From: Sylvain Desbureaux Date: Wed, 19 May 2021 05:48:17 +0000 (+0000) Subject: Merge "[MULTICLOUD] Bump multicloud-k8s image to 0.8.2" X-Git-Tag: 9.0.0~255 X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=cca77124b6cbf19be86c37e956f75dc4ef5d4914;hp=9051efa41988ca8ddbb434f25fd989b87a086981;p=oom.git Merge "[MULTICLOUD] Bump multicloud-k8s image to 0.8.2" --- diff --git a/kubernetes/cli/values.yaml b/kubernetes/cli/values.yaml index c521fb8c84..4dcee4568c 100644 --- a/kubernetes/cli/values.yaml +++ b/kubernetes/cli/values.yaml @@ -35,33 +35,24 @@ certInitializer: cadi_latitude: "0.0" credsPath: /opt/app/osaaf/local aaf_add_config: | - echo "*** retrieving password for keystore and trustore" - export $(/opt/app/aaf_config/bin/agent.sh local showpass \ - {{.Values.fqi}} {{ .Values.fqdn }} | grep '^c' | xargs -0) - if [ -z "$cadi_keystore_password_p12" ] - then - echo " /!\ certificates retrieval failed" - exit 1 - else - echo "*** transform AAF certs into pem files" - mkdir -p {{ .Values.credsPath }}/certs - keytool -exportcert -rfc -file {{ .Values.credsPath }}/certs/cacert.pem \ - -keystore {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.trust.jks \ - -alias ca_local_0 \ - -storepass $cadi_truststore_password - openssl pkcs12 -in {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.p12 \ - -nokeys -out {{ .Values.credsPath }}/certs/cert.pem \ - -passin pass:$cadi_keystore_password_p12 \ - -passout pass:$cadi_keystore_password_p12 - echo "*** generating needed file" - cat {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key \ - {{ .Values.credsPath }}/certs/cert.pem \ - {{ .Values.credsPath }}/certs/cacert.pem \ - > {{ .Values.credsPath }}/certs/fullchain.pem; - cat {{ .Values.credsPath }}/certs/fullchain.pem - echo "*** change ownership of certificates to targeted user" - chown -R 33 {{ .Values.credsPath }} - fi + echo "*** transform AAF certs into pem files" + mkdir -p {{ .Values.credsPath }}/certs + keytool -exportcert -rfc -file {{ .Values.credsPath }}/certs/cacert.pem \ + -keystore {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.trust.jks \ + -alias ca_local_0 \ + -storepass $cadi_truststore_password + openssl pkcs12 -in {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.p12 \ + -nokeys -out {{ .Values.credsPath }}/certs/cert.pem \ + -passin pass:$cadi_keystore_password_p12 \ + -passout pass:$cadi_keystore_password_p12 + echo "*** generating needed file" + cat {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key \ + {{ .Values.credsPath }}/certs/cert.pem \ + {{ .Values.credsPath }}/certs/cacert.pem \ + > {{ .Values.credsPath }}/certs/fullchain.pem; + cat {{ .Values.credsPath }}/certs/fullchain.pem + echo "*** change ownership of certificates to targeted user" + chown -R 33 {{ .Values.credsPath }} ################################################################# diff --git a/kubernetes/common/music/components/music-cassandra/templates/job.yaml b/kubernetes/common/music/components/music-cassandra/templates/job.yaml index 3cf1ae34fd..d3c89d4a59 100644 --- a/kubernetes/common/music/components/music-cassandra/templates/job.yaml +++ b/kubernetes/common/music/components/music-cassandra/templates/job.yaml @@ -39,8 +39,6 @@ spec: command: - /app/ready.py args: - - --timeout - - "{{ .Values.readinessTimeout }}" - --container-name - music-cassandra env: @@ -87,4 +85,3 @@ spec: restartPolicy: Never imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" - diff --git a/kubernetes/common/music/components/music-cassandra/templates/statefulset.yaml b/kubernetes/common/music/components/music-cassandra/templates/statefulset.yaml index 2a1fb4f59e..1aabfb6bcc 100644 --- a/kubernetes/common/music/components/music-cassandra/templates/statefulset.yaml +++ b/kubernetes/common/music/components/music-cassandra/templates/statefulset.yaml @@ -73,6 +73,17 @@ spec: timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} successThreshold: {{ .Values.readiness.successThreshold }} failureThreshold: {{ .Values.readiness.failureThreshold }} + startupProbe: + exec: + command: + - /bin/bash + - -c + - nodetool status | grep $POD_IP | awk '$1!="UN" { exit 1; }' + initialDelaySeconds: {{ .Values.startup.initialDelaySeconds }} + periodSeconds: {{ .Values.startup.periodSeconds }} + timeoutSeconds: {{ .Values.startup.timeoutSeconds }} + successThreshold: {{ .Values.startup.successThreshold }} + failureThreshold: {{ .Values.startup.failureThreshold }} lifecycle: preStop: exec: diff --git a/kubernetes/common/music/components/music-cassandra/values.yaml b/kubernetes/common/music/components/music-cassandra/values.yaml index 8530172269..92ed723989 100644 --- a/kubernetes/common/music/components/music-cassandra/values.yaml +++ b/kubernetes/common/music/components/music-cassandra/values.yaml @@ -18,7 +18,7 @@ global: nodePortPrefix: 302 persistence: {} -replicaCount: 3 +replicaCount: 1 # Cassandra Image - This image is modified from the original on # Docker Hub where the Security has been turned on. @@ -72,8 +72,8 @@ cql: # probe configuration parameters liveness: - initialDelaySeconds: 120 - periodSeconds: 20 + initialDelaySeconds: 1 + periodSeconds: 10 timeoutSeconds: 10 successThreshold: 1 failureThreshold: 3 @@ -81,15 +81,20 @@ liveness: # in debugger so K8s doesn't restart unresponsive container enabled: true -readinessTimeout: 240 - readiness: - initialDelaySeconds: 10 - periodSeconds: 20 + initialDelaySeconds: 1 + periodSeconds: 10 timeoutSeconds: 10 successThreshold: 1 failureThreshold: 3 +startup: + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 90 + podManagementPolicy: OrderedReady updateStrategy: type: OnDelete diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl index 10a63ebbcf..5de526288e 100644 --- a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl +++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl @@ -69,6 +69,83 @@ the the literal string "An example value". {{- end }} {{- end -}} {{/* +For internal use only! + +dcaegen2-services-common._externalVolumes: +This template generates a list of volumes associated with the pod, +based on information provided in .Values.externalVolumes. This +template works in conjunction with dcaegen2-services-common._externalVolumeMounts +to give the microservice access to data in volumes created else. +This initial implementation supports ConfigMaps only, as this is the only +external volume mounting required by current microservices. + +.Values.externalValues is a list of objects. Each object has 3 required fields and 1 optional field: + - name: the name of the resource (in the current implementation, it must be a ConfigMap) + that is to be set up as a volume. The value is a case sensitive string. Because the + names of resources are sometimes set at deployment time (for instance, to prefix the Helm + release to the name), the string can be a Helm template fragment that will be expanded at + deployment time. + - type: the type of the resource (in the current implementation, only "ConfigMap" is supported). + The value is a case-INsensitive string. + - mountPoint: the path to the mount point for the volume in the container file system. The + value is a case-sensitive string. + - readOnly: (Optional) Boolean flag. Set to true to mount the volume as read-only. + Defaults to false. + +Here is an example fragment from a values.yaml file for a microservice: + +externalVolumes: + - name: my-example-configmap + type: configmap + mountPath: /opt/app/config + - name: '{{ include "common.release" . }}-another-example' + type: configmap + mountPath: /opt/app/otherconfig +*/}} +{{- define "dcaegen2-services-common._externalVolumes" -}} + {{- $global := . -}} + {{- if .Values.externalVolumes }} + {{- range $vol := .Values.externalVolumes }} + {{- if eq (lower $vol.type) "configmap" }} + {{- $vname := (tpl $vol.name $global) }} +- configMap: + defaultMode: 420 + name: {{ $vname }} + name: {{ $vname }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} +{{/* +For internal use only! + +dcaegen2-services-common._externalVolumeMounts: +This template generates a list of volume mounts for the microservice container, +based on information provided in .Values.externalVolumes. This +template works in conjunction with dcaegen2-services-common._externalVolumes +to give the microservice access to data in volumes created else. +This initial implementation supports ConfigMaps only, as this is the only +external volume mounting required by current microservices. + +See the documentation for dcaegen2-services-common._externalVolumes for +details on how external volumes are specified in the values.yaml file for +the microservice. +*/}} +{{- define "dcaegen2-services-common._externalVolumeMounts" -}} + {{- $global := . -}} + {{- if .Values.externalVolumes }} + {{- range $vol := .Values.externalVolumes }} + {{- if eq (lower $vol.type) "configmap" }} + {{- $vname := (tpl $vol.name $global) -}} + {{- $readOnly := $vol.readOnly | default false }} +- mountPath: {{ $vol.mountPath }} + name: {{ $vname }} + readOnly: {{ $readOnly }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} +{{/* dcaegen2-services-common.microserviceDeployment: This template produces a Kubernetes Deployment for a DCAE microservice. @@ -255,6 +332,7 @@ spec: - name: policy-shared mountPath: /etc/policies {{- end }} + {{- include "dcaegen2-services-common._externalVolumeMounts" . | nindent 8 }} {{- if $logDir }} - image: {{ include "repositoryGenerator.image.logging" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} @@ -352,6 +430,7 @@ spec: - name: policy-shared emptyDir: {} {{- end }} + {{- include "dcaegen2-services-common._externalVolumes" . | nindent 6 }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" {{ end -}} diff --git a/kubernetes/dcaegen2-services/components/dcae-pmsh/Chart.yaml b/kubernetes/dcaegen2-services/components/dcae-pmsh/Chart.yaml new file mode 100644 index 0000000000..3d8c24b131 --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-pmsh/Chart.yaml @@ -0,0 +1,22 @@ +# ================================ LICENSE_START ============================= +# ============================================================================ +# Copyright (C) 2021 Nordix Foundation. +# ============================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ================================= LICENSE_END ============================== + +apiVersion: v1 +appVersion: "Honolulu" +description: A Helm chart for DCAE PMSH +name: dcae-pmsh +version: 8.0.0 \ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-pmsh/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-pmsh/requirements.yaml new file mode 100644 index 0000000000..13f9a6aedd --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-pmsh/requirements.yaml @@ -0,0 +1,33 @@ +# ================================ LICENSE_START ============================= +# ============================================================================ +# Copyright (C) 2021 Nordix Foundation. +# ============================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ================================= LICENSE_END ============================== + +dependencies: + - name: common + version: ~8.x-0 + repository: '@local' + - name: postgres + version: ~8.x-0 + repository: '@local' + - name: readinessCheck + version: ~8.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~8.x-0 + repository: '@local' + - name: dcaegen2-services-common + version: ~8.x-0 + repository: 'file://../../common/dcaegen2-services-common' \ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-pmsh/templates/configmap.yaml b/kubernetes/dcaegen2-services/components/dcae-pmsh/templates/configmap.yaml new file mode 100644 index 0000000000..b4b8e59b2e --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-pmsh/templates/configmap.yaml @@ -0,0 +1,19 @@ +{{/* +################################################################################ +# Copyright (c) 2021 Nordix Foundation. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ +*/}} + +{{ include "dcaegen2-services-common.configMap" . }} \ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-pmsh/templates/deployment.yaml b/kubernetes/dcaegen2-services/components/dcae-pmsh/templates/deployment.yaml new file mode 100644 index 0000000000..60fce4a7be --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-pmsh/templates/deployment.yaml @@ -0,0 +1,19 @@ +{{/* +################################################################################ +# Copyright (c) 2021 Nordix Foundation. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ +*/}} + +{{ include "dcaegen2-services-common.microserviceDeployment" . }} \ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-pmsh/templates/secret.yaml b/kubernetes/dcaegen2-services/components/dcae-pmsh/templates/secret.yaml new file mode 100644 index 0000000000..0f1129cfb4 --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-pmsh/templates/secret.yaml @@ -0,0 +1,19 @@ +{{/* +################################################################################ +# Copyright (c) 2021 Nordix Foundation. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ +*/}} + +{{ include "common.secretFast" . }} \ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-pmsh/templates/service.yaml b/kubernetes/dcaegen2-services/components/dcae-pmsh/templates/service.yaml new file mode 100644 index 0000000000..fedb766524 --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-pmsh/templates/service.yaml @@ -0,0 +1,19 @@ +{{/* +################################################################################ +# Copyright (c) 2021 Nordix Foundation. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ +*/}} + +{{ include "common.service" . }} \ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml b/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml new file mode 100644 index 0000000000..0e79e5e554 --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml @@ -0,0 +1,195 @@ +# ================================ LICENSE_START ============================= +# ============================================================================ +# Copyright (C) 2021 Nordix Foundation. +# ============================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ================================= LICENSE_END ============================== + +################################################################# +# Global Configuration Defaults. +################################################################# +global: + nodePortPrefix: 302 + nodePortPrefixExt: 304 + +################################################################# +# Filebeat Configuration Defaults. +################################################################# +filebeatConfig: + logstashServiceName: log-ls + logstashPort: 5044 + +################################################################# +# Secrets Configuration. +################################################################# +secrets: + - uid: &aafCredsUID aafcreds + type: basicAuth + login: '{{ .Values.aafCreds.identity }}' + password: '{{ .Values.aafCreds.password }}' + passwordPolicy: required + - uid: &pgUserCredsSecretUid pg-user-creds + name: &pgUserCredsSecretName '{{ include "common.release" . }}-pmsh-pg-user-creds' + type: basicAuth + externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "pmsh-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}' + login: '{{ .Values.postgres.config.pgUserName }}' + password: '{{ .Values.postgres.config.pgUserPassword }}' + passwordPolicy: generate + +################################################################# +# InitContainer Images. +################################################################# +tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 +consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0 + +################################################################# +# Application Configuration Defaults. +################################################################# +# Application Image +image: onap/org.onap.dcaegen2.services.pmsh:1.3.1 +pullPolicy: Always + +# Log directory where logging sidecar should look for log files +# if absent, no sidecar will be deployed +logDirectory: /var/log/ONAP/dcaegen2/services/pmsh + +# Directory where TLS certs should be stored +# if absent, no certs will be retrieved and stored +certDirectory: /opt/app/pmsh/etc/certs + +# TLS role -- set to true if microservice acts as server +# If true, an init container will retrieve a server cert +# and key from AAF and mount them in certDirectory. +tlsServer: true + +# Dependencies +readinessCheck: + wait_for: + - dcae-config-binding-service + - aaf-cm + - &postgresName dcae-pmsh-postgres + +# Probe Configuration +readiness: + initialDelaySeconds: 10 + periodSeconds: 15 + timeoutSeconds: 1 + path: /healthcheck + scheme: HTTPS + port: 8443 + +# Service Configuration +service: + type: ClusterIP + name: dcae-pmsh + ports: + - name: https + port: 8443 + port_protocol: http + +# AAF Credentials +aafCreds: + identity: dcae@dcae.onap.org + password: demo123456! + +credentials: +- name: AAF_IDENTITY + uid: *aafCredsUID + key: login +- name: AAF_PASSWORD + uid: *aafCredsUID + key: password + +# Initial Application Configuration +applicationConfig: + enable_tls: true + aaf_identity: ${AAF_IDENTITY} + aaf_password: ${AAF_PASSWORD} + key_path: /opt/app/pmsh/etc/certs/key.pem + cert_path: /opt/app/pmsh/etc/certs/cert.pem + ca_cert_path: /opt/app/pmsh/etc/certs/cacert.pem + control_loop_name: pmsh-control-loop + operational_policy_name: pmsh-operational-policy + pmsh_policy: + subscription: + subscriptionName: ExtraPM-All-gNB-R2B + administrativeState: LOCKED + fileBasedGP: 15 + fileLocation: "/pm/pm.xml" + nfFilter: { "nfNames": [ "^pnf.*","^vnf.*" ],"modelInvariantIDs": [ ],"modelVersionIDs": [ ],"modelNames": [ ] } + measurementGroups: [ { "measurementGroup": { "measurementTypes": [ { "measurementType": "countera" },{ "measurementType": "counterb" } ],"managedObjectDNsBasic": [ { "DN": "dna" },{ "DN": "dnb" } ] } },{ "measurementGroup": { "measurementTypes": [ { "measurementType": "counterc" },{ "measurementType": "counterd" } ],"managedObjectDNsBasic": [ { "DN": "dnc" },{ "DN": "dnd" } ] } } ] + streams_publishes: + policy_pm_publisher: + type: message_router + dmaap_info: + topic_url: "https://message-router:3905/events/unauthenticated.DCAE_CL_OUTPUT" + streams_subscribes: + policy_pm_subscriber: + type: message_router + dmaap_info: + topic_url: "https://message-router:3905/events/unauthenticated.PMSH_CL_INPUT" + aai_subscriber: + type: message_router + dmaap_info: + topic_url: "https://message-router:3905/events/AAI-EVENT" + +applicationEnv: + PMSH_PG_URL: &dcaePmshPgPrimary dcae-pmsh-pg-primary + PMSH_PG_USERNAME: + secretUid: *pgUserCredsSecretUid + key: login + PMSH_PG_PASSWORD: + secretUid: *pgUserCredsSecretUid + key: password + +# Resource Limit Flavor -By Default Using Small +flavor: small + +# Segregation for Different Environment (Small and Large) +resources: + small: + limits: + cpu: 1 + memory: 1Gi + requests: + cpu: 1 + memory: 1Gi + large: + limits: + cpu: 2 + memory: 2Gi + requests: + cpu: 2 + memory: 2Gi + unlimited: {} + +################################################################# +# Application configuration Overriding Defaults in the Postgres. +################################################################# +postgres: + nameOverride: *postgresName + service: + name: *postgresName + name2: *dcaePmshPgPrimary + name3: dcae-pmsh-pg-replica + container: + name: + primary: dcae-pmsh-pg-primary + replica: dcae-pmsh-pg-replica + persistence: + mountSubPath: pmsh/data + mountInitPath: pmsh + config: + pgUserName: pmsh + pgDatabase: pmsh + pgUserExternalSecret: *pgUserCredsSecretName \ No newline at end of file diff --git a/kubernetes/dcaegen2-services/requirements.yaml b/kubernetes/dcaegen2-services/requirements.yaml index a673a9783b..faf0b69875 100644 --- a/kubernetes/dcaegen2-services/requirements.yaml +++ b/kubernetes/dcaegen2-services/requirements.yaml @@ -20,6 +20,10 @@ dependencies: version: ~8.x-0 repository: 'file://components/dcae-ms-healthcheck' condition: dcae-ms-healthcheck.enabled + - name: dcae-pmsh + version: ~8.x-0 + repository: 'file://components/dcae-pmsh' + condition: dcae-pmsh.enabled - name: dcae-prh version: ~8.x-0 repository: 'file://components/dcae-prh' diff --git a/kubernetes/dcaegen2-services/values.yaml b/kubernetes/dcaegen2-services/values.yaml index 25df24de0a..5682ce7194 100644 --- a/kubernetes/dcaegen2-services/values.yaml +++ b/kubernetes/dcaegen2-services/values.yaml @@ -17,6 +17,8 @@ dcae-ms-healthcheck: enabled: true dcae-hv-ves-collector: enabled: true +dcae-pmsh: + enabled: false dcae-prh: enabled: true dcae-tcagen2: diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml index 4c1c22f766..a1431488b8 100644 --- a/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml @@ -53,7 +53,7 @@ config: # Application configuration defaults. ################################################################# # application image -image: onap/org.onap.ccsdk.dashboard.ccsdk-app-os:1.4.2 +image: onap/org.onap.ccsdk.dashboard.ccsdk-app-os:1.4.3 pullPolicy: Always # probe configuration parameters diff --git a/kubernetes/portal/components/portal-app/templates/deployment.yaml b/kubernetes/portal/components/portal-app/templates/deployment.yaml index 71b2aa3227..39393efb59 100644 --- a/kubernetes/portal/components/portal-app/templates/deployment.yaml +++ b/kubernetes/portal/components/portal-app/templates/deployment.yaml @@ -104,7 +104,7 @@ spec: -Djavax.net.ssl.keyStore="{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }}" -Djavax.net.ssl.trustStore="{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }}" {{- else }} - args: ["/start-apache-tomcat.sh -i "" -n "" -b {{ .Values.global.env.tomcatDir }}"] + args: ["/start-apache-tomcat.sh -i \"\" -n \"\" -b {{ .Values.global.env.tomcatDir }}"] {{- end }} ports: - containerPort: {{ .Values.service.internalPort }} diff --git a/kubernetes/sdc/components/sdc-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-be/templates/deployment.yaml index 44439869cc..28e9c1369c 100644 --- a/kubernetes/sdc/components/sdc-be/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-be/templates/deployment.yaml @@ -124,6 +124,8 @@ spec: initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} + successThreshold: {{ .Values.liveness.successThreshold }} + failureThreshold: {{ .Values.liveness.failureThreshold }} {{ end }} readinessProbe: exec: @@ -132,6 +134,18 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} + successThreshold: {{ .Values.readiness.successThreshold }} + failureThreshold: {{ .Values.readiness.failureThreshold }} + resources: {{ include "common.resources" . | nindent 12 }} + startupProbe: + exec: + command: + - "/var/lib/jetty/ready-probe.sh" + initialDelaySeconds: {{ .Values.startup.initialDelaySeconds }} + periodSeconds: {{ .Values.startup.periodSeconds }} + timeoutSeconds: {{ .Values.startup.timeoutSeconds }} + successThreshold: {{ .Values.startup.successThreshold }} + failureThreshold: {{ .Values.startup.failureThreshold }} resources: {{ include "common.resources" . | nindent 12 }} env: - name: ENVNAME diff --git a/kubernetes/sdc/components/sdc-be/values.yaml b/kubernetes/sdc/components/sdc-be/values.yaml index bdaea44938..fc3b53fc50 100644 --- a/kubernetes/sdc/components/sdc-be/values.yaml +++ b/kubernetes/sdc/components/sdc-be/values.yaml @@ -83,18 +83,29 @@ affinity: {} # probe configuration parameters liveness: - initialDelaySeconds: 120 + initialDelaySeconds: 1 periodSeconds: 10 timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container port: api enabled: true readiness: - initialDelaySeconds: 60 + initialDelaySeconds: 1 periodSeconds: 10 timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + +startup: + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 60 service: type: NodePort diff --git a/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml b/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml index 45c7bc85b6..0a5c0a3445 100644 --- a/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml @@ -117,13 +117,25 @@ spec: initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} + successThreshold: {{ .Values.liveness.successThreshold }} + failureThreshold: {{ .Values.liveness.failureThreshold }} {{ end }} readinessProbe: tcpSocket: port: {{ .Values.service.internalPort2 }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} - timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} + timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} + successThreshold: {{ .Values.readiness.successThreshold }} + failureThreshold: {{ .Values.readiness.failureThreshold }} + startupProbe: + tcpSocket: + port: {{ .Values.service.internalPort2 }} + initialDelaySeconds: {{ .Values.startup.initialDelaySeconds }} + periodSeconds: {{ .Values.startup.periodSeconds }} + timeoutSeconds: {{ .Values.startup.timeoutSeconds }} + successThreshold: {{ .Values.startup.successThreshold }} + failureThreshold: {{ .Values.startup.failureThreshold }} resources: {{ include "common.resources" . | nindent 12 }} env: - name: ENVNAME diff --git a/kubernetes/sdc/components/sdc-fe/values.yaml b/kubernetes/sdc/components/sdc-fe/values.yaml index 1e269d0552..dde22b5b55 100644 --- a/kubernetes/sdc/components/sdc-fe/values.yaml +++ b/kubernetes/sdc/components/sdc-fe/values.yaml @@ -76,17 +76,28 @@ affinity: {} # probe configuration parameters liveness: - initialDelaySeconds: 10 - periodSeconds: 60 + initialDelaySeconds: 1 + periodSeconds: 10 timeoutSeconds: 15 + successThreshold: 1 + failureThreshold: 3 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: true readiness: + initialDelaySeconds: 1 + periodSeconds: 10 + timeoutSeconds: 15 + successThreshold: 1 + failureThreshold: 3 + +startup: initialDelaySeconds: 10 - periodSeconds: 60 + periodSeconds: 10 timeoutSeconds: 15 + successThreshold: 1 + failureThreshold: 60 service: #Example service definition with external, internal and node ports. diff --git a/kubernetes/sdc/components/sdc-helm-validator/templates/deployment.yaml b/kubernetes/sdc/components/sdc-helm-validator/templates/deployment.yaml index 08228ad99c..f736a174db 100644 --- a/kubernetes/sdc/components/sdc-helm-validator/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-helm-validator/templates/deployment.yaml @@ -40,5 +40,15 @@ spec: port: {{ .Values.liveness.port }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} + successThreshold: {{ .Values.liveness.successThreshold }} + failureThreshold: {{ .Values.liveness.failureThreshold }} + startupProbe: + httpGet: + path: {{ .Values.startup.path }} + port: {{ .Values.startup.port }} + initialDelaySeconds: {{ .Values.startup.initialDelaySeconds }} + periodSeconds: {{ .Values.startup.periodSeconds }} + successThreshold: {{ .Values.startup.successThreshold }} + failureThreshold: {{ .Values.startup.failureThreshold }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/sdc/components/sdc-helm-validator/values.yaml b/kubernetes/sdc/components/sdc-helm-validator/values.yaml index 9c0d90649f..ede80a6af0 100644 --- a/kubernetes/sdc/components/sdc-helm-validator/values.yaml +++ b/kubernetes/sdc/components/sdc-helm-validator/values.yaml @@ -31,14 +31,24 @@ service: port: *svc_port liveness: - initialDelaySeconds: 30 - periodSeconds: 30 + initialDelaySeconds: 1 + periodSeconds: 10 path: /actuator/health + successThreshold: 1 + failureThreshold: 3 port: *port # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: true +startup: + initialDelaySeconds: 10 + periodSeconds: 10 + path: /actuator/health + successThreshold: 1 + failureThreshold: 12 + port: *port + flavor: small resources: small: diff --git a/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml index af53fd6708..7251006d38 100644 --- a/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml @@ -128,6 +128,8 @@ spec: initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} + successThreshold: {{ .Values.liveness.successThreshold }} + failureThreshold: {{ .Values.liveness.failureThreshold }} {{ end }} readinessProbe: exec: @@ -135,7 +137,18 @@ spec: - "/var/lib/jetty/ready-probe.sh" initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} - timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} + timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} + successThreshold: {{ .Values.readiness.successThreshold }} + failureThreshold: {{ .Values.readiness.failureThreshold }} + startupProbe: + exec: + command: + - "/var/lib/jetty/ready-probe.sh" + initialDelaySeconds: {{ .Values.startup.initialDelaySeconds }} + periodSeconds: {{ .Values.startup.periodSeconds }} + timeoutSeconds: {{ .Values.startup.timeoutSeconds }} + successThreshold: {{ .Values.startup.successThreshold }} + failureThreshold: {{ .Values.startup.failureThreshold }} resources: {{ include "common.resources" . | nindent 12 }} env: - name: ENVNAME diff --git a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml index d2dd808d86..f26a0208b9 100644 --- a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml @@ -83,17 +83,28 @@ affinity: {} # probe configuration parameters liveness: - initialDelaySeconds: 120 - periodSeconds: 60 + initialDelaySeconds: 1 + periodSeconds: 10 timeoutSeconds: 15 + successThreshold: 1 + failureThreshold: 3 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: true readiness: - initialDelaySeconds: 120 - periodSeconds: 60 + initialDelaySeconds: 1 + periodSeconds: 10 timeoutSeconds: 15 + successThreshold: 1 + failureThreshold: 3 + +startup: + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 15 + successThreshold: 1 + failureThreshold: 60 service: type: ClusterIP diff --git a/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml index 9defb8e1ce..de75092f8a 100644 --- a/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml @@ -88,12 +88,23 @@ spec: port: {{ template "wfd-be.internalPort" . }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} + successThreshold: {{ .Values.liveness.successThreshold }} + failureThreshold: {{ .Values.liveness.failureThreshold }} {{ end }} readinessProbe: tcpSocket: port: {{ template "wfd-be.internalPort" . }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} + successThreshold: {{ .Values.readiness.successThreshold }} + failureThreshold: {{ .Values.readiness.failureThreshold }} + startupProbe: + tcpSocket: + port: {{ template "wfd-be.internalPort" . }} + initialDelaySeconds: {{ .Values.startup.initialDelaySeconds }} + periodSeconds: {{ .Values.startup.periodSeconds }} + successThreshold: {{ .Values.startup.successThreshold }} + failureThreshold: {{ .Values.startup.failureThreshold }} env: - name: JAVA_OPTIONS value: {{ .Values.config.javaOptions }} diff --git a/kubernetes/sdc/components/sdc-wfd-be/values.yaml b/kubernetes/sdc/components/sdc-wfd-be/values.yaml index dbd643806c..d4414f1986 100644 --- a/kubernetes/sdc/components/sdc-wfd-be/values.yaml +++ b/kubernetes/sdc/components/sdc-wfd-be/values.yaml @@ -101,6 +101,28 @@ readiness: initialDelaySeconds: 60 periodSeconds: 10 +# probe configuration parameters +liveness: + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + +startup: + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 60 + service: type: NodePort portName: sdc-wfd-be diff --git a/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml b/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml index 7a8cf8fb34..b8073d723d 100644 --- a/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml @@ -105,12 +105,23 @@ spec: port: {{ template "wfd-fe.internalPort" . }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} + successThreshold: {{ .Values.liveness.successThreshold }} + failureThreshold: {{ .Values.liveness.failureThreshold }} {{ end }} readinessProbe: tcpSocket: port: {{ template "wfd-fe.internalPort" . }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} + successThreshold: {{ .Values.readiness.successThreshold }} + failureThreshold: {{ .Values.readiness.failureThreshold }} + startupProbe: + tcpSocket: + port: {{ template "wfd-fe.internalPort" . }} + initialDelaySeconds: {{ .Values.startup.initialDelaySeconds }} + periodSeconds: {{ .Values.startup.periodSeconds }} + successThreshold: {{ .Values.startup.successThreshold }} + failureThreshold: {{ .Values.startup.failureThreshold }} env: - name: ENVNAME value: {{ .Values.env.name }} diff --git a/kubernetes/sdc/components/sdc-wfd-fe/values.yaml b/kubernetes/sdc/components/sdc-wfd-fe/values.yaml index e001f2f5a7..3cc9b9542f 100644 --- a/kubernetes/sdc/components/sdc-wfd-fe/values.yaml +++ b/kubernetes/sdc/components/sdc-wfd-fe/values.yaml @@ -77,15 +77,25 @@ affinity: {} # probe configuration parameters liveness: - initialDelaySeconds: 60 + initialDelaySeconds: 1 periodSeconds: 10 + successThreshold: 1 + failureThreshold: 3 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: true readiness: - initialDelaySeconds: 60 + initialDelaySeconds: 1 periodSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + +startup: + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 60 service: type: NodePort diff --git a/kubernetes/sdnc/components/dmaap-listener/values.yaml b/kubernetes/sdnc/components/dmaap-listener/values.yaml index b37b2be590..c32a6a6230 100644 --- a/kubernetes/sdnc/components/dmaap-listener/values.yaml +++ b/kubernetes/sdnc/components/dmaap-listener/values.yaml @@ -49,7 +49,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/sdnc-dmaap-listener-image:2.1.5 +image: onap/sdnc-dmaap-listener-image:2.1.6 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml b/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml index f9c8ca4401..b8d59f96c9 100644 --- a/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml +++ b/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml @@ -49,7 +49,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/sdnc-ansible-server-image:2.1.5 +image: onap/sdnc-ansible-server-image:2.1.6 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/components/sdnc-web/values.yaml b/kubernetes/sdnc/components/sdnc-web/values.yaml index acd21ae8b9..8514641a1c 100644 --- a/kubernetes/sdnc/components/sdnc-web/values.yaml +++ b/kubernetes/sdnc/components/sdnc-web/values.yaml @@ -23,7 +23,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: "onap/sdnc-web-image:2.1.5" +image: "onap/sdnc-web-image:2.1.6" pullPolicy: Always config: diff --git a/kubernetes/sdnc/components/ueb-listener/values.yaml b/kubernetes/sdnc/components/ueb-listener/values.yaml index b5c062945b..5838809efe 100644 --- a/kubernetes/sdnc/components/ueb-listener/values.yaml +++ b/kubernetes/sdnc/components/ueb-listener/values.yaml @@ -55,7 +55,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/sdnc-ueb-listener-image:2.1.5 +image: onap/sdnc-ueb-listener-image:2.1.6 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml index 9f6118051b..b22b6758d2 100644 --- a/kubernetes/sdnc/values.yaml +++ b/kubernetes/sdnc/values.yaml @@ -208,7 +208,7 @@ certificates: # application images pullPolicy: Always -image: onap/sdnc-image:2.1.5 +image: onap/sdnc-image:2.1.6 # flag to enable debugging - application support required debugEnabled: false