From: Krzysztof Opasiak Date: Thu, 30 Apr 2020 14:11:38 +0000 (+0000) Subject: Merge "Adding NSSMF adapter chart" X-Git-Tag: 6.0.0~98 X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=780c64a822838056411a7e0ddc584101726fc53a;hp=28734e089be80cde68480062edb62e15b6e2f352;p=oom.git Merge "Adding NSSMF adapter chart" --- diff --git a/docs/cluster.yml b/docs/cluster.yml index d4962d3478..0757e15a28 100644 --- a/docs/cluster.yml +++ b/docs/cluster.yml @@ -144,7 +144,7 @@ ssh_agent_auth: false authorization: mode: rbac ignore_docker_version: false -kubernetes_version: "v1.13.5-rancher1-2" +kubernetes_version: "v1.15.11-rancher1-2" private_registries: - url: nexus3.onap.org:10001 user: docker diff --git a/docs/index.rst b/docs/index.rst index 340b43be67..c8048d142e 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -1,6 +1,7 @@ .. This work is licensed under a Creative Commons Attribution 4.0 International License. .. http://creativecommons.org/licenses/by/4.0 .. Copyright 2018 Amdocs, Bell Canada +.. _master_index: OOM Documentation Repository diff --git a/docs/oom_cloud_setup_guide.rst b/docs/oom_cloud_setup_guide.rst index e3790f88db..2c6eb9a5f8 100644 --- a/docs/oom_cloud_setup_guide.rst +++ b/docs/oom_cloud_setup_guide.rst @@ -2,6 +2,7 @@ .. International License. .. http://creativecommons.org/licenses/by/4.0 .. Copyright 2019 Amdocs, Bell Canada +.. _oom_cloud_setup_guide: .. Links .. _Microsoft Azure: https://wiki.onap.org/display/DW/Cloud+Native+Deployment#CloudNativeDeployment-MicrosoftAzure @@ -53,7 +54,7 @@ The versions of Kubernetes that are supported by OOM are as follows: casablanca 1.11.5 2.9.1 1.11.5 17.03.x dublin 1.13.5 2.12.3 1.13.5 18.09.5 el alto 1.15.2 2.14.2 1.15.2 18.09.x - frankfurt 1.15.9 2.16.3 1.15.9 18.09.x + frankfurt 1.15.9 2.16.6 1.15.11 18.09.x ============== =========== ====== ======== ======== Minimum Hardware Configuration diff --git a/docs/oom_hardcoded_certificates.rst b/docs/oom_hardcoded_certificates.rst index 5aeee2e07f..7706f2cd2d 100644 --- a/docs/oom_hardcoded_certificates.rst +++ b/docs/oom_hardcoded_certificates.rst @@ -20,10 +20,16 @@ Here's the list of these certificates: +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ | AAI/SEARCH-DATA | Yes | No | No | aai/oom/components/aai-search-data/resources/config/auth/tomcat_keystore | +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ + | AAI/SPARKY-BE | Yes | No | No | aai/oom/components/aai-spary-be/resources/config/auth/org.onap.aai.p12 | + +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ | AAI/BABEL | No | Yes | No | aai/oom/components/aai-babel/resources/config/auth/tomcat_keystore | +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ | AAI/MODEL-LOADER | Yes | Yes | No | aai/oom/components/aai-model-loaderresources/config/auth/tomcat_keystore | +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ + | APPC | Yes | No | No | kubernetes/appc/resources/config/certs/org.onap.appc.keyfile | + +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ + | APPC | Yes | No | No | kubernetes/appc/resources/config/certs/org.onap.appc.p12 | + +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ | SDC | Yes | No? | No? | kubernetes/sdc/resources/cert | +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ | SO | Yes | No? | Yes | kubernetes/so/resources/config/certificates | @@ -58,3 +64,5 @@ Here's the list of these certificates: +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ | OOF/OOF-OSDF | Yes | No | No | kubernetes/oof/resources/config | +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ + | CLI | No | Yes | No | kubernetes/cli/resources/certificates | + +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ diff --git a/docs/oom_project_description.rst b/docs/oom_project_description.rst index 7903b709d8..b8c18dc93f 100644 --- a/docs/oom_project_description.rst +++ b/docs/oom_project_description.rst @@ -1,6 +1,7 @@ .. This work is licensed under a Creative Commons Attribution 4.0 International License. .. http://creativecommons.org/licenses/by/4.0 .. Copyright 2018 Amdocs, Bell Canada +.. _oom_project_description: ONAP Operations Manager Project ############################### diff --git a/docs/oom_quickstart_guide.rst b/docs/oom_quickstart_guide.rst index 2607805015..565c43f467 100644 --- a/docs/oom_quickstart_guide.rst +++ b/docs/oom_quickstart_guide.rst @@ -2,7 +2,7 @@ .. Creative Commons Attribution 4.0 International License. .. http://creativecommons.org/licenses/by/4.0 .. Copyright 2019 Amdocs, Bell Canada - +.. _oom_quickstart_guide: .. _quick-start-label: OOM Quick Start Guide @@ -23,6 +23,7 @@ available), follow the following instructions to deploy ONAP. where can be an offical release tag, such as 4.0.0-ONAP for Dublin 5.0.1-ONAP for El Alto +6.0.0-ONAP for Frankfurt **Step 2.** Install Helm Plugins required to deploy ONAP:: @@ -53,6 +54,7 @@ with items like the OpenStack tenant information. d. Update the OpenStack parameters that will be used by robot, SO and APPC helm charts or use an override file to replace them. + e. Add in the command line a value for the global master password (global.masterPassword). @@ -77,7 +79,7 @@ openssl algorithm that works with the python based Robot Framework. c. Generating SO Encrypted Password: The SO Encrypted Password uses a java based encryption utility since the Java encryption library is not easy to integrate with openssl/python that -ROBOT uses in Dublin. +ROBOT uses in Dublin and upper versions. .. note:: To generate SO ``openStackEncryptedPasswordHere`` and ``openStackSoEncryptedPassword`` @@ -98,11 +100,12 @@ ROBOT uses in Dublin. d. Update the OpenStack parameters: -There are assumptions in the demonstration VNF heat templates about the networking -available in the environment. To get the most value out of these templates and the -automation that can help confirm the setup is correct, please observe the following +There are assumptions in the demonstration VNF heat templates about the networking +available in the environment. To get the most value out of these templates and the +automation that can help confirm the setup is correct, please observe the following constraints. + ``openStackPublicNetId:`` This network should allow heat templates to add interfaces. This need not be an external network, floating IPs can be assigned to the ports on @@ -124,7 +127,7 @@ constraints. setting but for the demonstration VNFs the ip asssignment strategy assumes 10.0 ip prefix. -Example Keystone v2.0 +Example Keystone v2.0 .. literalinclude:: example-integration-override.yaml :language: yaml @@ -135,7 +138,6 @@ Example Keystone v3 (required for Rocky and later releases) :language: yaml - **Step 4.** To setup a local Helm server to server up the ONAP charts:: > helm serve & @@ -168,13 +170,23 @@ follows:: single command .. note:: - The ``--timeout 900`` is currently required in Dublin to address long running initialization tasks - for DMaaP and SO. Without this timeout value both applications may fail to deploy. + The ``--timeout 900`` is currently required in Dublin and up to address long + running initialization tasks for DMaaP and SO. Without this timeout value both + applications may fail to deploy. + +.. danger:: + We've added the master password on the command line. + You shouldn't put it in a file for safety reason + please don't forget to change the value to something random + + A space is also added in front of the command so "history" doesn't catch it. + This masterPassword is very sensitive, please be careful! + To deploy all ONAP applications use this command:: > cd oom/kubernetes - > helm deploy dev local/onap --namespace onap -f onap/resources/overrides/onap-all.yaml -f onap/resources/overrides/environment.yaml -f onap/resources/overrides/openstack.yaml --timeout 900 + > helm deploy dev local/onap --namespace onap --set global.masterPassword=myAwesomePasswordThatINeedToChange -f onap/resources/overrides/onap-all.yaml -f onap/resources/overrides/environment.yaml -f onap/resources/overrides/openstack.yaml --timeout 900 All override files may be customized (or replaced by other overrides) as per needs. diff --git a/docs/oom_setup_kubernetes_rancher.rst b/docs/oom_setup_kubernetes_rancher.rst index 1b5d6d1985..428fa59a4e 100644 --- a/docs/oom_setup_kubernetes_rancher.rst +++ b/docs/oom_setup_kubernetes_rancher.rst @@ -267,16 +267,12 @@ Configure Rancher Kubernetes Engine (RKE) Install RKE ----------- Download and install RKE on a VM, desktop or laptop. -Binaries can be found here for Linux and Mac: https://github.com/rancher/rke/releases/tag/v0.2.1 +Binaries can be found here for Linux and Mac: https://github.com/rancher/rke/releases/tag/v1.0.6 RKE requires a *cluster.yml* as input. An example file is show below that describes a Kubernetes cluster that will be mapped onto the OpenStack VMs created earlier in this guide. -Example: **cluster.yml** - -.. image:: images/rke/rke_1.png - Click :download:`cluster.yml ` to download the configuration file. @@ -341,8 +337,8 @@ Install Kubectl Download and install kubectl. Binaries can be found here for Linux and Mac: -https://storage.googleapis.com/kubernetes-release/release/v1.15.2/bin/linux/amd64/kubectl -https://storage.googleapis.com/kubernetes-release/release/v1.15.2/bin/darwin/amd64/kubectl +https://storage.googleapis.com/kubernetes-release/release/v1.15.11/bin/linux/amd64/kubectl +https://storage.googleapis.com/kubernetes-release/release/v1.15.11/bin/darwin/amd64/kubectl You only need to install kubectl where you'll launch kubernetes command. This can be any machines of the kubernetes cluster or a machine that has IP access @@ -388,9 +384,9 @@ Install Helm Example Helm client install on Linux:: - > wget http://storage.googleapis.com/kubernetes-helm/helm-v2.14.2-linux-amd64.tar.gz + > wget https://get.helm.sh/helm-v2.16.6-linux-amd64.tar.gz - > tar -zxvf helm-v2.14.2-linux-amd64.tar.gz + > tar -zxvf helm-v2.16.6-linux-amd64.tar.gz > sudo mv linux-amd64/helm /usr/local/bin/helm diff --git a/docs/oom_user_guide.rst b/docs/oom_user_guide.rst index 4cc1ab6d22..7340ddf7fd 100644 --- a/docs/oom_user_guide.rst +++ b/docs/oom_user_guide.rst @@ -1,6 +1,7 @@ .. This work is licensed under a Creative Commons Attribution 4.0 International License. .. http://creativecommons.org/licenses/by/4.0 .. Copyright 2018 Amdocs, Bell Canada +.. _oom_user_guide: .. Links .. _Curated applications for Kubernetes: https://github.com/kubernetes/charts @@ -403,6 +404,7 @@ below:: 10.12.6.155 msb.api.simpledemo.onap.org 10.12.6.155 clamp.api.simpledemo.onap.org 10.12.6.155 so.api.simpledemo.onap.org + 10.12.6.155 sdc.workflow.plugin.simpledemo.onap.org Ensure you've disabled any proxy settings the browser you are using to access the portal and then simply access now the new ssl-encrypted URL: diff --git a/docs/release-notes.rst b/docs/release-notes.rst index 154c6ab1cd..41e42b5cc4 100644 --- a/docs/release-notes.rst +++ b/docs/release-notes.rst @@ -3,15 +3,68 @@ .. http://creativecommons.org/licenses/by/4.0 .. Copyright 2017 Bell Canada & Amdocs Intellectual Property. All rights .. reserved. - -.. Links -.. _release-notes-label: +.. _release_notes: ONAP Operations Manager Release Notes ===================================== +Version 6.0.0 (Frankfurt Release) +--------------------------------- + +:Release Date: 2020-xx-xx + +Summary +------- + +The focus of this release is to strengthen the foundation of OOM installer. +A list of issues resolved in this release can be found here: https://jira.onap.org/projects/OOM/versions/10826 + +**Software Requirements** + +* Upgraded to Kubernetes 1.15.x and Helm 2.16.x + +**Hardcoded Password removal** + +* All mariadb galera password are not hardcoded + +**New Features** + +* Ingress deployment is getting more and more usable +* Use of dynamic Persistent Volume is available + +**Bug Fixes** + +**Known Issues** + +The following known issues will be addressed in a future release: + +* [`OOM-2075 `_] - https://jira.onap.org/browse/OOM-2075 + +**Security Notes** + +*Fixed Security Issues* + +* In default deployment OOM (consul-server-ui) exposes HTTP port 30270 outside of cluster. [`OJSI-134 `_] +* CVE-2019-12127 - OOM exposes unprotected API/UI on port 30270 [`OJSI-202 `_] + +*Known Security Issues* + +* Hard coded password used for all oom deployments [`OJSI-188 `_] + +*Known Vulnerabilities in Used Modules* + +OOM code has been formally scanned during build time using NexusIQ and no +Critical vulnerability was found. + +Quick Links: + + - `OOM project page `_ + + - `Passing Badge information for OOM `_ + + Version 5.0.1 (El Alto Release) ----------------------------------- +------------------------------- :Release Date: 2019-10-10 @@ -61,22 +114,6 @@ Quick Links: - `Passing Badge information for OOM `_ -Version 6.0.0 (Frankfurt) ----------------------------------- - -:Release Date: 2020-05-14 - -Summary -------- - -**Software Requirements** - -* Upgraded to Kubernetes 1.15.x and Helm 2.16.x - -**Hardcoded Password removal** - -* All mariadb galera password are not hardcoded - Version 5.0.0 (El Alto Early Drop) ---------------------------------- @@ -120,7 +157,7 @@ Summary * Automated rolling upgrades for applications * In-place schema and data migrations * Blue-Green deployment environment migration (e.g. Pre-prod to Prod) - * Upgrades from embedded database instance into shared database instance + * Upgrades from embedded database instance into shared database instance * Release-to-release upgrade support delivered for the following projects @@ -268,7 +305,7 @@ Story * [`OOM-52 `_] - OOM ONAP Configuration Management - Parameterization of docker images * [`OOM-53 `_] - OOM ONAP Configuration Management - Parameterization for Sizing * [`OOM-63 `_] - Kubernetes cluster created by TOSCA description -* [`OOM-85 `_] - Test the code in the “Lab” project environment +* [`OOM-85 `_] - Test the code in the "Lab" project environment * [`OOM-86 `_] - Monitoring the health status of ONAP components * [`OOM-87 `_] - Configure TOSCA description via dashboard * [`OOM-88 `_] - Deploy Holmes on K8S cluster by TOSCA description diff --git a/kubernetes/aaf/charts/aaf-sms/resources/config/has.json b/kubernetes/aaf/charts/aaf-sms/resources/config/has.json index 4f48771275..679b5189de 100644 --- a/kubernetes/aaf/charts/aaf-sms/resources/config/has.json +++ b/kubernetes/aaf/charts/aaf-sms/resources/config/has.json @@ -5,37 +5,37 @@ { "name": "aai", "values": { - "username": "oof@oof.onap.org", - "password": "demo123456!" + "username": "${AAI_USER}", + "password": "${AAI_PASS}" } }, { "name": "conductor_api", "values": { - "username": "admin1", - "password": "plan.15" + "username": "${CONDUCTOR_USER}", + "password": "${CONDUCTOR_PASS}" } }, { "name": "sdnc", "values": { - "username": "admin", - "password": "Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U" + "username": "${SDNC_USER}", + "password": "${SDNC_PASS}" } }, { "name": "music_api", "values": { - "aafuser": "conductor", - "aafpass": "c0nduct0r", + "aafuser": "${MUSIC_USER}", + "aafpass": "${MUSIC_PASS}", "aafns": "conductor" } }, { "name": "aaf_api", "values": { - "username": "aaf_admin@people.osaaf.org", - "password": "demo123456!", + "username": "${AAF_USER}", + "password": "${AAF_PASS}", "aaf_conductor_user": "oof@oof.onap.org" } } diff --git a/kubernetes/aaf/charts/aaf-sms/resources/config/osdf.json b/kubernetes/aaf/charts/aaf-sms/resources/config/osdf.json index 0950957b11..7666ff3077 100644 --- a/kubernetes/aaf/charts/aaf-sms/resources/config/osdf.json +++ b/kubernetes/aaf/charts/aaf-sms/resources/config/osdf.json @@ -12,22 +12,22 @@ { "name": "conductor", "values": { - "UserName": "admin1", - "Password": "plan.15" + "UserName": "${CONDUCTOR_USER}", + "Password": "${CONDUCTOR_PASS}" } }, { "name": "policyPlatform", "values": { - "UserName": "testpdp", - "Password": "alpha123" + "UserName": "${POLICY_PLAT_USER}", + "Password": "${POLICY_PLAT_PASS}" } }, { "name": "policyClient", "values": { - "UserName": "python", - "Password": "test" + "UserName": "${POLICY_CLI_USER}", + "Password": "${POLICY_CLI_PASS}" } }, { @@ -47,36 +47,36 @@ { "name": "osdfPlacement", "values": { - "UserName": "test", - "Password": "testpwd" + "UserName": "${OSDF_PLACEMENT_USER}", + "Password": "${OSDF_PLACEMENT_PASS}" } }, { "name": "osdfPlacementSO", "values": { - "UserName": "so_test", - "Password": "so_testpwd" + "UserName": "${OSDF_PLACEMENT_SO_USER}", + "Password": "${OSDF_PLACEMENT_SO_PASS}" } }, { "name": "osdfPlacementVFC", "values": { - "UserName": "vfc_test", - "Password": "vfc_testpwd" + "UserName": "${OSDF_PLACEMENT_VFC_USER}", + "Password": "${OSDF_PLACEMENT_VFC_PASS}" } }, { "name": "osdfCMScheduler", "values": { - "UserName": "test1", - "Password": "testpwd1" + "UserName": "${OSDF_CM_SCHEDULER_USER}", + "Password": "${OSDF_CM_SCHEDULER_PASS}" } }, { "name": "configDb", "values": { - "UserName": "osdf", - "Password": "passwd" + "UserName": "${CONFIG_DB_USER}", + "Password": "${CONFIG_DB_PASS}" } }, { @@ -89,10 +89,17 @@ { "name": "osdfPCIOpt", "values": { - "UserName": "pci_test", - "Password": "pci_testpwd" + "UserName": "${OSDF_PCI_OPT_USER}", + "Password": "${OSDF_PCI_OPT_PASS}" + } + }, + { + "name": "osdfOptEngine", + "values": { + "UserName": "${OSDF_OPT_ENGINE_USER}", + "Password": "${OSDF_OPT_ENGINE_PASS}" } } ] } -} \ No newline at end of file +} diff --git a/kubernetes/aaf/charts/aaf-sms/templates/job.yaml b/kubernetes/aaf/charts/aaf-sms/templates/job.yaml index ccccf22037..7a17b917ae 100644 --- a/kubernetes/aaf/charts/aaf-sms/templates/job.yaml +++ b/kubernetes/aaf/charts/aaf-sms/templates/job.yaml @@ -33,6 +33,106 @@ spec: release: {{ include "common.release" . }} spec: initContainers: + - command: + - sh + args: + - -c + - "export AAI_PASS=${AAI_PASS_PLAIN}; + export CONDUCTOR_PASS=${CONDUCTOR_PASS_PLAIN}; + export SDNC_PASS=${SDNC_PASS_PLAIN}; + export MUSIC_PASS=${MUSIC_PASS_PLAIN}; + export AAF_PASS=${AAF_PASS_PLAIN}; + export POLICY_PLAT_PASS=${POLICY_PLAT_PASS_PLAIN}; + export POLICY_CLI_PASS=${POLICY_CLI_PASS_PLAIN}; + export OSDF_PLACEMENT_PASS=${OSDF_PLACEMENT_PASS_PLAIN}; + export OSDF_PLACEMENT_SO_PASS=${OSDF_PLACEMENT_SO_PASS_PLAIN}; + export OSDF_PLACMENET_VFC_PASS=${OSDF_PLACEMENT_VFC_PASS_PLAIN}; + export OSDF_CM_SCHEDULER_PASS=${OSDF_CM_SCHEDULER_PASS_PLAIN}; + export CONFIG_DB_PASS=${CONFIG_DB_PASS_PLAIN}; + export OSDF_PCI_OPT_PASS=${OSDF_PCI_OPT_PASS_PLAIN}; + export OSDF_OPT_ENGINE_PASS=${OSDF_OPT_ENGINE_PASS_PLAIN}; + cd /config-input; + for PFILE in `find . -not -type d | grep -v -F ..`; do + envsubst <${PFILE} >/config/${PFILE}; + done" + env: + - name: AAI_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aai-creds" "key" "login") | indent 10 }} + - name: AAI_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aai-creds" "key" "password") | indent 10 }} + + - name: CONDUCTOR_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "conductor-creds" "key" "login") | indent 10 }} + - name: CONDUCTOR_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "conductor-creds" "key" "password") | indent 10 }} + + - name: SDNC_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdnc-creds" "key" "login") | indent 10 }} + - name: SDNC_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdnc-creds" "key" "password") | indent 10 }} + + - name: MUSIC_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "music-creds" "key" "login") | indent 10 }} + - name: MUSIC_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "music-creds" "key" "password") | indent 10 }} + + - name: AAF_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aaf-creds" "key" "login") | indent 10 }} + - name: AAF_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aaf-creds" "key" "password") | indent 10 }} + + - name: POLICY_PLAT_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-plat-creds" "key" "login") | indent 10 }} + - name: POLICY_PLAT_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-plat-creds" "key" "password") | indent 10 }} + + - name: POLICY_CLI_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-cli-creds" "key" "login") | indent 10 }} + - name: POLICY_CLI_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-cli-creds" "key" "password") | indent 10 }} + + - name: OSDF_PLACEMENT_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-placement-creds" "key" "login") | indent 10 }} + - name: OSDF_PLACEMENT_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-placement-creds" "key" "password") | indent 10 }} + + - name: OSDF_PLACEMENT_SO_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-placement-so-creds" "key" "login") | indent 10 }} + - name: OSDF_PLACEMENT_SO_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-placement-so-creds" "key" "password") | indent 10 }} + + - name: OSDF_PLACEMENT_VFC_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-placement-vfc-creds" "key" "login") | indent 10 }} + - name: OSDF_PLACEMENT_VFC_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-placement-vfc-creds" "key" "password") | indent 10 }} + + - name: OSDF_CM_SCHEDULER_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-cm-scheduler-creds" "key" "login") | indent 10 }} + - name: OSDF_CM_SCHEDULER_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-cm-scheduler-creds" "key" "password") | indent 10 }} + + - name: CONFIG_DB_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "config-db-creds" "key" "login") | indent 10 }} + - name: CONFIG_DB_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "config-db-creds" "key" "password") | indent 10 }} + + - name: OSDF_PCI_OPT_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-pci-opt-creds" "key" "login") | indent 10 }} + - name: OSDF_PCI_OPT_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-pci-opt-creds" "key" "password") | indent 10 }} + + - name: OSDF_OPT_ENGINE_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-opt-engine-creds" "key" "login") | indent 10 }} + - name: OSDF_OPT_ENGINE_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-opt-engine-creds" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /config-input + name: {{ include "common.name" . }}-preload-input + - mountPath: /config/ + name: {{ include "common.name" . }}-preload + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness @@ -84,9 +184,12 @@ spec: - name: localtime hostPath: path: /etc/localtime - - name : {{ include "common.name" . }}-preload + - name: {{ include "common.name" . }}-preload-input configMap: name: {{ include "common.fullname" . }}-preload + - name: {{ include "common.name" . }}-preload + emptyDir: + medium: Memory restartPolicy: OnFailure imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aaf/charts/aaf-sms/templates/secret.yaml b/kubernetes/aaf/charts/aaf-sms/templates/secret.yaml new file mode 100644 index 0000000000..34932b713d --- /dev/null +++ b/kubernetes/aaf/charts/aaf-sms/templates/secret.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/aaf/charts/aaf-sms/values.yaml b/kubernetes/aaf/charts/aaf-sms/values.yaml index b24605161a..12312c5430 100644 --- a/kubernetes/aaf/charts/aaf-sms/values.yaml +++ b/kubernetes/aaf/charts/aaf-sms/values.yaml @@ -21,6 +21,7 @@ global: loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 persistence: {} + envsubstImage: dibi/envsubst flavor: small ################################################################# @@ -84,6 +85,121 @@ persistence: ingress: enabled: false +secrets: + - uid: aai-creds + type: basicAuth + login: '{{ .Values.oofCreds.aaiUsername }}' + password: '{{ .Values.oofCreds.aaiPassword }}' + passwordPolicy: required + - uid: conductor-creds + type: basicAuth + login: '{{ .Values.oofCreds.conductorUsername }}' + password: '{{ .Values.oofCreds.conductorPassword }}' + passwordPolicy: required + - uid: sdnc-creds + type: basicAuth + login: '{{ .Values.oofCreds.sdncUsername }}' + password: '{{ .Values.oofCreds.sdncPassword }}' + passwordPolicy: required + - uid: music-creds + type: basicAuth + login: '{{ .Values.oofCreds.musicUsername }}' + password: '{{ .Values.oofCreds.musicPassword }}' + passwordPolicy: required + - uid: aaf-creds + type: basicAuth + login: '{{ .Values.oofCreds.aafUsername }}' + password: '{{ .Values.oofCreds.aafPassword }}' + passwordPolicy: required + - uid: policy-plat-creds + type: basicAuth + login: '{{ .Values.oofCreds.policyPlatUsername }}' + password: '{{ .Values.oofCreds.policyPlatPassword }}' + passwordPolicy: required + - uid: policy-cli-creds + type: basicAuth + login: '{{ .Values.oofCreds.policyCliUsername }}' + password: '{{ .Values.oofCreds.policyCliPassword }}' + passwordPolicy: required + - uid: osdf-placement-creds + type: basicAuth + login: '{{ .Values.oofCreds.osdfPlacementUsername }}' + password: '{{ .Values.oofCreds.osdfPlacementPassword }}' + passwordPolicy: required + - uid: osdf-placement-so-creds + type: basicAuth + login: '{{ .Values.oofCreds.osdfPlacementSOUsername }}' + password: '{{ .Values.oofCreds.osdfPlacementSOPassword }}' + passwordPolicy: required + - uid: osdf-placement-vfc-creds + type: basicAuth + login: '{{ .Values.oofCreds.osdfPlacementVFCUsername }}' + password: '{{ .Values.oofCreds.osdfPlacementVFCPassword }}' + passwordPolicy: required + - uid: osdf-cm-scheduler-creds + type: basicAuth + login: '{{ .Values.oofCreds.osdfCMSchedulerUsername }}' + password: '{{ .Values.oofCreds.osdfCMSchedulerPassword }}' + passwordPolicy: required + - uid: config-db-creds + type: basicAuth + login: '{{ .Values.oofCreds.configDbUsername }}' + password: '{{ .Values.oofCreds.configDbPassword }}' + passwordPolicy: required + - uid: osdf-pci-opt-creds + type: basicAuth + login: '{{ .Values.oofCreds.osdfPCIOptUsername }}' + password: '{{ .Values.oofCreds.osdfPCIOptPassword }}' + passwordPolicy: required + - uid: osdf-opt-engine-creds + type: basicAuth + login: '{{ .Values.oofCreds.osdfOptEngineUsername }}' + password: '{{ .Values.oofCreds.osdfOptEnginePassword }}' + passwordPolicy: required + +oofCreds: + aaiUsername: oof@oof.onap.org + aaiPassword: demo123456! + + conductorUsername: admin1 + conductorPassword: plan.15 + + sdncUsername: admin + sdncPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U + + musicUsername: conductor + musicPassword: c0nduct0r + + aafUsername: aaf_admin@people.osaaf.org + aafPassword: demo123456! + + policyPlatUsername: testpdp + policyPlatPassword: alpha123 + + policyCliUsername: python + policyCliPassword: test + + osdfPlacementUsername: test + osdfPlacementPassword: testpwd + + osdfPlacementSOUsername: so_test + osdfPlacementSOPassword: so_testpwd + + osdfPlacementVFCUsername: vfc_test + osdfPlacementVFCPassword: vfc_testpwd + + osdfCMSchedulerUsername: test1 + osdfCMSchedulerPassword: testpwd1 + + configDbUsername: osdf + configDbPassword: passwd + + osdfPCIOptUsername: pci_test + osdfPCIOptPassword: pci_testpwd + + osdfOptEngineUsername: opt_test + osdfOptEnginePassword: opt_testpwd + # Configure resource requests and limits resources: small: diff --git a/kubernetes/aai b/kubernetes/aai index 9b27009ab7..2d6141ab8b 160000 --- a/kubernetes/aai +++ b/kubernetes/aai @@ -1 +1 @@ -Subproject commit 9b27009ab70a2d4fccd43247f7dbb887cb944293 +Subproject commit 2d6141ab8bd7bfe58f5da0483e578032226e7ebb diff --git a/kubernetes/appc/resources/config/log/filebeat/log4j/filebeat.yml b/kubernetes/appc/resources/config/log/filebeat/filebeat.yml similarity index 100% rename from kubernetes/appc/resources/config/log/filebeat/log4j/filebeat.yml rename to kubernetes/appc/resources/config/log/filebeat/filebeat.yml diff --git a/kubernetes/appc/templates/configmap.yaml b/kubernetes/appc/templates/configmap.yaml index 72dc6172dc..fe206a9322 100644 --- a/kubernetes/appc/templates/configmap.yaml +++ b/kubernetes/appc/templates/configmap.yaml @@ -118,19 +118,6 @@ data: --- apiVersion: v1 kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-filebeat - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/log/filebeat/log4j/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-logging-cfg namespace: {{ include "common.namespace" . }} @@ -141,3 +128,5 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/log/*").AsConfig . | indent 2 }} + +{{ include "common.log.configMap" . }} diff --git a/kubernetes/appc/templates/statefulset.yaml b/kubernetes/appc/templates/statefulset.yaml index 5fd34ece79..3480e638aa 100644 --- a/kubernetes/appc/templates/statefulset.yaml +++ b/kubernetes/appc/templates/statefulset.yaml @@ -185,7 +185,7 @@ spec: subPath: installSdncDb.sh - mountPath: {{ .Values.persistence.mdsalPath }} name: {{ include "common.fullname" . }}-data - - mountPath: /var/log/onap + - mountPath: {{ .Values.log.path }} name: logs - mountPath: /opt/onap/appc/data/org.ops4j.pax.logging.cfg name: log-config @@ -208,17 +208,7 @@ spec: {{- end }} # side car containers - - name: filebeat-onap - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: /usr/share/filebeat/filebeat.yml - name: filebeat-conf - subPath: filebeat.yml - - mountPath: /var/log/onap - name: logs - - mountPath: /usr/share/filebeat/data - name: data-filebeat + {{ include "common.log.sidecar" . | nindent 8 }} volumes: - name: keyfile-certs secret: @@ -229,16 +219,12 @@ spec: - name: localtime hostPath: path: /etc/localtime - - name: filebeat-conf - configMap: - name: {{ include "common.fullname" . }}-filebeat - name: log-config configMap: name: {{ include "common.fullname" . }}-logging-cfg - name: logs emptyDir: {} - - name: data-filebeat - emptyDir: {} + {{ include "common.log.volumes" . | nindent 8 }} - name: onap-appc-data-properties-input configMap: name: {{ include "common.fullname" . }}-onap-appc-data-properties diff --git a/kubernetes/appc/values.yaml b/kubernetes/appc/values.yaml index fb8230b128..12991a831f 100644 --- a/kubernetes/appc/values.yaml +++ b/kubernetes/appc/values.yaml @@ -20,6 +20,7 @@ global: nodePortPrefix: 302 readinessRepository: oomk8s readinessImage: readiness-check:2.0.0 + centralizedLoggingEnabled: false loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 # envsusbt @@ -62,6 +63,10 @@ pullPolicy: Always # flag to enable debugging - application support required debugEnabled: false +# log configuration +log: + path: /var/log/onap + # application configuration config: # dbRootPassExternalSecret: some secret @@ -71,14 +76,14 @@ config: # It seems that the DB name is hardcoded. dbName: appcctl userName: appcctl - password: appcctl + # password: appcctl # userCredsExternalSecret: some secret sdncdb: # Warning: changing this config option may not work. # It seems that the DB name is hardcoded. dbName: sdnctl userName: sdnctl - password: gamma + # password: gamma # userCredsExternalSecret: some secret odlUid: 100 odlGid: 101 diff --git a/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties b/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties index eee61e7e90..94f3466d9d 100755 --- a/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties +++ b/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties @@ -81,6 +81,7 @@ blueprintprocessor.resourceResolution.enabled=true blueprintprocessor.netconfExecutor.enabled=true blueprintprocessor.restConfExecutor.enabled=true blueprintprocessor.remoteScriptCommand.enabled=true +blueprintsprocessor.remote-script-command.response.log.enabled=false # Command executor blueprintsprocessor.grpcclient.remote-python.type=token-auth @@ -117,6 +118,9 @@ blueprintsprocessor.messageconsumer.self-service-api.pollMillSec=1000 # Self Service Response Kafka Message Producer blueprintsprocessor.messageproducer.self-service-api.bootstrapServers=message-router-kafka:9092 +# Kafka Audit Service Configurations +blueprintsprocessor.messageproducer.self-service-api.audit.kafkaEnable=false + # Executor Options blueprintsprocessor.resourceResolution.enabled=true blueprintsprocessor.netconfExecutor.enabled=true diff --git a/kubernetes/cds/charts/cds-ui/templates/deployment.yaml b/kubernetes/cds/charts/cds-ui/templates/deployment.yaml index 79cffd16da..d7aad4d0c3 100644 --- a/kubernetes/cds/charts/cds-ui/templates/deployment.yaml +++ b/kubernetes/cds/charts/cds-ui/templates/deployment.yaml @@ -85,31 +85,9 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} - # side car containers - # - name: filebeat-onap - # image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" - # imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - # volumeMounts: - # - mountPath: /usr/share/filebeat/filebeat.yml - # name: filebeat-conf - # subPath: filebeat.yml - # - mountPath: /home/esr/works/logs - # name: esr-server-logs - # - mountPath: /usr/share/filebeat/data - # name: esr-server-filebeat volumes: - name: localtime hostPath: path: /etc/localtime - # - name: filebeat-conf - # configMap: - # name: {{ include "common.fullname" . }}-esr-filebeat - # - name: esr-server-logs - # emptyDir: {} - # - name: esr-server-filebeat - # emptyDir: {} - # - name: esrserver-log - # configMap: - # name: {{ include "common.fullname" . }}-esr-esrserver-log imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/clamp/charts/clamp-backend/templates/configmap.yaml b/kubernetes/clamp/charts/clamp-backend/templates/configmap.yaml index 0011c6a6d4..f66312c741 100644 --- a/kubernetes/clamp/charts/clamp-backend/templates/configmap.yaml +++ b/kubernetes/clamp/charts/clamp-backend/templates/configmap.yaml @@ -26,16 +26,5 @@ metadata: data: {{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} spring_application_json: {{ tpl .Values.config.springApplicationJson . | quote }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.release" . }}-clamp-filebeat-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/log/filebeat/*").AsConfig . | indent 2 }} + +{{ include "common.log.configMap" . }} diff --git a/kubernetes/clamp/charts/clamp-backend/templates/deployment.yaml b/kubernetes/clamp/charts/clamp-backend/templates/deployment.yaml index bdae07a261..fa00ffed1a 100644 --- a/kubernetes/clamp/charts/clamp-backend/templates/deployment.yaml +++ b/kubernetes/clamp/charts/clamp-backend/templates/deployment.yaml @@ -48,17 +48,8 @@ spec: name: {{ include "common.name" . }}-readiness containers: # side car containers - - name: {{ include "common.name" . }}-filebeat-onap - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - name: {{ include "common.fullname" . }}-filebeat-conf - mountPath: /usr/share/filebeat/filebeat.yml - subPath: filebeat.yml - - name: {{ include "common.fullname" . }}-data-filebeat - mountPath: /usr/share/filebeat/data - - name: {{ include "common.fullname" . }}-logs - mountPath: /var/log/onap + {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.sidecar" . | nindent 8 }}{{ end }} + # main container - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} @@ -81,8 +72,8 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: - - name: {{ include "common.fullname" . }}-logs - mountPath: /var/log/onap + - name: logs + mountPath: {{ .Values.log.path }} - mountPath: /opt/clamp/sdc-controllers-config.json name: {{ include "common.fullname" . }}-config subPath: sdc-controllers-config.json @@ -109,12 +100,8 @@ spec: items: - key: sdc-controllers-config.json path: sdc-controllers-config.json - - name: {{ include "common.fullname" . }}-filebeat-conf - configMap: - name: {{ include "common.release" . }}-clamp-filebeat-configmap - - name: {{ include "common.fullname" . }}-data-filebeat - emptyDir: {} - - name: {{ include "common.fullname" . }}-logs + - name: logs emptyDir: {} + {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.volumes" . | nindent 8 }}{{ end }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/clamp/charts/clamp-backend/values.yaml b/kubernetes/clamp/charts/clamp-backend/values.yaml index 18888547c3..ca444aa175 100644 --- a/kubernetes/clamp/charts/clamp-backend/values.yaml +++ b/kubernetes/clamp/charts/clamp-backend/values.yaml @@ -27,12 +27,16 @@ flavor: small # application image repository: nexus3.onap.org:10001 -image: onap/clamp-backend:5.0.3 +image: onap/clamp-backend:5.0.4 pullPolicy: Always # flag to enable debugging - application support required debugEnabled: false +# log configuration +log: + path: /var/log/onap + ################################################################# # Application configuration defaults. ################################################################# diff --git a/kubernetes/clamp/charts/clamp-dash-es/resources/config/elasticsearch.yml b/kubernetes/clamp/charts/clamp-dash-es/resources/config/elasticsearch.yml index e4deab0e15..1eb20fce89 100644 --- a/kubernetes/clamp/charts/clamp-dash-es/resources/config/elasticsearch.yml +++ b/kubernetes/clamp/charts/clamp-dash-es/resources/config/elasticsearch.yml @@ -87,7 +87,7 @@ discovery.zen.minimum_master_nodes: 1 discovery.seed_hosts: [] # # Breaking change in 7.0 # # https://www.elastic.co/guide/en/elasticsearch/reference/7.0/breaking-changes-7.0.html#breaking_70_discovery_changes -cluster.initial_master_nodes: +cluster.initial_master_nodes: - cldash-es-node1 # - docker-test-node-1 # ---------------------------------- Various ----------------------------------- @@ -125,4 +125,4 @@ opendistro_security.check_snapshot_restore_write_privileges: true opendistro_security.restapi.roles_enabled: ["all_access", "security_rest_api_access"] cluster.routing.allocation.disk.threshold_enabled: false node.max_local_storage_nodes: 3 -######## End OpenDistro for Elasticsearch Security Demo Configuration ######## \ No newline at end of file +######## End OpenDistro for Elasticsearch Security Demo Configuration ######## diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/pipeline.conf b/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/pipeline.conf index 4b05910c02..c005fcca3e 100644 --- a/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/pipeline.conf +++ b/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/pipeline.conf @@ -59,7 +59,7 @@ filter { if [http_request_failure] or [@metadata][code] != 200 { mutate { - add_tag => [ "error" ] + add_tag => [ "error" ] } } @@ -195,7 +195,7 @@ filter { clones => [ "event-cl-aggs" ] add_tag => [ "event-cl-aggs" ] } - + if "event-cl-aggs" in [@metadata][request][tags]{ # # we only need a few fields for aggregations; remove all fields from clone except : @@ -204,7 +204,7 @@ filter { prune { whitelist_names => ["^@.*$","^topic$","^type$","^tags$","^flagFinalFailure$","^flagAbated$","^locationState$","^locationCity$","^vmName$","^vnfName$","^vnfType$","^requestID$","^closedLoopAlarmStart$","^closedLoopControlName$","^closedLoopAlarmEnd$","^target$","^target_type$","^triggerSourceName$","^policyScope$","^policyName$","^policyVersion$"] } - + } } } diff --git a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bootstrap-database.sh b/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bootstrap-database.sh index 224a813db9..2e2ad2e1af 100755 --- a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bootstrap-database.sh +++ b/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bootstrap-database.sh @@ -20,9 +20,9 @@ # limitations under the License. # ============LICENSE_END============================================ # =================================================================== -# +# ### mysql -uroot -p$MYSQL_ROOT_PASSWORD -f < /docker-entrypoint-initdb.d/bulkload/create-db.sql -## New model creation +## New model creation mysql -uroot -p$MYSQL_ROOT_PASSWORD -f cldsdb4 < /docker-entrypoint-initdb.d/bulkload/create-tables.sql diff --git a/kubernetes/clamp/resources/config/log/filebeat/filebeat.yml b/kubernetes/clamp/resources/config/log/filebeat/filebeat.yml new file mode 100644 index 0000000000..dab2e44f5e --- /dev/null +++ b/kubernetes/clamp/resources/config/log/filebeat/filebeat.yml @@ -0,0 +1,53 @@ +# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +filebeat.prospectors: +#it is mandatory, in our case it's log +- input_type: log + #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory. + paths: + - /var/log/onap/*/*/*/*.log + - /var/log/onap/*/*/*.log + - /var/log/onap/*/*.log + #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive + ignore_older: 48h + # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit + clean_inactive: 96h + +# Name of the registry file. If a relative path is used, it is considered relative to the +# data path. Else full qualified file name. +#filebeat.registry_file: ${path.data}/registry + + +output.logstash: + #List of logstash server ip addresses with port number. + #But, in our case, this will be the loadbalancer IP address. + #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately. + hosts: ["{{.Values.config.log.logstashServiceName}}:{{.Values.config.log.logstashPort}}"] + #If enable will do load balancing among availabe Logstash, automatically. + loadbalance: true + + #The list of root certificates for server verifications. + #If certificate_authorities is empty or not set, the trusted + #certificate authorities of the host system are used. + #ssl.certificate_authorities: $ssl.certificate_authorities + + #The path to the certificate for SSL client authentication. If the certificate is not specified, + #client authentication is not available. + #ssl.certificate: $ssl.certificate + + #The client certificate key used for client authentication. + #ssl.key: $ssl.key + + #The passphrase used to decrypt an encrypted key stored in the configured key file + #ssl.key_passphrase: $ssl.key_passphrase diff --git a/kubernetes/clamp/templates/configmap.yaml b/kubernetes/clamp/templates/configmap.yaml index 4278a6e6d3..3fce850140 100644 --- a/kubernetes/clamp/templates/configmap.yaml +++ b/kubernetes/clamp/templates/configmap.yaml @@ -25,3 +25,5 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} + +{{ include "common.log.configMap" . }} diff --git a/kubernetes/clamp/templates/deployment.yaml b/kubernetes/clamp/templates/deployment.yaml index e4ac4723da..e8a7cc25cd 100644 --- a/kubernetes/clamp/templates/deployment.yaml +++ b/kubernetes/clamp/templates/deployment.yaml @@ -48,17 +48,8 @@ spec: name: {{ include "common.name" . }}-readiness containers: # side car containers - - name: {{ include "common.name" . }}-filebeat-onap - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - name: {{ include "common.fullname" . }}-filebeat-conf - mountPath: /usr/share/filebeat/filebeat.yml - subPath: filebeat.yml - - name: {{ include "common.fullname" . }}-data-filebeat - mountPath: /usr/share/filebeat/data - - name: {{ include "common.fullname" . }}-logs - mountPath: /var/log/nginx/ + {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.sidecar" . | nindent 8 }}{{ end }} + # main container - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} @@ -79,8 +70,8 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: - - name: {{ include "common.fullname" . }}-logs - mountPath: /var/log/nginx/ + - name: logs + mountPath: {{ .Values.log.path }} - mountPath: /etc/nginx/conf.d/default.conf name: {{ include "common.fullname" . }}-config subPath: default.conf @@ -101,13 +92,8 @@ spec: items: - key: default.conf path: default.conf - - name: {{ include "common.fullname" . }}-filebeat-conf - configMap: - name: {{ include "common.release" . }}-clamp-filebeat-configmap - - name: {{ include "common.fullname" . }}-data-filebeat - emptyDir: {} - - name: {{ include "common.fullname" . }}-logs + - name: logs emptyDir: {} + {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.volumes" . | nindent 8 }}{{ end }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" - diff --git a/kubernetes/clamp/values.yaml b/kubernetes/clamp/values.yaml index 47eca67f91..0679982740 100644 --- a/kubernetes/clamp/values.yaml +++ b/kubernetes/clamp/values.yaml @@ -22,6 +22,7 @@ global: # global defaults readinessImage: readiness-check:2.0.0 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + centralizedLoggingEnabled: false subChartsOnly: enabled: true @@ -36,6 +37,10 @@ pullPolicy: Always # flag to enable debugging - application support required debugEnabled: false +# log configuration +log: + path: /var/log/nginx/ + ################################################################# # Application configuration defaults. ################################################################# diff --git a/kubernetes/cli/resources/certificates/ocomp.pem b/kubernetes/cli/resources/certificates/ocomp.pem new file mode 100644 index 0000000000..5321c65d21 --- /dev/null +++ b/kubernetes/cli/resources/certificates/ocomp.pem @@ -0,0 +1,49 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDDIyIm/AvmgI0A +DDVZb6pe8Qlh9YHoGnm5I3S3dvu1YBT6jLvP7N1v1BAx6+xxg4RQ2v+WAxUwKgy3 +gSo2mhmBwPZGlhLX+IdbT+sb7Cl/xfB7kkegLsnWhlM4YEtlAQW8FYi9gMqssBiO +lk6zlWqVrShNC566vpEURQOjU1CanZWMhXtYzw4gbMBGlrC54EtRwmn6a7Gp/avA +FZ05c/7BQyfFq/jc7ttmaeNtYdFwPkuljdE/0h4ZtmZjY5hxrBkCHUXtf/obhxep +q5PzR16MA1zwis+OHoadqm4qP8w9Wo7KNQo62Sm6zB4gbQO+qA/ZwcSHlJNPAavt +7KB3lIN1AgMBAAECggEAcXtgJC3WOeGunkV7TRzchsREgZyGRNYIzftpqDxg27UZ +3i+0FZKZoKxCEtYyNj2W2HLTyojWbKE3rgxG4WQyyzvNvXUPVlwpU5ghkaaA59bU +KPkEAIrVRJXvlcyibAXxMNWRJSveMhli3qFY+aU+S/dchZnpYI7szk3odLZCHPfd +7KWMOlm3RYUGo4XIXY9nqAgsgg0ml3s5NUoLwVtxtZFocEiLTxTuvjsirE+IVYNx +kgGJ5EYpfCkAPQkNF+L27BHrrQpGdmQnCft3iqkGJa8+oPE0DY+TPoY1VNoPmKKg +CTDouuaJQHq62MvkSj2EauHBshzzrL6UhW5FpqybIQKBgQDl40/jhvZ3i64rXUB+ +3GXFnSJuhG6ys/bHQBP+rtHCdyYlfgEe3ZjSKq16HNFErgUBXiVjR+VvPS2m/r9R +zYCD9jJ9YYfAdcyo58kZZrut8atu94G0Un9hNz5nQ+hy9YNOsI8woJdCfw41jGcx +A1hP05fDxw5Ozi2uZBhwI39keQKBgQDZTVbuASj4tMgsHHgpqVt0j6nD3t4kG5h5 +333arMmklsWrX1nnEHE73S72JO/sz0GJtAu7EpjMNkZlTmZz+U5geuhfrTLEGrti +MG8o9VakLbxdZBVbpHznoY+bb6o5pW6jKyOR9jPuX5AhgAj8eeP5OOU5nHh/2wOG +HMZyDak/3QKBgFTBI5j9Dy0v4Dy4mqiq1RKwRht809sqolb/dt+00Dzj9Lpp5Dve +8xK5DVAyA61QgyPn89zQivQiGAyzaxHbs//y6tZy+LuqMpQrMGcfCx6sNMoqkjVL +HQ9YcLddv/tyLMD8My54Zovrj++KHhlh5FM57YAOiWXgedMLsD7Xt4XxAoGBAJk8 +X6vQp5rSqUHqBZajdfm5gWa9l/rwdtKilraJGFz3cYdK4zP9NUyYyhALtiFReg7o +J0mRcKy5LWUtJzRrPyjsI0es9Fqz2yX/r7O7ZpC6K9XTyPfqA6a4GHPtB6ZFEcMA +ncHFU5OqUhI9npikP+40f/jjbVoEEPUW/53YIl0FAoGAR7g3so9iKRttgfMTpA3G +U480A8tTxZpP3agmvGvOw8HuLXzjGU5P6cntFGNxg1fDOOi8Qf+726gowMDij2nK +ACewXgS8aix8l0U/kzoUL4yUuc4AwobOMyefhCJ89hFaLRZn1LNKZIuNKcWApekh +kxMQk6Ent5/OF/yYOsIzlLs= +-----END PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIIDXTCCAkWgAwIBAgIJAITRlPCTLzArMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV +BAYTAklOMQswCQYDVQQIDAJLQTEMMAoGA1UEBwwDQkxSMQwwCgYDVQQKDANDTEkx +DTALBgNVBAMMBG9uYXAwHhcNMjAwMjIxMTAyOTM4WhcNNDcwNzA4MTAyOTM4WjBF +MQswCQYDVQQGEwJJTjELMAkGA1UECAwCS0ExDDAKBgNVBAcMA0JMUjEMMAoGA1UE +CgwDQ0xJMQ0wCwYDVQQDDARvbmFwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +CgKCAQEAwyMiJvwL5oCNAAw1WW+qXvEJYfWB6Bp5uSN0t3b7tWAU+oy7z+zdb9QQ +MevscYOEUNr/lgMVMCoMt4EqNpoZgcD2RpYS1/iHW0/rG+wpf8Xwe5JHoC7J1oZT +OGBLZQEFvBWIvYDKrLAYjpZOs5Vqla0oTQueur6RFEUDo1NQmp2VjIV7WM8OIGzA +RpawueBLUcJp+muxqf2rwBWdOXP+wUMnxav43O7bZmnjbWHRcD5LpY3RP9IeGbZm +Y2OYcawZAh1F7X/6G4cXqauT80dejANc8IrPjh6GnapuKj/MPVqOyjUKOtkpuswe +IG0DvqgP2cHEh5STTwGr7eygd5SDdQIDAQABo1AwTjAdBgNVHQ4EFgQUP0Dxq/ZI +TM5F62E87YD+09zk+7wwHwYDVR0jBBgwFoAUP0Dxq/ZITM5F62E87YD+09zk+7ww +DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAqPlrvhP2ah4z5sDw/z31 +5v/20VKfQVDDeq3MHXRC2QCD3GR32aZYXSdtTKsBAS+jFzV42+T8ry0XBKPR0gtg +O2oZzfUkTG3eyAmOE1PFUIf+JaQiYN1v5uFsIhDbMngzvB66F9SCD5zzsSVv++DG +5YDqJFgHadp8BmTOkiA8u6YnnKF8UgBYwfuZFsSgzIDOjyLYULase+nqJVG841UN +MMWQzqyhHmzIvXcY3kYBbtI7n0ryW0u1ZkomBZs/DbixZ2w6G1K3UONHgdIX6uf4 +hca+vTR3xZuPJ9dXhwNhZVfQZr3SfGW89Xmu/LOGx+lZoAxFXw5PdbA0LPi5k+wU +xg== +-----END CERTIFICATE----- diff --git a/kubernetes/cli/templates/deployment.yaml b/kubernetes/cli/templates/deployment.yaml index 64c8968c6c..58fc6663c5 100644 --- a/kubernetes/cli/templates/deployment.yaml +++ b/kubernetes/cli/templates/deployment.yaml @@ -51,6 +51,11 @@ spec: port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} + volumeMounts: + - name: ocomp-pem + mountPath: "/etc/lighttpd/ocomp.pem" + subPath: ocomp.pem + readOnly: true env: - name: OPEN_CLI_MODE value: "{{ .Values.config.climode }}" @@ -64,5 +69,9 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} + volumes: + - name: ocomp-pem + secret: + secretName: ocomp-pem imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/cli/templates/secrets.yaml b/kubernetes/cli/templates/secrets.yaml new file mode 100644 index 0000000000..ab7fb6673a --- /dev/null +++ b/kubernetes/cli/templates/secrets.yaml @@ -0,0 +1,29 @@ +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: ocomp-pem + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +type: Opaque +data: + ocomp.pem: +{{ tpl (.Files.Glob "resources/certificates/ocomp.pem").AsSecrets . | indent 2 }} + diff --git a/kubernetes/cli/values.yaml b/kubernetes/cli/values.yaml index 7278c99a5f..fba076d47d 100644 --- a/kubernetes/cli/values.yaml +++ b/kubernetes/cli/values.yaml @@ -24,7 +24,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/cli:3.0.0 +image: onap/cli:5.0.4 pullPolicy: Always flavor: small @@ -54,10 +54,10 @@ readiness: service: type: NodePort name: cli - externalPort: 8080 + externalPort: 443 externalPort1: 9090 - internalPort: "80" - internalPort1: 8080 + internalPort: "443" + internalPort1: 9090 nodePort: "60" nodePort1: "71" @@ -66,7 +66,7 @@ ingress: service: - baseaddr: "cli" name: "cli" - port: 8080 + port: 443 - baseaddr: "cli2" name: cli port: 9090 @@ -90,4 +90,4 @@ resources: requests: cpu: 2 memory: 4Gi - unlimited: {} \ No newline at end of file + unlimited: {} diff --git a/kubernetes/common/cassandra/templates/statefulset.yaml b/kubernetes/common/cassandra/templates/statefulset.yaml index 16aa27f68a..96139ce988 100644 --- a/kubernetes/common/cassandra/templates/statefulset.yaml +++ b/kubernetes/common/cassandra/templates/statefulset.yaml @@ -28,7 +28,7 @@ spec: hostNetwork: {{ .Values.hostNetwork }} containers: - name: {{ include "common.name" . }} - image: {{ .Values.image }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: {{ include "common.containerPorts" . | nindent 8 }} volumeMounts: diff --git a/kubernetes/common/common/templates/_log.tpl b/kubernetes/common/common/templates/_log.tpl new file mode 100644 index 0000000000..3ae536aff3 --- /dev/null +++ b/kubernetes/common/common/templates/_log.tpl @@ -0,0 +1,53 @@ +{{/* +# Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- define "common.log.sidecar" -}} +{{- if .Values.global.centralizedLoggingEnabled }} +- name: {{ include "common.name" . }}-filebeat + image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: filebeat-conf + mountPath: /usr/share/filebeat/filebeat.yml + subPath: filebeat.yml + - name: logs + mountPath: {{ .Values.log.path }} + - name: filebeat-data + mountPath: /usr/share/filebeat/data +{{- end -}} +{{- end -}} + +{{- define "common.log.volumes" -}} +{{- if .Values.global.centralizedLoggingEnabled }} +- name: filebeat-conf + configMap: + name: {{ include "common.fullname" . }}-filebeat +- name: filebeat-data + emptyDir: {} +{{- end -}} +{{- end -}} + +{{- define "common.log.configMap" -}} +{{- if .Values.global.centralizedLoggingEnabled }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: {{- include "common.resourceMetadata" (dict "dot" . "suffix" "filebeat") | nindent 2 }} +data: +{{ tpl (.Files.Glob "resources/config/log/filebeat/*").AsConfig . | indent 2 }} +{{- end }} +{{- end -}} + diff --git a/kubernetes/common/common/templates/_service.tpl b/kubernetes/common/common/templates/_service.tpl index 0c7660eb1f..3d745ed819 100644 --- a/kubernetes/common/common/templates/_service.tpl +++ b/kubernetes/common/common/templates/_service.tpl @@ -30,6 +30,37 @@ {{- default $name .Values.service.name | trunc 63 | trimSuffix "-" -}} {{- end -}} +{{/* + Resolve the prefix node port to use. We look at these different values in + order of priority (first found, first chosen) + - .Values.service.nodePortPrefixOverride: override value for nodePort which + will be use locally; + - .Values.global.nodePortPrefix : global value for nodePort which will + be used for all charts (unless + previous one is used); + - .Values.global.nodePortPrefixExt : global value for nodePort which will + be used for all charts (unless + previous one is used) if + useNodePortExt is set to true in + service or on port; + - .Values.service.nodePortPrefix : value used on a pert chart basis if + no other version exists. + + The function takes two arguments (inside a dictionary): + - .dot : environment (.) + - .useNodePortExt : does the port use the "extended" nodeport part or the + normal one? +*/}} +{{- define "common.nodePortPrefix" -}} +{{- $dot := default . .dot -}} +{{- $useNodePortExt := default false .useNodePortExt -}} +{{- if or $useNodePortExt $dot.Values.service.useNodePortExt -}} +{{ $dot.Values.service.nodePortPrefixOverride | default $dot.Values.global.nodePortPrefixExt | default $dot.Values.nodePortPrefix }} +{{- else -}} +{{ $dot.Values.service.nodePortPrefixOverride | default $dot.Values.global.nodePortPrefix | default $dot.Values.nodePortPrefix }} +{{- end -}} +{{- end -}} + {{/* Define the metadata of Service The function takes from one to four arguments (inside a dictionary): - .dot : environment (.) @@ -96,7 +127,7 @@ labels: {{- include "common.labels" (dict "labels" $labels "dot" $dot) | nindent name: {{ $port.name }} {{- end }} {{- if (eq $serviceType "NodePort") }} - nodePort: {{ $dot.Values.global.nodePortPrefix | default $dot.Values.nodePortPrefix }}{{ $port.nodePort }} + nodePort: {{ include "common.nodePortPrefix" (dict "dot" $dot "portNodePortExt" $port.useNodePortExt) }}{{ $port.nodePort }} {{- end }} {{- else }} - port: {{ default $port.port $port.plain_port }} @@ -191,8 +222,8 @@ spec: {{- $labels := default (dict) .labels -}} {{- $matchLabels := default (dict) .matchLabels -}} -{{- if (and (include "common.needTLS" .) $both_tls_and_plain) }} -{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "msb_informations" $msb_informations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" "ClusterIP" "add_plain_port" true $labels "matchLabels" $matchLabels) }} +{{- if (and (include "common.needTLS" $dot) $both_tls_and_plain) }} +{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "msb_informations" $msb_informations "dot" $dot "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" "ClusterIP" "add_plain_port" true $labels "matchLabels" $matchLabels) }} {{- if (ne $serviceType "ClusterIP") }} --- {{- if $suffix }} @@ -200,10 +231,10 @@ spec: {{- else }} {{- $suffix = "external" }} {{- end }} -{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" $serviceType $labels "matchLabels" $matchLabels) }} +{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" $dot "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" $serviceType $labels "matchLabels" $matchLabels) }} {{- end }} {{- else }} -{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" $serviceType $labels "matchLabels" $matchLabels) }} +{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" $dot "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" $serviceType $labels "matchLabels" $matchLabels) }} {{- end }} {{- end -}} @@ -271,3 +302,33 @@ true {{- end }} {{- end }} {{- end -}} + +{{- define "common.port.buildCache" -}} + {{- $global := . }} + {{- if not $global.Values._DmaapDrNodePortsCache }} + {{- $portCache := dict }} + {{- range $port := .Values.service.ports }} + {{- $_ := set $portCache $port.name (dict "port" $port.port "plain_port" $port.plain_port) }} + {{- end }} + {{- $_ := set $global.Values "_DmaapDrNodePortsCache" $portCache }} + {{- end }} +{{- end -}} + +{/* + Get Port value according to its name and if we want tls or plain port. + The template takes below arguments: + - .global: environment (.) + - .name: name of the port + - .getPlain: boolean allowing to choose between tls (false, default) or + plain (true) + If plain_port is not set and we ask for plain, it will return empty. +*/} +{{- define "common.getPort" -}} + {{- $global := .global }} + {{- $name := .name }} + {{- $getPlain := default false .getPlain }} + {{- include "common.port.buildCache" $global }} + {{- $portCache := $global.Values._DmaapDrNodePortsCache }} + {{- $port := index $portCache $name }} + {{- ternary $port.plain_port $port.port $getPlain }} +{{- end -}} diff --git a/kubernetes/common/dgbuilder/values.yaml b/kubernetes/common/dgbuilder/values.yaml index 105facf2b9..28c40e6da7 100644 --- a/kubernetes/common/dgbuilder/values.yaml +++ b/kubernetes/common/dgbuilder/values.yaml @@ -52,12 +52,12 @@ secrets: - uid: 'db-root-password' type: password externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}' - password: '{{ .Values.config.dbRootPassword }}' + password: '{{ .Values.config.db.rootPassword }}' - uid: 'db-user-creds' type: basicAuth externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}' login: '{{ .Values.config.db.userName }}' - password: '{{ .Values.config.dbSdnctlPassword }}' + password: '{{ .Values.config.db.userPassword }}' - uid: 'http-user-creds' type: basicAuth externalSecret: '{{ tpl (default "" .Values.config.httpCredsExternalSecret) . }}' @@ -118,8 +118,6 @@ config: restconfPassword: admin # restconfCredsExternalSecret: some secret - dbRootPassword: openECOMP1.0 - dbSdnctlPassword: gamma dbPodName: mysql-db dbServiceName: sdnc-dbhost # MD5 hash of dguser password ( default: test123 ) diff --git a/kubernetes/common/elasticsearch/Chart.yaml b/kubernetes/common/elasticsearch/Chart.yaml new file mode 100644 index 0000000000..517905641f --- /dev/null +++ b/kubernetes/common/elasticsearch/Chart.yaml @@ -0,0 +1,19 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +apiVersion: v1 +description: ONAP elasticsearch +name: elasticsearch +version: 6.0.0 diff --git a/kubernetes/common/elasticsearch/components/curator/Chart.yaml b/kubernetes/common/elasticsearch/components/curator/Chart.yaml new file mode 100644 index 0000000000..d1eaa61bc2 --- /dev/null +++ b/kubernetes/common/elasticsearch/components/curator/Chart.yaml @@ -0,0 +1,19 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +apiVersion: v1 +description: ONAP elasticsearch curator +name: curator +version: 6.0.0 diff --git a/kubernetes/common/elasticsearch/components/curator/hooks/job.install.yaml b/kubernetes/common/elasticsearch/components/curator/hooks/job.install.yaml new file mode 100644 index 0000000000..7e73420e13 --- /dev/null +++ b/kubernetes/common/elasticsearch/components/curator/hooks/job.install.yaml @@ -0,0 +1,74 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if .Values.enabled }} +{{- range $kind, $enabled := .Values.hooks }} +{{- if $enabled }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "common.fullname" . }}-curator-on-{{ $kind }} + namespace: {{ include "common.namespace" . }} + labels: {{- include "common.labels" . | nindent 2 }} + role: "curator" + annotations: + "helm.sh/hook": post-{{ $kind }} + "helm.sh/hook-weight": "1" +{{- if $.Values.cronjob.annotations }} +{{ toYaml $.Values.cronjob.annotations | indent 4 }} +{{- end }} +spec: + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + volumes: + - name: config-volume + configMap: + name: {{ template "common.fullname" (dict "suffix" "curator" "dot" .) }} +{{- if $.Values.extraVolumes }} +{{ toYaml $.Values.extraVolumes | indent 8 }} +{{- end }} + restartPolicy: Never +{{- if $.Values.priorityClassName }} + priorityClassName: "{{ $.Values.priorityClassName }}" +{{- end }} + containers: + - name: {{ template "common.fullname" . }}-curator + image: {{printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: config-volume + mountPath: /etc/es-curator + {{- if $.Values.extraVolumeMounts }} +{{ toYaml $.Values.extraVolumeMounts | indent 12 }} + {{- end }} + command: [ "curator" ] + args: [ "--config", "/etc/es-curator/config.yml", "/etc/es-curator/action_file.yml" ] + resources: +{{ toYaml $.Values.resources | indent 12 }} + {{- with $.Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with $.Values.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with $.Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} +{{- end -}} +{{- end }} +{{- end }} diff --git a/kubernetes/common/elasticsearch/components/curator/requirements.yaml b/kubernetes/common/elasticsearch/components/curator/requirements.yaml new file mode 100644 index 0000000000..ff65593469 --- /dev/null +++ b/kubernetes/common/elasticsearch/components/curator/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' \ No newline at end of file diff --git a/kubernetes/common/elasticsearch/components/curator/templates/configmap.yaml b/kubernetes/common/elasticsearch/components/curator/templates/configmap.yaml new file mode 100644 index 0000000000..dc2a430922 --- /dev/null +++ b/kubernetes/common/elasticsearch/components/curator/templates/configmap.yaml @@ -0,0 +1,24 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if .Values.enabled }} +apiVersion: v1 +kind: ConfigMap +{{ $role := "curator" -}} +{{ $suffix := $role -}} +{{ $labels := (dict "role" $role) -}} +metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }} +data: + action_file.yml: {{ required "A valid .Values.configMaps.action_file_yml entry is required!" (toYaml .Values.configMaps.action_file_yml | indent 2) }} + config.yml: {{ required "A valid .Values.configMaps.config_yml entry is required!" (tpl (toYaml .Values.configMaps.config_yml | indent 2) $) }} +{{- end }} diff --git a/kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml b/kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml new file mode 100644 index 0000000000..901c0a5c06 --- /dev/null +++ b/kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml @@ -0,0 +1,112 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if .Values.enabled }} +{{ $role := "curator" -}} +{{ $suffix := $role -}} +{{ $labels := (dict "role" $role) -}} +apiVersion: batch/v1beta1 +kind: CronJob +metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }} + {{- if .Values.cronjob.annotations }} + annotations: {{- toYaml .Values.cronjob.annotations | indent 4 }} + {{- end }} +spec: + schedule: "{{ .Values.cronjob.schedule }}" + {{- with .Values.cronjob.concurrencyPolicy }} + concurrencyPolicy: {{ . }} + {{- end }} + {{- with .Values.cronjob.failedJobsHistoryLimit }} + failedJobsHistoryLimit: {{ . }} + {{- end }} + {{- with .Values.cronjob.successfulJobsHistoryLimit }} + successfulJobsHistoryLimit: {{ . }} + {{- end }} + jobTemplate: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + template: + metadata: {{- include "common.templateMetadata" . | nindent 10 }} + spec: + volumes: + - name: config-volume + configMap: + name: {{ template "common.fullname" . }}-curator + {{- if .Values.extraVolumes }} + {{- toYaml .Values.extraVolumes | nindent 12 }} + {{- end }} + restartPolicy: {{ .Values.global.restartPolicy | default .Values.cronjob.jobRestartPolicy }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName | quote }} + {{- end }} +{{- include "elasticsearch.imagePullSecrets" . | indent 10 }} + {{- if .Values.extraInitContainers }} + initContainers: + {{- range $key, $value := .Values.extraInitContainers }} + - name: "{{ $key }}" + {{- toYaml $value | nindent 14 }} + {{- end }} + {{- end }} + {{- if .Values.rbac.enabled }} + serviceAccountName: {{ include "elasticsearch.curator.serviceAccountName" . }} + {{- end }} + {{- if .Values.affinity }} + affinity: {{- include "common.tplValue" (dict "value" .Values.affinity "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplValue" (dict "value" .Values.nodeSelector "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplValue" (dict "value" .Values.tolerations "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.securityContext }} + securityContext: {{- toYaml .Values.securityContext | nindent 12 }} + {{- end }} + containers: + - name: {{ template "common.fullname" . }}-curator + image: {{printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: config-volume + mountPath: /etc/es-curator + {{- if .Values.extraVolumeMounts }} + {{- toYaml .Values.extraVolumeMounts | nindent 16 }} + {{- end }} + {{ if .Values.command }} + command: {{ toYaml .Values.command | nindent 16 }} + {{- end }} + {{- if .Values.dryrun }} + args: [ "--dry-run", "--config", "/etc/es-curator/config.yml", "/etc/es-curator/action_file.yml" ] + {{- else }} + args: [ "--config", "/etc/es-curator/config.yml", "/etc/es-curator/action_file.yml" ] + {{- end }} + env: + {{- if .Values.env }} + {{- range $key,$value := .Values.env }} + - name: {{ $key | upper | quote}} + value: {{ $value | quote}} + {{- end }} + {{- end }} + {{- if .Values.envFromSecrets }} + {{- range $key,$value := .Values.envFromSecrets }} + - name: {{ $key | upper | quote}} + valueFrom: + secretKeyRef: + name: {{ $value.from.secret | quote}} + key: {{ $value.from.key | quote}} + {{- end }} + {{- end }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 16 }} + {{- end }} +{{- end }} diff --git a/kubernetes/common/elasticsearch/components/curator/templates/podsecuritypolicy.yaml b/kubernetes/common/elasticsearch/components/curator/templates/podsecuritypolicy.yaml new file mode 100644 index 0000000000..6fe032d818 --- /dev/null +++ b/kubernetes/common/elasticsearch/components/curator/templates/podsecuritypolicy.yaml @@ -0,0 +1,46 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if and .Values.enabled .Values.psp.create }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +{{ $role := "curator" -}} +{{ $suffix := $role -}} +{{ $labels := (dict "role" $role) -}} +metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }} +spec: + privileged: true + #requiredDropCapabilities: + volumes: + - 'configMap' + - 'secret' + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + # Require the container to run without root privileges. + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false +{{- end }} diff --git a/kubernetes/common/elasticsearch/components/curator/templates/role.yaml b/kubernetes/common/elasticsearch/components/curator/templates/role.yaml new file mode 100644 index 0000000000..0d189f448b --- /dev/null +++ b/kubernetes/common/elasticsearch/components/curator/templates/role.yaml @@ -0,0 +1,32 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if and .Values.enabled .Values.rbac.enabled }} +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +{{ $role := "curator" -}} +{{ $suffix := $role -}} +{{ $labels := (dict "role" $role "component" "elasticsearch-curator-configmap") -}} +metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }} +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["update", "patch"] + {{- if .Values.psp.create }} + - apiGroups: ["extensions"] + resources: ["podsecuritypolicies"] + verbs: ["use"] + resourceNames: + - {{ include "common.fullname" (dict "suffix" $suffix "dot" .) }} + {{- end }} +{{- end }} diff --git a/kubernetes/common/elasticsearch/components/curator/templates/rolebinding.yaml b/kubernetes/common/elasticsearch/components/curator/templates/rolebinding.yaml new file mode 100644 index 0000000000..b112468dc3 --- /dev/null +++ b/kubernetes/common/elasticsearch/components/curator/templates/rolebinding.yaml @@ -0,0 +1,29 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if and .Values.enabled .Values.rbac.enabled }} +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +{{ $role := "curator" -}} +{{ $suffix := $role -}} +{{ $labels := (dict "role" $role "component" "elasticsearch-curator-configmap") -}} +metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }} +roleRef: + kind: Role + name: {{ template "common.name" (dict "suffix" $suffix "dot" .) }} + apiGroup: rbac.authorization.k8s.io +subjects: + - kind: ServiceAccount + name: {{ include "elasticsearch.curator.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/kubernetes/common/elasticsearch/components/curator/templates/serviceaccount.yaml b/kubernetes/common/elasticsearch/components/curator/templates/serviceaccount.yaml new file mode 100644 index 0000000000..0bd4ae0999 --- /dev/null +++ b/kubernetes/common/elasticsearch/components/curator/templates/serviceaccount.yaml @@ -0,0 +1,21 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if and .Values.enabled .Values.serviceAccount.create .Values.rbac.enabled }} +apiVersion: v1 +kind: ServiceAccount +{{ $role := .Values.name -}} +{{ $suffix := $role -}} +{{ $labels := (dict "role" $role) -}} +metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }} +{{- end }} diff --git a/kubernetes/common/elasticsearch/components/curator/values.yaml b/kubernetes/common/elasticsearch/components/curator/values.yaml new file mode 100644 index 0000000000..5e0d9668d3 --- /dev/null +++ b/kubernetes/common/elasticsearch/components/curator/values.yaml @@ -0,0 +1,180 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + persistence: + mountPath: /dockerdata-nfs + backup: + mountPath: /dockerdata-nfs/backup + storageClass: + clusterName: cluster.local +repositoryOverride: docker.io +################################################################# +# Application configuration defaults. +################################################################# +# application image +## Elasticsearch curator parameters +## +enabled: false +name: curator +image: + imageName: bitnami/elasticsearch-curator + tag: 5.8.1-debian-9-r74 + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName +service: + port: 9200 +cronjob: + # At 01:00 every day + schedule: "0 1 * * *" + annotations: {} + concurrencyPolicy: "" + failedJobsHistoryLimit: "" + successfulJobsHistoryLimit: "" + jobRestartPolicy: Never +podAnnotations: {} +rbac: + # Specifies whether RBAC should be enabled + enabled: false +serviceAccount: + # Specifies whether a ServiceAccount should be created + create: true + # The name of the ServiceAccount to use. + # If not set and create is true, a name is generated using the fullname template + name: +psp: + # Specifies whether a podsecuritypolicy should be created + create: false +hooks: + install: false + upgrade: false +# run curator in dry-run mode +dryrun: false +command: ["curator"] +env: {} +configMaps: + # Delete indices older than 90 days + action_file_yml: |- + --- + actions: + 1: + action: delete_indices + description: "Clean up ES by deleting old indices" + options: + timeout_override: + continue_if_exception: False + disable_action: False + ignore_empty_list: True + filters: + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: 90 + field: + stats_result: + epoch: + exclude: False + # Default config (this value is evaluated as a template) + config_yml: |- + --- + client: + hosts: + {{ template "common.fullname" . }}.{{ template "common.namespace" . }}.svc.{{ .Values.global.clusterName }} + port: {{ .Values.service.port }} + # url_prefix: + # use_ssl: True + # certificate: + # client_cert: + # client_key: + # ssl_no_validate: True + # http_auth: + # timeout: 30 + # master_only: False + # logging: + # loglevel: INFO + # logfile: + # logformat: default + # blacklist: ['elasticsearch', 'urllib3'] +## Curator resources requests and limits +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: {} + # cpu: 100m + # memory: 128Mi + requests: {} + # cpu: 100m + # memory: 128Mi +priorityClassName: "" +# extraVolumes and extraVolumeMounts allows you to mount other volumes +# Example Use Case: mount ssl certificates when elasticsearch has tls enabled +# extraVolumes: +# - name: es-certs +# secret: +# defaultMode: 420 +# secretName: es-certs +# extraVolumeMounts: +# - name: es-certs +# mountPath: /certs +# readOnly: true +## Add your own init container or uncomment and modify the given example. +## +extraInitContainers: {} +## Don't configure S3 repository till Elasticsearch is reachable. +## Ensure that it is available at http://elasticsearch:9200 +## +# elasticsearch-s3-repository: +# image: bitnami/minideb:latest +# imagePullPolicy: "IfNotPresent" +# command: +# - "/bin/bash" +# - "-c" +# args: +# - | +# ES_HOST=elasticsearch +# ES_PORT=9200 +# ES_REPOSITORY=backup +# S3_REGION=us-east-1 +# S3_BUCKET=bucket +# S3_BASE_PATH=backup +# S3_COMPRESS=true +# S3_STORAGE_CLASS=standard +# install_packages curl && \ +# ( counter=0; while (( counter++ < 120 )); do curl -s http://${ES_HOST}:${ES_PORT} >/dev/null 2>&1 && break; echo "Waiting for elasticsearch $counter/120"; sleep 1; done ) && \ +# cat < + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + ## Persistent Volume Claim annotations + ## + annotations: {} + ## Persistent Volume Access Mode + ## + accessMode: ReadWriteOnce + ## Persistent Volume size + ## + size: 8Gi +## Provide functionality to use RBAC +## + # existingClaim: + volumeReclaimPolicy: Retain + mountSubPath: elastic-data + storageType: local + backup: + mountPath: /dockerdata-nfs/backup +serviceAccount: + ## Specifies whether a ServiceAccount should be created for the data node + ## + create: false + ## The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the fullname template + ## + # name: diff --git a/kubernetes/common/elasticsearch/components/master/Chart.yaml b/kubernetes/common/elasticsearch/components/master/Chart.yaml new file mode 100644 index 0000000000..e9ac99a5bc --- /dev/null +++ b/kubernetes/common/elasticsearch/components/master/Chart.yaml @@ -0,0 +1,20 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + + +apiVersion: v1 +description: ONAP elasticsearch master +name: master +version: 6.0.0 diff --git a/kubernetes/common/elasticsearch/components/master/requirements.yaml b/kubernetes/common/elasticsearch/components/master/requirements.yaml new file mode 100644 index 0000000000..6a61926e9e --- /dev/null +++ b/kubernetes/common/elasticsearch/components/master/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' \ No newline at end of file diff --git a/kubernetes/common/elasticsearch/components/master/templates/pv.yaml b/kubernetes/common/elasticsearch/components/master/templates/pv.yaml new file mode 100644 index 0000000000..c713ec81ac --- /dev/null +++ b/kubernetes/common/elasticsearch/components/master/templates/pv.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.replicaPV" (dict "dot" . "suffix" .Values.persistence.suffix )}} diff --git a/kubernetes/common/elasticsearch/components/master/templates/serviceaccount.yaml b/kubernetes/common/elasticsearch/components/master/templates/serviceaccount.yaml new file mode 100644 index 0000000000..05a3af37f2 --- /dev/null +++ b/kubernetes/common/elasticsearch/components/master/templates/serviceaccount.yaml @@ -0,0 +1,23 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +{{ $role := .Values.name -}} +{{ $suffix := $role -}} +{{ $labels := (dict "role" $role) -}} +metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }} +{{- end }} diff --git a/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml b/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml new file mode 100644 index 0000000000..dfa3ccbacc --- /dev/null +++ b/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml @@ -0,0 +1,179 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: StatefulSet +{{ $role := "master" -}} +{{ $suffix := $role -}} +{{ $labels := (dict "role" $role "discovery" (include "elasticsearch.clustername" .)) -}} +metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }} +spec: + updateStrategy: + type: {{ .Values.updateStrategy.type }} + {{- if (eq "OnDelete" .Values.updateStrategy.type) }} + rollingUpdate: null + {{- end }} + selector: {{- include "common.selectors" (dict "matchLabels" $labels "dot" .)| nindent 4 }} + serviceName: {{ include "common.fullname" . }}-master + replicas: {{ .Values.replicaCount }} + template: + metadata: {{- include "common.templateMetadata" (dict "labels" $labels "dot" .) | nindent 6 }} + spec: +{{- include "elasticsearch.imagePullSecrets" . | nindent 6 }} + {{- if .Values.affinity }} + affinity: {{- include "common.tplValue" (dict "value" .Values.affinity "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplValue" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplValue" (dict "value" .Values.tolerations "context" $) | nindent 8 }} + {{- end }} + serviceAccountName: {{ template "elasticsearch.serviceAccountName" . }} + {{- if .Values.securityContext.enabled }} + securityContext: + fsGroup: {{ .Values.securityContext.fsGroup }} + {{- end }} + {{- if or .Values.sysctlImage.enabled (and .Values.volumePermissions.enabled .Values.persistence.enabled) }} + initContainers: + {{- if .Values.sysctlImage.enabled }} + ## Image that performs the sysctl operation to modify Kernel settings (needed sometimes to avoid boot errors) + - name: sysctl + image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /bin/sh + - -c + - | + set -o errexit + set -o pipefail + set -o nounset + sysctl -w vm.max_map_count=262144 && sysctl -w fs.file-max=65536 + securityContext: + privileged: true + {{- end }} + {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} + - name: volume-permissions + image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /bin/sh + - -c + - | + chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} //bitnami/elasticsearch/data + securityContext: + runAsUser: 0 + {{- if .Values.volumePermissions.resource }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: data + mountPath: "/bitnami/elasticsearch/data" + {{- end }} + {{- end }} + containers: + - name: {{ include "common.name" . }}-elasticsearch + image: {{ printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{- if .Values.securityContext.enabled }} + securityContext: + runAsUser: {{ .Values.securityContext.runAsUser }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" .Values.image.debug | quote }} + - name: ELASTICSEARCH_CLUSTER_NAME + value: {{ include "elasticsearch.clustername" . }} + - name: ELASTICSEARCH_CLUSTER_HOSTS + value: {{ include "common.name" . }}-discovery + - name: ELASTICSEARCH_CLUSTER_MASTER_HOSTS + {{- $elasticsearchMasterFullname := printf "%s-%s" (include "common.fullname" . ) "master" }} + {{- $replicas := int .Values.replicaCount }} + value: {{range $i, $e := until $replicas }}{{ $elasticsearchMasterFullname }}-{{ $e }} {{ end }} + - name: ELASTICSEARCH_MINIMUM_MASTER_NODES + value: {{ add (div .Values.replicaCount 2) 1 | quote }} + {{- if .Values.plugins }} + - name: ELASTICSEARCH_PLUGINS + value: {{ .Values.plugins | quote }} + {{- end }} + - name: ELASTICSEARCH_HEAP_SIZE + value: {{ .Values.heapSize | quote }} + - name: ELASTICSEARCH_IS_DEDICATED_NODE + value: {{ .Values.dedicatednode | quote }} + - name: ELASTICSEARCH_NODE_TYPE + value: "master" + ports: {{- include "common.containerPorts" . |indent 12 }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + httpGet: + path: /_cluster/health?local=true + port: 9200 + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + httpGet: + path: /_cluster/health?local=true + port: 9200 + {{- end }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + volumeMounts: + {{- if .Values.config }} + - mountPath: /opt/bitnami/elasticsearch/config/elasticsearch.yml + name: config + subPath: elasticsearch.yml + {{- end }} + - name: data + mountPath: /bitnami/elasticsearch/data + {{- if .Values.extraVolumeMounts }} + {{- toYaml .Values.extraVolumeMounts | nindent 12 }} + {{- end }} + volumes: + {{- if .Values.config }} + - name: config + configMap: + name: {{ include "common.fullname" . }} + {{- end }} + {{- if .Values.extraVolumes }} + {{- toYaml .Values.extraVolumes | nindent 8 }} + {{- end }} +{{- if not .Values.persistence.enabled }} + - name: "data" + emptyDir: {} +{{- else }} + volumeClaimTemplates: + - metadata: + name: "data" + {{- if .Values.persistence.annotations }} + annotations: {{- toYaml .Values.persistence.annotations | nindent 10 }} + {{- end }} + spec: + accessModes: + - {{ .Values.persistence.accessMode }} + storageClassName: {{ include "common.storageClass" (dict "dot" . "suffix" .Values.persistence.suffix) }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} +{{- end }} diff --git a/kubernetes/common/elasticsearch/components/master/templates/svc.yaml b/kubernetes/common/elasticsearch/components/master/templates/svc.yaml new file mode 100644 index 0000000000..8d66ef082e --- /dev/null +++ b/kubernetes/common/elasticsearch/components/master/templates/svc.yaml @@ -0,0 +1,19 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +{{ $role := "master" -}} +{{ $labels := (dict "role" $role) -}} +{{ $matchLabels := (dict "role" $role) }} +{{ include "common.service" (dict "labels" $labels "matchLabels" $matchLabels "dot" . ) }} \ No newline at end of file diff --git a/kubernetes/common/elasticsearch/components/master/values.yaml b/kubernetes/common/elasticsearch/components/master/values.yaml new file mode 100644 index 0000000000..2862692eef --- /dev/null +++ b/kubernetes/common/elasticsearch/components/master/values.yaml @@ -0,0 +1,203 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +################################################################# +# Global configuration defaults. +################################################################# +global: + persistence: + mountPath: /dockerdata-nfs + backup: + mountPath: /dockerdata-nfs/backup + storageClass: +repositoryOverride: docker.io +################################################################# +# Application configuration defaults. +################################################################# +## Init containers parameters: +sysctlImage: + enabled: true +## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. +volumePermissions: + enabled: true + +# application image +## Elasticsearch master-eligible node parameters +## +name: master +## Number of master-eligible node(s) replicas to deploy +## +replicaCount: 3 +## master acts as master only node, choose 'no' if no further data nodes are deployed) +dedicatednode: "yes" +## dedicatednode: "no" +image: + imageName: bitnami/elasticsearch + tag: 6.8.6-debian-9-r23 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + ## Set to true if you would like to see extra information on logs + ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging + ## + debug: false + +## String to partially override common.fullname template (will maintain the release name) +## +# nameOverride: + +## String to fully override common.fullname template +## +# fullnameOverride: +## updateStrategy for ElasticSearch master statefulset +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies +## +updateStrategy: + type: RollingUpdate +heapSize: 128m +## Provide annotations for master-eligible pods. +## +podAnnotations: {} +## Pod Security Context for master-eligible pods. +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +## +securityContext: + enabled: true + fsGroup: 1001 + runAsUser: 1001 +## Affinity for pod assignment. +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +affinity: {} +## Node labels for pod assignment. Evaluated as a template. +## Ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +## Tolerations for pod assignment. Evaluated as a template. +## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] +## Elasticsearch master-eligible container's resource requests and limits +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +resources: + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. + limits: {} + # cpu: 100m + # memory: 128Mi + requests: + cpu: 25m + memory: 256Mi +## Elasticsearch master-eligible container's liveness and readiness probes +## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes +## +livenessProbe: + enabled: false +# initialDelaySeconds: 90 +# periodSeconds: 10 +# timeoutSeconds: 5 +# successThreshold: 1 +# failureThreshold: 5 +readinessProbe: + enabled: false +# initialDelaySeconds: 90 +# periodSeconds: 10 +# timeoutSeconds: 5 +# successThreshold: 1 +# failureThreshold: 5 +## Enable persistence using Persistent Volume Claims +## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ +## +persistence: + ## If true, use a Persistent Volume Claim, If false, use emptyDir + ## + enabled: true + ## suffix for pv + suffix: master-pv + ## Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + ## Persistent Volume Claim annotations + ## + annotations: {} + ## Persistent Volume Access Mode + ## + accessMode: ReadWriteOnce + ## Persistent Volume size + ## + size: 8Gi + # existingClaim: + volumeReclaimPolicy: Retain + mountSubPath: elastic-master + storageType: local + backup: + mountPath: /dockerdata-nfs/backup +## Service parameters for master-eligible node(s) +## +service: + suffix: "service" + name: "" + ## list of ports for "common.containerPorts" + ## Elasticsearch transport port + ports: + - name: http-transport + port: 9300 + ## master-eligible service type + ## + type: ClusterIP + ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + # nodePort: + ## Provide any additional annotations which may be required. This can be used to + ## set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + annotations: {} + ## Set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + # loadBalancerIP: +## Provide functionality to use RBAC +## +serviceAccount: + ## Specifies whether a ServiceAccount should be created for the master node + create: false + ## The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the fullname template + # name: + + +## Elasticsearch cluster name +## +clusterName: elastic-cluster + + + diff --git a/kubernetes/common/elasticsearch/requirements.yaml b/kubernetes/common/elasticsearch/requirements.yaml new file mode 100644 index 0000000000..84fa71c6e6 --- /dev/null +++ b/kubernetes/common/elasticsearch/requirements.yaml @@ -0,0 +1,30 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: master + version: ~6.x-0 + repository: 'file://components/master' + - name: data + version: ~6.x-0 + repository: 'file://components/data' + condition: elasticsearch.data.enabled,data.enabled + - name: curator + version: ~6.x-0 + repository: 'file://components/curator' + condition: elasticsearch.curator.enabled,curator.enabled + diff --git a/kubernetes/common/elasticsearch/templates/_helpers.tpl b/kubernetes/common/elasticsearch/templates/_helpers.tpl new file mode 100644 index 0000000000..fdbe82f855 --- /dev/null +++ b/kubernetes/common/elasticsearch/templates/_helpers.tpl @@ -0,0 +1,103 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} + + +{{ define "elasticsearch.clustername"}} +{{- printf "%s-%s" (include "common.name" .) "cluster" -}} +{{- end -}} + +{{/* +This define should be used instead of "common.fullname" to allow +special handling of kibanaEnabled=true +Create a default fully qualified coordinating name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "elasticsearch.coordinating.fullname" -}} +{{- if .Values.global.kibanaEnabled -}} +{{- printf "%s-%s" .Release.Name .Values.global.coordinating.name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" (include "common.fullname" .) .Values.global.coordinating.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} + +{{/* + Create the name of the master service account to use + */}} +{{- define "elasticsearch.master.serviceAccountName" -}} +{{- if .Values.master.serviceAccount.create -}} + {{ default (include "common.fullname" (dict "suffix" "master" "dot" .)) .Values.master.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.master.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* + Create the name of the coordinating-only service account to use + */}} +{{- define "elasticsearch.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "common.fullname" . ) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* + Create the name of the data service account to use + */}} +{{- define "elasticsearch.data.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "common.fullname" (dict "suffix" "data" "dot" .)) .Values.data.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "elasticsearch.imagePullSecrets" -}} +{{- if .Values.global }} +{{- if .Values.global.imagePullSecrets }} +imagePullSecrets: +{{- range .Values.global.imagePullSecrets }} + - name: {{ . }} +{{- end }} +{{- end }} +{{- else }} +{{- $imagePullSecrets := coalesce .Values.image.pullSecrets .Values.metrics.image.pullSecrets .Values.curator.image.pullSecrets .Values.sysctlImage.pullSecrets .Values.volumePermissions.image.pullSecrets -}} +{{- if $imagePullSecrets }} +imagePullSecrets: +{{- range $imagePullSecrets }} + - name: {{ . }} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "elasticsearch.curator.serviceAccountName" -}} +{{- if .Values.curator.serviceAccount.create -}} + {{ default (include "common.fullname" (dict "suffix" "currator" "dot" .)) .Values.curator.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.curator.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/kubernetes/common/elasticsearch/templates/configmap-aaf-add-config.yaml b/kubernetes/common/elasticsearch/templates/configmap-aaf-add-config.yaml new file mode 100644 index 0000000000..b4e0044891 --- /dev/null +++ b/kubernetes/common/elasticsearch/templates/configmap-aaf-add-config.yaml @@ -0,0 +1,33 @@ + +{{ if .Values.global.aafEnabled }} +{{/* +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{- if .Values.aafConfig.addconfig -}} +apiVersion: v1 +kind: ConfigMap +{{ $suffix := "aaf-add-config" -}} +metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }} +data: + aaf-add-config.sh: |- + cd /opt/app/osaaf/local + mkdir -p certs + export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0) + keytool -exportcert -rfc -file certs/cacert.pem -keystore {{ .Values.aafConfig.fqi_namespace }}.trust.jks -alias ca_local_0 -storepass $cadi_truststore_password + openssl pkcs12 -in {{ .Values.aafConfig.fqi_namespace }}.p12 -out certs/cert.pem -passin pass:$cadi_keystore_password_p12 -passout pass:$cadi_keystore_password_p12 + cp {{ .Values.aafConfig.fqi_namespace }}.key certs/key.pem + chmod -R 755 certs +{{- end -}} +{{- end -}} diff --git a/kubernetes/common/elasticsearch/templates/configmap-es.yaml b/kubernetes/common/elasticsearch/templates/configmap-es.yaml new file mode 100644 index 0000000000..38234da0cf --- /dev/null +++ b/kubernetes/common/elasticsearch/templates/configmap-es.yaml @@ -0,0 +1,20 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if .Values.config }} +apiVersion: v1 +kind: ConfigMap +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +data: + elasticsearch.yml: |- {{- toYaml .Values.config | nindent 4 }} +{{- end }} diff --git a/kubernetes/common/elasticsearch/templates/configmap-server-block.yaml b/kubernetes/common/elasticsearch/templates/configmap-server-block.yaml new file mode 100644 index 0000000000..49ce0ef76a --- /dev/null +++ b/kubernetes/common/elasticsearch/templates/configmap-server-block.yaml @@ -0,0 +1,31 @@ +{{/* +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{- if .Values.nginx.serverBlock -}} + +apiVersion: v1 +kind: ConfigMap +{{ $suffix := "nginx-server-block" -}} +metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }} +data: + server-block.conf: |- +{{ if .Values.global.aafEnabled }} +{{ .Values.nginx.serverBlock.https | indent 4 }} +{{ else }} +{{ .Values.nginx.serverBlock.http | indent 4 }} + + +{{ end }} +{{- end -}} diff --git a/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml b/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml new file mode 100644 index 0000000000..65a7f462e1 --- /dev/null +++ b/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml @@ -0,0 +1,167 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apps/v1 +kind: Deployment +{{ $role := "coordinating-only" -}} +{{ $suffix := $role -}} +{{ $labels := (dict "role" $role "discovery" (include "elasticsearch.clustername" .)) -}} +metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }} +spec: + strategy: + type: {{ .Values.updateStrategy.type }} + {{- if (eq "Recreate" .Values.updateStrategy.type) }} + rollingUpdate: null + {{- end }} + selector: {{- include "common.selectors" (dict "matchLabels" $labels "dot" .) | nindent 4 }} + replicas: {{ .Values.replicaCount }} + template: + metadata: {{- include "common.templateMetadata" (dict "labels" $labels "dot" .) | nindent 6 }} + spec: +{{- include "elasticsearch.imagePullSecrets" . | nindent 6 }} + {{- if .Values.affinity }} + affinity: {{- include "common.tplValue" (dict "value" .Values.affinity "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplValue" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplValue" (dict "value" .Values.tolerations "context" $) | nindent 8 }} + {{- end }} + serviceAccountName: {{ template "elasticsearch.serviceAccountName" . }} + {{- if .Values.securityContext.enabled }} + securityContext: + fsGroup: {{ .Values.securityContext.fsGroup }} + {{- end }} + + ## Image that performs the sysctl operation to modify Kernel settings (needed sometimes to avoid boot errors) + initContainers: + {{- if .Values.sysctlImage.enabled }} + - name: sysctl + image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /bin/sh + - -c + - | + set -o errexit + set -o pipefail + set -o nounset + sysctl -w vm.max_map_count=262144 && sysctl -w fs.file-max=65536 + securityContext: + privileged: true + {{- end }} + {{ include "common.aaf-config" . | nindent 8}} + + containers: + - name: {{ include "common.name" . }}-nginx + image: {{printf "%s/%s:%s" (include "common.repository" .) .Values.nginx.imageName .Values.nginx.tag }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.nginx.pullPolicy | quote }} + ports: {{- include "common.containerPorts" . | indent 12 -}} + {{- if .Values.nginx.livenessProbe }} + livenessProbe: {{- toYaml .Values.nginx.livenessProbe | nindent 12 }} + {{- end }} + {{- if .Values.nginx.readinessProbe }} + readinessProbe: {{- toYaml .Values.nginx.readinessProbe | nindent 12 }} + {{- end }} + {{- if .Values.nginx.resources }} + resources: {{- toYaml .Values.nginx.resources | nindent 12 }} + {{- end }} + volumeMounts: + {{- if .Values.nginx.serverBlock }} + - name: nginx-server-block + mountPath: /opt/bitnami/nginx/conf/server_blocks + {{- end }} + {{- include "common.aaf-config-volume-mountpath" . | nindent 10 }} + + - name: {{ include "common.name" . }}-elasticsearch + image: {{ printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }} + {{- if .Values.securityContext.enabled }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + securityContext: + runAsUser: {{ .Values.securityContext.runAsUser }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" .Values.image.debug | quote }} + - name: ELASTICSEARCH_CLUSTER_NAME + value: {{ include "elasticsearch.clustername" .}} + - name: ELASTICSEARCH_CLUSTER_HOSTS + value: {{ include "common.name" . }}-discovery + {{- if .Values.plugins }} + - name: ELASTICSEARCH_PLUGINS + value: {{ .Values.plugins | quote }} + {{- end }} + - name: ELASTICSEARCH_HEAP_SIZE + value: {{ .Values.heapSize | quote }} + - name: ELASTICSEARCH_IS_DEDICATED_NODE + value: "yes" + - name: ELASTICSEARCH_NODE_TYPE + value: "coordinating" + - name: ELASTICSEARCH_PORT_NUMBER + value: "9000" + {{/*ports: {{- include "common.containerPorts" . | indent 12 -}} */}} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + httpGet: + path: /_cluster/health?local=true + port: http + {{- end }} + {{- if .Values.readinessProbe.enabled}} + readinessProbe: + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + httpGet: + path: /_cluster/health?local=true + port: http + {{- end }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end}} + volumeMounts: + {{- if .Values.config }} + - mountPath: /opt/bitnami/elasticsearch/config/elasticsearch.yml + name: config + subPath: elasticsearch.yml + {{- end }} + - name: data + mountPath: "/bitnami/elasticsearch/data/" + {{- if .Values.extraVolumeMounts }} + {{- toYaml .Values.extraVolumeMounts | nindent 12 }} + {{- end }} + volumes: + {{- if .Values.config }} + - name: config + configMap: + name: {{ include "common.fullname" . }} + {{- end }} + - name: data + emptyDir: {} + {{- if .Values.extraVolumes }} + {{- toYaml .Values.extraVolumes | nindent 8 }} + {{- end }} + {{- if .Values.nginx.serverBlock }} + - name: nginx-server-block + configMap: + name: {{ include "common.fullname" . }}-nginx-server-block + {{- end }} + {{- include "common.aaf-config-volumes" . | nindent 8}} + diff --git a/kubernetes/common/elasticsearch/templates/coordinating-svc-https.yaml b/kubernetes/common/elasticsearch/templates/coordinating-svc-https.yaml new file mode 100644 index 0000000000..610c7d68c1 --- /dev/null +++ b/kubernetes/common/elasticsearch/templates/coordinating-svc-https.yaml @@ -0,0 +1,18 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ $role := "coordinating-only" -}} +{{ $labels := (dict "role" $role) -}} +{{ $matchLabels := (dict "role" $role) }} +{{ include "common.service" (dict "labels" $labels "matchLabels" $matchLabels "dot" . ) }} diff --git a/kubernetes/common/elasticsearch/templates/discovery-svc.yaml b/kubernetes/common/elasticsearch/templates/discovery-svc.yaml new file mode 100644 index 0000000000..fa79c29eca --- /dev/null +++ b/kubernetes/common/elasticsearch/templates/discovery-svc.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- $matchLabels := (dict "discovery" (include "elasticsearch.clustername" .) "nameNoMatch" "useDiscoveryService") }} +{{ include "common.headlessService" (dict "matchLabels" $matchLabels "dot" .) }} diff --git a/kubernetes/common/elasticsearch/templates/secrets.yaml b/kubernetes/common/elasticsearch/templates/secrets.yaml new file mode 100644 index 0000000000..359e8975e1 --- /dev/null +++ b/kubernetes/common/elasticsearch/templates/secrets.yaml @@ -0,0 +1,15 @@ +# Copyright © 2018 Amdocs, Bell Canada +# Copyright © 2019 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{ include "common.secretFast" . }} diff --git a/kubernetes/common/elasticsearch/templates/serviceaccount.yaml b/kubernetes/common/elasticsearch/templates/serviceaccount.yaml new file mode 100644 index 0000000000..49ad504da6 --- /dev/null +++ b/kubernetes/common/elasticsearch/templates/serviceaccount.yaml @@ -0,0 +1,21 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +{{ $role := .Values.global.coordinating.name -}} +{{ $suffix := $role -}} +{{ $labels := (dict "role" $role) -}} +metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }} +{{- end }} diff --git a/kubernetes/common/elasticsearch/values.yaml b/kubernetes/common/elasticsearch/values.yaml new file mode 100644 index 0000000000..3627b2ea97 --- /dev/null +++ b/kubernetes/common/elasticsearch/values.yaml @@ -0,0 +1,329 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + aafEnabled: true + aafAgentImage: onap/aaf/aaf_agent:2.1.15 + nodePortPrefix: 302 + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + busyboxRepository: registry.hub.docker.com + busyboxImage: library/busybox:latest + clusterName: cluster.local + +persistence: + mountPath: /dockerdata-nfs + backup: + mountPath: /dockerdata-nfs/backup + storageClass: +repositoryOverride: docker.io + +################################################################# +# Application configuration defaults. +################################################################# +## Init containers parameters: +sysctlImage: + enabled: true + +# application image +image: + imageName: bitnami/elasticsearch + tag: 6.8.6-debian-9-r23 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + ## Set to true if you would like to see extra information on logs + ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging + ## + debug: false + +## String to partially override common.fullname template (will maintain the release name) +## +# nameOverride: + +## String to fully override common.fullname template +## +# fullnameOverride: +## updateStrategy for ElasticSearch coordinating deployment +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy +## +updateStrategy: + type: RollingUpdate +heapSize: 128m +## Provide annotations for the coordinating-only pods. +## +podAnnotations: {} +## Pod Security Context for coordinating-only pods. +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +## +securityContext: + enabled: true + fsGroup: 1001 + runAsUser: 1001 +## Affinity for pod assignment. +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +affinity: {} +## Node labels for pod assignment. Evaluated as a template. +## Ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +## Tolerations for pod assignment. Evaluated as a template. +## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] +## Elasticsearch coordinating-only container's resource requests and limits +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +resources: + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. + limits: {} + # cpu: 100m + # memory: 128Mi + requests: + cpu: 25m + memory: 256Mi +## Elasticsearch coordinating-only container's liveness and readiness probes +## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes +## +livenessProbe: + enabled: false +# initialDelaySeconds: 90 +# periodSeconds: 10 +# timeoutSeconds: 5 +# successThreshold: 1 +# failureThreshold: 5 +readinessProbe: + enabled: false +# initialDelaySeconds: 90 +# periodSeconds: 10 +# timeoutSeconds: 5 +# successThreshold: 1 +# failureThreshold: 5 +## Service parameters for coordinating-only node(s) +## +serviceAccount: + ## Specifies whether a ServiceAccount should be created for the coordinating node + ## + create: false + ## The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the fullname template + ## + # name: + +## Bitnami Minideb image version +## ref: https://hub.docker.com/r/bitnami/minideb/tags/ +## +sysctlImage: + enabled: true + imageName: bitnami/minideb + tag: stretch + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + +# nginx image +nginx: + imageName: bitnami/nginx + tag: 1.16-debian-9 + pullPolicy: IfNotPresent + service: + name: nginx + ports: + - name: elasticsearch + port: 8080 +## Custom server block to be added to NGINX configuration +## PHP-FPM example server block: + serverBlock: + https: |- + server { + listen 9200 ssl; + #server_name ; + # auth_basic "server auth"; + # auth_basic_user_file /etc/nginx/passwords; + ssl_certificate /opt/app/osaaf/local/certs/cert.pem; + ssl_certificate_key /opt/app/osaaf/local/certs/key.pem; + location / { + # deny node shutdown api + if ($request_filename ~ "_shutdown") { + return 403; + break; + } + + proxy_pass http://localhost:9000; + proxy_http_version 1.1; + proxy_set_header Connection "Keep-Alive"; + proxy_set_header Proxy-Connection "Keep-Alive"; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $http_host; + proxy_redirect off; + } + + location = / { + proxy_pass http://localhost:9000; + proxy_http_version 1.1; + proxy_set_header Connection "Keep-Alive"; + proxy_set_header Proxy-Connection "Keep-Alive"; + proxy_redirect off; + auth_basic "off"; + } + } + http: |- + server { + listen 9200 ; + #server_name ; + location / { + # deny node shutdown api + if ($request_filename ~ "_shutdown") { + return 403; + break; + } + + proxy_pass http://localhost:9000; + proxy_http_version 1.1; + proxy_set_header Connection "Keep-Alive"; + proxy_set_header Proxy-Connection "Keep-Alive"; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $http_host; + proxy_redirect off; + } + + location = / { + proxy_pass http://localhost:9000; + proxy_http_version 1.1; + proxy_set_header Connection "Keep-Alive"; + proxy_set_header Proxy-Connection "Keep-Alive"; + proxy_redirect off; + auth_basic "off"; + } + } +################################################################# +# coordinating service configuration defaults. +################################################################# + +service: + name: "" + suffix: "" + ## coordinating-only service type + ## + type: ClusterIP + headlessPorts: + - name: http-transport + port: 9300 + headless: + suffix: discovery + annotations: + service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" + publishNotReadyAddresses: true + ## Elasticsearch tREST API port + ## + ports: + - name: elasticsearch + port: 9200 + + + ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + # nodePort: + ## Provide any additional annotations which may be required. This can be used to + ## set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + annotations: {} + ## Set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + # loadBalancerIP: + ## Provide functionality to use RBAC + ## +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: &aaf_secret_uid elasticsearch-aaf-deploy-creds + type: basicAuth + externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDisabled" .Values.global.aafEnabled }}' + login: '{{ .Values.aafConfig.aafDeployFqi }}' + password: '{{ .Values.aafConfig.aafDeployPass }}' + passwordPolicy: required +################################################################# +# aaf configuration defaults. +################################################################# +aafConfig: + addconfig: true + fqdn: "elastic" + image: onap/aaf/aaf_agent:2.1.15 + app_ns: "org.osaaf.aaf" + fqi_namespace: org.onap.elastic + fqi: "elastic@elastic.onap.org" + public_fqdn: "aaf.osaaf.org" + deploy_fqi: "deployer@people.osaaf.org" + aafDeployFqi: "deployer@people.osaaf.org" + aafDeployPass: demo123456! + #aafDeployCredsExternalSecret: some secret + #cadi_latitude: "52.5" + #cadi_longitude: "13.4" + secret_uid: *aaf_secret_uid +################################################################# +# subcharts configuration defaults. +################################################################# + + +#data: +# enabled: false + +#curator: +# enabled: false + +## Change nameOverride to be consistent accross all elasticsearch (sub)-charts + +master: + replicaCount: 3 + # dedicatednode: "yes" + # working as master node only, in this case increase replicaCount for elasticsearch-data + # dedicatednode: "no" + # handles master and data node functionality + dedicatednode: "no" +data: + enabled: false +curator: + enabled: false diff --git a/kubernetes/common/mariadb-galera/resources/config/configure-mysql.sh b/kubernetes/common/mariadb-galera/resources/config/configure-mysql.sh new file mode 100755 index 0000000000..42c5c89726 --- /dev/null +++ b/kubernetes/common/mariadb-galera/resources/config/configure-mysql.sh @@ -0,0 +1,89 @@ +#!/bin/bash +# +# Adfinis SyGroup AG +# openshift-mariadb-galera: mysql setup script +# + +set -eox pipefail + +echo 'Running mysql_install_db ...' +mysql_install_db --datadir=/var/lib/mysql +echo 'Finished mysql_install_db' + +mysqld --skip-networking --socket=/var/lib/mysql/mysql-init.sock --wsrep_on=OFF & +pid="$!" + +mysql=( mysql --protocol=socket -uroot -hlocalhost --socket=/var/lib/mysql/mysql-init.sock ) + +for i in {30..0}; do + if echo 'SELECT 1' | "${mysql[@]}" &> /dev/null; then + break + fi + echo 'MySQL init process in progress...' + sleep 1 +done +if [ "$i" = 0 ]; then + echo >&2 'MySQL init process failed.' + exit 1 +fi + +if [ -z "$MYSQL_INITDB_SKIP_TZINFO" ]; then + # sed is for https://bugs.mysql.com/bug.php?id=20545 + mysql_tzinfo_to_sql /usr/share/zoneinfo | sed 's/Local time zone must be set--see zic manual page/FCTY/' | "${mysql[@]}" mysql +fi + +function prepare_password { + echo -n $1 | sed -e "s/'/''/g" +} + +mysql_root_password=`prepare_password $MYSQL_ROOT_PASSWORD` +# add MariaDB root user +"${mysql[@]}" <<-EOSQL +-- What's done in this file shouldn't be replicated +-- or products like mysql-fabric won't work +SET @@SESSION.SQL_LOG_BIN=0; + +DELETE FROM mysql.user ; +CREATE USER 'root'@'%' IDENTIFIED BY '${mysql_root_password}' ; +GRANT ALL ON *.* TO 'root'@'%' WITH GRANT OPTION ; +DROP DATABASE IF EXISTS test ; +FLUSH PRIVILEGES ; +EOSQL + +# add root password for subsequent calls to mysql +if [ ! -z "$MYSQL_ROOT_PASSWORD" ]; then + mysql+=( -p"${MYSQL_ROOT_PASSWORD}" ) +fi + +# add users require for Galera +# TODO: make them somehow configurable +"${mysql[@]}" <<-EOSQL +CREATE USER 'xtrabackup_sst'@'localhost' IDENTIFIED BY 'xtrabackup_sst' ; +GRANT RELOAD, LOCK TABLES, REPLICATION CLIENT ON *.* TO 'xtrabackup_sst'@'localhost' ; +CREATE USER 'readinessProbe'@'localhost' IDENTIFIED BY 'readinessProbe'; +EOSQL + +if [ "$MYSQL_DATABASE" ]; then + echo "CREATE DATABASE IF NOT EXISTS \`$MYSQL_DATABASE\` ;" | "${mysql[@]}" + mysql+=( "$MYSQL_DATABASE" ) +fi + +if [ "$MYSQL_USER" -a "$MYSQL_PASSWORD" ]; then + mysql_password=`prepare_password $MYSQL_PASSWORD` + echo "CREATE USER '$MYSQL_USER'@'%' IDENTIFIED BY '$mysql_password' ;" | "${mysql[@]}" + + if [ "$MYSQL_DATABASE" ]; then + echo "GRANT ALL ON \`$MYSQL_DATABASE\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}" + fi + + echo 'FLUSH PRIVILEGES ;' | "${mysql[@]}" +fi + +if ! kill -s TERM "$pid" || ! wait "$pid"; then + echo >&2 'MySQL init process failed.' + exit 1 +fi + +echo +echo 'MySQL init process done. Ready for start up.' +echo diff --git a/kubernetes/common/mariadb-galera/templates/configmap.yaml b/kubernetes/common/mariadb-galera/templates/configmap.yaml index e7bb701930..a7064d7ce4 100644 --- a/kubernetes/common/mariadb-galera/templates/configmap.yaml +++ b/kubernetes/common/mariadb-galera/templates/configmap.yaml @@ -1,5 +1,6 @@ {{/* # Copyright © 2018 Amdocs, Bell Canada +# Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -28,4 +29,17 @@ metadata: data: my_extra.cnf: | {{ .Values.externalConfig | indent 4 }} -{{- end -}} +{{- end }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} diff --git a/kubernetes/common/mariadb-galera/templates/statefulset.yaml b/kubernetes/common/mariadb-galera/templates/statefulset.yaml index 7157e3390b..855d50e5ea 100644 --- a/kubernetes/common/mariadb-galera/templates/statefulset.yaml +++ b/kubernetes/common/mariadb-galera/templates/statefulset.yaml @@ -47,6 +47,10 @@ spec: configMap: name: {{ include "common.fullname" . }}-external-config {{- end}} + - name: init-script + configMap: + name: {{ include "common.fullname" . }} + defaultMode: 0755 - name: localtime hostPath: path: /etc/localtime @@ -104,6 +108,9 @@ spec: - mountPath: /etc/localtime name: localtime readOnly: true + - mountPath: /usr/share/container-scripts/mysql/configure-mysql.sh + subPath: configure-mysql.sh + name: init-script {{- if .Values.persistence.enabled }} - mountPath: /var/lib/mysql name: {{ include "common.fullname" . }}-data diff --git a/kubernetes/common/mariadb-galera/values.yaml b/kubernetes/common/mariadb-galera/values.yaml index dabf21da79..6decff2463 100644 --- a/kubernetes/common/mariadb-galera/values.yaml +++ b/kubernetes/common/mariadb-galera/values.yaml @@ -58,7 +58,7 @@ pullPolicy: IfNotPresent # application configuration config: # .mariadbRootPasswordExternalSecret: 'some-external-secret' - mariadbRootPassword: secretpassword + # mariadbRootPassword: secretpassword # .userCredentialsExternalSecret: 'some-external-secret' userName: my-user # userPassword: my-password diff --git a/kubernetes/contrib/Makefile b/kubernetes/contrib/Makefile new file mode 100644 index 0000000000..eb9f025fc8 --- /dev/null +++ b/kubernetes/contrib/Makefile @@ -0,0 +1,31 @@ +# Copyright © 2018 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +make-contrib: make-contrib-awx make-contrib-netbox make-contrib-ejbca make-contrib-core + +make-contrib-awx: + cd components && helm dep up awx && helm lint awx + +make-contrib-ejbca: + cd components && helm dep up ejbca && helm lint ejbca + +make-contrib-netbox: + cd components && helm dep up netbox && helm lint netbox + +make-contrib-core: + helm dep up . && helm lint . + +clean: + @find . -type f -name '*.tgz' -delete + @find . -type f -name '*.lock' -delete diff --git a/kubernetes/contrib/charts/awx/Chart.yaml b/kubernetes/contrib/components/awx/Chart.yaml similarity index 100% rename from kubernetes/contrib/charts/awx/Chart.yaml rename to kubernetes/contrib/components/awx/Chart.yaml diff --git a/kubernetes/contrib/charts/awx/Makefile b/kubernetes/contrib/components/awx/Makefile similarity index 100% rename from kubernetes/contrib/charts/awx/Makefile rename to kubernetes/contrib/components/awx/Makefile diff --git a/kubernetes/contrib/charts/awx/charts/awx-postgres/Chart.yaml b/kubernetes/contrib/components/awx/charts/awx-postgres/Chart.yaml similarity index 100% rename from kubernetes/contrib/charts/awx/charts/awx-postgres/Chart.yaml rename to kubernetes/contrib/components/awx/charts/awx-postgres/Chart.yaml diff --git a/kubernetes/contrib/charts/awx/charts/awx-postgres/templates/NOTES.txt b/kubernetes/contrib/components/awx/charts/awx-postgres/templates/NOTES.txt similarity index 100% rename from kubernetes/contrib/charts/awx/charts/awx-postgres/templates/NOTES.txt rename to kubernetes/contrib/components/awx/charts/awx-postgres/templates/NOTES.txt diff --git a/kubernetes/contrib/charts/awx/charts/awx-postgres/templates/deployment.yaml b/kubernetes/contrib/components/awx/charts/awx-postgres/templates/deployment.yaml similarity index 100% rename from kubernetes/contrib/charts/awx/charts/awx-postgres/templates/deployment.yaml rename to kubernetes/contrib/components/awx/charts/awx-postgres/templates/deployment.yaml diff --git a/kubernetes/contrib/charts/awx/charts/awx-postgres/templates/pv.yaml b/kubernetes/contrib/components/awx/charts/awx-postgres/templates/pv.yaml similarity index 100% rename from kubernetes/contrib/charts/awx/charts/awx-postgres/templates/pv.yaml rename to kubernetes/contrib/components/awx/charts/awx-postgres/templates/pv.yaml diff --git a/kubernetes/contrib/charts/awx/charts/awx-postgres/templates/pvc.yaml b/kubernetes/contrib/components/awx/charts/awx-postgres/templates/pvc.yaml similarity index 100% rename from kubernetes/contrib/charts/awx/charts/awx-postgres/templates/pvc.yaml rename to kubernetes/contrib/components/awx/charts/awx-postgres/templates/pvc.yaml diff --git a/kubernetes/contrib/charts/awx/charts/awx-postgres/templates/service.yaml b/kubernetes/contrib/components/awx/charts/awx-postgres/templates/service.yaml similarity index 100% rename from kubernetes/contrib/charts/awx/charts/awx-postgres/templates/service.yaml rename to kubernetes/contrib/components/awx/charts/awx-postgres/templates/service.yaml diff --git a/kubernetes/contrib/charts/awx/charts/awx-postgres/values.yaml b/kubernetes/contrib/components/awx/charts/awx-postgres/values.yaml similarity index 100% rename from kubernetes/contrib/charts/awx/charts/awx-postgres/values.yaml rename to kubernetes/contrib/components/awx/charts/awx-postgres/values.yaml diff --git a/kubernetes/contrib/charts/awx/charts/awx/Chart.yaml b/kubernetes/contrib/components/awx/charts/awx/Chart.yaml similarity index 100% rename from kubernetes/contrib/charts/awx/charts/awx/Chart.yaml rename to kubernetes/contrib/components/awx/charts/awx/Chart.yaml diff --git a/kubernetes/contrib/charts/awx/charts/awx/resources/config/credentials.py b/kubernetes/contrib/components/awx/charts/awx/resources/config/credentials.py similarity index 100% rename from kubernetes/contrib/charts/awx/charts/awx/resources/config/credentials.py rename to kubernetes/contrib/components/awx/charts/awx/resources/config/credentials.py diff --git a/kubernetes/contrib/charts/awx/charts/awx/resources/config/environment.sh b/kubernetes/contrib/components/awx/charts/awx/resources/config/environment.sh similarity index 100% rename from kubernetes/contrib/charts/awx/charts/awx/resources/config/environment.sh rename to kubernetes/contrib/components/awx/charts/awx/resources/config/environment.sh diff --git a/kubernetes/contrib/charts/awx/charts/awx/templates/configmap.yaml b/kubernetes/contrib/components/awx/charts/awx/templates/configmap.yaml similarity index 100% rename from kubernetes/contrib/charts/awx/charts/awx/templates/configmap.yaml rename to kubernetes/contrib/components/awx/charts/awx/templates/configmap.yaml diff --git a/kubernetes/contrib/charts/awx/charts/awx/templates/job.yaml b/kubernetes/contrib/components/awx/charts/awx/templates/job.yaml similarity index 100% rename from kubernetes/contrib/charts/awx/charts/awx/templates/job.yaml rename to kubernetes/contrib/components/awx/charts/awx/templates/job.yaml diff --git a/kubernetes/contrib/charts/awx/charts/awx/templates/secret.yaml b/kubernetes/contrib/components/awx/charts/awx/templates/secret.yaml similarity index 100% rename from kubernetes/contrib/charts/awx/charts/awx/templates/secret.yaml rename to kubernetes/contrib/components/awx/charts/awx/templates/secret.yaml diff --git a/kubernetes/contrib/charts/awx/charts/awx/templates/service.yaml b/kubernetes/contrib/components/awx/charts/awx/templates/service.yaml similarity index 100% rename from kubernetes/contrib/charts/awx/charts/awx/templates/service.yaml rename to kubernetes/contrib/components/awx/charts/awx/templates/service.yaml diff --git a/kubernetes/contrib/charts/awx/charts/awx/templates/serviceaccout.yaml b/kubernetes/contrib/components/awx/charts/awx/templates/serviceaccout.yaml similarity index 100% rename from kubernetes/contrib/charts/awx/charts/awx/templates/serviceaccout.yaml rename to kubernetes/contrib/components/awx/charts/awx/templates/serviceaccout.yaml diff --git a/kubernetes/contrib/charts/awx/charts/awx/templates/statefulset.yaml b/kubernetes/contrib/components/awx/charts/awx/templates/statefulset.yaml similarity index 100% rename from kubernetes/contrib/charts/awx/charts/awx/templates/statefulset.yaml rename to kubernetes/contrib/components/awx/charts/awx/templates/statefulset.yaml diff --git a/kubernetes/contrib/charts/awx/charts/awx/values.yaml b/kubernetes/contrib/components/awx/charts/awx/values.yaml similarity index 100% rename from kubernetes/contrib/charts/awx/charts/awx/values.yaml rename to kubernetes/contrib/components/awx/charts/awx/values.yaml diff --git a/kubernetes/contrib/charts/awx/requirements.yaml b/kubernetes/contrib/components/awx/requirements.yaml similarity index 100% rename from kubernetes/contrib/charts/awx/requirements.yaml rename to kubernetes/contrib/components/awx/requirements.yaml diff --git a/kubernetes/contrib/charts/awx/values.yaml b/kubernetes/contrib/components/awx/values.yaml similarity index 100% rename from kubernetes/contrib/charts/awx/values.yaml rename to kubernetes/contrib/components/awx/values.yaml diff --git a/kubernetes/contrib/components/ejbca/Chart.yaml b/kubernetes/contrib/components/ejbca/Chart.yaml new file mode 100644 index 0000000000..4de6930f0c --- /dev/null +++ b/kubernetes/contrib/components/ejbca/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2020 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP EJBCA test server +name: ejbca +version: 6.0.0 diff --git a/kubernetes/contrib/components/ejbca/requirements.yaml b/kubernetes/contrib/components/ejbca/requirements.yaml new file mode 100644 index 0000000000..e87bc08da3 --- /dev/null +++ b/kubernetes/contrib/components/ejbca/requirements.yaml @@ -0,0 +1,25 @@ +# Copyright © 2020 Orange, Ericsson +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: mariadb-galera + version: ~6.x-0 + repository: '@local' + condition: global.mariadbGalera.localCluster + - name: mariadb-init + version: ~6.x-0 + repository: '@local' + condition: not global.mariadbGalera.localCluster diff --git a/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh b/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh new file mode 100755 index 0000000000..f1bd07e158 --- /dev/null +++ b/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh @@ -0,0 +1,28 @@ +#!/bin/bash + +waitForEjbcaToStart() { + until $(curl -kI https://localhost:8443/ejbca/publicweb/healthcheck/ejbcahealth --output /dev/null --silent --head --fail) + do + sleep 5 + done +} + +configureEjbca() { + ejbca.sh config cmp addalias --alias cmpRA + ejbca.sh config cmp updatealias --alias cmpRA --key operationmode --value ra + ejbca.sh ca editca --caname ManagementCA --field cmpRaAuthSecret --value ${RA_IAK} + ejbca.sh config cmp updatealias --alias cmpRA --key responseprotection --value pbe + ejbca.sh config cmp dumpalias --alias cmpRA + ejbca.sh config cmp addalias --alias cmp + ejbca.sh config cmp updatealias --alias cmp --key allowautomatickeyupdate --value true + ejbca.sh config cmp updatealias --alias cmp --key responseprotection --value pbe + ejbca.sh ra addendentity --username Node123 --dn "CN=Node123" --caname ManagementCA --password ${CLIENT_IAK} --type 1 --token USERGENERATED + ejbca.sh ra setclearpwd --username Node123 --password ${CLIENT_IAK} + ejbca.sh config cmp updatealias --alias cmp --key extractusernamecomponent --value CN + ejbca.sh config cmp dumpalias --alias cmp + ejbca.sh ca getcacert --caname ManagementCA -f /dev/stdout > cacert.pem +} + + +waitForEjbcaToStart +configureEjbca diff --git a/kubernetes/contrib/components/ejbca/templates/configmap.yaml b/kubernetes/contrib/components/ejbca/templates/configmap.yaml new file mode 100644 index 0000000000..d336bc9a94 --- /dev/null +++ b/kubernetes/contrib/components/ejbca/templates/configmap.yaml @@ -0,0 +1,20 @@ +# Copyright © 2020, Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: "{{ include "common.fullname" . }}-config-script" +data: +{{ tpl (.Files.Glob "resources/ejbca-config.sh").AsConfig . | indent 2 }} diff --git a/kubernetes/contrib/components/ejbca/templates/deployment.yaml b/kubernetes/contrib/components/ejbca/templates/deployment.yaml new file mode 100644 index 0000000000..c6981e5fc4 --- /dev/null +++ b/kubernetes/contrib/components/ejbca/templates/deployment.yaml @@ -0,0 +1,92 @@ +# Copyright © 2020, Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: {{- include "common.selectors" . | nindent 4 }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + initContainers: + - name: {{ include "common.name" . }}-db-readiness + command: + - /root/ready.py + args: + - --container-name + {{- if .Values.global.mariadbGalera.localCluster }} + - ejbca-galera + {{- else }} + - ejbca-config + {{- end }} + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + containers: + - name: {{ include "common.name" . }}-ejbca + image: {{ .Values.ejbca.image }} + imagePullPolicy: {{ .Values.pullPolicy }} + lifecycle: + postStart: + exec: + command: ["/bin/sh", "-c", "/opt/primekey/scripts/ejbca-config.sh"] + volumeMounts: + - name: "{{ include "common.fullname" . }}-volume" + mountPath: /opt/primekey/scripts/ + ports: {{ include "common.containerPorts" . | nindent 10 }} + env: + - name: INITIAL_ADMIN + value: ";PublicAccessAuthenticationToken:TRANSPORT_ANY;" + - name: DATABASE_JDBC_URL + value: jdbc:mariadb://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{ .Values.mysqlDatabase }} + - name: DATABASE_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-db-secret" "key" "login") | indent 10 }} + - name: DATABASE_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-db-secret" "key" "password") | indent 10 }} + - name: RA_IAK + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-server-ra-iak" "key" "password") | indent 10 }} + - name: CLIENT_IAK + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-server-client-iak" "key" "password") | indent 10 }} + livenessProbe: + httpGet: + port: {{ .Values.liveness.port }} + path: {{ .Values.liveness.path }} + scheme: HTTPS + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + readinessProbe: + httpGet: + port: {{ .Values.readiness.port }} + path: {{ .Values.readiness.path }} + scheme: HTTPS + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + {{- if .Values.nodeSelector }} + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: {{ toYaml .Values.affinity | nindent 10 }} + {{- end }} + volumes: + - configMap: + name: "{{ include "common.fullname" . }}-config-script" + defaultMode: 0755 + name: "{{ include "common.fullname" . }}-volume" diff --git a/kubernetes/contrib/components/ejbca/templates/secret.yaml b/kubernetes/contrib/components/ejbca/templates/secret.yaml new file mode 100644 index 0000000000..ecb51ae4d3 --- /dev/null +++ b/kubernetes/contrib/components/ejbca/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020, Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/contrib/components/ejbca/templates/service.yaml b/kubernetes/contrib/components/ejbca/templates/service.yaml new file mode 100644 index 0000000000..01680ee78e --- /dev/null +++ b/kubernetes/contrib/components/ejbca/templates/service.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020, Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.service" . }} diff --git a/kubernetes/contrib/components/ejbca/values.yaml b/kubernetes/contrib/components/ejbca/values.yaml new file mode 100644 index 0000000000..0db7ca14be --- /dev/null +++ b/kubernetes/contrib/components/ejbca/values.yaml @@ -0,0 +1,105 @@ +# Copyright © 2020, Nordix Foundation, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +global: + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.1 + mariadbGalera: &mariadbGalera + #This flag allows EJBCA to instantiate its own mariadb-galera cluster + localCluster: false + service: mariadb-galera + internalPort: 3306 + nameOverride: mariadb-galera + +secrets: + - uid: ejbca-db-secret + name: &ejbca-db-secret '{{ include "common.release" . }}-ejbca-db-secret' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.db.userName }}' + password: '{{ .Values.config.db.userPassword }}' + - uid: ejbca-server-ra-iak + name: '{{ include "common.release" . }}-ejbca-ra-iak' + type: password + password: '{{ .Values.config.ejbca.raIak }}' + - uid: ejbca-server-client-iak + name: '{{ include "common.release" . }}-ejbca-client-iak' + type: password + password: '{{ .Values.config.ejbca.clientIak }}' + +# application configuration +config: + db: + userName: ejbca + # userPassword: password + # userCredentialsExternalSecret: some-secret + ejbca: {} + # raIak: mypassword + # clientIak: mypassword + +mysqlDatabase: &dbName ejbca + +################################################################# +# Application configuration defaults. +################################################################# +# application configuration +replicaCount: 1 + +ejbca: + image: primekey/ejbca-ce:6.15.2.5 +pullPolicy: Always + +mariadb-galera: + # '&mariadbConfig' means we "store" the values for later use in the file + # with '*mariadbConfig' pointer. + config: &mariadbConfig + userCredentialsExternalSecret: *ejbca-db-secret + mysqlDatabase: *dbName + nameOverride: ejbca-galera + service: + name: ejbca-galera + portName: ejbca-galera + internalPort: 3306 + replicaCount: 1 + persistence: + enabled: true + mountSubPath: ejbca/maria/data + +mariadb-init: + config: *mariadbConfig + nameOverride: ejbca-config + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + path: /ejbca/publicweb/healthcheck/ejbcahealth + port: api + initialDelaySeconds: 30 + periodSeconds: 30 + +readiness: + path: /ejbca/publicweb/healthcheck/ejbcahealth + port: api + initialDelaySeconds: 30 + periodSeconds: 30 + +service: + type: ClusterIP + ports: + - name: api + port: 8443 + plain_port: 8080 + port_protocol: http diff --git a/kubernetes/contrib/charts/netbox/.helmignore b/kubernetes/contrib/components/netbox/.helmignore similarity index 100% rename from kubernetes/contrib/charts/netbox/.helmignore rename to kubernetes/contrib/components/netbox/.helmignore diff --git a/kubernetes/contrib/charts/netbox/Chart.yaml b/kubernetes/contrib/components/netbox/Chart.yaml similarity index 100% rename from kubernetes/contrib/charts/netbox/Chart.yaml rename to kubernetes/contrib/components/netbox/Chart.yaml diff --git a/kubernetes/contrib/charts/netbox/Makefile b/kubernetes/contrib/components/netbox/Makefile similarity index 100% rename from kubernetes/contrib/charts/netbox/Makefile rename to kubernetes/contrib/components/netbox/Makefile diff --git a/kubernetes/contrib/charts/netbox/charts/netbox-app/.helmignore b/kubernetes/contrib/components/netbox/charts/netbox-app/.helmignore similarity index 100% rename from kubernetes/contrib/charts/netbox/charts/netbox-app/.helmignore rename to kubernetes/contrib/components/netbox/charts/netbox-app/.helmignore diff --git a/kubernetes/contrib/charts/netbox/charts/netbox-app/Chart.yaml b/kubernetes/contrib/components/netbox/charts/netbox-app/Chart.yaml similarity index 100% rename from kubernetes/contrib/charts/netbox/charts/netbox-app/Chart.yaml rename to kubernetes/contrib/components/netbox/charts/netbox-app/Chart.yaml diff --git a/kubernetes/contrib/charts/netbox/charts/netbox-app/resources/config/configuration/configuration.py b/kubernetes/contrib/components/netbox/charts/netbox-app/resources/config/configuration/configuration.py similarity index 100% rename from kubernetes/contrib/charts/netbox/charts/netbox-app/resources/config/configuration/configuration.py rename to kubernetes/contrib/components/netbox/charts/netbox-app/resources/config/configuration/configuration.py diff --git a/kubernetes/contrib/charts/netbox/charts/netbox-app/resources/config/configuration/gunicorn_config.py b/kubernetes/contrib/components/netbox/charts/netbox-app/resources/config/configuration/gunicorn_config.py similarity index 100% rename from kubernetes/contrib/charts/netbox/charts/netbox-app/resources/config/configuration/gunicorn_config.py rename to kubernetes/contrib/components/netbox/charts/netbox-app/resources/config/configuration/gunicorn_config.py diff --git a/kubernetes/contrib/charts/netbox/charts/netbox-app/resources/config/configuration/ldap_config.py b/kubernetes/contrib/components/netbox/charts/netbox-app/resources/config/configuration/ldap_config.py similarity index 100% rename from kubernetes/contrib/charts/netbox/charts/netbox-app/resources/config/configuration/ldap_config.py rename to kubernetes/contrib/components/netbox/charts/netbox-app/resources/config/configuration/ldap_config.py diff --git a/kubernetes/contrib/charts/netbox/charts/netbox-app/resources/config/initializers/custom_fields.yml b/kubernetes/contrib/components/netbox/charts/netbox-app/resources/config/initializers/custom_fields.yml similarity index 100% rename from kubernetes/contrib/charts/netbox/charts/netbox-app/resources/config/initializers/custom_fields.yml rename to kubernetes/contrib/components/netbox/charts/netbox-app/resources/config/initializers/custom_fields.yml diff --git a/kubernetes/contrib/charts/netbox/charts/netbox-app/resources/config/initializers/groups.yml b/kubernetes/contrib/components/netbox/charts/netbox-app/resources/config/initializers/groups.yml similarity index 100% rename from kubernetes/contrib/charts/netbox/charts/netbox-app/resources/config/initializers/groups.yml rename to kubernetes/contrib/components/netbox/charts/netbox-app/resources/config/initializers/groups.yml diff --git a/kubernetes/contrib/charts/netbox/charts/netbox-app/resources/config/initializers/users.yml b/kubernetes/contrib/components/netbox/charts/netbox-app/resources/config/initializers/users.yml similarity index 100% rename from kubernetes/contrib/charts/netbox/charts/netbox-app/resources/config/initializers/users.yml rename to kubernetes/contrib/components/netbox/charts/netbox-app/resources/config/initializers/users.yml diff --git a/kubernetes/contrib/charts/netbox/charts/netbox-app/resources/config/provisioning/provision.sh b/kubernetes/contrib/components/netbox/charts/netbox-app/resources/config/provisioning/provision.sh similarity index 100% rename from kubernetes/contrib/charts/netbox/charts/netbox-app/resources/config/provisioning/provision.sh rename to kubernetes/contrib/components/netbox/charts/netbox-app/resources/config/provisioning/provision.sh diff --git a/kubernetes/contrib/charts/netbox/charts/netbox-app/resources/config/startup_scripts/00_users.py b/kubernetes/contrib/components/netbox/charts/netbox-app/resources/config/startup_scripts/00_users.py similarity index 100% rename from kubernetes/contrib/charts/netbox/charts/netbox-app/resources/config/startup_scripts/00_users.py rename to kubernetes/contrib/components/netbox/charts/netbox-app/resources/config/startup_scripts/00_users.py diff --git a/kubernetes/contrib/charts/netbox/charts/netbox-app/resources/config/startup_scripts/10_groups.py b/kubernetes/contrib/components/netbox/charts/netbox-app/resources/config/startup_scripts/10_groups.py similarity index 100% rename from kubernetes/contrib/charts/netbox/charts/netbox-app/resources/config/startup_scripts/10_groups.py rename to kubernetes/contrib/components/netbox/charts/netbox-app/resources/config/startup_scripts/10_groups.py diff --git a/kubernetes/contrib/charts/netbox/charts/netbox-app/resources/config/startup_scripts/20_custom_fields.py b/kubernetes/contrib/components/netbox/charts/netbox-app/resources/config/startup_scripts/20_custom_fields.py similarity index 100% rename from kubernetes/contrib/charts/netbox/charts/netbox-app/resources/config/startup_scripts/20_custom_fields.py rename to kubernetes/contrib/components/netbox/charts/netbox-app/resources/config/startup_scripts/20_custom_fields.py diff --git a/kubernetes/contrib/charts/netbox/charts/netbox-app/templates/NOTES.txt b/kubernetes/contrib/components/netbox/charts/netbox-app/templates/NOTES.txt similarity index 100% rename from kubernetes/contrib/charts/netbox/charts/netbox-app/templates/NOTES.txt rename to kubernetes/contrib/components/netbox/charts/netbox-app/templates/NOTES.txt diff --git a/kubernetes/contrib/charts/netbox/charts/netbox-app/templates/configmap.yaml b/kubernetes/contrib/components/netbox/charts/netbox-app/templates/configmap.yaml similarity index 100% rename from kubernetes/contrib/charts/netbox/charts/netbox-app/templates/configmap.yaml rename to kubernetes/contrib/components/netbox/charts/netbox-app/templates/configmap.yaml diff --git a/kubernetes/contrib/charts/netbox/charts/netbox-app/templates/deployment.yaml b/kubernetes/contrib/components/netbox/charts/netbox-app/templates/deployment.yaml similarity index 100% rename from kubernetes/contrib/charts/netbox/charts/netbox-app/templates/deployment.yaml rename to kubernetes/contrib/components/netbox/charts/netbox-app/templates/deployment.yaml diff --git a/kubernetes/contrib/charts/netbox/charts/netbox-app/templates/job.yaml b/kubernetes/contrib/components/netbox/charts/netbox-app/templates/job.yaml similarity index 100% rename from kubernetes/contrib/charts/netbox/charts/netbox-app/templates/job.yaml rename to kubernetes/contrib/components/netbox/charts/netbox-app/templates/job.yaml diff --git a/kubernetes/contrib/charts/netbox/charts/netbox-app/templates/pv.yaml b/kubernetes/contrib/components/netbox/charts/netbox-app/templates/pv.yaml similarity index 100% rename from kubernetes/contrib/charts/netbox/charts/netbox-app/templates/pv.yaml rename to kubernetes/contrib/components/netbox/charts/netbox-app/templates/pv.yaml diff --git a/kubernetes/contrib/charts/netbox/charts/netbox-app/templates/pvc.yaml b/kubernetes/contrib/components/netbox/charts/netbox-app/templates/pvc.yaml similarity index 100% rename from kubernetes/contrib/charts/netbox/charts/netbox-app/templates/pvc.yaml rename to kubernetes/contrib/components/netbox/charts/netbox-app/templates/pvc.yaml diff --git a/kubernetes/contrib/charts/netbox/charts/netbox-app/templates/secrets.yaml b/kubernetes/contrib/components/netbox/charts/netbox-app/templates/secrets.yaml similarity index 100% rename from kubernetes/contrib/charts/netbox/charts/netbox-app/templates/secrets.yaml rename to kubernetes/contrib/components/netbox/charts/netbox-app/templates/secrets.yaml diff --git a/kubernetes/contrib/charts/netbox/charts/netbox-app/templates/service.yaml b/kubernetes/contrib/components/netbox/charts/netbox-app/templates/service.yaml similarity index 100% rename from kubernetes/contrib/charts/netbox/charts/netbox-app/templates/service.yaml rename to kubernetes/contrib/components/netbox/charts/netbox-app/templates/service.yaml diff --git a/kubernetes/contrib/charts/netbox/charts/netbox-app/values.yaml b/kubernetes/contrib/components/netbox/charts/netbox-app/values.yaml similarity index 100% rename from kubernetes/contrib/charts/netbox/charts/netbox-app/values.yaml rename to kubernetes/contrib/components/netbox/charts/netbox-app/values.yaml diff --git a/kubernetes/contrib/charts/netbox/charts/netbox-nginx/.helmignore b/kubernetes/contrib/components/netbox/charts/netbox-nginx/.helmignore similarity index 100% rename from kubernetes/contrib/charts/netbox/charts/netbox-nginx/.helmignore rename to kubernetes/contrib/components/netbox/charts/netbox-nginx/.helmignore diff --git a/kubernetes/contrib/charts/netbox/charts/netbox-nginx/Chart.yaml b/kubernetes/contrib/components/netbox/charts/netbox-nginx/Chart.yaml similarity index 100% rename from kubernetes/contrib/charts/netbox/charts/netbox-nginx/Chart.yaml rename to kubernetes/contrib/components/netbox/charts/netbox-nginx/Chart.yaml diff --git a/kubernetes/contrib/charts/netbox/charts/netbox-nginx/resources/config/nginx.conf b/kubernetes/contrib/components/netbox/charts/netbox-nginx/resources/config/nginx.conf similarity index 100% rename from kubernetes/contrib/charts/netbox/charts/netbox-nginx/resources/config/nginx.conf rename to kubernetes/contrib/components/netbox/charts/netbox-nginx/resources/config/nginx.conf diff --git a/kubernetes/contrib/charts/netbox/charts/netbox-nginx/templates/NOTES.txt b/kubernetes/contrib/components/netbox/charts/netbox-nginx/templates/NOTES.txt similarity index 100% rename from kubernetes/contrib/charts/netbox/charts/netbox-nginx/templates/NOTES.txt rename to kubernetes/contrib/components/netbox/charts/netbox-nginx/templates/NOTES.txt diff --git a/kubernetes/contrib/charts/netbox/charts/netbox-nginx/templates/configmap.yaml b/kubernetes/contrib/components/netbox/charts/netbox-nginx/templates/configmap.yaml similarity index 100% rename from kubernetes/contrib/charts/netbox/charts/netbox-nginx/templates/configmap.yaml rename to kubernetes/contrib/components/netbox/charts/netbox-nginx/templates/configmap.yaml diff --git a/kubernetes/contrib/charts/netbox/charts/netbox-nginx/templates/deployment.yaml b/kubernetes/contrib/components/netbox/charts/netbox-nginx/templates/deployment.yaml similarity index 100% rename from kubernetes/contrib/charts/netbox/charts/netbox-nginx/templates/deployment.yaml rename to kubernetes/contrib/components/netbox/charts/netbox-nginx/templates/deployment.yaml diff --git a/kubernetes/contrib/charts/netbox/charts/netbox-nginx/templates/service.yaml b/kubernetes/contrib/components/netbox/charts/netbox-nginx/templates/service.yaml similarity index 100% rename from kubernetes/contrib/charts/netbox/charts/netbox-nginx/templates/service.yaml rename to kubernetes/contrib/components/netbox/charts/netbox-nginx/templates/service.yaml diff --git a/kubernetes/contrib/charts/netbox/charts/netbox-nginx/values.yaml b/kubernetes/contrib/components/netbox/charts/netbox-nginx/values.yaml similarity index 100% rename from kubernetes/contrib/charts/netbox/charts/netbox-nginx/values.yaml rename to kubernetes/contrib/components/netbox/charts/netbox-nginx/values.yaml diff --git a/kubernetes/contrib/charts/netbox/charts/netbox-postgres/.helmignore b/kubernetes/contrib/components/netbox/charts/netbox-postgres/.helmignore similarity index 100% rename from kubernetes/contrib/charts/netbox/charts/netbox-postgres/.helmignore rename to kubernetes/contrib/components/netbox/charts/netbox-postgres/.helmignore diff --git a/kubernetes/contrib/charts/netbox/charts/netbox-postgres/Chart.yaml b/kubernetes/contrib/components/netbox/charts/netbox-postgres/Chart.yaml similarity index 100% rename from kubernetes/contrib/charts/netbox/charts/netbox-postgres/Chart.yaml rename to kubernetes/contrib/components/netbox/charts/netbox-postgres/Chart.yaml diff --git a/kubernetes/contrib/charts/netbox/charts/netbox-postgres/templates/NOTES.txt b/kubernetes/contrib/components/netbox/charts/netbox-postgres/templates/NOTES.txt similarity index 100% rename from kubernetes/contrib/charts/netbox/charts/netbox-postgres/templates/NOTES.txt rename to kubernetes/contrib/components/netbox/charts/netbox-postgres/templates/NOTES.txt diff --git a/kubernetes/contrib/charts/netbox/charts/netbox-postgres/templates/configmap.yaml b/kubernetes/contrib/components/netbox/charts/netbox-postgres/templates/configmap.yaml similarity index 100% rename from kubernetes/contrib/charts/netbox/charts/netbox-postgres/templates/configmap.yaml rename to kubernetes/contrib/components/netbox/charts/netbox-postgres/templates/configmap.yaml diff --git a/kubernetes/contrib/charts/netbox/charts/netbox-postgres/templates/deployment.yaml b/kubernetes/contrib/components/netbox/charts/netbox-postgres/templates/deployment.yaml similarity index 100% rename from kubernetes/contrib/charts/netbox/charts/netbox-postgres/templates/deployment.yaml rename to kubernetes/contrib/components/netbox/charts/netbox-postgres/templates/deployment.yaml diff --git a/kubernetes/contrib/charts/netbox/charts/netbox-postgres/templates/pv.yaml b/kubernetes/contrib/components/netbox/charts/netbox-postgres/templates/pv.yaml similarity index 100% rename from kubernetes/contrib/charts/netbox/charts/netbox-postgres/templates/pv.yaml rename to kubernetes/contrib/components/netbox/charts/netbox-postgres/templates/pv.yaml diff --git a/kubernetes/contrib/charts/netbox/charts/netbox-postgres/templates/pvc.yaml b/kubernetes/contrib/components/netbox/charts/netbox-postgres/templates/pvc.yaml similarity index 100% rename from kubernetes/contrib/charts/netbox/charts/netbox-postgres/templates/pvc.yaml rename to kubernetes/contrib/components/netbox/charts/netbox-postgres/templates/pvc.yaml diff --git a/kubernetes/contrib/charts/netbox/charts/netbox-postgres/templates/service.yaml b/kubernetes/contrib/components/netbox/charts/netbox-postgres/templates/service.yaml similarity index 100% rename from kubernetes/contrib/charts/netbox/charts/netbox-postgres/templates/service.yaml rename to kubernetes/contrib/components/netbox/charts/netbox-postgres/templates/service.yaml diff --git a/kubernetes/contrib/charts/netbox/charts/netbox-postgres/values.yaml b/kubernetes/contrib/components/netbox/charts/netbox-postgres/values.yaml similarity index 100% rename from kubernetes/contrib/charts/netbox/charts/netbox-postgres/values.yaml rename to kubernetes/contrib/components/netbox/charts/netbox-postgres/values.yaml diff --git a/kubernetes/contrib/charts/netbox/requirements.yaml b/kubernetes/contrib/components/netbox/requirements.yaml similarity index 100% rename from kubernetes/contrib/charts/netbox/requirements.yaml rename to kubernetes/contrib/components/netbox/requirements.yaml diff --git a/kubernetes/contrib/charts/netbox/templates/ingress.yaml b/kubernetes/contrib/components/netbox/templates/ingress.yaml similarity index 100% rename from kubernetes/contrib/charts/netbox/templates/ingress.yaml rename to kubernetes/contrib/components/netbox/templates/ingress.yaml diff --git a/kubernetes/contrib/charts/netbox/values.yaml b/kubernetes/contrib/components/netbox/values.yaml similarity index 100% rename from kubernetes/contrib/charts/netbox/values.yaml rename to kubernetes/contrib/components/netbox/values.yaml diff --git a/kubernetes/contrib/requirements.yaml b/kubernetes/contrib/requirements.yaml index 6e0025e41c..b1739312a7 100644 --- a/kubernetes/contrib/requirements.yaml +++ b/kubernetes/contrib/requirements.yaml @@ -15,4 +15,16 @@ dependencies: - name: common version: ~6.x-0 - repository: '@local' \ No newline at end of file + repository: '@local' + - name: awx + version: ~6.x-0 + repository: 'file://components/awx' + condition: awx.enabled + - name: ejbca + version: ~6.x-0 + repository: 'file://components/ejbca' + condition: global.cmpv2Enabled + - name: netbox + version: ~6.x-0 + repository: 'file://components/netbox' + condition: netbox.enabled diff --git a/kubernetes/contrib/values.yaml b/kubernetes/contrib/values.yaml index e15806ff1c..8a44934d8f 100644 --- a/kubernetes/contrib/values.yaml +++ b/kubernetes/contrib/values.yaml @@ -12,7 +12,10 @@ # See the License for the specific language governing permissions and # limitations under the License. +global: + cmpv2Enabled: true + awx: enabled: true netbox: - enabled: true \ No newline at end of file + enabled: true diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml index 19b59722a2..a5bd69af02 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml @@ -109,7 +109,7 @@ mongo: # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.12.4 +image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.12.5 default_k8s_location: central # DCAE component images to be deployed via Cloudify Manager diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml index d5da039ad1..37f79a4a73 100644 --- a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml @@ -72,7 +72,7 @@ readiness: # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.0.2 +image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.0.3 # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/log/filebeat/filebeat.yml b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/log/filebeat/filebeat.yml index e0cb1dd21b..d2bba1124e 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/log/filebeat/filebeat.yml +++ b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/log/filebeat/filebeat.yml @@ -57,4 +57,4 @@ output.logstash: #ssl.key: $ssl.key #The passphrase used to decrypt an encrypted key stored in the configured key file - #ssl.key_passphrase: $ssl.key_passphrase \ No newline at end of file + #ssl.key_passphrase: $ssl.key_passphrase diff --git a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties index 3a95b5a221..784a35e25b 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties +++ b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties @@ -38,11 +38,11 @@ LogUploadURL=https://{{ .Values.global.dmaapDrProvName }}:{{ .Values.global.dmaa # The port number for http as seen within the server # #IntHttpPort: ${DRTR_NODE_INTHTTPPORT:-8080} -IntHttpPort={{.Values.config.dmaapDrNode.internalPort}} +IntHttpPort={{ include "common.getPort" (dict "global" . "name" "api" "getPlain" true) }} # # The port number for https as seen within the server # -IntHttpsPort={{.Values.config.dmaapDrNode.internalPort2}} +IntHttpsPort={{ include "common.getPort" (dict "global" . "name" "api") }} # # The external port number for https taking port mapping into account # @@ -59,7 +59,7 @@ MinRedirSaveInterval=10000 # # The path to the directory where log files are stored # -LogDir=/opt/app/datartr/logs +LogDir={{ .Values.persistence.event.path }} # # The retention interval (in days) for log files # @@ -67,7 +67,7 @@ LogRetention=30 # # The path to the directories where data and meta data files are stored # -SpoolDir=/opt/app/datartr/spool +SpoolDir={{ .Values.persistence.spool.path }} # # The path to the redirection data file # @@ -101,5 +101,4 @@ AAFAction = publish CadiEnabled = false # # AAF Props file path -AAFPropsFilePath = /opt/app/osaaf/local/org.onap.dmaap-dr.props - +AAFPropsFilePath = {{ .Values.aafConfig.credsPath }}/org.onap.dmaap-dr.props diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/NOTES.txt b/kubernetes/dmaap/components/dmaap-dr-node/templates/NOTES.txt index 65597e062f..62aeffbe80 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/templates/NOTES.txt +++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/NOTES.txt @@ -17,17 +17,17 @@ {{- range .Values.ingress.hosts }} http://{{ . }} {{- end }} -{{- else if contains "NodePort" .Values.config.dmaapDrNode.servicetype }} +{{- else if contains "NodePort" .Values.service.type }} export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.config.dmaapDrNode.servicetype }} +{{- else if contains "LoadBalancer" .Values.service.type }} NOTE: It may take a few minutes for the LoadBalancer IP to be available. You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') echo http://$SERVICE_IP:{{.Values.config.dmaapDrNode.externalPort}} -{{- else if contains "ClusterIP" .Values.config.dmaapDrNode.servicetype }} +{{- else if contains "ClusterIP" .Values.service.type }} export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{.Values.config.dmaapDrNode.internalPort}} -{{- end }} \ No newline at end of file + kubectl port-forward $POD_NAME 8080:{{ include "common.getPort" (dict "global" . "name" "api" "getPlain" true) }} +{{- end }} diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/post-install-job.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/post-install-job.yaml index e9ab9c96fe..d03d61690c 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/templates/post-install-job.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/post-install-job.yaml @@ -1,27 +1,9 @@ apiVersion: batch/v1 kind: Job -metadata: - name: {{ include "common.fullname" . }}-post-install - labels: - app.kubernetes.io/managed-by: {{.Release.Service | quote }} - app.kubernetes.io/instance: {{include "common.release" . | quote }} - helm.sh/chart: "{{.Chart.Name}}-{{.Chart.Version}}" - release: {{ include "common.release" . }} - annotations: - # This is what defines this resource as a hook. Without this line, the - # job is considered part of the release. - "helm.sh/hook": post-install - "helm.sh/hook-weight": "-2" - "helm.sh/hook-delete-policy": hook-succeeded +metadata: {{ include "common.resourceMetadata" (dict "dot" . "suffix" "post-install" "annotations" .Values.job.annotations) | nindent 2 }} spec: template: - metadata: - name: {{ include "common.fullname" . }} - labels: - app.kubernetes.io/managed-by: {{.Release.Service | quote }} - app.kubernetes.io/instance: {{include "common.release" . | quote }} - helm.sh/chart: "{{.Chart.Name}}-{{.Chart.Version}}" - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: restartPolicy: Never containers: @@ -50,15 +32,12 @@ spec: # NOTE: the basename of the subdirectory is important - it matches the DBCL API URI - name: {{ include "common.fullname" . }}-dbc-drnodes mountPath: /opt/app/config/dr_nodes/ - resources: -{{ include "common.resources" . | indent 10 }} + resources: {{ include "common.resources" . | nindent 10 }} {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }} {{- end -}} {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} + affinity: {{ toYaml .Values.affinity | nindent 8 }} {{- end }} volumes: - name: localtime diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-aaf.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-aaf.yaml deleted file mode 100644 index 4c30f58a6c..0000000000 --- a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-aaf.yaml +++ /dev/null @@ -1,54 +0,0 @@ -{{/* - # ============LICENSE_START======================================================= - # Copyright (C) 2019 Nordix Foundation. - # ================================================================================ - # Licensed under the Apache License, Version 2.0 (the "License"); - # you may not use this file except in compliance with the License. - # You may obtain a copy of the License at - # - # http://www.apache.org/licenses/LICENSE-2.0 - # - # Unless required by applicable law or agreed to in writing, software - # distributed under the License is distributed on an "AS IS" BASIS, - # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - # See the License for the specific language governing permissions and - # limitations under the License. - # - # SPDX-License-Identifier: Apache-2.0 - # ============LICENSE_END========================================================= -*/}} - - -{{- if .Values.global.aafEnabled }} -{{- $global := . }} -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} -{{- if (include "common.needPV" .) -}} -{{- range $i := until (int $global.Values.replicaCount)}} ---- -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" $global }}-aaf-props-{{ $i }} - namespace: {{ include "common.namespace" $global }} - labels: - app: {{ include "common.name" $global }} - chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}" - release: "{{ include "common.release" $global }}" - heritage: "{{ $global.Release.Service }}" - name: {{ include "common.fullname" $global }}-aaf-props -spec: - capacity: - storage: {{ $global.Values.persistence.aafCredsSize }} - accessModes: - - {{ $global.Values.persistence.accessMode }} - storageClassName: "{{ include "common.fullname" $global }}-data-aaf-props" - persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }} - hostPath: - path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.aafCredsMountSubPath }}-{{$i}} -{{if ne $i (int $global.Values.replicaCount) }} ---- -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-event.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-event.yaml index c7ecb07452..59b7b8c30e 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-event.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-event.yaml @@ -1,7 +1,7 @@ {{/* - # ============LICENSE_START======================================================= - # Copyright (C) 2019 Nordix Foundation. - # ================================================================================ + # ============LICENSE_START=================================================== + # Copyright (C) 2020 Nordix Foundation, Orange. + # ============================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -15,37 +15,7 @@ # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 - # ============LICENSE_END========================================================= + # ============LICENSE_END===================================================== */}} ---- -{{- $global := . }} -{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }} -{{- if (include "common.needPV" .) -}} -{{- range $i := until (int $global.Values.replicaCount)}} -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" $global }}-event-logs-{{ $i }} - namespace: {{ include "common.namespace" $global }} - labels: - app: {{ include "common.fullname" $global }} - chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}" - release: "{{ include "common.release" $global }}" - heritage: "{{ $global.Release.Service }}" - name: {{ include "common.fullname" $global }}-event-logs -spec: - capacity: - storage: {{ $global.Values.persistence.eventLogSize}} - accessModes: - - {{ $global.Values.persistence.accessMode }} - persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }} - storageClassName: "{{ include "common.fullname" $global }}-data-event-logs" - hostPath: - path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.eventLogsMountSubPath }}-{{$i}} -{{if ne $i (int $global.Values.replicaCount) }} ---- -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} +{{ include "common.replicaPV" (dict "dot" . "suffix" "event-logs" "persistenceInfos" .Values.persistence.event) }} diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-spool.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-spool.yaml index 094e92a4ad..8ada88319d 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-spool.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-spool.yaml @@ -1,7 +1,7 @@ {{/* - # ============LICENSE_START======================================================= - # Copyright (C) 2019 Nordix Foundation. - # ================================================================================ + # ============LICENSE_START=================================================== + # Copyright (C) 2020 Nordix Foundation, Orange. + # ============================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -15,36 +15,7 @@ # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 - # ============LICENSE_END========================================================= + # ============LICENSE_END===================================================== */}} -{{- $global := . }} -{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }} -{{- if (include "common.needPV" .) -}} -{{- range $i := until (int $global.Values.replicaCount)}} -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" $global }}-spool-data-{{$i}} - namespace: {{ include "common.namespace" $global }} - labels: - app: {{ include "common.fullname" $global }} - chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}" - release: "{{ include "common.release" $global }}" - heritage: "{{ $global.Release.Service }}" - name: {{ include "common.fullname" $global }}-spool-data -spec: - capacity: - storage: {{ $global.Values.persistence.spoolSize}} - accessModes: - - {{ $global.Values.persistence.accessMode }} - persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }} - storageClassName: "{{ include "common.fullname" $global }}-data" - hostPath: - path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.spoolMountSubPath }}-{{$i}} -{{if ne $i (int $global.Values.replicaCount) }} ---- -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} +{{ include "common.replicaPV" (dict "dot" . "suffix" "spool" "persistenceInfos" .Values.persistence.spool) }} diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/secret.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/secret.yaml new file mode 100644 index 0000000000..f8c32e0670 --- /dev/null +++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/service.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/service.yaml index 77aae1dd41..4ad43acf2a 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/templates/service.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/service.yaml @@ -12,40 +12,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: v1 -kind: Service -metadata: - name: {{.Values.config.dmaapDrNode.name}} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: - service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" -spec: - type: {{.Values.config.dmaapDrNode.servicetype}} - ports: - {{if eq .Values.config.dmaapDrNode.servicetype "NodePort" -}} - {{- if .Values.global.allow_http }} - - port: {{.Values.config.dmaapDrNode.externalPort}} - targetPort: {{.Values.config.dmaapDrNode.internalPort}} - nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{.Values.config.dmaapDrNode.nodePort}} - name: {{.Values.config.dmaapDrNode.name}} - {{- end}} - - port: {{.Values.config.dmaapDrNode.externalPort2}} - targetPort: {{.Values.config.dmaapDrNode.internalPort2}} - nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{.Values.config.dmaapDrNode.nodePort2}} - name: {{.Values.config.dmaapDrNode.name}}2 - {{- else -}} - - port: {{.Values.config.dmaapDrNode.externalPort}} - targetPort: {{.Values.config.dmaapDrNode.internalPort}} - name: {{.Values.config.dmaapDrNode.name}} - - port: {{.Values.config.dmaapDrNode.externalPort2}} - targetPort: {{.Values.config.dmaapDrNode.internalPort2}} - name: {{.Values.config.dmaapDrNode.name}}2 - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} \ No newline at end of file +{{ include "common.service" . }} diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml index 5ef7c2f242..6d797156d8 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml @@ -11,24 +11,15 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: apps/v1beta1 +apiVersion: apps/v1 kind: StatefulSet -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: + selector: {{- include "common.selectors" . | nindent 4 }} + serviceName: {{ include "common.servicename" . }} replicas: {{ .Values.replicaCount }} - serviceName: {{ .Values.config.dmaapDrNode.name }} template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: - name: {{ include "common.name" . }}-readiness @@ -45,94 +36,37 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - {{- if .Values.global.aafEnabled }} - - name: {{ include "common.name" . }}-aaf-readiness - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - /root/ready.py - args: - - --container-name - - aaf-locate - - --container-name - - aaf-cm - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: {{ include "common.name" . }}-dr-node-aaf-config - image: "{{ include "common.repository" . }}/{{ .Values.global.aafAgentImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: {{ .Values.persistence.aafCredsPath }} - name: {{ include "common.fullname" . }}-aaf-props - command: ["bash","-c","exec /opt/app/aaf_config/bin/agent.sh"] - env: - - name: APP_FQI - value: "{{ .Values.aafConfig.fqi }}" - - name: aaf_locate_url - value: "https://aaf-locate.{{ .Release.Namespace }}:8095" - - name: aaf_locator_container - value: "{{ .Values.global.aafLocatorContainer }}" - - name: aaf_locator_container_ns - value: "{{ .Release.Namespace }}" - - name: aaf_locator_fqdn - value: "{{ .Values.aafConfig.fqdn }}" - - name: aaf_locator_public_fqdn - value: "{{.Values.aafConfig.publicFqdn}}" - - name: aaf_locator_app_ns - value: "{{ .Values.global.aafAppNs }}" - - name: DEPLOY_FQI - value: "{{ .Values.aafConfig.aafDeployFqi }}" - - name: DEPLOY_PASSWORD - value: "{{ .Values.aafConfig.aafDeployPass }}" - - name: cadi_longitude - value: "{{ .Values.aafConfig.cadiLongitude }}" - - name: cadi_latitude - value: "{{ .Values.aafConfig.cadiLatitude }}" - {{- end }} + {{- if .Values.global.aafEnabled }}{{ include "common.aaf-config" . | nindent 8 }}{{ end }} - name: {{ include "common.name" . }}-permission-fixer image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: {{ .Values.persistence.spoolPath }} - name: {{ include "common.fullname" . }}-data - - mountPath: {{ .Values.persistence.eventLogsPath }} + volumeMounts: {{- if .Values.global.aafEnabled }}{{ include "common.aaf-config-volume-mountpath" . | nindent 10 }}{{ end }} + - mountPath: {{ .Values.persistence.spool.path }} + name: {{ include "common.fullname" . }}-spool + - mountPath: {{ .Values.persistence.event.path }} name: {{ include "common.fullname" . }}-event-logs - {{- if .Values.global.aafEnabled }} - - mountPath: {{ .Values.persistence.aafCredsPath }} - name: {{ include "common.fullname" . }}-aaf-props - {{- end }} command: ["chown","-Rf","1000:1001", "/opt/app/"] containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{.Values.config.dmaapDrNode.externalPort}} - - containerPort: {{.Values.config.dmaapDrNode.externalPort2}} + ports: {{ include "common.containerPorts" . | nindent 12 }} {{- if eq .Values.liveness.enabled true }} livenessProbe: tcpSocket: - port: {{.Values.config.dmaapDrNode.internalPort}} + port: {{.Values.liveness.port}} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} {{ end -}} readinessProbe: tcpSocket: - port: {{.Values.config.dmaapDrNode.internalPort}} + port: {{.Values.readiness.port}} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} - volumeMounts: - {{- if .Values.global.aafEnabled }} - - mountPath: {{ .Values.persistence.aafCredsPath }} - name: {{ include "common.fullname" . }}-aaf-props - {{- end }} - - mountPath: {{ .Values.persistence.spoolPath }} - name: {{ include "common.fullname" . }}-data - - mountPath: {{ .Values.persistence.eventLogsPath }} + volumeMounts: {{- if .Values.global.aafEnabled }}{{ include "common.aaf-config-volume-mountpath" . | nindent 10 }}{{ end }} + - mountPath: {{ .Values.persistence.spool.path }} + name: {{ include "common.fullname" . }}-spool + - mountPath: {{ .Values.persistence.event.path }} name: {{ include "common.fullname" . }}-event-logs - mountPath: /etc/localtime name: localtime @@ -145,15 +79,12 @@ spec: subPath: logback.xml - mountPath: {{ .Values.global.loggingDirectory }} name: {{ include "common.fullname" . }}-logs - resources: -{{ include "common.resources" . }} + resources: {{ include "common.resources" . | nindent 12 }} {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }} {{- end -}} {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} + affinity: {{ toYaml .Values.affinity | nindent 10 }} {{- end -}} # Filebeat sidecar container - name: {{ include "common.name" . }}-filebeat-onap @@ -169,7 +100,7 @@ spec: mountPath: /var/log/onap/datarouter-node imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" - volumes: + volumes: {{ include "common.aaf-config-volumes" . | nindent 8 }} - name: localtime hostPath: path: /etc/localtime @@ -192,56 +123,11 @@ spec: {{- if not .Values.persistence.enabled }} - name: {{ include "common.fullname" . }}-event-logs emptyDir: {} - - name: {{ include "common.fullname" . }}-data - emptyDir: {} - {{- if .Values.global.aafEnabled }} - - name: {{ include "common.fullname" . }}-aaf-props + - name: {{ include "common.fullname" . }}-spool emptyDir: {} {{- end }} - {{- end }} {{- if .Values.persistence.enabled }} volumeClaimTemplates: - - metadata: - name: {{ include "common.fullname" . }}-data - labels: - name: {{ include "common.fullname" . }} - spec: - accessModes: - - {{ .Values.persistence.accessMode }} - storageClassName: {{ include "common.storageClass" . }} - resources: - requests: - storage: {{ .Values.persistence.spoolSize }} - - metadata: - name: {{ include "common.fullname" . }}-event-logs - labels: - name: {{ include "common.fullname" . }} - spec: - accessModes: - - {{ .Values.persistence.accessMode }} - {{- if eq "True" (include "common.needPV" .) }} - storageClassName: "{{ include "common.fullname" . }}-data-event-logs" - {{- else }} - storageClassName: {{ include "common.storageClass" . }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.eventLogSize }} -{{- if .Values.global.aafEnabled }} - - metadata: - name: {{ include "common.fullname" . }}-aaf-props - labels: - name: {{ include "common.fullname" . }} - spec: - accessModes: - - {{ .Values.persistence.accessMode }} - {{- if eq "True" (include "common.needPV" .) }} - storageClassName: "{{ include "common.fullname" . }}-data-aaf-props" - {{- else }} - storageClassName: {{ include "common.storageClass" . }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.aafCredsSize }} -{{- end }} + - {{ include "common.PVCTemplate" (dict "dot" . "suffix" "spool" "persistenceInfos" .Values.persistence.spool) | indent 4 | trim }} + - {{ include "common.PVCTemplate" (dict "dot" . "suffix" "event-logs" "persistenceInfos" .Values.persistence.event) | indent 4 | trim }} {{- end }} diff --git a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml index 9ed8a0b8e8..5c32d9950d 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml @@ -18,6 +18,7 @@ global: loggingDirectory: /var/log/onap/datarouter persistence: {} + aafEnabled: true ################################################################# # Application configuration defaults. @@ -45,40 +46,70 @@ liveness: # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: true + port: api readiness: initialDelaySeconds: 30 periodSeconds: 10 + port: api ## Persist data to a persitent volume persistence: enabled: true - volumeReclaimPolicy: Retain - accessMode: ReadWriteOnce mountPath: /dockerdata-nfs + spool: + enabled: true + volumeReclaimPolicy: Retain + accessMode: ReadWriteOnce + mountSubPath: data-router/dr-node/spool-data + size: 2Gi + path: /opt/app/datartr/spool + labels: + app.kubernetes.io/component: spool + + event: + enabled: true + volumeReclaimPolicy: Retain + accessMode: ReadWriteOnce + mountSubPath: data-router/dr-node/event-logs + path: /opt/app/datartr/logs + size: 2Gi + labels: + app.kubernetes.io/component: event-logs + +job: + annotations: + "helm.sh/hook": post-install + "helm.sh/hook-weight": "-2" + "helm.sh/hook-delete-policy": hook-succeeded - spoolMountSubPath: data-router/dr-node/spool-data - spoolSize: 2Gi - spoolPath: /opt/app/datartr/spool - - eventLogsMountSubPath: data-router/dr-node/event-logs - eventLogSize: 2Gi - eventLogsPath: /opt/app/datartr/logs - - aafCredsMountSubPath: data-router/dr-node/aaf-props - aafCredsSize: 10M - aafCredsPath: /opt/app/osaaf/local - -#AAF local config +################################################################# +# AAF part +################################################################# aafConfig: aafDeployFqi: deployer@people.osaaf.org aafDeployPass: demo123456! fqdn: dmaap-dr-node fqi: dmaap-dr-node@dmaap-dr.onap.org - publicFqdn: dmaap-dr.onap.org - cadiLatitude: 0.0 - cadiLongitude: 0.0 + public_fqdn: dmaap-dr.onap.org + cadi_longitude: 0.0 + cadi_latitude: 0.0 + app_ns: org.osaaf.aaf + permission_user: 1000 + permission_group: 1001 + secret_uid: &aaf_secret_uid dmaap-dr-node-aaf-deploy-creds + credsPath: /opt/app/osaaf/local +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: *aaf_secret_uid + type: basicAuth + externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDisabled" .Values.global.aafEnabled }}' + login: '{{ .Values.aafConfig.aafDeployFqi }}' + password: '{{ .Values.aafConfig.aafDeployPass }}' + passwordPolicy: required ingress: enabled: false @@ -109,19 +140,22 @@ resources: memory: 2Gi unlimited: {} +service: + type: NodePort + name: dmaap-dr-node + useNodePortExt: true + annotations: + service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" + ports: + - name: api + port: 8443 + plain_port: 8080 + port_protocol: http + nodePort: 94 + config: # dr node server configuration dmaapDrNode: - servicetype: NodePort - name: dmaap-dr-node - externalPort: 8080 - externalPort2: 8443 - internalPort: 8080 - internalPort2: 8443 - portName: dr-node-port - portName2: dr-node-port2 - nodePort: 93 - nodePort2: 94 # dr uses the EELF Logging framework https://github.com/att/EELF # and supports the following log levels: TRACE, DEBUG, INFO, WARN, ERROR, OFF logLevel: "INFO" diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml index 4ba11ec8c7..0163fbd5d4 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml @@ -82,6 +82,7 @@ spec: - sh - -exec - | + rm -rf '/var/lib/kafka/data/lost+found'; chown -R 1000:0 /var/lib/kafka/data; image: "{{ .Values.busyBoxRepository }}/{{ .Values.busyBoxImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml b/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml index 00c2661391..f294abf14e 100644 --- a/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml +++ b/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml @@ -73,6 +73,10 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: + - name: MSB_PROTO + value: "{{ .Values.global.config.msbProtocol }}" + - name: SSL_ENABLED + value: "{{ .Values.global.config.ssl_enabled }}" - name: MSB_ADDR value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: MYSQL_ADDR diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/templates/service.yaml b/kubernetes/modeling/charts/modeling-etsicatalog/templates/service.yaml index c4aad67beb..61aefa570c 100644 --- a/kubernetes/modeling/charts/modeling-etsicatalog/templates/service.yaml +++ b/kubernetes/modeling/charts/modeling-etsicatalog/templates/service.yaml @@ -30,14 +30,16 @@ metadata: "url": "/api/parser/v1", "protocol": "REST", "port": "{{.Values.service.externalPort}}", + "enable_ssl": {{ .Values.global.config.ssl_enabled }}, "visualRange":"1" }, { - "serviceName": "etsicatalog", + "serviceName": "catalog", "version": "v1", "url": "/api/catalog/v1", "protocol": "REST", "port": "{{.Values.service.externalPort}}", + "enable_ssl": {{ .Values.global.config.ssl_enabled }}, "visualRange":"1" }, { @@ -46,6 +48,7 @@ metadata: "url": "/api/nsd/v1", "protocol": "REST", "port": "{{.Values.service.externalPort}}", + "enable_ssl": {{ .Values.global.config.ssl_enabled }}, "visualRange":"1" }, { @@ -54,6 +57,7 @@ metadata: "url": "/api/vnfpkgm/v1", "protocol": "REST", "port": "{{.Values.service.externalPort}}", + "enable_ssl": {{ .Values.global.config.ssl_enabled }}, "visualRange":"1" } ]' diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml b/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml index af0d4730ac..a278a47e4a 100644 --- a/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml +++ b/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml @@ -23,6 +23,8 @@ global: loggingImage: beats/filebeat:5.5.0 config: + ssl_enabled: false + msbProtocol: https msbServiceName: msb-iag msbPort: 443 diff --git a/kubernetes/nbi/templates/deployment.yaml b/kubernetes/nbi/templates/deployment.yaml index 3283239100..1b4195c733 100644 --- a/kubernetes/nbi/templates/deployment.yaml +++ b/kubernetes/nbi/templates/deployment.yaml @@ -57,10 +57,7 @@ spec: -Dserver.ssl.key-store-password=$cadi_keystore_password_p12 \ -Djavax.net.ssl.trustStoreType=jks\ -Djava.security.egd=file:/dev/./urandom -Dserver.port=8443" - {{- if eq "DEBUG" .Values.config.loglevel }} - export JAVA_DEBUG="-Djavax.net.debug=all" - {{- end }} - exec java -XX:+UseContainerSupport $JAVA_DEBUG $JAVA_OPTS -jar /opt/onap/app.jar + exec java -XX:+UseContainerSupport $JAVA_OPTS -jar /opt/onap/app.jar {{- end }} {{ if .Values.liveness.enabled }} livenessProbe: @@ -116,7 +113,7 @@ spec: value: {{ .Values.so_authorization }} {{- end }} - name: DMAAP_HOST - value: "http://message-router.{{ include "common.namespace" . }}:3904" + value: "https://message-router.{{ include "common.namespace" . }}:3905" - name: LOGGING_LEVEL_ORG_ONAP_NBI value: {{ .Values.config.loglevel }} - name: MSB_ENABLED diff --git a/kubernetes/nbi/values.yaml b/kubernetes/nbi/values.yaml index ceab7fad2a..f6a0af596b 100644 --- a/kubernetes/nbi/values.yaml +++ b/kubernetes/nbi/values.yaml @@ -75,7 +75,7 @@ subChartsOnly: # application image repository: nexus3.onap.org:10001 -image: onap/externalapi/nbi:6.0.1 +image: onap/externalapi/nbi:6.0.3 pullPolicy: IfNotPresent sdc_authorization: Basic YWFpOktwOGJKNFNYc3pNMFdYbGhhazNlSGxjc2UyZ0F3ODR2YW9HR21KdlV5MlU= aai_authorization: Basic QUFJOkFBSQ== diff --git a/kubernetes/onap/requirements.yaml b/kubernetes/onap/requirements.yaml index d053162458..9385adea9a 100755 --- a/kubernetes/onap/requirements.yaml +++ b/kubernetes/onap/requirements.yaml @@ -55,7 +55,7 @@ dependencies: - name: contrib version: ~6.x-0 repository: '@local' - condition: contrib.enabled + condition: global.addTestingComponents - name: dcaegen2 version: ~6.x-0 repository: '@local' diff --git a/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml b/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml index 545359efea..5b59c65db7 100644 --- a/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml +++ b/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml @@ -114,7 +114,7 @@ msb: multicloud: enabled: false nbi: - enabled: false + enabled: true config: # openstack configuration openStackRegion: "Yolo" @@ -126,7 +126,7 @@ pomba: portal: enabled: true robot: - enabled: false + enabled: true config: # openStackEncryptedPasswordHere should match the encrypted string used in SO and APPC and overridden per environment openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e" diff --git a/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml b/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml index 291a0321f7..997bca9f4d 100644 --- a/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml +++ b/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml @@ -42,10 +42,6 @@ dmaap: enabled: true esr: enabled: true -log: - enabled: true -sniro-emulator: - enabled: true oof: enabled: true msb: @@ -56,8 +52,6 @@ nbi: enabled: true policy: enabled: true -pomba: - enabled: true portal: enabled: true robot: diff --git a/kubernetes/onap/resources/overrides/onap-all.yaml b/kubernetes/onap/resources/overrides/onap-all.yaml index d302298b1a..86f898d18c 100644 --- a/kubernetes/onap/resources/overrides/onap-all.yaml +++ b/kubernetes/onap/resources/overrides/onap-all.yaml @@ -15,11 +15,13 @@ ################################################################### # This override file enables helm charts for all ONAP applications. ################################################################### +global: + addTestingComponents: &testing true + centralizedLoggingEnabled: ¢ralizedLogging false cassandra: enabled: true mariadb-galera: enabled: true - aaf: enabled: true aai: @@ -32,9 +34,12 @@ clamp: enabled: true cli: enabled: true -consul: - enabled: true +# Today, "contrib" chart that hosting these components must also be enabled +# in order to make it work. So `contrib.enabled` must have the same value than +# addTestingComponents contrib: + enabled: *testing +consul: enabled: true dcaegen2: enabled: true @@ -44,10 +49,6 @@ dmaap: enabled: true esr: enabled: true -log: - enabled: true -sniro-emulator: - enabled: true oof: enabled: true msb: @@ -58,8 +59,6 @@ nbi: enabled: true policy: enabled: true -pomba: - enabled: true portal: enabled: true robot: diff --git a/kubernetes/onap/resources/overrides/sm-onap.yaml b/kubernetes/onap/resources/overrides/sm-onap.yaml new file mode 100644 index 0000000000..796643171b --- /dev/null +++ b/kubernetes/onap/resources/overrides/sm-onap.yaml @@ -0,0 +1,139 @@ +# Copyright 2020 Samsung Electronics Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +# This override file is used to deploy a core configuration. It is based on +# minimal-onap.yaml and Orange accomplishments [1][2][3]. +# It includes the following components: +# AAI, DMAAP, SDC, SDNC, SO (+ Cassandra) +# +# Minimal resources are also reviewed for the various containers +# AAI: no override => to be fixed +# DMAAP: no override # SO: no override +# SDC: new values +# SDNC: no override +# +# Replicas are set to: +# AAI Cassandra: 1 +# Cassandra: 3 (to allow reaching quorum) +# +# In addition, some parameters are set to limit the memory footprint. +# +# It overrides the default ONAP parent chart behaviour to deploy +# all of ONAP. +# +# helm deploy core local/onap --namespace onap -f core-onap.yaml +# +# [1] https://gitlab.com/Orange-OpenSource/lfn/onap/onap_oom_automatic_installation +# [2] https://wiki.lfnetworking.org/display/LN/Call%20for%20ONAP%20DDF%20Topics%20-%20Prague%202020#CallforONAPDDFTopics-Prague2020-OOM-IntroductionofServicemesh +# [3] https://wiki.lfnetworking.org/download/attachments/25364127/OOM%20Service%20Mesh%20Prague.pptx + +####################### +# Core ONAP deployment +####################### +global: + aafEnabled: false +aai: + enabled: true + global: + cassandra: + replicas: 1 + aai-cassandra: + replicaCount: 1 +aaf: + enabled: false +appc: + enabled: false +cassandra: + enabled: true + replicaCount: 3 +clamp: + enabled: false +cli: + enabled: false +consul: + enabled: false +contrib: + enabled: false +dcaegen2: + enabled: false +dmaap: + enabled: true +esr: + enabled: false +log: + enabled: false +mariadb-galera: + enabled: true +msb: + enabled: false +multicloud: + enabled: false +nbi: + enabled: false +oof: + enabled: false +policy: + enabled: false +pomba: + enabled: false +portal: + enabled: false +robot: + enabled: false +sdc: + enabled: true + sdc-be: + config: + javaOptions: "-Xdebug -agentlib:jdwp=transport=dt_socket,address=4000,server=y,suspend=n -Xmx512m -Xms256m" + sdc-fe: + resources: + small: + limits: + cpu: 1 + memory: 2Gi + requests: + cpu: 10m + memory: 500Mi + sdc-cs: + config: + maxHeapSize: "512M" + heapNewSize: "256M" +sdnc: + enabled: true +sniro-emulator: + enabled: false +so: + enabled: true + config: + # openstack configuration + openStackUserName: "$OPENSTACK_USER_NAME" + openStackRegion: "$OPENSTACK_REGION" + openStackKeyStoneUrl: "$OPENSTACK_KEYSTONE_URL" + openStackServiceTenantName: "$OPENSTACK_TENANT_NAME" + openStackEncryptedPasswordHere: "$OPENSTACK_ENCRYPTED_PASSWORD" +uui: + enabled: false +vid: + enabled: false +vfc: + enabled: false +vnfsdk: + enabled: false +cds: + enabled: true +dmaap: + enabled: true + dmaap-bc: + enabled: false diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index abbbdcd757..5839addf6a 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -24,6 +24,19 @@ global: nodePortPrefix: 302 nodePortPrefixExt: 304 + + # Install test components + # test components are out of the scope of ONAP but allow to have a entire + # environment to test the different features of ONAP + # Current tests environments provided: + # - netbox (needed for CDS IPAM) + # - AWX (needed for XXX) + # - EJBCA Server (needed for CMPv2 tests) + # Today, "contrib" chart that hosting these components must also be enabled + # in order to make it work. So `contrib.enabled` must have the same value than + # addTestingComponents + addTestingComponents: &testing false + # ONAP Repository # Uncomment the following to enable the use of a single docker # repository but ONLY if your repository mirrors all ONAP @@ -36,12 +49,17 @@ global: # readiness check - temporary repo until images migrated to nexus3 readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 # logging agent - temporary repo until images migrated to nexus3 loggingRepository: docker.elastic.co # image pull policy pullPolicy: Always + # default clusterName + # {{ template "common.fullname" . }}.{{ template "common.namespace" . }}.svc.{{ .Values.global.clusterName }} + clusterName: cluster.local + # default mount path root directory referenced # by persistent volumes and log files persistence: @@ -76,12 +94,20 @@ global: aafEnabled: true aafAgentImage: onap/aaf/aaf_agent:2.1.20 + # Enabling CMPv2 + cmpv2Enabled: true + # TLS # Set to false if you want to disable TLS for NodePorts. Be aware that this # will loosen your security. # if set this element will force or not tls even if serviceMesh.tls is set. # tlsEnabled: false + # Logging + # Currently, centralized logging is not in best shape so it's disabled by + # default + centralizedLoggingEnabled: ¢ralizedLogging false + # Example of specific for the components where you want to disable TLS only for # it: @@ -144,8 +170,11 @@ cli: enabled: false consul: enabled: false +# Today, "contrib" chart that hosting these components must also be enabled +# in order to make it work. So `contrib.enabled` must have the same value than +# addTestingComponents contrib: - enabled: false + enabled: *testing dcaegen2: enabled: false dcaemod: @@ -156,8 +185,11 @@ dmaap: enabled: false esr: enabled: false +# Today, "logging" chart that perform the central part of logging must also be +# enabled in order to make it work. So `logging.enabled` must have the same +# value than centralizedLoggingEnabled log: - enabled: false + enabled: *centralizedLogging sniro-emulator: enabled: false oof: diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-api/templates/deployment.yaml b/kubernetes/oof/charts/oof-has/charts/oof-has-api/templates/deployment.yaml index 782160b67b..56cdf5cb58 100755 --- a/kubernetes/oof/charts/oof-has/charts/oof-has-api/templates/deployment.yaml +++ b/kubernetes/oof/charts/oof-has/charts/oof-has-api/templates/deployment.yaml @@ -32,7 +32,8 @@ spec: release: {{ include "common.release" . }} spec: initContainers: - - command: + - name: {{ include "common.name" . }}-readiness + command: - /root/ready.py args: - --container-name @@ -47,8 +48,9 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness - - command: + + - name: {{ include "common.name" . }}-onboard-readiness + command: - /root/job_complete.py args: - -j @@ -61,8 +63,9 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-onboard-readiness - - command: + + - name: {{ include "common.name" . }}-has-sms-readiness + command: - sh - -c - resp="FAILURE"; @@ -79,13 +82,13 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-has-sms-readiness + containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["/bin/bash","-c"] - args: ["nginx && /usr/local/bin/uwsgi -s /run/conductor/uwsgi.sock --chmod-socket=777 --wsgi-file /etc/nginx/conductor.wsgi --callable application --set port=80 --die-on-term --exit-on-reload --logto /opt/conductor-uwsgi.log --pidfile /run/conductor/conductor-uwsgi.pid --enable-threads --workers 6 --master --vacuum --single-interpreter --socket-timeout 10 --max-worker-lifetime 300 --max-requests 100 --no-defer-accept --logfile-chown --logfile-chmod 664 --protocol=uwsgi --socket 0.0.0.0:80"] + args: ["nginx && /usr/local/bin/uwsgi -s /run/conductor/uwsgi.sock --chmod-socket=777 --wsgi-file /etc/nginx/conductor.wsgi --callable application --set port=8080 --die-on-term --exit-on-reload --logto /var/log/conductor/conductor-uwsgi.log --pidfile /run/conductor/conductor-uwsgi.pid --enable-threads --workers 6 --master --vacuum --single-interpreter --socket-timeout 10 --max-worker-lifetime 300 --max-requests 100 --no-defer-accept --logfile-chown --logfile-chmod 664 --protocol=uwsgi --socket 0.0.0.0:8080"] ports: - containerPort: {{ .Values.liveness.periodSeconds }} # disable liveness probe when breakpoints set in debugger @@ -111,7 +114,7 @@ spec: name: {{ .Values.global.commonConfigPrefix }}-config subPath: nginx.conf - mountPath: /usr/local/etc/conductor/conductor.conf - name: {{ .Values.global.commonConfigPrefix }}-config + name: {{ .Values.global.commonConfigPrefix }}-config subPath: conductor.conf - mountPath: /usr/local/bin/log.conf name: {{ .Values.global.commonConfigPrefix }}-config diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-controller/templates/deployment.yaml b/kubernetes/oof/charts/oof-has/charts/oof-has-controller/templates/deployment.yaml index 1204502cd3..f3e1d1fb2f 100755 --- a/kubernetes/oof/charts/oof-has/charts/oof-has-controller/templates/deployment.yaml +++ b/kubernetes/oof/charts/oof-has/charts/oof-has-controller/templates/deployment.yaml @@ -32,7 +32,8 @@ spec: release: {{ include "common.release" . }} spec: initContainers: - - command: + - name: {{ include "common.name" . }}-readiness + command: - /root/ready.py args: - --container-name @@ -47,8 +48,9 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness - - command: + + - name: {{ include "common.name" . }}-onboard-readiness + command: - /root/job_complete.py args: - -j @@ -61,8 +63,9 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-onboard-readiness - - command: + + - name: {{ include "common.name" . }}-cont-sms-readiness + command: - sh - -c - resp="FAILURE"; @@ -79,7 +82,6 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-cont-sms-readiness containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}" diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-data/templates/deployment.yaml b/kubernetes/oof/charts/oof-has/charts/oof-has-data/templates/deployment.yaml index 4765223985..f144424f9f 100755 --- a/kubernetes/oof/charts/oof-has/charts/oof-has-data/templates/deployment.yaml +++ b/kubernetes/oof/charts/oof-has/charts/oof-has-data/templates/deployment.yaml @@ -32,7 +32,8 @@ spec: release: {{ include "common.release" . }} spec: initContainers: - - command: + - name: {{ include "common.name" . }}-readiness + command: - /root/ready.py args: - --container-name @@ -45,8 +46,9 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness - - command: + + - name: {{ include "common.name" . }}-onboard-readiness + command: - /root/job_complete.py args: - -j @@ -59,8 +61,9 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-onboard-readiness - - command: + + - name: {{ include "common.name" . }}-health-readiness + command: - /root/job_complete.py args: - -j @@ -73,8 +76,9 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-health-readiness - - command: + + - name: {{ include "common.name" . }}-data-sms-readiness + command: - sh - -c - resp="FAILURE"; @@ -91,7 +95,7 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-data-sms-readiness + containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}" diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-reservation/templates/deployment.yaml b/kubernetes/oof/charts/oof-has/charts/oof-has-reservation/templates/deployment.yaml index 68ed4723ac..0c9e8c33e8 100755 --- a/kubernetes/oof/charts/oof-has/charts/oof-has-reservation/templates/deployment.yaml +++ b/kubernetes/oof/charts/oof-has/charts/oof-has-reservation/templates/deployment.yaml @@ -32,7 +32,8 @@ spec: release: {{ include "common.release" . }} spec: initContainers: - - command: + - name: {{ include "common.name" . }}-readiness + command: - /root/ready.py args: - --container-name @@ -45,8 +46,9 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness - - command: + + - name: {{ include "common.name" . }}-onboard-readiness + command: - /root/job_complete.py args: - -j @@ -59,8 +61,9 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-onboard-readiness - - command: + + - name: {{ include "common.name" . }}-health-readiness + command: - /root/job_complete.py args: - -j @@ -73,8 +76,9 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-health-readiness - - command: + + - name: {{ include "common.name" . }}-resrv-sms-readiness + command: - sh - -c - resp="FAILURE"; @@ -91,7 +95,7 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-resrv-sms-readiness + containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}" @@ -162,5 +166,6 @@ spec: path: healthy.sh - key: AAF_RootCA.cer path: AAF_RootCA.cer + imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-solver/templates/deployment.yaml b/kubernetes/oof/charts/oof-has/charts/oof-has-solver/templates/deployment.yaml index a412484a4d..881d6fa9f7 100755 --- a/kubernetes/oof/charts/oof-has/charts/oof-has-solver/templates/deployment.yaml +++ b/kubernetes/oof/charts/oof-has/charts/oof-has-solver/templates/deployment.yaml @@ -32,7 +32,8 @@ spec: release: {{ include "common.release" . }} spec: initContainers: - - command: + - name: {{ include "common.name" . }}-readiness + command: - /root/ready.py args: - --container-name @@ -45,8 +46,9 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness - - command: + + - name: {{ include "common.name" . }}-onboard-readiness + command: - /root/job_complete.py args: - -j @@ -59,8 +61,9 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-onboard-readiness - - command: + + - name: {{ include "common.name" . }}-health-readiness + command: - /root/job_complete.py args: - -j @@ -73,8 +76,9 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-health-readiness - - command: + + - name: {{ include "common.name" . }}-solvr-sms-readiness + command: - sh - -c - resp="FAILURE"; @@ -91,7 +95,7 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-solvr-sms-readiness + containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}" diff --git a/kubernetes/oof/charts/oof-has/resources/config/conductor.conf b/kubernetes/oof/charts/oof-has/resources/config/conductor.conf index fd87adc4b4..c3d9307836 100755 --- a/kubernetes/oof/charts/oof-has/resources/config/conductor.conf +++ b/kubernetes/oof/charts/oof-has/resources/config/conductor.conf @@ -147,6 +147,8 @@ log_config_append = /usr/local/bin/log.conf # Enables or disables fatal status of deprecations. (boolean value) #fatal_deprecations = false +[auth] +appkey = "" [aaf_api] diff --git a/kubernetes/oof/charts/oof-has/resources/config/log.conf b/kubernetes/oof/charts/oof-has/resources/config/log.conf index 0fb963e674..c476d0b6c8 100755 --- a/kubernetes/oof/charts/oof-has/resources/config/log.conf +++ b/kubernetes/oof/charts/oof-has/resources/config/log.conf @@ -33,31 +33,31 @@ args=(sys.stdout,) class=handlers.TimedRotatingFileHandler level=NOTSET formatter=generic -args=('application.log','midnight', 1, 10) +args=('/var/log/conductor/application.log','midnight', 1, 10) [handler_audithand] class=handlers.TimedRotatingFileHandler level=INFO formatter=audit -args=('audit.log', 'midnight', 1, 10) +args=('/var/log/conductor/audit.log', 'midnight', 1, 10) [handler_metrichand] class=handlers.TimedRotatingFileHandler level=INFO formatter=metric -args=('metric.log','midnight', 1, 10) +args=('/var/log/conductor/metric.log','midnight', 1, 10) [handler_errhand] class=handlers.TimedRotatingFileHandler level=ERROR formatter=error -args=('error.log','midnight', 1, 10) +args=('/var/log/conductor/error.log','midnight', 1, 10) [handler_debughand] class=handlers.TimedRotatingFileHandler level=DEBUG formatter=generic -args=('debug.log','midnight', 1, 10) +args=('/var/log/conductor/debug.log','midnight', 1, 10) [formatters] keys=generic,audit,metric,error diff --git a/kubernetes/oof/charts/oof-has/resources/config/nginx.conf b/kubernetes/oof/charts/oof-has/resources/config/nginx.conf index 3db6a21c3a..f2172b2793 100644 --- a/kubernetes/oof/charts/oof-has/resources/config/nginx.conf +++ b/kubernetes/oof/charts/oof-has/resources/config/nginx.conf @@ -6,7 +6,7 @@ events { http { # ... upstream conductor_uwsgi { - server 127.0.0.1:80; + server 127.0.0.1:8080; } server { diff --git a/kubernetes/oof/charts/oof-has/resources/config/org.onap.oof.crt b/kubernetes/oof/charts/oof-has/resources/config/org.onap.oof.crt index 5d16e934f6..68f474b44f 100644 --- a/kubernetes/oof/charts/oof-has/resources/config/org.onap.oof.crt +++ b/kubernetes/oof/charts/oof-has/resources/config/org.onap.oof.crt @@ -1,29 +1,32 @@ -----BEGIN CERTIFICATE----- -MIIEqjCCA5KgAwIBAgIIfDQFJU4qiGcwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE +MIIFEDCCA/igAwIBAgIILW/fiLbps5cwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE BhMCVVMxDTALBgNVBAoMBE9OQVAxDjAMBgNVBAsMBU9TQUFGMRkwFwYDVQQDDBBp -bnRlcm1lZGlhdGVDQV85MB4XDTE5MDUyMzAwMDAwOVoXDTIwMDUyMzAwMDAwOVow -fjEkMCIGA1UEAwwbb29mLmFwaS5zaW1wbGVkZW1vLm9uYXAub3JnMQ8wDQYJKoZI -hvcNAQkBFgAxGTAXBgNVBAsMEG9vZkBvb2Yub25hcC5vcmcxDjAMBgNVBAsMBU9T -QUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBANO9I1+i1syEv9DEX1lt9ioEYYRD5zvWqEktv6lc0sbs -lljrNuGD1zuRIU3VCY1G0sdOa/lPuwUdoX5Z4YJtBmKqrQ0E3RWtAt1IVMTrVExS -dnobP+MkSckI6T0/aeBL+lgZLV1O6z5gSqPi2xklXwgagA6zpLGuIPl7mM+Pm9cD -YLX0lRSaVhTJxMeCvwxYIuUvP0SyDZe1ofIhp7x8xa9dDvJor0VldRxi8DbSneHf -P8+JYAvIqsyudH31u4BlT0bv15kKDIQNaLmQtGeCYPoNJNbeod1itD5MR7k4g1oh -PzgWKYM81n10+6yLR3g0NYDpke9VoJBWeoTL3oiA3AkCAwEAAaOCAWEwggFdMAkG -A1UdEwQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMB -BggrBgEFBQcDAjBUBgNVHSMETTBLgBSB95lbELnIjN7zUl7qTmmgQz6s3aEwpC4w -LDEOMAwGA1UECwwFT1NBQUYxDTALBgNVBAoMBE9OQVAxCzAJBgNVBAYTAlVTggEH -MB0GA1UdDgQWBBSknkh8g81RnBHm70u/Wk2gFNTlkDCBqAYDVR0RBIGgMIGdghtv -b2YuYXBpLnNpbXBsZWRlbW8ub25hcC5vcmeCCWNtc28tb25hcIIcY21zby5hcGku -c2ltcGxlZGVtby5vbmFwLm9yZ4IJY21zby5vbmFwggtvb2YtaGFzLWFwaYIQb29m -LWhhcy1hcGkub25hcIIIb29mLW9uYXCCCG9vZi1vc2Rmgg1vb2Ytb3NkZi5vbmFw -gghvb2Yub25hcDANBgkqhkiG9w0BAQsFAAOCAQEABBBLE4thQulELuL4uyfRadNz -wycXjwXaxh9bj3e4QSIHwsRx/JZliYcNC1YKA066+230zdApzfDlFIRteJrYJkvh -0O0l/7hpVQbl0/5rlzAipm9r14M1CF2VJ//L721CgnQDrMqT1iewiUvIdyoqGy/Z -0a6/mWgwACpTJQQ7e/KBWNOVQUe1H39Bv1gNLM6iMl8kflMCyTDx5pJYocpvXzi+ -KF9u9YCCgOI8j1yvxLP4r7M0hCh2GpPzlbsSt0K0yD0d+L9eC0frgeTOJmV0l/kd -P67jUbbRG4Nu1dS8+6RnvhXQD6pbFJo0bga2MldfDfpUPZCvmodgkPuSERTT7Q== +bnRlcm1lZGlhdGVDQV85MB4XDTIwMDQwNDE4NDMxNloXDTIxMDQwNDE4NDMxNlow +XjERMA8GA1UEAwwIb29mLm9uYXAxHTAbBgNVBAsMFG9vZkBvb2Yub25hcC5vcmc6 +REVWMQ4wDAYDVQQLDAVPU0FBRjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv9ebvHIAgYYtJZDvxwDLR +UlCLQutOCosckzgWIwCL9JCJcd+4vMhGnT/zoKckm3koTOV4rB4Cfnf+CLYpRbLQ +IlLUopRs7ZQZNNyYm3l6ygi3IrW9MldUd2U1MnFZDpV4dEW67rDbCjz8MS2XrnxB +HpCzyxXvm5Uzf/U5J48fdhlJU2U00D89lCy9dRLOg7Jk2R8cn8BG2bCKGUfEjKb+ +LL9EqdJrGXstZii2OLsByQIEZuL5fv2wLh9m6m55wA+wKOS3aEkqiHaHKfVxm1ZH +hvP5zkkkex/hH1OEkTQCIzHuJnBZMr4bT1keLf4kBWrnM4zEQgGuxS2guGQUGsib +AgMBAAGjggHnMIIB4zAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIF4DAgBgNVHSUB +Af8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwVAYDVR0jBE0wS4AUgfeZWxC5yIze +81Je6k5poEM+rN2hMKQuMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQ +MQswCQYDVQQGEwJVU4IBBzAdBgNVHQ4EFgQUkjCndmbyBIsg2xtiFYgeONQa8Ysw +ggEtBgNVHREEggEkMIIBIIEfbWFyay5kLm1hbmFnZXJAcGVvcGxlLm9zYWFmLmNv +bYIIb29mLm9uYXCCCWNtc28tb25hcIIcY21zby5hcGkuc2ltcGxlZGVtby5vbmFw +Lm9yZ4IJY21zby5vbmFwgghvb2YtY21zb4ISb29mLWNtc28tb3B0aW1pemVyghJv +b2YtY21zby10aWNrZXRtZ3SCEW9vZi1jbXNvLXRvcG9sb2d5ggtvb2YtaGFzLWFw +aYIQb29mLWhhcy1hcGkub25hcIIIb29mLW9uYXCCCm9vZi1vcHRlbmeCD29vZi1v +cHRlbmcub25hcIIIb29mLW9zZGaCDW9vZi1vc2RmLm9uYXCCG29vZi5hcGkuc2lt +cGxlZGVtby5vbmFwLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEAHoAD6tRvFPAtUfkU +FsTO2p7lftMld0CzeAWfEln9vBXwr0ZGdNTP2TWJAcenIE1cwJavyQuDc3sZ4Z20 +/pOz1/oic9gnlVFe46/KRcwVUVXBU1EJlXB2UPU/v4MNrkWUcgqzEcxfKmBWl/My +7OlQFc7zAeqZw6XtnaLzMipaXg98M7sWnfS4t116wfwmHIkP2RY7dAp1XAbzOW+X +koFvfuj6MljxEzy8oc90SxhQHWNhWH73FxW0MuP+qf6x5PRciXIq6NJOrkG91Z0L +mksGtWU58Y7uP9DzcxaOB4cv3UpK4rx//IUnAN4/aDxLq566A5qj21ftMhHlCFg5 +GsHFjQ== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEdTCCAl2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB diff --git a/kubernetes/oof/charts/oof-has/resources/config/org.onap.oof.key b/kubernetes/oof/charts/oof-has/resources/config/org.onap.oof.key index fcb4f12100..a83edd1f86 100644 --- a/kubernetes/oof/charts/oof-has/resources/config/org.onap.oof.key +++ b/kubernetes/oof/charts/oof-has/resources/config/org.onap.oof.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDTvSNfotbMhL/Q -xF9ZbfYqBGGEQ+c71qhJLb+pXNLG7JZY6zbhg9c7kSFN1QmNRtLHTmv5T7sFHaF+ -WeGCbQZiqq0NBN0VrQLdSFTE61RMUnZ6Gz/jJEnJCOk9P2ngS/pYGS1dTus+YEqj -4tsZJV8IGoAOs6SxriD5e5jPj5vXA2C19JUUmlYUycTHgr8MWCLlLz9Esg2XtaHy -Iae8fMWvXQ7yaK9FZXUcYvA20p3h3z/PiWALyKrMrnR99buAZU9G79eZCgyEDWi5 -kLRngmD6DSTW3qHdYrQ+TEe5OINaIT84FimDPNZ9dPusi0d4NDWA6ZHvVaCQVnqE -y96IgNwJAgMBAAECggEBAJsOoi3x+OzytelzNQQvk5p3dNZAR8C5VKmqV/X15OEJ -9pwNPDZvrxmPEV2HCiSsXcTYuBdt/N4lMdNujMdPgeKVbH7hNeoetb9IrdM7JpNx -vBN1ixaSx3nyDaPtoWJBIYaMgX0YQwt9xos3oQ1MIci0Z1zcz1nS05D/ows09oHA -QMzq/cMHi69Sce/4RJYmGVaHuMpcBBEzvj6cDR+sIqh9MlRuLwwcyTcWki8XTCBA -0bb8YEFnPl/85s+q8qDnI5kSRQ5ZLhnTK8kAl2DnEFWXxOMLUAl/pGMdkN55QyBO -6AYM+MoKOuzmH0sntjEXv5ACH0zF8yvkPjMG3gaIzgECgYEA+Cge4QicXTNOztax -HNHSqsQHJbRyJ/j+kqccAC2/u0PhSyDAgPZENcPqTtOEyDfU7Qtbx5xfmpMvzdgE -RsGoLU2QpGXFa65bGqrN6uxeb9HihVEokG+EKUPVqjyudNGBMNNy3MoLXhb0GtPn -vXotC5efZrG1VVeynUc9hpKwKcECgYEA2m5anXTvCceq+L6Fv2dqOFMp4pQ62T5h -zWCn2arthqic9yP0R7VkGR3fLr5gR2ETR4n/m9mnDr7tEXHbXE4SrFWhoV4huYrW -DQXzx2ByNqgobv+3nrAoc/PKZe0ZWANr71J4TWKAz2CzHSsRGuvP88Fe9EzIy8jr -lhDjSKC59EkCgYBQKRWgd5ma+aHxaqSXvKeiheQRJ/LgOqxxTw3aeOzAXzL9g7zr -a6GpBHpBsE3qJy7ey5aAKmEvm3ALvEXVXWUoDTA2CrH1EMNZH+eYhXYUBOZ5Tjge -QAefFMyGS0fHcI2c6hDmhVWatStxJxZqvHakkfvpvmnnAYcvCv4y5FuHgQKBgDlZ -lhMXW5eOxBYRN96cUWg+dZXW42icl2MsCIX++eRMKwI8f2vAdWqezDViqLa1BzHW -SrVpvRIDEQ1ufnDK0t5KkWhj5ajoifDbajkj2nj9R7h1DYntqIFhNffy+59/Lnyk -g4+V2EoakoyK/S+7UFsonzy3WFUhCLHa90HfaVN5AoGBAIBoMOTZvt0vebJl3hT1 -SyruP8//nv+2iqvBrHYi62zw4guqE/o+gByPPKq3RvUGODWToN+7guDzpntCDI35 -Z8GQ5eXG+nHsnwu4hbmh8hubLujmhyegc6ztMoPnnBPr4a4IrLPg37NKmCt7eEO6 -MUrMTOf2romyJgABunEPTWo3 +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCv9ebvHIAgYYtJ +ZDvxwDLRUlCLQutOCosckzgWIwCL9JCJcd+4vMhGnT/zoKckm3koTOV4rB4Cfnf+ +CLYpRbLQIlLUopRs7ZQZNNyYm3l6ygi3IrW9MldUd2U1MnFZDpV4dEW67rDbCjz8 +MS2XrnxBHpCzyxXvm5Uzf/U5J48fdhlJU2U00D89lCy9dRLOg7Jk2R8cn8BG2bCK +GUfEjKb+LL9EqdJrGXstZii2OLsByQIEZuL5fv2wLh9m6m55wA+wKOS3aEkqiHaH +KfVxm1ZHhvP5zkkkex/hH1OEkTQCIzHuJnBZMr4bT1keLf4kBWrnM4zEQgGuxS2g +uGQUGsibAgMBAAECggEAZFnZWoTmjZET3sdLaJQ0ZyyKwuFnURqyO5m6YuWTaj4Q +MFLBRJplneAQmOEGcdo5PsKcHDYM5185D6foO6GEWS86Dgqqm3TjAX0kUeRZY63V +SpyBCWWsaH+vOKeL/T5UAF5PZky6kDFGlo11cwwP0ROdcuxflkck0DopoG7vMQE0 +XvOWDn9z7WLu6hph7RnweW5Wou3VG2WSlE8i7gngAExxRFs2RxUr3UHooUX0pLOY +Qk/ofsWB6AhMD02BAIgKEWZK33+uTHUchbm3zA1sAx8vXoA5G9uSh/E+YnXbt3D0 +0wrHIJy+BW3f4WfGc7tE3HpsnLsnUwBV48DvG/zAAQKBgQD4HshYjEkT4WAVnzbe +FaivRh67sFqHvkpSA4gmNdot1Q4MeZ1I5u2lKBntbxyk72m/zA/7qw2h1PT2r430 +XA2/cV+YHCiTbPqfm0Lj+w0ht+RmF3VQB1uHWjsVvybPIeuwVLZ3hgu2Tl2oDCKd +8bKLpvj4fwZRxbp3G5VjuQztiwKBgQC1jHYVaUHkekshHG0HFPBKAEU8urSeKzoD +Y7SyrDLQwx3rqhY3v0VZntjnT47JEThECunl5Aun0YJyMs12Ex0zI7ciC9WIgbHx +Qhs/46uhKPuiEHzBsET6CX7wDBJMBIN6HrNMsSdCTmWZu6LGJSlHasEXnmKsTngF +nYdBeQATMQKBgGMvOvtaqOPPli9OhApnMhVOvH5e0vGsed0rGEPeByeHIaSPAPbh +iWIaE7M8VYEBS46mLkV2bW6hyILMTry+B6jd007lArtcNxuSXzzvYKJ39k9xVS32 +ovoKcdARp5vpfWPxmTdSWGA6F2pT34qv0aXNy3zamlYZ6p4uYpuIn8hdAoGAKL5h +MeTxeMlJWyD6BwDX/IObBkoQhv7EgkY6I28p6FghuuXtHo26jqZrn13neZB3xC1+ +2K0ZQIxwbhigq8MWZoe5bdaiEYSp3q8rVmdN+VktP+3bUcyxbjv7VPwgjxbkOt/w +9WE8olDd1Gab3UQxw2ld9GMDWhAyN3BnDnaNYcECgYBFyc/maooUp2x1SEh3UisY +vkpzYvUyHGiq2/gwm1htz8HQO75RuNY/YtxN1m9jrMArPBy6OgQ/Wk3Zi6S8HqYY +ENTUUsIVr33nJT3rOWWJ2qdAmo6kAWt/J3LPNV01MWZ2cU4DcEDF1ZVkGFVgI0ZC +h+G1ZXD4PyjI6KWhRC3JuA== -----END PRIVATE KEY----- \ No newline at end of file diff --git a/kubernetes/oof/charts/oof-has/values.yaml b/kubernetes/oof/charts/oof-has/values.yaml index d2611abb2a..730d6e20a1 100755 --- a/kubernetes/oof/charts/oof-has/values.yaml +++ b/kubernetes/oof/charts/oof-has/values.yaml @@ -25,7 +25,7 @@ global: commonConfigPrefix: onap-oof-has image: readiness: oomk8s/readiness-check:2.0.0 - optf_has: onap/optf-has:1.3.3 + optf_has: onap/optf-has:2.0.2 filebeat: docker.elastic.co/beats/filebeat:5.5.0 pullPolicy: Always @@ -66,3 +66,4 @@ resources: memory: 2Gi cpu: 1000m unlimited: {} + diff --git a/kubernetes/oof/resources/config/common_config.yaml b/kubernetes/oof/resources/config/common_config.yaml index 0446dbd05c..bfee39b967 100644 --- a/kubernetes/oof/resources/config/common_config.yaml +++ b/kubernetes/oof/resources/config/common_config.yaml @@ -11,9 +11,11 @@ osdf_temp: # special configuration required for "workarounds" or testing local_policies: global_disabled: True local_placement_policies_enabled: True + local_slice_selection_policies_enabled: True placement_policy_dir_vcpe: "./test/policy-local-files/" placement_policy_files_vcpe: # workaroud for policy platform glitches (or "work-arounds" for other components) - Affinity_vCPE_1.json + - Attribute_vNS_1.json #- Capacity_vGMuxInfra.json #- Capacity_vG_1.json - Distance_vG_1.json @@ -38,6 +40,14 @@ osdf_temp: # special configuration required for "workarounds" or testing - vnfPolicy_vPGN_TD.json - affinity_vFW_TD.json - QueryPolicy_vFW_TD.json + + slice_selection_policy_dir_urllc_1: "./test/policy-local-files/" + slice_selection_policy_files_urllc_1: + - vnfPolicy_URLLC_Core_1.json + - thresholdPolicy_URLLC_Core_1_reliability.json + - thresholdPolicy_URLLC_Core_1_latency.json + - subscriber_policy_URLLC_1.json + service_info: vCPE: vcpeHostName: requestParameters.vcpeHostName @@ -50,30 +60,44 @@ references: service_name: source: request value: serviceInfo.serviceName + resource: + source: request + value: placementInfo.placementDemands.resourceModuleName subscriber_role: - source: SubscriberPolicy - value: content.properties.subscriberRole + source: onap.policies.optimization.SubscriberPolicy + value: properties.properties.subscriberRole policy_info: prioritization_attributes: policy_type: - - content.policyType + - type resources: - - content.resources - - content.objectiveParameter.parameterAttributes.resources + - properties.resources + - properties.objectiveParameter.parameterAttributes.resources service_name: - - content.serviceName + - properties.services - placement: + slice_selection: policy_fetch: by_scope policy_scope: - default_scope: OSDF_DUBLIN - vcpe_scope: OSDF_DUBLIN - vfw_scope: OSDF_DUBLIN - secondary_scopes: - - + - + scope: + - OSDF_FRANKFURT + services: - get_param: service_name + + placement: + policy_fetch: by_scope + policy_scope: + - + scope: + - OSDF_FRANKFURT + geography: - US + services: + - get_param: service_name + resources: + - get_param: resource # - # - get_param: service_name # - get_param: subscriber_role diff --git a/kubernetes/oof/resources/config/org.onap.oof.crt b/kubernetes/oof/resources/config/org.onap.oof.crt index 5d16e934f6..68f474b44f 100644 --- a/kubernetes/oof/resources/config/org.onap.oof.crt +++ b/kubernetes/oof/resources/config/org.onap.oof.crt @@ -1,29 +1,32 @@ -----BEGIN CERTIFICATE----- -MIIEqjCCA5KgAwIBAgIIfDQFJU4qiGcwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE +MIIFEDCCA/igAwIBAgIILW/fiLbps5cwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE BhMCVVMxDTALBgNVBAoMBE9OQVAxDjAMBgNVBAsMBU9TQUFGMRkwFwYDVQQDDBBp -bnRlcm1lZGlhdGVDQV85MB4XDTE5MDUyMzAwMDAwOVoXDTIwMDUyMzAwMDAwOVow -fjEkMCIGA1UEAwwbb29mLmFwaS5zaW1wbGVkZW1vLm9uYXAub3JnMQ8wDQYJKoZI -hvcNAQkBFgAxGTAXBgNVBAsMEG9vZkBvb2Yub25hcC5vcmcxDjAMBgNVBAsMBU9T -QUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBANO9I1+i1syEv9DEX1lt9ioEYYRD5zvWqEktv6lc0sbs -lljrNuGD1zuRIU3VCY1G0sdOa/lPuwUdoX5Z4YJtBmKqrQ0E3RWtAt1IVMTrVExS -dnobP+MkSckI6T0/aeBL+lgZLV1O6z5gSqPi2xklXwgagA6zpLGuIPl7mM+Pm9cD -YLX0lRSaVhTJxMeCvwxYIuUvP0SyDZe1ofIhp7x8xa9dDvJor0VldRxi8DbSneHf -P8+JYAvIqsyudH31u4BlT0bv15kKDIQNaLmQtGeCYPoNJNbeod1itD5MR7k4g1oh -PzgWKYM81n10+6yLR3g0NYDpke9VoJBWeoTL3oiA3AkCAwEAAaOCAWEwggFdMAkG -A1UdEwQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMB -BggrBgEFBQcDAjBUBgNVHSMETTBLgBSB95lbELnIjN7zUl7qTmmgQz6s3aEwpC4w -LDEOMAwGA1UECwwFT1NBQUYxDTALBgNVBAoMBE9OQVAxCzAJBgNVBAYTAlVTggEH -MB0GA1UdDgQWBBSknkh8g81RnBHm70u/Wk2gFNTlkDCBqAYDVR0RBIGgMIGdghtv -b2YuYXBpLnNpbXBsZWRlbW8ub25hcC5vcmeCCWNtc28tb25hcIIcY21zby5hcGku -c2ltcGxlZGVtby5vbmFwLm9yZ4IJY21zby5vbmFwggtvb2YtaGFzLWFwaYIQb29m -LWhhcy1hcGkub25hcIIIb29mLW9uYXCCCG9vZi1vc2Rmgg1vb2Ytb3NkZi5vbmFw -gghvb2Yub25hcDANBgkqhkiG9w0BAQsFAAOCAQEABBBLE4thQulELuL4uyfRadNz -wycXjwXaxh9bj3e4QSIHwsRx/JZliYcNC1YKA066+230zdApzfDlFIRteJrYJkvh -0O0l/7hpVQbl0/5rlzAipm9r14M1CF2VJ//L721CgnQDrMqT1iewiUvIdyoqGy/Z -0a6/mWgwACpTJQQ7e/KBWNOVQUe1H39Bv1gNLM6iMl8kflMCyTDx5pJYocpvXzi+ -KF9u9YCCgOI8j1yvxLP4r7M0hCh2GpPzlbsSt0K0yD0d+L9eC0frgeTOJmV0l/kd -P67jUbbRG4Nu1dS8+6RnvhXQD6pbFJo0bga2MldfDfpUPZCvmodgkPuSERTT7Q== +bnRlcm1lZGlhdGVDQV85MB4XDTIwMDQwNDE4NDMxNloXDTIxMDQwNDE4NDMxNlow +XjERMA8GA1UEAwwIb29mLm9uYXAxHTAbBgNVBAsMFG9vZkBvb2Yub25hcC5vcmc6 +REVWMQ4wDAYDVQQLDAVPU0FBRjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv9ebvHIAgYYtJZDvxwDLR +UlCLQutOCosckzgWIwCL9JCJcd+4vMhGnT/zoKckm3koTOV4rB4Cfnf+CLYpRbLQ +IlLUopRs7ZQZNNyYm3l6ygi3IrW9MldUd2U1MnFZDpV4dEW67rDbCjz8MS2XrnxB +HpCzyxXvm5Uzf/U5J48fdhlJU2U00D89lCy9dRLOg7Jk2R8cn8BG2bCKGUfEjKb+ +LL9EqdJrGXstZii2OLsByQIEZuL5fv2wLh9m6m55wA+wKOS3aEkqiHaHKfVxm1ZH +hvP5zkkkex/hH1OEkTQCIzHuJnBZMr4bT1keLf4kBWrnM4zEQgGuxS2guGQUGsib +AgMBAAGjggHnMIIB4zAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIF4DAgBgNVHSUB +Af8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwVAYDVR0jBE0wS4AUgfeZWxC5yIze +81Je6k5poEM+rN2hMKQuMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQ +MQswCQYDVQQGEwJVU4IBBzAdBgNVHQ4EFgQUkjCndmbyBIsg2xtiFYgeONQa8Ysw +ggEtBgNVHREEggEkMIIBIIEfbWFyay5kLm1hbmFnZXJAcGVvcGxlLm9zYWFmLmNv +bYIIb29mLm9uYXCCCWNtc28tb25hcIIcY21zby5hcGkuc2ltcGxlZGVtby5vbmFw +Lm9yZ4IJY21zby5vbmFwgghvb2YtY21zb4ISb29mLWNtc28tb3B0aW1pemVyghJv +b2YtY21zby10aWNrZXRtZ3SCEW9vZi1jbXNvLXRvcG9sb2d5ggtvb2YtaGFzLWFw +aYIQb29mLWhhcy1hcGkub25hcIIIb29mLW9uYXCCCm9vZi1vcHRlbmeCD29vZi1v +cHRlbmcub25hcIIIb29mLW9zZGaCDW9vZi1vc2RmLm9uYXCCG29vZi5hcGkuc2lt +cGxlZGVtby5vbmFwLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEAHoAD6tRvFPAtUfkU +FsTO2p7lftMld0CzeAWfEln9vBXwr0ZGdNTP2TWJAcenIE1cwJavyQuDc3sZ4Z20 +/pOz1/oic9gnlVFe46/KRcwVUVXBU1EJlXB2UPU/v4MNrkWUcgqzEcxfKmBWl/My +7OlQFc7zAeqZw6XtnaLzMipaXg98M7sWnfS4t116wfwmHIkP2RY7dAp1XAbzOW+X +koFvfuj6MljxEzy8oc90SxhQHWNhWH73FxW0MuP+qf6x5PRciXIq6NJOrkG91Z0L +mksGtWU58Y7uP9DzcxaOB4cv3UpK4rx//IUnAN4/aDxLq566A5qj21ftMhHlCFg5 +GsHFjQ== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEdTCCAl2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB diff --git a/kubernetes/oof/resources/config/org.onap.oof.key b/kubernetes/oof/resources/config/org.onap.oof.key index fcb4f12100..a83edd1f86 100644 --- a/kubernetes/oof/resources/config/org.onap.oof.key +++ b/kubernetes/oof/resources/config/org.onap.oof.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDTvSNfotbMhL/Q -xF9ZbfYqBGGEQ+c71qhJLb+pXNLG7JZY6zbhg9c7kSFN1QmNRtLHTmv5T7sFHaF+ -WeGCbQZiqq0NBN0VrQLdSFTE61RMUnZ6Gz/jJEnJCOk9P2ngS/pYGS1dTus+YEqj -4tsZJV8IGoAOs6SxriD5e5jPj5vXA2C19JUUmlYUycTHgr8MWCLlLz9Esg2XtaHy -Iae8fMWvXQ7yaK9FZXUcYvA20p3h3z/PiWALyKrMrnR99buAZU9G79eZCgyEDWi5 -kLRngmD6DSTW3qHdYrQ+TEe5OINaIT84FimDPNZ9dPusi0d4NDWA6ZHvVaCQVnqE -y96IgNwJAgMBAAECggEBAJsOoi3x+OzytelzNQQvk5p3dNZAR8C5VKmqV/X15OEJ -9pwNPDZvrxmPEV2HCiSsXcTYuBdt/N4lMdNujMdPgeKVbH7hNeoetb9IrdM7JpNx -vBN1ixaSx3nyDaPtoWJBIYaMgX0YQwt9xos3oQ1MIci0Z1zcz1nS05D/ows09oHA -QMzq/cMHi69Sce/4RJYmGVaHuMpcBBEzvj6cDR+sIqh9MlRuLwwcyTcWki8XTCBA -0bb8YEFnPl/85s+q8qDnI5kSRQ5ZLhnTK8kAl2DnEFWXxOMLUAl/pGMdkN55QyBO -6AYM+MoKOuzmH0sntjEXv5ACH0zF8yvkPjMG3gaIzgECgYEA+Cge4QicXTNOztax -HNHSqsQHJbRyJ/j+kqccAC2/u0PhSyDAgPZENcPqTtOEyDfU7Qtbx5xfmpMvzdgE -RsGoLU2QpGXFa65bGqrN6uxeb9HihVEokG+EKUPVqjyudNGBMNNy3MoLXhb0GtPn -vXotC5efZrG1VVeynUc9hpKwKcECgYEA2m5anXTvCceq+L6Fv2dqOFMp4pQ62T5h -zWCn2arthqic9yP0R7VkGR3fLr5gR2ETR4n/m9mnDr7tEXHbXE4SrFWhoV4huYrW -DQXzx2ByNqgobv+3nrAoc/PKZe0ZWANr71J4TWKAz2CzHSsRGuvP88Fe9EzIy8jr -lhDjSKC59EkCgYBQKRWgd5ma+aHxaqSXvKeiheQRJ/LgOqxxTw3aeOzAXzL9g7zr -a6GpBHpBsE3qJy7ey5aAKmEvm3ALvEXVXWUoDTA2CrH1EMNZH+eYhXYUBOZ5Tjge -QAefFMyGS0fHcI2c6hDmhVWatStxJxZqvHakkfvpvmnnAYcvCv4y5FuHgQKBgDlZ -lhMXW5eOxBYRN96cUWg+dZXW42icl2MsCIX++eRMKwI8f2vAdWqezDViqLa1BzHW -SrVpvRIDEQ1ufnDK0t5KkWhj5ajoifDbajkj2nj9R7h1DYntqIFhNffy+59/Lnyk -g4+V2EoakoyK/S+7UFsonzy3WFUhCLHa90HfaVN5AoGBAIBoMOTZvt0vebJl3hT1 -SyruP8//nv+2iqvBrHYi62zw4guqE/o+gByPPKq3RvUGODWToN+7guDzpntCDI35 -Z8GQ5eXG+nHsnwu4hbmh8hubLujmhyegc6ztMoPnnBPr4a4IrLPg37NKmCt7eEO6 -MUrMTOf2romyJgABunEPTWo3 +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCv9ebvHIAgYYtJ +ZDvxwDLRUlCLQutOCosckzgWIwCL9JCJcd+4vMhGnT/zoKckm3koTOV4rB4Cfnf+ +CLYpRbLQIlLUopRs7ZQZNNyYm3l6ygi3IrW9MldUd2U1MnFZDpV4dEW67rDbCjz8 +MS2XrnxBHpCzyxXvm5Uzf/U5J48fdhlJU2U00D89lCy9dRLOg7Jk2R8cn8BG2bCK +GUfEjKb+LL9EqdJrGXstZii2OLsByQIEZuL5fv2wLh9m6m55wA+wKOS3aEkqiHaH +KfVxm1ZHhvP5zkkkex/hH1OEkTQCIzHuJnBZMr4bT1keLf4kBWrnM4zEQgGuxS2g +uGQUGsibAgMBAAECggEAZFnZWoTmjZET3sdLaJQ0ZyyKwuFnURqyO5m6YuWTaj4Q +MFLBRJplneAQmOEGcdo5PsKcHDYM5185D6foO6GEWS86Dgqqm3TjAX0kUeRZY63V +SpyBCWWsaH+vOKeL/T5UAF5PZky6kDFGlo11cwwP0ROdcuxflkck0DopoG7vMQE0 +XvOWDn9z7WLu6hph7RnweW5Wou3VG2WSlE8i7gngAExxRFs2RxUr3UHooUX0pLOY +Qk/ofsWB6AhMD02BAIgKEWZK33+uTHUchbm3zA1sAx8vXoA5G9uSh/E+YnXbt3D0 +0wrHIJy+BW3f4WfGc7tE3HpsnLsnUwBV48DvG/zAAQKBgQD4HshYjEkT4WAVnzbe +FaivRh67sFqHvkpSA4gmNdot1Q4MeZ1I5u2lKBntbxyk72m/zA/7qw2h1PT2r430 +XA2/cV+YHCiTbPqfm0Lj+w0ht+RmF3VQB1uHWjsVvybPIeuwVLZ3hgu2Tl2oDCKd +8bKLpvj4fwZRxbp3G5VjuQztiwKBgQC1jHYVaUHkekshHG0HFPBKAEU8urSeKzoD +Y7SyrDLQwx3rqhY3v0VZntjnT47JEThECunl5Aun0YJyMs12Ex0zI7ciC9WIgbHx +Qhs/46uhKPuiEHzBsET6CX7wDBJMBIN6HrNMsSdCTmWZu6LGJSlHasEXnmKsTngF +nYdBeQATMQKBgGMvOvtaqOPPli9OhApnMhVOvH5e0vGsed0rGEPeByeHIaSPAPbh +iWIaE7M8VYEBS46mLkV2bW6hyILMTry+B6jd007lArtcNxuSXzzvYKJ39k9xVS32 +ovoKcdARp5vpfWPxmTdSWGA6F2pT34qv0aXNy3zamlYZ6p4uYpuIn8hdAoGAKL5h +MeTxeMlJWyD6BwDX/IObBkoQhv7EgkY6I28p6FghuuXtHo26jqZrn13neZB3xC1+ +2K0ZQIxwbhigq8MWZoe5bdaiEYSp3q8rVmdN+VktP+3bUcyxbjv7VPwgjxbkOt/w +9WE8olDd1Gab3UQxw2ld9GMDWhAyN3BnDnaNYcECgYBFyc/maooUp2x1SEh3UisY +vkpzYvUyHGiq2/gwm1htz8HQO75RuNY/YtxN1m9jrMArPBy6OgQ/Wk3Zi6S8HqYY +ENTUUsIVr33nJT3rOWWJ2qdAmo6kAWt/J3LPNV01MWZ2cU4DcEDF1ZVkGFVgI0ZC +h+G1ZXD4PyjI6KWhRC3JuA== -----END PRIVATE KEY----- \ No newline at end of file diff --git a/kubernetes/oof/resources/config/osdf_config.yaml b/kubernetes/oof/resources/config/osdf_config.yaml index 4dd3097918..b544c42e7a 100755 --- a/kubernetes/oof/resources/config/osdf_config.yaml +++ b/kubernetes/oof/resources/config/osdf_config.yaml @@ -10,14 +10,8 @@ placementDefaultMajorVersion: {{ .Values.config.placementDefaultMajorVersion }} placementDefaultMinorVersion: {{ .Values.config.placementDefaultMinorVersion }} placementDefaultPatchVersion: {{ .Values.config.placementDefaultPatchVersion }} -# Credentials for SO -soUsername: {{ .Values.config.soUsername }} -soPassword: {{ .Values.config.soPassword }} - # Credentials for Conductor conductorUrl: {{ .Values.config.conductorUrl }} -conductorUsername: {{ .Values.config.conductorUsername }} -conductorPassword: {{ .Values.config.conductorPassword }} conductorPingWaitTime: {{ .Values.config.conductorPingWaitTime }} conductorMaxRetries: {{ .Values.config.conductorMaxRetries }} # versions to be set in HTTP header @@ -26,39 +20,15 @@ conductorMinorVersion: {{ .Values.config.conductorMinorVersion }} # Policy Platform -- requires ClientAuth, Authorization, and Environment policyPlatformUrl: {{ .Values.config.policyPlatformUrl }} policyPlatformEnv: {{ .Values.config.policyPlatformEnv }} -policyPlatformUsername: {{ .Values.config.policyPlatformUsername }} -policyPlatformPassword: {{ .Values.config.policyPlatformPassword }} -policyClientUsername: {{ .Values.config.policyClientUsername }} -policyClientPassword: {{ .Values.config.policyClientPassword }} # Credentials for DMaaP messageReaderHosts: {{ .Values.config.messageReaderHosts }} messageReaderTopic: {{ .Values.config.messageReaderTopic }} -messageReaderAafUserId: {{ .Values.config.messageReaderAafUserId }} -messageReaderAafPassword: {{ .Values.config.messageReaderAafPassword }} # Credentials for SDC sdcUrl: {{ .Values.config.sdcUrl }} -sdcUsername: {{ .Values.config.sdcUsername }} -sdcPassword: {{ .Values.config.sdcPassword }} sdcONAPInstanceID: {{ .Values.config.sdcONAPInstanceID }} -# Credentials for the OOF placement service - Generic -osdfPlacementUsername: {{ .Values.config.osdfPlacementUsername }} -osdfPlacementPassword: {{ .Values.config.osdfPlacementPassword }} - -# Credentials for the OOF placement service - SO -osdfPlacementSOUsername: {{ .Values.config.osdfPlacementSOUsername }} -osdfPlacementSOPassword: {{ .Values.config.osdfPlacementSOPassword }} - -# Credentials for the OOF placement service - VFC -osdfPlacementVFCUsername: {{ .Values.config.osdfPlacementVFCUsername }} -osdfPlacementVFCPassword: {{ .Values.config.osdfPlacementVFCPassword }} - -# Credentials for the OOF CM scheduling service - Generic -osdfCMSchedulerUsername: {{ .Values.config.osdfCMSchedulerUsername }} -osdfCMSchedulerPassword: {{ .Values.config.osdfCMSchedulerPassword }} - is_aaf_enabled: {{ .Values.config.is_aaf_enabled }} aaf_cache_expiry_mins: {{ .Values.config.aaf_cache_expiry_mins }} aaf_url: {{ .Values.config.aaf_url }} @@ -75,15 +45,8 @@ aaf_ca_certs: {{ .Values.config.aaf_ca_certs }} # config db api configDbUrl: {{ .Values.config.configDbUrl }} -configDbUserName: {{ .Values.config.configDbUserName }} -configDbPassword: {{ .Values.config.configDbPassword }} configDbGetCellListUrl: {{ .Values.config.configDbGetCellListUrl }} configDbGetNbrListUrl: {{ .Values.config.configDbGetNbrListUrl }} -# Credentials for PCIHandler -pciHMSUsername: {{ .Values.config.pciHMSUsername }} -pciHMSPassword: {{ .Values.config.pciHMSPassword }} - -# Credentials for the OOF PCI Opt service -osdfPCIOptUsername: {{ .Values.config.osdfPCIOptUsername }} -osdfPCIOptPassword: {{ .Values.config.osdfPCIOptPassword }} +#key +appkey: '' diff --git a/kubernetes/oof/templates/deployment.yaml b/kubernetes/oof/templates/deployment.yaml index a3205fa86d..ffcbb6574f 100644 --- a/kubernetes/oof/templates/deployment.yaml +++ b/kubernetes/oof/templates/deployment.yaml @@ -36,7 +36,7 @@ spec: - /root/ready.py args: - --container-name - - pdp + - policy-xacml-pdp env: - name: NAMESPACE valueFrom: @@ -64,6 +64,7 @@ spec: image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-osdf-sms-readiness + containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -89,7 +90,7 @@ spec: - mountPath: /etc/localtime name: localtime readOnly: true - - mountPath: /opt/app/config/osdf_config.yaml + - mountPath: /opt/osdf/config/osdf_config.yaml name: {{ include "common.fullname" . }}-config subPath: osdf_config.yaml - mountPath: /opt/app/ssl_cert/aaf_root_ca.cer diff --git a/kubernetes/oof/values.yaml b/kubernetes/oof/values.yaml index e540aa096a..0cdfa9dfe7 100644 --- a/kubernetes/oof/values.yaml +++ b/kubernetes/oof/values.yaml @@ -27,7 +27,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/optf-osdf:1.3.4 +image: onap/optf-osdf:2.0.3 pullPolicy: Always # flag to enable debugging - application support required @@ -46,46 +46,22 @@ config: placementDefaultMajorVersion: "1" placementDefaultMinorVersion: "0" placementDefaultPatchVersion: "0" - # Credentials of the callback url for SO. - soUsername: "" # SO username for call back. - soPassword: "" # SO password for call back. + # Url and credentials for Conductor. conductorUrl: https://oof-has-api:8091/v1/plans/ - conductorUsername: admin1 - conductorPassword: plan.15 conductorPingWaitTime: 60 conductorMaxRetries: 30 # versions to be set in HTTP header conductorMinorVersion: 0 # Url and credentials for the Policy Platform - policyPlatformUrl: https://pdp:8081/pdp/api/getConfig # Policy Dev platform URL + policyPlatformUrl: https://policy-xacml-pdp:6969/policy/pdpx/v1/decision # Policy Dev platform URL policyPlatformEnv: TEST # Environment for policy platform - policyPlatformUsername: testpdp # Policy platform username. - policyPlatformPassword: alpha123 # Policy platform password. - policyClientUsername: python # For use with ClientAuth - policyClientPassword: test # For use with ClientAuth # Credentials for the message reader - A placeholder. messageReaderHosts: NA messageReaderTopic: NA - messageReaderAafUserId: NA - messageReaderAafPassword: NA # Credentials for the SDC interface - A placeholder. sdcUrl: NA - sdcUsername: NA - sdcPassword: NA sdcONAPInstanceID: NA - # Credentials for the placement service – Generic. - osdfPlacementUsername: "test" - osdfPlacementPassword: "testpwd" - # Credentials for the OOF placement service – SO. - osdfPlacementSOUsername: so_test - osdfPlacementSOPassword: so_testpwd - # Credentials for the OOF placement service - VFC - osdfPlacementVFCUsername: vfc_test - osdfPlacementVFCPassword: vfc_testpwd - # Credentials for the OOF CM scheduling service – Generic. - osdfCMSchedulerUsername: test1 - osdfCMSchedulerPassword: testpwd1 #AAF Authentication is_aaf_enabled: False aaf_cache_expiry_mins: 5 @@ -101,16 +77,8 @@ config: aaf_ca_certs: /opt/app/ssl_cert/aaf_root_ca.cer # config db api configDbUrl: http://config.db.url:8080 - configDbUserName: osdf - configDbPassword: passwd configDbGetCellListUrl: 'SDNCConfigDBAPI/getCellList' configDbGetNbrListUrl: 'SDNCConfigDBAPI/getNbrList' - # Credentials for PCIHandler - pciHMSUsername: "" # pcihandler username for call back. - pciHMSPassword: "" # pcihandler password for call back. - # Credentials for the OOF PCI Opt service - osdfPCIOptUsername: pci_test - osdfPCIOptPassword: pci_testpwd # default number of instances replicaCount: 1 nodeSelector: {} diff --git a/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf b/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf index 7c58b3da54..1598a8ff3f 100644 --- a/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf +++ b/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf @@ -21,10 +21,10 @@ COMPONENT_X_MS_MB=1024 REST_PAP_URL=https://{{ .Values.global.pap.nameOverride }}:{{.Values.config.papPort}}/pap/ REST_PDP_ID=https://{{ .Values.global.pdp.nameOverride }}:{{.Values.config.pdpPort}}/pdp/ -PDP_HTTP_USER_ID=testpdp -PDP_HTTP_PASSWORD=alpha123 -PDP_PAP_PDP_HTTP_USER_ID=testpap -PDP_PAP_PDP_HTTP_PASSWORD=alpha123 +PDP_HTTP_USER_ID=${PDP_HTTP_USER_ID} +PDP_HTTP_PASSWORD=${PDP_HTTP_PASSWORD} +PDP_PAP_PDP_HTTP_USER_ID=${PDP_PAP_PDP_HTTP_USER_ID} +PDP_PAP_PDP_HTTP_PASSWORD=${PDP_PAP_PDP_HTTP_PASSWORD} M2_HOME=/usr/share/java/maven-3 snapshotRepositoryID=policy-nexus-snapshots @@ -33,8 +33,8 @@ snapshotRepositoryURL=http://{{ .Values.global.nexus.nameOverride }}:{{.Values.c releaseRepositoryID=policy-nexus-releases releaseRepositoryName=Releases releaseRepositoryURL=http://{{ .Values.global.nexus.nameOverride }}:{{.Values.config.nexusPort}}/nexus/content/repositories/releases -repositoryUsername=admin -repositoryPassword=admin123 +repositoryUsername=${REPOSITORY_USERNAME} +repositoryPassword=${REPOSITORY_PASSWORD} UEB_URL=message-router UEB_TOPIC=PDPD-CONFIGURATION UEB_API_KEY= diff --git a/kubernetes/policy/charts/brmsgw/templates/deployment.yaml b/kubernetes/policy/charts/brmsgw/templates/deployment.yaml index 6ff76ddfd1..95446b24bb 100644 --- a/kubernetes/policy/charts/brmsgw/templates/deployment.yaml +++ b/kubernetes/policy/charts/brmsgw/templates/deployment.yaml @@ -32,6 +32,36 @@ spec: release: {{ include "common.release" . }} spec: initContainers: + - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1 *.conf`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: JDBC_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} + - name: JDBC_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} + - name: PDP_HTTP_USER_ID + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "login") | indent 10 }} + - name: PDP_HTTP_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "password") | indent 10 }} + - name: PDP_PAP_PDP_HTTP_USER_ID + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "login") | indent 10 }} + - name: PDP_PAP_PDP_HTTP_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "password") | indent 10 }} + - name: REPOSITORY_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "login") | indent 10 }} + - name: REPOSITORY_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /config-input + name: pe + - mountPath: /config + name: pe-processed + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config - command: - /root/ready.py args: @@ -59,6 +89,19 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} - name: JDBC_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} + - name: PDP_HTTP_USER_ID + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "login") | indent 10 }} + - name: PDP_HTTP_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "password") | indent 10 }} + - name: PDP_PAP_PDP_HTTP_USER_ID + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "login") | indent 10 }} + - name: PDP_PAP_PDP_HTTP_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "password") | indent 10 }} + - name: REPOSITORY_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "login") | indent 10 }} + - name: REPOSITORY_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "password") | indent 10 }} + volumeMounts: ports: - containerPort: {{ .Values.service.externalPort }} {{- if eq .Values.liveness.enabled true }} @@ -84,7 +127,7 @@ spec: name: pe-brmsgw subPath: brmsgw.conf - mountPath: /tmp/policy-install/config/base.conf - name: pe + name: pe-processed subPath: base.conf - mountPath: /tmp/policy-install/do-start.sh name: pe-scripts @@ -115,5 +158,8 @@ spec: configMap: name: {{ include "common.fullname" . }}-pe-configmap defaultMode: 0755 + - name: pe-processed + emptyDir: + medium: Memory imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/charts/brmsgw/values.yaml b/kubernetes/policy/charts/brmsgw/values.yaml index 08afdeeac0..ee47b4a4c3 100644 --- a/kubernetes/policy/charts/brmsgw/values.yaml +++ b/kubernetes/policy/charts/brmsgw/values.yaml @@ -20,6 +20,7 @@ global: nodePortPrefix: 302 readinessRepository: oomk8s readinessImage: readiness-check:2.0.2 + envsubstImage: dibi/envsubst ################################################################# # Secrets metaconfig @@ -31,13 +32,31 @@ secrets: login: '{{ .Values.db.user }}' password: '{{ .Values.db.password }}' passwordPolicy: required + - uid: pdp-http-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.pdp.pdpCredsExternalSecret) . }}' + login: '{{ .Values.pdp.pdphttpuserid }}' + password: '{{ .Values.pdp.pdphttppassword }}' + passwordPolicy: required + - uid: pap-http-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.pap.papCredsExternalSecret) . }}' + login: '{{ .Values.pap.pdppappdphttpuserid }}' + password: '{{ .Values.pap.pdppappdphttppassword }}' + passwordPolicy: required + - uid: nexus-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.nexus.nexusCredsExternalSecret) . }}' + login: '{{ .Values.nexus.repositoryUsername }}' + password: '{{ .Values.nexus.repositoryPassword }}' + passwordPolicy: required ################################################################# # Application configuration defaults. ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-pe:1.6.1 +image: onap/policy-pe:1.6.2 pullPolicy: Always # flag to enable debugging - application support required @@ -52,6 +71,15 @@ config: db: user: policy_user password: policy_user +pdp: + pdphttpuserid: testpdp + pdphttppassword: alpha123 +pap: + pdppappdphttpuserid: testpap + pdppappdphttppassword: alpha123 +nexus: + repositoryUsername: admin + repositoryPassword: admin123 # default number of instances replicaCount: 1 diff --git a/kubernetes/policy/charts/drools/values.yaml b/kubernetes/policy/charts/drools/values.yaml index 58ce2d0455..05f7c1b0a8 100644 --- a/kubernetes/policy/charts/drools/values.yaml +++ b/kubernetes/policy/charts/drools/values.yaml @@ -40,7 +40,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-pdpd-cl:1.6.0 +image: onap/policy-pdpd-cl:1.6.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/charts/pap/resources/config/config.json b/kubernetes/policy/charts/pap/resources/config/config.json index 544ecdfc32..5c02ce0f12 100644 --- a/kubernetes/policy/charts/pap/resources/config/config.json +++ b/kubernetes/policy/charts/pap/resources/config/config.json @@ -20,8 +20,8 @@ "restServerParameters":{ "host":"0.0.0.0", "port":6969, - "userName":"healthcheck", - "password":"zb!XztG34", + "userName":"${RESTSERVER_USER}", + "password":"${RESTSERVER_PASSWORD}", "https": true, "aaf": false }, @@ -69,8 +69,8 @@ "clientName": "api", "hostname": "policy-api", "port": 6969, - "userName": "healthcheck", - "password": "zb!XztG34", + "userName": "${API_USER}", + "password": "${API_PASSWORD}", "useHttps": true, "basePath": "policy/api/v1/healthcheck" }, @@ -78,8 +78,8 @@ "clientName": "distribution", "hostname": "policy-distribution", "port": 6969, - "userName": "healthcheck", - "password": "zb!XztG34", + "userName": "${DISTRIBUTION_USER}", + "password": "${DISTRIBUTION_PASSWORD}", "useHttps": true, "basePath": "healthcheck" }] diff --git a/kubernetes/policy/charts/pap/templates/deployment.yaml b/kubernetes/policy/charts/pap/templates/deployment.yaml index 85ca9c1486..39ac8a81ec 100644 --- a/kubernetes/policy/charts/pap/templates/deployment.yaml +++ b/kubernetes/policy/charts/pap/templates/deployment.yaml @@ -42,6 +42,18 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} - name: SQL_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} + - name: RESTSERVER_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }} + - name: RESTSERVER_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }} + - name: API_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-secret" "key" "login") | indent 10 }} + - name: API_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-secret" "key" "password") | indent 10 }} + - name: DISTRIBUTION_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "distribution-secret" "key" "login") | indent 10 }} + - name: DISTRIBUTION_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "distribution-secret" "key" "password") | indent 10 }} volumeMounts: - mountPath: /config-input name: papconfig diff --git a/kubernetes/policy/charts/pap/values.yaml b/kubernetes/policy/charts/pap/values.yaml index 7edb3ab871..ca0c84f3c9 100644 --- a/kubernetes/policy/charts/pap/values.yaml +++ b/kubernetes/policy/charts/pap/values.yaml @@ -34,13 +34,31 @@ secrets: login: '{{ .Values.db.user }}' password: '{{ .Values.db.password }}' passwordPolicy: required + - uid: restserver-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}' + login: '{{ .Values.restServer.user }}' + password: '{{ .Values.restServer.password }}' + passwordPolicy: required + - uid: api-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.healthCheckRestClient.api.credsExternalSecret) . }}' + login: '{{ .Values.healthCheckRestClient.api.user }}' + password: '{{ .Values.healthCheckRestClient.api.password }}' + passwordPolicy: required + - uid: distribution-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.healthCheckRestClient.distribution.credsExternalSecret) . }}' + login: '{{ .Values.healthCheckRestClient.distribution.user }}' + password: '{{ .Values.healthCheckRestClient.distribution.password }}' + passwordPolicy: required ################################################################# # Application configuration defaults. ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-pap:2.2.0 +image: onap/policy-pap:2.2.1 pullPolicy: Always # flag to enable debugging - application support required @@ -51,6 +69,16 @@ debugEnabled: false db: user: policy_user password: policy_user +restServer: + user: healthcheck + password: zb!XztG34 +healthCheckRestClient: + api: + user: healthcheck + password: zb!XztG34 + distribution: + user: healthcheck + password: zb!XztG34 # default number of instances replicaCount: 1 diff --git a/kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf b/kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf index 52480e59ff..bb12880ca7 100644 --- a/kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf +++ b/kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf @@ -39,10 +39,10 @@ REST_PDP_REGISTER_RETRIES=-1 REST_PDP_MAXCONTENT=999999999 # PDP related properties -PDP_HTTP_USER_ID=testpdp -PDP_HTTP_PASSWORD=alpha123 -PDP_PAP_PDP_HTTP_USER_ID=testpap -PDP_PAP_PDP_HTTP_PASSWORD=alpha123 +PDP_HTTP_USER_ID=${PDP_HTTP_USER_ID} +PDP_HTTP_PASSWORD=${PDP_HTTP_PASSWORD} +PDP_PAP_PDP_HTTP_USER_ID=${PDP_PAP_PDP_HTTP_USER_ID} +PDP_PAP_PDP_HTTP_PASSWORD=${PDP_PAP_PDP_HTTP_PASSWORD} node_type=pdp_xacml resource_name=pdp_1 diff --git a/kubernetes/policy/charts/pdp/templates/statefulset.yaml b/kubernetes/policy/charts/pdp/templates/statefulset.yaml index 16d5fb5cec..b70b04b023 100644 --- a/kubernetes/policy/charts/pdp/templates/statefulset.yaml +++ b/kubernetes/policy/charts/pdp/templates/statefulset.yaml @@ -36,6 +36,36 @@ spec: release: {{ include "common.release" . }} spec: initContainers: + - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; chmod 0755 /config/${PFILE}; done" + env: + - name: JDBC_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} + - name: JDBC_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} + - name: PDP_HTTP_USER_ID + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "login") | indent 10 }} + - name: PDP_HTTP_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "password") | indent 10 }} + - name: PDP_PAP_PDP_HTTP_USER_ID + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "login") | indent 10 }} + - name: PDP_PAP_PDP_HTTP_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /config-input/pe + name: pe-input + - mountPath: /config-input/pe-pdp + name: pe-pdp-input + - mountPath: /config/pe + name: pe + - mountPath: /config/pe-pdp + name: pe-pdp + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config - command: - /root/ready.py args: @@ -87,7 +117,7 @@ spec: name: pe subPath: base.conf - mountPath: /tmp/policy-install/config/pdp-tweaks.sh - name: pe-pdp + name: pe-pdp-input subPath: pdp-tweaks.sh - mountPath: /tmp/policy-install/config/pdplp.conf name: pe-pdp @@ -132,7 +162,7 @@ spec: - name: policy-logback configMap: name: {{ include "common.fullname" . }}-log-configmap - - name: pe + - name: pe-input configMap: name: {{ include "common.release" . }}-pe-configmap defaultMode: 0755 @@ -140,9 +170,15 @@ spec: configMap: name: {{ include "common.release" . }}-pe-scripts-configmap defaultMode: 0777 - - name: pe-pdp + - name: pe-pdp-input configMap: name: {{ include "common.fullname" . }}-pe-configmap defaultMode: 0755 + - name: pe + emptyDir: + medium: Memory + - name: pe-pdp + emptyDir: + medium: Memory imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/charts/pdp/values.yaml b/kubernetes/policy/charts/pdp/values.yaml index 7b9c561a61..0b2f92bc80 100644 --- a/kubernetes/policy/charts/pdp/values.yaml +++ b/kubernetes/policy/charts/pdp/values.yaml @@ -33,13 +33,25 @@ secrets: login: '{{ .Values.db.user }}' password: '{{ .Values.db.password }}' passwordPolicy: required + - uid: pdp-http-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.pdp.pdpCredsExternalSecret) . }}' + login: '{{ .Values.pdp.pdphttpuserid }}' + password: '{{ .Values.pdp.pdphttppassword }}' + passwordPolicy: required + - uid: pap-http-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.pap.papCredsExternalSecret) . }}' + login: '{{ .Values.pap.pdppappdphttpuserid }}' + password: '{{ .Values.pap.pdppappdphttppassword }}' + passwordPolicy: required ################################################################# # Application configuration defaults. ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-pe:1.6.1 +image: onap/policy-pe:1.6.2 pullPolicy: Always # flag to enable debugging - application support required @@ -50,6 +62,12 @@ debugEnabled: false db: user: policy_user password: policy_user +pdp: + pdphttpuserid: testpdp + pdphttppassword: alpha123 +pap: + pdppappdphttpuserid: testpap + pdppappdphttppassword: alpha123 config: papPort: 9091 diff --git a/kubernetes/policy/charts/policy-apex-pdp/values.yaml b/kubernetes/policy/charts/policy-apex-pdp/values.yaml index b149c17c48..1fdc215ff7 100644 --- a/kubernetes/policy/charts/policy-apex-pdp/values.yaml +++ b/kubernetes/policy/charts/policy-apex-pdp/values.yaml @@ -29,7 +29,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-apex-pdp:2.3.0 +image: onap/policy-apex-pdp:2.3.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/charts/policy-api/resources/config/config.json b/kubernetes/policy/charts/policy-api/resources/config/config.json index 2e46ccae96..fba7e6ce12 100644 --- a/kubernetes/policy/charts/policy-api/resources/config/config.json +++ b/kubernetes/policy/charts/policy-api/resources/config/config.json @@ -20,8 +20,8 @@ "restServerParameters":{ "host":"0.0.0.0", "port":6969, - "userName":"healthcheck", - "password":"zb!XztG34", + "userName":"${RESTSERVER_USER}", + "password":"${RESTSERVER_PASSWORD}", "https": true, "aaf": false }, diff --git a/kubernetes/policy/charts/policy-api/templates/deployment.yaml b/kubernetes/policy/charts/policy-api/templates/deployment.yaml index 777cc4954d..e1f699eccf 100644 --- a/kubernetes/policy/charts/policy-api/templates/deployment.yaml +++ b/kubernetes/policy/charts/policy-api/templates/deployment.yaml @@ -39,9 +39,13 @@ spec: - "export SQL_PASSWORD_BASE64=`echo -n ${SQL_PASSWORD} | base64`; cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" env: - name: SQL_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 12 }} - name: SQL_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "password") | indent 12 }} + - name: RESTSERVER_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 12 }} + - name: RESTSERVER_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "password") | indent 12 }} volumeMounts: - mountPath: /config-input name: apiconfig diff --git a/kubernetes/policy/charts/policy-api/values.yaml b/kubernetes/policy/charts/policy-api/values.yaml index fd66b69e4e..48eb689778 100644 --- a/kubernetes/policy/charts/policy-api/values.yaml +++ b/kubernetes/policy/charts/policy-api/values.yaml @@ -28,19 +28,25 @@ global: # Secrets metaconfig ################################################################# secrets: - - uid: db-secret + - uid: db-creds type: basicAuth externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}' login: '{{ .Values.db.user }}' password: '{{ .Values.db.password }}' passwordPolicy: required + - uid: restserver-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}' + login: '{{ .Values.restServer.user }}' + password: '{{ .Values.restServer.password }}' + passwordPolicy: required ################################################################# # Application configuration defaults. ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-api:2.2.1 +image: onap/policy-api:2.2.2 pullPolicy: Always # flag to enable debugging - application support required @@ -50,6 +56,9 @@ debugEnabled: false db: user: policy_user password: policy_user +restServer: + user: healthcheck + password: zb!XztG34 # default number of instances replicaCount: 1 diff --git a/kubernetes/policy/charts/policy-common/resources/config/pe/base.conf b/kubernetes/policy/charts/policy-common/resources/config/pe/base.conf index 93b02e76bc..810b090069 100644 --- a/kubernetes/policy/charts/policy-common/resources/config/pe/base.conf +++ b/kubernetes/policy/charts/policy-common/resources/config/pe/base.conf @@ -21,8 +21,9 @@ TRUSTSTORE_PASSWD=Pol1cy_0nap JDBC_DRIVER=org.mariadb.jdbc.Driver JDBC_URL=jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/onap_sdk?connectTimeout=30000&socketTimeout=60000&log=true&sessionVariables=max_statement_time=30 JDBC_LOG_URL=jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/log?connectTimeout=30000&socketTimeout=60000&log=true&sessionVariables=max_statement_time=30 -JDBC_USER={{ .Values.global.mariadb.config.userName }} -JDBC_PASSWORD={{ .Values.global.mariadb.config.userPassword }} + +JDBC_USER=${JDBC_USER} +JDBC_PASSWORD=${JDBC_PASSWORD} site_name=site_1 fp_monitor_interval=30 diff --git a/kubernetes/policy/charts/policy-distribution/values.yaml b/kubernetes/policy/charts/policy-distribution/values.yaml index 2d62d1b571..835bfc4656 100644 --- a/kubernetes/policy/charts/policy-distribution/values.yaml +++ b/kubernetes/policy/charts/policy-distribution/values.yaml @@ -28,7 +28,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-distribution:2.3.0 +image: onap/policy-distribution:2.3.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/config.json b/kubernetes/policy/charts/policy-xacml-pdp/resources/config/config.json index a52cc0f6d4..3b72d8ed90 100644 --- a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/config.json +++ b/kubernetes/policy/charts/policy-xacml-pdp/resources/config/config.json @@ -21,16 +21,16 @@ "restServerParameters": { "host": "0.0.0.0", "port": 6969, - "userName": "healthcheck", - "password": "zb!XztG34", + "userName": "${RESTSERVER_USER}", + "password": "${RESTSERVER_PASSWORD}", "https": true, "aaf": false }, "policyApiParameters": { "host": "policy-api", "port": 6969, - "userName": "healthcheck", - "password": "zb!XztG34", + "userName": "${API_USER}", + "password": "${API_PASSWORD}", "https": true, "aaf": false }, diff --git a/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml b/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml index 5b02c177b5..9ac5d68a89 100644 --- a/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml +++ b/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml @@ -31,6 +31,28 @@ spec: image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness + - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: RESTSERVER_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }} + - name: RESTSERVER_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "password") | indent 10 }} + - name: API_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-creds" "key" "login") | indent 10 }} + - name: API_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-creds" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /config-input + name: pdpxconfig + - mountPath: /config + name: pdpxconfig-processed + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -63,7 +85,9 @@ spec: name: localtime readOnly: true - mountPath: /opt/app/policy/pdpx/etc/mounted - name: pdpxconfig + name: pdpxconfig-processed + emptyDir: + medium: Memory resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -82,5 +106,8 @@ spec: configMap: name: {{ include "common.fullname" . }}-configmap defaultMode: 0755 + - name: pdpxconfig-processed + emptyDir: + medium: Memory imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/charts/policy-xacml-pdp/values.yaml b/kubernetes/policy/charts/policy-xacml-pdp/values.yaml index dc7266e9a1..63f50fd7fa 100644 --- a/kubernetes/policy/charts/policy-xacml-pdp/values.yaml +++ b/kubernetes/policy/charts/policy-xacml-pdp/values.yaml @@ -21,6 +21,7 @@ ################################################################# global: persistence: {} + envsubstImage: dibi/envsubst ################################################################# # Secrets metaconfig @@ -32,13 +33,25 @@ secrets: login: '{{ .Values.db.user }}' password: '{{ .Values.db.password }}' passwordPolicy: required + - uid: restserver-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}' + login: '{{ .Values.restServer.user }}' + password: '{{ .Values.restServer.password }}' + passwordPolicy: required + - uid: api-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.apiServer.credsExternalSecret) . }}' + login: '{{ .Values.apiServer.user }}' + password: '{{ .Values.apiServer.password }}' + passwordPolicy: required ################################################################# # Application configuration defaults. ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-xacml-pdp:2.2.0 +image: onap/policy-xacml-pdp:2.2.1 pullPolicy: Always # flag to enable debugging - application support required @@ -49,6 +62,12 @@ debugEnabled: false db: user: policy_user password: policy_user +restServer: + user: healthcheck + password: zb!XztG34 +apiServer: + user: healthcheck + password: zb!XztG34 # default number of instances replicaCount: 1 diff --git a/kubernetes/policy/templates/deployment.yaml b/kubernetes/policy/templates/deployment.yaml index 8a0db8a699..7f96888ec8 100644 --- a/kubernetes/policy/templates/deployment.yaml +++ b/kubernetes/policy/templates/deployment.yaml @@ -32,6 +32,24 @@ spec: release: {{ include "common.release" . }} spec: initContainers: + - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1 *.conf`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: JDBC_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} + - name: JDBC_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /config-input + name: pe + - mountPath: /config + name: pe-processed + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config - command: - /root/ready.py args: @@ -100,7 +118,7 @@ spec: name: pe-pap subPath: console.conf - mountPath: /tmp/policy-install/config/base.conf - name: pe + name: pe-processed subPath: base.conf - mountPath: /tmp/policy-install/do-start.sh name: pe-scripts @@ -157,5 +175,8 @@ spec: configMap: name: {{ include "common.fullname" . }}-pe-configmap defaultMode: 0755 + - name: pe-processed + emptyDir: + medium: Memory imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/templates/job.yaml b/kubernetes/policy/templates/job.yaml index 81904143fa..f6a1ace3dc 100644 --- a/kubernetes/policy/templates/job.yaml +++ b/kubernetes/policy/templates/job.yaml @@ -57,14 +57,11 @@ spec: - /dbcmd-config/db.sh env: - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }}-secret - key: db-root-password + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-password" "key" "password") | indent 10 }} - name: MYSQL_HOST value: "{{ index .Values "mariadb-galera" "service" "name" }}" - name: MYSQL_USER - value: "{{ index .Values "mariadb-galera" "config" "userName" }}" + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} - name: MYSQL_PORT value: "{{ index .Values "mariadb-galera" "service" "internalPort" }}" restartPolicy: Never diff --git a/kubernetes/policy/templates/secrets.yaml b/kubernetes/policy/templates/secrets.yaml index 6b8bc41033..c1f98ba3cc 100644 --- a/kubernetes/policy/templates/secrets.yaml +++ b/kubernetes/policy/templates/secrets.yaml @@ -13,17 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }}-secret - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: - db-user-password: {{ index .Values "mariadb-galera" "config" "userPassword" | b64enc | quote }} - db-root-password: {{ index .Values "mariadb-galera" "config" "mariadbRootPassword" | b64enc | quote }} +{{ include "common.secretFast" . }} diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml index 1ac00c760a..3a2b1f1f96 100644 --- a/kubernetes/policy/values.yaml +++ b/kubernetes/policy/values.yaml @@ -22,6 +22,7 @@ global: readinessImage: readiness-check:2.0.2 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + envsubstImage: dibi/envsubst ubuntuImage: ubuntu:16.04 pdp: nameOverride: pdp @@ -37,35 +38,62 @@ global: # '&mariadbConfig' means we "store" the values for later use in the file # with '*mariadbConfig' pointer. config: &mariadbConfig - userName: policy_user - userPassword: policy_user - mariadbRootPassword: secret mysqlDatabase: policyadmin service: &mariadbService name: policy-mariadb portName: mysql-policy internalPort: 3306 +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-root-password + name: &dbRootPassSecretName '{{ include "common.release" . }}-policy-db-root-password' + type: password + externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "mariadbRootPasswordExternalSecret")) .) (hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "config" "mariadbRootPasswordExternalSecret"))}}' + password: '{{ (index .Values "mariadb-galera" "config" "mariadbRootPassword") }}' + policy: generate + - uid: db-secret + name: &dbSecretName '{{ include "common.release" . }}-policy-db-secret' + type: basicAuth + externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "policy-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}' + login: '{{ index .Values "mariadb-galera" "config" "userName" }}' + password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}' + passwordPolicy: generate + ################################################################# # Application configuration defaults. ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-pe:1.6.1 +image: onap/policy-pe:1.6.2 mariadb_image: library/mariadb:10 pullPolicy: Always subChartsOnly: enabled: true +db: &dbSecretsHook + credsExternalSecret: *dbSecretName + pap: nameOverride: pap + db: *dbSecretsHook pdp: nameOverride: pdp + db: *dbSecretsHook drools: nameOverride: drools -brmwgw: + db: *dbSecretsHook +brmsgw: nameOverride: brmsgw + db: *dbSecretsHook +policy-api: + db: *dbSecretsHook +policy-xacml-pdp: + db: *dbSecretsHook + nexus: nameOverride: nexus @@ -112,7 +140,11 @@ ingress: mariadb-galera: # mariadb-galera.config and global.mariadb.config must be equals - config: *mariadbConfig + config: + <<: *mariadbConfig + userName: policy_user + mariadbRootPasswordExternalSecret: *dbRootPassSecretName + userCredentialsExternalSecret: *dbSecretName nameOverride: policy-mariadb # mariadb-galera.service and global.mariadb.service must be equals service: *mariadbService diff --git a/kubernetes/portal/charts/portal-app/values.yaml b/kubernetes/portal/charts/portal-app/values.yaml index 433352cf2e..24388277f4 100644 --- a/kubernetes/portal/charts/portal-app/values.yaml +++ b/kubernetes/portal/charts/portal-app/values.yaml @@ -24,6 +24,7 @@ global: loggingImage: beats/filebeat:5.5.0 #AAF service aafEnabled: true + aafAgentImage: onap/aaf/aaf_agent:2.1.20 ################################################################# # Application configuration defaults. @@ -31,7 +32,7 @@ global: # application image repository: nexus3.onap.org:10001 -image: onap/portal-app:2.6.0 +image: onap/portal-app:3.2.0 pullPolicy: Always #AAF local config diff --git a/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql b/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql index a5c94bc5e1..13b319c76a 100644 --- a/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql +++ b/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql @@ -23,7 +23,7 @@ while the OOM K8s version has these service split up. */ -- app_url is the FE, app_rest_endpoint is the BE --portal-sdk => TODO: doesn't open a node port yet -update fn_app set app_url = 'http://{{.Values.config.portalSdkHostName}}:{{.Values.config.portalSdkPort}}/ONAPPORTALSDK/welcome.htm', app_rest_endpoint = 'http://portal-sdk:8080/ONAPPORTALSDK/api/v3' where app_name = 'xDemo App'; +update fn_app set app_url = 'https://{{.Values.config.portalSdkHostName}}:{{.Values.config.portalSdkPort}}/ONAPPORTALSDK/welcome.htm', app_rest_endpoint = 'https://portal-sdk:8080/ONAPPORTALSDK/api/v3' where app_name = 'xDemo App'; --dmaap-bc => the dmaap-bc doesn't open a node port.. update fn_app set app_url = 'http://{{.Values.config.dmaapBcHostName}}:{{.Values.config.dmaapBcPort}}/ECOMPDBCAPP/dbc#/dmaap', app_rest_endpoint = 'http://dmaap-bc:8989/ECOMPDBCAPP/api/v2' where app_name = 'DMaaP Bus Ctrl'; --sdc-be => 8443:30204 @@ -36,9 +36,9 @@ update fn_app set app_url = 'https://{{.Values.config.vidHostName}}:{{.Values.co --sparky => TODO: sparky doesn't open a node port yet update fn_app set app_url = 'https://{{.Values.config.aaiSparkyHostName}}:{{.Values.config.aaiSparkyPort}}/services/aai/webapp/index.html#/viewInspect', app_rest_endpoint = 'https://aai-sparky-be.{{.Release.Namespace}}:8000/api/v2' where app_name = 'A&AI UI'; --cli => 8080:30260 -update fn_app set app_url = 'http://{{.Values.config.cliHostName}}:{{.Values.config.cliPort}}/', app_type = 1 where app_name = 'CLI'; +update fn_app set app_url = 'https://{{.Values.config.cliHostName}}:{{.Values.config.cliPort}}/', app_type = 1 where app_name = 'CLI'; --msb-iag => 80:30280 -update fn_app set app_url = 'http://{{.Values.config.msbHostName}}:{{.Values.config.msbPort}}/iui/microservices/default.html' where app_name = 'MSB'; +update fn_app set app_url = 'https://{{.Values.config.msbHostName}}:{{.Values.config.msbPort}}/iui/microservices/default.html' where app_name = 'MSB'; /* @@ -58,7 +58,7 @@ Add Contact information for SO Monitoring INSERT IGNORE INTO `fn_app_contact_us` (app_id, contact_name, contact_email, url, active_yn, description) VALUES ( 10,"SO Team","so@lists.onap.org","https://wiki.onap.org/display/DW/Approved+Projects",NULL, "Service Orchestration (SO)."); /* -Additionally, some more update statments; these should be refactored to another SQL file in future releases +Additionally, some more update statments; these should be refactored to another SQL file in future releases */ -- portal @@ -84,12 +84,9 @@ UPDATE fn_role SET role_name= REPLACE(role_name, ' ', '_') WHERE active_yn= 'Y'; /* Onboard LF Acumos App */ -INSERT IGNORE INTO `fn_app` (`app_id`, `app_name`, `app_image_url`, `app_description`, `app_notes`, `app_url`, `app_alternate_url`, `app_rest_endpoint`, `ml_app_name`, `ml_app_admin_id`, `mots_id`, `app_password`, `open`, `enabled`, `thumbnail`, `app_username`, `ueb_key`, `ueb_secret`, `ueb_topic_name`, `app_type`,`auth_central`,`auth_namespace`) VALUES +INSERT IGNORE INTO `fn_app` (`app_id`, `app_name`, `app_image_url`, `app_description`, `app_notes`, `app_url`, `app_alternate_url`, `app_rest_endpoint`, `ml_app_name`, `ml_app_admin_id`, `mots_id`, `app_password`, `open`, `enabled`, `thumbnail`, `app_username`, `ueb_key`, `ueb_secret`, `ueb_topic_name`, `app_type`,`auth_central`,`auth_namespace`) VALUES (11, 'LF Acumos Marketplace', 'images/cache/portal_907838932_26954.png', NULL, NULL, 'https://marketplace.acumos.org/#/home', NULL, NULL, '', '', NULL, '', 'Y', 'Y', NULL, '', '', '', '', 2,'N',NULL); -- add Acumos thumbnail UPDATE`fn_app`SET`thumbnail`=0x89504E470D0A1A0A0000000D494844520000010D0000004408060000009B326018000000017352474200AECE1CE90000000467414D410000B18F0BFC6105000000097048597300000EC400000EC401952B0E1B000051D749444154785EED7D07605555D6F54AEFBDF742120221F41E7A930E0A2A36D451B18E7DFC6C63EF3ACE388EBD6043054511A448EFBD844012D27BEFBD27FF5EFBBD28202558E67766B2E0E625EFB673CB5E67ED7DF639C7A443803F289A9BDB50515E8F152BE2B07A6D124C4C4DE0E06085871F9A0467672B242695A0ADDD048BBF3884E69676B8B8D962D8207F0C1FE887A8084F24A69600268087AB9D2CB63031913FBAD18D6EFC2AFC7F278DC2FC2AC41F2F4479692D2CADCD919F5B0D5F7F27F48EF6C5FAB509D8B93B0BA56575B077B4468B10C3002185E8DEDE58BE2A1E0E7696080E71C5965DE9B07790F56D406D630B5AE592AEBA241A3985B5D8B43713013E8E1814ED8388101739A329C2839CD13FD2D350806E74A31B1784FF6FA471707726962CDE8F92E21A2585BBFE321EC34787E2F18757A3674F2F9C482E415646194C2DCC6061618EC6D636F8783BE1A69B87E3B3250771F0483EEEBF672C3E5A72081DA6663033073ACC4CE507D0C2A5AD1D174F8BC489CC0A1C8C2B8095ADA5F085095ADADB10E2EB84293121F074B3C194E1C1C61275A31BDDE80AFEADA4D12A522023A504AFBFB811B107F2E02C465B5BDB8C19F3FBE1BE4726EB36CDB2CDE5733ED46D69E8266626686BEB40B390C05F1F9D821DBB32F0FDDA440C1D120467576BECDA93250AC502EDE27A989ACBB67239266666FA49A2B9624E1F1C4E2844625AB91CCF02AD72ACB0205704F9D8E3D3D589880872C193B78E44DF080F3D7F37BAD18D7343AAE6DF1759A92538B8331DFF7A76039EB9F73B3C74F357488E2F4280B8080162BC93A6F746700F77E3D6404E6639AAAB1B6069694E6140E180CAAA465CBB70308A44956CDB960A7B714B7CBCEC91935D095321156E632A3FDB4918F20779D054AECC4294C7722198FE3D3D1112E084E6A656D9B203365666B2AD097C3DEC515AD18067DFDF8BC389C5D87630475C20F171BAD18D6E9C15664F088CBFFF66686D6EC3C615C7F1CE4B9B4425B4E3BD57B6E2C89E0CE48991F78CF6C6806181E83F34182EEE7628CCADC4FEDD194200E5B016C5B0757332FAF4F545427C21CCC5E8EBEA5B3054B69F32B5279E7AEA079889AB626F6F891E611E481443178610C63085528709DD13611A3287280F33F9BEADBD0369D9559838320825E50DA8AC6D52F78401D29CC26A580939719BB6D60EFCE3B343D8775C084D088984D28D6E74E3E7F85D94464D5503CA4BAA111EE585CDDFC5C3D1C91A73AE1E827B9F9A0EDF405714E455E3DB2507B0EEDB38A48B12A14BB272D951EC1215B172591CEA6B9A71DB9DA34519B4C04388E5A2A99178F491756AE02489800017716B1A505BD748DB97A55D7F76B4B70B6F1874877E25DB9A8B5C696C6EC5EAADE9983C32183616E2CAC8AACADA46833221C7D0B591ED6C6DCC91955F855B9EDA886D877265AB6E74A31BA7E3778D6964A79562C95BBBE0EBE78CF8B83C242714C1CCDC1466A220CCADCDD121864AA36D1745D0DED20107676BF419E087E5CB6231624C18EEB8670C7C7D9CF0FE7B7BF1CD3747E1EC6A8792D25ADC7DCF587CF6C5117525CCCDCD657F03515068B4CBF13AC465818919AF4E8F4D57A54A148BAD9D05AE9E1D8DE89EEE2815D5F1F83BBB61696E8656F15AE64EEC818D7BB3515A590F37671B0CE8E981876E18063B1B0BC3C574A31BDD50FCA64AA3AEA6D1F89B01813DDC917EA2108BFFB90D19C9C5B013B7C2D6C61216E286988A410B65A82230E96817B7C314B9D915080C71839D9D158E1ECA868DAD052CACCC30615218EAEB5A9095550E7F21A0CCCC72545634A83A686B6B13C26947B3587E93B8450DCDED528E6654563608C1D4A1A0A81AC5A58D701542F2F3B4C7F4B1A1880EF7C0787179E68C0FD37D064779E2C68BFBE09EAB07E0A2114118D4CB03E5D54D4817D7A91BDDE8C6A9F8554AA3BDAD1DA50535D8BF351947F765236A4000D62F3F8A1B1F9D2CC6EF8A7D5B528420CC912A0AE3D8A11C5494D5A343C8C2C2C2523EDBD101337527DACD4415886BD1D8D486E8817EDAA272FC7821264C8D40AFDEBED8B02E11B32FE98BB008778486BAE39147D6E0E0915CB8B8DA6A1CC4D28A8B1C43140609C743C8C1DBD3019E1E767075B245634B2BF28A6B909255851BE747CB3A43BCE2D977F748194CB070566F04FA38EA77052535C8C8AB4589B85835428225423E61FECE18290AC84DDCAC6E74E37F1DBF9834F2324A11BB3303C7850C18836453C7F6EFE331686C0F210A4B34D43521490C7FD2DC3E6896DA9F6E4987FC4B4F2A467A6AA9A80E2B3172C377A6421A8C2FB4B677C02FD0052E1EF6D8B92D0DD3E74623E158018E1D2FC082AB07E3EE7BC7EAB95B455D3CF6F8063838580A5998CB37A259E4FC248DBAFA6694890A2912822A1157A356DC121373463D4C34DFE396AB07C2C949CE2D0AE799F7F68942E9C0B0BEDE78EECE51F866630A36EDCF4190B783B6CA3434B6C2CFCB1EF72F1CACE7ED4637BAF10B5B4FF2C43D483A9287A37BB3509A5F8D82AC0AA4C717C1D1CD0EA3A6F4C2F6B509E839C01F1525B5C84B2F478F282FA42516A140DC8F7E4383316058104E08193436B4AA719A98507188D10B5A5BDBE01BE08ADCCC32F41F1C80C2C26A3489F13258397D666FDD265548870961B1B105881342C9C8AC405A7A2952A55C39B955281375C0E42E4BB6B4385AC1C6CA12E6421C57CE89C2CE43F958B53515FE5E0EC82DAA858D28A176718F2AC5A5F97455BC0665738A6A905520D75552872BA74522C4CF49CF7B5814934F77AB4A37FEC771C1A4919F5186D59F1DC4CAC507909F5E863A632B04839AA3A7F5C291BD99A8AD6A847FB02B6A6B9A502D069C23063D767A14F2B24BB16753AAB8297598B770089CDCAC5155DE246E40931CD9A038D844EBE5EB888A8A460487B9232DA5144D0D2D98785124BEFD260E8D8D2D78E7ED3DEABE4C9A180E5F712B68E8241636B1527958989B69BC8344441DD5D8D48A9821816810923A9258289E503B22A47CCDADEDC828A8C2A59323B0799F2826E12D531353398E09A2C40D9A363A04EF7E7D0CF58D4DC82DAE45627A051EFEE72E38DA5B2032C4CD7043FECD484F4F47515109CA2BCA51525A8ABABA7A383B1B48AD1BDD381D35627F6952515695D6A1BCA0064599557016F5CCC688AE808E48E29E6C146654222FA904D6F69617E69E241ECEC1130B3F1735D00E7B91F8CC99606442BC0538B9DAA0F7D020ECDD9484E6A6360C1917266AA11C456294B4DC167103E6888B117F24178971F9AA307A0D0C44786F4F0D5A1E3D948B8AF23A315C33F41DE48FCAAA06F48EF6C1DAD509983AB30FF2F32AB17D7B3A1A8520DE7C6B3EEEB9F73B58D95868BE464888AB2809536489CA484A2B81B98519CC2CCDE59CEDA86F6E4564B827860DF4C7D2D5F13057774688A4A51DF75E3F148FBDB113B72D18802FD69D1032E980BBB30D068B32AAAD6FC57E51316CAE8D94E3975736C2CED60243FAF860E59654FCF5E6E188E9EFA7C7FA77A1AABA1AB7DF719794A54AAED70C2D52B6007F3FBCFBF6BF8C5B74A31BA762C9939BF1F1131BE1225E80982A8ACA2BB1F8E87D081197BC2B6066F69F7ABC8AAAE27A5434D5E2910F1674BDF5A4A2B806FFBCFF3B357647210833062F850C5833D78981470F0B46767231DA9A8546C4F8E84EB0C6679E9585F61F31C3FA15C7101EE58D9E7D7D5401A4C4E763CDD77128CAADC678511293448D58DB98225D8E13262A836C16DDD7175555F538723817F6F656183E2C5093BF7AF7F28295A5190A0A2AB1735726E2C4DD610BC96C513BE13DDC515FD3027F512C7D7A0A610CF0C39ACD295A16930EBA432668686A41AAB84B93C4553A72A244FE6EC55021A9182197A32965D829E446E5C126597B21272F775BA464552253C86BEAA810DCF7CA367CBE26D17073FE4D484FCF40756DAD90A2B9DE7F0B21C6CAEA2AE4648B4AEA4637CE80836B93606B632DCA9BFDB3E49D811992F6753D07898A9DEADD5AD4B5B5ECCD0AB9CBA4B14C6AE48AA23A58DB592963197E98A059DC054F7F6771356C912A866B2E86CC55861805C39C063010DA2A35E3C6157188EAEF8F3031FA56A9ED2D8484524F1461D5D223C813A39C3AA72FAEB969246EBD672C6EBC7524C27B7A61DBA614588B8190A7AEB86AB09245CCA8505538E6723318AFA8AA6EC4814379DA2BD65A2EF2963F0DC67BAFCEC11BCFCF10C337415E41B5121E6326CCEFA04B532F6ECF8BF78DC590686F5C3A25920D381AEF2816F7C9C64A6E2F133CE41A790D24391B6B33511F4568927D678DED81E73ED8872FD69CD0EBFB7720AFA040DD370B7323695858A05648242D33D3B84537BA712AF2922A602D0A99F6672A2E899D8D0DF67C7B21EFAC89DA0DED598EA079555D228DF48442EC58190F4B1BB28C9108E4477B7B1B3AE40833AF1A88AFDED90D3B472B35311EB8435E6EF57CD4E2E4D4F2BB419D9862F597471035C01F3DA37C34186A618C43241ECFC3CA2F631112E6AAB5285B3B7CFD1C515FDB2C46DE8AFEB24F546F2F9E1DE3C6F5808BB315DAC405A172A08B66656586868666ACDB90AC01CE4E8C1911848B64FB61E24E0CECE38D3E111E1810E98587160DD7F5D7CEEA8D84F412EC1275C1E0A9A5B02955462778CD3C07FFD94859576E4D839790E4D491C178FE83FD2828A9356EF9FB8171A3B4D474BDA72C0BC1CF367906054226DDE8C6E9488BCD47637DB3D8DD4F66CEE127B2C49E7F0DBA441A6B3E3E8086DA4635640365C84B2BFF5B5B3A10D9CF1FC70FE648ED4F16922FD53581760E63A733F15594343AC42DE0BE06C633C1C695C7111CEE8E883EBE68A8695426B31515D3D6DA8A7D3B33F4BC3C46B528883113C25059D1881917472361733ABE7C6E2B02029C1112EA8626512F3421AA045E0CF7099675B572B30A8A6BD1246EC8079FC7E2D0D13CA46694A1B8B4566E648B2A0DF639518821E617D769CCC2688FA7C2F825B7A65C73B4B5C4C7AB12B4235C94B851EF7F7B4CD7FF9E686C6840764E8E14C55066067309733373A4A6A58B826267BC5F86D2B2721C8F4F405CDC71A4A4A619BF3D376A6AEB909B9B2F845588A2A2626D81EA0A2A2A2A919F5F8002594A4B4B8DDF1A617C1C67425171313233B3905F58A0EE6F5751585884CCAC6C3DE7AF459DA8BAE494541C8D3BA69F3535BFAEB2A895FD4F2425EBBD4FCFC8D0BCA7DF12E9B185686E6E517BEB7C5F482035E50D28C9ADD2BF7F09BA14089DEEFD28BC825C55DEB00F28E3027CC2ACFD46CDE885C3DB33505FDF045331AE0E133331E416F4ECE7AB599EF187F345013065DCF0A2B38584BBD34D6017F68BE6F5D5CE6C69C92586B13398013AAD0F32334A515C5CA3B189B03E5E181113825917F7C513B33E959B51808F33EE475C6201EEB97B259C5D6DF5980CC07AFB3A62D28470AC589D48FEC29851C158B12E093636426062F0ADCC3597B25709A98C1E1288BBAE1BA22FE15FFEBE0D85A5F5E2FF9D9A36CE817FFAF52439B5235148874A8460F9A9662E9D128135DB33B1E485E9FAFDEF85FCC2423CF0E0C342A2B55A067D09E47EF3A5F0F1F6C2DF5F7E11F60E17D61CBC69F3567CBBE23B949697CBF3AB5715C3B47C6727470C1F3E14575F7105ECECEC8C5B9F8AE5DFACC0DBEF7F0027074778C9F99F7FFA49383A3A18D79E1D7FFBFB6BD8BE63973C810EF4EAD51B2F3EFBA4710DB0E09AEBE4FEDBA0AAAA0A77DE7E0B468F1A854F967C8E6DDB7748F91A9418593E2B2B4B840405E3F65B6F86A7E7CF8734A8936B79F783C5883B7A4C5CD07AC37EF2AED9D8DA62C4D0A1B8FCF2F9728D5D6F714A494DC5871F7E82ACDC6C51B28D72CF9BA542B494725821223C0CB7DF7233BCBCBA3EA8D3B1F8447CF8F147282E2CD6B2F259D2D5B4B1B6469F3E5172BC9BE020F7F5D7E2ADBB5663CD5BFBE1E06A2395B229DAE59DA50D971556E3E9D50B31647A4FE39667477B5B076E897A0DD5ECEC595287073E9D7F6EA5D12086F5C683AB60EF6CA3014FC801CC483152DBD5D736A1F7E0409497D6A1A2A446D7EB2A13210659DF202E859DAD35CF4A7A817C6DD88635921C877EB954F5F8F6A3FD881A148879D70CC6F5778CC6B44BFA234708E3C4B17CD456376B3F921D9B92111AE18E385119C7B6666A6C65F9ABBBD02FDA0F11F27D436D0B5AEA5BD1A7B73762860663F98A63A8AD6B4249592DECACE56188E2618F59AA040B59AC84CCE86A4489D2197BF5122CF93E01D7CE8ED2DEAD4CE8D20B3905244983DAE8045B2FAAEB5AB0646D12E64D0A47A5361BFF7E28CC93DAB9A0486B0A7B0707C4C4C4FC68E4256565C8931AB8ABC8CECDC51D77DD8FBF3CF81032B2B2D0D8D8A8C7B1104320A83C967CB10CD366CEC5DE7DFBF4BBD3D1D6D62A06D480C6A646DDBFD3653A1F9A5B9AE51E1BF669967D4F46BEB859C5A228D84AF4C3C64D983BEF727CF0E1C7A248CA757B1A575353132A2BABB067FF7E4C9F7B095E7BFD0D253C82EB972DFF0613264FC3AA55DFCB7594EAF6BA9F187A9990E3E7CB9661C6EC8BF1DDCAD57AFFCE052A89E75F7A190BAFBF09878FC66AF336AFD35A8C9B9FBCFE3DFBF663EEA597E39DF73F947B72EE6115CA45653DFEE4B3B8F6FA3F21E944326AEAEAF438DA7F4ACA585D5383F51B3763F28C3958FAF572E35EBF0C3C5EC2CE6CD8DA5BA2BAAC01F31F18A53DB9F96ED3ED4FDCFDCB83E767250DD6BE2FDFFE35B689013AB8D8A9AA2028723AE4E4D622D1C3A27D70786BAA30B8A53E00C37BC3D609533437081B4B4DCCDD648D128D6E4349201BF2A218CD6564F6E0F6345C77C718CC5D301033E645235E5C89BABA66D4892196145523BABF1FA2A27CF1BDB02607E4616067C757F168916D66CC8C4265553D2688E17A78D861D5DA04348BE133586A21ECCA1A8DA9EB94CFDA7222A4C1E65F17276B0D74BA3AD9606F5C81E68AF41577C35D58992ECF8FC4219FBC2EC3B59D0AC63758CE6FB6A42221B5144542A0BF1732A59663262CEF2163436347C7E82789902F7757E5774949291EFEEB13E2D2A4A0478F1EF2C25AA8D151FE17899AA9A8A8D04BF7F4F080938B339E7AF605AC5DFB8361E79340C94BD7882F3C09B9ABE0B6BA8F2CA7E70A58496DCB1A9C2A80AE9289AC670DCE6746A2A91405C2C06F9BBC3BF6A280820202F0FDDA75F8EB134FE9FEFF7AE36DBCFFFE62F8F9F9C2D5D555BFA3A1733FD6E87C193DDCDDE12ECBEB6FBD850F167FACDB9C0D4F3EFBBCAA315F5F1FD8DBDB0B41CAFB5852823CA36BC5BF1D85C0BDBDBCF09518F94B7FFB8771CF9F83E57FE6F917B06BCF6EBDEF241E920CCB5626A4CF67C867EB2AF7DCC7CB1B1F8852FAE8E34F8D7B5F38CAF36B64A916F56E8EA6D666F41E1988B0413E1AE360AA42AA7800BF14674DEE7A6CC12738BE37138ECEB654F5F222D1E06485B046A348E27173FB885B928646A9E5D90C43FFA3C354B7926DE4B593173A24D203A9C70B35B6C17C0E53715D94DDE580A6F2A9BD5CE54F4BB988590B06E879EDEDAD11D4C31DC347F5C0D09860F4EAE38BEB6F1B898AAC2ABC7AC7D770F370D2F3652617C23BD415D32FEF2F72DD547CC20AEC3B98A301513359CF7270F42E929BB5FC5D5ED5242445E33741ADB852F32E8AC4BA9DE92AD7AA453579BAD9A1ACAA01BD42DD902B6E115B584C29E984A4BC3D6C95344BCAEB7FF6A233685A2EFB6517D6A0A2BA51D3CE1DD8C2F41BE3BD0F3E16D96EE84047497CF5950BB062E52A91CAAD526337C1C5D909C3447A9F0F575F7B83D468D56A04AC29298BC78C1E2D527F11E6CE9E8D5E3D7B222B3B5B6B452B3160BA905BB76F47FF7E7DD5383A91909888FD070EC34A5E7E1AF094C993D46D381F76EFD9A33106C2C3C35DF7EB045D114AFECEDA97464E92701302183A7408264F1C0FFFA000A914C4784BCB94F429E9A950D6AD5F8FB8E3C7F5BA181C6E1077C64B5C9751A34662C2D831F0F1F4929ABD560D94C4642DE7D9272AC1598C3452AEF974BC4A376AD72EB9AFCEF22EB4A84B327CC810DC74D30D5878CD9518346080BA3D1999D9FA4ED8885B159F9080D696560C1CD0DF78949FF0F853CFE2C8915838CBF1E8BEB7C812E8EF8FF9975C82C99326C0C7C70BE5E5157ADFA90458C69DBB760B89B8213232C27894AEE3C09A64ECFE3651EE9189DC232B2C78740C9A4419EFFB3E09B68E56EA098CB9AC0F6CD89DE31C904780EFDFDC87A686568D05C65CD2FBCC4A63E5077B706C4F269CC490280CC8017439A8325A9ADBE017ECA646999F5AA63108AD8D4D459AB5B33A66CD2E062B37CFD2D2C2A8500CF91C1DF2309581A4A6903DE49FB8398DCDB0B631C7210EC493558E171F5E8D6D1B92B07CC9413CF9C04A1CDE9F096F4F47ACF8FB6E5881B2507615B8B838E0D34737CB31A05DEF776C4F959ACA4C5F24BD5259CC854CB2B32B85D9DD34206A2A17C3264B27B9515413F57213581C5B7161761CCA41CF6057EC3E928FE9A3427558C056B600C975B3A4C6D39E11DCFF84943D59CE157BA2CCF8ED6F8BD8B8A35A3B35CB0B1C121CA4DF458485C97535C2567CF5838762F5BB73E1F32FBE446945191CC4B0688CBD7AF5C45BFF7A0D0FDC77B71A419FA8DE98356B063E7AFF5D5C77F55572EC668D05D0C0FEFEFABF37818CB5708B18EAEC9933F0F187EFE1A1BFDC87CB2F9D8F3B6FB9056FFFEB9F78F2AF8FC8B336536366DC8535353F196B6240F1E6458BB058AEE39E3BFF8CCB64BFBBEFFE3316BFF70E16CA7551E5B2F2721445B3F893CF548D9C8CC38763B165C74E5511748B78DCA79F7C0C4F3CF608468F1C81F0D0508C17227AF2B147657958899704C2ED7FD8B0116969E9C62319B07BEF3EECD8B1038E8E8E5A5E1AF1C30FDE8FB7DFF827165C360F53A74CC6AD52DE8F3E7817375EBF50EF3B89D343D4DE3FFEF5CBEE7B6A6C3E5A44713339CB23C409F62EB6088CF65295C177B9AEBC1129877E99DAF8196964261661E5FB7BE12CB52B0FAE8BFC508540F690DFC3C52D39BE3F1B162C00BF5362309000C17DF467A7C1A9111BBEE3EFBC2134C60631DAB09E5E183ABA075E796C2D567C7608DB37266947B7F0080F5C76CD50F1170DAC3DED96A1B2B761842DC2D2DA0C1585B558FBEE014D275F70C540D48BABC0726A49F8299BB68A9131C78365D77F42062E4EB6A8956D35182BFC45366EA86F456E41B52671ED921B3E634CA8BA68243D5E3F8F792E38D858E2B0DCBBDDE25A192FF637035D8616216183F2694770908134FAF58BD60021C939F53CAD1ED5D5D5D82852DB450C852F2E7B1A3FFDC4E3521B9F3980B7E0F24B317BC674A9F92AB416E5F11910FC77A15E8C75EA9429B8E3B65BF4BA4FC730511E7F11B2A30A2009D070F91E9697970B09DE8B8B67CF306E792AAEBAE2725CB56081920CF761D075CBB6EDC6B506ACDFB4194D727E3E75BA7F2C0349F54C60396EF8D3427DB7E82E928C491227E34371833A039B54770FFDDF5F306AE448FDFB74CC9F7709AEBEEA0A7D5EBC6E12E3CA95DF1BD7761D25A2CCD95193EEBC5F989BAA73EF1017B87839C87B2DA421AA9895FE2FC1CF9EC6966F8EA2B2B816E63434351543FC81710AB624048A31338DBC30B35C5B4714F45BC44E9434E4C119BE6BD702F36FD11946E313C333AE673F10BF00174D375FF7F551B4092BDAD859C0D6CE5A7BC86E589388267123464F88C0076FED127FCC1753FE3408B5150DBA3FCF66EF6C8DE57FDB857629CF94291122A17D3536A18511B074626BAA2AACD9314DCAC37F9C07A5B8ACE1470223B998C90D8E4D2A45FF087764E456A348D6C70CF4937D0DC1ADCECB3A1B781C2A8E8DFBB2B16C7D8AF1DBDF06FB0F1E9617DC102C6300B957642FFD3EB26784948BD7C001884C909A7E76E2484E4ED5788685100C9B3D6FBDF90695F6E7C22D37DF68787EB2588A81B1D5E3DF01D6DA2E4E8E5824AEC0B9307CD8505C24C4525D5D23F700A815831C346800468B4B722E5C76E9251ADBE0794888DB4E228D969666ECD9BB57BF671075A8B82431230CF93C67C3B42917A17764A46E4F1C893DAACF8AA8A8AC404E7E9E1CCF5ACB396EDC580C1057EF5CB85208DBD3C35355A5B5EC177BEC9851B1770D65F9D5C84928D1CA84EF65483F43CAB8930801375F074365292E555EF26F401AC53995D8BD3A01760E56CA467C59D4E4E95AC817EDE287450D0F46DCAE74B918CA1C59ABEE0037960388FCEFBCB48E16832B63705FD8A2C24D643B395693280CBF00678C98148E355F1E5212222B32BB9379086672A1ACE5A7CCEA836C21A74FDED98D155FC7E2EA47C7C3C9D356FD4682637514A557206177365C84087A84BAA15F5F1F7978CCDD907F72523605B734B7C3D5C95A1E244B67026747A9618469D9BB5624882CE2CA48F92AAA1B50585287617D3DB1F560166CAD2C101DE681EA9A6634C98D56123C07D8FFC55AAE978AE3B704E3077413784F2CAD2DD5FF2502038244C2BA6A6D6B67678B6DDBCF6ED46C31696D6F55A5E2E4ECA43182AE60CCA81891EF75EA021D3B9E60FCF6F705DD8551725EBEF4E743CC88611A07E1B36D1675306FEE6CE39A7363FEFCB9DA4A43E24C3C9164FC562A98C616E4E6E4684C81EFFFC8E1C38C6BCE8DBE7DFB295170BFC2C242D4D51B82E2F1F189F23E1B62798C7D4C1A3F5EBF3F1FA65E344594739D3E77E69A5455767D402806414BB2AB74747E33331304F531BC2F768ED608161785E66A25B6937A300F7555A7B6607505A79046E2A16CD456366820B1D33C9406C48829FDFB8F0D436E7209AAA5B6A7B8A0612AC882FC9555B63C3CB23E13A7DAA586B79207CF422A64A7C6BA4678FA3961A4B8141BBE3D267FB3ED9DC3FD71F42ED9460ED1D0206E4BA427060E0BC28A2F63E5C19A61C907FBE01AEC8411737AA159540A37ACAF6AC2A069E1881CE10F6F0F7B79099A7464AF1E216E22C1DB34D8CA547533291753CB99A52AF7105E6EF6C6B472C335D018D98E6D29E5D87D341F23FBFA098199E2EB8DC9880872C64DF3FB625A4C885E42A9DC9FCA9A46540AE9742E0C80F2B35C1E4095289DEADA66DDF6B7006B85DCDC3C7D199BA416EC21FE742748141E6E547E2D2AB5D3334EF5A54F4683B1F5802D0FCE22959953D315D8D9DBA3B2AA5ADDA092B262E3B7BF2F5AE47AFC7C7C8C7F9D1B0E0EF64268361A0321B1D9D9762D57C5D7DB5B2B1FD6C4AD6DAD3FAA847A1A3B5F0C45071C1CBB962FC15C1955D282063916DD498284AB55AFDC7B4B2B4B25ECAE80DB65E7E46AAB566E5EBEC656BA8A8C6345FADEF09C76A2C67D420D2D490CFA07F47297EFDBD55D29CCA84055E9A9F19CAEE014D2387120076D2DA22CA486A6FD134A00626C6CC2ECD93F0087B7A569932779829B74928AFE4572503211C2905A9929DE6C52D56C41594D77C3D5C31113664561FD37C7502B8646C6E30BCC6DD984C7E1726A2A1BB170D1485494D661FBA6243839D92991FC202ECBC2C727C88368D45A9F893637BD320DFB572763EDBBFB70D32DC3F1AD10D184096172BA0E1D538342889DD148029CBA31C0D711F945D55A460E2DCA1B687CD61ADBE0A03D8744294C1D1D8A8AAA0684FA3962402F4FCC1A1B8AC76E1E81CBA7F4C49FE646E3964BFBE3D605FD71BB2C775C3E00B75D219FF2FB7D0B0763D2B04075E57E0B544A0D939797A7A4C09A67D8905307040A09095183A1FF5B595125EE598D71CD69A00AD440B53C1F7DEAC68B3E0F2E131FFBEF2FBF80179E7B1AF7DF738FF1DBDF0F343C4A71ED72D005E8BB6ABC14EE4BF2EF0AD8818BEF00F7E1313A732CA8167E245429C78F15E379C0B3D21E0883ED18FEB21322D3E3C8319988D7D0D0B566F9A183066AC21E03B0F7DF7B175C5C9C8D6BCE8F9443B91AFBA38DDA89C20E8AFA296EE51DEAA2F796EF404B633B724E9418D7741DA7DCE18C8442F179E526C9C90C2F9618BFBC68EC68367EDE006CFEFAB0484133BDA97A33C528F9A9FE96BC94FCCAB4DD38C0AFB0378D941314313FA2A9A1195E3ECE9830A70F562E39887AA9ADA942E404421386F8079B4E1BEADA30626C0F0C15A37DFD858D1ADF3097F7C7CAD214CB3EDE0F73776B4CBB7E08F28A4B31E78E91F00A71C66B37ADC0A78F6D85B3BD15AEBD76089E7F710B6EBF6504EC6C2CF502B3322BE1EFEF84DADA464C1EDD039B77640A9919A2C86C5161F9DAE5A5E1C3B61355B3FB709E267A3197C3C5591EBA11EEAED6281195B5431ECA27E2C6BDF6E921FC4B94D0BBDFC4E1BDAFE2F0CED771787F791C5EFA683F46DFB014B9856731E00B405A7ABA1099210988FD6F4EF7D7478E1CAEE3A3B28992E9DC59523B9D11BC58230CAF73D7C0969A91E2D30F1D3CE8BCBEF8FF179C7631AC2CBA02D6C23F816F89F1067512C685A2B3963D0D43878B1BA8F6C23398E09D7717D3AA0C2BCF011F1F6FCC9C310D93274C5017D1DADAC6B8E6FC48DE97AFEA9D15B157D0A9CAA6FFC41EB07660ACC3545CB166C46D3CBB3A3D1B4E218D9A8A7AED1B42A864978BA50FECEEE388C6FA46D494378A9F644898D25B4072E00DE08DD687209FFC2F44D32E4CD72612894A8299A5B6F6D61833B31776AC494093B83A1C8D9C7E0B9B67D97B8E8F9B29E6249149337BA3A2BC16FB76A58B3CB4963398889C3247B1B814EBBF4BC0C26726C0C5CA5EB3DC7EF8E020EA2AC43510F5B0E38B384C9FDD0B9EEE36F8528C79EA9408D8D858A0B4B4162E0EC2B801CE48CF2A975A9BE794F24A99D98AC3739BC9C568DC465D1513EC8DCDC7A8FE7E282EAFC396FDD9D8139B87A7DEDEAB4DC4D1E1EE9837310C574FEF8D20512E0DE2073343D456AE89FD57DC8468189C5DB7FBD7F73E4DCFCC56A5C71AD0CFD7578E7F6A5A3765B185B156A6FB525C7AE13547377E3F589A5B62A8A843B642D9DBDB69B0FAF1279E4195B87CBF07182FCC4B2D85A58DB9DA59FF2961C6350670D6421B3B4B7D9F989290117FE1F1B71F49E318FB7F70701C3118150DF283E4502F7E7ACF8101C817FF877E9A2637899D71ADEE2E864716FD31206A0447CBAA979ABD4E5C0D5B29E4DCEB0663EDD2232893DA9783F7980AB1F03CCA32240F35D876788B22183BB5173EFCC70E752998F04D22A1BAB1950B7EFBD5ED70F575C23F0FDD0A3731D88F1FD9A8AD288E2EB678EF8175F076B3C784F111484E29C521510C93C7856917782670B9CA368C653053B4336783B114CDD9901BDCC84C5271919CED2DE1EFE380C76F1B816F37A6E858A22BB7A7A14CAEE5586A197E103258B72B03C9B9E5983F290C8F2E1A0E2F371B1D098C933BD12D627F1B8ED3F16B9199912EB7A75D9B49434282B46FC6C9707674D20C48CA6B76F6CB48EBEE26FF47C3BD77DEAEA3ABD58A7BC96CD783878F60D16D7760F3D66DC62D7E3B146555C87B5AAD71C9BAB6460C9BF9F3C4B5DE314168A869520249FB0599A14A1A1C1323764B0AE6DC3412EE62904DA20C18372053B9FB39C1C5D316F1FB45D25B5BA87A205DD0255135220BA55EBB100AFD282693B00DD83FC405F3E478D73F380193E6F5C35AA9F91B6A9A6121F29F2D2406CA919F240C2106D6FD9C64E9D607262235B110077667E81406EA73CA5A06312D2C99CCD3847FBDBA4DFC342FBC7AFD724346AAA5B996ADAAB4012BFEB60B77DF351A33847838C87071492DA6882AE817ED8D0517472345589803F070D8401DB9DCCD4E7BAA4E1BDF03B3274660EA9810CC1A178E948C723C2BCAA257A8AB8E48EEED6AAF2D23D65206A6423736B7214988F4F9F70FE05D714BA68E0CC575B3A330634C0FF879D8C9353139ECDC7D11CE07F695C8C894FB6E69A81998CCD5D93FA413EE1E1CA13D5454468B3E07E652B0A9AE1B7F1C383939E31FAFBC02773737CDBF60C09681D7871E7D1CB7FDF96E6CDBB14353D27F0B6CFF2A1EB626563ACBA1B7872B3C835C8C6B7EC2F8ABFBA1BAA9415B368BCA2A50947D6153752869EC5A158F0DAA02AAD137A607265F31087D4784E0CFAFCCC5D34BAFC5C7CF6D109FCA122DA21E480C6D523B33D049D7857641DF89C1155B276BB8793B20A8A71716DE3701BD06FA638818A0871051694115CCA590745D0C1E5E2759C83F2111CAF946510403460663A39487C4C5E09E12926CC920255B66786E9F00839F66EF62A8753BFD53DE845DDF26A043882BBCA79BEC63AA599DE3C78661DAE49E18C39EB25323316E6408A68CEB81417DBC1115E1A199A4F12925D8272EC88A0DC958FCCD511D7478EBC11C8C18E0077B212492048FC773D17DE1EF9CF1CD5B08A249CAF4CED7B1F876530AF28A6A30B09717668E09C56C39C7D603BFBC6310D38AF30B0AF53E30101A1814605C732AD8078339272497DCDC5C7476E0EAC61F0741F2EC9E79F2714446466A65400406F823332B0B2FBCF8373CFED433DA09EFD722767D0A6C1CACD44DE931E0CC2D503DFAF9E8085E740C6C618D436B928D6BBA06531AFE916DA93A18F0814D4958FEC6766C5F1187BFBC7D29864B6DEDE6ED88EB1E9A8251337B63D2E5FD31FD9AC1987DE308CCBB3D0657DC331E57DD370E57DF3B1E178B441F3F371AFD4785C027D8552CD9780601ED9DC4221667F446D86221EA41B7216130FFC00C834787A24654CA66210D8EDD41462365304F84CA8663657096B57997F65797E28697A68A41B175C770322B31EE9423F9D8B5E204E6CCED8394B412AC597B420C4EB95131697C1876EFCBC61E21841DFBB2B079473A62138A5020245121F780238939DA5BA9A2609EC6BA1D9998333E140919A5F017426C6939E9C204BC060B7353383958A34E48EF6872093E5D2DC425DFD7335FBFE997AB8DA2E222D4371A92D94808BE3EBEFAFBE90813A541523113D78A636ED49E9616DD8D3F06820203F0F2F3CFE09A2BAF906754ABFD4CA83A98C075FC783C9E78F2193CF4C863F2DC7FB95B5B985E29B6648E5679EF7A0CF8A9AFD0C9B077B5416098A776ECB411577CEFAA9FF254BA025376712F2F96DA5164F54221873B5EB9180327448832F829505353598F0431B24352936E5A1E8B95EFEFC1672F6FC63B7FFD1E6F3FB2066F3DFA3D168B1AF9F2F5ED58FDD1416C5F790C6F3EB606B13BD3B1EA9383CA1F0347F740A3B827DAB4C51A5B3844DD0E59C7C2F71D168CC131A178FDC91FB4C544C7E0602C83D4411746544643631BFEFC9771422C0DB8FDFA2FD061698A2B1E9B809A52C3602854004C8679FFFEB5B0B630C7FD778FC30DD70FC3B7DFC5232BBB02B97955F87C692C6EB87A304244B63166C24E6DA41473EDB569D0403C17E3289C802921AD0C6EAEB64A003D7C1DB5A5E24C20A9B1BF8A839D05AE9D19A54DC45BF7E768B098B3D177AAA10BC1A1234785C4D853B8035EEE1E67CD5D0809098615631DBC4FB26D6CEC61E39A6EFCD1C044B43F5DB7102BBF5A863933A76B9C83791DAC141C1C1CE499C7E28AABAFC5D7DF7E6BDCA3EB483A90AB7147BE031636E6E815136C5CF373840AA1508D305C50927981EE495D7513FC42DC44DA5B60F3D24358F2D206EC5C791C2F2D5AAA999F6545D5F8FCD5ADA82AAB456579BD32189B73EC1DADE1222A84B9EC74495CDC1DE0EC6E0B7B7151189D8D1A1288951FEDC7472F6D4296487F374F7B8C12D78064A18381C8C9D54151FB6CC7F4F9FD34B6B26D5D229C5D6CB58F080D98A0BDB536B76B7F940917F5C292C5FB112B3768B3A888E9370D82AB9FA3BA4E848DA395104411F6AF4A44CC9860EC946BF8E18713D8BD374B5B4E366F4FC357E27E70D4F1A913C230415C155F2F3BED7BD2748A2A10BA1235C4806E49590382FD9C747473954AA741B311C5250A0B70C68C3161A811D2B3B1B1E421B06A5B1A0E8992F97194B00BC0891349DA94DA2244E5EEE90157D79FFBA704BF0FF0F3D52659F6F2DCBE73AF714D37FEA8B0B5B7C39D77DC867FBCF222A64C9CA041F9BADA3A1DC888CB3BEF7D88F73E586CDCBA6BC8385A8016A9586963D6527985449F7DC4F188C1FEE0F0066C8D600C3233AEEB43009A16A4976205E711D99381FADA16F1D54596DB5AA238BF123F2C398C6FDEDC8509F3FAE928E3E652B36B2F52A9D1D5748C06CF58039B2E69DCFC9B391001611EC816A9CE74F3CA925A241DCD07C79E9872991C4B24BEE6BF930C5ADAE1EC668721A274BE786B37EC8470D80CABAC42188D8DA9E131E37BE8EF5F7E7C4088C5068BDFDE0D07773B4CB8B29F0E61C6425125B8393AE3B3C736C3D9DE1AC1E22A31C18C6AA1A8B01691E11E62D4CD58BF350D1BB7A6A2A2A20183FBF9E1C605FDD4FD282EA9D332F1CEB37C74AD9233CB94102A850C1CE56118D2D10DA0A1322374CAF0204C1C1E28F7A70385A50D3ADEE8D1A462047A39A24E941453E32F046C2D292D2B53D260AB88CF394686622DC5E658068959932526FE7B4749EFC62F07BBE5DF7BD79FF1F4937F4540803F8AC535A1EBCEE106BE5CF6B528E365C62DCF8FA28C4AD99759C4EDDAC7C4DEEDECB91D3D870B6998339E086DA02848AF30AE393F4CD9D468C3E1C96D3962B1D81D9BFCE540AC299D4439FC20EEC584CB07E877ED5299B79BB2B615A391B39930218A2422166E224C492A61EE7EAF210128C828456D65A3924CA618CF00914ABBD726E2D8DE6C5C7CE3102513C628CA8BAB71FF0BB3502424B5ED87C41FBBEE1A5A650C6569935ADCDDDD1E975E33043B36A760E2E4484C9DD95B9487A7D4C6459871CB5078048A1210E324380072F689526CF9E408EEBB6F9C1CC29038969C528C90401725167BB95E2A8BA30985F86A550296AF49C298C101B87FD17084FA3B69AC84528F6549CAAC90BF4D10E0E928FB59A94B43E2600CC3C1D61A2FDC3D0AE181AE3896528A2FD625238E5339C87AE66E84C8B102BDEDD575BA10A4A6A7A3B4A44449835DA5274E9E685C73660CECD74F5B6BF8C23112CFDE9EDDF8CF41BFE868BCFBD6BF70E7ED37EBF3A68BE1E4E488D7DF780B79F9EC397D6ED063483B92AFF6D82236D86F620FED437636F845B88B7DDBFF58D1A7C7757DE43753361FAA0F6F30553A0CCA09CCA560B771CE7770684312A245C63333D4A49D244183E6468CC08A93A1BBCABE721CFAF011D17E38B63F5B0393661626282BA84695D4E8034787E284D4C0DBBE4BC084397DE1E5EB8C88BE7E88ECE78B4DDFC5EBCC6B8651A0581E39243FE43CEC421F332E14B93995080876C34D778FC6D5370CC3ED42081C04C725D809E3456D340A01B25C6C6DE0540AABDF3B085771A3E6CC8E467E7E2D32B32A101AE26A28BB94952D3296B29D9D101573393E581A8BAF57272042B699383C5849C4C3C55AC8A34DF335C60FF597ED9AB58F4B656D232EBB28024FDF3142DC8F627C2E84C8D6160645D9A396E5E6F1796CED9A7F81E0C8E324015E8B95B5158EC6C6E29B15DFE1ABE5CB65F9E6A7E5EBE558F9FDF7481192E1B817DC9E2FC1B1F87F4FE7B26EFCB6983F6F9E0E88545D53AB158093A323967DF58D71EDD951535E8FC2CC4A7539F8EEB3C3DA9A77F6E3DB5777FD6C59F18F5DD8F6459C0805434F769A5BE6B1628D2D7605A694EE6CC6645E01FF913668549A192AFF5970BA199E81CEFA1D5B334C384AB06CA3C627309A3838E3975F30272A6A5077A1B3431893BBB67D770C03C6F68083938D065E37AF8843589437FEFCF4547DC9BFFBE4006CAD2DF5B86421CDCC947F3CBA9DB8043BB7A4E1A15B97E1D13BBFC1BD8B96E1BE9B97E1DE5B64B9F56B2CFBEC10AE7C688C468D7F6C491125C131128F6E4AC14D8B862127AF123672FCA3C70A10DDDB5BBBBCB3FC1A8A95FF9672B399365E55DB84EFB7A462F7E15C1416D761D4403FDC7EE5202109A6B39BE1D93B47A177A80B5EBD7F9CB82C4EF8DBC787B0666786AE77B4B352A2E03D6339388A57567E159284AC2E14F1274E68649D65A454FDECF3A5F8F0A34FF0F1A79FCBB2E4A7E5B3CFF1EEFB8BB166ED3A1DA487E7668A704ECED99B7A0DF7B56BE0F81094CC1C8794A35E75827EF34FE8FAF10C3D8BFFC030BED3178E9FEEC12F3D4227664C9B8A9E11E1A238E49D13A599939BA7CFE15C28CDAD464D5983D4E326B0167B8BDD9C8EC5FFB71E4B9EDAF2B3E5B327B6E08BA7B7EA40C10C3990688A33CBD54BE80A4CFB8882182FEE0787FFD2F13B694672E3A812B42399D47625F2E2536A734224E10CD9C4D8642ABFAB3010A3E7AD62EFD369570FD6002883A1541DDC486B4BA971F74B6D3D6C4298BEB4D515F5483E96877031E0379F5A8FFABA4698B269942FBD1C8BC76F2741C93FC6591A1B9BD022EE446B738B2A1E76086BD79EACED58F9751C6A65DBB9778D447589B12545F6E7B066FFBC7535AC85EC82839CB5DFCC8103391832C01FEDA21E38D298216E21D7A9D740F210E5214CCD818953B2CA7532A42FD724E05F0F4D4044B00BA2C33DB0F8E969784FCEF9D06BBB74B268E67970391924A5882017A4E5566A30F54271F8D0E11FC7BBD0B89180B930675B884E12E7D81709423AECFDFA230C8F563FB4AF5017F1F77FBE81F1932FC28CD997E0C65B6F377E2BC791676AA8643ACBD7B56372F01B92DAAF35ACDF0B1C6782D765FCEBA4DFCF0DDE03DE0B425EA71FC151DBA3070DC5C0A131183966220A8BBA1670E4A8E91CB087A4C18E881C55FD5C483B9CA7E3E0680F7516597EB0572B33B8CFB4A87D69A7B60E4D6FC84FAD40614AD75C5A534EA9D8536A53CE92C64E657A93E4803459551642240C0C166494212CDA57FB91E8CD64A1C4C6F57D919BC40998A3470623E14096DE3C164A098672C558B0A29C72588A02E0A44AECBA3E536A709E6FD7BA24383A1A460AE3B979D19DF79D464DF2E09804ACC5C98A3AC51C2F5C162A25E698ACFDEE38163C3C46FBA8D09D20AC44A1E4A596E1E0EA645C76697FA9B90DA33B151454C1DBC7116D1D0CC692FC486C72CD525E9687F79C44C5291939C749B9B8565FAEFD6956AAACBC2A1C4F2B83A7AB8DBA477AADA7A15594928F9B1D0A4AEBE1E57EE66900CE869CBC3C343637C9359A89E1B78203F0B05584CAC3D6EE0C8B7CCFF51CA087DB731C8ABCBC7C1DF4A5133A7E279FAB2C8CD2333FA72B607ABF7F4000BCBD3C11141068FC167075711165D962385E5D9D066EBB8292B252AD80FEA8B0B3B5F98904E5B1F25E7505159595FADE12EC02CF1EDB849B9B1B02FDFC34B9CBCBDB531B00BA829A9A6A2566123C9FA799E9B95DDC13FB7235B99121022EECDD7AB6854998EC326FEB64C81CA51D5557D6212FFDB47968CE02531BF1F9930FE5E222510864A956AD15A50611A3616D4EB140D97F58247BDFD1A172435928F9928662346E1A1E47F10A087347F2913C0D721AEF1FDF3A250F1EA7A1AE1935158D70F77680A7AF232E12435EFAF61EA989D9E1CB50FBE8D080DC4DFE19F238A42C727C133929D790C4F82DB7D36EEDB295958D39562C3B8A7629C3FCFB63502F464E704B5B7B2B2C7D7EBBFC06EDE9CA099D2BAB9B0C83F2880B61A89D0DE7309CCB703D1A9F91752437C635DC9D6DB1F5500E12D2CBB0725B1AAE9ADE4B5D1236959D0E9EAB455E0E1F4F079455D623A6DF9993B2CE866371C775AC07AA3C1AE5FDF7DE83575E7C0E2F3DFF0C5E7AEE0C8B7CFFEACB2FE0964537FDE80B9F3E423913C3CC85184944CC484C4AE95A16E0AE3D7BB5BF0BC7D3080BFB692C8FE0C040796686347F9E335194CDF9C0E9127440602A23C363FEC3C1C2C20A9E9E46E3960779E4E851E39A73233E21514D82DDDF3DDCDD748E152258C8822A966A9BC316242777EDBEEF3F74489526DF2F573717D8D99FBBE239B42E453B85D6D73463C49C9E7879C78D787ADDC2332ECF70F9E15A3CB7E13AB8F9396843839585250EAFEBDA708E1AD31832B9273E7F79132EBD638CD6B0CDF5AD70F5B64779A1B01D6B76B9199C6D7DFBB7719830BF9F14CC3031924E0B205293FD51DCBD9D34A6515956A76A8037DCC0D7F276F0006280249F435B5310DADB1757DC3E4AB7FDE1AB233ACC5F3BEFB8323C771283E501480CF2A9E792DF4822BACE786E1D514CD650113088FAE9E27DB8445C144F7145D83243D83A5822F9601E762D3D8E5973FBA81B51284AC3CBD35E4981C76302998EF921903368994972754DCD70177299240AAAB4BC16474F94E0AB0DC9F8E0DBE33AD6C68D17B3AB78C78F430276822D2775A2DA4843574EEB85C1515D9BA1BB13CCEA646DC7C5D1C911D17DFAC0C7DB1B01FEFE675D38D667AFC8087848CD462264EDCF7E2B9D888C0C878BA883565122EC3CF5F2DFFE6E5C73762CF972A98E5942894C793C6ECC58E31AC0D3CB4B0726E67C2224EF4F3EFB5CC7DB3C17962FFF56D50F0DE88F0A2AB211C386E9FD638C68CBB66D421C71C6B567C6E123B13878E8883677F399F5EDD3D730AF8F20383858542087D86B5512F8F093CFF4FB7361EBB6EDC8C9310CBCD4228A93CDB20C729F0B59E5C53A921DFB8BF51D1FAA9D39D94272B6C537CC4D47F38F1CEEAF95B99DA88E1DCBE28D473B37F4E9C5CCEE83E1D322717C6F16864CE9A9BD533DFC9CB52F8A8EAA25352F3B6BA51E2BD06EF29438ECD36130E676D9BE19BD0607203BA9C4207B69D86230AA066886ACB5655B1A24E550716E39C6CF89C6AA4F0FEAC44794AB6C62E5365AC3CB86DC9FBF185E2F2A1EFE4697C8401C9AF7A0E7D1CDE026AEC277CBE26029AA20E6E2DEDAFCCA6311ECCCB6EADDFDF076B1434C4C30F272AB35B8AA2D353C8CA194FCC5B08FFCA72209957B103328003FECC84474B82736EFCD86AB8395CE4EBF715F0E9232CB7199DC2F3B5B73ED1E4FF0A5610AFAD5337A6340A40716CE8ED2EFBB8A26794972F3F38CAE491B0244DA1A5A94CE0F66147A7B7B8942E460BB1D48CFCC32AEA13BE18A0913C669976C1A0695C3934F3F7B4A70B313725BB16ACD1A2CFB6A39DCDD5C512B12BD57644FF489328C4D4AB09BF784F163B4C2E0580F59D93978F99557751CD2D34137E69F6FBEA5031B53FEFFD13169FC58706A0682D7F7AF37DE4262D29953AD3945E3ABAFBDAEC4C967EF24CF60A2DC979371D51597EA044F2495E2A2623CF5CCF3670D6C1E3A74186FBCF39EDE5F1E8FCF72F6AC99C6B567C6A1F529B083B855627BECDF151875E6F4F133217C903F9A1B9B6126EF6C517DD73243F56D64C0E4FAC7A78B4F648EF0817E08EDE32335B4853695AA918A66679E013B9115E757232852E41B7D211AB9487C4E6F10DAC70B2744BE33804AA353A3979F6A8CD4FC84F049B3B822A3C5A0483A3BD7246AEE3B41C3D7FD68C4F283718AD2C21A21AE2A9415F1B31A25F2C9EF4AE5B3443F6BF5772EE525F528CAAFC23B6FEEC482BF8ED3B66A553902BA4BC9FBF270684D126EBB7524B2732B35DF42E76311E3523747889165E6B93938F1005107FD7B7963F9FA2444043AA3A8B45ED58521B80B384AB90F1C2FC49E6385B8E2A2489D74A95ECE49CE614D7AF3BCBEF076BFB069120906BDF272F3953438C176787898F62BE90A6CC42003FCFDF4771DA13C2DED94CE6BD72DBC5A0CDC4A0983C3E9D3F5B8FFA147F0F5B72B703C3E5E0D63EFFE0378FCA9A7F0C69BEFE8C3A06A69696952D7E774CC9E3153550E87C82361ED97DAF69E071EC4A79F7FAE83F3EE93637DB362251E78F8117CBB6215382CDF1F59657482031B0DECDF4FE3191C60989D0639C114A73B88157785F795E9DE1F7CF4311E7BF269255E2A810A515A13268CD75EC72763EEEC590811C541F562B8EF7BF0E0238F61FD864DEA4272F024BA776FBFF73E9E78F6397068463E738EC171F97C4E2179EE2107F7AF4A82BDB85574339C3DEC11D4BBEB534486F6F796774D14BBBCB876B042E2DEF377B0FC31BAC2D60E670F3B1CDF9D89DB5E9C85C29C4A94FE7D3B9C7D1CC0742B1AA08D9D15920E6461D0A4089C607F0A21010ED9B7F0FF26E1CBBF6F3510006B7F1ABE18A1928DC18AF41C4CD5EED9DF1F638434BE7E772F8AC54D7072B553A3A5356A70553E2BCBEA3145DC20E66F68CC408EA5E6AF0C64000FCB2011D54E87B8C83C678B7824765206067AC65CDE073BBE4A80935C135D2C96FFAB9777E3852DD763EEDC286CD8948298618158B5EE84A6BE931B9BDBDAB483D99431A1DA0D7FE58624396E07FACB43D8B23F476A7C294A1B0D89E733D1795FD3B22B7440E22BA6F7C2AA2DA93A695249533D9E7E771F5EB96FAC3C90930ADD05B069939319A9DF2FF017A5D155D0B50C0D09C6D6ED3BF4A54B4FCB503F9A815282B4F8CA0BCFE3C147FFAA64C2F12FCB4ACBF0DEFB1FEAF36259194761F77BC31C22ADA8961AF1BA85D760C8A0817A8C93C111B6FFF6D2F39877D9023508D68E35D5D558F2F952AD25F97C34A02C04E6E6EAA25DF6CDF89D5C1B9FD71F1574B9FFFAC843B8EA9AEB9408D8E4CD7773E9B2AFF0E5D265EAAE711C535E1B49850BA7B21C36648890EBCF4750E7F11E79E87E3CF0D05F75A63706ADE982BEFCEA6B4AA40C74733065B531516D266295548423860DC5CD37FDC97894B32337A9545C130B6DB0F00CB1D5F86257D163901FAC39F1BA54FED61652117E9F845EC3CFDC9BBA13A71CFD4F8F4F4573430B5EFFCB4A78FA3A63E845BDE013E40A8EE8C52EF17CA94A447D70EED4E09E5EDA8E1C18E6AE69E295A575F2B21903A07293A828749C42F993B33355091188A7838B6FE4E8CE2658FAC64E4D19570B145E2068884C170FEAE18E9BEE1B8F11E3C231606810068E08C26059060DE7673006CA2753CA675ED2176326C93603033072540F8C1DD703FDFAF9A9AB70FB5B73B4F5847116C256DC8A235B5370786D326EBE79848E72CE4994B4CBBD180C035896F2325C3CAD9794B705AB44F2F1A58F08729732B523471416F98B1DE9D83242854270C0E2CAAA267CFC5D3CC60D0D44BF084F6DBD49CFA9405ED1858FCE94949CA44A802F2967E3EA9CE3A4AB080A0C82995C07F7E7485E1C9CF664F4E9D31BAFFFE35584F508155553A1D7C8DACFD1D15E89C2C9C949FD71CE2BCA87F7D003F76BAFCCB381FD24967EFE29060E1820954283BE139DC7E1EC641CF897E0E0C4ECC2EFE9E1AE711212C8E92D092C73E7A227EF0AE4F1F1BD3979E90A0CDB1A9A1ECF94ADCB9C9CCF3EF950E31B3A676D63A31A3B1515631D8E0E8E62F076DAE18CD73C67F64CEDC17A36848785E395979E5352E7B8AF8493B383D894A912B5AD9D0D1CE4BE3536362801733472CE4B73BE314F8B332B509455295E82A9A64D746552E793C1F003E743610308BB7F7465CCD09F4DCB386862381C9C6DF08F3BBF86BDB32D82C5151934210279A925282FAE5557860F2A6C801FE2F76469A6684176B9CE2A4D52A1BB4217A2471F6FF41B1D8AFD9B9231784218068D0B130272C1BC453158F6F62E1CDB9BA9FDFE69B0ACE6492F7C88ECE13AF38A81E83B2C08775CF2117E5811872DDF27602397EF8ECB673C36AC3A8ECD3F9C407A4A99B82CB53828C77AEDF94D58BFE604D6CAFA43077230636EB4DED0E403F986D4747939A84AD20E17E0F2FB462129B51469E9A5F2825B2135BD0C2EE25E5C3CB3378E9D28466C62B1BC14E27F0A11DE75C3507CB93A0135F52DB85AD65F33BBB7908B09F61D37B44C903BF89ED637B6E28410D188BEDEE2AAD8E9C03DECE41626AECD8560DD0F1B919C9CA24AC1D9C901D75C75E505497A1AC096AD3BB409942ACD4B8C748048ED934163E6140116E616C8CDCB4392B825242AB68270F46B1B2B6B796927E1969B6ED0C980CE07D6B49CFC2730D05F95526A4AAA48EE2254881F5F2D06E2EDEDA3D348DEBAE8464D3ACBCACE52A3F4F5F5C6A489138C4701FEF1FA9BE2F636699F9B98E1237406F5F38123757FFEE5328DA5D0B59B3C792202859CCE07B66230598E6AAA54D4D69FAE5DA83187934125312A66A4AABD4271218E27C4A3DA38323B9545AD10EB6859BF48D4C0FC8BE71AF73A3BD84C1D337284E6D1C4279CD0B14FD8558144C1C1798AA51C51BD7A61D10D7FC282CBE7FF184C3D17328F1763C34747947C2A6A6B70E3F353E1117061EF5C567C1112F7E4AA1B4F5BE488FFD6C6B001F9FBF469194D84D5CF48E9B1DBD2F0F7BB966BFF11F6629D76ED10ED0D7760638ACE123FE1D2FED8B3F604068D0FC3AEB589689603D2FE59F871F3A371D363D35057D3888DCB8E222DBE0015A5F578E0F58BB5167FE8AA4F74EA0253710118EE603095E383729E14B61DBFB5F2267CF9F61E2C7D6F9761A01D3930678FD7CA87AA5DC8852D142DB2C8AF888CF2C5485119BB7666205B082025A5046F2CBE12FE2EB67868CA6234D5B66A6A2D512DE57870C9A570EAE781D7FFB90BFF77FF387CF5ED71F8FAD863F5C65454D43408C958EAA85FE346896F6AD681551BD3A4E6B4C6BA0F2F37C478044FBCB90719F99CEF94B107B906294B93288C1AD96FECA00084073AC1CED60A13879EFF053E19372CBA0545620094F7C3870FC5630F3D685CD375DC7EE73D2A7FD93B3632A227FEF1B7178D6BCE8C86FA46A4A4A7A901F9FAF8C0DB537C62C365FE22B0E6A4EA68E96885A39D83925EA702E8541252BF6B4571322132E8C7BFB9DEE0C29CBF10DC873912DC962D602ECE2E6A94E7836116F932254E96F7E4796ACF06AA8DDCFC7C550A6CAD62D099FBFF52F058B1B171AA5438E136E780E5B4141782556FECC5470F6F04C7E26516F6E2CCFBE0EED7B569173A11B72D1D778D7B073E5E2E6A6B8F7D770522871B72729896704BD46B2A0A9841FAC0A7F34F754F4E46FFB13DF0F69EBBB1E899E9DA99EDBD27D662DB37C7102E0A234A5440A330CF9839D1422AF57072B5C1D46B8660D153D3F0ECD26B953008469EE3F766A9B1370A8130857C87D4DA745538A319BF37280C060B20C4528B990B06A97FC5161AAA1AB22D0740E55817ECD7C10995D89AC098839DF87136E2129D905AFF9DD7B68BEF698911A26EA832D67E2F4410E18E81E2BE90213BC1710656BF770091216EF8DBCBD31112EC8207EE198D5DFBB2919EC597C84C034A541A21FE8E58BF3503D1911E1831D00FA5E2A6119C28DADCC204413E8EF0F37480AF879D2C0E08F37746FF9E9EC82BAE4190AF1396AE4D425965D7679267F43B39254D836A7C910644471BD75C18428383757F4EE0CC0C440654CF051B5B6BF4955A9DC13F2671FD1AC22068F0F6E296B8383AFFCCF855F19144847C4F5750868184E4F9CA33EF0A6110DC8706C719D3BC3C3CBB441804EF8DAF2820EED715C220E89670C0A3C103076A00F8D71006E1EFEB8B99D3A762DEC5737494F90B250C2223AE5087C264BF91F021BEDA747AA17074B38713BB2C48E5D7D2D4725E17E59CBA973D5D99F4F5D4B2EBF1D28A1B31EBC661FAA07B0F0DC645570DC2FCDB6370F1AD3178EEABEB71ED4313B50B7D70AF9F1E80A38B9DF84966F861E9617171C2A550EDD8FC350796F9A9E661B32C0BC1D803DD8839A268BEFE600F7233C475B0B712792BFE3D7D8076D624861A9D39186CC9A9AD6D1235D3A4DFB393D8813D9938202495256EC7A25B47E9F1E7FFDF281D4A908C4930269172300F8736A4C0CEE6A71B3C636A4FCC99162935A3A5D4D0ED080970D159E22F9F1585406F27A46654E0FE97B6E0B3550978EBCB58AC1676DE7E384F3BA9ED389287DD4773B12B2E1FFB8F152036A90471C9A5F2029B8ADBD2B50C4022252D55DC0AC358911C6BB577EFDEFAFB85222666B8DC9B7A35BEA2C2229414772DD3AF1BFF59A8AF6E425E5299E645913442FB79E37CB3C09F092E5E7608EAE5A1EF1C6D2B33FEDC93629D93343AE1EC6E873E234230FBA691B8ED85999875C3308408397034E390DE3EB0170571368C9D172D4AC416972C1A81551F1F405672B148294B250B064059E3B4494DC85C8F85F71A92872A8A6A1110EA2A6ECA0D98BB70B02A0506CD982549C5C13960FB0E0EC00431F28BE6F4C1745966CDED8B05B2ED1C21AE71137B225B4887F00B77C7E8CB7A8B7433D4F89C82817D58963D6798BFB3BAB6116BD625E1D57FEE444E5E35268FEFA1C1D01993C2E0266A67BD90C3CE83D9AA2EB265FDD6FDD93A0607550E7BB072FE562E36425A9CA18D04E6CF56A89452F878DAC2435CA4AE62CBB6ADDAA24137C1D3D3FD825A4E4EC6B061C3447E372AC153B227249E3F5BB31BFF7928C9AD448E9006BB68507987F6BFB0CCE34EB0853128DA5BFB74B11B46C69142B1B9B3770BE81269FC1A440D0EC45D2FCFD63E221F3EB74147F832382572724E712656C65EB67E212E9879C560BCFDEC7A24C6E662F69583E1244AE5BABBC6E2D29B8663F61503B140486BFAFCFE8888F2D666BCA2FC6A51156548901A7EFB96547CF3E511BCFFE60E7C2A4AE5D9277EC0F2A547B41975C123E361290A824C4AD0F5D9BF2B055922ED92D2CA5052560B1B295F5656053E5A7204ABD69F406D5D0BD66E4943430365BE19D88A65239F1C48884153114BAA9C7E822172CF5884AFA73D0AC4D5AAAC6ED6D695AE62F79E7D7A5F2AABAA743E13ED2FF20B400DC77E22F4BD793C1EB71BFF7D284CAB40B6284956AA8CED0544BA19D75C3882A23C34219236727C5B262A0A8CC96752B973C8090ED5590F4E37D9F6F3D693DF1A4C180B0CF7C0AAC5FB10BB3313B6F686082DC9828954FCC75EA093850CFA8F0846FCFE1CF885BA232CCA47833BE525B5F8E2AD5DD8BF231DC70E6423510822536AF182BC4A9496D4E9D48DB5E2A270B83F364F31026C6B6FA9C65227EE4B4E76A52A92C2D47224EDCF85B5A8232D57BB39D28F16E0DA07C7A1548EC1418539DD818383B5BA27CC300D0A70425246A5AA9B0E792A2C76A3105C9F080FA4E6541A5C7FFAE77A44DEDF0E6D8E1D35C05FE74519D1D71723BBC8FE6D6DAD484E4D838F97B712C6C8E1C3D1BB57A471ED85A34194065B0342434234159D6DFEDDF8EF425662319A4A9B7552E7F0813E187559F42F724F08CEED5A5DDA28C4E3AE794E232FE90D07171B55AAD90986A131BCBC5D307466CFB3B79EFC96600EC7D3377C89A2DC0A5508AA6F8430A83728E739C8CE927DF760DBEA04BCF9F85A38893B34EB1A511AE2D65455D463D907FBB4B9D4D482E6C95610A9E1A5AA67C169E034544B210BED15C86F59E38B298F9ED0035B36A6E0ED8FAE40656A251E9EF6B1F67F610B0F150107567D76ED4258063961F386147CF1F55138898A68956344F5F602F3483834E0816385B0B7B7469B1CB55DC863E2C820EC3C92A70462222E49A75C63E7B6405F7B784AB9B71DCAC3E72F4C47B04FD726FCE56360993A633DA707092F143C5EE7A3E527038CDDF8EFC28F3D95B5F2950F63CBDE2F058F6750CBF2BEC87BDD093D0FDF4B798FD838F1EBDECC2E62C3B223C8482CD20B6312155501A3B42DCDED282FAAC1C5370CD3C140367E15ABBE59CCE49E58BFFC285EBC6F05F66E4EC5A8493DC5CFE70D22D1C885D1A0C41E1807F1F275C4CC79FDF5780C9872E6341A092F8C199BCC5578E78DDDE8393200E31744A34AD409E516C7FE681417E4A3BF6E42A89F13A2FA78C2C3C3FEC7D1C639F6C6A61D19888AF094DADF5EDBD3CDE4A88C379495D523C0DB41632C1A9B11F0A3555899FD55E2D3CA71FDECA82E1306C18745C32659FC5AC22078BCCE637513C67F27D480B90859FC5AC220782C1EE764C2203ACFC14FFD5B7FFE8EA8A96CC09EB509DA2C6BEB680D3B59989D692B6E000730F60974C1823B4661EBCAE3B0B435C7DC1B86EBD080A585B5F0F67541765A29EC1DADE0EA61A7FE166F0D0DB4AABC1E4E2EB678F0B999B86AD17078783A68162A099142C44248884DB7BC4066BBB1DFC8C5F7C6207CB02F027A792030CA1311F23BB35D930FE461C4902084063133AECD7002F9EF2EF26CC50F27306A70A02A9D36F9C76629E663B0795789DEB0A91295159B6B65F71E4242375CFCCB9A4BBBD18D3F3A7E77F784929B4921741FD4BA3A21C6CD7C0B0ECBC7AEB90B635E5337E5E9C557E2E8DE4C6C59755C13B8B80BE310532F1D80CFDFDA21BF5B81B3BF47447BE3FE6767C237C030ACFFD60D27F0FCC3E2DAE808CCA67076B3D51696B5ABE2316E5284C6396EBF734CA785EB3E945D9462ECF64F6CDF9581C79ED90807676B0C88F6436A56B9E6668C1E1E846A295BACA8252689798BF288E8E18EF5BB3285F82C741EDB7A59EFED618BD9637BE09249E1BF685CD06E74E33F01BF7B20943299C119B69E309ED0B950E6337FE3C4913C6C13C33EBA3B13B73C3E056F3FB55E8D7AFCAC28241CCE57E5C04E710D421481E19EA8AE6EC00DF78EC3ED8F4CD164B14E048B11B3D973F7D634915880978F231C9DAC909F5785BEFDFCF0DD8A63484F2FC3F163F9D8BD371B3BC4E05DDD6DB176433212840CBE5F93A0EE0C07182E29AD87AFAF834E1ACDF94C720B6B103324007945B53A7646496523268F0CC6A1F822ED6CC48C42073B2BDC77ED604C1F15AA64D88D6EFCB7E277278DB38135B6A3932DAA2B840C22DC5122C6DD50D7826431EAC2EC0A9D2680533CC6EEC9D06DD971EEF2452330EB8A811830FCCC3347F51672A03F76787F964EB844C5502C6E4E5884078EC515A020B74A08A204A9C9C538129BAF81CED8238699F2BF5F73029C152D44CE939E5E0E5F219DDAFA66B0031D83ADB50DAD1831D81FC7924A8448DA1133D01F87138AC0FE369CCB756A4C302E9D72619D85BAD18DFF44FC5B5A4FBA024E0F59905589F88359A8969A9CB3D68F9C14090F76CDB7B280A30BBB10772DA0979D518655DFC4A9CAA0C2E1644699A2323A5B6E74DC53B96C27671B8C1063DF2BCA63842887152BE371E55503F0E55771888EF64171591D0AC5B5E25CB0354228532786EBDF7B8FE663DCC8203470DE9494523409A9DCB37030E6895BD28D6EFCB7E30F431ABF0798F895975B89679F58077B7191D84D8AF1070D6C88BAE04CF0D3A6478AEA2880BBB82A2666667070B0425E418DBA50B50DCDC82FAED5EEC36DE22771E0A0CBE74663A5B834754D2DB8E692BE78E38B23B011B7E6A367A722F0025A4BBAD18DFF54FC573BDF41A16EDA52C33142080EA843BED01616015B44E2138A316448000E1ECE852B9359841882039D35B5DD446E0F9B54C9AB1C5E902D27FB8FE422667080E668B03F0B6769EB27EE55376174E37F05FFF511BBFE03FCD1B3B70FAAAA0C23940B0B0871086BC887B9A50952928AB5F9D4CFD719078438CCCCCDD0BB1747A366A28B6104746D02975F2C2C4C90262E948D85B99084233272AA7454F3FBAF3BFF9813DDE8C67F0BFE27C2FCCFFE6D16BC4509D45437EB781E1C48954DC166F28FB922DFAD3A8EB9B3A390935581FCC22A9DCB64D8C0001D7884DD63D4ADE9304C914802D9B8271DE3449D5454D5E38DC726C3CFFBC2C62FE84637FE93F15F1DD338194585D5D8BB2B13E9E9A548882FD2690C6AEB5B60EF60ADAEC6C409E1422C0E183A2C10FEBE4E282CAEC57D0FAF41AD900CBBECB3058789951DF283718E6103FDF1C89F4769E7B46E74E37F09FF33A4D1095E6E4D75132ACAEB70F46801F6EFCF425A6639FCFC9DF1E273D3D53D216A6A9B448124205BC885638032C9ABACAA11CD6D1D183AC00F57CF8B4678B0AB6EDB8D6EFCEF00F87F9ED91B4B4AFAE0D90000000049454E44AE426082 WHERE `app_id`='11' and `app_name` = 'LF Acumos Marketplace'; - - - diff --git a/kubernetes/portal/charts/portal-mariadb/templates/job.yaml b/kubernetes/portal/charts/portal-mariadb/templates/job.yaml index b6495c93fd..812dc66a23 100644 --- a/kubernetes/portal/charts/portal-mariadb/templates/job.yaml +++ b/kubernetes/portal/charts/portal-mariadb/templates/job.yaml @@ -33,7 +33,7 @@ spec: restartPolicy: Never initContainers: - name: {{ include "common.name" . }}-init-readiness - image: "{{ .Values.global.readinessRepository }}/{{ .Values.readinessImage }}" + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - /root/ready.py diff --git a/kubernetes/portal/charts/portal-mariadb/values.yaml b/kubernetes/portal/charts/portal-mariadb/values.yaml index e6aab2a2e3..1234b6bc46 100644 --- a/kubernetes/portal/charts/portal-mariadb/values.yaml +++ b/kubernetes/portal/charts/portal-mariadb/values.yaml @@ -20,14 +20,15 @@ global: # global defaults nodePortPrefix: 302 persistence: {} readinessRepository: oomk8s + readinessImage: readiness-check:2.0.0 # application image repository: nexus3.onap.org:10001 -image: onap/portal-db:2.6.0 +image: onap/portal-db:3.2.0 pullPolicy: Always -readinessImage: readiness-check:2.0.0 + mariadbInitImage: "mariadb-client-init:3.0.0" # application configuration @@ -65,7 +66,7 @@ config: # application's front end hostname. Must be resolvable on the client side environment dmaapBcHostName: "dmaap-bc.simpledemo.onap.org" # msb IAG ui assignment for port 80 - msbPort: "30280" + msbPort: "30283" # application's front end hostname. Must be resolvable on the client side environment msbHostName: "msb.api.simpledemo.onap.org" # SO Monitoring assignment for port 30224 diff --git a/kubernetes/portal/charts/portal-sdk/values.yaml b/kubernetes/portal/charts/portal-sdk/values.yaml index 77ceb274d2..45af55fe1d 100644 --- a/kubernetes/portal/charts/portal-sdk/values.yaml +++ b/kubernetes/portal/charts/portal-sdk/values.yaml @@ -25,6 +25,7 @@ global: persistence: {} #AAF service aafEnabled: true + aafAgentImage: onap/aaf/aaf_agent:2.1.20 ################################################################# # Application configuration defaults. @@ -32,7 +33,7 @@ global: # application image repository: nexus3.onap.org:10001 -image: onap/portal-sdk:2.6.0 +image: onap/portal-sdk:3.2.0 pullPolicy: Always #AAF local config diff --git a/kubernetes/portal/charts/portal-widget/values.yaml b/kubernetes/portal/charts/portal-widget/values.yaml index 7a02509737..3d63cd8301 100644 --- a/kubernetes/portal/charts/portal-widget/values.yaml +++ b/kubernetes/portal/charts/portal-widget/values.yaml @@ -29,7 +29,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/portal-wms:2.6.0 +image: onap/portal-wms:3.2.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/robot b/kubernetes/robot index 4b3ce28d5c..1367bd6803 160000 --- a/kubernetes/robot +++ b/kubernetes/robot @@ -1 +1 @@ -Subproject commit 4b3ce28d5c42f2bc8ca9445545895aa34ff09a03 +Subproject commit 1367bd680380828977982030eb9784250c579e25 diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml index 3db3685b86..108c781f54 100644 --- a/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml +++ b/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml @@ -70,6 +70,19 @@ spec: mountPath: /config-input/ - name: sdc-environments-output mountPath: /config-output/ + - name: volume-permissions + image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /bin/sh + - -c + - | + chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} //onboard/cert + securityContext: + runAsUser: 0 + volumeMounts: + - name: {{ include "common.fullname" . }}-cert-storage + mountPath: "/onboard/cert" containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml b/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml index 946cb3491f..4cfebbf72f 100644 --- a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml +++ b/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml @@ -103,6 +103,9 @@ cert: volumeReclaimPolicy: Retain mountSubPath: /sdc/onbaording/cert +securityContext: + fsGroup: 35953 + runAsUser: 352070 ingress: enabled: false diff --git a/kubernetes/sdc/values.yaml b/kubernetes/sdc/values.yaml index 5701a91f27..2694b5de80 100644 --- a/kubernetes/sdc/values.yaml +++ b/kubernetes/sdc/values.yaml @@ -28,6 +28,8 @@ global: wf_external_user_password: S3A4Yko0U1hzek0wV1hsaGFrM2VIbGNzZTJnQXc4NHZhb0dHbUp2VXkyVQ== ubuntuInitRepository: oomk8s ubuntuInitImage: ubuntu-init:1.0.0 + busyboxRepository: registry.hub.docker.com + busyboxImage: library/busybox:latest cassandra: #This flag allows SDC to instantiate its own cluster, serviceName #should be sdc-cs if this flag is enabled diff --git a/kubernetes/sdnc/charts/dmaap-listener/resources/config/aai.properties b/kubernetes/sdnc/charts/dmaap-listener/resources/config/aai.properties index f9640a95db..6a4ca4ca16 100644 --- a/kubernetes/sdnc/charts/dmaap-listener/resources/config/aai.properties +++ b/kubernetes/sdnc/charts/dmaap-listener/resources/config/aai.properties @@ -32,4 +32,4 @@ sessionstickinessrequired=NO DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt sdnc.odl.user=${ODL_USER} sdnc.odl.password=${ODL_PASSWORD} -sdnc.odl.url-base=http://sdnc.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations \ No newline at end of file +sdnc.odl.url-base=http://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations \ No newline at end of file diff --git a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dhcpalert.properties b/kubernetes/sdnc/charts/dmaap-listener/resources/config/dhcpalert.properties index 96f40790c6..d2b55fb131 100644 --- a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dhcpalert.properties +++ b/kubernetes/sdnc/charts/dmaap-listener/resources/config/dhcpalert.properties @@ -32,4 +32,4 @@ sessionstickinessrequired=NO DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt sdnc.odl.user=${ODL_USER} sdnc.odl.password=${ODL_PASSWORD} -sdnc.odl.url-base=http://sdnc.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations +sdnc.odl.url-base=http://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations diff --git a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-CMNotify.properties b/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-CMNotify.properties new file mode 100644 index 0000000000..eff236a962 --- /dev/null +++ b/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-CMNotify.properties @@ -0,0 +1,35 @@ +TransportType=HTTPNOAUTH +Latitude =50.000000 +Longitude =-100.000000 +Version =1.0 +ServiceName=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}} +Environment =TEST +Partner = +routeOffer=MR1 +SubContextPath =/ +Protocol =http +MethodType =GET +username =UNUSED +password =UNUSED +contenttype =application/json +authKey=UNUSED +authDate=UNUSED +host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}} +topic=CM-NOTIFICATION +group=users +id=sdnc1 +timeout=15000 +limit=1000 +filter= +AFT_DME2_EXCHANGE_REQUEST_HANDLERS=com.att.nsa.test.PreferredRouteRequestHandler +AFT_DME2_EXCHANGE_REPLY_HANDLERS=com.att.nsa.test.PreferredRouteReplyHandler +AFT_DME2_REQ_TRACE_ON=true +AFT_ENVIRONMENT=AFTUAT +AFT_DME2_EP_CONN_TIMEOUT=15000 +AFT_DME2_ROUNDTRIP_TIMEOUT_MS=240000 +AFT_DME2_EP_READ_TIMEOUT_MS=50000 +sessionstickinessrequired=NO +DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt +sdnc.odl.user=${ODL_USER} +sdnc.odl.password=${ODL_PASSWORD} +sdnc.odl.url-base=https://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations diff --git a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-a1Adapter-policy.properties b/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-a1Adapter-policy.properties new file mode 100644 index 0000000000..944b63f4c2 --- /dev/null +++ b/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-a1Adapter-policy.properties @@ -0,0 +1,35 @@ +TransportType=HTTPNOAUTH +Latitude =50.000000 +Longitude =-100.000000 +Version =1.0 +ServiceName=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}} +Environment =TEST +Partner = +routeOffer=MR1 +SubContextPath =/ +Protocol =http +MethodType =GET +username =UNUSED +password =UNUSED +contenttype =application/json +authKey=UNUSED +authDate=UNUSED +host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}} +topic=A1-P +group=users +id=sdnc1 +timeout=15000 +limit=1000 +filter= +AFT_DME2_EXCHANGE_REQUEST_HANDLERS=com.att.nsa.test.PreferredRouteRequestHandler +AFT_DME2_EXCHANGE_REPLY_HANDLERS=com.att.nsa.test.PreferredRouteReplyHandler +AFT_DME2_REQ_TRACE_ON=true +AFT_ENVIRONMENT=AFTUAT +AFT_DME2_EP_CONN_TIMEOUT=15000 +AFT_DME2_ROUNDTRIP_TIMEOUT_MS=240000 +AFT_DME2_EP_READ_TIMEOUT_MS=50000 +sessionstickinessrequired=NO +DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt +sdnc.odl.user=${ODL_USER} +sdnc.odl.password=${ODL_PASSWORD} +sdnc.odl.url-base=https://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations diff --git a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-oofpcipoc.properties b/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-oofpcipoc.properties new file mode 100644 index 0000000000..b670d436c0 --- /dev/null +++ b/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-oofpcipoc.properties @@ -0,0 +1,35 @@ +TransportType=HTTPNOAUTH +Latitude =50.000000 +Longitude =-100.000000 +Version =1.0 +ServiceName=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}} +Environment =TEST +Partner = +routeOffer=MR1 +SubContextPath =/ +Protocol =http +MethodType =GET +username =UNUSED +password =UNUSED +contenttype =application/json +authKey=UNUSED +authDate=UNUSED +host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}} +topic=SDNR-CL +group=users +id=sdnc1 +timeout=15000 +limit=1000 +filter= +AFT_DME2_EXCHANGE_REQUEST_HANDLERS=com.att.nsa.test.PreferredRouteRequestHandler +AFT_DME2_EXCHANGE_REPLY_HANDLERS=com.att.nsa.test.PreferredRouteReplyHandler +AFT_DME2_REQ_TRACE_ON=true +AFT_ENVIRONMENT=AFTUAT +AFT_DME2_EP_CONN_TIMEOUT=15000 +AFT_DME2_ROUNDTRIP_TIMEOUT_MS=240000 +AFT_DME2_EP_READ_TIMEOUT_MS=50000 +sessionstickinessrequired=NO +DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt +sdnc.odl.user=$(ODL_USER} +sdnc.odl.password=${ODL_PASSWORD} +sdnc.odl.url-base=https://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations diff --git a/kubernetes/sdnc/charts/dmaap-listener/resources/config/lcm.properties b/kubernetes/sdnc/charts/dmaap-listener/resources/config/lcm.properties index 0b52b3febb..15f32c4248 100644 --- a/kubernetes/sdnc/charts/dmaap-listener/resources/config/lcm.properties +++ b/kubernetes/sdnc/charts/dmaap-listener/resources/config/lcm.properties @@ -32,4 +32,4 @@ sessionstickinessrequired=NO DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt sdnc.odl.user=${ODL_USER} sdnc.odl.password=${ODL_PASSWORD} -sdnc.odl.url-base=http://sdnc.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations \ No newline at end of file +sdnc.odl.url-base=http://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations \ No newline at end of file diff --git a/kubernetes/sdnc/charts/dmaap-listener/templates/deployment.yaml b/kubernetes/sdnc/charts/dmaap-listener/templates/deployment.yaml index af78a12d09..e7f06ffda0 100644 --- a/kubernetes/sdnc/charts/dmaap-listener/templates/deployment.yaml +++ b/kubernetes/sdnc/charts/dmaap-listener/templates/deployment.yaml @@ -101,6 +101,15 @@ spec: - mountPath: {{ .Values.config.configDir }}/aai.properties name: properties subPath: aai.properties + - mountPath: {{ .Values.config.configDir }}/dmaap-consumer-CMNotify.properties + name: properties + subPath: dmaap-consumer-CMNotify.properties + - mountPath: {{ .Values.config.configDir }}/dmaap-consumer-a1Adapter-policy.properties + name: properties + subPath: dmaap-consumer-a1Adapter-policy.properties + - mountPath: {{ .Values.config.configDir }}/dmaap-consumer-oofpcipoc.properties + name: properties + subPath: dmaap-consumer-oofpcipoc.properties resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} diff --git a/kubernetes/sdnc/charts/dmaap-listener/values.yaml b/kubernetes/sdnc/charts/dmaap-listener/values.yaml index f5077cb53c..51f7afeeb5 100644 --- a/kubernetes/sdnc/charts/dmaap-listener/values.yaml +++ b/kubernetes/sdnc/charts/dmaap-listener/values.yaml @@ -56,7 +56,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdnc-dmaap-listener-image:1.8.0 +image: onap/sdnc-dmaap-listener-image:1.8.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml b/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml index 621048a9d7..c08e53a84a 100644 --- a/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml +++ b/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml @@ -56,7 +56,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdnc-ansible-server-image:1.8.0 +image: onap/sdnc-ansible-server-image:1.8.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/charts/sdnc-portal/values.yaml b/kubernetes/sdnc/charts/sdnc-portal/values.yaml index faa9e6bde8..280a2af5e9 100644 --- a/kubernetes/sdnc/charts/sdnc-portal/values.yaml +++ b/kubernetes/sdnc/charts/sdnc-portal/values.yaml @@ -73,7 +73,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/admportal-sdnc-image:1.8.0 +image: onap/admportal-sdnc-image:1.8.1 config: dbFabricDB: mysql dbFabricUser: admin diff --git a/kubernetes/sdnc/charts/ueb-listener/values.yaml b/kubernetes/sdnc/charts/ueb-listener/values.yaml index 1f6c9de627..a02a38531c 100644 --- a/kubernetes/sdnc/charts/ueb-listener/values.yaml +++ b/kubernetes/sdnc/charts/ueb-listener/values.yaml @@ -62,7 +62,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdnc-ueb-listener-image:1.8.0 +image: onap/sdnc-ueb-listener-image:1.8.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/requirements.yaml b/kubernetes/sdnc/requirements.yaml index 967a674c08..3f44c6dca1 100644 --- a/kubernetes/sdnc/requirements.yaml +++ b/kubernetes/sdnc/requirements.yaml @@ -30,3 +30,6 @@ dependencies: version: ~6.x-0 repository: '@local' condition: .global.mariadbGalera.localCluster + - name: elasticsearch + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml index 99ff4b7760..21513eb77f 100644 --- a/kubernetes/sdnc/values.yaml +++ b/kubernetes/sdnc/values.yaml @@ -118,7 +118,7 @@ secrets: # application images repository: nexus3.onap.org:10001 pullPolicy: Always -image: onap/sdnc-image:1.8.0 +image: onap/sdnc-image:1.8.1 # flag to enable debugging - application support required @@ -289,6 +289,36 @@ dgbuilder: name: sdnc-dgbuilder nodePort: "03" +# local elasticsearch cluster +localElasticCluster: true +elasticsearch: + nameOverride: sdnrdb + name: sdnrdb-cluster + aafConfig: + fqdn: "sdnc" + fqi_namespace: org.onap.sdnc + fqi: "sdnc@sdnc.onap.org" + service: + name: sdnrdb + + master: + replicaCount: 3 + # dedicatednode: "yes" + # working as master node only, in this case increase replicaCount for elasticsearch-data + # dedicatednode: "no" + # handles master and data node functionality + dedicatednode: "no" + nameOverride: sdnrdb + + curator: + enabled: true + nameOverride: sdnrdb + data: + enabled: true + replicaCount: 1 + nameOverride: sdnrdb + + # default number of instances replicaCount: 1 diff --git a/kubernetes/so/charts/so-openstack-adapter/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-openstack-adapter/resources/config/overrides/override.yaml index 117d270ab0..3ecf3f50b3 100755 --- a/kubernetes/so/charts/so-openstack-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/charts/so-openstack-adapter/resources/config/overrides/override.yaml @@ -96,6 +96,10 @@ ecomp: pollTimeout: 7500 pollInterval: 15 mso: + adapters: + requestDb: + endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083 + auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.db.auth )}} auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.encrypted "value2" .Values.mso.auth )}} logPath: ./logs/openstack msb-ip: msb-iag.{{ include "common.namespace" . }} diff --git a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/values.yaml b/kubernetes/vfc/charts/vfc-generic-vnfm-driver/values.yaml index d7108a8fb0..8bc90fc79b 100644 --- a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/values.yaml +++ b/kubernetes/vfc/charts/vfc-generic-vnfm-driver/values.yaml @@ -29,7 +29,7 @@ global: flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/gvnfmdriver:1.3.8 +image: onap/vfc/gvnfmdriver:1.3.9 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/vfc/charts/vfc-nslcm/values.yaml b/kubernetes/vfc/charts/vfc-nslcm/values.yaml index 023ec59104..e36efee902 100644 --- a/kubernetes/vfc/charts/vfc-nslcm/values.yaml +++ b/kubernetes/vfc/charts/vfc-nslcm/values.yaml @@ -39,7 +39,7 @@ secrets: flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/nslcm:1.3.8 +image: onap/vfc/nslcm:1.3.9 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/vfc/charts/vfc-vnflcm/values.yaml b/kubernetes/vfc/charts/vfc-vnflcm/values.yaml index 76eebe5090..48176a70a5 100644 --- a/kubernetes/vfc/charts/vfc-vnflcm/values.yaml +++ b/kubernetes/vfc/charts/vfc-vnflcm/values.yaml @@ -39,7 +39,7 @@ secrets: flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/vnflcm:1.3.8 +image: onap/vfc/vnflcm:1.3.9 pullPolicy: Always #Istio sidecar injection policy