From: Brian Freeman Date: Mon, 19 Aug 2019 13:06:57 +0000 (+0000) Subject: Merge "Update SDC DCAE-DS charts" X-Git-Tag: 5.0.1-ONAP~137 X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=992ec96ba352753ba1021684972b4e63bcb16fac;hp=2cba24612ce6cd221dbb166519b2d9e7abad58ae;p=oom.git Merge "Update SDC DCAE-DS charts" --- diff --git a/docs/release-notes.rst b/docs/release-notes.rst index dc10400dfb..01e3524666 100644 --- a/docs/release-notes.rst +++ b/docs/release-notes.rst @@ -10,6 +10,19 @@ ONAP Operations Manager Release Notes ===================================== +Version 5.0.0 (El Alto Early Drop) +---------------------------------- + +:Release Date: 2019-08-19 + +Summary +------- + +**Software Requirements** + +* Upgraded to Kubernetes 1.15.x and Helm 1.14.x + + Version 4.0.0 (Dublin Release) ------------------------------ diff --git a/kubernetes/aaf/charts/aaf-cass/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-cass/templates/deployment.yaml index c664d034bb..5bbb1d731f 100644 --- a/kubernetes/aaf/charts/aaf-cass/templates/deployment.yaml +++ b/kubernetes/aaf/charts/aaf-cass/templates/deployment.yaml @@ -32,7 +32,7 @@ spec: spec: containers: - name: {{ include "common.name" . }} - image: {{ .Values.global.repository }}/onap/aaf/aaf_cass:{{.Values.global.aaf.imageVersion}} + image: {{ .Values.global.repository }}/{{.Values.global.aaf.cass.image}} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} # installing with cmd "onap" will not only initialize the DB, but add ONAP bootstrap data as well command: ["/bin/bash","/opt/app/aaf/cass_init/cmd.sh","onap"] diff --git a/kubernetes/aaf/charts/aaf-cm/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-cm/templates/deployment.yaml index 87bcaa4b7c..19d762557a 100644 --- a/kubernetes/aaf/charts/aaf-cm/templates/deployment.yaml +++ b/kubernetes/aaf/charts/aaf-cm/templates/deployment.yaml @@ -32,7 +32,7 @@ spec: spec: initContainers: - name: {{ include "common.name" . }}-config-container - image: {{ .Values.global.repository }}/onap/aaf/aaf_config:{{.Values.global.aaf.imageVersion}} + image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["bash","-c","cd /opt/app/aaf_config && bin/pod_wait.sh config aaf-service remove && bin/agent.sh"] volumeMounts: @@ -57,14 +57,14 @@ spec: value: "{{ .Values.global.aaf.aaf_release }}" - name: aaf_locator_container_ns value: "{{ .Release.Namespace }}" - - name: aaf_locator_container - value: "oom" - name: aaf_locator_public_fqdn value: "{{.Values.global.aaf.public_fqdn}}" - name: aaf_locator_name value: "{{.Values.global.aaf.aaf_locator_name}}" - name: aaf_locator_name_oom value: "{{.Values.global.aaf.aaf_locator_name_oom}}" + - name: cm_always_ignore_ips + value: "true" - name: CASSANDRA_CLUSTER value: "{{.Values.global.aaf.cass.fqdn}}.{{ .Release.Namespace }}" # - name: CASSANDRA_USER @@ -76,7 +76,7 @@ spec: containers: - name: {{ include "common.name" . }} command: ["/bin/bash","-c","cd /opt/app/aaf && /bin/bash bin/pod_wait.sh aaf-cm aaf-locate && exec bin/cm"] - image: {{ .Values.global.repository }}/onap/aaf/aaf_cm:{{.Values.global.aaf.imageVersion}} + image: {{ .Values.global.repository }}/{{.Values.global.aaf.image}} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - mountPath: "/opt/app/osaaf" diff --git a/kubernetes/aaf/charts/aaf-fs/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-fs/templates/deployment.yaml index 9f97da96ec..cd72fddb58 100644 --- a/kubernetes/aaf/charts/aaf-fs/templates/deployment.yaml +++ b/kubernetes/aaf/charts/aaf-fs/templates/deployment.yaml @@ -32,7 +32,7 @@ spec: spec: initContainers: - name: {{ include "common.name" . }}-config-container - image: {{ .Values.global.repository }}/onap/aaf/aaf_config:{{.Values.global.aaf.imageVersion}} + image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["bash","-c","cd /opt/app/aaf_config && bin/pod_wait.sh config aaf-service remove && bin/agent.sh"] volumeMounts: @@ -57,14 +57,14 @@ spec: value: "{{ .Values.global.aaf.aaf_release }}" - name: aaf_locator_container_ns value: "{{ .Release.Namespace }}" - - name: aaf_locator_container - value: "oom" - name: aaf_locator_public_fqdn value: "{{.Values.global.aaf.public_fqdn}}" - name: aaf_locator_name value: "{{.Values.global.aaf.aaf_locator_name}}" - name: aaf_locator_name_oom value: "{{.Values.global.aaf.aaf_locator_name_oom}}" + - name: cm_always_ignore_ips + value: "true" - name: CASSANDRA_CLUSTER value: "{{.Values.global.aaf.cass.fqdn}}.{{ .Release.Namespace }}" # - name: CASSANDRA_USER @@ -72,10 +72,11 @@ spec: # - name: CASSANDRA_PASSWORD # value: "" # - name: CASSANDRA_PORT +# value: "" containers: - name: {{ include "common.name" . }} command: ["/bin/bash","-c","cd /opt/app/aaf && /bin/bash bin/pod_wait.sh aaf-fs aaf-locate && exec bin/fs"] - image: {{ .Values.global.repository }}/onap/aaf/aaf_fs:{{.Values.global.aaf.imageVersion}} + image: {{ .Values.global.repository }}/{{.Values.global.aaf.image}} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - mountPath: "/opt/app/osaaf" diff --git a/kubernetes/aaf/charts/aaf-gui/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-gui/templates/deployment.yaml index d067b5ec25..4a433cccfd 100644 --- a/kubernetes/aaf/charts/aaf-gui/templates/deployment.yaml +++ b/kubernetes/aaf/charts/aaf-gui/templates/deployment.yaml @@ -32,7 +32,7 @@ spec: spec: initContainers: - name: {{ include "common.name" . }}-config-container - image: {{ .Values.global.repository }}/onap/aaf/aaf_config:{{.Values.global.aaf.imageVersion}} + image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["bash","-c","cd /opt/app/aaf_config && bin/pod_wait.sh config aaf-service remove && bin/agent.sh"] volumeMounts: @@ -57,14 +57,14 @@ spec: value: "{{ .Values.global.aaf.aaf_release }}" - name: aaf_locator_container_ns value: "{{ .Release.Namespace }}" - - name: aaf_locator_container - value: "oom" - name: aaf_locator_public_fqdn value: "{{.Values.global.aaf.public_fqdn}}" - name: aaf_locator_name value: "{{.Values.global.aaf.aaf_locator_name}}" - name: aaf_locator_name_oom value: "{{.Values.global.aaf.aaf_locator_name_oom}}" + - name: cm_always_ignore_ips + value: "true" - name: CASSANDRA_CLUSTER value: "{{.Values.global.aaf.cass.fqdn}}.{{ .Release.Namespace }}" # - name: CASSANDRA_USER @@ -72,10 +72,11 @@ spec: # - name: CASSANDRA_PASSWORD # value: "" # - name: CASSANDRA_PORT +# value: "" containers: - name: {{ include "common.name" . }} command: ["/bin/bash","-c","cd /opt/app/aaf && /bin/bash bin/pod_wait.sh aaf-gui aaf-locate && exec bin/gui"] - image: {{ .Values.global.repository }}/onap/aaf/aaf_gui:{{.Values.global.aaf.imageVersion}} + image: {{ .Values.global.repository }}/{{.Values.global.aaf.image}} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - mountPath: "/opt/app/osaaf" diff --git a/kubernetes/aaf/charts/aaf-hello/templates/NOTES.txt b/kubernetes/aaf/charts/aaf-hello/templates/NOTES.txt index bd74a42cd5..ef4d8e7d23 100644 --- a/kubernetes/aaf/charts/aaf-hello/templates/NOTES.txt +++ b/kubernetes/aaf/charts/aaf-hello/templates/NOTES.txt @@ -12,22 +12,3 @@ # See the License for the specific language governing permissions and # limitations under the License. -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/aaf/charts/aaf-hello/templates/aaf-hello-pv.yaml b/kubernetes/aaf/charts/aaf-hello/templates/aaf-hello-pv.yaml new file mode 100644 index 0000000000..066bf38f2f --- /dev/null +++ b/kubernetes/aaf/charts/aaf-hello/templates/aaf-hello-pv.yaml @@ -0,0 +1,48 @@ +{{- if and .Values.global.persistence.enabled (not .Values.persistence.existingClaim) -}} +######### +## ============LICENSE_START==================================================== +## org.onap.aaf +## =========================================================================== +## Copyright (c) 2017 AT&T Intellectual Property. All rights reserved. +## =========================================================================== +## Licensed under the Apache License, Version 2.0 (the "License"); +## you may not use this file except in compliance with the License. +## You may obtain a copy of the License at +## +## http://www.apache.org/licenses/LICENSE-2.0 +## +## Unless required by applicable law or agreed to in writing, software +## distributed under the License is distributed on an "AS IS" BASIS, +## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +## See the License for the specific language governing permissions and +## limitations under the License. +## ============LICENSE_END==================================================== +## + +kind: PersistentVolume +apiVersion: v1 +metadata: + name: {{ .Release.Name }}-aaf-hello-pv + namespace: {{ include "common.namespace" . }} + labels: + app: {{ .Chart.Name }}-hello + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + name: {{ include "common.fullname" . }} +spec: + capacity: + storage: {{ .Values.persistence.config.size}} + accessModes: + - {{ .Values.persistence.config.accessMode }} + persistentVolumeReclaimPolicy: {{ .Values.persistence.config.volumeReclaimPolicy }} + hostPath: + path: {{ .Values.persistence.config.mountPath }} +{{- if .Values.persistence.config.storageClass }} +{{- if (eq "-" .Values.persistence.config.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.persistence.config.storageClass }}" +{{- end }} +{{- end }} +{{- end -}} diff --git a/kubernetes/aaf/charts/aaf-hello/templates/aaf-hello-pvc.yaml b/kubernetes/aaf/charts/aaf-hello/templates/aaf-hello-pvc.yaml new file mode 100644 index 0000000000..7c45b8bd7f --- /dev/null +++ b/kubernetes/aaf/charts/aaf-hello/templates/aaf-hello-pvc.yaml @@ -0,0 +1,52 @@ +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +######### +## ============LICENSE_START==================================================== +## org.onap.aaf +## =========================================================================== +## Copyright (c) 2017 AT&T Intellectual Property. All rights reserved. +## =========================================================================== +## Licensed under the Apache License, Version 2.0 (the "License"); +## you may not use this file except in compliance with the License. +## You may obtain a copy of the License at +## +## http://www.apache.org/licenses/LICENSE-2.0 +## +## Unless required by applicable law or agreed to in writing, software +## distributed under the License is distributed on an "AS IS" BASIS, +## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +## See the License for the specific language governing permissions and +## limitations under the License. +## ============LICENSE_END==================================================== +## +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ .Release.Name }}-aaf-hello-pvc + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +{{- if .Values.persistence.annotations }} + annotations: +{{ toYaml .Values.persistence.annotations | indent 4 }} +{{- end }} +spec: + selector: + matchLabels: + app: {{ include "common.name" . }}-hello + accessModes: + - {{ .Values.persistence.config.accessMode }} + resources: + requests: + storage: {{ .Values.persistence.config.size }} +{{- if .Values.persistence.config.storageClass }} +{{- if (eq "-" .Values.persistence.config.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.persistence.config.storageClass }}" +{{- end }} +{{- end }} +{{- end -}} + diff --git a/kubernetes/aaf/charts/aaf-hello/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-hello/templates/deployment.yaml index 9faa580023..c5fcf68a58 100644 --- a/kubernetes/aaf/charts/aaf-hello/templates/deployment.yaml +++ b/kubernetes/aaf/charts/aaf-hello/templates/deployment.yaml @@ -11,7 +11,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - apiVersion: extensions/v1beta1 kind: Deployment metadata: @@ -30,75 +29,71 @@ spec: app: {{ include "common.name" . }} release: {{ .Release.Name }} spec: + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: aaf-hello-vol + persistentVolumeClaim: + claimName: {{ .Release.Name }}-aaf-hello-pvc + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" initContainers: - - name: {{ include "common.name" . }}-config-container - image: {{ .Values.global.repository }}/onap/aaf/aaf_agent:{{.Values.global.aaf.imageVersion}} + - name: {{ include "common.name" . }}-config + image: {{ .Values.global.repository }}/{{.Values.aaf_init.image}} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - - mountPath: "/opt/app/osaaf/local" + - mountPath: "/opt/app/osaaf" name: aaf-hello-vol - command: ["bash","-c","/opt/app/aaf_config/bin/pod_wait.sh config nc aaf-cm.{{.Release.Namespace}} 8150 remove && cd /opt/app/osaaf/local && /opt/app/aaf_config/bin/agent.sh"] +# NOTE: Before this, need Liveness Attached to aaf-certman + command: ["bash","-c","exec /opt/app/aaf_config/bin/agent.sh"] env: - - name: aaf_env - value: "{{ .Values.global.aaf.aaf_env }}" - - name: cadi_latitude - value: "{{ .Values.global.aaf.cadi_latitude }}" - - name: cadi_longitude - value: "{{ .Values.global.aaf.cadi_longitude }}" + - name: APP_FQI + value: "{{ .Values.aaf_init.fqi }}" - name: aaf_locate_url - value: "https://aaf-locate.{{ .Release.Namespace}}:{{.Values.global.aaf.locate.internal_port}}" - - name: aaf_locator_container - value: "oom" - - name: aaf_release - value: "{{ .Values.global.aaf.aaf_release }}" - - name: aaf_locator_container_ns - value: "{{ .Release.Namespace }}" + value: "https://aaf-locate.{{ .Release.Namespace}}:8095" - name: aaf_locator_container value: "oom" - name: aaf_locator_container_ns value: "{{ .Release.Namespace }}" + - name: aaf_locator_fqdn + value: "{{ .Values.aaf_init.fqdn }}" - name: aaf_locator_app_ns - value: "org.osaaf.aaf" - - name: "APP_FQDN" - value: "{{ .Values.global.aaf.hello.fqdn }}" - - name: "APP_FQI" - value: "aaf@aaf.osaaf.org" - - name: "DEPLOY_FQI" + value: "{{ .Values.aaf_init.app_ns }}" + - name: DEPLOY_FQI value: "deployer@people.osaaf.org" - - name: "DEPLOY_PASSWORD" +# Note: We want to put this in Secrets or at LEAST ConfigMaps + - name: DEPLOY_PASSWORD value: "demo123456!" -# Hello specific. Clients don't necessarily need this +# Note: want to put this on Nodes, evenutally + - name: cadi_longitude + value: "{{ .Values.aaf_init.cadi_longitude }}" + - name: cadi_latitude + value: "{{ .Values.aaf_init.cadi_latitude }}" +# Hello specific. Clients don't don't need this, unless Registering with AAF Locator - name: aaf_locator_public_fqdn value: "{{.Values.global.aaf.public_fqdn}}" - - name: aaf_locator_name - value: "{{.Values.global.aaf.aaf_locator_name}}" - - name: aaf_locator_name_oom - value: "{{.Values.global.aaf.aaf_locator_name_oom}}" - - name: aaf_locator_fqdn_oom - value: "%N.%CNS" containers: - name: {{ include "common.name" . }} - command: ["/bin/bash","-c","cd /opt/app/aaf && exec bin/hello"] - image: {{ .Values.global.repository }}/onap/aaf/aaf_hello:{{.Values.global.aaf.imageVersion}} + command: ["bash","-c","cd /opt/app/aaf && if [ ! -d /opt/app/osaaf/etc ]; then cp -Rf etc logs /opt/app/osaaf; fi && exec bin/hello"] + image: {{ .Values.global.repository }}/{{.Values.service.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - - mountPath: "/opt/app/osaaf/local" + - mountPath: "/opt/app/osaaf" name: aaf-hello-vol - - mountPath: "/opt/app/aaf/status" - name: aaf-status-vol - mountPath: /etc/localtime name: localtime readOnly: true {{- if eq .Values.liveness.enabled true }} livenessProbe: tcpSocket: - port: {{ .Values.service.internalPort }} + port: {{ .Values.service.port }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} {{ end -}} readinessProbe: tcpSocket: - port: {{ .Values.service.internalPort }} + port: {{ .Values.service.port }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} resources: @@ -111,14 +106,3 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} - volumes: - - name: localtime - hostPath: - path: /etc/localtime - - name: aaf-status-vol - persistentVolumeClaim: - claimName: {{ .Release.Name }}-aaf-status-pvc - - name: aaf-hello-vol - emptyDir: {} - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aaf/charts/aaf-hello/templates/service.yaml b/kubernetes/aaf/charts/aaf-hello/templates/service.yaml index 102e85d39e..ab89171c50 100644 --- a/kubernetes/aaf/charts/aaf-hello/templates/service.yaml +++ b/kubernetes/aaf/charts/aaf-hello/templates/service.yaml @@ -24,8 +24,8 @@ metadata: heritage: {{ .Release.Service }} spec: ports: - - port: {{ .Values.global.aaf.hello.internal_port }} - nodePort: {{ .Values.global.aaf.hello.public_port }} + - port: {{ .Values.service.port }} + nodePort: {{ .Values.service.public_port }} name: aaf-hello selector: app: {{ include "common.name" . }} diff --git a/kubernetes/aaf/charts/aaf-hello/values.yaml b/kubernetes/aaf/charts/aaf-hello/values.yaml index c3ed9e1a64..ea6665c61a 100644 --- a/kubernetes/aaf/charts/aaf-hello/values.yaml +++ b/kubernetes/aaf/charts/aaf-hello/values.yaml @@ -24,7 +24,34 @@ flavor: small # Application configuration defaults. ################################################################# # application image +aaf_init: + # You might want this in your own app. For AAF, we store in global + # replicas: 1 + fqdn: "aaf-hello" + image: onap/aaf/aaf_agent:2.1.15 + app_ns: "org.osaaf.aaf" + fqi: "aaf@aaf.osaaf.org" + fqdn: "aaf-hello" + public_fqdn: "aaf.osaaf.org" + deploy_fqi: "deployer@people.osaaf.org" + cadi_latitude: "38.0" + cadi_longitude: "-72.0" +service: + image: onap/aaf/aaf_hello:2.1.15 + port: "8130" + public_port: "31119" + +persistence: + enabled: true + config: + #existingClaim: + # You will want "Reatan" in non-Hello Example. + volumeReclaimPolicy: Delete + accessMode: ReadWriteMany + size: 40M + storageClass: "manual" + mountPath: "/mnt/data/aaf/hello" nodeSelector: {} @@ -42,15 +69,6 @@ readiness: initialDelaySeconds: 5 periodSeconds: 10 -service: - name: aaf-hello - type: ClusterIP - portName: aaf-hello - #targetPort - internalPort: 8130 - #port - externalPort: 8130 - ingress: enabled: false diff --git a/kubernetes/aaf/charts/aaf-locate/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-locate/templates/deployment.yaml index f504063555..69d16121c9 100644 --- a/kubernetes/aaf/charts/aaf-locate/templates/deployment.yaml +++ b/kubernetes/aaf/charts/aaf-locate/templates/deployment.yaml @@ -32,7 +32,7 @@ spec: spec: initContainers: - name: {{ include "common.name" . }}-config-container - image: {{ .Values.global.repository }}/onap/aaf/aaf_config:{{.Values.global.aaf.imageVersion}} + image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["bash","-c","cd /opt/app/aaf_config && bin/pod_wait.sh config aaf-service remove && bin/agent.sh"] volumeMounts: @@ -57,14 +57,14 @@ spec: value: "{{ .Values.global.aaf.aaf_release }}" - name: aaf_locator_container_ns value: "{{ .Release.Namespace }}" - - name: aaf_locator_container - value: "oom" - name: aaf_locator_public_fqdn value: "{{.Values.global.aaf.public_fqdn}}" - name: aaf_locator_name value: "{{.Values.global.aaf.aaf_locator_name}}" - name: aaf_locator_name_oom value: "{{.Values.global.aaf.aaf_locator_name_oom}}" + - name: cm_always_ignore_ips + value: "true" - name: CASSANDRA_CLUSTER value: "{{.Values.global.aaf.cass.fqdn}}.{{ .Release.Namespace }}" # - name: CASSANDRA_USER @@ -72,10 +72,11 @@ spec: # - name: CASSANDRA_PASSWORD # value: "" # - name: CASSANDRA_PORT +# value: "" containers: - name: {{ include "common.name" . }} command: ["/bin/bash","-c","cd /opt/app/aaf && /bin/bash bin/pod_wait.sh aaf-locate aaf-service && exec bin/locate"] - image: {{ .Values.global.repository }}/onap/aaf/aaf_locate:{{.Values.global.aaf.imageVersion}} + image: {{ .Values.global.repository }}/{{.Values.global.aaf.image}} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - mountPath: "/opt/app/osaaf" diff --git a/kubernetes/aaf/charts/aaf-oauth/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-oauth/templates/deployment.yaml index cc328d5ca6..b371c86541 100644 --- a/kubernetes/aaf/charts/aaf-oauth/templates/deployment.yaml +++ b/kubernetes/aaf/charts/aaf-oauth/templates/deployment.yaml @@ -32,7 +32,7 @@ spec: spec: initContainers: - name: {{ include "common.name" . }}-config-container - image: {{ .Values.global.repository }}/onap/aaf/aaf_config:{{.Values.global.aaf.imageVersion}} + image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["bash","-c","cd /opt/app/aaf_config && bin/pod_wait.sh config aaf-service remove && bin/agent.sh"] volumeMounts: @@ -57,14 +57,14 @@ spec: value: "{{ .Values.global.aaf.aaf_release }}" - name: aaf_locator_container_ns value: "{{ .Release.Namespace }}" - - name: aaf_locator_container - value: "oom" - name: aaf_locator_public_fqdn value: "{{.Values.global.aaf.public_fqdn}}" - name: aaf_locator_name value: "{{.Values.global.aaf.aaf_locator_name}}" - name: aaf_locator_name_oom value: "{{.Values.global.aaf.aaf_locator_name_oom}}" + - name: cm_always_ignore_ips + value: "true" - name: CASSANDRA_CLUSTER value: "{{.Values.global.aaf.cass.fqdn}}.{{ .Release.Namespace }}" # - name: CASSANDRA_USER @@ -72,10 +72,11 @@ spec: # - name: CASSANDRA_PASSWORD # value: "" # - name: CASSANDRA_PORT +# value: "" containers: - name: {{ include "common.name" . }} command: ["/bin/bash","-c","cd /opt/app/aaf && /bin/bash bin/pod_wait.sh aaf-oauth aaf-service && exec bin/oauth"] - image: {{ .Values.global.repository }}/onap/aaf/aaf_oauth:{{.Values.global.aaf.imageVersion}} + image: {{ .Values.global.repository }}/{{.Values.global.aaf.image}} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - mountPath: "/opt/app/osaaf" diff --git a/kubernetes/aaf/charts/aaf-service/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-service/templates/deployment.yaml index 1801bfec0c..1c09718262 100644 --- a/kubernetes/aaf/charts/aaf-service/templates/deployment.yaml +++ b/kubernetes/aaf/charts/aaf-service/templates/deployment.yaml @@ -32,7 +32,7 @@ spec: spec: initContainers: - name: {{ include "common.name" . }}-config-container - image: {{ .Values.global.repository }}/onap/aaf/aaf_config:{{.Values.global.aaf.imageVersion}} + image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["bash","-c","cd /opt/app/aaf_config && bin/pod_wait.sh config nc aaf-cass.{{ .Release.Namespace }} 9042 sleep 15 remove && bin/agent.sh"] volumeMounts: @@ -63,6 +63,8 @@ spec: value: "{{.Values.global.aaf.aaf_locator_name}}" - name: aaf_locator_name_oom value: "{{.Values.global.aaf.aaf_locator_name_oom}}" + - name: cm_always_ignore_ips + value: "true" - name: CASSANDRA_CLUSTER value: "{{.Values.global.aaf.cass.fqdn}}.{{ .Release.Namespace }}" # - name: CASSANDRA_USER @@ -73,9 +75,12 @@ spec: # value: "" containers: - name: {{ include "common.name" . }} - command: ["/bin/bash","-c","cd /opt/app/aaf && bin/pod_wait.sh aaf-service aaf-cass && exec bin/service"] - image: {{ .Values.global.repository }}/onap/aaf/aaf_service:{{.Values.global.aaf.imageVersion}} + command: ["/bin/bash","-c","cd /opt/app/aaf && bin/pod_wait.sh aaf-service aaf-cass && exec bin/service"] + image: {{.Values.global.repository}}/{{.Values.global.aaf.image}} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: cm_always_ignore_ips + value: "true" lifecycle: preStop: exec: diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/service.yaml b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/service.yaml index de6130cb1d..04e9a5a92f 100644 --- a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/service.yaml +++ b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/service.yaml @@ -28,7 +28,7 @@ spec: - name: {{ .Values.service.portName }} {{if eq .Values.service.type "NodePort" -}} port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + nodePort: {{ .Values.global.nodePortPrefix | default "302" }}{{ .Values.service.nodePort }} {{- else -}} port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} diff --git a/kubernetes/aaf/charts/aaf-sms/templates/service.yaml b/kubernetes/aaf/charts/aaf-sms/templates/service.yaml index 5e6bffb89f..18334a301c 100644 --- a/kubernetes/aaf/charts/aaf-sms/templates/service.yaml +++ b/kubernetes/aaf/charts/aaf-sms/templates/service.yaml @@ -28,7 +28,7 @@ spec: - name: {{ .Values.service.PortName }} {{if eq .Values.service.type "NodePort" -}} port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + nodePort: {{ .Values.global.nodePortPrefix | default "302" }}{{ .Values.service.nodePort }} {{- else -}} port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} diff --git a/kubernetes/aaf/values.yaml b/kubernetes/aaf/values.yaml index 1ddb604c02..0109a5e90d 100644 --- a/kubernetes/aaf/values.yaml +++ b/kubernetes/aaf/values.yaml @@ -23,30 +23,35 @@ global: ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 persistence: enabled: true - pullPolicy: Always + # Standard OOM + pullPolicy: "Always" repository: "nexus3.onap.org:10001" - # pullPolicy: IfNotPresent - # repository: "nexus3.onap.org:10003" + + # Use Local + #pullPolicy: IfNotPresent + #repository: "nexus3.onap.org:10003" aaf: - imageVersion: 2.1.13 - #imageVersion: latest readiness: false + image: onap/aaf/aaf_core:2.1.15 aaf_env: "DEV" public_fqdn: "aaf.osaaf.org" - aaf_release: "Dublin" + aaf_release: "El Alto" # DUBLIN ONLY - for M4 compatibility with Casablanca - aaf_locator_name: "public.%NS.%N" - aaf_locator_name_oom: "%NS.%N" + # aaf_locator_name: "public.%NS.%N" + # aaf_locator_name_oom: "%NS.%N" # EL ALTO and Beyond - # aaf_locator_name: "%NS.%N" - # aaf_locator_name_oom: "%CNS.%NS.%N" + aaf_locator_name: "%NS.%N" + aaf_locator_name_oom: "%CNS.%NS.%N" cadi_latitude: "38.0" cadi_longitude: "-72.0" cadi_x509_issuers: "CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US" + config: + image: onap/aaf/aaf_config:2.1.15 cass: replicas: 1 + image: onap/aaf/aaf_cass:2.1.15 fqdn: "aaf-cass" cluster_name: "osaaf" heap_new_size: "512M" @@ -88,9 +93,6 @@ global: public_port: 31115 hello: replicas: 0 - fqdn: "aaf-hello" - internal_port: 8130 - public_port: 31116 ################################################################# # Application configuration defaults. diff --git a/kubernetes/aai b/kubernetes/aai index 54668628a1..55cb73cadc 160000 --- a/kubernetes/aai +++ b/kubernetes/aai @@ -1 +1 @@ -Subproject commit 54668628a12b389d40853c58330977a70bd4795d +Subproject commit 55cb73cadc59537643c0fe5cb7ededadc9ff2b48 diff --git a/kubernetes/cds/charts/cds-blueprints-processor/resources/config/ONAP_RootCA.cer b/kubernetes/cds/charts/cds-blueprints-processor/resources/config/ONAP_RootCA.cer new file mode 100755 index 0000000000..e9a50d7ea0 --- /dev/null +++ b/kubernetes/cds/charts/cds-blueprints-processor/resources/config/ONAP_RootCA.cer @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE----- +MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV +BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx +NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK +DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC +ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7 +XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn +H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM +pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7 +NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg +2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY +wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd +ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM +P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6 +aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY +PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G +A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ +UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN +BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz +L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9 +7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx +c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf +jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2 +RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h +PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF +CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+ +Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A +cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR +ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX +dYY= +-----END CERTIFICATE----- diff --git a/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties b/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties index 1317300570..27d9663bd6 100755 --- a/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties +++ b/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties @@ -14,6 +14,30 @@ # limitations under the License. # # Web server config +### START -Controller Blueprints Properties +# Load Resource Source Mappings +resourceSourceMappings=processor-db=source-processor-db,primary-db=source-processor-db,input=source-input,default=source-default,primary-config-data=source-rest,primary-aai-data=source-rest,capability=source-capability + +# Controller Blueprints Core Configuration +controllerblueprints.blueprintDeployPath=/opt/app/onap/blueprints/deploy +controllerblueprints.blueprintArchivePath=/opt/app/onap/blueprints/archive +controllerblueprints.blueprintWorkingPath=/opt/app/onap/blueprints/working + +# Controller Blueprint Load Configurations +# blueprints.load.initial-data may be overridden by ENV variables +controllerblueprints.loadInitialData=true +controllerblueprints.loadBluePrint=true +controllerblueprints.loadBluePrintPaths=/opt/app/onap/model-catalog/blueprint-model/service-blueprint +controllerblueprints.loadModelType=true +controllerblueprints.loadModeTypePaths=/opt/app/onap/model-catalog/definition-type/starter-type +controllerblueprints.loadResourceDictionary=true +controllerblueprints.loadResourceDictionaryPaths=/opt/app/onap/model-catalog/resource-dictionary/starter-dictionary + +# CBA file extension +controllerblueprints.loadCbaExtension=zip + +### END -Controller Blueprints Properties + blueprintsprocessor.grpcEnable=true blueprintsprocessor.httpPort=8080 blueprintsprocessor.grpcPort=9111 @@ -71,3 +95,15 @@ blueprintsprocessor.restclient.primary-aai-data.url=https://aai.onap:8443 blueprintsprocessor.restclient.primary-aai-data.username=aai@aai.onap.org blueprintsprocessor.restclient.primary-aai-data.password=demo123456! +# Kafka-message-lib Configuration +blueprintsprocessor.messageclient.self-service-api.topic=cds-producer +blueprintsprocessor.messageclient.self-service-api.type=kafka-basic-auth + +##ONAP Message Router Kafka Service## +blueprintsprocessor.messageclient.self-service-api.bootstrapServers=message-router-kafka:9092 + +blueprintsprocessor.messageclient.self-service-api.consumerTopic=cds-consumer +blueprintsprocessor.messageclient.self-service-api.groupId=cds-consumer-group +blueprintsprocessor.messageclient.self-service-api.clientId=cds-client +blueprintsprocessor.messageclient.self-service-api.kafkaEnable=false + diff --git a/kubernetes/cds/charts/cds-blueprints-processor/templates/deployment.yaml b/kubernetes/cds/charts/cds-blueprints-processor/templates/deployment.yaml index 95069fcbff..ef7d8d4442 100755 --- a/kubernetes/cds/charts/cds-blueprints-processor/templates/deployment.yaml +++ b/kubernetes/cds/charts/cds-blueprints-processor/templates/deployment.yaml @@ -36,6 +36,10 @@ spec: args: - --container-name - cds-db + {{- if .Values.dmaapEnabled }} + - --container-name + - message-router + {{ end }} env: - name: NAMESPACE valueFrom: @@ -87,6 +91,11 @@ spec: - mountPath: {{ .Values.config.appConfigDir }}/logback.xml name: {{ include "common.fullname" . }}-config subPath: logback.xml + + - mountPath: {{ .Values.config.appConfigDir }}/ONAP_RootCA.cer + name: {{ include "common.fullname" . }}-config + subPath: ONAP_RootCA.cer + - mountPath: {{ .Values.persistence.deployedBlueprint }} name: {{ include "common.fullname" . }}-blueprints resources: diff --git a/kubernetes/cds/charts/cds-blueprints-processor/values.yaml b/kubernetes/cds/charts/cds-blueprints-processor/values.yaml index a2e3da688f..7ac3274f32 100755 --- a/kubernetes/cds/charts/cds-blueprints-processor/values.yaml +++ b/kubernetes/cds/charts/cds-blueprints-processor/values.yaml @@ -40,7 +40,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-blueprintsprocessor:0.4.5 +image: onap/ccsdk-blueprintsprocessor:0.5.1 pullPolicy: Always # flag to enable debugging - application support required @@ -57,6 +57,10 @@ nodeSelector: {} affinity: {} +# flag for kafka-listener dependency. Set to true if you are using message-router otherwise set to false if you are using +# custom kafka cluster. +dmaapEnabled: true + # probe configuration parameters liveness: initialDelaySeconds: 120 @@ -82,7 +86,6 @@ service: internalPort: 9111 externalPort: 9111 - persistence: volumeReclaimPolicy: Retain accessMode: ReadWriteMany diff --git a/kubernetes/cds/charts/cds-command-executor/values.yaml b/kubernetes/cds/charts/cds-command-executor/values.yaml index 14432ecab2..0db73be134 100755 --- a/kubernetes/cds/charts/cds-command-executor/values.yaml +++ b/kubernetes/cds/charts/cds-command-executor/values.yaml @@ -40,7 +40,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-commandexecutor:0.4.5 +image: onap/ccsdk-commandexecutor:0.5.1 pullPolicy: Always # application configuration diff --git a/kubernetes/cds/charts/cds-controller-blueprints/values.yaml b/kubernetes/cds/charts/cds-controller-blueprints/values.yaml index b629c5109a..4e32c5eac4 100755 --- a/kubernetes/cds/charts/cds-controller-blueprints/values.yaml +++ b/kubernetes/cds/charts/cds-controller-blueprints/values.yaml @@ -38,7 +38,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-controllerblueprints:0.4.5 +image: onap/ccsdk-controllerblueprints:0.5.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/cds/charts/cds-sdc-listener/values.yaml b/kubernetes/cds/charts/cds-sdc-listener/values.yaml index cd2fbf5ad4..c14b997acc 100644 --- a/kubernetes/cds/charts/cds-sdc-listener/values.yaml +++ b/kubernetes/cds/charts/cds-sdc-listener/values.yaml @@ -37,7 +37,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-sdclistener:0.4.5 +image: onap/ccsdk-sdclistener:0.5.1 name: sdc-listener pullPolicy: Always diff --git a/kubernetes/cds/charts/cds-ui/values.yaml b/kubernetes/cds/charts/cds-ui/values.yaml index 1ba8a17049..60c0a8a037 100644 --- a/kubernetes/cds/charts/cds-ui/values.yaml +++ b/kubernetes/cds/charts/cds-ui/values.yaml @@ -28,7 +28,7 @@ subChartsOnly: # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-cds-ui-server:0.4.5 +image: onap/ccsdk-cds-ui-server:0.5.1 pullPolicy: Always # application configuration diff --git a/kubernetes/common/common/templates/_ingress.tpl b/kubernetes/common/common/templates/_ingress.tpl new file mode 100644 index 0000000000..9b274ad190 --- /dev/null +++ b/kubernetes/common/common/templates/_ingress.tpl @@ -0,0 +1,55 @@ +{{- define "ingress.config.port" -}} +{{- if .Values.ingress -}} +{{- if .Values.ingress.service -}} +{{- range .Values.ingress.service }} + - path: {{ .path }} + backend: + serviceName: {{ .name }} + servicePort: {{ .port }} +{{- end }} +{{- else -}} + - path: {{ printf "/%s" .Chart.Name }} + backend: + serviceName: {{ .Chart.Name }} + servicePort: {{ .Values.service.externalPort }} +{{- end -}} +{{- end -}} +{{- end -}} + + +{{- define "ingress.config.annotations" -}} +{{- if .Values.ingress -}} +{{- if .Values.ingress.annotations -}} +{{ toYaml .Values.ingress.annotations | indent 4 | trim }} +{{- end -}} +{{- end -}} +{{- end -}} + + +{{- define "common.ingress" -}} +{{- if .Values.ingress -}} +{{- if .Values.ingress.enabled -}} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ include "common.fullname" . }}-ingress + annotations: + {{ include "ingress.config.annotations" . }} + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + rules: + - http: + paths: + {{- include "ingress.config.port" . }} +{{- if .Values.ingress.tls }} + tls: +{{ toYaml .Values.ingress.tls | indent 4 }} + {{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} + diff --git a/kubernetes/common/dgbuilder/values.yaml b/kubernetes/common/dgbuilder/values.yaml index 4094801949..8cf95d6aba 100644 --- a/kubernetes/common/dgbuilder/values.yaml +++ b/kubernetes/common/dgbuilder/values.yaml @@ -47,7 +47,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-dgbuilder-image:0.4.4 +image: onap/ccsdk-dgbuilder-image:0.5.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/contrib/charts/awx/Chart.yaml b/kubernetes/contrib/charts/awx/Chart.yaml new file mode 100755 index 0000000000..90f73801b0 --- /dev/null +++ b/kubernetes/contrib/charts/awx/Chart.yaml @@ -0,0 +1,20 @@ +# Copyright © 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: Ansible AWX +name: awx +sources: + - https://github.com/ansible/awx +version: 5.0.0 diff --git a/kubernetes/contrib/charts/awx/Makefile b/kubernetes/contrib/charts/awx/Makefile new file mode 100644 index 0000000000..d8a50339d6 --- /dev/null +++ b/kubernetes/contrib/charts/awx/Makefile @@ -0,0 +1,16 @@ +# Copyright © 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +make-awx: + cd charts && helm dep up awx-postgres diff --git a/kubernetes/contrib/charts/awx/charts/awx-postgres/Chart.yaml b/kubernetes/contrib/charts/awx/charts/awx-postgres/Chart.yaml new file mode 100755 index 0000000000..ae3befc6e8 --- /dev/null +++ b/kubernetes/contrib/charts/awx/charts/awx-postgres/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: Ansible AWX database +name: awx-postgres +version: 5.0.0 diff --git a/kubernetes/contrib/charts/awx/charts/awx-postgres/templates/NOTES.txt b/kubernetes/contrib/charts/awx/charts/awx-postgres/templates/NOTES.txt new file mode 100755 index 0000000000..3ab092e848 --- /dev/null +++ b/kubernetes/contrib/charts/awx/charts/awx-postgres/templates/NOTES.txt @@ -0,0 +1,33 @@ +# Copyright © 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range .Values.ingress.hosts }} + http://{{ . }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.service.externalPort }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} +{{- end }} diff --git a/kubernetes/contrib/charts/awx/charts/awx-postgres/templates/deployment.yaml b/kubernetes/contrib/charts/awx/charts/awx-postgres/templates/deployment.yaml new file mode 100755 index 0000000000..3ac0e1a76c --- /dev/null +++ b/kubernetes/contrib/charts/awx/charts/awx-postgres/templates/deployment.yaml @@ -0,0 +1,86 @@ +{{/* +# Copyright © 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + spec: + containers: + - name: {{ include "common.name" . }} + image: {{ .Values.global.repository | default .Values.repository }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + ports: + - containerPort: {{ .Values.service.internalPort }} + readinessProbe: + exec: + command: + - /bin/sh + - -i + - -c + - psql -h 127.0.0.1 -U $POSTGRES_USER -q -d {{ .Values.config.postgresDB }} + -c 'SELECT 1' + initialDelaySeconds: 5 + timeoutSeconds: 1 + env: + - name: POSTGRES_USER + value: "{{ .Values.config.postgresUser }}" + - name: POSTGRES_PASSWORD + value: "{{ .Values.config.postgresPassword }}" + - name: POSTGRES_DB + value: "{{ .Values.config.postgresDB }}" + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - name: {{ include "common.fullname" . }}-data + mountPath: /var/lib/postgresql/data + resources: +{{ include "common.resources" . | indent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + {{- if .Values.persistence.enabled }} + - name: {{ include "common.fullname" . }}-data + persistentVolumeClaim: + claimName: {{ include "common.fullname" . }} + {{- else }} + emptyDir: {} + {{- end }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/contrib/charts/awx/charts/awx-postgres/templates/pv.yaml b/kubernetes/contrib/charts/awx/charts/awx-postgres/templates/pv.yaml new file mode 100755 index 0000000000..a8cf9f6d9d --- /dev/null +++ b/kubernetes/contrib/charts/awx/charts/awx-postgres/templates/pv.yaml @@ -0,0 +1,39 @@ +{{/* +# Copyright © 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +{{- if not .Values.persistence.storageClass -}} +kind: PersistentVolume +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + name: {{ include "common.fullname" . }} +spec: + capacity: + storage: {{ .Values.persistence.size}} + accessModes: + - {{ .Values.persistence.accessMode }} + persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} + hostPath: + path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/kubernetes/contrib/charts/awx/charts/awx-postgres/templates/pvc.yaml b/kubernetes/contrib/charts/awx/charts/awx-postgres/templates/pvc.yaml new file mode 100755 index 0000000000..52891ffda0 --- /dev/null +++ b/kubernetes/contrib/charts/awx/charts/awx-postgres/templates/pvc.yaml @@ -0,0 +1,50 @@ +{{/* +# Copyright © 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +{{- if .Values.persistence.annotations }} + annotations: +{{ .Values.persistence.annotations | indent 4 }} +{{- end }} +spec: +{{- if not .Values.persistence.storageClass }} + selector: + matchLabels: + name: {{ include "common.fullname" . }} +{{- end }} + accessModes: + - {{ .Values.persistence.accessMode }} + resources: + requests: + storage: {{ .Values.persistence.size }} +{{- if .Values.persistence.storageClass }} +{{- if (eq "-" .Values.persistence.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.persistence.storageClass }}" +{{- end }} +{{- end }} +{{- end -}} diff --git a/kubernetes/contrib/charts/awx/charts/awx-postgres/templates/service.yaml b/kubernetes/contrib/charts/awx/charts/awx-postgres/templates/service.yaml new file mode 100755 index 0000000000..9dffb536ee --- /dev/null +++ b/kubernetes/contrib/charts/awx/charts/awx-postgres/templates/service.yaml @@ -0,0 +1,42 @@ +{{/* +# Copyright © 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + {{- end}} + selector: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} diff --git a/kubernetes/contrib/charts/awx/charts/awx-postgres/values.yaml b/kubernetes/contrib/charts/awx/charts/awx-postgres/values.yaml new file mode 100755 index 0000000000..79fe5104b2 --- /dev/null +++ b/kubernetes/contrib/charts/awx/charts/awx-postgres/values.yaml @@ -0,0 +1,83 @@ +# Copyright © 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Default values for mariadb. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +global: # global defaults + nodePortPrefixExt: 304 + persistence: {} + +# application image +repository: docker.io +image: postgres:10.4-alpine +pullPolicy: Always + +# application configuration +config: + postgresUser: awx + postgresPassword: awx + postgresDB: awx + +ingress: + enabled: false + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 10 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 10 + periodSeconds: 10 + +## Persist data to a persitent volume +persistence: + enabled: true + volumeReclaimPolicy: Retain + + # Uncomment the storageClass parameter to use an existing PV + # that will match the following class. + # When uncomment the storageClass, the PV is not created anymore. + + # storageClass: "nfs-dev-sc" + + accessMode: ReadWriteMany + size: 1Gi + + # When using storage class, mountPath and mountSubPath are + # simply ignored. + + mountPath: /dockerdata-nfs + mountSubPath: awx/pgdata + +service: + type: ClusterIP + name: awx-postgresql + portName: awx-postgresql + internalPort: 5432 + externalPort: 5432 + +resources: {} diff --git a/kubernetes/contrib/charts/awx/charts/awx/Chart.yaml b/kubernetes/contrib/charts/awx/charts/awx/Chart.yaml new file mode 100755 index 0000000000..1a34dcd174 --- /dev/null +++ b/kubernetes/contrib/charts/awx/charts/awx/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: Ansible AWX application +name: awx +version: 5.0.0 diff --git a/kubernetes/contrib/charts/awx/charts/awx/resources/config/credentials.py b/kubernetes/contrib/charts/awx/charts/awx/resources/config/credentials.py new file mode 100644 index 0000000000..39350e05d0 --- /dev/null +++ b/kubernetes/contrib/charts/awx/charts/awx/resources/config/credentials.py @@ -0,0 +1,36 @@ +# Copyright © 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +DATABASES = { + 'default': { + 'ATOMIC_REQUESTS': True, + 'ENGINE': 'awx.main.db.profiled_pg', + 'NAME': "{{ .Values.config.postgresDB }}", + 'USER': "{{ .Values.config.postgresUser }}", + 'PASSWORD': "{{ .Values.config.postgresPassword }}", + 'HOST': "awx-postgresql", + 'PORT': "5432", + } +} +BROKER_URL = 'amqp://{}:{}@{}:{}/{}'.format( + "{{ .Values.config.rabbitmqUser }}", + "{{ .Values.config.rabbitmqPassword }}", + "localhost", + "5672", + "{{ .Values.config.rabbitmqVhost }}") +CHANNEL_LAYERS = { + 'default': {'BACKEND': 'asgi_amqp.AMQPChannelLayer', + 'ROUTING': 'awx.main.routing.channel_routing', + 'CONFIG': {'url': BROKER_URL}} +} \ No newline at end of file diff --git a/kubernetes/contrib/charts/awx/charts/awx/resources/config/environment.sh b/kubernetes/contrib/charts/awx/charts/awx/resources/config/environment.sh new file mode 100644 index 0000000000..7c58c6bb48 --- /dev/null +++ b/kubernetes/contrib/charts/awx/charts/awx/resources/config/environment.sh @@ -0,0 +1,23 @@ +# Copyright © 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +DATABASE_USER={{ .Values.config.postgresUser }} +DATABASE_NAME={{ .Values.config.postgresDB }} +DATABASE_HOST=awx-postgresql +DATABASE_PORT=5432 +DATABASE_PASSWORD={{ .Values.config.postgresPassword }} +MEMCACHED_HOST=localhost +RABBITMQ_HOST=localhost +AWX_ADMIN_USER={{ .Values.config.awxAdminUser }} +AWX_ADMIN_PASSWORD={{ .Values.config.awxAdminPassword }} \ No newline at end of file diff --git a/kubernetes/contrib/charts/awx/charts/awx/templates/configmap.yaml b/kubernetes/contrib/charts/awx/charts/awx/templates/configmap.yaml new file mode 100644 index 0000000000..9bc62b0856 --- /dev/null +++ b/kubernetes/contrib/charts/awx/charts/awx/templates/configmap.yaml @@ -0,0 +1,146 @@ +{{/* +# Copyright © 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-init-mgnt + namespace: {{ include "common.namespace" . }} +data: + entrypoint: | + #/bin/sh + + awx-manage migrate --noinput + if [[ `echo 'from django.contrib.auth.models import User; nsu = User.objects.filter(is_superuser=True).count(); exit(0 if nsu > 0 else 1)' | awx-manage shell` > 0 ]] + then + echo 'from django.contrib.auth.models import User; User.objects.create_superuser('{{ .Values.config.awxAdminUser }}', '{{ .Values.config.awxAdminEmail }}', '{{ .Values.config.awxAdminPassword }}')' | awx-manage shell + awx-manage update_password --username='{{ .Values.config.awxAdminUser }}' --password='{{ .Values.config.awxAdminPassword }}' + fi +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-settings + namespace: {{ include "common.namespace" . }} +data: + awx_settings: | + import os + import socket + ADMINS = () + + AWX_PROOT_ENABLED = True + + # Automatically deprovision pods that go offline + AWX_AUTO_DEPROVISION_INSTANCES = True + + SYSTEM_TASK_ABS_CPU = 6 + SYSTEM_TASK_ABS_MEM = 20 + + INSIGHTS_URL_BASE = "https://example.org" + + #Autoprovisioning should replace this + CLUSTER_HOST_ID = socket.gethostname() + SYSTEM_UUID = '00000000-0000-0000-0000-000000000000' + + SESSION_COOKIE_SECURE = False + CSRF_COOKIE_SECURE = False + + REMOTE_HOST_HEADERS = ['HTTP_X_FORWARDED_FOR'] + + STATIC_ROOT = '/var/lib/awx/public/static' + PROJECTS_ROOT = '/var/lib/awx/projects' + JOBOUTPUT_ROOT = '/var/lib/awx/job_status' + SECRET_KEY = open('/etc/tower/SECRET_KEY', 'rb').read().strip() + ALLOWED_HOSTS = ['*'] + INTERNAL_API_URL = 'http://127.0.0.1:8052' + SERVER_EMAIL = 'root@localhost' + DEFAULT_FROM_EMAIL = 'webmaster@localhost' + EMAIL_SUBJECT_PREFIX = '[AWX] ' + EMAIL_HOST = 'localhost' + EMAIL_PORT = 25 + EMAIL_HOST_USER = '' + EMAIL_HOST_PASSWORD = '' + EMAIL_USE_TLS = False + + LOGGING['handlers']['console'] = { + '()': 'logging.StreamHandler', + 'level': 'DEBUG', + 'formatter': 'simple', + } + + LOGGING['loggers']['django.request']['handlers'] = ['console'] + LOGGING['loggers']['rest_framework.request']['handlers'] = ['console'] + LOGGING['loggers']['awx']['handlers'] = ['console'] + LOGGING['loggers']['awx.main.commands.run_callback_receiver']['handlers'] = ['console'] + LOGGING['loggers']['awx.main.commands.inventory_import']['handlers'] = ['console'] + LOGGING['loggers']['awx.main.tasks']['handlers'] = ['console'] + LOGGING['loggers']['awx.main.scheduler']['handlers'] = ['console'] + LOGGING['loggers']['django_auth_ldap']['handlers'] = ['console'] + LOGGING['loggers']['social']['handlers'] = ['console'] + LOGGING['loggers']['system_tracking_migrations']['handlers'] = ['console'] + LOGGING['loggers']['rbac_migrations']['handlers'] = ['console'] + LOGGING['loggers']['awx.isolated.manager.playbooks']['handlers'] = ['console'] + LOGGING['handlers']['callback_receiver'] = {'class': 'logging.NullHandler'} + LOGGING['handlers']['task_system'] = {'class': 'logging.NullHandler'} + LOGGING['handlers']['tower_warnings'] = {'class': 'logging.NullHandler'} + LOGGING['handlers']['rbac_migrations'] = {'class': 'logging.NullHandler'} + LOGGING['handlers']['system_tracking_migrations'] = {'class': 'logging.NullHandler'} + LOGGING['handlers']['management_playbooks'] = {'class': 'logging.NullHandler'} + + CACHES = { + 'default': { + 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', + 'LOCATION': '{}:{}'.format("localhost", "11211") + }, + 'ephemeral': { + 'BACKEND': 'django.core.cache.backends.locmem.LocMemCache', + }, + } + + USE_X_FORWARDED_PORT = True +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-rabbitmq + namespace: {{ include "common.namespace" . }} +data: + enabled_plugins: | + [rabbitmq_management,rabbitmq_peer_discovery_k8s]. + rabbitmq.conf: | + ## Clustering + management.load_definitions = /etc/rabbitmq/rabbitmq_definitions.json + cluster_formation.peer_discovery_backend = rabbit_peer_discovery_k8s + cluster_formation.k8s.host = kubernetes.default.svc + cluster_formation.k8s.address_type = ip + cluster_formation.node_cleanup.interval = 10 + cluster_formation.node_cleanup.only_log_warning = false + cluster_partition_handling = autoheal + ## queue master locator + queue_master_locator=min-masters + ## enable guest user + loopback_users.guest = false + rabbitmq_definitions.json: | + { + "users":[{"name": "{{ .Values.config.rabbitmqUser }}", "password": "{{ .Values.config.rabbitmqPassword }}", "tags": ""}], + "permissions":[ + {"user":"{{ .Values.config.rabbitmqUser }}","vhost":"{{ .Values.config.rabbitmqVhost }}","configure":".*","write":".*","read":".*"} + ], + "vhosts":[{"name":"{{ .Values.config.rabbitmqVhost }}"}], + "policies":[ + {"vhost":"{{ .Values.config.rabbitmqVhost }}","name":"ha-all","pattern":".*","definition":{"ha-mode":"all","ha-sync-mode":"automatic"}} + ] + } diff --git a/kubernetes/contrib/charts/awx/charts/awx/templates/job.yaml b/kubernetes/contrib/charts/awx/charts/awx/templates/job.yaml new file mode 100644 index 0000000000..dd538ae0ce --- /dev/null +++ b/kubernetes/contrib/charts/awx/charts/awx/templates/job.yaml @@ -0,0 +1,125 @@ +{{/* +# Copyright © 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + backoffLimit: 5 + template: + metadata: + labels: + app: {{ include "common.name" . }}-mgnt + release: {{ .Release.Name }} + spec: + serviceAccount: {{ include "common.fullname" . }} + serviceAccountName: {{ include "common.fullname" . }} + restartPolicy: Never + initContainers: + - name: {{ include "common.name" . }}-init-readiness + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /root/ready.py + args: + - --container-name + - awx-postgres + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + containers: + - command: ["/bin/sh","-c"] + args: ["/etc/tower/job-entrypoint.sh"] + image: "{{ .Values.repository }}/{{ .Values.image.task }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-mgnt + resources: + requests: + cpu: 1500m + memory: 2Gi + securityContext: + privileged: true + volumeMounts: + - mountPath: /etc/tower/job-entrypoint.sh + name: awx-mgnt + readOnly: true + subPath: job-entrypoint.py + - mountPath: /etc/tower/settings.py + name: awx-application-config + readOnly: true + subPath: settings.py + - mountPath: /etc/tower/conf.d/ + name: awx-application-credentials + readOnly: true + - mountPath: /etc/tower/SECRET_KEY + name: awx-secret-key + readOnly: true + subPath: SECRET_KEY + + volumes: + - configMap: + defaultMode: 0777 + items: + - key: entrypoint + path: job-entrypoint.py + name: {{ include "common.fullname" . }}-init-mgnt + name: awx-mgnt + - configMap: + defaultMode: 420 + items: + - key: awx_settings + path: settings.py + name: {{ include "common.fullname" . }}-settings + name: awx-application-config + - name: awx-application-credentials + secret: + defaultMode: 420 + items: + - key: credentials_py + path: credentials.py + - key: environment_sh + path: environment.sh + secretName: {{ include "common.fullname" . }}-secrets + - name: awx-secret-key + secret: + defaultMode: 420 + items: + - key: secret_key + path: SECRET_KEY + secretName: {{ include "common.fullname" . }}-secrets + - configMap: + defaultMode: 420 + items: + - key: rabbitmq.conf + path: rabbitmq.conf + - key: enabled_plugins + path: enabled_plugins + - key: rabbitmq_definitions.json + path: rabbitmq_definitions.json + name: {{ include "common.fullname" . }}-rabbitmq + name: rabbitmq-config + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" \ No newline at end of file diff --git a/kubernetes/contrib/charts/awx/charts/awx/templates/secret.yaml b/kubernetes/contrib/charts/awx/charts/awx/templates/secret.yaml new file mode 100644 index 0000000000..8b504d55cc --- /dev/null +++ b/kubernetes/contrib/charts/awx/charts/awx/templates/secret.yaml @@ -0,0 +1,31 @@ +{{/* +# Copyright © 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: {{ include "common.fullname" . }}-secrets + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.fullname" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: + credentials_py: {{ tpl (.Files.Get "resources/config/credentials.py") . | b64enc }} + environment_sh: {{ tpl (.Files.Get "resources/config/environment.sh") . | b64enc }} + rabbitmq_erlang_cookie: {{ .Values.config.rabbitmqErlangCookie | b64enc | quote }} + secret_key: {{ .Values.config.secretKey | b64enc | quote }} \ No newline at end of file diff --git a/kubernetes/contrib/charts/awx/charts/awx/templates/service.yaml b/kubernetes/contrib/charts/awx/charts/awx/templates/service.yaml new file mode 100755 index 0000000000..ed3fd7274d --- /dev/null +++ b/kubernetes/contrib/charts/awx/charts/awx/templates/service.yaml @@ -0,0 +1,80 @@ +{{/* +# Copyright © 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }}-rmq-mgmt + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.rmqmgmt.type }} + ports: + - port: {{ .Values.service.rmqmgmt.externalPort }} + targetPort: {{ .Values.service.rmqmgmt.internalPort }} + name: {{ .Values.service.rmqmgmt.portName }} + selector: + app: {{ include "common.fullname" . }} + release: {{ .Release.Name }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }}-web + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.web.type }} + ports: + - port: {{ .Values.service.web.externalPort }} + targetPort: {{ .Values.service.web.internalPort }} + nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.web.nodePort }} + name: {{ .Values.service.web.portName }} + selector: + app: {{ include "common.fullname" . }} + release: {{ .Release.Name }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }}-rabbitmq + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.fullname" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + type: LoadBalancer +spec: + type: {{ .Values.service.rabbitmq.type }} + ports: + - port: {{ .Values.service.rabbitmq.http.externalPort }} + targetPort: {{ .Values.service.rabbitmq.http.internalPort }} + name: {{ .Values.service.rabbitmq.http.portName }} + - port: {{ .Values.service.rabbitmq.amqp.externalPort }} + targetPort: {{ .Values.service.rabbitmq.amqp.internalPort }} + name: {{ .Values.service.rabbitmq.amqp.portName }} + selector: + app: {{ include "common.fullname" . }} + release: {{ .Release.Name }} \ No newline at end of file diff --git a/kubernetes/contrib/charts/awx/charts/awx/templates/serviceaccout.yaml b/kubernetes/contrib/charts/awx/charts/awx/templates/serviceaccout.yaml new file mode 100644 index 0000000000..0f52ce800a --- /dev/null +++ b/kubernetes/contrib/charts/awx/charts/awx/templates/serviceaccout.yaml @@ -0,0 +1,47 @@ +{{/* +# Copyright © 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "common.fullname" . }}-endpoint-reader + namespace: {{ include "common.namespace" . }} +rules: +- apiGroups: ["", "extensions", "apps", "batch"] + resources: ["endpoints", "deployments", "pods", "replicasets/status", "jobs/status"] + verbs: ["get", "list"] +--- +apiVersion: v1 +items: +- apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: {{ include "common.fullname" . }}-endpoint-reader + namespace: {{ include "common.namespace" . }} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "common.fullname" . }}-endpoint-reader + subjects: + - kind: ServiceAccount + name: {{ include "common.fullname" . }} +kind: List \ No newline at end of file diff --git a/kubernetes/contrib/charts/awx/charts/awx/templates/statefulset.yaml b/kubernetes/contrib/charts/awx/charts/awx/templates/statefulset.yaml new file mode 100644 index 0000000000..bf85447b8e --- /dev/null +++ b/kubernetes/contrib/charts/awx/charts/awx/templates/statefulset.yaml @@ -0,0 +1,213 @@ +{{/* +# Copyright © 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + podManagementPolicy: OrderedReady + replicas: {{ .Values.replicaCount }} + serviceName: {{ include "common.fullname" . }} + selector: + matchLabels: + app: {{ include "common.fullname" . }} + name: {{ include "common.name" . }}-web-deploy + service: django + template: + metadata: + labels: + app: {{ include "common.fullname" . }} + name: {{ include "common.name" . }}-web-deploy + release: {{ .Release.Name }} + service: django + spec: + + initContainers: + - name: {{ include "common.name" . }}-init-readiness + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /root/ready.py + args: + - --container-name + - {{ include "common.name" . }}-mgnt + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + + containers: + + - image: "{{ .Values.repository }}/{{ .Values.image.web }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-web + ports: + - containerPort: {{ .Values.service.web.internalPort }} + protocol: TCP + resources: + requests: + cpu: 500m + memory: 1Gi + volumeMounts: + - mountPath: /etc/tower/settings.py + name: awx-application-config + readOnly: true + subPath: settings.py + - mountPath: /etc/tower/conf.d/ + name: awx-application-credentials + readOnly: true + - mountPath: /etc/tower/SECRET_KEY + name: awx-secret-key + readOnly: true + subPath: SECRET_KEY + - command: ["/bin/sh","-c"] + args: ["/usr/bin/launch_awx_task.sh"] + env: + - name: AWX_SKIP_MIGRATIONS + value: "1" + + image: "{{ .Values.repository }}/{{ .Values.image.task }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-celery + resources: + requests: + cpu: 1500m + memory: 2Gi + securityContext: + privileged: true + volumeMounts: + - mountPath: /etc/tower/settings.py + name: awx-application-config + readOnly: true + subPath: settings.py + - mountPath: /etc/tower/conf.d/ + name: awx-application-credentials + readOnly: true + - mountPath: /etc/tower/SECRET_KEY + name: awx-secret-key + readOnly: true + subPath: SECRET_KEY + - env: + - name: MY_POD_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + - name: RABBITMQ_USE_LONGNAME + value: "true" + - name: RABBITMQ_NODENAME + value: rabbit@$(MY_POD_IP) + - name: RABBITMQ_ERLANG_COOKIE + valueFrom: + secretKeyRef: + key: rabbitmq_erlang_cookie + name: {{ include "common.fullname" . }}-secrets + - name: K8S_SERVICE_NAME + value: {{ include "common.servicename" . }}-rabbitmq + + image: "{{ .Values.repository }}/{{ .Values.image.rabbitmq }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-rabbit + livenessProbe: + exec: + command: + - rabbitmqctl + - status + failureThreshold: 3 + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + successThreshold: 1 + timeoutSeconds: 10 + ports: + - containerPort: {{ .Values.service.rabbitmq.http.internalPort }} + name: {{ .Values.service.rabbitmq.http.portName }} + protocol: TCP + - containerPort: {{ .Values.service.rabbitmq.amqp.internalPort }} + name: {{ .Values.service.rabbitmq.amqp.portName }} + protocol: TCP + readinessProbe: + exec: + command: + - rabbitmqctl + - status + failureThreshold: 3 + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + successThreshold: 1 + timeoutSeconds: 10 + resources: + requests: + cpu: 500m + memory: 2Gi + volumeMounts: + - mountPath: /etc/rabbitmq + name: rabbitmq-config + + - image: "{{ .Values.image.memcached }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-memcached + resources: + requests: + cpu: 500m + memory: 1Gi + serviceAccount: {{ include "common.fullname" . }} + serviceAccountName: {{ include "common.fullname" . }} + volumes: + - configMap: + defaultMode: 420 + items: + - key: awx_settings + path: settings.py + name: {{ include "common.fullname" . }}-settings + name: awx-application-config + - name: awx-application-credentials + secret: + defaultMode: 420 + items: + - key: credentials_py + path: credentials.py + - key: environment_sh + path: environment.sh + secretName: {{ include "common.fullname" . }}-secrets + - name: awx-secret-key + secret: + defaultMode: 420 + items: + - key: secret_key + path: SECRET_KEY + secretName: {{ include "common.fullname" . }}-secrets + - configMap: + defaultMode: 420 + items: + - key: rabbitmq.conf + path: rabbitmq.conf + - key: enabled_plugins + path: enabled_plugins + - key: rabbitmq_definitions.json + path: rabbitmq_definitions.json + name: {{ include "common.fullname" . }}-rabbitmq + name: rabbitmq-config + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" \ No newline at end of file diff --git a/kubernetes/contrib/charts/awx/charts/awx/values.yaml b/kubernetes/contrib/charts/awx/charts/awx/values.yaml new file mode 100755 index 0000000000..5974de32ff --- /dev/null +++ b/kubernetes/contrib/charts/awx/charts/awx/values.yaml @@ -0,0 +1,111 @@ +# Copyright © 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Default values for mariadb. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +global: # global defaults + nodePortPrefixExt: 304 + persistence: {} + +# application image +repository: ansible +image: + web: awx_web:latest + task: awx_task:latest + rabbitmq: awx_rabbitmq:3.7.4 + memcached: memcached:latest +pullPolicy: Always + +# application configuration +config: + postgresUser: awx + postgresPassword: awx + postgresDB: awx +# RabbitMQ Configuration + rabbitmqUser: awx + rabbitmqPassword: awxpass + rabbitmqVhost: awx + rabbitmqErlangCookie: cookiemonster3 +# This will create or update a default admin (superuser) account in AWX, if not provided +# then these default values are used + awxAdminUser: admin + awxAdminPassword: password + awxAdminEmail: cds@onap.org +# AWX Secret key +# It's *very* important that this stay the same between upgrades or you will lose the ability to decrypt +# your credentials + secretKey: awxsecret + +ingress: + enabled: false + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 10 + periodSeconds: 10 + enabled: true + +## Persist data to a persitent volume +persistence: + enabled: true + volumeReclaimPolicy: Retain + + # Uncomment the storageClass parameter to use an existing PV + # that will match the following class. + # When uncomment the storageClass, the PV is not created anymore. + + # storageClass: "nfs-dev-sc" + + accessMode: ReadWriteMany + size: 5Gi + + # When using storage class, mountPath and mountSubPath are + # simply ignored. + + mountPath: /dockerdata-nfs + mountSubPath: awx/pgdata + +service: + rmqmgmt: + type: ClusterIP + portName: rmqmgmt + internalPort: 15672 + externalPort: 15672 + web: + type: NodePort + portName: web + internalPort: 8052 + externalPort: 80 + nodePort: 78 + rabbitmq: + type: ClusterIP + http: + portName: http + internalPort: 15672 + externalPort: 15672 + amqp: + portName: amqp + internalPort: 5672 + externalPort: 5672 + +resources: {} diff --git a/kubernetes/contrib/charts/awx/requirements.yaml b/kubernetes/contrib/charts/awx/requirements.yaml new file mode 100755 index 0000000000..486fc6585c --- /dev/null +++ b/kubernetes/contrib/charts/awx/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright © 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~4.x-0 + repository: '@local' \ No newline at end of file diff --git a/kubernetes/contrib/charts/awx/values.yaml b/kubernetes/contrib/charts/awx/values.yaml new file mode 100755 index 0000000000..6c6a90e0de --- /dev/null +++ b/kubernetes/contrib/charts/awx/values.yaml @@ -0,0 +1,39 @@ +# Copyright © 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefixExt: 304 + commonConfigPrefix: awx + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + +################################################################# +# Application configuration defaults. +################################################################# +# application image +repository: hub.docker.io +pullPolicy: Always + +# default number of instances +replicaCount: 1 +nodeSelector: {} +affinity: {} + +ingress: + enabled: false + +resources: {} diff --git a/kubernetes/contrib/values.yaml b/kubernetes/contrib/values.yaml index 882cc5cdf4..e15806ff1c 100644 --- a/kubernetes/contrib/values.yaml +++ b/kubernetes/contrib/values.yaml @@ -1,4 +1,4 @@ -# Copyright © 2018 Amdocs, Bell Canada +# Copyright © 2019 Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,5 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +awx: + enabled: true netbox: enabled: true \ No newline at end of file diff --git a/kubernetes/dcaegen2/Makefile b/kubernetes/dcaegen2/Makefile index f77bc8fb16..fcd62da048 100644 --- a/kubernetes/dcaegen2/Makefile +++ b/kubernetes/dcaegen2/Makefile @@ -1,4 +1,4 @@ -make-dcaegen2: make-dcae-bootstrap make-dcae-cloudify-manager make-dcae-config-binding-service make-dcae-healthcheck make-dcae-redis make-dcae-servicechange-handler make-dcae-inventory-api make-dcae-deployment-handler make-dcae-policy-handler +make-dcaegen2: make-dcae-bootstrap make-dcae-cloudify-manager make-dcae-config-binding-service make-dcae-healthcheck make-dcae-redis make-dcae-servicechange-handler make-dcae-inventory-api make-dcae-deployment-handler make-dcae-policy-handler make-dcae-dashboard make-dcae-bootstrap: cd charts && helm dep up dcae-bootstrap && helm lint dcae-bootstrap @@ -26,3 +26,6 @@ make-dcae-deployment-handler: make-dcae-policy-handler: cd charts && helm dep up dcae-policy-handler && helm lint dcae-policy-handler + +make-dcae-dashboard: + cd charts && helm dep up dcae-dashboard && helm lint dcae-dashboard diff --git a/kubernetes/dcaegen2/charts/dcae-bootstrap/resources/certs/cacert.pem b/kubernetes/dcaegen2/charts/dcae-bootstrap/resources/certs/cacert.pem new file mode 100644 index 0000000000..897c8ae499 --- /dev/null +++ b/kubernetes/dcaegen2/charts/dcae-bootstrap/resources/certs/cacert.pem @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE----- +MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV +BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx +NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK +DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC +ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7 +XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn +H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM +pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7 +NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg +2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY +wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd +ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM +P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6 +aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY +PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G +A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ +UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN +BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz +L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9 +7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx +c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf +jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2 +RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h +PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF +CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+ +Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A +cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR +ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX +dYY= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/kubernetes/dcaegen2/charts/dcae-bootstrap/resources/config/dmaap-plugin.json b/kubernetes/dcaegen2/charts/dcae-bootstrap/resources/config/dmaap-plugin.json new file mode 100644 index 0000000000..41404b0199 --- /dev/null +++ b/kubernetes/dcaegen2/charts/dcae-bootstrap/resources/config/dmaap-plugin.json @@ -0,0 +1,8 @@ +{ + "dmaap": { + "username": "notused", + "password": "doesnotmatter", + "owner": "dcaecm", + "protocol": "http" + } +} \ No newline at end of file diff --git a/kubernetes/dcaegen2/charts/dcae-bootstrap/resources/config/k8s-plugin.json b/kubernetes/dcaegen2/charts/dcae-bootstrap/resources/config/k8s-plugin.json index 51d31a355b..d459d5bb95 100644 --- a/kubernetes/dcaegen2/charts/dcae-bootstrap/resources/config/k8s-plugin.json +++ b/kubernetes/dcaegen2/charts/dcae-bootstrap/resources/config/k8s-plugin.json @@ -33,6 +33,8 @@ "tls": { "cert_path": "/opt/tls/shared", - "image": "{{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}" + "image": "{{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}", + "component_ca_cert_path": "/opt/dcae/cacert/cacert.pem", + "ca_cert_configmap": "{{ include "common.fullname" . }}-dcae-cacert" } } diff --git a/kubernetes/dcaegen2/charts/dcae-bootstrap/resources/inputs/k8s-dashboard-inputs.yaml b/kubernetes/dcaegen2/charts/dcae-bootstrap/resources/inputs/k8s-dashboard-inputs.yaml index e40a03068c..2718e1882f 100644 --- a/kubernetes/dcaegen2/charts/dcae-bootstrap/resources/inputs/k8s-dashboard-inputs.yaml +++ b/kubernetes/dcaegen2/charts/dcae-bootstrap/resources/inputs/k8s-dashboard-inputs.yaml @@ -24,7 +24,7 @@ external_tls_port: {{ .Values.config.address.dashboard.portSecure }} database_cluster_name: {{ .Values.postgres.service.name2 }}.{{ include "common.namespace" . }} database_cluster_fqdn: {{ .Values.postgres.service.name2 }}.{{ include "common.namespace" . }}.{{ .Values.postgres.suffix }} database_name: "dashboard_pg" -cloudify_ip: {{ .Values.config.address.cm }} +cloudify_ip: {{ .Values.config.address.cm.host }} cloudify_user: "admin" cloudify_password: "admin" consul_url: {{ .Values.config.address.consul_ui }} diff --git a/kubernetes/dcaegen2/charts/dcae-bootstrap/templates/configmap.yaml b/kubernetes/dcaegen2/charts/dcae-bootstrap/templates/configmap.yaml index 878d94bfc6..21134ada9f 100644 --- a/kubernetes/dcaegen2/charts/dcae-bootstrap/templates/configmap.yaml +++ b/kubernetes/dcaegen2/charts/dcae-bootstrap/templates/configmap.yaml @@ -31,4 +31,11 @@ metadata: namespace: {{ include "common.namespace" . }} data: {{ tpl (.Files.Glob "resources/inputs/*").AsConfig . | indent 2 }} - +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-dcae-cacert + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/certs/*").AsConfig . | indent 2 }} diff --git a/kubernetes/dcaegen2/charts/dcae-bootstrap/templates/deployment.yaml b/kubernetes/dcaegen2/charts/dcae-bootstrap/templates/deployment.yaml index 0463655c79..be5a769a37 100644 --- a/kubernetes/dcaegen2/charts/dcae-bootstrap/templates/deployment.yaml +++ b/kubernetes/dcaegen2/charts/dcae-bootstrap/templates/deployment.yaml @@ -61,6 +61,19 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + - name: init-tls + env: + - name: POD_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + resources: {} + volumeMounts: + - mountPath: /opt/tls/shared + name: tls-info containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -75,14 +88,21 @@ spec: - mountPath: /etc/localtime name: localtime readOnly: true + - mountPath: /certs + name: tls-info + readOnly: true env: - name: CMADDR - value: {{ .Values.config.address.cm }} + value: {{ .Values.config.address.cm.host }} - name: CMPASS valueFrom: secretKeyRef: name: {{ include "common.name" . }}-cmpass key: password + - name: CMPROTO + value: {{ .Values.config.address.cm.proto }} + - name: CMPORT + value: !!string {{ .Values.config.address.cm.port }} - name: CONSUL value: {{ .Values.config.address.consul.host }}:{{ .Values.config.address.consul.port }} - name: DCAE_NAMESPACE @@ -99,5 +119,7 @@ spec: - name: localtime hostPath: path: /etc/localtime + - name: tls-info + emptyDir: {} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dcaegen2/charts/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/charts/dcae-bootstrap/values.yaml index aec082fe15..7e93715e29 100644 --- a/kubernetes/dcaegen2/charts/dcae-bootstrap/values.yaml +++ b/kubernetes/dcaegen2/charts/dcae-bootstrap/values.yaml @@ -38,10 +38,15 @@ config: host: consul-server port: 8500 consul_ui: consul-server-ui - cm: dcae-cloudify-manager + cm: + host: dcae-cloudify-manager + port: 443 + proto: https + #Temporary assignment to avoid conflict + #To be removed after bootstrap changes done to remove dashboard dashboard: - port: 30418 - portSecure: 30419 + port: 30473 + portSecure: 30474 datafile_collector: port: 30223 portSecure: 30262 @@ -90,7 +95,7 @@ postgres: # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.4.18 +image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.6.2 default_k8s_location: central # DCAE component images to be deployed via Cloudify Manager diff --git a/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml b/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml index d6c58cd75f..b3e90a2efb 100644 --- a/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml +++ b/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml @@ -34,6 +34,12 @@ spec: app: {{ include "common.name" . }} release: {{ .Release.Name }} spec: + # host alias allows local 'cfy' command to use https and match + # the host name in the certificate + hostAliases: + - ip: "127.0.0.1" + hostnames: + - "dcae-cloudify-manager" initContainers: - name: {{ include "common.name" . }}-multisite-init image: {{ include "common.repository" . }}/{{ .Values.multisiteInitImage }} @@ -44,10 +50,26 @@ spec: - --configmap - {{ .Values.multisiteConfigMapName }} restartPolicy: Never + - name: init-tls + env: + - name: POD_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + resources: {} + volumeMounts: + - mountPath: /opt/tls/shared + name: tls-info containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: REQUESTS_CA_BUNDLE + value: "/opt/onap/certs/cacert.pem" resources: {{ include "common.resources" . | indent 12 }} ports: @@ -86,6 +108,8 @@ spec: readOnly: true - mountPath: /cfy-persist name: cm-persistent + - mountPath: /opt/onap/certs + name: tls-info securityContext: privileged: True volumes: @@ -107,5 +131,7 @@ spec: - name: cm-persistent persistentVolumeClaim: claimName: {{ include "common.fullname" . }}-data + - emptyDir: {} + name: tls-info imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dcaegen2/charts/dcae-cloudify-manager/values.yaml b/kubernetes/dcaegen2/charts/dcae-cloudify-manager/values.yaml index 41f0750c78..70504efd75 100644 --- a/kubernetes/dcaegen2/charts/dcae-cloudify-manager/values.yaml +++ b/kubernetes/dcaegen2/charts/dcae-cloudify-manager/values.yaml @@ -44,7 +44,7 @@ config: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.deployments.cm-container:1.6.2 +image: onap/org.onap.dcaegen2.deployments.cm-container:2.0.2 pullPolicy: Always # name of shared ConfigMap with kubeconfig for multiple clusters @@ -69,8 +69,8 @@ readiness: service: type: ClusterIP name: dcae-cloudify-manager - externalPort: 80 - internalPort: 80 + externalPort: 443 + internalPort: 443 # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/dcaegen2/charts/dcae-config-binding-service/templates/deployment.yaml b/kubernetes/dcaegen2/charts/dcae-config-binding-service/templates/deployment.yaml index a968204575..19fe038d44 100644 --- a/kubernetes/dcaegen2/charts/dcae-config-binding-service/templates/deployment.yaml +++ b/kubernetes/dcaegen2/charts/dcae-config-binding-service/templates/deployment.yaml @@ -50,36 +50,60 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + {{- if .Values.service.secure.enabled }} + - name: init-tls + env: + - name: POD_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + resources: {} + volumeMounts: + - mountPath: /opt/tls/shared + name: tls-info + {{ end }} containers: + {{- if .Values.service.secure.enabled }} - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} resources: {{ include "common.resources" . | indent 12 }} ports: - - containerPort: {{ .Values.service.internalPort }} + - containerPort: {{ .Values.service.secure.internalPort }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container {{- if eq .Values.liveness.enabled true }} livenessProbe: tcpSocket: - port: {{ .Values.service.internalPort }} + port: {{ .Values.service.secure.internalPort }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} {{ end -}} readinessProbe: httpGet: + scheme: "HTTPS" path: {{ .Values.readiness.path }} - port: {{ .Values.service.internalPort }} + port: {{ .Values.service.secure.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: - name: {{ include "common.fullname" . }}-logs mountPath: /opt/logs + - name: tls-info + mountPath: /opt/tls env: - name: CONSUL_HOST value: consul.{{ include "common.namespace" . }} - + - name: USE_HTTPS + value: "1" + - name: HTTPS_CERT_PATH + value: "/opt/tls/cert.pem" + - name: HTTPS_KEY_PATH + value: "/opt/tls/key.pem" - name: {{ include "common.name" . }}-filebeat-onap image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} @@ -91,13 +115,67 @@ spec: mountPath: /usr/share/filebeat/data - name: {{ include "common.fullname" . }}-logs mountPath: /var/log/onap + {{ end }} + {{- if .Values.service.insecure.enabled }} + - name: {{ include "common.name" . }}-insecure + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + resources: +{{ include "common.resources" . | indent 12 }} + ports: + - containerPort: {{ .Values.service.insecure.internalPort }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.insecure.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + httpGet: + scheme: "HTTP" + path: {{ .Values.readiness.path }} + port: {{ .Values.service.insecure.internalPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + volumeMounts: + - name: {{ include "common.fullname" . }}-logs-insecure + mountPath: /opt/logs + env: + - name: CONSUL_HOST + value: consul.{{ include "common.namespace" . }} + - name: {{ include "common.name" . }}-filebeat-onap-insecure + image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: {{ include "common.fullname" . }}-filebeat-conf + mountPath: /usr/share/filebeat/filebeat.yml + subPath: filebeat.yml + - name: {{ include "common.fullname" . }}-data-filebeat-insecure + mountPath: /usr/share/filebeat/data + - name: {{ include "common.fullname" . }}-logs-insecure + mountPath: /var/log/onap + {{ end }} volumes: - name: {{ include "common.fullname" . }}-filebeat-conf configMap: name: {{ .Release.Name }}-cbs-filebeat-configmap + {{- if .Values.service.secure.enabled }} - name: {{ include "common.fullname" . }}-data-filebeat emptyDir: {} - name: {{ include "common.fullname" . }}-logs emptyDir: {} + - name: tls-info + emptyDir: {} + {{ end }} + {{- if .Values.service.insecure.enabled }} + - name: {{ include "common.fullname" . }}-data-filebeat-insecure + emptyDir: {} + - name: {{ include "common.fullname" . }}-logs-insecure + emptyDir: {} + {{ end }} + imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dcaegen2/charts/dcae-config-binding-service/templates/service.yaml b/kubernetes/dcaegen2/charts/dcae-config-binding-service/templates/service.yaml index 794b896eef..8176e77c1e 100644 --- a/kubernetes/dcaegen2/charts/dcae-config-binding-service/templates/service.yaml +++ b/kubernetes/dcaegen2/charts/dcae-config-binding-service/templates/service.yaml @@ -28,16 +28,29 @@ metadata: spec: type: {{ .Values.service.type }} ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPort }} - nodePort: {{ .Values.global.nodePortPrefixExt| default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort }} - name: {{ .Values.service.name }} + {{ if eq .Values.service.type "NodePort" -}} + {{ if .Values.service.insecure.enabled -}} + - port: {{ .Values.service.insecure.externalPort }} + nodePort: {{ .Values.global.nodePortPrefixExt| default .Values.nodePortPrefixExt }}{{ .Values.service.insecure.nodePort }} + name: {{ .Values.service.name }}-insecure + {{- end }} + {{ if .Values.service.secure.enabled -}} + - port: {{ .Values.service.secure.externalPort }} + nodePort: {{ .Values.global.nodePortPrefixExt| default .Values.nodePortPrefixExt }}{{ .Values.service.secure.nodePort }} + name: {{ .Values.service.name }}-secure + {{- end }} {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.name }} - {{- end}} + {{ if .Values.service.insecure.enabled -}} + - port: {{ .Values.service.insecure.externalPort }} + targetPort: {{ .Values.service.insecure.internalPort }} + name: {{ .Values.service.name }}-insecure + {{- end }} + {{ if .Values.service.secure.enabled -}} + - port: {{ .Values.service.secure.externalPort }} + targetPort: {{ .Values.service.secure.internalPort }} + name: {{ .Values.service.name }}-secure + {{- end }} + {{- end }} selector: app: {{ include "common.name" . }} release: {{ .Release.Name }} - diff --git a/kubernetes/dcaegen2/charts/dcae-config-binding-service/values.yaml b/kubernetes/dcaegen2/charts/dcae-config-binding-service/values.yaml index 4605e88c09..c7db0d5518 100644 --- a/kubernetes/dcaegen2/charts/dcae-config-binding-service/values.yaml +++ b/kubernetes/dcaegen2/charts/dcae-config-binding-service/values.yaml @@ -25,6 +25,8 @@ global: readinessImage: readiness-check:2.0.0 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + tlsRepository: nexus3.onap.org:10001 + tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:1.0.3 repositoryCred: user: docker password: docker @@ -43,7 +45,7 @@ config: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.platform.configbinding.app-app:2.3.0 +image: onap/org.onap.dcaegen2.platform.configbinding:2.5.1 pullPolicy: Always # probe configuration parameters @@ -63,9 +65,18 @@ readiness: service: type: NodePort name: config-binding-service - externalPort: 10000 - internalPort: 10000 - nodePort: 15 + # TLS service + secure: + enabled: true + externalPort: 10443 + internalPort: 10443 + nodePort: 14 + # Non-TLS service + insecure: + enabled: true + externalPort: 10000 + internalPort: 10000 + nodePort: 15 # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/dcaegen2/charts/dcae-dashboard/.helmignore b/kubernetes/dcaegen2/charts/dcae-dashboard/.helmignore new file mode 100644 index 0000000000..50af031725 --- /dev/null +++ b/kubernetes/dcaegen2/charts/dcae-dashboard/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/kubernetes/dcaegen2/charts/dcae-dashboard/Chart.yaml b/kubernetes/dcaegen2/charts/dcae-dashboard/Chart.yaml new file mode 100644 index 0000000000..5250c17584 --- /dev/null +++ b/kubernetes/dcaegen2/charts/dcae-dashboard/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: "1.0" +description: DCAE Dashboard +name: dcae-dashboard +version: 5.0.0 diff --git a/kubernetes/dcaegen2/charts/dcae-dashboard/requirements.yaml b/kubernetes/dcaegen2/charts/dcae-dashboard/requirements.yaml new file mode 100644 index 0000000000..b0e70b3c2f --- /dev/null +++ b/kubernetes/dcaegen2/charts/dcae-dashboard/requirements.yaml @@ -0,0 +1,21 @@ +# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~5.x-0 + repository: '@local' + - name: postgres + version: ~5.x-0 + repository: '@local' diff --git a/kubernetes/dcaegen2/charts/dcae-dashboard/resources/log/filebeat.yml b/kubernetes/dcaegen2/charts/dcae-dashboard/resources/log/filebeat.yml new file mode 100644 index 0000000000..0e5ee9bffa --- /dev/null +++ b/kubernetes/dcaegen2/charts/dcae-dashboard/resources/log/filebeat.yml @@ -0,0 +1,72 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2018-2019 AT&T Intellectual Property. All rights reserved. +# Modifications Copyright © 2018 Amdocs, Bell Canada +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +filebeat.prospectors: +#it is mandatory, in our case it's log +- input_type: log + #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory. + paths: + - /var/log/onap/*/*/*/*.log + - /var/log/onap/*/*/*.log + - /var/log/onap/*/*.log + #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive + ignore_older: 48h + # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit + clean_inactive: 96h + + +# Name of the registry file. If a relative path is used, it is considered relative to the +# data path. Else full qualified file name. +#filebeat.registry_file: ${path.data}/registry + + +output.logstash: + #List of logstash server ip addresses with port number. + #But, in our case, this will be the loadbalancer IP address. + #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately. + hosts: ["{{.Values.config.logstashServiceName}}.{{.Release.Namespace}}:{{.Values.config.logstashPort}}"] + #If enable will do load balancing among availabe Logstash, automatically. + loadbalance: true + + #The list of root certificates for server verifications. + #If certificate_authorities is empty or not set, the trusted + #certificate authorities of the host system are used. + #ssl.certificate_authorities: $ssl.certificate_authorities + + #The path to the certificate for SSL client authentication. If the certificate is not specified, + #client authentication is not available. + #ssl.certificate: $ssl.certificate + + #The client certificate key used for client authentication. + #ssl.key: $ssl.key + + #The passphrase used to decrypt an encrypted key stored in the configured key file + #ssl.key_passphrase: $ssl.key_passphrase + +logging: + level: debug + + # enable file rotation with default configuration + to_files: true + + # do not log to syslog + to_syslog: false + + files: + path: /usr/share/filebeat/logs + name: mybeat.log + keepfiles: 7 diff --git a/kubernetes/dcaegen2/charts/dcae-dashboard/templates/configmap.yaml b/kubernetes/dcaegen2/charts/dcae-dashboard/templates/configmap.yaml new file mode 100644 index 0000000000..41d5826e13 --- /dev/null +++ b/kubernetes/dcaegen2/charts/dcae-dashboard/templates/configmap.yaml @@ -0,0 +1,22 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2019 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{include "common.fullname" . }}-filebeat-configmap + namespace: {{include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/log/*").AsConfig . | indent 2 }} + diff --git a/kubernetes/dcaegen2/charts/dcae-dashboard/templates/deployment.yaml b/kubernetes/dcaegen2/charts/dcae-dashboard/templates/deployment.yaml new file mode 100644 index 0000000000..779844c0e3 --- /dev/null +++ b/kubernetes/dcaegen2/charts/dcae-dashboard/templates/deployment.yaml @@ -0,0 +1,168 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: 1 + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + spec: + initContainers: + - name: {{ include "common.name" . }}-readiness + image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /root/ready.py + args: + - --container-name + - dcae-cloudify-manager + - --container-name + - consul-server + - --container-name + - dcae-inventory-api + - --container-name + - dcae-deployment-handler + - --container-name + - {{ .Values.postgres.nameOverride }} + - "-t" + - "45" + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: init-tls + env: + - name: POD_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + resources: {} + volumeMounts: + - mountPath: /opt/tls/shared + name: tls-info + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + resources: +{{ include "common.resources" . | indent 12 }} + ports: + - containerPort: {{ .Values.service.internalPort }} + protocol: TCP + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end }} + readinessProbe: + httpGet: + path: {{ .Values.readiness.path }} + port: {{ .Values.service.internalPort }} + scheme: {{ .Values.readiness.scheme }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + failureThreshold: 1 + successThreshold: 1 + timeoutSeconds: 1 + volumeMounts: + - mountPath: /usr/local/share/ca-certificates/ + name: tls-info + env: + - name: CONSUL_HOST + value: consul-server.{{ include "common.namespace" . }} + - name: CONFIG_BINDING_SERVICE + value: config-binding-service + - name: inventory_url + value: {{ .Values.config.inventory_url }} + - name: postgres_port + value: "{{ .Values.postgres.config.pgPort }}" + - name: cloudify_password + value: admin + - name: dhandler_url + value: {{ .Values.config.dhandler_url }} + - name: cfy_url + value: {{ .Values.config.cfy_url }} + - name: cloudify_user + value: admin + - name: consul_url + value: http://consul-server-ui:8500 + - name: postgres_user_dashboard + value: {{ .Values.postgres.config.pgUserName }} + - name: postgres_db_name + value: {{ .Values.postgres.config.pgDatabase }} + - name: postgres_password_dashboard + value: {{ .Values.postgres.config.pgUserPassword }} + - name: postgres_ip + value: {{ .Values.postgres.service.name2 }} + - name: POD_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + - name: {{ include "common.name" . }}-filebeat + env: + - name: POD_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + image: {{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }} + imagePullPolicy: IfNotPresent + resources: {} + volumeMounts: + - mountPath: /var/log/onap/dashboard + name: component-log + - mountPath: /usr/share/filebeat/data + name: filebeat-data + - mountPath: /usr/share/filebeat/filebeat.yml + name: filebeat-conf + subPath: filebeat.yml + volumes: + - emptyDir: {} + name: component-log + - emptyDir: {} + name: filebeat-data + - configMap: + defaultMode: 420 + name: {{ include "common.fullname" . }}-filebeat-configmap + name: filebeat-conf + - emptyDir: {} + name: tls-info + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" + diff --git a/kubernetes/dcaegen2/charts/dcae-dashboard/templates/service.yaml b/kubernetes/dcaegen2/charts/dcae-dashboard/templates/service.yaml new file mode 100644 index 0000000000..39f16bd6b1 --- /dev/null +++ b/kubernetes/dcaegen2/charts/dcae-dashboard/templates/service.yaml @@ -0,0 +1,43 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.externalPort }} + nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort }} + name: {{ .Values.service.name }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.name }} + {{- end}} + selector: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + diff --git a/kubernetes/dcaegen2/charts/dcae-dashboard/values.yaml b/kubernetes/dcaegen2/charts/dcae-dashboard/values.yaml new file mode 100644 index 0000000000..615afc42c2 --- /dev/null +++ b/kubernetes/dcaegen2/charts/dcae-dashboard/values.yaml @@ -0,0 +1,126 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefixExt: 304 + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.0 + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + tlsRepository: nexus3.onap.org:10001 + tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:1.0.3 + +config: + logstashServiceName: log-ls + logstashPort: 5044 + dhandler_url: https://deployment-handler:8443 + cfy_url: https://dcae-cloudify-manager/api/v3.1 + inventory_url: https://inventory:8080 + # Addresses of other ONAP entities + address: + consul: + host: consul-server + port: 8500 + +################################################################# +# Application configuration defaults. +################################################################# +# application image +repository: nexus3.onap.org:10001 +image: onap/org.onap.ccsdk.dashboard.ccsdk-app-os:1.1.0 +pullPolicy: Always + +# probe configuration parameters +liveness: + initialDelaySeconds: 10 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + # liveness not desirable for Cloudify Manager container + enabled: false + +readiness: + initialDelaySeconds: 30 + periodSeconds: 30 + path: /ccsdk-app/health + scheme: HTTP + +service: + type: NodePort + name: dashboard + externalPort: 8080 + internalPort: 8080 + nodePort: 18 +# application configuration override for postgres +postgres: + nameOverride: dcae-dashboard-pg + service: + name: dcae-dashboard-postgres + name2: dcae-dashboard-pg-primary + name3: dcae-dashboard-pg-replica + container: + name: + primary: dcae-dashboard-pg-primary + replica: dcae-dashboard-pg-replica + config: + pgUserName: dashboard_pg_admin + pgDatabase: dashboard_pg_db_common + pgPrimaryPassword: onapdemodb + pgUserPassword: onapdemodb + pgRootPassword: onapdemodb + pgPort: "5432" + persistence: + mountSubPath: dcae-dashboard/data + mountInitPath: dcae-dashboard + pgpool: + nameOverride: dcae-dashboard-pgpool + service: + name: dcae-dashboard-pgpool + credentials: + pgusername: dcae_dashboard + pgpassword: onapdemodb + container: + name: + primary: dcae-dashboard-pgpool-primary + replica: dcae-dashboard-pgpool-replica + +# Resource Limit flavor -By Default using small +flavor: small +# Segregation for Different environment (Small and Large) +resources: + small: + limits: + cpu: 2 + memory: 2Gi + requests: + cpu: 1 + memory: 1Gi + large: + limits: + cpu: 4 + memory: 4Gi + requests: + cpu: 2 + memory: 2Gi + unlimited: {} +# Kubernetes namespace for components deployed via Cloudify manager +# If empty, use the common namespace +# dcae_ns: "dcae" + diff --git a/kubernetes/dcaegen2/charts/dcae-deployment-handler/resources/config/config.json b/kubernetes/dcaegen2/charts/dcae-deployment-handler/resources/config/config.json index 600f07c457..026355a909 100644 --- a/kubernetes/dcaegen2/charts/dcae-deployment-handler/resources/config/config.json +++ b/kubernetes/dcaegen2/charts/dcae-deployment-handler/resources/config/config.json @@ -1,8 +1,8 @@ { "cloudify": { - "protocol": "http" + "protocol": "https" }, "inventory": { - "protocol": "http" + "protocol": "https" } -} \ No newline at end of file +} diff --git a/kubernetes/dcaegen2/charts/dcae-deployment-handler/templates/deployment.yaml b/kubernetes/dcaegen2/charts/dcae-deployment-handler/templates/deployment.yaml index 3e4e53b679..a67197849f 100644 --- a/kubernetes/dcaegen2/charts/dcae-deployment-handler/templates/deployment.yaml +++ b/kubernetes/dcaegen2/charts/dcae-deployment-handler/templates/deployment.yaml @@ -72,7 +72,7 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} args: - --service - - "cloudify_manager|dcae-cloudify-manager.{{ include "common.namespace" . }}|80" + - "cloudify_manager|dcae-cloudify-manager.{{ include "common.namespace" . }}|443" - --service - "inventory|inventory.{{ include "common.namespace" . }}|8080" - --key @@ -119,6 +119,8 @@ spec: value: admin - name: CONFIG_BINDING_SERVICE value: config-binding-service + - name: NODE_EXTRA_CA_CERTS + value: /opt/app/dh/etc/cert/cacert.pem - name: POD_IP valueFrom: fieldRef: diff --git a/kubernetes/dcaegen2/charts/dcae-deployment-handler/values.yaml b/kubernetes/dcaegen2/charts/dcae-deployment-handler/values.yaml index 0eddf7c1a0..30893b6d7c 100644 --- a/kubernetes/dcaegen2/charts/dcae-deployment-handler/values.yaml +++ b/kubernetes/dcaegen2/charts/dcae-deployment-handler/values.yaml @@ -46,7 +46,7 @@ config: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.platform.deployment-handler:4.0.1 +image: onap/org.onap.dcaegen2.platform.deployment-handler:4.2.0 pullPolicy: Always # probe configuration parameters diff --git a/kubernetes/dcaegen2/charts/dcae-healthcheck/values.yaml b/kubernetes/dcaegen2/charts/dcae-healthcheck/values.yaml index 913cb714d6..fb5a195e60 100644 --- a/kubernetes/dcaegen2/charts/dcae-healthcheck/values.yaml +++ b/kubernetes/dcaegen2/charts/dcae-healthcheck/values.yaml @@ -45,7 +45,7 @@ readiness: periodSeconds: 10 # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.deployments.healthcheck-container:1.2.4 +image: onap/org.onap.dcaegen2.deployments.healthcheck-container:1.2.5 # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/resources/config/config.json b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/resources/config/config.json index a8329f674b..c8c7dd79f1 100644 --- a/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/resources/config/config.json +++ b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/resources/config/config.json @@ -30,5 +30,14 @@ "gzipEnabledForRequests": false, "timeout": "5000milliseconds", "connectionTimeout": "5000milliseconds" + }, + "server": { + "applicationConnectors": [{ + "type": "https", + "port": 8080, + "keyStorePath": "/opt/cert/cert.jks", + "keyStorePassword": "hD:!w:CxF]lGvM6Mz9l^j[7U", + "keyStoreType": "JKS" + }] } - } \ No newline at end of file + } diff --git a/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/templates/deployment.yaml b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/templates/deployment.yaml index e3e4aaf5cd..28eeae23a1 100644 --- a/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/templates/deployment.yaml +++ b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/templates/deployment.yaml @@ -50,6 +50,19 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + - name: init-tls + env: + - name: POD_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + resources: {} + volumeMounts: + - mountPath: /opt/tls/shared + name: tls-info containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -79,12 +92,15 @@ spec: httpGet: path: {{ .Values.readiness.path }} port: {{ .Values.service.internalPort }} + scheme: {{ .Values.readiness.scheme }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: - name: {{ include "common.fullname" . }}-inv-config mountPath: /opt/config.json subPath: config.json + - mountPath: /opt/cert/ + name: tls-info env: - name: CONSUL_HOST value: consul.{{ include "common.namespace" . }} @@ -92,5 +108,7 @@ spec: - name: {{ include "common.fullname" . }}-inv-config configMap: name: {{ include "common.fullname" . }}-configmap + - emptyDir: {} + name: tls-info imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/values.yaml b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/values.yaml index f12040210b..8e4430c37e 100644 --- a/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/values.yaml +++ b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/values.yaml @@ -24,6 +24,8 @@ global: readinessImage: readiness-check:2.0.0 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + tlsRepository: nexus3.onap.org:10001 + tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:1.0.3 repositoryCred: user: docker password: docker @@ -42,7 +44,7 @@ config: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.platform.inventory-api:3.2.0 +image: onap/org.onap.dcaegen2.platform.inventory-api:3.4.0 pullPolicy: Always @@ -59,6 +61,7 @@ readiness: initialDelaySeconds: 30 periodSeconds: 30 path: /dcae-service-types + scheme: HTTPS service: type: ClusterIP diff --git a/kubernetes/dcaegen2/charts/dcae-servicechange-handler/resources/config/config.json b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/resources/config/config.json index 7ddc800817..4578d4c4ee 100644 --- a/kubernetes/dcaegen2/charts/dcae-servicechange-handler/resources/config/config.json +++ b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/resources/config/config.json @@ -17,6 +17,6 @@ "isFilterInEmptyResources": false }, "dcaeInventoryClient": { - "uri": "http://inventory:8080" + "uri": "https://inventory:8080" } } diff --git a/kubernetes/dcaegen2/charts/dcae-servicechange-handler/templates/deployment.yaml b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/templates/deployment.yaml index 44ebc42412..d948d3425b 100644 --- a/kubernetes/dcaegen2/charts/dcae-servicechange-handler/templates/deployment.yaml +++ b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/templates/deployment.yaml @@ -54,16 +54,23 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + - name: init-tls + env: + - name: POD_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + resources: {} + volumeMounts: + - mountPath: /opt/tls/shared + name: tls-info containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: ["java"] - args: - - "-jar" - - "/opt/servicechange-handler.jar" - - "prod" - - "/opt/config.json" resources: {{ include "common.resources" . | indent 12 }} # disable liveness probe when breakpoints set in debugger @@ -84,12 +91,21 @@ spec: - name: {{ include "common.fullname" . }}-sch-config mountPath: /opt/config.json subPath: config.json + # NOTE: This is tied to the PATH_TO_CACERT env variable + - mountPath: /opt/cert/ + name: tls-info env: - name: CONSUL_HOST value: consul.{{ include "common.namespace" . }} + - name: PATH_TO_CACERT + value: "/opt/cert/cacert.pem" + - name: SCH_ARGS + value: "prod /opt/config.json" volumes: - name: {{ include "common.fullname" . }}-sch-config configMap: name: {{ include "common.fullname" . }}-configmap + - emptyDir: {} + name: tls-info imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dcaegen2/charts/dcae-servicechange-handler/values.yaml b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/values.yaml index dd985163c1..0b88a65c69 100644 --- a/kubernetes/dcaegen2/charts/dcae-servicechange-handler/values.yaml +++ b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/values.yaml @@ -24,6 +24,8 @@ global: readinessImage: readiness-check:2.0.0 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + tlsRepository: nexus3.onap.org:10001 + tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:1.0.3 repositoryCred: user: docker password: docker @@ -40,7 +42,7 @@ config: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.platform.servicechange-handler:1.1.5 +image: onap/org.onap.dcaegen2.platform.servicechange-handler:1.3.2 pullPolicy: Always diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/cadi.properties b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/cadi.properties new file mode 100644 index 0000000000..1e7d7d38ac --- /dev/null +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/cadi.properties @@ -0,0 +1,19 @@ +aaf_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1 +aaf_env=DEV +aaf_lur=org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm + +cadi_truststore=/opt/kafka/config/org.onap.dmaap.mr.trust.jks +cadi_truststore_password=enc:gvXm0E9p-_SRNw5_feOUE7wqXBxgxV3S_bdAyB08Sq9F35cCUZHWgQyKIDtTAbEw + +cadi_keyfile=/opt/kafka/config/org.onap.dmaap.mr.keyfile + +cadi_alias=dmaapmr@mr.dmaap.onap.org +cadi_keystore=/opt/kafka/config/org.onap.dmaap.mr.p12 +cadi_keystore_password=enc:pLMCzQzk-OP7IpYNi0TPtQSkNcraFAdarZG8HbdOKq4BycW6g_7mfhphLhOZo6ht +cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US + + +cadi_loglevel=INFO +cadi_protocols=TLSv1.1,TLSv1.2 +cadi_latitude=37.78187 +cadi_longitude=-122.26147 \ No newline at end of file diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/log4j.properties b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/log4j.properties new file mode 100644 index 0000000000..8e20fa48aa --- /dev/null +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/log4j.properties @@ -0,0 +1,74 @@ +log4j.rootLogger=INFO, stdout, kafkaAppender + +log4j.appender.stdout=org.apache.log4j.ConsoleAppender +log4j.appender.stdout.layout=org.apache.log4j.PatternLayout +log4j.appender.stdout.layout.ConversionPattern=[%d] %p %m (%c)%n + +log4j.appender.kafkaAppender=org.apache.log4j.DailyRollingFileAppender +log4j.appender.kafkaAppender.DatePattern='.'yyyy-MM-dd-HH +log4j.appender.kafkaAppender.File=${kafka.logs.dir}/server.log +log4j.appender.kafkaAppender.layout=org.apache.log4j.PatternLayout +log4j.appender.kafkaAppender.layout.ConversionPattern=[%d] %p %m (%c)%n + +log4j.appender.stateChangeAppender=org.apache.log4j.DailyRollingFileAppender +log4j.appender.stateChangeAppender.DatePattern='.'yyyy-MM-dd-HH +log4j.appender.stateChangeAppender.File=${kafka.logs.dir}/state-change.log +log4j.appender.stateChangeAppender.layout=org.apache.log4j.PatternLayout +log4j.appender.stateChangeAppender.layout.ConversionPattern=[%d] %p %m (%c)%n + +log4j.appender.requestAppender=org.apache.log4j.DailyRollingFileAppender +log4j.appender.requestAppender.DatePattern='.'yyyy-MM-dd-HH +log4j.appender.requestAppender.File=${kafka.logs.dir}/kafka-request.log +log4j.appender.requestAppender.layout=org.apache.log4j.PatternLayout +log4j.appender.requestAppender.layout.ConversionPattern=[%d] %p %m (%c)%n + +log4j.appender.cleanerAppender=org.apache.log4j.DailyRollingFileAppender +log4j.appender.cleanerAppender.DatePattern='.'yyyy-MM-dd-HH +log4j.appender.cleanerAppender.File=${kafka.logs.dir}/log-cleaner.log +log4j.appender.cleanerAppender.layout=org.apache.log4j.PatternLayout +log4j.appender.cleanerAppender.layout.ConversionPattern=[%d] %p %m (%c)%n + +log4j.appender.controllerAppender=org.apache.log4j.DailyRollingFileAppender +log4j.appender.controllerAppender.DatePattern='.'yyyy-MM-dd-HH +log4j.appender.controllerAppender.File=${kafka.logs.dir}/controller.log +log4j.appender.controllerAppender.layout=org.apache.log4j.PatternLayout +log4j.appender.controllerAppender.layout.ConversionPattern=[%d] %p %m (%c)%n + +log4j.appender.authorizerAppender=org.apache.log4j.DailyRollingFileAppender +log4j.appender.authorizerAppender.DatePattern='.'yyyy-MM-dd-HH +log4j.appender.authorizerAppender.File=${kafka.logs.dir}/kafka-authorizer.log +log4j.appender.authorizerAppender.layout=org.apache.log4j.PatternLayout +log4j.appender.authorizerAppender.layout.ConversionPattern=[%d] %p %m (%c)%n + +# Change the two lines below to adjust ZK client logging +log4j.logger.org.I0Itec.zkclient.ZkClient=INFO +log4j.logger.org.apache.zookeeper=INFO + +# Change the two lines below to adjust the general broker logging level (output to server.log and stdout) +log4j.logger.kafka=INFO +log4j.logger.org.apache.kafka=INFO + +# Change to DEBUG or TRACE to enable request logging +log4j.logger.kafka.request.logger=WARN, requestAppender +log4j.additivity.kafka.request.logger=false + +# Uncomment the lines below and change log4j.logger.kafka.network.RequestChannel$ to TRACE for additional output +# related to the handling of requests +#log4j.logger.kafka.network.Processor=TRACE, requestAppender +#log4j.logger.kafka.server.KafkaApis=TRACE, requestAppender +#log4j.additivity.kafka.server.KafkaApis=false +log4j.logger.kafka.network.RequestChannel$=WARN, requestAppender +log4j.additivity.kafka.network.RequestChannel$=false + +log4j.logger.kafka.controller=TRACE, controllerAppender +log4j.additivity.kafka.controller=false + +log4j.logger.kafka.log.LogCleaner=INFO, cleanerAppender +log4j.additivity.kafka.log.LogCleaner=false + +log4j.logger.state.change.logger=TRACE, stateChangeAppender +log4j.additivity.state.change.logger=false + +# Access denials are logged at INFO level, change to DEBUG to also log allowed accesses +log4j.logger.kafka.authorizer.logger=INFO, authorizerAppender +log4j.additivity.kafka.authorizer.logger=false diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/server.properties b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/server.properties new file mode 100644 index 0000000000..40469b741a --- /dev/null +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/server.properties @@ -0,0 +1,117 @@ +############################# Socket Server Settings ############################# + +# The address the socket server listens on. It will get the value returned from +# java.net.InetAddress.getCanonicalHostName() if not configured. +# FORMAT: +# listeners = listener_name://host_name:port +# EXAMPLE: +# listeners = PLAINTEXT://your.host.name:9092 +listeners=EXTERNAL_SASL_PLAINTEXT://0.0.0.0:9093,INTERNAL_SASL_PLAINTEXT://0.0.0.0:9092 + +# Maps listener names to security protocols, the default is for them to be the same. See the config documentation for more details +listener.security.protocol.map=INTERNAL_SASL_PLAINTEXT:SASL_PLAINTEXT,EXTERNAL_SASL_PLAINTEXT:SASL_PLAINTEXT + +# The number of threads that the server uses for receiving requests from the network and sending responses to the network +num.network.threads=3 + +# The number of threads that the server uses for processing requests, which may include disk I/O +num.io.threads=8 + +# The send buffer (SO_SNDBUF) used by the socket server +socket.send.buffer.bytes=102400 + +# The receive buffer (SO_RCVBUF) used by the socket server +socket.receive.buffer.bytes=102400 + +# The maximum size of a request that the socket server will accept (protection against OOM) +socket.request.max.bytes=104857600 + + +############################# Log Basics ############################# + +# A comma separated list of directories under which to store log files +log.dirs=/opt/kafka/data + +# The default number of log partitions per topic. More partitions allow greater +# parallelism for consumption, but this will also result in more files across +# the brokers. +num.partitions={{ .Values.defaultpartitions }} + +# The number of threads per data directory to be used for log recovery at startup and flushing at shutdown. +# This value is recommended to be increased for installations with data dirs located in RAID array. +num.recovery.threads.per.data.dir=1 + +############################# Internal Topic Settings ############################# +# The replication factor for the group metadata internal topics "__consumer_offsets" and "__transaction_state" +# For anything other than development testing, a value greater than 1 is recommended for to ensure availability such as 3. +offsets.topic.replication.factor={{ .Values.replicaCount }} +transaction.state.log.replication.factor=1 +transaction.state.log.min.isr=1 + +############################# Log Flush Policy ############################# + +# Messages are immediately written to the filesystem but by default we only fsync() to sync +# the OS cache lazily. The following configurations control the flush of data to disk. +# There are a few important trade-offs here: +# 1. Durability: Unflushed data may be lost if you are not using replication. +# 2. Latency: Very large flush intervals may lead to latency spikes when the flush does occur as there will be a lot of data to flush. +# 3. Throughput: The flush is generally the most expensive operation, and a small flush interval may lead to excessive seeks. +# The settings below allow one to configure the flush policy to flush data after a period of time or +# every N messages (or both). This can be done globally and overridden on a per-topic basis. + +# The number of messages to accept before forcing a flush of data to disk +#log.flush.interval.messages=10000 + +# The maximum amount of time a message can sit in a log before we force a flush +#log.flush.interval.ms=1000 + +############################# Log Retention Policy ############################# + +# The following configurations control the disposal of log segments. The policy can +# be set to delete segments after a period of time, or after a given size has accumulated. +# A segment will be deleted whenever *either* of these criteria are met. Deletion always happens +# from the end of the log. + +# The minimum age of a log file to be eligible for deletion due to age +log.retention.hours=168 + +# A size-based retention policy for logs. Segments are pruned from the log unless the remaining +# segments drop below log.retention.bytes. Functions independently of log.retention.hours. +#log.retention.bytes=1073741824 + +# The maximum size of a log segment file. When this size is reached a new log segment will be created. +log.segment.bytes=1073741824 + +# The interval at which log segments are checked to see if they can be deleted according +# to the retention policies +log.retention.check.interval.ms=300000 + +############################# Zookeeper ############################# + +# Zookeeper connection string (see zookeeper docs for details). +# This is a comma separated host:port pairs, each corresponding to a zk +# server. e.g. "127.0.0.1:3000,127.0.0.1:3001,127.0.0.1:3002". +# You can also append an optional chroot string to the urls to specify the +# root directory for all kafka znodes. +zookeeper.connect={{.Release.Name}}-{{.Values.zookeeper.name}}-0.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}},{{.Release.Name}}-{{.Values.zookeeper.name}}-1.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}},{{.Release.Name}}-{{.Values.zookeeper.name}}-2.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}} + +# Timeout in ms for connecting to zookeeper +zookeeper.connection.timeout.ms=6000 + + +############################# Group Coordinator Settings ############################# + +# The following configuration specifies the time, in milliseconds, that the GroupCoordinator will delay the initial consumer rebalance. +# The rebalance will be further delayed by the value of group.initial.rebalance.delay.ms as new members join the group, up to a maximum of max.poll.interval.ms. +# The default value for this is 3 seconds. +# We override this to 0 here as it makes for a better out-of-the-box experience for development and testing. +# However, in production environments the default value of 3 seconds is more suitable as this will help to avoid unnecessary, and potentially expensive, rebalances during application startup. +group.initial.rebalance.delay.ms=0 + +inter.broker.listener.name=INTERNAL_SASL_PLAINTEXT +default.replication.factor={{ .Values.replicaCount }} +delete.topic.enable=true +sasl.enabled.mechanisms=PLAIN +authorizer.class.name=org.onap.dmaap.kafkaAuthorize.KafkaCustomAuthorizer +version=1.1.1 +sasl.mechanism.inter.broker.protocol=PLAIN diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/configmap.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/configmap.yaml new file mode 100644 index 0000000000..f9900f6233 --- /dev/null +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/configmap.yaml @@ -0,0 +1,55 @@ +# Copyright © 2019 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-server-prop-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/server.properties").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-cadi-prop-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/cadi.properties").AsConfig . | indent 2 }} +--- + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-log4j-prop-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/log4j.properties").AsConfig . | indent 2 }} +--- + diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml index 5e964231de..bfe4b11ba7 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml @@ -75,11 +75,20 @@ spec: - -exec - | chown -R 1000:1000 /opt/kafka/data; + cp /opt/kafka/tmpconfig/server.properties /opt/kafka/config/; + chown 1000:1000 /opt/kafka/config/server.properties; + cd /opt/kafka/config; + ls; image: "{{ .Values.busyBoxRepository }}/{{ .Values.busyBoxImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - mountPath: /opt/kafka/data name: kafka-data + - mountPath: /opt/kafka/tmpconfig/server.properties + subPath: server.properties + name: server + - mountPath: /opt/kafka/config + name: config-data name: {{ include "common.name" . }}-permission-fixer containers: - name: {{ include "common.name" . }} @@ -116,38 +125,27 @@ spec: fieldRef: apiVersion: v1 fieldPath: status.hostIP - - name: KAFKA_ZOOKEEPER_CONNECT - value: "{{.Values.zookeeper.name}}:{{.Values.zookeeper.port}}" - - name: KAFKA_LISTENER_SECURITY_PROTOCOL_MAP - value: "INTERNAL_SASL_PLAINTEXT:SASL_PLAINTEXT,EXTERNAL_SASL_PLAINTEXT:SASL_PLAINTEXT" - - name: KAFKA_LISTENERS - value: "EXTERNAL_SASL_PLAINTEXT://0.0.0.0:{{ .Values.service.externalPort }},INTERNAL_SASL_PLAINTEXT://0.0.0.0:{{ .Values.service.internalPort }}" - - name: KAFKA_INTER_BROKER_LISTENER_NAME - value: "INTERNAL_SASL_PLAINTEXT" - - name: KAFKA_SASL_ENABLED_MECHANISMS - value: "PLAIN" - - name: KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL - value: "PLAIN" - - name: KAFKA_AUTHORIZER_CLASS_NAME - value: "{{ .Values.kafkaCustomAuthorizer }}" - - name: KAFKA_DELETE_TOPIC_ENABLE - value: "{{ .Values.deleteTopicEnable }}" - name: aaf_locate_url - value: "https://aaf-locate:8095" - - name: KAFKA_LOG_DIRS - value: "/opt/kafka/data" - - name: KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR - value: "{{ .Values.replicaCount }}" - - name: KAFKA_DEFAULT_REPLICATION_FACTOR - value: "{{ .Values.replicaCount }}" - - name: KAFKA_NUM_PARTITIONS - value: "{{ .Values.defaultpartitions }}" + value: https://aaf-locate.{{ include "common.namespace" . }}:8095 + volumeMounts: - mountPath: /etc/localtime name: localtime readOnly: true - mountPath: /var/run/docker.sock name: docker-socket + - mountPath: /opt/kafka/tmpconfig/server.properties + subPath: server.properties + name: server + - mountPath: /opt/kafka/config/server.properties + subPath: server.properties + name: config-data + - mountPath: /opt/kafka/config/log4j.properties + subPath: log4j.properties + name: log4j + - mountPath: /opt/kafka/config/cadi.properties + subPath: cadi.properties + name: cadi - mountPath: /opt/kafka/data name: kafka-data {{- if .Values.tolerations }} @@ -158,9 +156,20 @@ spec: - name: localtime hostPath: path: /etc/localtime + - name: config-data + emptyDir: {} - name: docker-socket hostPath: path: /var/run/docker.sock + - name: server + configMap: + name: {{ include "common.fullname" . }}-server-prop-configmap + - name: log4j + configMap: + name: {{ include "common.fullname" . }}-log4j-prop-configmap + - name: cadi + configMap: + name: {{ include "common.fullname" . }}-cadi-prop-configmap {{ if not .Values.persistence.enabled }} - name: kafka-data emptyDir: {} @@ -187,4 +196,4 @@ spec: heritage: "{{ .Release.Service }}" {{ end }} imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" + - name: "{{ include "common.namespace" . }}-docker-registry-key" \ No newline at end of file diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/values.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/values.yaml index 4c5541bf2e..9c72958cf9 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/values.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/values.yaml @@ -30,7 +30,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/dmaap/zookeeper:6.0.0 +image: onap/dmaap/zookeeper:6.0.1 pullPolicy: Always ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 busyBoxImage: busybox:1.30 diff --git a/kubernetes/dmaap/components/message-router/resources/config/dmaap/MsgRtrApi.properties b/kubernetes/dmaap/components/message-router/resources/config/dmaap/MsgRtrApi.properties index 8e446610d4..b07eaad9b5 100755 --- a/kubernetes/dmaap/components/message-router/resources/config/dmaap/MsgRtrApi.properties +++ b/kubernetes/dmaap/components/message-router/resources/config/dmaap/MsgRtrApi.properties @@ -36,7 +36,9 @@ ## Both Cambria and Kafka make use of Zookeeper. ## #config.zk.servers=172.18.1.1 -config.zk.servers={{.Values.zookeeper.name}}:{{.Values.zookeeper.port}} +#config.zk.servers={{.Values.zookeeper.name}}:{{.Values.zookeeper.port}} +config.zk.servers={{.Release.Name}}-{{.Values.zookeeper.name}}-0.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}},{{.Release.Name}}-{{.Values.zookeeper.name}}-1.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}},{{.Release.Name}}-{{.Values.zookeeper.name}}-2.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}} + #config.zk.root=/fe3c/cambria/config @@ -48,7 +50,8 @@ config.zk.servers={{.Values.zookeeper.name}}:{{.Values.zookeeper.port}} ## configurations (after removing "kafka.") ## if you want to change request.required.acks it can take this one value #kafka.metadata.broker.list=localhost:9092,localhost:9093 -kafka.metadata.broker.list={{.Values.kafka.name}}:{{.Values.kafka.port}} +#kafka.metadata.broker.list={{.Values.kafka.name}}:{{.Values.kafka.port}} +kafka.metadata.broker.list={{.Release.Name}}-{{.Values.kafka.name}}-0.{{.Values.kafka.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.kafka.port}},{{.Release.Name}}-{{.Values.kafka.name}}-1.{{.Values.kafka.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.kafka.port}},{{.Release.Name}}-{{.Values.kafka.name}}-2.{{.Values.kafka.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.kafka.port}} ##kafka.request.required.acks=-1 #kafka.client.zookeeper=${config.zk.servers} consumer.timeout.ms=100 diff --git a/kubernetes/dmaap/components/message-router/resources/config/dmaap/cadi.properties b/kubernetes/dmaap/components/message-router/resources/config/dmaap/cadi.properties index 4e0b085e20..36dafce986 100755 --- a/kubernetes/dmaap/components/message-router/resources/config/dmaap/cadi.properties +++ b/kubernetes/dmaap/components/message-router/resources/config/dmaap/cadi.properties @@ -1,5 +1,5 @@ -aaf_locate_url=https://aaf-locate:8095 -aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.1 +aaf_locate_url=https://aaf-locate.{{ include "common.namespace" . }}:8095 +aaf_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1 aaf_env=DEV aaf_lur=org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm diff --git a/kubernetes/dmaap/components/message-router/resources/config/dmaap/logback.xml b/kubernetes/dmaap/components/message-router/resources/config/dmaap/logback.xml new file mode 100644 index 0000000000..5dac1c0de7 --- /dev/null +++ b/kubernetes/dmaap/components/message-router/resources/config/dmaap/logback.xml @@ -0,0 +1,212 @@ + + + + ${module.ajsc.namespace.name} + + + + + ERROR + ACCEPT + DENY + + + %d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n + + + + + + + INFO + ACCEPT + DENY + + + + + + + "%d [%thread] %-5level %logger{1024} - %msg%n" + + + + + class="ch.qos.logback.core.ConsoleAppender"> + + ERROR + ACCEPT + DENY + + + "%d [%thread] %-5level %logger{1024} - %msg%n" + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + "%d [%thread] %-5level %logger{1024} - %msg%n" + + + + + + + "%d [%thread] %-5level %logger{1024} - %msg%n" + + + + 1000 + 0 + + + + + + + + + + + 1000 + 0 + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/kubernetes/dmaap/components/message-router/templates/configmap.yaml b/kubernetes/dmaap/components/message-router/templates/configmap.yaml index e2e0da51fd..f84915a9e0 100644 --- a/kubernetes/dmaap/components/message-router/templates/configmap.yaml +++ b/kubernetes/dmaap/components/message-router/templates/configmap.yaml @@ -39,6 +39,21 @@ metadata: data: {{ tpl (.Files.Glob "resources/config/dmaap/cadi.properties").AsConfig . | indent 2 }} --- + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-logback-xml-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/dmaap/logback.xml").AsConfig . | indent 2 }} +--- + apiVersion: v1 kind: ConfigMap metadata: diff --git a/kubernetes/dmaap/components/message-router/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/templates/statefulset.yaml index 7bf88f5f8e..f7b51d1b9e 100644 --- a/kubernetes/dmaap/components/message-router/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/message-router/templates/statefulset.yaml @@ -76,6 +76,9 @@ spec: - mountPath: /appl/dmaapMR1/bundleconfig/etc/appprops/MsgRtrApi.properties subPath: MsgRtrApi.properties name: appprops + - mountPath: /appl/dmaapMR1/bundleconfig/etc/logback.xml + subPath: logback.xml + name: logback - mountPath: /appl/dmaapMR1/etc/cadi.properties subPath: cadi.properties name: cadi @@ -91,6 +94,9 @@ spec: - name: appprops configMap: name: {{ include "common.fullname" . }}-msgrtrapi-prop-configmap + - name: logback + configMap: + name: {{ include "common.fullname" . }}-logback-xml-configmap - name: cadi configMap: name: {{ include "common.fullname" . }}-cadi-prop-configmap diff --git a/kubernetes/dmaap/components/message-router/values.yaml b/kubernetes/dmaap/components/message-router/values.yaml index 54c8982eca..7561bc24a3 100644 --- a/kubernetes/dmaap/components/message-router/values.yaml +++ b/kubernetes/dmaap/components/message-router/values.yaml @@ -28,7 +28,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/dmaap/dmaap-mr:1.1.14 +image: onap/dmaap/dmaap-mr:1.1.16 pullPolicy: Always kafka: diff --git a/kubernetes/nbi/values.yaml b/kubernetes/nbi/values.yaml index 08ba011631..aef2e599fa 100644 --- a/kubernetes/nbi/values.yaml +++ b/kubernetes/nbi/values.yaml @@ -28,7 +28,7 @@ subChartsOnly: # application image repository: nexus3.onap.org:10001 -image: onap/externalapi/nbi:4.0.0 +image: onap/externalapi/nbi:5.0.0 pullPolicy: Always sdc_authorization: Basic YWFpOktwOGJKNFNYc3pNMFdYbGhhazNlSGxjc2UyZ0F3ODR2YW9HR21KdlV5MlU= aai_authorization: Basic QUFJOkFBSQ== diff --git a/kubernetes/policy/charts/brmsgw/values.yaml b/kubernetes/policy/charts/brmsgw/values.yaml index da3a39ae1c..57ff2f4b49 100644 --- a/kubernetes/policy/charts/brmsgw/values.yaml +++ b/kubernetes/policy/charts/brmsgw/values.yaml @@ -26,7 +26,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-pe:1.4.1 +image: onap/policy-pe:1.5.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/charts/drools/values.yaml b/kubernetes/policy/charts/drools/values.yaml index d9582013b1..21f9169462 100644 --- a/kubernetes/policy/charts/drools/values.yaml +++ b/kubernetes/policy/charts/drools/values.yaml @@ -28,7 +28,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-pdpd-cl:1.4.2 +image: onap/policy-pdpd-cl:1.5.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/charts/pdp/values.yaml b/kubernetes/policy/charts/pdp/values.yaml index b57a67e4c4..07f1794bd2 100644 --- a/kubernetes/policy/charts/pdp/values.yaml +++ b/kubernetes/policy/charts/pdp/values.yaml @@ -28,7 +28,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-pe:1.4.1 +image: onap/policy-pe:1.5.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/charts/policy-apex-pdp/resources/config/OnapPfConfig.json b/kubernetes/policy/charts/policy-apex-pdp/resources/config/OnapPfConfig.json index 9de4a8b5b5..f26f35a9f4 100644 --- a/kubernetes/policy/charts/policy-apex-pdp/resources/config/OnapPfConfig.json +++ b/kubernetes/policy/charts/policy-apex-pdp/resources/config/OnapPfConfig.json @@ -12,5 +12,17 @@ "pdpType":"apex", "description":"Pdp Heartbeat", "supportedPolicyTypes":[{"name":"onap.policies.controlloop.operational.Apex","version":"1.0.0"}] + }, + "topicParameterGroup": { + "topicSources" : [{ + "topic" : "POLICY-PDP-PAP", + "servers" : [ "message-router" ], + "topicCommInfrastructure" : "dmaap" + }], + "topicSinks" : [{ + "topic" : "POLICY-PDP-PAP", + "servers" : [ "message-router" ], + "topicCommInfrastructure" : "dmaap" + }] } } diff --git a/kubernetes/policy/charts/policy-apex-pdp/resources/config/topic.properties b/kubernetes/policy/charts/policy-apex-pdp/resources/config/topic.properties deleted file mode 100644 index b61626b2da..0000000000 --- a/kubernetes/policy/charts/policy-apex-pdp/resources/config/topic.properties +++ /dev/null @@ -1,23 +0,0 @@ -# ============LICENSE_START======================================================= -# Copyright (C) 2019 Nordix Foundation. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= - -dmaap.source.topics=POLICY-PDP-PAP -dmaap.sink.topics=POLICY-PDP-PAP - -dmaap.source.topics.POLICY-PDP-PAP.servers= message-router -dmaap.sink.topics.POLICY-PDP-PAP.servers= message-router \ No newline at end of file diff --git a/kubernetes/policy/charts/policy-apex-pdp/templates/statefulset.yaml b/kubernetes/policy/charts/policy-apex-pdp/templates/statefulset.yaml index f1c024bc4e..9ab1e055a8 100644 --- a/kubernetes/policy/charts/policy-apex-pdp/templates/statefulset.yaml +++ b/kubernetes/policy/charts/policy-apex-pdp/templates/statefulset.yaml @@ -45,8 +45,6 @@ spec: - /opt/app/policy/apex-pdp/bin/apexOnapPf.sh - -c - /home/apexuser/config/OnapPfConfig.json - - -p - - /home/apexuser/config/topic.properties imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: - containerPort: {{ .Values.service.externalPort }} diff --git a/kubernetes/policy/charts/policy-apex-pdp/values.yaml b/kubernetes/policy/charts/policy-apex-pdp/values.yaml index f9e0c8d5b9..381c825311 100644 --- a/kubernetes/policy/charts/policy-apex-pdp/values.yaml +++ b/kubernetes/policy/charts/policy-apex-pdp/values.yaml @@ -29,7 +29,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-apex-pdp:2.1.0 +image: onap/policy-apex-pdp:2.2.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/charts/policy-api/values.yaml b/kubernetes/policy/charts/policy-api/values.yaml index b34e9be747..bace88fe70 100644 --- a/kubernetes/policy/charts/policy-api/values.yaml +++ b/kubernetes/policy/charts/policy-api/values.yaml @@ -28,7 +28,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-api:2.0.1 +image: onap/policy-api:2.1.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/charts/policy-distribution/values.yaml b/kubernetes/policy/charts/policy-distribution/values.yaml index 935e7e69f1..2cc0d444d6 100644 --- a/kubernetes/policy/charts/policy-distribution/values.yaml +++ b/kubernetes/policy/charts/policy-distribution/values.yaml @@ -28,7 +28,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-distribution:2.1.0 +image: onap/policy-distribution:2.2.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/charts/policy-pap/resources/config/config.json b/kubernetes/policy/charts/policy-pap/resources/config/config.json index fa80bf2190..3f33ed95a0 100644 --- a/kubernetes/policy/charts/policy-pap/resources/config/config.json +++ b/kubernetes/policy/charts/policy-pap/resources/config/config.json @@ -26,6 +26,7 @@ "aaf": false }, "pdpParameters": { + "heartBeatMs": 120000, "updateParameters": { "maxRetryCount": 1, "maxWaitMs": 30000 @@ -43,5 +44,17 @@ "databaseUser": "policy_user", "databasePassword": "cG9saWN5X3VzZXI=", "persistenceUnit": "PolicyMariaDb" + }, + "topicParameterGroup": { + "topicSources" : [{ + "topic" : "POLICY-PDP-PAP", + "servers" : [ "message-router" ], + "topicCommInfrastructure" : "dmaap" + }], + "topicSinks" : [{ + "topic" : "POLICY-PDP-PAP", + "servers" : [ "message-router" ], + "topicCommInfrastructure" : "dmaap" + }] } } diff --git a/kubernetes/policy/charts/policy-pap/resources/config/topic.properties b/kubernetes/policy/charts/policy-pap/resources/config/topic.properties deleted file mode 100644 index c1124a1172..0000000000 --- a/kubernetes/policy/charts/policy-pap/resources/config/topic.properties +++ /dev/null @@ -1,22 +0,0 @@ -# ============LICENSE_START======================================================= -# ONAP PAP -# ================================================================================ -# Copyright (C) 2019 Nordix Foundation. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= - -dmaap.sink.topics=POLICY-PDP-PAP -dmaap.sink.topics.POLICY-PDP-PAP.servers=message-router -dmaap.source.topics=POLICY-PDP-PAP -dmaap.source.topics.POLICY-PDP-PAP.servers=message-router diff --git a/kubernetes/policy/charts/policy-pap/templates/deployment.yaml b/kubernetes/policy/charts/policy-pap/templates/deployment.yaml index 4945f766d8..3332f60944 100644 --- a/kubernetes/policy/charts/policy-pap/templates/deployment.yaml +++ b/kubernetes/policy/charts/policy-pap/templates/deployment.yaml @@ -36,7 +36,7 @@ spec: image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["/opt/app/policy/pap/bin/policy-pap.sh"] - args: ["/opt/app/policy/pap/etc/mounted/config.json", "/opt/app/policy/pap/etc/mounted/topic.properties"] + args: ["/opt/app/policy/pap/etc/mounted/config.json"] ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger diff --git a/kubernetes/policy/charts/policy-pap/values.yaml b/kubernetes/policy/charts/policy-pap/values.yaml index bccdee5769..e3cb999af1 100644 --- a/kubernetes/policy/charts/policy-pap/values.yaml +++ b/kubernetes/policy/charts/policy-pap/values.yaml @@ -28,7 +28,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-pap:2.0.1 +image: onap/policy-pap:2.1.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/config.json b/kubernetes/policy/charts/policy-xacml-pdp/resources/config/config.json index 789dde4491..5635c05efa 100644 --- a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/config.json +++ b/kubernetes/policy/charts/policy-xacml-pdp/resources/config/config.json @@ -25,5 +25,17 @@ "https": true, "aaf": false }, - "applicationPath": "/opt/app/policy/pdpx/apps" -} \ No newline at end of file + "applicationPath": "/opt/app/policy/pdpx/apps", + "topicParameterGroup": { + "topicSources" : [{ + "topic" : "POLICY-PDP-PAP", + "servers" : [ "message-router" ], + "topicCommInfrastructure" : "dmaap" + }], + "topicSinks" : [{ + "topic" : "POLICY-PDP-PAP", + "servers" : [ "message-router" ], + "topicCommInfrastructure" : "dmaap" + }] + } +} diff --git a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/topic.properties b/kubernetes/policy/charts/policy-xacml-pdp/resources/config/topic.properties deleted file mode 100644 index a56de8bc5e..0000000000 --- a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/topic.properties +++ /dev/null @@ -1,22 +0,0 @@ -# ============LICENSE_START======================================================= -# ONAP PAP -# ================================================================================ -# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= - -dmaap.sink.topics=POLICY-PDP-PAP -dmaap.sink.topics.POLICY-PDP-PAP.servers=message-router -dmaap.source.topics=POLICY-PDP-PAP -dmaap.source.topics.POLICY-PDP-PAP.servers=message-router \ No newline at end of file diff --git a/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml b/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml index e5e94ccc95..da9b0197d3 100644 --- a/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml +++ b/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml @@ -36,7 +36,7 @@ spec: image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["/opt/app/policy/pdpx/bin/policy-pdpx.sh"] - args: ["/opt/app/policy/pdpx/etc/mounted/config.json","/opt/app/policy/pdpx/etc/mounted/topic.properties"] + args: ["/opt/app/policy/pdpx/etc/mounted/config.json"] ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger diff --git a/kubernetes/policy/charts/policy-xacml-pdp/values.yaml b/kubernetes/policy/charts/policy-xacml-pdp/values.yaml index 7e81ba8ddf..0f61c03939 100644 --- a/kubernetes/policy/charts/policy-xacml-pdp/values.yaml +++ b/kubernetes/policy/charts/policy-xacml-pdp/values.yaml @@ -27,7 +27,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-xacml-pdp:2.0.1 +image: onap/policy-xacml-pdp:2.1.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml index d1527ab6b8..f43d50defb 100644 --- a/kubernetes/policy/values.yaml +++ b/kubernetes/policy/values.yaml @@ -41,7 +41,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-pe:1.4.1 +image: onap/policy-pe:1.5.1 pullPolicy: Always subChartsOnly: diff --git a/kubernetes/robot b/kubernetes/robot index 3f09cba68e..35ea1f0b10 160000 --- a/kubernetes/robot +++ b/kubernetes/robot @@ -1 +1 @@ -Subproject commit 3f09cba68e5bbd4a4592016fce49e14955bed858 +Subproject commit 35ea1f0b10617c9b836dd9ab41410542e3db9232 diff --git a/kubernetes/sdnc/charts/dmaap-listener/values.yaml b/kubernetes/sdnc/charts/dmaap-listener/values.yaml index cd1a88793a..6021a160a2 100644 --- a/kubernetes/sdnc/charts/dmaap-listener/values.yaml +++ b/kubernetes/sdnc/charts/dmaap-listener/values.yaml @@ -27,7 +27,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdnc-dmaap-listener-image:1.5.4 +image: onap/sdnc-dmaap-listener-image:1.6.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml b/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml index a7e249a212..ec8dc3027c 100644 --- a/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml +++ b/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml @@ -27,7 +27,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdnc-ansible-server-image:1.5.4 +image: onap/sdnc-ansible-server-image:1.6.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/charts/sdnc-portal/values.yaml b/kubernetes/sdnc/charts/sdnc-portal/values.yaml index ef76ed345a..47d4b5f2fa 100644 --- a/kubernetes/sdnc/charts/sdnc-portal/values.yaml +++ b/kubernetes/sdnc/charts/sdnc-portal/values.yaml @@ -27,7 +27,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/admportal-sdnc-image:1.5.4 +image: onap/admportal-sdnc-image:1.6.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/charts/ueb-listener/values.yaml b/kubernetes/sdnc/charts/ueb-listener/values.yaml index 7c985ce1b6..0348c251d4 100644 --- a/kubernetes/sdnc/charts/ueb-listener/values.yaml +++ b/kubernetes/sdnc/charts/ueb-listener/values.yaml @@ -27,7 +27,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdnc-ueb-listener-image:1.5.4 +image: onap/sdnc-ueb-listener-image:1.6.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/resources/config/overrides/image-versions.yaml b/kubernetes/sdnc/resources/config/overrides/image-versions.yaml new file mode 100644 index 0000000000..fa4d8d2012 --- /dev/null +++ b/kubernetes/sdnc/resources/config/overrides/image-versions.yaml @@ -0,0 +1,25 @@ +sdnc: + image: onap/sdnc-image:1.6.1 + sdnc-ansible-server: + image: onap/sdnc-ansible-server-image:1.6.1 + dmaap-listener: + image: onap/sdnc-dmaap-listener-image:1.6.1 + sdnc-portal: + image: onap/admportal-sdnc-image:1.6.1 + ueb-listener: + image: onap/sdnc-ueb-listener-image:1.6.1 +cds: + cds-command-executor: + image: onap/ccsdk-commandexecutor:0.5.1 + cds-blueprints-processor: + image: onap/ccsdk-blueprintsprocessor:0.5.1 + cds-ui: + image: onap/ccsdk-cds-ui-server:0.5.1 + cds-controller-blueprints: + image: onap/ccsdk-controllerblueprints:0.5.1 + cds-sdc-listener: + image: onap/ccsdk-sdclistener:0.5.1 +common: + dgbuilder: + image: onap/ccsdk-dgbuilder-image:0.5.1 + diff --git a/kubernetes/sdnc/templates/job.yaml b/kubernetes/sdnc/templates/job.yaml index 9e79ebeec1..6b5a7bfef3 100755 --- a/kubernetes/sdnc/templates/job.yaml +++ b/kubernetes/sdnc/templates/job.yaml @@ -52,7 +52,7 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} containers: - name: {{ include "common.name" . }} - image: "{{.Values.image}}" + image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: MYSQL_PASSWORD diff --git a/kubernetes/sdnc/templates/service.yaml b/kubernetes/sdnc/templates/service.yaml index e74202ca43..9a52c97925 100644 --- a/kubernetes/sdnc/templates/service.yaml +++ b/kubernetes/sdnc/templates/service.yaml @@ -44,7 +44,6 @@ spec: name: "{{ .Values.service.portName }}-8282" - port: {{ .Values.service.externalPort2 }} targetPort: {{ .Values.service.internalPort2 }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} name: "{{ .Values.service.portName }}-8202" - port: {{ .Values.service.externalPort3 }} targetPort: {{ .Values.service.internalPort3 }} diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml index dcf6938f0e..a58c7b141f 100644 --- a/kubernetes/sdnc/values.yaml +++ b/kubernetes/sdnc/values.yaml @@ -32,7 +32,7 @@ global: # application images repository: nexus3.onap.org:10001 pullPolicy: Always -image: onap/sdnc-image:1.5.4 +image: onap/sdnc-image:1.6.1 # flag to enable debugging - application support required @@ -163,7 +163,7 @@ service: internalPort: 8181 internalPort2: 8101 internalPort3: 8080 - internalPort4: 2550 + internalPort4: 8443 #port externalPort: 8282 diff --git a/kubernetes/so/charts/so-bpmn-infra/values.yaml b/kubernetes/so/charts/so-bpmn-infra/values.yaml index d97a6291db..beda24033f 100755 --- a/kubernetes/so/charts/so-bpmn-infra/values.yaml +++ b/kubernetes/so/charts/so-bpmn-infra/values.yaml @@ -27,7 +27,7 @@ global: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/bpmn-infra:1.4.4 +image: onap/so/bpmn-infra:1.5.0 pullPolicy: Always replicaCount: 1 diff --git a/kubernetes/so/charts/so-catalog-db-adapter/values.yaml b/kubernetes/so/charts/so-catalog-db-adapter/values.yaml index 614986bdd5..ecfeec2312 100755 --- a/kubernetes/so/charts/so-catalog-db-adapter/values.yaml +++ b/kubernetes/so/charts/so-catalog-db-adapter/values.yaml @@ -27,7 +27,7 @@ global: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/catalog-db-adapter:1.4.4 +image: onap/so/catalog-db-adapter:1.5.0 pullPolicy: Always replicaCount: 1 diff --git a/kubernetes/so/charts/so-monitoring/values.yaml b/kubernetes/so/charts/so-monitoring/values.yaml index ade711693b..7e0be4377b 100644 --- a/kubernetes/so/charts/so-monitoring/values.yaml +++ b/kubernetes/so/charts/so-monitoring/values.yaml @@ -32,7 +32,7 @@ global: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/so-monitoring:1.4.4 +image: onap/so/so-monitoring:1.5.0 pullPolicy: Always replicaCount: 1 diff --git a/kubernetes/so/charts/so-openstack-adapter/values.yaml b/kubernetes/so/charts/so-openstack-adapter/values.yaml index 02379cd807..965a306626 100755 --- a/kubernetes/so/charts/so-openstack-adapter/values.yaml +++ b/kubernetes/so/charts/so-openstack-adapter/values.yaml @@ -26,7 +26,7 @@ global: ################################################################# # Application configuration defaults. ################################################################# -image: onap/so/openstack-adapter:1.4.4 +image: onap/so/openstack-adapter:1.5.0 pullPolicy: Always repository: nexus3.onap.org:10001 diff --git a/kubernetes/so/charts/so-request-db-adapter/values.yaml b/kubernetes/so/charts/so-request-db-adapter/values.yaml index a6d29f52df..5c0329e509 100755 --- a/kubernetes/so/charts/so-request-db-adapter/values.yaml +++ b/kubernetes/so/charts/so-request-db-adapter/values.yaml @@ -27,7 +27,7 @@ global: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/request-db-adapter:1.4.4 +image: onap/so/request-db-adapter:1.5.0 pullPolicy: Always replicaCount: 1 diff --git a/kubernetes/so/charts/so-sdc-controller/values.yaml b/kubernetes/so/charts/so-sdc-controller/values.yaml index 90b5e773c8..2354edfea8 100755 --- a/kubernetes/so/charts/so-sdc-controller/values.yaml +++ b/kubernetes/so/charts/so-sdc-controller/values.yaml @@ -27,7 +27,7 @@ global: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/sdc-controller:1.4.4 +image: onap/so/sdc-controller:1.5.0 pullPolicy: Always replicaCount: 1 diff --git a/kubernetes/so/charts/so-sdnc-adapter/values.yaml b/kubernetes/so/charts/so-sdnc-adapter/values.yaml index 32ab607ea5..0969452424 100755 --- a/kubernetes/so/charts/so-sdnc-adapter/values.yaml +++ b/kubernetes/so/charts/so-sdnc-adapter/values.yaml @@ -27,7 +27,7 @@ global: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/sdnc-adapter:1.4.4 +image: onap/so/sdnc-adapter:1.5.0 pullPolicy: Always replicaCount: 1 diff --git a/kubernetes/so/charts/so-vfc-adapter/values.yaml b/kubernetes/so/charts/so-vfc-adapter/values.yaml index 6265b83ed8..e69ceecc16 100755 --- a/kubernetes/so/charts/so-vfc-adapter/values.yaml +++ b/kubernetes/so/charts/so-vfc-adapter/values.yaml @@ -27,7 +27,7 @@ global: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/vfc-adapter:1.4.4 +image: onap/so/vfc-adapter:1.5.0 pullPolicy: Always replicaCount: 1 diff --git a/kubernetes/so/charts/so-vnfm-adapter/values.yaml b/kubernetes/so/charts/so-vnfm-adapter/values.yaml index b3bd8f51db..a7051c5132 100755 --- a/kubernetes/so/charts/so-vnfm-adapter/values.yaml +++ b/kubernetes/so/charts/so-vnfm-adapter/values.yaml @@ -26,7 +26,7 @@ global: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/vnfm-adapter:1.4.4 +image: onap/so/vnfm-adapter:1.5.0 pullPolicy: Always replicaCount: 1 diff --git a/kubernetes/so/resources/config/overrides/override.yaml b/kubernetes/so/resources/config/overrides/override.yaml index 143a594330..55f767202e 100755 --- a/kubernetes/so/resources/config/overrides/override.yaml +++ b/kubernetes/so/resources/config/overrides/override.yaml @@ -60,6 +60,14 @@ mso: auth: 51EA5414022D7BE536E7516C4D1A6361416921849B72C0D6FC1C7F262FD9F2BBC2AD124190A332D9845A188AD80955567A4F975C84C221EEA8243BFD92FFE6896CDD1EA16ADD34E1E3D47D4A publisher: topic: com.att.ecomp.mso.operationalEnvironmentEvent + health: + auth: Basic bXNvX2FkbWlufHBhc3N3b3JkMSQ= + endpoints: + - subsystem: apih + uri: http://so-bpmn-infra:8081 + - subsystem: catalogdb + uri: http://so-catalog-db-adapter:8082 + spring: jersey: type: filter diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml index f94ddc8de3..949386572d 100755 --- a/kubernetes/so/values.yaml +++ b/kubernetes/so/values.yaml @@ -43,7 +43,7 @@ global: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/api-handler-infra:1.4.4 +image: onap/so/api-handler-infra:1.5.0 pullPolicy: Always replicaCount: 1 diff --git a/kubernetes/vid/resources/certs/org.onap.vid.jks b/kubernetes/vid/resources/certs/org.onap.vid.jks new file mode 100644 index 0000000000..3c2ce9157d Binary files /dev/null and b/kubernetes/vid/resources/certs/org.onap.vid.jks differ diff --git a/kubernetes/vid/resources/certs/org.onap.vid.trust.jks b/kubernetes/vid/resources/certs/org.onap.vid.trust.jks new file mode 100644 index 0000000000..4caf7be652 Binary files /dev/null and b/kubernetes/vid/resources/certs/org.onap.vid.trust.jks differ diff --git a/kubernetes/vid/templates/deployment.yaml b/kubernetes/vid/templates/deployment.yaml index 8bce2cf1dc..a4e821ed78 100644 --- a/kubernetes/vid/templates/deployment.yaml +++ b/kubernetes/vid/templates/deployment.yaml @@ -109,6 +109,8 @@ spec: - name: VID_MYSQL_MAXCONNECTIONS value: "{{ .Values.config.vidmysqlmaxconnections }}" volumeMounts: + - mountPath: /opt/app/vid/etc + name: vid-certs - mountPath: /etc/localtime name: localtime readOnly: true @@ -140,6 +142,9 @@ spec: - mountPath: /usr/share/filebeat/data name: vid-data-filebeat volumes: + - name: vid-certs + secret: + secretName: {{ include "common.fullname" . }}-certs - name: localtime hostPath: path: /etc/localtime diff --git a/kubernetes/vid/templates/secrets.yaml b/kubernetes/vid/templates/secrets.yaml index 729e0b17c0..222a3d582a 100644 --- a/kubernetes/vid/templates/secrets.yaml +++ b/kubernetes/vid/templates/secrets.yaml @@ -25,3 +25,17 @@ metadata: type: Opaque data: vid-password: {{ .Values.config.vidmysqlpassword | b64enc | quote }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-certs + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }} diff --git a/kubernetes/vid/values.yaml b/kubernetes/vid/values.yaml index 0a2ba7e33f..346577ce08 100644 --- a/kubernetes/vid/values.yaml +++ b/kubernetes/vid/values.yaml @@ -27,7 +27,7 @@ subChartsOnly: # application image repository: nexus3.onap.org:10001 -image: onap/vid:4.3.1 +image: onap/vid:5.0.0 pullPolicy: Always # mariadb image for initializing