernetes/aai +++ b/kubernetes/aai @@ -1 +1 @@ -Subproject commit 8c0fcb68d8e053629fd51e52f8f3687b28e4c18d +Subproject commit 55cb73cadc59537643c0fe5cb7ededadc9ff2b48 diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/bath_config.csv b/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/bath_config.csv new file mode 100644 index 0000000000..24a3dff7e2 --- /dev/null +++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/bath_config.csv @@ -0,0 +1,8 @@ +# APPC HELM CHART APPC_RESTCONF_UI -> appc@appc.onap.org +Basic YWRtaW46S3A4Yko0U1hzek0wV1hsaGFrM2VIbGNzZTJnQXc4NHZhb0dHbUp2VXkyVQ==,Basic YXBwY0BhcHBjLm9uYXAub3JnOmRlbW8xMjM0NTYh,2050-03-03 +# jolokiaall = demo@people.osaaf.org +Basic am9sb2tpYWFsbDpqb2xva2lhYWxs,Basic ZGVtb0BwZW9wbGUub3NhYWYub3JnOmRlbW8xMjM0NTYh,2050-03-03 +# restall = aaf_admin@people.osaaf.org +Basic cmVzdGFsbDpyZXN0YWxs,Basic YWFmX2FkbWluQHBlb3BsZS5vc2FhZi5vcmc6ZGVtbzEyMzQ1NiE=,2050-03-03 +# odlro = mmmanger@people.osaaf.org +Basic b2Rscm86b2Rscm8=,Basic bW1tYW5nZXJAcGVvcGxlLm9zYWFmLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03 diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/cadi.properties b/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/cadi.properties index 0e8b71cf53..e7399f6f04 100644 --- a/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/cadi.properties +++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/cadi.properties @@ -19,7 +19,7 @@ ### #hostname=localhost -cadi_loglevel=INFO +cadi_loglevel=DEBUG cadi_bath_convert=/opt/onap/appc/data/properties/bath_config.csv ############################################################ @@ -48,11 +48,11 @@ cadi_longitude=-122.26147 aaf_locate_url=https://aaf-locate.{{.Release.Namespace}}:8095 # AAF URL -aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.0 +aaf_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1 # AAF Environment Designation aaf_env=DEV # OAuth2 Endpoints -aaf_oauth2_token_url=https://AAF_LOCATE_URL/AAF_NS.token:2.0/token -aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/AAF_NS.introspect:2.0/introspect +aaf_oauth2_token_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.token:2.1/token +aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.introspect:2.1/introspect diff --git a/kubernetes/appc/templates/statefulset.yaml b/kubernetes/appc/templates/statefulset.yaml index 4fded9aa24..5b4f63bfa7 100644 --- a/kubernetes/appc/templates/statefulset.yaml +++ b/kubernetes/appc/templates/statefulset.yaml @@ -108,6 +108,9 @@ spec: - mountPath: /opt/onap/appc/data/properties/aaa-app-config.xml name: onap-appc-data-properties subPath: aaa-app-config.xml + - mountPath: /opt/onap/appc/data/properties/bath_config.csv + name: onap-appc-data-properties + subPath: bath_config.csv - mountPath: /opt/onap/appc/svclogic/config/svclogic.properties name: onap-appc-svclogic-config subPath: svclogic.properties diff --git a/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties b/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties index 02fe7b68a5..6cb952f460 100755 --- a/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties +++ b/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties @@ -16,7 +16,7 @@ # Web server config ### START -Controller Blueprints Properties # Load Resource Source Mappings -resourceSourceMappings=processor-db=source-processor-db,primary-db=source-processor-db,input=source-input,default=source-default,primary-config-data=source-rest,primary-aai-data=source-rest,capability=source-capability +resourceSourceMappings=processor-db=source-db,input=source-input,default=source-default,config-data=source-rest,aai-data=source-rest,capability=source-capability # Controller Blueprints Core Configuration controllerblueprints.blueprintDeployPath=/opt/app/onap/blueprints/deploy @@ -25,12 +25,12 @@ controllerblueprints.blueprintWorkingPath=/opt/app/onap/blueprints/working # Controller Blueprint Load Configurations # blueprints.load.initial-data may be overridden by ENV variables -controllerblueprints.loadInitialData=false -controllerblueprints.loadBluePrint=false +controllerblueprints.loadInitialData=true +controllerblueprints.loadBluePrint=true controllerblueprints.loadBluePrintPaths=/opt/app/onap/model-catalog/blueprint-model/service-blueprint -controllerblueprints.loadModelType=false +controllerblueprints.loadModelType=true controllerblueprints.loadModeTypePaths=/opt/app/onap/model-catalog/definition-type/starter-type -controllerblueprints.loadResourceDictionary=false +controllerblueprints.loadResourceDictionary=true controllerblueprints.loadResourceDictionaryPaths=/opt/app/onap/model-catalog/resource-dictionary/starter-dictionary # CBA file extension @@ -48,14 +48,14 @@ blueprintsprocessor.blueprintArchivePath=/opt/app/onap/blueprints/archive blueprintsprocessor.blueprintWorkingPath=/opt/app/onap/blueprints/work # Primary Database Configuration -blueprintsprocessor.db.primary.url=jdbc:mysql://cds-db:3306/sdnctl -blueprintsprocessor.db.primary.username=sdnctl -blueprintsprocessor.db.primary.password=sdnctl -blueprintsprocessor.db.primary.driverClassName=org.mariadb.jdbc.Driver -blueprintsprocessor.db.primary.hibernateHbm2ddlAuto=update -blueprintsprocessor.db.primary.hibernateDDLAuto=update -blueprintsprocessor.db.primary.hibernateNamingStrategy=org.hibernate.cfg.ImprovedNamingStrategy -blueprintsprocessor.db.primary.hibernateDialect=org.hibernate.dialect.MySQL5InnoDBDialect +blueprintsprocessor.db.url=jdbc:mysql://db:3306/sdnctl +blueprintsprocessor.db.username=sdnctl +blueprintsprocessor.db.password=sdnctl +blueprintsprocessor.db.driverClassName=org.mariadb.jdbc.Driver +blueprintsprocessor.db.hibernateHbm2ddlAuto=update +blueprintsprocessor.db.hibernateDDLAuto=update +blueprintsprocessor.db.hibernateNamingStrategy=org.hibernate.cfg.ImprovedNamingStrategy +blueprintsprocessor.db.hibernateDialect=org.hibernate.dialect.MySQL5InnoDBDialect # Python executor blueprints.processor.functions.python.executor.executionPath=/opt/app/onap/scripts/jython/ccsdk_blueprints @@ -83,17 +83,17 @@ blueprintsprocessor.grpcclient.remote-python.host=cds-command-executor blueprintsprocessor.grpcclient.remote-python.port=50051 blueprintsprocessor.grpcclient.remote-python.token=Basic Y2NzZGthcHBzOmNjc2RrYXBwcw== -# Primary Config Data REST client settings -blueprintsprocessor.restclient.primary-config-data.type=basic-auth -blueprintsprocessor.restclient.primary-config-data.url=http://sdnc:8282 -blueprintsprocessor.restclient.primary-config-data.username=admin -blueprintsprocessor.restclient.primary-config-data.password=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U - -# Primary AAI Data REST Client settings -blueprintsprocessor.restclient.primary-aai-data.type=basic-auth -blueprintsprocessor.restclient.primary-aai-data.url=https://aai.onap:8443 -blueprintsprocessor.restclient.primary-aai-data.username=aai@aai.onap.org -blueprintsprocessor.restclient.primary-aai-data.password=demo123456! +# Config Data REST client settings +blueprintsprocessor.restclient.config-data.type=basic-auth +blueprintsprocessor.restclient.config-data.url=http://sdnc:8282 +blueprintsprocessor.restclient.config-data.username=admin +blueprintsprocessor.restclient.config-data.password=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U + +# AAI Data REST Client settings +blueprintsprocessor.restclient.aai-data.type=basic-auth +blueprintsprocessor.restclient.aai-data.url=https://aai.onap:8443 +blueprintsprocessor.restclient.aai-data.username=aai@aai.onap.org +blueprintsprocessor.restclient.aai-data.password=demo123456! # Kafka-message-lib Configuration blueprintsprocessor.messageclient.self-service-api.topic=cds-producer diff --git a/kubernetes/cds/charts/cds-blueprints-processor/values.yaml b/kubernetes/cds/charts/cds-blueprints-processor/values.yaml index 7ac3274f32..29eeb19477 100755 --- a/kubernetes/cds/charts/cds-blueprints-processor/values.yaml +++ b/kubernetes/cds/charts/cds-blueprints-processor/values.yaml @@ -40,7 +40,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-blueprintsprocessor:0.5.1 +image: onap/ccsdk-blueprintsprocessor:0.6.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/cds/charts/cds-command-executor/values.yaml b/kubernetes/cds/charts/cds-command-executor/values.yaml index 0db73be134..a04651db13 100755 --- a/kubernetes/cds/charts/cds-command-executor/values.yaml +++ b/kubernetes/cds/charts/cds-command-executor/values.yaml @@ -40,7 +40,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-commandexecutor:0.5.1 +image: onap/ccsdk-commandexecutor:0.6.0 pullPolicy: Always # application configuration diff --git a/kubernetes/cds/charts/cds-controller-blueprints/resources/config/application.properties b/kubernetes/cds/charts/cds-controller-blueprints/resources/config/application.properties index ebc1d2e9a9..1b38665c4b 100755 --- a/kubernetes/cds/charts/cds-controller-blueprints/resources/config/application.properties +++ b/kubernetes/cds/charts/cds-controller-blueprints/resources/config/application.properties @@ -44,7 +44,7 @@ spring.jpa.hibernate.naming-strategy=org.hibernate.cfg.ImprovedNamingStrategy spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.MySQL5InnoDBDialect # Load Resource Source Mappings -resourceSourceMappings=processor-db=source-processor-db,primary-db=source-processor-db,input=source-input,default=source-default,primary-config-data=source-rest,primary-aai-data=source-rest,capability=source-capability +resourceSourceMappings=processor-db=source-db,input=source-input,default=source-default,config-data=source-rest,aai-data=source-rest,capability=source-capability # Controller Blueprints Core Configuration controllerblueprints.blueprintDeployPath=/etc/blueprints/deploy @@ -64,4 +64,4 @@ controllerblueprints.loadResourceDictionaryPaths=/opt/app/onap/model-catalog/res controllerblueprints.loadCbaExtension=zip # Web server config -server.port=8080 \ No newline at end of file +server.port=8080 diff --git a/kubernetes/cds/charts/cds-controller-blueprints/values.yaml b/kubernetes/cds/charts/cds-controller-blueprints/values.yaml index 4e32c5eac4..06efd741d9 100755 --- a/kubernetes/cds/charts/cds-controller-blueprints/values.yaml +++ b/kubernetes/cds/charts/cds-controller-blueprints/values.yaml @@ -38,7 +38,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-controllerblueprints:0.5.1 +image: onap/ccsdk-controllerblueprints:0.6.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/cds/charts/cds-sdc-listener/values.yaml b/kubernetes/cds/charts/cds-sdc-listener/values.yaml index c14b997acc..f359b97f1d 100644 --- a/kubernetes/cds/charts/cds-sdc-listener/values.yaml +++ b/kubernetes/cds/charts/cds-sdc-listener/values.yaml @@ -37,7 +37,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-sdclistener:0.5.1 +image: onap/ccsdk-sdclistener:0.6.0 name: sdc-listener pullPolicy: Always diff --git a/kubernetes/cds/charts/cds-ui/values.yaml b/kubernetes/cds/charts/cds-ui/values.yaml index 60c0a8a037..064f8cb7e2 100644 --- a/kubernetes/cds/charts/cds-ui/values.yaml +++ b/kubernetes/cds/charts/cds-ui/values.yaml @@ -28,7 +28,7 @@ subChartsOnly: # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-cds-ui-server:0.5.1 +image: onap/ccsdk-cds-ui-server:0.6.0 pullPolicy: Always # application configuration diff --git a/kubernetes/clamp/charts/clamp-dash-es/values.yaml b/kubernetes/clamp/charts/clamp-dash-es/values.yaml index f385128f92..33ea865b38 100644 --- a/kubernetes/clamp/charts/clamp-dash-es/values.yaml +++ b/kubernetes/clamp/charts/clamp-dash-es/values.yaml @@ -77,7 +77,7 @@ persistence: ## If undefined (the default) or set to null, no storageClassName spec is ## set, choosing the default provisioner. (gp2 on AWS, standard on ## GKE, AWS & OpenStack) - accessMode: ReadWriteMany + accessMode: ReadWriteOnce size: 4Gi mountPath: /dockerdata-nfs mountSubPath: clamp/dashboard-elasticsearch/data diff --git a/kubernetes/clamp/charts/mariadb/templates/service.yaml b/kubernetes/clamp/charts/mariadb/templates/service.yaml index 581f4a0956..5d9b1910e6 100644 --- a/kubernetes/clamp/charts/mariadb/templates/service.yaml +++ b/kubernetes/clamp/charts/mariadb/templates/service.yaml @@ -28,7 +28,7 @@ spec: ports: {{if eq .Values.service.type "NodePort" -}} - port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default "302" }}{{ .Values.service.nodePort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} {{- else -}} - port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} diff --git a/kubernetes/common/common/templates/_ingress.tpl b/kubernetes/common/common/templates/_ingress.tpl index a2e5235bb4..49d7eeb415 100644 --- a/kubernetes/common/common/templates/_ingress.tpl +++ b/kubernetes/common/common/templates/_ingress.tpl @@ -3,15 +3,15 @@ {{- if .Values.ingress.service -}} {{- range .Values.ingress.service }} - path: {{ .path }} - backend: + backend: serviceName: {{ .name }} servicePort: {{ .port }} -{{- end }} +{{- end -}} {{- else -}} - - path: {{ printf "/%s" .Chart.Name }} - backend: - serviceName: {{ .Chart.Name }} - servicePort: {{ .Values.service.externalPort }} + - path: {{ printf "/%s" .Chart.Name }} + backend: + serviceName: {{ .Chart.Name }} + servicePort: {{ .Values.service.externalPort }} {{- end -}} {{- end -}} {{- end -}} @@ -44,7 +44,7 @@ spec: rules: - http: paths: - {{- include "ingress.config.port" . }} + {{- include "ingress.config.port" . }} {{- if .Values.ingress.tls }} tls: {{ toYaml .Values.ingress.tls | indent 4 }} diff --git a/kubernetes/common/dgbuilder/values.yaml b/kubernetes/common/dgbuilder/values.yaml index 8cf95d6aba..df52fbc64b 100644 --- a/kubernetes/common/dgbuilder/values.yaml +++ b/kubernetes/common/dgbuilder/values.yaml @@ -47,7 +47,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-dgbuilder-image:0.5.1 +image: onap/ccsdk-dgbuilder-image:0.6.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/common/mariadb-galera/values.yaml b/kubernetes/common/mariadb-galera/values.yaml index d91f4fd1bb..6b1e186e8b 100644 --- a/kubernetes/common/mariadb-galera/values.yaml +++ b/kubernetes/common/mariadb-galera/values.yaml @@ -77,7 +77,7 @@ persistence: ## GKE, AWS & OpenStack) ## # storageClass: "-" - accessMode: ReadWriteMany + accessMode: ReadWriteOnce size: 2Gi mountPath: /dockerdata-nfs mountSubPath: "mariadb-galera/data" diff --git a/kubernetes/common/mongo/values.yaml b/kubernetes/common/mongo/values.yaml index d6938c1ebb..8a681296ce 100644 --- a/kubernetes/common/mongo/values.yaml +++ b/kubernetes/common/mongo/values.yaml @@ -71,7 +71,7 @@ persistence: ## If undefined (the default) or set to null, no storageClassName spec is ## set, choosing the default provisioner. (gp2 on AWS, standard on ## GKE, AWS & OpenStack) - accessMode: ReadWriteMany + accessMode: ReadWriteOnce size: 1Gi mountPath: /dockerdata-nfs mountSubPath: "mongo/data" diff --git a/kubernetes/contrib/charts/awx/Chart.yaml b/kubernetes/contrib/charts/awx/Chart.yaml new file mode 100755 index 0000000000..90f73801b0 --- /dev/null +++ b/kubernetes/contrib/charts/awx/Chart.yaml @@ -0,0 +1,20 @@ +# Copyright © 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: Ansible AWX +name: awx +sources: + - https://github.com/ansible/awx +version: 5.0.0 diff --git a/kubernetes/contrib/charts/awx/Makefile b/kubernetes/contrib/charts/awx/Makefile new file mode 100644 index 0000000000..d8a50339d6 --- /dev/null +++ b/kubernetes/contrib/charts/awx/Makefile @@ -0,0 +1,16 @@ +# Copyright © 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +make-awx: + cd charts && helm dep up awx-postgres diff --git a/kubernetes/contrib/charts/awx/charts/awx-postgres/Chart.yaml b/kubernetes/contrib/charts/awx/charts/awx-postgres/Chart.yaml new file mode 100755 index 0000000000..ae3befc6e8 --- /dev/null +++ b/kubernetes/contrib/charts/awx/charts/awx-postgres/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: Ansible AWX database +name: awx-postgres +version: 5.0.0 diff --git a/kubernetes/contrib/charts/awx/charts/awx-postgres/templates/NOTES.txt b/kubernetes/contrib/charts/awx/charts/awx-postgres/templates/NOTES.txt new file mode 100755 index 0000000000..3ab092e848 --- /dev/null +++ b/kubernetes/contrib/charts/awx/charts/awx-postgres/templates/NOTES.txt @@ -0,0 +1,33 @@ +# Copyright © 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range .Values.ingress.hosts }} + http://{{ . }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.service.externalPort }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} +{{- end }} diff --git a/kubernetes/contrib/charts/awx/charts/awx-postgres/templates/deployment.yaml b/kubernetes/contrib/charts/awx/charts/awx-postgres/templates/deployment.yaml new file mode 100755 index 0000000000..3ac0e1a76c --- /dev/null +++ b/kubernetes/contrib/charts/awx/charts/awx-postgres/templates/deployment.yaml @@ -0,0 +1,86 @@ +{{/* +# Copyright © 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + spec: + containers: + - name: {{ include "common.name" . }} + image: {{ .Values.global.repository | default .Values.repository }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + ports: + - containerPort: {{ .Values.service.internalPort }} + readinessProbe: + exec: + command: + - /bin/sh + - -i + - -c + - psql -h 127.0.0.1 -U $POSTGRES_USER -q -d {{ .Values.config.postgresDB }} + -c 'SELECT 1' + initialDelaySeconds: 5 + timeoutSeconds: 1 + env: + - name: POSTGRES_USER + value: "{{ .Values.config.postgresUser }}" + - name: POSTGRES_PASSWORD + value: "{{ .Values.config.postgresPassword }}" + - name: POSTGRES_DB + value: "{{ .Values.config.postgresDB }}" + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - name: {{ include "common.fullname" . }}-data + mountPath: /var/lib/postgresql/data + resources: +{{ include "common.resources" . | indent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + {{- if .Values.persistence.enabled }} + - name: {{ include "common.fullname" . }}-data + persistentVolumeClaim: + claimName: {{ include "common.fullname" . }} + {{- else }} + emptyDir: {} + {{- end }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/contrib/charts/awx/charts/awx-postgres/templates/pv.yaml b/kubernetes/contrib/charts/awx/charts/awx-postgres/templates/pv.yaml new file mode 100755 index 0000000000..a8cf9f6d9d --- /dev/null +++ b/kubernetes/contrib/charts/awx/charts/awx-postgres/templates/pv.yaml @@ -0,0 +1,39 @@ +{{/* +# Copyright © 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +{{- if not .Values.persistence.storageClass -}} +kind: PersistentVolume +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + name: {{ include "common.fullname" . }} +spec: + capacity: + storage: {{ .Values.persistence.size}} + accessModes: + - {{ .Values.persistence.accessMode }} + persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} + hostPath: + path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/kubernetes/contrib/charts/awx/charts/awx-postgres/templates/pvc.yaml b/kubernetes/contrib/charts/awx/charts/awx-postgres/templates/pvc.yaml new file mode 100755 index 0000000000..52891ffda0 --- /dev/null +++ b/kubernetes/contrib/charts/awx/charts/awx-postgres/templates/pvc.yaml @@ -0,0 +1,50 @@ +{{/* +# Copyright © 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +{{- if .Values.persistence.annotations }} + annotations: +{{ .Values.persistence.annotations | indent 4 }} +{{- end }} +spec: +{{- if not .Values.persistence.storageClass }} + selector: + matchLabels: + name: {{ include "common.fullname" . }} +{{- end }} + accessModes: + - {{ .Values.persistence.accessMode }} + resources: + requests: + storage: {{ .Values.persistence.size }} +{{- if .Values.persistence.storageClass }} +{{- if (eq "-" .Values.persistence.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.persistence.storageClass }}" +{{- end }} +{{- end }} +{{- end -}} diff --git a/kubernetes/contrib/charts/awx/charts/awx-postgres/templates/service.yaml b/kubernetes/contrib/charts/awx/charts/awx-postgres/templates/service.yaml new file mode 100755 index 0000000000..9dffb536ee --- /dev/null +++ b/kubernetes/contrib/charts/awx/charts/awx-postgres/templates/service.yaml @@ -0,0 +1,42 @@ +{{/* +# Copyright © 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + {{- end}} + selector: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} diff --git a/kubernetes/contrib/charts/awx/charts/awx-postgres/values.yaml b/kubernetes/contrib/charts/awx/charts/awx-postgres/values.yaml new file mode 100755 index 0000000000..79fe5104b2 --- /dev/null +++ b/kubernetes/contrib/charts/awx/charts/awx-postgres/values.yaml @@ -0,0 +1,83 @@ +# Copyright © 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Default values for mariadb. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +global: # global defaults + nodePortPrefixExt: 304 + persistence: {} + +# application image +repository: docker.io +image: postgres:10.4-alpine +pullPolicy: Always + +# application configuration +config: + postgresUser: awx + postgresPassword: awx + postgresDB: awx + +ingress: + enabled: false + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 10 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 10 + periodSeconds: 10 + +## Persist data to a persitent volume +persistence: + enabled: true + volumeReclaimPolicy: Retain + + # Uncomment the storageClass parameter to use an existing PV + # that will match the following class. + # When uncomment the storageClass, the PV is not created anymore. + + # storageClass: "nfs-dev-sc" + + accessMode: ReadWriteMany + size: 1Gi + + # When using storage class, mountPath and mountSubPath are + # simply ignored. + + mountPath: /dockerdata-nfs + mountSubPath: awx/pgdata + +service: + type: ClusterIP + name: awx-postgresql + portName: awx-postgresql + internalPort: 5432 + externalPort: 5432 + +resources: {} diff --git a/kubernetes/contrib/charts/awx/charts/awx/Chart.yaml b/kubernetes/contrib/charts/awx/charts/awx/Chart.yaml new file mode 100755 index 0000000000..1a34dcd174 --- /dev/null +++ b/kubernetes/contrib/charts/awx/charts/awx/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: Ansible AWX application +name: awx +version: 5.0.0 diff --git a/kubernetes/contrib/charts/awx/charts/awx/resources/config/credentials.py b/kubernetes/contrib/charts/awx/charts/awx/resources/config/credentials.py new file mode 100644 index 0000000000..39350e05d0 --- /dev/null +++ b/kubernetes/contrib/charts/awx/charts/awx/resources/config/credentials.py @@ -0,0 +1,36 @@ +# Copyright © 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +DATABASES = { + 'default': { + 'ATOMIC_REQUESTS': True, + 'ENGINE': 'awx.main.db.profiled_pg', + 'NAME': "{{ .Values.config.postgresDB }}", + 'USER': "{{ .Values.config.postgresUser }}", + 'PASSWORD': "{{ .Values.config.postgresPassword }}", + 'HOST': "awx-postgresql", + 'PORT': "5432", + } +} +BROKER_URL = 'amqp://{}:{}@{}:{}/{}'.format( + "{{ .Values.config.rabbitmqUser }}", + "{{ .Values.config.rabbitmqPassword }}", + "localhost", + "5672", + "{{ .Values.config.rabbitmqVhost }}") +CHANNEL_LAYERS = { + 'default': {'BACKEND': 'asgi_amqp.AMQPChannelLayer', + 'ROUTING': 'awx.main.routing.channel_routing', + 'CONFIG': {'url': BROKER_URL}} +} \ No newline at end of file diff --git a/kubernetes/contrib/charts/awx/charts/awx/resources/config/environment.sh b/kubernetes/contrib/charts/awx/charts/awx/resources/config/environment.sh new file mode 100644 index 0000000000..7c58c6bb48 --- /dev/null +++ b/kubernetes/contrib/charts/awx/charts/awx/resources/config/environment.sh @@ -0,0 +1,23 @@ +# Copyright © 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +DATABASE_USER={{ .Values.config.postgresUser }} +DATABASE_NAME={{ .Values.config.postgresDB }} +DATABASE_HOST=awx-postgresql +DATABASE_PORT=5432 +DATABASE_PASSWORD={{ .Values.config.postgresPassword }} +MEMCACHED_HOST=localhost +RABBITMQ_HOST=localhost +AWX_ADMIN_USER={{ .Values.config.awxAdminUser }} +AWX_ADMIN_PASSWORD={{ .Values.config.awxAdminPassword }} \ No newline at end of file diff --git a/kubernetes/contrib/charts/awx/charts/awx/templates/configmap.yaml b/kubernetes/contrib/charts/awx/charts/awx/templates/configmap.yaml new file mode 100644 index 0000000000..9bc62b0856 --- /dev/null +++ b/kubernetes/contrib/charts/awx/charts/awx/templates/configmap.yaml @@ -0,0 +1,146 @@ +{{/* +# Copyright © 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-init-mgnt + namespace: {{ include "common.namespace" . }} +data: + entrypoint: | + #/bin/sh + + awx-manage migrate --noinput + if [[ `echo 'from django.contrib.auth.models import User; nsu = User.objects.filter(is_superuser=True).count(); exit(0 if nsu > 0 else 1)' | awx-manage shell` > 0 ]] + then + echo 'from django.contrib.auth.models import User; User.objects.create_superuser('{{ .Values.config.awxAdminUser }}', '{{ .Values.config.awxAdminEmail }}', '{{ .Values.config.awxAdminPassword }}')' | awx-manage shell + awx-manage update_password --username='{{ .Values.config.awxAdminUser }}' --password='{{ .Values.config.awxAdminPassword }}' + fi +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-settings + namespace: {{ include "common.namespace" . }} +data: + awx_settings: | + import os + import socket + ADMINS = () + + AWX_PROOT_ENABLED = True + + # Automatically deprovision pods that go offline + AWX_AUTO_DEPROVISION_INSTANCES = True + + SYSTEM_TASK_ABS_CPU = 6 + SYSTEM_TASK_ABS_MEM = 20 + + INSIGHTS_URL_BASE = "https://example.org" + + #Autoprovisioning should replace this + CLUSTER_HOST_ID = socket.gethostname() + SYSTEM_UUID = '00000000-0000-0000-0000-000000000000' + + SESSION_COOKIE_SECURE = False + CSRF_COOKIE_SECURE = False + + REMOTE_HOST_HEADERS = ['HTTP_X_FORWARDED_FOR'] + + STATIC_ROOT = '/var/lib/awx/public/static' + PROJECTS_ROOT = '/var/lib/awx/projects' + JOBOUTPUT_ROOT = '/var/lib/awx/job_status' + SECRET_KEY = open('/etc/tower/SECRET_KEY', 'rb').read().strip() + ALLOWED_HOSTS = ['*'] + INTERNAL_API_URL = 'http://127.0.0.1:8052' + SERVER_EMAIL = 'root@localhost' + DEFAULT_FROM_EMAIL = 'webmaster@localhost' + EMAIL_SUBJECT_PREFIX = '[AWX] ' + EMAIL_HOST = 'localhost' + EMAIL_PORT = 25 + EMAIL_HOST_USER = '' + EMAIL_HOST_PASSWORD = '' + EMAIL_USE_TLS = False + + LOGGING['handlers']['console'] = { + '()': 'logging.StreamHandler', + 'level': 'DEBUG', + 'formatter': 'simple', + } + + LOGGING['loggers']['django.request']['handlers'] = ['console'] + LOGGING['loggers']['rest_framework.request']['handlers'] = ['console'] + LOGGING['loggers']['awx']['handlers'] = ['console'] + LOGGING['loggers']['awx.main.commands.run_callback_receiver']['handlers'] = ['console'] + LOGGING['loggers']['awx.main.commands.inventory_import']['handlers'] = ['console'] + LOGGING['loggers']['awx.main.tasks']['handlers'] = ['console'] + LOGGING['loggers']['awx.main.scheduler']['handlers'] = ['console'] + LOGGING['loggers']['django_auth_ldap']['handlers'] = ['console'] + LOGGING['loggers']['social']['handlers'] = ['console'] + LOGGING['loggers']['system_tracking_migrations']['handlers'] = ['console'] + LOGGING['loggers']['rbac_migrations']['handlers'] = ['console'] + LOGGING['loggers']['awx.isolated.manager.playbooks']['handlers'] = ['console'] + LOGGING['handlers']['callback_receiver'] = {'class': 'logging.NullHandler'} + LOGGING['handlers']['task_system'] = {'class': 'logging.NullHandler'} + LOGGING['handlers']['tower_warnings'] = {'class': 'logging.NullHandler'} + LOGGING['handlers']['rbac_migrations'] = {'class': 'logging.NullHandler'} + LOGGING['handlers']['system_tracking_migrations'] = {'class': 'logging.NullHandler'} + LOGGING['handlers']['management_playbooks'] = {'class': 'logging.NullHandler'} + + CACHES = { + 'default': { + 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', + 'LOCATION': '{}:{}'.format("localhost", "11211") + }, + 'ephemeral': { + 'BACKEND': 'django.core.cache.backends.locmem.LocMemCache', + }, + } + + USE_X_FORWARDED_PORT = True +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-rabbitmq + namespace: {{ include "common.namespace" . }} +data: + enabled_plugins: | + [rabbitmq_management,rabbitmq_peer_discovery_k8s]. + rabbitmq.conf: | + ## Clustering + management.load_definitions = /etc/rabbitmq/rabbitmq_definitions.json + cluster_formation.peer_discovery_backend = rabbit_peer_discovery_k8s + cluster_formation.k8s.host = kubernetes.default.svc + cluster_formation.k8s.address_type = ip + cluster_formation.node_cleanup.interval = 10 + cluster_formation.node_cleanup.only_log_warning = false + cluster_partition_handling = autoheal + ## queue master locator + queue_master_locator=min-masters + ## enable guest user + loopback_users.guest = false + rabbitmq_definitions.json: | + { + "users":[{"name": "{{ .Values.config.rabbitmqUser }}", "password": "{{ .Values.config.rabbitmqPassword }}", "tags": ""}], + "permissions":[ + {"user":"{{ .Values.config.rabbitmqUser }}","vhost":"{{ .Values.config.rabbitmqVhost }}","configure":".*","write":".*","read":".*"} + ], + "vhosts":[{"name":"{{ .Values.config.rabbitmqVhost }}"}], + "policies":[ + {"vhost":"{{ .Values.config.rabbitmqVhost }}","name":"ha-all","pattern":".*","definition":{"ha-mode":"all","ha-sync-mode":"automatic"}} + ] + } diff --git a/kubernetes/contrib/charts/awx/charts/awx/templates/job.yaml b/kubernetes/contrib/charts/awx/charts/awx/templates/job.yaml new file mode 100644 index 0000000000..dd538ae0ce --- /dev/null +++ b/kubernetes/contrib/charts/awx/charts/awx/templates/job.yaml @@ -0,0 +1,125 @@ +{{/* +# Copyright © 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + backoffLimit: 5 + template: + metadata: + labels: + app: {{ include "common.name" . }}-mgnt + release: {{ .Release.Name }} + spec: + serviceAccount: {{ include "common.fullname" . }} + serviceAccountName: {{ include "common.fullname" . }} + restartPolicy: Never + initContainers: + - name: {{ include "common.name" . }}-init-readiness + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /root/ready.py + args: + - --container-name + - awx-postgres + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + containers: + - command: ["/bin/sh","-c"] + args: ["/etc/tower/job-entrypoint.sh"] + image: "{{ .Values.repository }}/{{ .Values.image.task }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-mgnt + resources: + requests: + cpu: 1500m + memory: 2Gi + securityContext: + privileged: true + volumeMounts: + - mountPath: /etc/tower/job-entrypoint.sh + name: awx-mgnt + readOnly: true + subPath: job-entrypoint.py + - mountPath: /etc/tower/settings.py + name: awx-application-config + readOnly: true + subPath: settings.py + - mountPath: /etc/tower/conf.d/ + name: awx-application-credentials + readOnly: true + - mountPath: /etc/tower/SECRET_KEY + name: awx-secret-key + readOnly: true + subPath: SECRET_KEY + + volumes: + - configMap: + defaultMode: 0777 + items: + - key: entrypoint + path: job-entrypoint.py + name: {{ include "common.fullname" . }}-init-mgnt + name: awx-mgnt + - configMap: + defaultMode: 420 + items: + - key: awx_settings + path: settings.py + name: {{ include "common.fullname" . }}-settings + name: awx-application-config + - name: awx-application-credentials + secret: + defaultMode: 420 + items: + - key: credentials_py + path: credentials.py + - key: environment_sh + path: environment.sh + secretName: {{ include "common.fullname" . }}-secrets + - name: awx-secret-key + secret: + defaultMode: 420 + items: + - key: secret_key + path: SECRET_KEY + secretName: {{ include "common.fullname" . }}-secrets + - configMap: + defaultMode: 420 + items: + - key: rabbitmq.conf + path: rabbitmq.conf + - key: enabled_plugins + path: enabled_plugins + - key: rabbitmq_definitions.json + path: rabbitmq_definitions.json + name: {{ include "common.fullname" . }}-rabbitmq + name: rabbitmq-config + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" \ No newline at end of file diff --git a/kubernetes/contrib/charts/awx/charts/awx/templates/secret.yaml b/kubernetes/contrib/charts/awx/charts/awx/templates/secret.yaml new file mode 100644 index 0000000000..8b504d55cc --- /dev/null +++ b/kubernetes/contrib/charts/awx/charts/awx/templates/secret.yaml @@ -0,0 +1,31 @@ +{{/* +# Copyright © 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: {{ include "common.fullname" . }}-secrets + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.fullname" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: + credentials_py: {{ tpl (.Files.Get "resources/config/credentials.py") . | b64enc }} + environment_sh: {{ tpl (.Files.Get "resources/config/environment.sh") . | b64enc }} + rabbitmq_erlang_cookie: {{ .Values.config.rabbitmqErlangCookie | b64enc | quote }} + secret_key: {{ .Values.config.secretKey | b64enc | quote }} \ No newline at end of file diff --git a/kubernetes/contrib/charts/awx/charts/awx/templates/service.yaml b/kubernetes/contrib/charts/awx/charts/awx/templates/service.yaml new file mode 100755 index 0000000000..ed3fd7274d --- /dev/null +++ b/kubernetes/contrib/charts/awx/charts/awx/templates/service.yaml @@ -0,0 +1,80 @@ +{{/* +# Copyright © 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }}-rmq-mgmt + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.rmqmgmt.type }} + ports: + - port: {{ .Values.service.rmqmgmt.externalPort }} + targetPort: {{ .Values.service.rmqmgmt.internalPort }} + name: {{ .Values.service.rmqmgmt.portName }} + selector: + app: {{ include "common.fullname" . }} + release: {{ .Release.Name }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }}-web + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.web.type }} + ports: + - port: {{ .Values.service.web.externalPort }} + targetPort: {{ .Values.service.web.internalPort }} + nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.web.nodePort }} + name: {{ .Values.service.web.portName }} + selector: + app: {{ include "common.fullname" . }} + release: {{ .Release.Name }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }}-rabbitmq + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.fullname" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + type: LoadBalancer +spec: + type: {{ .Values.service.rabbitmq.type }} + ports: + - port: {{ .Values.service.rabbitmq.http.externalPort }} + targetPort: {{ .Values.service.rabbitmq.http.internalPort }} + name: {{ .Values.service.rabbitmq.http.portName }} + - port: {{ .Values.service.rabbitmq.amqp.externalPort }} + targetPort: {{ .Values.service.rabbitmq.amqp.internalPort }} + name: {{ .Values.service.rabbitmq.amqp.portName }} + selector: + app: {{ include "common.fullname" . }} + release: {{ .Release.Name }} \ No newline at end of file diff --git a/kubernetes/contrib/charts/awx/charts/awx/templates/serviceaccout.yaml b/kubernetes/contrib/charts/awx/charts/awx/templates/serviceaccout.yaml new file mode 100644 index 0000000000..0f52ce800a --- /dev/null +++ b/kubernetes/contrib/charts/awx/charts/awx/templates/serviceaccout.yaml @@ -0,0 +1,47 @@ +{{/* +# Copyright © 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "common.fullname" . }}-endpoint-reader + namespace: {{ include "common.namespace" . }} +rules: +- apiGroups: ["", "extensions", "apps", "batch"] + resources: ["endpoints", "deployments", "pods", "replicasets/status", "jobs/status"] + verbs: ["get", "list"] +--- +apiVersion: v1 +items: +- apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: {{ include "common.fullname" . }}-endpoint-reader + namespace: {{ include "common.namespace" . }} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "common.fullname" . }}-endpoint-reader + subjects: + - kind: ServiceAccount + name: {{ include "common.fullname" . }} +kind: List \ No newline at end of file diff --git a/kubernetes/contrib/charts/awx/charts/awx/templates/statefulset.yaml b/kubernetes/contrib/charts/awx/charts/awx/templates/statefulset.yaml new file mode 100644 index 0000000000..bf85447b8e --- /dev/null +++ b/kubernetes/contrib/charts/awx/charts/awx/templates/statefulset.yaml @@ -0,0 +1,213 @@ +{{/* +# Copyright © 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + podManagementPolicy: OrderedReady + replicas: {{ .Values.replicaCount }} + serviceName: {{ include "common.fullname" . }} + selector: + matchLabels: + app: {{ include "common.fullname" . }} + name: {{ include "common.name" . }}-web-deploy + service: django + template: + metadata: + labels: + app: {{ include "common.fullname" . }} + name: {{ include "common.name" . }}-web-deploy + release: {{ .Release.Name }} + service: django + spec: + + initContainers: + - name: {{ include "common.name" . }}-init-readiness + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /root/ready.py + args: + - --container-name + - {{ include "common.name" . }}-mgnt + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + + containers: + + - image: "{{ .Values.repository }}/{{ .Values.image.web }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-web + ports: + - containerPort: {{ .Values.service.web.internalPort }} + protocol: TCP + resources: + requests: + cpu: 500m + memory: 1Gi + volumeMounts: + - mountPath: /etc/tower/settings.py + name: awx-application-config + readOnly: true + subPath: settings.py + - mountPath: /etc/tower/conf.d/ + name: awx-application-credentials + readOnly: true + - mountPath: /etc/tower/SECRET_KEY + name: awx-secret-key + readOnly: true + subPath: SECRET_KEY + - command: ["/bin/sh","-c"] + args: ["/usr/bin/launch_awx_task.sh"] + env: + - name: AWX_SKIP_MIGRATIONS + value: "1" + + image: "{{ .Values.repository }}/{{ .Values.image.task }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-celery + resources: + requests: + cpu: 1500m + memory: 2Gi + securityContext: + privileged: true + volumeMounts: + - mountPath: /etc/tower/settings.py + name: awx-application-config + readOnly: true + subPath: settings.py + - mountPath: /etc/tower/conf.d/ + name: awx-application-credentials + readOnly: true + - mountPath: /etc/tower/SECRET_KEY + name: awx-secret-key + readOnly: true + subPath: SECRET_KEY + - env: + - name: MY_POD_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + - name: RABBITMQ_USE_LONGNAME + value: "true" + - name: RABBITMQ_NODENAME + value: rabbit@$(MY_POD_IP) + - name: RABBITMQ_ERLANG_COOKIE + valueFrom: + secretKeyRef: + key: rabbitmq_erlang_cookie + name: {{ include "common.fullname" . }}-secrets + - name: K8S_SERVICE_NAME + value: {{ include "common.servicename" . }}-rabbitmq + + image: "{{ .Values.repository }}/{{ .Values.image.rabbitmq }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-rabbit + livenessProbe: + exec: + command: + - rabbitmqctl + - status + failureThreshold: 3 + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + successThreshold: 1 + timeoutSeconds: 10 + ports: + - containerPort: {{ .Values.service.rabbitmq.http.internalPort }} + name: {{ .Values.service.rabbitmq.http.portName }} + protocol: TCP + - containerPort: {{ .Values.service.rabbitmq.amqp.internalPort }} + name: {{ .Values.service.rabbitmq.amqp.portName }} + protocol: TCP + readinessProbe: + exec: + command: + - rabbitmqctl + - status + failureThreshold: 3 + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + successThreshold: 1 + timeoutSeconds: 10 + resources: + requests: + cpu: 500m + memory: 2Gi + volumeMounts: + - mountPath: /etc/rabbitmq + name: rabbitmq-config + + - image: "{{ .Values.image.memcached }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-memcached + resources: + requests: + cpu: 500m + memory: 1Gi + serviceAccount: {{ include "common.fullname" . }} + serviceAccountName: {{ include "common.fullname" . }} + volumes: + - configMap: + defaultMode: 420 + items: + - key: awx_settings + path: settings.py + name: {{ include "common.fullname" . }}-settings + name: awx-application-config + - name: awx-application-credentials + secret: + defaultMode: 420 + items: + - key: credentials_py + path: credentials.py + - key: environment_sh + path: environment.sh + secretName: {{ include "common.fullname" . }}-secrets + - name: awx-secret-key + secret: + defaultMode: 420 + items: + - key: secret_key + path: SECRET_KEY + secretName: {{ include "common.fullname" . }}-secrets + - configMap: + defaultMode: 420 + items: + - key: rabbitmq.conf + path: rabbitmq.conf + - key: enabled_plugins + path: enabled_plugins + - key: rabbitmq_definitions.json + path: rabbitmq_definitions.json + name: {{ include "common.fullname" . }}-rabbitmq + name: rabbitmq-config + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" \ No newline at end of file diff --git a/kubernetes/contrib/charts/awx/charts/awx/values.yaml b/kubernetes/contrib/charts/awx/charts/awx/values.yaml new file mode 100755 index 0000000000..5974de32ff --- /dev/null +++ b/kubernetes/contrib/charts/awx/charts/awx/values.yaml @@ -0,0 +1,111 @@ +# Copyright © 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Default values for mariadb. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +global: # global defaults + nodePortPrefixExt: 304 + persistence: {} + +# application image +repository: ansible +image: + web: awx_web:latest + task: awx_task:latest + rabbitmq: awx_rabbitmq:3.7.4 + memcached: memcached:latest +pullPolicy: Always + +# application configuration +config: + postgresUser: awx + postgresPassword: awx + postgresDB: awx +# RabbitMQ Configuration + rabbitmqUser: awx + rabbitmqPassword: awxpass + rabbitmqVhost: awx + rabbitmqErlangCookie: cookiemonster3 +# This will create or update a default admin (superuser) account in AWX, if not provided +# then these default values are used + awxAdminUser: admin + awxAdminPassword: password + awxAdminEmail: cds@onap.org +# AWX Secret key +# It's *very* important that this stay the same between upgrades or you will lose the ability to decrypt +# your credentials + secretKey: awxsecret + +ingress: + enabled: false + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 10 + periodSeconds: 10 + enabled: true + +## Persist data to a persitent volume +persistence: + enabled: true + volumeReclaimPolicy: Retain + + # Uncomment the storageClass parameter to use an existing PV + # that will match the following class. + # When uncomment the storageClass, the PV is not created anymore. + + # storageClass: "nfs-dev-sc" + + accessMode: ReadWriteMany + size: 5Gi + + # When using storage class, mountPath and mountSubPath are + # simply ignored. + + mountPath: /dockerdata-nfs + mountSubPath: awx/pgdata + +service: + rmqmgmt: + type: ClusterIP + portName: rmqmgmt + internalPort: 15672 + externalPort: 15672 + web: + type: NodePort + portName: web + internalPort: 8052 + externalPort: 80 + nodePort: 78 + rabbitmq: + type: ClusterIP + http: + portName: http + internalPort: 15672 + externalPort: 15672 + amqp: + portName: amqp + internalPort: 5672 + externalPort: 5672 + +resources: {} diff --git a/kubernetes/contrib/charts/awx/requirements.yaml b/kubernetes/contrib/charts/awx/requirements.yaml new file mode 100755 index 0000000000..486fc6585c --- /dev/null +++ b/kubernetes/contrib/charts/awx/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright © 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~4.x-0 + repository: '@local' \ No newline at end of file diff --git a/kubernetes/contrib/charts/awx/values.yaml b/kubernetes/contrib/charts/awx/values.yaml new file mode 100755 index 0000000000..6c6a90e0de --- /dev/null +++ b/kubernetes/contrib/charts/awx/values.yaml @@ -0,0 +1,39 @@ +# Copyright © 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefixExt: 304 + commonConfigPrefix: awx + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + +################################################################# +# Application configuration defaults. +################################################################# +# application image +repository: hub.docker.io +pullPolicy: Always + +# default number of instances +replicaCount: 1 +nodeSelector: {} +affinity: {} + +ingress: + enabled: false + +resources: {} diff --git a/kubernetes/contrib/values.yaml b/kubernetes/contrib/values.yaml index 882cc5cdf4..e15806ff1c 100644 --- a/kubernetes/contrib/values.yaml +++ b/kubernetes/contrib/values.yaml @@ -1,4 +1,4 @@ -# Copyright © 2018 Amdocs, Bell Canada +# Copyright © 2019 Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,5 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +awx: + enabled: true netbox: enabled: true \ No newline at end of file diff --git a/kubernetes/dcaegen2/Makefile b/kubernetes/dcaegen2/Makefile index f77bc8fb16..fcd62da048 100644 --- a/kubernetes/dcaegen2/Makefile +++ b/kubernetes/dcaegen2/Makefile @@ -1,4 +1,4 @@ -make-dcaegen2: make-dcae-bootstrap make-dcae-cloudify-manager make-dcae-config-binding-service make-dcae-healthcheck make-dcae-redis make-dcae-servicechange-handler make-dcae-inventory-api make-dcae-deployment-handler make-dcae-policy-handler +make-dcaegen2: make-dcae-bootstrap make-dcae-cloudify-manager make-dcae-config-binding-service make-dcae-healthcheck make-dcae-redis make-dcae-servicechange-handler make-dcae-inventory-api make-dcae-deployment-handler make-dcae-policy-handler make-dcae-dashboard make-dcae-bootstrap: cd charts && helm dep up dcae-bootstrap && helm lint dcae-bootstrap @@ -26,3 +26,6 @@ make-dcae-deployment-handler: make-dcae-policy-handler: cd charts && helm dep up dcae-policy-handler && helm lint dcae-policy-handler + +make-dcae-dashboard: + cd charts && helm dep up dcae-dashboard && helm lint dcae-dashboard diff --git a/kubernetes/dcaegen2/charts/dcae-bootstrap/resources/certs/cacert.pem b/kubernetes/dcaegen2/charts/dcae-bootstrap/resources/certs/cacert.pem new file mode 100644 index 0000000000..897c8ae499 --- /dev/null +++ b/kubernetes/dcaegen2/charts/dcae-bootstrap/resources/certs/cacert.pem @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE----- +MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV +BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx +NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK +DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC +ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7 +XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn +H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM +pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7 +NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg +2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY +wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd +ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM +P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6 +aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY +PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G +A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ +UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN +BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz +L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9 +7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx +c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf +jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2 +RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h +PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF +CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+ +Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A +cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR +ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX +dYY= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/kubernetes/dcaegen2/charts/dcae-bootstrap/resources/config/dmaap-plugin.json b/kubernetes/dcaegen2/charts/dcae-bootstrap/resources/config/dmaap-plugin.json new file mode 100644 index 0000000000..41404b0199 --- /dev/null +++ b/kubernetes/dcaegen2/charts/dcae-bootstrap/resources/config/dmaap-plugin.json @@ -0,0 +1,8 @@ +{ + "dmaap": { + "username": "notused", + "password": "doesnotmatter", + "owner": "dcaecm", + "protocol": "http" + } +} \ No newline at end of file diff --git a/kubernetes/dcaegen2/charts/dcae-bootstrap/resources/config/k8s-plugin.json b/kubernetes/dcaegen2/charts/dcae-bootstrap/resources/config/k8s-plugin.json index 51d31a355b..d459d5bb95 100644 --- a/kubernetes/dcaegen2/charts/dcae-bootstrap/resources/config/k8s-plugin.json +++ b/kubernetes/dcaegen2/charts/dcae-bootstrap/resources/config/k8s-plugin.json @@ -33,6 +33,8 @@ "tls": { "cert_path": "/opt/tls/shared", - "image": "{{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}" + "image": "{{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}", + "component_ca_cert_path": "/opt/dcae/cacert/cacert.pem", + "ca_cert_configmap": "{{ include "common.fullname" . }}-dcae-cacert" } } diff --git a/kubernetes/dcaegen2/charts/dcae-bootstrap/resources/inputs/k8s-dashboard-inputs.yaml b/kubernetes/dcaegen2/charts/dcae-bootstrap/resources/inputs/k8s-dashboard-inputs.yaml index e40a03068c..2718e1882f 100644 --- a/kubernetes/dcaegen2/charts/dcae-bootstrap/resources/inputs/k8s-dashboard-inputs.yaml +++ b/kubernetes/dcaegen2/charts/dcae-bootstrap/resources/inputs/k8s-dashboard-inputs.yaml @@ -24,7 +24,7 @@ external_tls_port: {{ .Values.config.address.dashboard.portSecure }} database_cluster_name: {{ .Values.postgres.service.name2 }}.{{ include "common.namespace" . }} database_cluster_fqdn: {{ .Values.postgres.service.name2 }}.{{ include "common.namespace" . }}.{{ .Values.postgres.suffix }} database_name: "dashboard_pg" -cloudify_ip: {{ .Values.config.address.cm }} +cloudify_ip: {{ .Values.config.address.cm.host }} cloudify_user: "admin" cloudify_password: "admin" consul_url: {{ .Values.config.address.consul_ui }} diff --git a/kubernetes/dcaegen2/charts/dcae-bootstrap/templates/configmap.yaml b/kubernetes/dcaegen2/charts/dcae-bootstrap/templates/configmap.yaml index 878d94bfc6..21134ada9f 100644 --- a/kubernetes/dcaegen2/charts/dcae-bootstrap/templates/configmap.yaml +++ b/kubernetes/dcaegen2/charts/dcae-bootstrap/templates/configmap.yaml @@ -31,4 +31,11 @@ metadata: namespace: {{ include "common.namespace" . }} data: {{ tpl (.Files.Glob "resources/inputs/*").AsConfig . | indent 2 }} - +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-dcae-cacert + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/certs/*").AsConfig . | indent 2 }} diff --git a/kubernetes/dcaegen2/charts/dcae-bootstrap/templates/deployment.yaml b/kubernetes/dcaegen2/charts/dcae-bootstrap/templates/deployment.yaml index 0463655c79..be5a769a37 100644 --- a/kubernetes/dcaegen2/charts/dcae-bootstrap/templates/deployment.yaml +++ b/kubernetes/dcaegen2/charts/dcae-bootstrap/templates/deployment.yaml @@ -61,6 +61,19 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + - name: init-tls + env: + - name: POD_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + resources: {} + volumeMounts: + - mountPath: /opt/tls/shared + name: tls-info containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -75,14 +88,21 @@ spec: - mountPath: /etc/localtime name: localtime readOnly: true + - mountPath: /certs + name: tls-info + readOnly: true env: - name: CMADDR - value: {{ .Values.config.address.cm }} + value: {{ .Values.config.address.cm.host }} - name: CMPASS valueFrom: secretKeyRef: name: {{ include "common.name" . }}-cmpass key: password + - name: CMPROTO + value: {{ .Values.config.address.cm.proto }} + - name: CMPORT + value: !!string {{ .Values.config.address.cm.port }} - name: CONSUL value: {{ .Values.config.address.consul.host }}:{{ .Values.config.address.consul.port }} - name: DCAE_NAMESPACE @@ -99,5 +119,7 @@ spec: - name: localtime hostPath: path: /etc/localtime + - name: tls-info + emptyDir: {} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dcaegen2/charts/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/charts/dcae-bootstrap/values.yaml index aec082fe15..7e93715e29 100644 --- a/kubernetes/dcaegen2/charts/dcae-bootstrap/values.yaml +++ b/kubernetes/dcaegen2/charts/dcae-bootstrap/values.yaml @@ -38,10 +38,15 @@ config: host: consul-server port: 8500 consul_ui: consul-server-ui - cm: dcae-cloudify-manager + cm: + host: dcae-cloudify-manager + port: 443 + proto: https + #Temporary assignment to avoid conflict + #To be removed after bootstrap changes done to remove dashboard dashboard: - port: 30418 - portSecure: 30419 + port: 30473 + portSecure: 30474 datafile_collector: port: 30223 portSecure: 30262 @@ -90,7 +95,7 @@ postgres: # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.4.18 +image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.6.2 default_k8s_location: central # DCAE component images to be deployed via Cloudify Manager diff --git a/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml b/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml index d6c58cd75f..b3e90a2efb 100644 --- a/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml +++ b/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml @@ -34,6 +34,12 @@ spec: app: {{ include "common.name" . }} release: {{ .Release.Name }} spec: + # host alias allows local 'cfy' command to use https and match + # the host name in the certificate + hostAliases: + - ip: "127.0.0.1" + hostnames: + - "dcae-cloudify-manager" initContainers: - name: {{ include "common.name" . }}-multisite-init image: {{ include "common.repository" . }}/{{ .Values.multisiteInitImage }} @@ -44,10 +50,26 @@ spec: - --configmap - {{ .Values.multisiteConfigMapName }} restartPolicy: Never + - name: init-tls + env: + - name: POD_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + resources: {} + volumeMounts: + - mountPath: /opt/tls/shared + name: tls-info containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: REQUESTS_CA_BUNDLE + value: "/opt/onap/certs/cacert.pem" resources: {{ include "common.resources" . | indent 12 }} ports: @@ -86,6 +108,8 @@ spec: readOnly: true - mountPath: /cfy-persist name: cm-persistent + - mountPath: /opt/onap/certs + name: tls-info securityContext: privileged: True volumes: @@ -107,5 +131,7 @@ spec: - name: cm-persistent persistentVolumeClaim: claimName: {{ include "common.fullname" . }}-data + - emptyDir: {} + name: tls-info imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dcaegen2/charts/dcae-cloudify-manager/values.yaml b/kubernetes/dcaegen2/charts/dcae-cloudify-manager/values.yaml index 41f0750c78..70504efd75 100644 --- a/kubernetes/dcaegen2/charts/dcae-cloudify-manager/values.yaml +++ b/kubernetes/dcaegen2/charts/dcae-cloudify-manager/values.yaml @@ -44,7 +44,7 @@ config: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.deployments.cm-container:1.6.2 +image: onap/org.onap.dcaegen2.deployments.cm-container:2.0.2 pullPolicy: Always # name of shared ConfigMap with kubeconfig for multiple clusters @@ -69,8 +69,8 @@ readiness: service: type: ClusterIP name: dcae-cloudify-manager - externalPort: 80 - internalPort: 80 + externalPort: 443 + internalPort: 443 # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/dcaegen2/charts/dcae-config-binding-service/templates/deployment.yaml b/kubernetes/dcaegen2/charts/dcae-config-binding-service/templates/deployment.yaml index a968204575..5496aee2cb 100644 --- a/kubernetes/dcaegen2/charts/dcae-config-binding-service/templates/deployment.yaml +++ b/kubernetes/dcaegen2/charts/dcae-config-binding-service/templates/deployment.yaml @@ -50,36 +50,68 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + {{- if .Values.service.secure.enabled }} + - name: init-tls + env: + - name: POD_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + resources: {} + volumeMounts: + - mountPath: /opt/tls/shared + name: tls-info + {{ end }} containers: + {{- if .Values.service.secure.enabled }} - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} resources: {{ include "common.resources" . | indent 12 }} ports: - - containerPort: {{ .Values.service.internalPort }} + - containerPort: {{ .Values.service.secure.internalPort }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container {{- if eq .Values.liveness.enabled true }} livenessProbe: tcpSocket: - port: {{ .Values.service.internalPort }} + port: {{ .Values.service.secure.internalPort }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} {{ end -}} readinessProbe: httpGet: + scheme: "HTTPS" path: {{ .Values.readiness.path }} - port: {{ .Values.service.internalPort }} + port: {{ .Values.service.secure.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: - name: {{ include "common.fullname" . }}-logs mountPath: /opt/logs + - name: tls-info + mountPath: /opt/tls env: - name: CONSUL_HOST value: consul.{{ include "common.namespace" . }} - + - name: USE_HTTPS + value: "1" + - name: HTTPS_CERT_PATH + value: "/opt/tls/cert.pem" + - name: HTTPS_KEY_PATH + value: "/opt/tls/key.pem" + - name: TRUST_STORE_PATH + value: "/opt/app/prh/etc/cert/trust.jks" + - name: TRUST_STORE_PASS_PATH + value: "/opt/app/prh/etc/cert/trust.pass" + - name: KEY_STORE_PATH + value: "/opt/app/prh/etc/cert/key.p12" + - name: KEY_STORE_PASS_PATH + value: "/opt/app/prh/etc/cert/key.pass" - name: {{ include "common.name" . }}-filebeat-onap image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} @@ -91,13 +123,67 @@ spec: mountPath: /usr/share/filebeat/data - name: {{ include "common.fullname" . }}-logs mountPath: /var/log/onap + {{ end }} + {{- if .Values.service.insecure.enabled }} + - name: {{ include "common.name" . }}-insecure + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + resources: +{{ include "common.resources" . | indent 12 }} + ports: + - containerPort: {{ .Values.service.insecure.internalPort }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.insecure.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + httpGet: + scheme: "HTTP" + path: {{ .Values.readiness.path }} + port: {{ .Values.service.insecure.internalPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + volumeMounts: + - name: {{ include "common.fullname" . }}-logs-insecure + mountPath: /opt/logs + env: + - name: CONSUL_HOST + value: consul.{{ include "common.namespace" . }} + - name: {{ include "common.name" . }}-filebeat-onap-insecure + image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: {{ include "common.fullname" . }}-filebeat-conf + mountPath: /usr/share/filebeat/filebeat.yml + subPath: filebeat.yml + - name: {{ include "common.fullname" . }}-data-filebeat-insecure + mountPath: /usr/share/filebeat/data + - name: {{ include "common.fullname" . }}-logs-insecure + mountPath: /var/log/onap + {{ end }} volumes: - name: {{ include "common.fullname" . }}-filebeat-conf configMap: name: {{ .Release.Name }}-cbs-filebeat-configmap + {{- if .Values.service.secure.enabled }} - name: {{ include "common.fullname" . }}-data-filebeat emptyDir: {} - name: {{ include "common.fullname" . }}-logs emptyDir: {} + - name: tls-info + emptyDir: {} + {{ end }} + {{- if .Values.service.insecure.enabled }} + - name: {{ include "common.fullname" . }}-data-filebeat-insecure + emptyDir: {} + - name: {{ include "common.fullname" . }}-logs-insecure + emptyDir: {} + {{ end }} + imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dcaegen2/charts/dcae-config-binding-service/templates/service.yaml b/kubernetes/dcaegen2/charts/dcae-config-binding-service/templates/service.yaml index 794b896eef..8176e77c1e 100644 --- a/kubernetes/dcaegen2/charts/dcae-config-binding-service/templates/service.yaml +++ b/kubernetes/dcaegen2/charts/dcae-config-binding-service/templates/service.yaml @@ -28,16 +28,29 @@ metadata: spec: type: {{ .Values.service.type }} ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPort }} - nodePort: {{ .Values.global.nodePortPrefixExt| default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort }} - name: {{ .Values.service.name }} + {{ if eq .Values.service.type "NodePort" -}} + {{ if .Values.service.insecure.enabled -}} + - port: {{ .Values.service.insecure.externalPort }} + nodePort: {{ .Values.global.nodePortPrefixExt| default .Values.nodePortPrefixExt }}{{ .Values.service.insecure.nodePort }} + name: {{ .Values.service.name }}-insecure + {{- end }} + {{ if .Values.service.secure.enabled -}} + - port: {{ .Values.service.secure.externalPort }} + nodePort: {{ .Values.global.nodePortPrefixExt| default .Values.nodePortPrefixExt }}{{ .Values.service.secure.nodePort }} + name: {{ .Values.service.name }}-secure + {{- end }} {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.name }} - {{- end}} + {{ if .Values.service.insecure.enabled -}} + - port: {{ .Values.service.insecure.externalPort }} + targetPort: {{ .Values.service.insecure.internalPort }} + name: {{ .Values.service.name }}-insecure + {{- end }} + {{ if .Values.service.secure.enabled -}} + - port: {{ .Values.service.secure.externalPort }} + targetPort: {{ .Values.service.secure.internalPort }} + name: {{ .Values.service.name }}-secure + {{- end }} + {{- end }} selector: app: {{ include "common.name" . }} release: {{ .Release.Name }} - diff --git a/kubernetes/dcaegen2/charts/dcae-config-binding-service/values.yaml b/kubernetes/dcaegen2/charts/dcae-config-binding-service/values.yaml index 4605e88c09..c7db0d5518 100644 --- a/kubernetes/dcaegen2/charts/dcae-config-binding-service/values.yaml +++ b/kubernetes/dcaegen2/charts/dcae-config-binding-service/values.yaml @@ -25,6 +25,8 @@ global: readinessImage: readiness-check:2.0.0 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + tlsRepository: nexus3.onap.org:10001 + tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:1.0.3 repositoryCred: user: docker password: docker @@ -43,7 +45,7 @@ config: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.platform.configbinding.app-app:2.3.0 +image: onap/org.onap.dcaegen2.platform.configbinding:2.5.1 pullPolicy: Always # probe configuration parameters @@ -63,9 +65,18 @@ readiness: service: type: NodePort name: config-binding-service - externalPort: 10000 - internalPort: 10000 - nodePort: 15 + # TLS service + secure: + enabled: true + externalPort: 10443 + internalPort: 10443 + nodePort: 14 + # Non-TLS service + insecure: + enabled: true + externalPort: 10000 + internalPort: 10000 + nodePort: 15 # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/dcaegen2/charts/dcae-dashboard/.helmignore b/kubernetes/dcaegen2/charts/dcae-dashboard/.helmignore new file mode 100644 index 0000000000..50af031725 --- /dev/null +++ b/kubernetes/dcaegen2/charts/dcae-dashboard/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/kubernetes/dcaegen2/charts/dcae-dashboard/Chart.yaml b/kubernetes/dcaegen2/charts/dcae-dashboard/Chart.yaml new file mode 100644 index 0000000000..5250c17584 --- /dev/null +++ b/kubernetes/dcaegen2/charts/dcae-dashboard/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: "1.0" +description: DCAE Dashboard +name: dcae-dashboard +version: 5.0.0 diff --git a/kubernetes/dcaegen2/charts/dcae-dashboard/requirements.yaml b/kubernetes/dcaegen2/charts/dcae-dashboard/requirements.yaml new file mode 100644 index 0000000000..b0e70b3c2f --- /dev/null +++ b/kubernetes/dcaegen2/charts/dcae-dashboard/requirements.yaml @@ -0,0 +1,21 @@ +# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~5.x-0 + repository: '@local' + - name: postgres + version: ~5.x-0 + repository: '@local' diff --git a/kubernetes/dcaegen2/charts/dcae-dashboard/resources/log/filebeat.yml b/kubernetes/dcaegen2/charts/dcae-dashboard/resources/log/filebeat.yml new file mode 100644 index 0000000000..0e5ee9bffa --- /dev/null +++ b/kubernetes/dcaegen2/charts/dcae-dashboard/resources/log/filebeat.yml @@ -0,0 +1,72 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2018-2019 AT&T Intellectual Property. All rights reserved. +# Modifications Copyright © 2018 Amdocs, Bell Canada +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +filebeat.prospectors: +#it is mandatory, in our case it's log +- input_type: log + #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory. + paths: + - /var/log/onap/*/*/*/*.log + - /var/log/onap/*/*/*.log + - /var/log/onap/*/*.log + #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive + ignore_older: 48h + # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit + clean_inactive: 96h + + +# Name of the registry file. If a relative path is used, it is considered relative to the +# data path. Else full qualified file name. +#filebeat.registry_file: ${path.data}/registry + + +output.logstash: + #List of logstash server ip addresses with port number. + #But, in our case, this will be the loadbalancer IP address. + #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately. + hosts: ["{{.Values.config.logstashServiceName}}.{{.Release.Namespace}}:{{.Values.config.logstashPort}}"] + #If enable will do load balancing among availabe Logstash, automatically. + loadbalance: true + + #The list of root certificates for server verifications. + #If certificate_authorities is empty or not set, the trusted + #certificate authorities of the host system are used. + #ssl.certificate_authorities: $ssl.certificate_authorities + + #The path to the certificate for SSL client authentication. If the certificate is not specified, + #client authentication is not available. + #ssl.certificate: $ssl.certificate + + #The client certificate key used for client authentication. + #ssl.key: $ssl.key + + #The passphrase used to decrypt an encrypted key stored in the configured key file + #ssl.key_passphrase: $ssl.key_passphrase + +logging: + level: debug + + # enable file rotation with default configuration + to_files: true + + # do not log to syslog + to_syslog: false + + files: + path: /usr/share/filebeat/logs + name: mybeat.log + keepfiles: 7 diff --git a/kubernetes/dcaegen2/charts/dcae-dashboard/templates/configmap.yaml b/kubernetes/dcaegen2/charts/dcae-dashboard/templates/configmap.yaml new file mode 100644 index 0000000000..41d5826e13 --- /dev/null +++ b/kubernetes/dcaegen2/charts/dcae-dashboard/templates/configmap.yaml @@ -0,0 +1,22 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2019 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{include "common.fullname" . }}-filebeat-configmap + namespace: {{include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/log/*").AsConfig . | indent 2 }} + diff --git a/kubernetes/dcaegen2/charts/dcae-dashboard/templates/deployment.yaml b/kubernetes/dcaegen2/charts/dcae-dashboard/templates/deployment.yaml new file mode 100644 index 0000000000..779844c0e3 --- /dev/null +++ b/kubernetes/dcaegen2/charts/dcae-dashboard/templates/deployment.yaml @@ -0,0 +1,168 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: 1 + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + spec: + initContainers: + - name: {{ include "common.name" . }}-readiness + image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /root/ready.py + args: + - --container-name + - dcae-cloudify-manager + - --container-name + - consul-server + - --container-name + - dcae-inventory-api + - --container-name + - dcae-deployment-handler + - --container-name + - {{ .Values.postgres.nameOverride }} + - "-t" + - "45" + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: init-tls + env: + - name: POD_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + resources: {} + volumeMounts: + - mountPath: /opt/tls/shared + name: tls-info + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + resources: +{{ include "common.resources" . | indent 12 }} + ports: + - containerPort: {{ .Values.service.internalPort }} + protocol: TCP + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end }} + readinessProbe: + httpGet: + path: {{ .Values.readiness.path }} + port: {{ .Values.service.internalPort }} + scheme: {{ .Values.readiness.scheme }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + failureThreshold: 1 + successThreshold: 1 + timeoutSeconds: 1 + volumeMounts: + - mountPath: /usr/local/share/ca-certificates/ + name: tls-info + env: + - name: CONSUL_HOST + value: consul-server.{{ include "common.namespace" . }} + - name: CONFIG_BINDING_SERVICE + value: config-binding-service + - name: inventory_url + value: {{ .Values.config.inventory_url }} + - name: postgres_port + value: "{{ .Values.postgres.config.pgPort }}" + - name: cloudify_password + value: admin + - name: dhandler_url + value: {{ .Values.config.dhandler_url }} + - name: cfy_url + value: {{ .Values.config.cfy_url }} + - name: cloudify_user + value: admin + - name: consul_url + value: http://consul-server-ui:8500 + - name: postgres_user_dashboard + value: {{ .Values.postgres.config.pgUserName }} + - name: postgres_db_name + value: {{ .Values.postgres.config.pgDatabase }} + - name: postgres_password_dashboard + value: {{ .Values.postgres.config.pgUserPassword }} + - name: postgres_ip + value: {{ .Values.postgres.service.name2 }} + - name: POD_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + - name: {{ include "common.name" . }}-filebeat + env: + - name: POD_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + image: {{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }} + imagePullPolicy: IfNotPresent + resources: {} + volumeMounts: + - mountPath: /var/log/onap/dashboard + name: component-log + - mountPath: /usr/share/filebeat/data + name: filebeat-data + - mountPath: /usr/share/filebeat/filebeat.yml + name: filebeat-conf + subPath: filebeat.yml + volumes: + - emptyDir: {} + name: component-log + - emptyDir: {} + name: filebeat-data + - configMap: + defaultMode: 420 + name: {{ include "common.fullname" . }}-filebeat-configmap + name: filebeat-conf + - emptyDir: {} + name: tls-info + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" + diff --git a/kubernetes/dcaegen2/charts/dcae-dashboard/templates/service.yaml b/kubernetes/dcaegen2/charts/dcae-dashboard/templates/service.yaml new file mode 100644 index 0000000000..39f16bd6b1 --- /dev/null +++ b/kubernetes/dcaegen2/charts/dcae-dashboard/templates/service.yaml @@ -0,0 +1,43 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.externalPort }} + nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort }} + name: {{ .Values.service.name }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.name }} + {{- end}} + selector: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + diff --git a/kubernetes/dcaegen2/charts/dcae-dashboard/values.yaml b/kubernetes/dcaegen2/charts/dcae-dashboard/values.yaml new file mode 100644 index 0000000000..615afc42c2 --- /dev/null +++ b/kubernetes/dcaegen2/charts/dcae-dashboard/values.yaml @@ -0,0 +1,126 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefixExt: 304 + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.0 + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + tlsRepository: nexus3.onap.org:10001 + tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:1.0.3 + +config: + logstashServiceName: log-ls + logstashPort: 5044 + dhandler_url: https://deployment-handler:8443 + cfy_url: https://dcae-cloudify-manager/api/v3.1 + inventory_url: https://inventory:8080 + # Addresses of other ONAP entities + address: + consul: + host: consul-server + port: 8500 + +################################################################# +# Application configuration defaults. +################################################################# +# application image +repository: nexus3.onap.org:10001 +image: onap/org.onap.ccsdk.dashboard.ccsdk-app-os:1.1.0 +pullPolicy: Always + +# probe configuration parameters +liveness: + initialDelaySeconds: 10 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + # liveness not desirable for Cloudify Manager container + enabled: false + +readiness: + initialDelaySeconds: 30 + periodSeconds: 30 + path: /ccsdk-app/health + scheme: HTTP + +service: + type: NodePort + name: dashboard + externalPort: 8080 + internalPort: 8080 + nodePort: 18 +# application configuration override for postgres +postgres: + nameOverride: dcae-dashboard-pg + service: + name: dcae-dashboard-postgres + name2: dcae-dashboard-pg-primary + name3: dcae-dashboard-pg-replica + container: + name: + primary: dcae-dashboard-pg-primary + replica: dcae-dashboard-pg-replica + config: + pgUserName: dashboard_pg_admin + pgDatabase: dashboard_pg_db_common + pgPrimaryPassword: onapdemodb + pgUserPassword: onapdemodb + pgRootPassword: onapdemodb + pgPort: "5432" + persistence: + mountSubPath: dcae-dashboard/data + mountInitPath: dcae-dashboard + pgpool: + nameOverride: dcae-dashboard-pgpool + service: + name: dcae-dashboard-pgpool + credentials: + pgusername: dcae_dashboard + pgpassword: onapdemodb + container: + name: + primary: dcae-dashboard-pgpool-primary + replica: dcae-dashboard-pgpool-replica + +# Resource Limit flavor -By Default using small +flavor: small +# Segregation for Different environment (Small and Large) +resources: + small: + limits: + cpu: 2 + memory: 2Gi + requests: + cpu: 1 + memory: 1Gi + large: + limits: + cpu: 4 + memory: 4Gi + requests: + cpu: 2 + memory: 2Gi + unlimited: {} +# Kubernetes namespace for components deployed via Cloudify manager +# If empty, use the common namespace +# dcae_ns: "dcae" + diff --git a/kubernetes/dcaegen2/charts/dcae-deployment-handler/resources/config/config.json b/kubernetes/dcaegen2/charts/dcae-deployment-handler/resources/config/config.json index 600f07c457..026355a909 100644 --- a/kubernetes/dcaegen2/charts/dcae-deployment-handler/resources/config/config.json +++ b/kubernetes/dcaegen2/charts/dcae-deployment-handler/resources/config/config.json @@ -1,8 +1,8 @@ { "cloudify": { - "protocol": "http" + "protocol": "https" }, "inventory": { - "protocol": "http" + "protocol": "https" } -} \ No newline at end of file +} diff --git a/kubernetes/dcaegen2/charts/dcae-deployment-handler/templates/deployment.yaml b/kubernetes/dcaegen2/charts/dcae-deployment-handler/templates/deployment.yaml index 3e4e53b679..a67197849f 100644 --- a/kubernetes/dcaegen2/charts/dcae-deployment-handler/templates/deployment.yaml +++ b/kubernetes/dcaegen2/charts/dcae-deployment-handler/templates/deployment.yaml @@ -72,7 +72,7 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} args: - --service - - "cloudify_manager|dcae-cloudify-manager.{{ include "common.namespace" . }}|80" + - "cloudify_manager|dcae-cloudify-manager.{{ include "common.namespace" . }}|443" - --service - "inventory|inventory.{{ include "common.namespace" . }}|8080" - --key @@ -119,6 +119,8 @@ spec: value: admin - name: CONFIG_BINDING_SERVICE value: config-binding-service + - name: NODE_EXTRA_CA_CERTS + value: /opt/app/dh/etc/cert/cacert.pem - name: POD_IP valueFrom: fieldRef: diff --git a/kubernetes/dcaegen2/charts/dcae-deployment-handler/values.yaml b/kubernetes/dcaegen2/charts/dcae-deployment-handler/values.yaml index 0eddf7c1a0..30893b6d7c 100644 --- a/kubernetes/dcaegen2/charts/dcae-deployment-handler/values.yaml +++ b/kubernetes/dcaegen2/charts/dcae-deployment-handler/values.yaml @@ -46,7 +46,7 @@ config: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.platform.deployment-handler:4.0.1 +image: onap/org.onap.dcaegen2.platform.deployment-handler:4.2.0 pullPolicy: Always # probe configuration parameters diff --git a/kubernetes/dcaegen2/charts/dcae-healthcheck/values.yaml b/kubernetes/dcaegen2/charts/dcae-healthcheck/values.yaml index 913cb714d6..fb5a195e60 100644 --- a/kubernetes/dcaegen2/charts/dcae-healthcheck/values.yaml +++ b/kubernetes/dcaegen2/charts/dcae-healthcheck/values.yaml @@ -45,7 +45,7 @@ readiness: periodSeconds: 10 # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.deployments.healthcheck-container:1.2.4 +image: onap/org.onap.dcaegen2.deployments.healthcheck-container:1.2.5 # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/resources/config/config.json b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/resources/config/config.json index a8329f674b..c8c7dd79f1 100644 --- a/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/resources/config/config.json +++ b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/resources/config/config.json @@ -30,5 +30,14 @@ "gzipEnabledForRequests": false, "timeout": "5000milliseconds", "connectionTimeout": "5000milliseconds" + }, + "server": { + "applicationConnectors": [{ + "type": "https", + "port": 8080, + "keyStorePath": "/opt/cert/cert.jks", + "keyStorePassword": "hD:!w:CxF]lGvM6Mz9l^j[7U", + "keyStoreType": "JKS" + }] } - } \ No newline at end of file + } diff --git a/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/templates/deployment.yaml b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/templates/deployment.yaml index e3e4aaf5cd..28eeae23a1 100644 --- a/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/templates/deployment.yaml +++ b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/templates/deployment.yaml @@ -50,6 +50,19 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + - name: init-tls + env: + - name: POD_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + resources: {} + volumeMounts: + - mountPath: /opt/tls/shared + name: tls-info containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -79,12 +92,15 @@ spec: httpGet: path: {{ .Values.readiness.path }} port: {{ .Values.service.internalPort }} + scheme: {{ .Values.readiness.scheme }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: - name: {{ include "common.fullname" . }}-inv-config mountPath: /opt/config.json subPath: config.json + - mountPath: /opt/cert/ + name: tls-info env: - name: CONSUL_HOST value: consul.{{ include "common.namespace" . }} @@ -92,5 +108,7 @@ spec: - name: {{ include "common.fullname" . }}-inv-config configMap: name: {{ include "common.fullname" . }}-configmap + - emptyDir: {} + name: tls-info imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/values.yaml b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/values.yaml index f12040210b..8e4430c37e 100644 --- a/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/values.yaml +++ b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/values.yaml @@ -24,6 +24,8 @@ global: readinessImage: readiness-check:2.0.0 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + tlsRepository: nexus3.onap.org:10001 + tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:1.0.3 repositoryCred: user: docker password: docker @@ -42,7 +44,7 @@ config: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.platform.inventory-api:3.2.0 +image: onap/org.onap.dcaegen2.platform.inventory-api:3.4.0 pullPolicy: Always @@ -59,6 +61,7 @@ readiness: initialDelaySeconds: 30 periodSeconds: 30 path: /dcae-service-types + scheme: HTTPS service: type: ClusterIP diff --git a/kubernetes/dcaegen2/charts/dcae-servicechange-handler/resources/config/config.json b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/resources/config/config.json index 7ddc800817..4578d4c4ee 100644 --- a/kubernetes/dcaegen2/charts/dcae-servicechange-handler/resources/config/config.json +++ b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/resources/config/config.json @@ -17,6 +17,6 @@ "isFilterInEmptyResources": false }, "dcaeInventoryClient": { - "uri": "http://inventory:8080" + "uri": "https://inventory:8080" } } diff --git a/kubernetes/dcaegen2/charts/dcae-servicechange-handler/templates/deployment.yaml b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/templates/deployment.yaml index 44ebc42412..d948d3425b 100644 --- a/kubernetes/dcaegen2/charts/dcae-servicechange-handler/templates/deployment.yaml +++ b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/templates/deployment.yaml @@ -54,16 +54,23 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + - name: init-tls + env: + - name: POD_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + resources: {} + volumeMounts: + - mountPath: /opt/tls/shared + name: tls-info containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: ["java"] - args: - - "-jar" - - "/opt/servicechange-handler.jar" - - "prod" - - "/opt/config.json" resources: {{ include "common.resources" . | indent 12 }} # disable liveness probe when breakpoints set in debugger @@ -84,12 +91,21 @@ spec: - name: {{ include "common.fullname" . }}-sch-config mountPath: /opt/config.json subPath: config.json + # NOTE: This is tied to the PATH_TO_CACERT env variable + - mountPath: /opt/cert/ + name: tls-info env: - name: CONSUL_HOST value: consul.{{ include "common.namespace" . }} + - name: PATH_TO_CACERT + value: "/opt/cert/cacert.pem" + - name: SCH_ARGS + value: "prod /opt/config.json" volumes: - name: {{ include "common.fullname" . }}-sch-config configMap: name: {{ include "common.fullname" . }}-configmap + - emptyDir: {} + name: tls-info imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dcaegen2/charts/dcae-servicechange-handler/values.yaml b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/values.yaml index dd985163c1..0b88a65c69 100644 --- a/kubernetes/dcaegen2/charts/dcae-servicechange-handler/values.yaml +++ b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/values.yaml @@ -24,6 +24,8 @@ global: readinessImage: readiness-check:2.0.0 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + tlsRepository: nexus3.onap.org:10001 + tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:1.0.3 repositoryCred: user: docker password: docker @@ -40,7 +42,7 @@ config: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.platform.servicechange-handler:1.1.5 +image: onap/org.onap.dcaegen2.platform.servicechange-handler:1.3.2 pullPolicy: Always diff --git a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/feeds/createFeed.sh b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/feeds/createFeed.sh deleted file mode 100644 index 1289ecae86..0000000000 --- a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/feeds/createFeed.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/sh - -dr_prov_url="{{.Values.config.dmaapDrProv.name}}:{{.Values.config.dmaapDrProv.internalPort2}}" -ct_header="Content-Type:application/vnd.dmaap-dr.feed" -obo_header="X-DMAAP-DR-ON-BEHALF-OF:dradmin" -feed_payload=/opt/app/datartr/etc/dedicatedFeed.json - -sleep 20 - -if curl -k https://${dr_prov_url}/internal/prov | awk 'BEGIN{ORS=""} {print}' | egrep "\"feeds\":\s+\[\]"; then - curl -X POST -H ${ct_header} -H ${obo_header} --data-ascii @${feed_payload} --post301 --location-trusted -k https://${dr_prov_url}; -else - echo "NO feed creation required"; -fi diff --git a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/feeds/dedicatedFeed.json b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/feeds/dedicatedFeed.json deleted file mode 100644 index a96f46d528..0000000000 --- a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/feeds/dedicatedFeed.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "Default PM Feed", - "version": "m1.0", - "description": "Default feed provisioned for PM File collector", - "business_description": "Default Feed", - "suspend": false, - "deleted": false, - "changeowner": true, - "authorization": { - "classification": "unclassified", - "endpoint_addrs": [], - "endpoint_ids": [ - { - "password": "dradmin", - "id": "dradmin" - }] - } -} \ No newline at end of file diff --git a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/log/filebeat/filebeat.yml b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/log/filebeat/filebeat.yml index f1cf7394b6..e0cb1dd21b 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/log/filebeat/filebeat.yml +++ b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/log/filebeat/filebeat.yml @@ -16,6 +16,7 @@ # SPDX-License-Identifier: Apache-2.0 # ============LICENSE_END========================================================= +# dmaap-dr-node filebeat.yml filebeat.prospectors: #it is mandatory, in our case it's log - input_type: log @@ -24,7 +25,6 @@ filebeat.prospectors: - /var/log/onap/*/*/*/*.log - /var/log/onap/*/*/*.log - /var/log/onap/*/*.log - - /opt/app/datartr/logs/*.log #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive ignore_older: 48h # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit @@ -40,7 +40,7 @@ output.logstash: #List of logstash server ip addresses with port number. #But, in our case, this will be the loadbalancer IP address. #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately. - hosts: ["{{.Values.config.logstashServiceName}}.{{.Release.Namespace}}:{{.Values.config.logstashPort}}"] + hosts: ["{{.Values.global.logstashServiceName}}.{{.Release.Namespace}}:{{.Values.global.logstashPort}}"] #If enable will do load balancing among available Logstash, automatically. loadbalance: true diff --git a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/logback.xml b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/logback.xml index 25a2c6e093..ba247e151c 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/logback.xml +++ b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/logback.xml @@ -17,18 +17,21 @@ SPDX-License-Identifier: Apache-2.0 ============LICENSE_END========================================================= --> - + - - - + + + + + + + - - - - - + + + + ${defaultPattern} @@ -39,110 +42,181 @@ - + + + - ${logDirectory}/${generalLogName}.log - - INFO - ACCEPT - DENY + ${logDirectory}/${auditLog}.log + - ${logDirectory}/${generalLogName}.%i.log.zip + ${logDirectory}/${auditLog}.%i.log.zip 1 9 - 5MB + 50MB + + + ${defaultPattern} + + + + + 256 + + + + + + + ${logDirectory}/${metricsLog}.log + + + + ${logDirectory}/${metricsLog}.%i.log.zip + + 1 + 9 + + + 50MB ${defaultPattern} - + 256 - + - + + + + ${logDirectory}/${debugLog}.log + + + + ${logDirectory}/${debugLog}.%i.log.zip + + 1 + 9 + + + 50MB + + + ${defaultPattern} + + + + + 256 + + + + + + - ${logDirectory}/${errorLogName}.log - - ERROR - ACCEPT - DENY + ${logDirectory}/${errorLog}.log + - ${logDirectory}/${errorLogName}.%i.log.zip + ${logDirectory}/${errorLog}.%i.log.zip 1 9 - 5MB + 50MB ${defaultPattern} - + 256 - + - - ${logDirectory}/${jettyAndNodeLogName}.log - + ${logDirectory}/${jettyLog}.log + - ${logDirectory}/${jettyAndNodeLogName}.%i.log.zip + ${logDirectory}/${jettyLog}.%i.log.zip 1 9 - 5MB + 50MB - ${jettyAndNodeLoggerPattern} + ${defaultPattern} - + 256 - + true + + + - + + + + + + + + + - - - + + + + + + + - - - - - - + + + + + - + \ No newline at end of file diff --git a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties index 5de5fc1814..4379dfbf1d 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties +++ b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties @@ -26,13 +26,13 @@ # URL to retrieve dynamic configuration # #ProvisioningURL: ${DRTR_PROV_INTURL} -ProvisioningURL=https://{{.Values.config.dmaapDrProv.name}}:{{.Values.config.dmaapDrProv.externalPort2}}/internal/prov +ProvisioningURL=https://{{ .Values.global.dmaapDrProvName }}:{{ .Values.global.dmaapDrProvExtPort2 }}/internal/prov # # URL to upload PUB/DEL/EXP logs # #LogUploadURL: ${DRTR_LOG_URL} -LogUploadURL=https://{{.Values.config.dmaapDrProv.name}}:{{.Values.config.dmaapDrProv.externalPort2}}/internal/logs +LogUploadURL=https://{{ .Values.global.dmaapDrProvName }}:{{ .Values.global.dmaapDrProvExtPort2 }}/internal/logs # # The port number for http as seen within the server diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/configmap.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/configmap.yaml index a3882bcb38..5c581beee7 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/templates/configmap.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/configmap.yaml @@ -27,19 +27,6 @@ data: --- apiVersion: v1 kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-create-feed-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/feeds/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-log namespace: {{ include "common.namespace" . }} @@ -62,7 +49,7 @@ data: apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "common.fullname" . }}-dmaap-filebeat-configmap + name: {{ include "common.fullname" . }}-dmaap-dr-node-filebeat-configmap namespace: {{ include "common.namespace" . }} data: {{ tpl (.Files.Glob "resources/config/log/filebeat/filebeat.yml").AsConfig . | indent 2 }} diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml index a508886f10..a190d0d7d2 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml @@ -81,23 +81,17 @@ spec: - mountPath: /etc/localtime name: localtime readOnly: false - - mountPath: /opt/app/datartr/etc/dedicatedFeed.json - name: {{ include "common.fullname" . }}-create-feed-config - subPath: dedicatedFeed.json - - mountPath: /opt/app/datartr/etc/createFeed.sh - name: {{ include "common.fullname" . }}-create-feed-config - subPath: createFeed.sh - mountPath: /opt/app/datartr/etc/node.properties name: {{ include "common.fullname" . }}-config subPath: node.properties - mountPath: /opt/app/datartr/etc/drNodeCadi.properties name: {{ include "common.fullname" . }}-config subPath: drNodeCadi.properties - lifecycle: - postStart: - exec: - command: - - /opt/app/datartr/etc/createFeed.sh + - mountPath: /opt/app/datartr/etc/logback.xml + name: {{ include "common.fullname" . }}-log-conf + subPath: logback.xml + - mountPath: {{ .Values.global.loggingDirectory }} + name: {{ include "common.fullname" . }}-logs resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -118,7 +112,7 @@ spec: subPath: filebeat.yml - name: {{ include "common.fullname" . }}-data-filebeat mountPath: /usr/share/filebeat/data - - name: {{ include "common.fullname" . }}-event-logs-pvc + - name: {{ include "common.fullname" . }}-logs mountPath: /var/log/onap/datarouter-node imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" @@ -126,15 +120,6 @@ spec: - name: localtime hostPath: path: /etc/localtime - - name: {{ include "common.fullname" . }}-create-feed-config - configMap: - name: {{ include "common.fullname" . }}-create-feed-configmap - defaultMode: 0755 - items: - - key: createFeed.sh - path: createFeed.sh - - key: dedicatedFeed.json - path: dedicatedFeed.json - name: {{ include "common.fullname" . }}-config configMap: name: {{ include "common.fullname" . }}-configmap @@ -148,11 +133,13 @@ spec: name: {{ include "common.fullname" . }}-log - name: {{ include "common.fullname" . }}-filebeat-conf configMap: - name: {{ .Release.Name }}-dmaap-filebeat-configmap + name: {{ include "common.fullname" . }}-dmaap-dr-node-filebeat-configmap - name: {{ include "common.fullname" . }}-data-filebeat emptyDir: {} - name: {{ include "common.fullname" . }}-event-logs-pvc emptyDir: {} + - name: {{ include "common.fullname" . }}-logs + emptyDir: {} volumeClaimTemplates: - metadata: name: {{ include "common.fullname" . }}-spool-data-pvc diff --git a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml index 154018a018..872482b3d6 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml @@ -16,12 +16,7 @@ # Global configuration defaults. ################################################################# global: - nodePortPrefixExt: 304 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - loggingDirectory: /opt/app/datartr/logs + loggingDirectory: /var/log/onap/datarouter busyBoxImage: busybox:1.30 busyBoxRepository: docker.io @@ -29,8 +24,7 @@ global: # Application configuration defaults. ################################################################# # application image -repository: nexus3.onap.org:10001 -image: onap/dmaap/datarouter-node:2.1.0 +image: onap/dmaap/datarouter-node:2.1.1 pullPolicy: Always # flag to enable debugging - application support required @@ -60,7 +54,7 @@ readiness: ## Persist data to a persitent volume persistence: volumeReclaimPolicy: Retain - accessMode: ReadWriteMany + accessMode: ReadWriteOnce mountPath: /dockerdata-nfs spoolMountSubPath: data-router/dr-node/spool-data @@ -107,9 +101,3 @@ config: portName2: dr-node-port2 nodePort: 93 nodePort2: 94 - -# dr provisioning server configuration - dmaapDrProv: - name: dmaap-dr-prov - externalPort2: 8443 - internalPort2: 8443 diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/log/filebeat/filebeat.yml b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/log/filebeat/filebeat.yml index f1cf7394b6..db02b2115d 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/log/filebeat/filebeat.yml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/log/filebeat/filebeat.yml @@ -16,6 +16,7 @@ # SPDX-License-Identifier: Apache-2.0 # ============LICENSE_END========================================================= +# dmaap-dr-prov filebeat.yml filebeat.prospectors: #it is mandatory, in our case it's log - input_type: log @@ -40,7 +41,7 @@ output.logstash: #List of logstash server ip addresses with port number. #But, in our case, this will be the loadbalancer IP address. #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately. - hosts: ["{{.Values.config.logstashServiceName}}.{{.Release.Namespace}}:{{.Values.config.logstashPort}}"] + hosts: ["{{.Values.global.logstashServiceName}}.{{.Release.Namespace}}:{{.Values.global.logstashPort}}"] #If enable will do load balancing among available Logstash, automatically. loadbalance: true diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/logback.xml b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/logback.xml index 942d898695..f67b1cf380 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/logback.xml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/logback.xml @@ -18,131 +18,390 @@ ============LICENSE_END========================================================= --> + + + + - - - - - - - - - - - - - ${defaultPattern} - - - - - - - - - ${logDirectory}/${generalLogName}.log - - INFO - ACCEPT - DENY - - - ${logDirectory}/${generalLogName}.%i.log.zip - - 1 - 9 - - - 5MB - - - ${defaultPattern} - - - - - 256 - - - - - ${logDirectory}/${errorLogName}.log - - ERROR - ACCEPT - DENY - - - ${logDirectory}/${errorLogName}.%i.log.zip - - 1 - 9 - - - 5MB - - - ${defaultPattern} - - - - - 256 - - - - - - ${logDirectory}/${jettyLogName}.log - - - ${logDirectory}/${jettyLogName}.%i.log.zip - - 1 - 9 - - - 5MB - - - ${jettyLoggerPattern} - - - - - 256 - - true - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + ${defaultPattern} + + + + + + + + + + + + ${logDirectory}/${generalLogName}.log + + INFO + ACCEPT + DENY + + + ${logDirectory}/${generalLogName}.%i.log.zip + + 1 + 9 + + + 50MB + + + ${defaultPattern} + + + + + 256 + + + + + + + + + + + + + + + + + + + + + + + + + + + ${logDirectory}/${errorLogName}.log + + ERROR + ACCEPT + DENY + + + ${logDirectory}/${errorLogName}.%i.log.zip + + 1 + 9 + + + 50MB + + + ${defaultPattern} + + + + + 256 + + + + + + ${logDirectory}/${jettyLogName}.log + + + ${logDirectory}/${jettyLogName}.%i.log.zip + + 1 + 9 + + + 50MB + + + ${jettyLoggerPattern} + + + + + 256 + + true + + + + + + + ${logDirectory}/${debugLogName}.log + + + ${logDirectory}/${debugLogName}.%i.log.zip + + 1 + 9 + + + 50MB + + + ${defaultPattern} + + + + + 256 + + true + + + + + + + + + + + + + + + - - - - - + + + + + + + + + + + + + + + - + \ No newline at end of file diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties index a4e96f0af6..52f1f3f5c0 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties +++ b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties @@ -23,8 +23,8 @@ #Jetty Server properties -org.onap.dmaap.datarouter.provserver.http.port = {{.Values.config.dmaapDrProv.externalPort}} -org.onap.dmaap.datarouter.provserver.https.port = {{.Values.config.dmaapDrProv.externalPort2}} +org.onap.dmaap.datarouter.provserver.http.port = {{.Values.global.dmaapDrProvExtPort}} +org.onap.dmaap.datarouter.provserver.https.port = {{.Values.global.dmaapDrProvExtPort2}} org.onap.dmaap.datarouter.provserver.https.relaxation = true org.onap.dmaap.datarouter.provserver.keymanager.password = FZNkU,B%NJzcT1v7;^v]M#ZX diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/configmap.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/configmap.yaml index fe93cb0dcd..a39cb556a1 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/configmap.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/configmap.yaml @@ -36,7 +36,7 @@ data: apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "common.fullname" . }}-dmaap-filebeat-configmap + name: {{ include "common.fullname" . }}-dmaap-dr-prov-filebeat-configmap namespace: {{ include "common.namespace" . }} data: {{ tpl (.Files.Glob "resources/config/log/filebeat/filebeat.yml").AsConfig . | indent 2 }} diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml index b9c144de72..ea487d0571 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml @@ -29,13 +29,13 @@ spec: app: {{ include "common.name" . }} release: {{ .Release.Name }} spec: - hostname: {{.Values.config.dmaapDrProv.name}} + hostname: {{ .Values.global.dmaapDrProvName }} initContainers: - command: - /root/ready.py args: - --container-name - - {{.Values.config.dmaapDrDb.mariadbContName}} + - {{ .Values.config.dmaapDrDb.mariadbContName }} env: - name: NAMESPACE valueFrom: @@ -50,18 +50,18 @@ spec: image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: - - containerPort: {{.Values.config.dmaapDrProv.externalPort}} - - containerPort: {{.Values.config.dmaapDrProv.externalPort2}} + - containerPort: {{ .Values.global.dmaapDrProvExtPort }} + - containerPort: {{ .Values.global.dmaapDrProvExtPort2 }} {{- if eq .Values.liveness.enabled true }} livenessProbe: tcpSocket: - port: {{.Values.config.dmaapDrProv.externalPort}} + port: {{ .Values.global.dmaapDrProvExtPort }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} {{ end -}} readinessProbe: tcpSocket: - port: {{.Values.config.dmaapDrProv.externalPort}} + port: {{ .Values.global.dmaapDrProvExtPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: @@ -74,6 +74,9 @@ spec: - mountPath: /opt/app/datartr/etc/drProvCadi.properties name: {{ include "common.fullname" . }}-config subPath: drProvCadi.properties + - mountPath: /opt/app/datartr/etc/logback.xml + name: {{ include "common.fullname" . }}-log-conf + subPath: logback.xml - mountPath: {{ .Values.global.loggingDirectory }} name: {{ include "common.fullname" . }}-logs resources: @@ -115,7 +118,7 @@ spec: name: {{ include "common.fullname" . }}-log - name: {{ include "common.fullname" . }}-filebeat-conf configMap: - name: {{ .Release.Name }}-dmaap-filebeat-configmap + name: {{ include "common.fullname" . }}-dmaap-dr-prov-filebeat-configmap - name: {{ include "common.fullname" . }}-data-filebeat emptyDir: {} - name: {{ include "common.fullname" . }}-logs diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml index 0b40389b55..7a94fdb2cd 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml @@ -15,7 +15,7 @@ apiVersion: v1 kind: Service metadata: - name: {{.Values.config.dmaapDrProv.name}} + name: {{ .Values.global.dmaapDrProvName }} namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} @@ -26,36 +26,36 @@ metadata: service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" msb.onap.org/service-info: '[ { - "serviceName": "{{.Values.config.dmaapDrProv.name}}", + "serviceName": "{{ .Values.global.dmaapDrProvName }}", "version": "v1", "url": "/", "protocol": "REST", - "port": "{{.Values.config.dmaapDrProv.externalPort2}}", + "port": "{{ .Values.global.dmaapDrProvExtPort2 }}", "visualRange":"1" } ]' spec: - type: {{.Values.config.dmaapDrProv.servicetype}} + type: {{ .Values.config.dmaapDrProv.servicetype }} ports: - {{- if eq .Values.config.dmaapDrProv.servicetype "NodePort" }} + {{if eq .Values.config.dmaapDrProv.servicetype "NodePort" -}} {{- if .Values.global.allow_http }} - - port: {{.Values.config.dmaapDrProv.externalPort}} - targetPort: {{.Values.config.dmaapDrProv.internalPort}} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{.Values.config.dmaapDrProv.nodePort}} - name: {{.Values.config.dmaapDrProv.name}} + - port: {{ .Values.global.dmaapDrProvExtPort }} + targetPort: {{ .Values.config.dmaapDrProv.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.config.dmaapDrProv.nodePort }} + name: {{ .Values.config.dmaapDrProv.portName }} {{- end}} - - port: {{.Values.config.dmaapDrProv.externalPort2}} - targetPort: {{.Values.config.dmaapDrProv.internalPort2}} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{.Values.config.dmaapDrProv.nodePort2}} - name: {{.Values.config.dmaapDrProv.name}}2 + - port: {{ .Values.global.dmaapDrProvExtPort2 }} + targetPort: {{ .Values.config.dmaapDrProv.internalPort2 }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.config.dmaapDrProv.nodePort2 }} + name: {{ .Values.config.dmaapDrProv.portName }}2 {{- else -}} - - port: {{.Values.config.dmaapDrProv.externalPort}} - targetPort: {{.Values.config.dmaapDrProv.internalPort}} - name: {{.Values.config.dmaapDrProv.name}} - - port: {{.Values.config.dmaapDrProv.externalPort2}} - targetPort: {{.Values.config.dmaapDrProv.internalPort2}} - name: {{.Values.config.dmaapDrProv.name}}2 + - port: {{ .Values.global.dmaapDrProvExtPort }} + targetPort: {{ .Values.config.dmaapDrProv.internalPort }} + name: {{ .Values.config.dmaapDrProv.portName }} + - port: {{ .Values.global.dmaapDrProvExtPort2 }} + targetPort: {{ .Values.config.dmaapDrProv.internalPort2 }} + name: {{ .Values.config.dmaapDrProv.portName }}2 {{- end}} selector: app: {{ include "common.name" . }} diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml index 39977f80e3..aca2c83adb 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml @@ -17,18 +17,13 @@ ################################################################# global: nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 loggingDirectory: /opt/app/datartr/logs ################################################################# # Application configuration defaults. ################################################################# # application image -repository: nexus3.onap.org:10001 -image: onap/dmaap/datarouter-prov:2.1.0 +image: onap/dmaap/datarouter-prov:2.1.1 pullPolicy: Always # flag to enable debugging - application support required @@ -86,9 +81,6 @@ config: # dr provisioning server configuration dmaapDrProv: servicetype: NodePort - name: dmaap-dr-prov - externalPort: 8080 - externalPort2: 8443 internalPort: 8080 internalPort2: 8443 portName: dr-prov-port diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/cadi.properties b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/cadi.properties index 84741760b7..1e7d7d38ac 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/cadi.properties +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/cadi.properties @@ -1,4 +1,4 @@ -aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.1 +aaf_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1 aaf_env=DEV aaf_lur=org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/server.properties b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/server.properties index c8ed6206ea..48341167f6 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/server.properties +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/server.properties @@ -20,6 +20,11 @@ num.io.threads=8 # The send buffer (SO_SNDBUF) used by the socket server socket.send.buffer.bytes=102400 +#The number of hours to keep a log file before deleting it +log.retention.hours=168 +#The maximum size of the log before deleting it +log.retention.bytes=21474836480 + # The receive buffer (SO_RCVBUF) used by the socket server socket.receive.buffer.bytes=102400 @@ -93,7 +98,7 @@ log.retention.check.interval.ms=300000 # server. e.g. "127.0.0.1:3000,127.0.0.1:3001,127.0.0.1:3002". # You can also append an optional chroot string to the urls to specify the # root directory for all kafka znodes. -zookeeper.connect=message-router-zookeeper:2181 +zookeeper.connect={{.Release.Name}}-{{.Values.zookeeper.name}}-0.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}},{{.Release.Name}}-{{.Values.zookeeper.name}}-1.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}},{{.Release.Name}}-{{.Values.zookeeper.name}}-2.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}} # Timeout in ms for connecting to zookeeper zookeeper.connection.timeout.ms=6000 diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml index 0d94311e4d..bfe4b11ba7 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml @@ -125,6 +125,9 @@ spec: fieldRef: apiVersion: v1 fieldPath: status.hostIP + - name: aaf_locate_url + value: https://aaf-locate.{{ include "common.namespace" . }}:8095 + volumeMounts: - mountPath: /etc/localtime name: localtime diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/values.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/values.yaml index 732394abc3..f5a7c7ebb5 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/values.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/values.yaml @@ -30,7 +30,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/dmaap/kafka111:1.0.2 +image: onap/dmaap/kafka111:1.0.1 pullPolicy: Always ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 busyBoxImage: busybox:1.30 @@ -97,7 +97,7 @@ persistence: ## GKE, AWS & OpenStack) ## # storageClass: "-" - accessMode: ReadWriteMany + accessMode: ReadWriteOnce size: 2Gi mountPath: /dockerdata-nfs mountSubPath: message-router/data-kafka @@ -110,7 +110,7 @@ service: externalPort: 9093 baseNodePort: 30490 - + ingress: enabled: false @@ -134,4 +134,3 @@ resources: cpu: 1000m memory: 2Gi unlimited: {} - diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-mirrormaker/values.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-mirrormaker/values.yaml index 7067b328df..2f63406a08 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-mirrormaker/values.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-mirrormaker/values.yaml @@ -30,7 +30,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/dmaap/kafka111:1.0.2 +image: onap/dmaap/kafka111:1.0.1 pullPolicy: Always ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/values.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/values.yaml index 9c72958cf9..734736d193 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/values.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/values.yaml @@ -30,7 +30,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/dmaap/zookeeper:6.0.1 +image: onap/dmaap/zookeeper:6.0.0 pullPolicy: Always ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 busyBoxImage: busybox:1.30 @@ -92,7 +92,7 @@ persistence: ## GKE, AWS & OpenStack) ## # storageClass: "-" - accessMode: ReadWriteMany + accessMode: ReadWriteOnce size: 2Gi mountPath: /dockerdata-nfs mountSubPath: message-router/data-zookeeper diff --git a/kubernetes/dmaap/components/message-router/resources/config/dmaap/MsgRtrApi.properties b/kubernetes/dmaap/components/message-router/resources/config/dmaap/MsgRtrApi.properties index 8e446610d4..b07eaad9b5 100755 --- a/kubernetes/dmaap/components/message-router/resources/config/dmaap/MsgRtrApi.properties +++ b/kubernetes/dmaap/components/message-router/resources/config/dmaap/MsgRtrApi.properties @@ -36,7 +36,9 @@ ## Both Cambria and Kafka make use of Zookeeper. ## #config.zk.servers=172.18.1.1 -config.zk.servers={{.Values.zookeeper.name}}:{{.Values.zookeeper.port}} +#config.zk.servers={{.Values.zookeeper.name}}:{{.Values.zookeeper.port}} +config.zk.servers={{.Release.Name}}-{{.Values.zookeeper.name}}-0.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}},{{.Release.Name}}-{{.Values.zookeeper.name}}-1.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}},{{.Release.Name}}-{{.Values.zookeeper.name}}-2.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}} + #config.zk.root=/fe3c/cambria/config @@ -48,7 +50,8 @@ config.zk.servers={{.Values.zookeeper.name}}:{{.Values.zookeeper.port}} ## configurations (after removing "kafka.") ## if you want to change request.required.acks it can take this one value #kafka.metadata.broker.list=localhost:9092,localhost:9093 -kafka.metadata.broker.list={{.Values.kafka.name}}:{{.Values.kafka.port}} +#kafka.metadata.broker.list={{.Values.kafka.name}}:{{.Values.kafka.port}} +kafka.metadata.broker.list={{.Release.Name}}-{{.Values.kafka.name}}-0.{{.Values.kafka.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.kafka.port}},{{.Release.Name}}-{{.Values.kafka.name}}-1.{{.Values.kafka.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.kafka.port}},{{.Release.Name}}-{{.Values.kafka.name}}-2.{{.Values.kafka.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.kafka.port}} ##kafka.request.required.acks=-1 #kafka.client.zookeeper=${config.zk.servers} consumer.timeout.ms=100 diff --git a/kubernetes/dmaap/components/message-router/resources/config/dmaap/cadi.properties b/kubernetes/dmaap/components/message-router/resources/config/dmaap/cadi.properties index 4e0b085e20..36dafce986 100755 --- a/kubernetes/dmaap/components/message-router/resources/config/dmaap/cadi.properties +++ b/kubernetes/dmaap/components/message-router/resources/config/dmaap/cadi.properties @@ -1,5 +1,5 @@ -aaf_locate_url=https://aaf-locate:8095 -aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.1 +aaf_locate_url=https://aaf-locate.{{ include "common.namespace" . }}:8095 +aaf_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1 aaf_env=DEV aaf_lur=org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm diff --git a/kubernetes/dmaap/components/message-router/resources/config/dmaap/logback.xml b/kubernetes/dmaap/components/message-router/resources/config/dmaap/logback.xml index 75379541e1..5dac1c0de7 100644 --- a/kubernetes/dmaap/components/message-router/resources/config/dmaap/logback.xml +++ b/kubernetes/dmaap/components/message-router/resources/config/dmaap/logback.xml @@ -40,7 +40,7 @@ - "%d [%thread] %-5level %logger{1024} - %msg%n" diff --git a/kubernetes/dmaap/resources/config/log/filebeat/filebeat.yml b/kubernetes/dmaap/resources/config/log/filebeat/filebeat.yml index f1cf7394b6..40d2476b8e 100644 --- a/kubernetes/dmaap/resources/config/log/filebeat/filebeat.yml +++ b/kubernetes/dmaap/resources/config/log/filebeat/filebeat.yml @@ -40,7 +40,7 @@ output.logstash: #List of logstash server ip addresses with port number. #But, in our case, this will be the loadbalancer IP address. #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately. - hosts: ["{{.Values.config.logstashServiceName}}.{{.Release.Namespace}}:{{.Values.config.logstashPort}}"] + hosts: ["{{.Values.global.logstashServiceName}}.{{.Release.Namespace}}:{{.Values.global.logstashPort}}"] #If enable will do load balancing among available Logstash, automatically. loadbalance: true diff --git a/kubernetes/dmaap/values.yaml b/kubernetes/dmaap/values.yaml index d5b7bffefe..89c8baa1a4 100644 --- a/kubernetes/dmaap/values.yaml +++ b/kubernetes/dmaap/values.yaml @@ -18,20 +18,28 @@ ################################################################# global: nodePortPrefix: 302 + nodePortPrefixExt: 304 readinessRepository: oomk8s readinessImage: readiness-check:2.0.0 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 clientImage: onap/dmaap/dbc-client:1.0.9 + repository: nexus3.onap.org:10001 #Global DMaaP app config allow_http: true -# application configuration -config: + #Logstash config logstashServiceName: log-ls logstashPort: 5044 + #dmaap-dr-prov server configuration + dmaapDrProvName: dmaap-dr-prov + dmaapDrProvExtPort2: 8443 + dmaapDrProvExtPort: 8080 + + +#Component overrides message-router: enabled: true dmaap-bc: diff --git a/kubernetes/multicloud/values.yaml b/kubernetes/multicloud/values.yaml index bff78cafc9..00fd8c33ad 100644 --- a/kubernetes/multicloud/values.yaml +++ b/kubernetes/multicloud/values.yaml @@ -20,7 +20,7 @@ global: nodePortPrefix: 302 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 - artifactImage: onap/multicloud/framework-artifactbroker:1.3.3 + artifactImage: onap/multicloud/framework-artifactbroker:1.4.0 prometheus: enabled: false @@ -29,7 +29,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/multicloud/framework:1.3.3 +image: onap/multicloud/framework:1.4.0 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/nbi/charts/mariadb/values.yaml b/kubernetes/nbi/charts/mariadb/values.yaml index bd79853650..70fa143b9a 100644 --- a/kubernetes/nbi/charts/mariadb/values.yaml +++ b/kubernetes/nbi/charts/mariadb/values.yaml @@ -61,7 +61,7 @@ readiness: persistence: enabled: true volumeReclaimPolicy: Retain - accessMode: ReadWriteMany + accessMode: ReadWriteOnce size: 2Gi mountPath: /dockerdata-nfs mountSubPath: mariadb/data diff --git a/kubernetes/onap/requirements.yaml b/kubernetes/onap/requirements.yaml index 5dd51a006b..1d1dd8b7a5 100755 --- a/kubernetes/onap/requirements.yaml +++ b/kubernetes/onap/requirements.yaml @@ -148,7 +148,3 @@ dependencies: version: ~5.x-0 repository: '@local' condition: modeling.enabled - - name: nginx-ingress - version: ~1.6.18 - repository: 'https://kubernetes-charts.storage.googleapis.com' - condition: nginx-ingress.enabled diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index 46c8db6e5e..c0095049b5 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -168,5 +168,3 @@ vnfsdk: enabled: false modeling: enabled: false -nginx-ingress: - enabled: false diff --git a/kubernetes/policy/charts/drools/charts/nexus/values.yaml b/kubernetes/policy/charts/drools/charts/nexus/values.yaml index 5d85f6c5b0..2f80892ab2 100644 --- a/kubernetes/policy/charts/drools/charts/nexus/values.yaml +++ b/kubernetes/policy/charts/drools/charts/nexus/values.yaml @@ -73,7 +73,7 @@ ingress: persistence: enabled: true volumeReclaimPolicy: Retain - accessMode: ReadWriteMany + accessMode: ReadWriteOnce size: 2Gi mountPath: /dockerdata-nfs mountSubPath: nexus/data diff --git a/kubernetes/policy/charts/mariadb/values.yaml b/kubernetes/policy/charts/mariadb/values.yaml index 15c75b753c..9b7102dbeb 100644 --- a/kubernetes/policy/charts/mariadb/values.yaml +++ b/kubernetes/policy/charts/mariadb/values.yaml @@ -60,7 +60,7 @@ readiness: persistence: enabled: true volumeReclaimPolicy: Retain - accessMode: ReadWriteMany + accessMode: ReadWriteOnce size: 2Gi mountPath: /dockerdata-nfs mountSubPath: mariadb/data diff --git a/kubernetes/robot b/kubernetes/robot index 580d933f80..b6b5b0e6f8 160000 --- a/kubernetes/robot +++ b/kubernetes/robot @@ -1 +1 @@ -Subproject commit 580d933f80ddaf3df373671abead40e8181da642 +Subproject commit b6b5b0e6f8880e3a922a2fef97e95e5013475228 diff --git a/kubernetes/sdc/charts/sdc-dcae-be/values.yaml b/kubernetes/sdc/charts/sdc-dcae-be/values.yaml index bf1d9b4584..0e4d4fb82d 100644 --- a/kubernetes/sdc/charts/sdc-dcae-be/values.yaml +++ b/kubernetes/sdc/charts/sdc-dcae-be/values.yaml @@ -27,9 +27,9 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/dcae-be:1.3.0 +image: onap/dcae-be:1.3.1 pullPolicy: Always -backendInitImage: onap/dcae-tools:1.3.0 +backendInitImage: onap/dcae-tools:1.3.1 # flag to enable debugging - application support required debugEnabled: false diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml b/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml index 2b8fd9027f..f586f27dc3 100644 --- a/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml +++ b/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml @@ -27,7 +27,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/dcae-dt:1.2.0 +image: onap/dcae-dt:1.3.1 pullPolicy: IfNotPresent config: javaOptions: -XX:MaxPermSize=256m -Xmx1024m -Dconfig.home=config -Dlog.home=/var/lib/jetty/logs/ -Dlogging.config=config/dcae-dt/logback-spring.xml diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml b/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml index 4b40bcea8f..b6ea577ee5 100644 --- a/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml +++ b/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml @@ -27,7 +27,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/dcae-fe:1.3.0 +image: onap/dcae-fe:1.3.1 pullPolicy: Always config: javaOptions: -XX:MaxPermSize=256m -Xmx1024m -Dconfig.home=config -Dlog.home=/var/lib/jetty/logs/ -Dlogging.config=config/dcae-fe/logback-spring.xml diff --git a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/values.yaml b/kubernetes/sdc/charts/sdc-dcae-tosca-lab/values.yaml index e787948ce2..06169df566 100644 --- a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/values.yaml +++ b/kubernetes/sdc/charts/sdc-dcae-tosca-lab/values.yaml @@ -27,7 +27,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/dcae-tosca-app:1.3.0 +image: onap/dcae-tosca-app:1.3.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml b/kubernetes/sdc/charts/sdc-wfd-be/values.yaml index 8249c11109..73eea4af7e 100644 --- a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml +++ b/kubernetes/sdc/charts/sdc-wfd-be/values.yaml @@ -28,8 +28,8 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/workflow-backend:1.5.0 -configInitImage: onap/workflow-init:1.5.0 +image: onap/workflow-backend:1.4.1 +configInitImage: onap/workflow-init:1.4.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml b/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml index 934513442a..639c811b08 100644 --- a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml +++ b/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml @@ -28,7 +28,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/workflow-frontend:1.5.0 +image: onap/workflow-frontend:1.4.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/charts/dmaap-listener/values.yaml b/kubernetes/sdnc/charts/dmaap-listener/values.yaml index 6021a160a2..600bae2d91 100644 --- a/kubernetes/sdnc/charts/dmaap-listener/values.yaml +++ b/kubernetes/sdnc/charts/dmaap-listener/values.yaml @@ -27,7 +27,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdnc-dmaap-listener-image:1.6.1 +image: onap/sdnc-dmaap-listener-image:1.7.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml b/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml index ec8dc3027c..8651e32628 100644 --- a/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml +++ b/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml @@ -27,7 +27,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdnc-ansible-server-image:1.6.1 +image: onap/sdnc-ansible-server-image:1.7.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/charts/sdnc-portal/values.yaml b/kubernetes/sdnc/charts/sdnc-portal/values.yaml index 47d4b5f2fa..31575ca40f 100644 --- a/kubernetes/sdnc/charts/sdnc-portal/values.yaml +++ b/kubernetes/sdnc/charts/sdnc-portal/values.yaml @@ -27,13 +27,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/admportal-sdnc-image:1.6.1 -pullPolicy: Always - -# flag to enable debugging - application support required -debugEnabled: false - -# application configuration +image: onap/admportal-sdnc-image:1.7.0 config: dbRootPassword: secretpassword dbSdnctlPassword: gamma @@ -48,7 +42,7 @@ config: internalPort: 3306 # default number of instances -replicaCount: 0 +replicaCount: 1 nodeSelector: {} diff --git a/kubernetes/sdnc/charts/ueb-listener/values.yaml b/kubernetes/sdnc/charts/ueb-listener/values.yaml index 0348c251d4..a6040f038c 100644 --- a/kubernetes/sdnc/charts/ueb-listener/values.yaml +++ b/kubernetes/sdnc/charts/ueb-listener/values.yaml @@ -27,7 +27,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdnc-ueb-listener-image:1.6.1 +image: onap/sdnc-ueb-listener-image:1.7.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/resources/config/conf/akka.conf b/kubernetes/sdnc/resources/config/conf/akka.conf new file mode 100644 index 0000000000..8440a9de56 --- /dev/null +++ b/kubernetes/sdnc/resources/config/conf/akka.conf @@ -0,0 +1,80 @@ + +odl-cluster-data { + akka { + remote { + artery { + enabled = off + canonical.hostname = "127.0.0.1" + canonical.port = 2550 + } + netty.tcp { + hostname = "127.0.0.1" + port = 2550 + } + + use-passive-connections = off + # when under load we might trip a false positive on the failure detector + # transport-failure-detector { + # heartbeat-interval = 4 s + # acceptable-heartbeat-pause = 16s + # } + } + + actor { + debug { + autoreceive = on + lifecycle = on + unhandled = on + fsm = on + event-stream = on + } + } + + cluster { + # Remove ".tcp" when using artery. + seed-nodes = ["akka.tcp://opendaylight-cluster-data@127.0.0.1:2550"] + + seed-node-timeout = {{.Values.config.odl.akka.seedNodeTimeout}} + + roles = ["member-1"] + + } + + persistence { + # By default the snapshots/journal directories live in KARAF_HOME. You can choose to put it somewhere else by + # modifying the following two properties. The directory location specified may be a relative or absolute path. + # The relative path is always relative to KARAF_HOME. + + # snapshot-store.local.dir = "target/snapshots" + # journal.leveldb.dir = "target/journal" + + journal { + leveldb { + # Set native = off to use a Java-only implementation of leveldb. + # Note that the Java-only version is not currently considered by Akka to be production quality. + + # native = off + } + + journal-plugin-fallback { + circuit-breaker { + max-failures = {{.Values.config.odl.akka.circuitBreaker.maxFailures}} + call-timeout = {{.Values.config.odl.akka.circuitBreaker.callTimeout}} + reset-timeout = {{.Values.config.odl.akka.circuitBreaker.resetTimeout}} + } + recovery-event-timeout = {{.Values.config.odl.akka.recoveryEventTimeout}} + } + + snapshot-store-plugin-fallback { + circuit-breaker { + max-failures = {{.Values.config.odl.akka.circuitBreaker.maxFailures}} + call-timeout = {{.Values.config.odl.akka.circuitBreaker.callTimeout}} + reset-timeout = {{.Values.config.odl.akka.circuitBreaker.resetTimeout}} + } + recovery-event-timeout = {{.Values.config.odl.akka.recoveryEventTimeout}} + } + } + } + } +} + diff --git a/kubernetes/sdnc/resources/config/conf/org.opendaylight.controller.cluster.datastore.cfg b/kubernetes/sdnc/resources/config/conf/org.opendaylight.controller.cluster.datastore.cfg new file mode 100644 index 0000000000..29dd0e54dd --- /dev/null +++ b/kubernetes/sdnc/resources/config/conf/org.opendaylight.controller.cluster.datastore.cfg @@ -0,0 +1,107 @@ +# This file specifies property settings for the clustered data store to control its behavior. A +# property may be applied to every data store type ("config" and "operational") or can be customized +# differently for each data store type by prefixing the data store type + '.'. For example, specifying +# the "shard-election-timeout-factor" property would be applied to both data stores whereas specifying +# "operational.shard-election-timeout-factor" would only apply to the "operational" data store. Similarly, +# specifying "config.shard-election-timeout-factor" would only apply to the "config" data store. + +# The multiplication factor to be used to determine shard election timeout. The shard election timeout +# is determined by multiplying shardHeartbeatIntervalInMillis with the shardElectionTimeoutFactor. +shard-election-timeout-factor=20 + +# The interval at which a shard will send a heart beat message to its remote shard. +#shard-heartbeat-interval-in-millis=500 + +# The amount by which to divide election timeout in case of a candidate. This serves as a counter-balance +# to shard-election-timeout-factor. The default value is 1, i.e. election timeout is the same in all +# situations. +#shard-candidate-election-timeout-divisor=1 + +# The maximum amount of time to wait for a shard to elect a leader before failing an operation (eg transaction create). +#shard-leader-election-timeout-in-seconds=30 + +# Enable or disable data persistence. +#persistent=true + +# Disable persistence for the operational data store by default. +operational.persistent=false + +# The maximum amount of time a shard transaction can be idle without receiving any messages before it self-destructs. +#shard-transaction-idle-timeout-in-minutes=10 + +# The maximum amount of time a shard transaction three-phase commit can be idle without receiving the +# next messages before it aborts the transaction. +#shard-transaction-commit-timeout-in-seconds=30 + +# The maximum allowed capacity for each shard's transaction commit queue. +#shard-transaction-commit-queue-capacity=20000 + +# The maximum amount of time to wait for a shard to initialize from persistence on startup before +# failing an operation (eg transaction create and change listener registration). +#shard-initialization-timeout-in-seconds=300 + +# The minimum number of entries to be present in the in-memory journal log before a snapshot is to be taken. +#shard-snapshot-batch-count=20000 + +# The percentage of Runtime.totalMemory() used by the in-memory journal log before a snapshot is to be taken. +#shard-snapshot-data-threshold-percentage=12 + +# The interval at which the leader of the shard will check if its majority followers are active and +# term itself as isolated. +#shard-isolated-leader-check-interval-in-millis=5000 + +# The number of transaction modification operations (put, merge, delete) to batch before sending to the +# shard transaction actor. Batching improves performance as less modifications messages are sent to the +# actor and thus lessens the chance that the transaction actor's mailbox queue could get full. +#shard-batched-modification-count=1000 + +# The maximum amount of time for akka operations (remote or local) to complete before failing. +#operation-timeout-in-seconds=5 + +# The initial number of transactions per second that are allowed before the data store should begin +# applying back pressure. This number is only used as an initial guidance, subsequently the datastore +# measures the latency for a commit and auto-adjusts the rate limit. +#transaction-creation-initial-rate-limit=100 + +# The maximum thread pool size for each shard's data store data change notification executor. +#max-shard-data-change-executor-pool-size=20 + +# The maximum queue size for each shard's data store data change notification executor. +#max-shard-data-change-executor-queue-size=1000 + +# The maximum queue size for each shard's data store data change listener. +#max-shard-data-change-listener-queue-size=1000 + +# The maximum queue size for each shard's data store executor. +#max-shard-data-store-executor-queue-size=5000 + +# A fully qualified java class name. The class should implement +# org.opendaylight.controller.cluster.raft.policy.RaftPolicy. This java class should be +# accessible to the distributed data store OSGi module so that it can be dynamically loaded via +# reflection. For now let's assume that these classes to customize raft behaviors should be +# present in the distributed data store module itself. If this property is set to a class which +# cannot be found then the default raft policy will be applied +#custom-raft-policy-implementation= + +# When fragmenting messages thru the akka remoting framework, this is the maximum size in bytes +# for a message slice. +#maximum-message-slice-size=20480000 + +# Enable tell-based protocol between frontend (applications) and backend (shards). Using this protocol +# should avoid AskTimeoutExceptions seen under heavy load. Defaults to false (use ask-based protocol). +#use-tell-based-protocol=true + +# Tune the maximum number of entries a follower is allowed to lag behind the leader before it is +# considered out-of-sync. This flag may require tuning in face of a large number of small transactions. +#sync-index-threshold=10 + +# Record new transaction allocation stack trace, useful for debugging. This makes the log include +# the stack trace of the creator of the Tx when there is an exception when the transaction is submitted +# (e.g. for a failed validation). Defaults to false due to performance impact. +#transaction-debug-context-enabled=true +persistent-actor-restart-min-backoff-in-seconds={{.Values.config.odl.datastore.persistentActorRestartMinBackoffInSeconds}} +persistent-actor-restart-max-backoff-in-seconds={{.Values.config.odl.datastore.persistentActorRestartMaxBackoffInSeconds}} +persistent-actor-restart-reset-backoff-in-seconds={{.Values.config.odl.datastore.persistentActorRestartResetBackoffInSeconds}} +shard-transaction-commit-timeout-in-seconds={{.Values.config.odl.datastore.shardTransactionCommitTimeoutInSeconds}} +shard-isolated-leader-check-interval-in-millis={{.Values.config.odl.datastore.shardIsolatedLeaderCheckIntervalInMillis}} +operation-timeout-in-seconds={{.Values.config.odl.datastore.operationTimeoutInSeconds}} diff --git a/kubernetes/sdnc/resources/config/conf/setenv b/kubernetes/sdnc/resources/config/conf/setenv new file mode 100644 index 0000000000..7476e6849a --- /dev/null +++ b/kubernetes/sdnc/resources/config/conf/setenv @@ -0,0 +1,61 @@ +#!/bin/sh +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# +# handle specific scripts; the SCRIPT_NAME is exactly the name of the Karaf +# script: client, instance, shell, start, status, stop, karaf +# +# if [ "${KARAF_SCRIPT}" == "SCRIPT_NAME" ]; then +# Actions go here... +# fi + +# +# general settings which should be applied for all scripts go here; please keep +# in mind that it is possible that scripts might be executed more than once, e.g. +# in example of the start script where the start script is executed first and the +# karaf script afterwards. +# + +# +# The following section shows the possible configuration options for the default +# karaf scripts +# +# export JAVA_HOME # Location of Java installation +# export JAVA_MIN_MEM # Minimum memory for the JVM +# export JAVA_MAX_MEM # Maximum memory for the JVM +# export JAVA_PERM_MEM # Minimum perm memory for the JVM +# export JAVA_MAX_PERM_MEM # Maximum perm memory for the JVM +# export EXTRA_JAVA_OPTS # Additional JVM options +# export KARAF_HOME # Karaf home folder +# export KARAF_DATA # Karaf data folder +# export KARAF_BASE # Karaf base folder +# export KARAF_ETC # Karaf etc folder +# export KARAF_SYSTEM_OPTS # First citizen Karaf options +# export KARAF_OPTS # Additional available Karaf options +# export KARAF_DEBUG # Enable debug mode +# export KARAF_REDIRECT # Enable/set the std/err redirection when using bin/start +# export KARAF_NOROOT # Prevent execution as root if set to true +if [ "x$JAVA_MAX_MEM" = "x" ]; then + export JAVA_MAX_MEM="2048m" +fi + +EXTRA_JAVA_OPTS: "-XX:+UseG1GC -XX:MaxGCPauseMillis={{.Values.config.odl.javaOptions.maxGCPauseMillis}} \ + -XX:ParallelGCThreads={{.Values.config.odl.javaOptions.parallelGCThreads}} -XX:+ParallelRefProcEnabled \ + -XX:+UseStringDeduplication -XX:+PrintGC -XX:+PrintGCDateStamps -XX:+PrintGCDetails \ + -XX:+PrintGCTimeStamps -XX:+UseGCLogFileRotation \ + -XX:NumberOfGCLogFiles={{.Values.config.odl.javaOptions.numberGGLogFiles}} -Xloggc:/var/log/onap/sdnc/gc-%t.log" diff --git a/kubernetes/sdnc/resources/config/overrides/image-versions.yaml b/kubernetes/sdnc/resources/config/overrides/image-versions.yaml deleted file mode 100644 index fa4d8d2012..0000000000 --- a/kubernetes/sdnc/resources/config/overrides/image-versions.yaml +++ /dev/null @@ -1,25 +0,0 @@ -sdnc: - image: onap/sdnc-image:1.6.1 - sdnc-ansible-server: - image: onap/sdnc-ansible-server-image:1.6.1 - dmaap-listener: - image: onap/sdnc-dmaap-listener-image:1.6.1 - sdnc-portal: - image: onap/admportal-sdnc-image:1.6.1 - ueb-listener: - image: onap/sdnc-ueb-listener-image:1.6.1 -cds: - cds-command-executor: - image: onap/ccsdk-commandexecutor:0.5.1 - cds-blueprints-processor: - image: onap/ccsdk-blueprintsprocessor:0.5.1 - cds-ui: - image: onap/ccsdk-cds-ui-server:0.5.1 - cds-controller-blueprints: - image: onap/ccsdk-controllerblueprints:0.5.1 - cds-sdc-listener: - image: onap/ccsdk-sdclistener:0.5.1 -common: - dgbuilder: - image: onap/ccsdk-dgbuilder-image:0.5.1 - diff --git a/kubernetes/sdnc/resources/config/overrides/sdnc-versions.yaml b/kubernetes/sdnc/resources/config/overrides/sdnc-versions.yaml new file mode 100644 index 0000000000..c664860218 --- /dev/null +++ b/kubernetes/sdnc/resources/config/overrides/sdnc-versions.yaml @@ -0,0 +1,21 @@ +sdnc: + image: onap/sdnc-image:1.7.0 + sdnc-ansible-server: + image: onap/sdnc-ansible-server-image:1.7.0 + dmaap-listener: + image: onap/sdnc-dmaap-listener-image:1.7.0 + sdnc-portal: + image: onap/admportal-sdnc-image:1.7.0 + ueb-listener: + image: onap/sdnc-ueb-listener-image:1.7.0 +cds: + cds-command-executor: + image: onap/ccsdk-commandexecutor:0.6.0 + cds-blueprints-processor: + image: onap/ccsdk-blueprintsprocessor:0.6.0 + cds-ui: + image: onap/ccsdk-cds-ui-server:0.6.0 + cds-controller-blueprints: + image: onap/ccsdk-controllerblueprints:0.6.0 + cds-sdc-listener: + image: onap/ccsdk-sdclistener:0.6.0 diff --git a/kubernetes/sdnc/templates/service.yaml b/kubernetes/sdnc/templates/service.yaml index e74202ca43..db6d73a3c5 100644 --- a/kubernetes/sdnc/templates/service.yaml +++ b/kubernetes/sdnc/templates/service.yaml @@ -40,11 +40,9 @@ spec: {{if eq .Values.service.type "NodePort" -}} - port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} name: "{{ .Values.service.portName }}-8282" - port: {{ .Values.service.externalPort2 }} targetPort: {{ .Values.service.internalPort2 }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} name: "{{ .Values.service.portName }}-8202" - port: {{ .Values.service.externalPort3 }} targetPort: {{ .Values.service.internalPort3 }} diff --git a/kubernetes/sdnc/templates/statefulset.yaml b/kubernetes/sdnc/templates/statefulset.yaml index d60319fa1c..e3ac50fc61 100644 --- a/kubernetes/sdnc/templates/statefulset.yaml +++ b/kubernetes/sdnc/templates/statefulset.yaml @@ -145,6 +145,15 @@ spec: name: logs - mountPath: {{ .Values.certpersistence.certPath }} name: {{ include "common.fullname" . }}-certs + - mountPath: {{ .Values.config.odl.salConfigDir }}/{{ .Values.config.odl.salConfigVersion}}/sal-clustering-config-{{ .Values.config.odl.salConfigVersion}}-akkaconf.xml + name: properties + subPath: akka.conf + - mountPath: {{ .Values.config.odl.etcDir }}/org.opendaylight.controller.cluster.datastore.cfg + name: properties + subPath: org.opendaylight.controller.cluster.datastore.cfg + - mountPath: {{ .Values.config.odl.binDir }}/setenv + name: properties + subPath: setenv resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml index 22a36d22d9..2df38b74e7 100644 --- a/kubernetes/sdnc/values.yaml +++ b/kubernetes/sdnc/values.yaml @@ -32,7 +32,7 @@ global: # application images repository: nexus3.onap.org:10001 pullPolicy: Always -image: onap/sdnc-image:1.6.1 +image: onap/sdnc-image:1.7.0 # flag to enable debugging - application support required @@ -66,6 +66,32 @@ config: ansiblePort: 8000 javaHome: /usr/lib/jvm/java-1.8-openjdk + odl: + etcDir: /opt/opendaylight/etc + binDir: /opt/opendaylight/bin + salConfigDir: /opt/opendaylight/system/org/opendaylight/controller/sal-clustering-config + salConfigVersion: 1.8.2 + akka: + seedNodeTimeout: 15s + circuitBreaker: + maxFailures: 10 + callTimeout: 90s + resetTimeout: 30s + recoveryEventTimeout: 90s + datastore: + persistentActorRestartMinBackoffInSeconds: 10 + persistentActorRestartMaxBackoffInSeconds: 40 + persistentActorRestartResetBackoffInSeconds: 20 + shardTransactionCommitTimeoutInSeconds: 120 + shardIsolatedLeaderCheckIntervalInMillis: 30000 + operationTimeoutInSeconds: 120 + javaOptions: + maxGCPauseMillis: 100 + parallelGCThreads : 3 + numberGGLogFiles: 10 + + + #local Mariadb-galera cluster localDBCluster: false @@ -163,7 +189,7 @@ service: internalPort: 8181 internalPort2: 8101 internalPort3: 8080 - internalPort4: 2550 + internalPort4: 8443 #port externalPort: 8282 diff --git a/kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml index 35b86a33a0..d1f23e9a10 100755 --- a/kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml +++ b/kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml @@ -93,7 +93,7 @@ mso: endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/services/rest/v1/vnfs volume-groups: rest: - endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}g:8087/services/rest/v1/volume-groups + endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/services/rest/v1/volume-groups vnf-async: endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/services/VnfAsync vfc: @@ -323,6 +323,14 @@ server: tomcat: max-threads: 50 spring: + datasource: + hikari: + jdbcUrl: jdbc:mariadb://${DB_HOST}:${DB_PORT}/camundabpmn + username: ${DB_USERNAME} + password: ${DB_PASSWORD} + driver-class-name: org.mariadb.jdbc.Driver + pool-name: bpmn-pool + registerMbeans: true security: usercredentials: - diff --git a/kubernetes/so/charts/so-bpmn-infra/values.yaml b/kubernetes/so/charts/so-bpmn-infra/values.yaml index d97a6291db..beda24033f 100755 --- a/kubernetes/so/charts/so-bpmn-infra/values.yaml +++ b/kubernetes/so/charts/so-bpmn-infra/values.yaml @@ -27,7 +27,7 @@ global: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/bpmn-infra:1.4.4 +image: onap/so/bpmn-infra:1.5.0 pullPolicy: Always replicaCount: 1 diff --git a/kubernetes/so/charts/so-catalog-db-adapter/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-catalog-db-adapter/resources/config/overrides/override.yaml index c59949c900..b643c4ae9e 100755 --- a/kubernetes/so/charts/so-catalog-db-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/charts/so-catalog-db-adapter/resources/config/overrides/override.yaml @@ -26,6 +26,14 @@ mso: db: auth: Basic YnBlbDpwYXNzd29yZDEk spring: + datasource: + hikari: + jdbcUrl: jdbc:mariadb://${DB_HOST}:${DB_PORT}/catalogdb + username: ${DB_USERNAME} + password: ${DB_PASSWORD} + driver-class-name: org.mariadb.jdbc.Driver + pool-name: catdb-pool + registerMbeans: true security: usercredentials: - diff --git a/kubernetes/so/charts/so-catalog-db-adapter/values.yaml b/kubernetes/so/charts/so-catalog-db-adapter/values.yaml index 614986bdd5..ecfeec2312 100755 --- a/kubernetes/so/charts/so-catalog-db-adapter/values.yaml +++ b/kubernetes/so/charts/so-catalog-db-adapter/values.yaml @@ -27,7 +27,7 @@ global: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/catalog-db-adapter:1.4.4 +image: onap/so/catalog-db-adapter:1.5.0 pullPolicy: Always replicaCount: 1 diff --git a/kubernetes/so/charts/so-monitoring/values.yaml b/kubernetes/so/charts/so-monitoring/values.yaml index ade711693b..494c38c6d5 100644 --- a/kubernetes/so/charts/so-monitoring/values.yaml +++ b/kubernetes/so/charts/so-monitoring/values.yaml @@ -32,7 +32,7 @@ global: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/so-monitoring:1.4.4 +image: onap/so/so-monitoring:1.5.0 pullPolicy: Always replicaCount: 1 @@ -85,4 +85,3 @@ ingress: nodeSelector: {} tolerations: [] affinity: {} - diff --git a/kubernetes/so/charts/so-openstack-adapter/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-openstack-adapter/resources/config/overrides/override.yaml index 62351b8388..4bf20a683b 100755 --- a/kubernetes/so/charts/so-openstack-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/charts/so-openstack-adapter/resources/config/overrides/override.yaml @@ -17,6 +17,14 @@ aai: server: port: {{ index .Values.containerPort }} spring: + datasource: + hikari: + jdbcUrl: jdbc:mariadb://${DB_HOST}:${DB_PORT}/catalogdb + username: ${DB_USERNAME} + password: ${DB_PASSWORD} + driver-class-name: org.mariadb.jdbc.Driver + pool-name: catdb-pool + registerMbeans: false security: usercredentials: - diff --git a/kubernetes/so/charts/so-openstack-adapter/values.yaml b/kubernetes/so/charts/so-openstack-adapter/values.yaml index 02379cd807..965a306626 100755 --- a/kubernetes/so/charts/so-openstack-adapter/values.yaml +++ b/kubernetes/so/charts/so-openstack-adapter/values.yaml @@ -26,7 +26,7 @@ global: ################################################################# # Application configuration defaults. ################################################################# -image: onap/so/openstack-adapter:1.4.4 +image: onap/so/openstack-adapter:1.5.0 pullPolicy: Always repository: nexus3.onap.org:10001 diff --git a/kubernetes/so/charts/so-request-db-adapter/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-request-db-adapter/resources/config/overrides/override.yaml index 7a326d39a9..6d746ede18 100755 --- a/kubernetes/so/charts/so-request-db-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/charts/so-request-db-adapter/resources/config/overrides/override.yaml @@ -25,6 +25,14 @@ mso: auth: Basic YnBlbDpwYXNzd29yZDEk endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083 spring: + datasource: + hikari: + jdbcUrl: jdbc:mariadb://${DB_HOST}:${DB_PORT}/requestdb + username: ${DB_USERNAME} + password: ${DB_PASSWORD} + driver-class-name: org.mariadb.jdbc.Driver + pool-name: reqdb-pool + registerMbeans: true security: usercredentials: - diff --git a/kubernetes/so/charts/so-request-db-adapter/values.yaml b/kubernetes/so/charts/so-request-db-adapter/values.yaml index a6d29f52df..5c0329e509 100755 --- a/kubernetes/so/charts/so-request-db-adapter/values.yaml +++ b/kubernetes/so/charts/so-request-db-adapter/values.yaml @@ -27,7 +27,7 @@ global: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/request-db-adapter:1.4.4 +image: onap/so/request-db-adapter:1.5.0 pullPolicy: Always replicaCount: 1 diff --git a/kubernetes/so/charts/so-sdc-controller/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-sdc-controller/resources/config/overrides/override.yaml index f74ef8fe35..44544f49e7 100755 --- a/kubernetes/so/charts/so-sdc-controller/resources/config/overrides/override.yaml +++ b/kubernetes/so/charts/so-sdc-controller/resources/config/overrides/override.yaml @@ -16,6 +16,14 @@ aai: server: port: {{ index .Values.containerPort }} spring: + datasource: + hikari: + jdbcUrl: jdbc:mariadb://${DB_HOST}:${DB_PORT}/catalogdb + username: ${DB_USERNAME} + password: ${DB_PASSWORD} + driver-class-name: org.mariadb.jdbc.Driver + pool-name: catdb-pool + registerMbeans: false security: usercredentials: - @@ -28,10 +36,13 @@ spring: role: ACTUATOR request: datasource: - jdbc-url: jdbc:mariadb://${DB_HOST}:${DB_PORT}/requestdb - username: ${DB_USERNAME} - password: ${DB_PASSWORD} - driver-class-name: org.mariadb.jdbc.Driver + hikari: + jdbcUrl: jdbc:mariadb://${DB_HOST}:${DB_PORT}/requestdb + username: ${DB_USERNAME} + password: ${DB_PASSWORD} + driver-class-name: org.mariadb.jdbc.Driver + pool-name: reqdb-pool + registerMbeans: false mso: msoKey: 07a7159d3bf51a0e53be7a8f89699be7 logPath: ./logs/sdc diff --git a/kubernetes/so/charts/so-sdc-controller/values.yaml b/kubernetes/so/charts/so-sdc-controller/values.yaml index 90b5e773c8..2354edfea8 100755 --- a/kubernetes/so/charts/so-sdc-controller/values.yaml +++ b/kubernetes/so/charts/so-sdc-controller/values.yaml @@ -27,7 +27,7 @@ global: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/sdc-controller:1.4.4 +image: onap/so/sdc-controller:1.5.0 pullPolicy: Always replicaCount: 1 diff --git a/kubernetes/so/charts/so-sdnc-adapter/values.yaml b/kubernetes/so/charts/so-sdnc-adapter/values.yaml index 32ab607ea5..0969452424 100755 --- a/kubernetes/so/charts/so-sdnc-adapter/values.yaml +++ b/kubernetes/so/charts/so-sdnc-adapter/values.yaml @@ -27,7 +27,7 @@ global: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/sdnc-adapter:1.4.4 +image: onap/so/sdnc-adapter:1.5.0 pullPolicy: Always replicaCount: 1 diff --git a/kubernetes/so/charts/so-vfc-adapter/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-vfc-adapter/resources/config/overrides/override.yaml index 72a2f615d7..dee73abd41 100755 --- a/kubernetes/so/charts/so-vfc-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/charts/so-vfc-adapter/resources/config/overrides/override.yaml @@ -15,10 +15,13 @@ logging: path: logs spring: datasource: - driver-class-name: org.mariadb.jdbc.Driver - url: jdbc:mariadb://${DB_HOST}:${DB_PORT}/requestdb - username: ${DB_USERNAME} - password: ${DB_PASSWORD} + hikari: + driver-class-name: org.mariadb.jdbc.Driver + jdbcUrl: jdbc:mariadb://${DB_HOST}:${DB_PORT}/requestdb + username: ${DB_USERNAME} + password: ${DB_PASSWORD} + pool-name: reqdb-pool + registerMbeans: true security: usercredentials: - username: bpel diff --git a/kubernetes/so/charts/so-vfc-adapter/values.yaml b/kubernetes/so/charts/so-vfc-adapter/values.yaml index 6265b83ed8..e69ceecc16 100755 --- a/kubernetes/so/charts/so-vfc-adapter/values.yaml +++ b/kubernetes/so/charts/so-vfc-adapter/values.yaml @@ -27,7 +27,7 @@ global: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/vfc-adapter:1.4.4 +image: onap/so/vfc-adapter:1.5.0 pullPolicy: Always replicaCount: 1 diff --git a/kubernetes/so/charts/so-vnfm-adapter/values.yaml b/kubernetes/so/charts/so-vnfm-adapter/values.yaml index b3bd8f51db..a7051c5132 100755 --- a/kubernetes/so/charts/so-vnfm-adapter/values.yaml +++ b/kubernetes/so/charts/so-vnfm-adapter/values.yaml @@ -26,7 +26,7 @@ global: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/vnfm-adapter:1.4.4 +image: onap/so/vnfm-adapter:1.5.0 pullPolicy: Always replicaCount: 1 diff --git a/kubernetes/so/resources/config/overrides/override.yaml b/kubernetes/so/resources/config/overrides/override.yaml index 143a594330..1aeb50dd23 100755 --- a/kubernetes/so/resources/config/overrides/override.yaml +++ b/kubernetes/so/resources/config/overrides/override.yaml @@ -60,7 +60,23 @@ mso: auth: 51EA5414022D7BE536E7516C4D1A6361416921849B72C0D6FC1C7F262FD9F2BBC2AD124190A332D9845A188AD80955567A4F975C84C221EEA8243BFD92FFE6896CDD1EA16ADD34E1E3D47D4A publisher: topic: com.att.ecomp.mso.operationalEnvironmentEvent + health: + auth: Basic bXNvX2FkbWlufHBhc3N3b3JkMSQ= + endpoints: + - subsystem: apih + uri: http://so-bpmn-infra:8081 + - subsystem: catalogdb + uri: http://so-catalog-db-adapter:8082 + spring: + datasource: + hikari: + jdbcUrl: jdbc:mariadb://${DB_HOST}:${DB_PORT}/catalogdb + username: ${DB_USERNAME} + password: ${DB_PASSWORD} + driver-class-name: org.mariadb.jdbc.Driver + pool-name: catdb-pool + registerMbeans: true jersey: type: filter security: @@ -91,10 +107,13 @@ spring: role: ACTUATOR request: datasource: - jdbc-url: jdbc:mariadb://${DB_HOST}:${DB_PORT}/requestdb - username: ${DB_USERNAME} - password: ${DB_PASSWORD} - driver-class-name: org.mariadb.jdbc.Driver + hikari: + jdbcUrl: jdbc:mariadb://${DB_HOST}:${DB_PORT}/requestdb + username: ${DB_USERNAME} + password: ${DB_PASSWORD} + driver-class-name: org.mariadb.jdbc.Driver + pool-name: reqdb-pool + registerMbeans: true org: onap: so: diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml index f94ddc8de3..862f7a61c8 100755 --- a/kubernetes/so/values.yaml +++ b/kubernetes/so/values.yaml @@ -25,7 +25,7 @@ global: serviceName: mariadb-galera servicePort: "3306" mariadbRootPassword: secretpassword - #This flag allows SO to instantiate its own mariadb-galera cluster, + #This flag allows SO to instantiate its own mariadb-galera cluster, #serviceName and nameOverride should be so-mariadb-galera if this flag is enabled localCluster: false persistence: @@ -38,12 +38,12 @@ global: dbPort: 3306 dbUser: root dbPassword: secretpassword - + ################################################################# # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/api-handler-infra:1.4.4 +image: onap/so/api-handler-infra:1.5.0 pullPolicy: Always replicaCount: 1 diff --git a/kubernetes/vid/values.yaml b/kubernetes/vid/values.yaml index 346577ce08..6d365a4493 100644 --- a/kubernetes/vid/values.yaml +++ b/kubernetes/vid/values.yaml @@ -27,7 +27,7 @@ subChartsOnly: # application image repository: nexus3.onap.org:10001 -image: onap/vid:5.0.0 +image: onap/vid:5.0.1 pullPolicy: Always # mariadb image for initializing