From: Krzysztof Opasiak Date: Wed, 10 Mar 2021 11:31:49 +0000 (+0100) Subject: Move master back to the 18.02.2021 X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=refs%2Fchanges%2F54%2F119054%2F1;p=oom.git Move master back to the 18.02.2021 Created just to test on the gating if we are able to get a successful run on master branch from that date. Issue-ID: OOM-1 Change-Id: Ib5055094739a6726df4a46b6dcbf6ff5736ec3ec Signed-off-by: Krzysztof Opasiak --- diff --git a/docs/environments_onap_demo.yaml b/docs/environments_onap_demo.yaml index 9862ceab6c..cbb8f01d22 100644 --- a/docs/environments_onap_demo.yaml +++ b/docs/environments_onap_demo.yaml @@ -44,8 +44,6 @@ cli: enabled: false consul: # Consul Health Check Monitoring enabled: false -cps: - enabled: false dcaegen2: enabled: false esr: diff --git a/docs/helm-search.txt b/docs/helm-search.txt index 774ea3490a..4ec41fd6cd 100644 --- a/docs/helm-search.txt +++ b/docs/helm-search.txt @@ -10,7 +10,6 @@ local/cli 7.0.0 ONAP Command Line Interface local/common 7.0.0 Common templates for inclusion in other charts local/consul 7.0.0 ONAP Consul Agent local/contrib 7.0.0 ONAP optional tools -local/cps 7.0.0 ONAP Configuration Persistene Service (CPS) local/dcaegen2 7.0.0 ONAP DCAE Gen2 local/dgbuilder 7.0.0 D.G. Builder application local/dmaap 7.0.0 ONAP DMaaP components diff --git a/kubernetes/Makefile b/kubernetes/Makefile index d994397269..3c5254ca27 100644 --- a/kubernetes/Makefile +++ b/kubernetes/Makefile @@ -20,14 +20,7 @@ OUTPUT_DIR := $(ROOT_DIR)/dist PACKAGE_DIR := $(OUTPUT_DIR)/packages SECRET_DIR := $(OUTPUT_DIR)/secrets HELM_BIN := helm - -# Helm v2 and helm v3 uses different version format so we first try in helm v3 format -# and if it fails then we fallback to helm v2 one -HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}" 2>/dev/null) -ifneq "$(findstring v3,$(HELM_VER))" "v3" - HELM_VER := $(shell $(HELM_BIN) version -c --template "{{.Client.SemVer}}") -endif - +HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}") # use this if you would like to push onap charts to repo with other name # WARNING: Helm v3+ only # WARNING: Make sure to edit also requirements files @@ -45,7 +38,7 @@ HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.) .PHONY: $(EXCLUDES) $(HELM_CHARTS) check-for-staging-images -all: print_helm_bin $(COMMON_CHARTS_DIR) $(SUBMODS) $(HELM_CHARTS) helm-repo-update plugins +all: $(COMMON_CHARTS_DIR) $(SUBMODS) $(HELM_CHARTS) helm-repo-update plugins $(COMMON_CHARTS): @echo "\n[$@]" @@ -66,8 +59,6 @@ submod-%: %/requirements.yaml: $(error Submodule $* needs to be retrieved from gerrit. See https://wiki.onap.org/display/DW/OOM+-+Development+workflow+after+code+transfer+to+tech+teams ); fi -print_helm_bin: - $(info Using Helm binary ${HELM_BIN} which is helm version ${HELM_VER}) make-%: @if [ -f $*/Makefile ]; then make -C $*; fi diff --git a/kubernetes/a1policymanagement/requirements.yaml b/kubernetes/a1policymanagement/requirements.yaml index 1872e91a0f..e570cb0b32 100644 --- a/kubernetes/a1policymanagement/requirements.yaml +++ b/kubernetes/a1policymanagement/requirements.yaml @@ -18,9 +18,6 @@ dependencies: - name: common version: ~7.x-0 repository: '@local' - - name: certInitializer - version: ~7.x-0 - repository: '@local' - name: repositoryGenerator version: ~7.x-0 repository: '@local' \ No newline at end of file diff --git a/kubernetes/a1policymanagement/resources/config/application.yaml b/kubernetes/a1policymanagement/resources/config/application.yaml deleted file mode 100644 index 37754ca00c..0000000000 --- a/kubernetes/a1policymanagement/resources/config/application.yaml +++ /dev/null @@ -1,74 +0,0 @@ -{{/* -# -# ============LICENSE_START======================================================= -# ONAP : ccsdk oran -# ================================================================================ -# Copyright (C) 2020 Nordix Foundation. All rights reserved. -# Copyright (C) 2021 Orange. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= -# -*/}} -spring: - profiles: - active: prod - main: - allow-bean-definition-overriding: true - aop: - auto: false -management: - endpoints: - web: - exposure: - # Enabling of springboot actuator features. See springboot documentation. - include: "loggers,logfile,health,info,metrics,threaddump,heapdump" - -logging: - # Configuration of logging - level: - ROOT: DEBUG - org.springframework: DEBUG - org.springframework.data: DEBUG - org.springframework.web.reactive.function.client.ExchangeFunctions: DEBUG - org.onap.ccsdk.oran.a1policymanagementservice: DEBUG - file: - name: /var/log/policy-agent/application.log -server: - # Configuration of the HTTP/REST server. The parameters are defined and handeled by the springboot framework. - # See springboot documentation. - port: 8433 - http-port: 8081 - ssl: - key-store-type: PKCS12 - key-store-password: ${KEYSTORE_PASSWORD} - key-store: {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 - key-password: ${KEYSTORE_PASSWORD} - key-alias: {{ .Values.certInitializer.fqi }} -app: - # Location of the component configuration file. The file will only be used if the Consul database is not used; - # configuration from the Consul will override the file. - filepath: /opt/app/policy-agent/data/application_configuration.json - webclient: - # Configuration of the trust store used for the HTTP client (outgoing requests) - # The file location and the password for the truststore is only relevant if trust-store-used == true - # Note that the same keystore as for the server is used. - trust-store-used: false - trust-store-password: ${TRUSTSORE_PASSWORD} - trust-store: {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks - # Configuration of usage of HTTP Proxy for the southbound accesses. - # The HTTP proxy (if configured) will only be used for accessing NearRT RIC:s - http.proxy-host: - http.proxy-port: 0 diff --git a/kubernetes/a1policymanagement/templates/deployment.yaml b/kubernetes/a1policymanagement/templates/deployment.yaml index 43431f0a35..ce2e2732e6 100644 --- a/kubernetes/a1policymanagement/templates/deployment.yaml +++ b/kubernetes/a1policymanagement/templates/deployment.yaml @@ -27,7 +27,7 @@ spec: metadata: labels: {{- include "common.labels" . | nindent 8 }} spec: - initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} + initContainers: - name: {{ include "common.name" . }}-bootstrap-config image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} @@ -35,22 +35,13 @@ spec: - sh args: - -c - - | - export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop\ - | xargs -0) - cd /config-input - for PFILE in `ls -1` - do - envsubst <${PFILE} >/config/${PFILE} - chmod o+w /config/${PFILE} - done - cat /config/application.yaml + - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; chmod o+w /config/${PFILE}; done" env: - name: A1CONTROLLER_USER {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "login") | indent 10 }} - name: A1CONTROLLER_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "password") | indent 10 }} - volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} + volumeMounts: - mountPath: /config-input name: {{ include "common.fullname" . }}-policy-conf-input - mountPath: /config @@ -95,15 +86,11 @@ spec: scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} - volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} - - name: config - mountPath: /opt/app/policy-agent/data/application_configuration.json - subPath: application_configuration.json + volumeMounts: - name: config - mountPath: /opt/app/policy-agent/config/application.yaml - subPath: application.yaml + mountPath: /opt/app/policy-agent/data resources: {{ include "common.resources" . | nindent 10 }} - volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} + volumes: - name: {{ include "common.fullname" . }}-policy-conf-input configMap: name: {{ include "common.fullname" . }}-policy-conf diff --git a/kubernetes/a1policymanagement/values.yaml b/kubernetes/a1policymanagement/values.yaml index e118b35cfd..a1602c569c 100644 --- a/kubernetes/a1policymanagement/values.yaml +++ b/kubernetes/a1policymanagement/values.yaml @@ -29,44 +29,6 @@ secrets: password: '{{ .Values.a1controller.password }}' passwordPolicy: required -################################################################# -# AAF part -################################################################# -certInitializer: - nameOverride: a1p-cert-initializer - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - # aafDeployCredsExternalSecret: some secret - fqdn: a1p - fqi: a1p@a1p.onap.org - public_fqdn: a1p.onap.org - cadi_longitude: "0.0" - cadi_latitude: "0.0" - app_ns: org.osaaf.aaf - credsPath: /opt/app/osaaf/local - fqi_namespace: org.onap.a1p - aaf_add_config: | - echo "*** changing them into shell safe ones" - export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) - export TRUSTSORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) - cd {{ .Values.credsPath }} - keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \ - -storepass "${cadi_keystore_password_p12}" \ - -keystore {{ .Values.fqi_namespace }}.p12 - keytool -storepasswd -new "${TRUSTSORE_PASSWORD}" \ - -storepass "${cadi_truststore_password}" \ - -keystore {{ .Values.fqi_namespace }}.trust.jks - echo "*** set key password as same password as keystore password" - keytool -keypasswd -new "${KEYSTORE_PASSWORD}" \ - -keystore {{ .Values.fqi_namespace }}.p12 \ - -keypass "${cadi_keystore_password_p12}" \ - -storepass "${KEYSTORE_PASSWORD}" -alias {{ .Values.fqi }} - echo "*** save the generated passwords" - echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop - echo "TRUSTSORE_PASSWORD=${TRUSTSORE_PASSWORD}" >> mycreds.prop - echo "*** change ownership of certificates to targeted user" - chown -R 1000 . - image: onap/ccsdk-oran-a1policymanagementservice:1.0.1 userID: 1000 #Should match with image-defined user ID groupID: 999 #Should match with image-defined group ID diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat index 8f182033ec..3a61e77f40 100644 --- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat +++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat @@ -1,19 +1,15 @@ -a1p@a1p.onap.org|a1p|local|/opt/app/osaaf/local||mailto:|org.onap.a1p|root|30|{'a1policymanagement.onap', 'a1policymanagement', 'a1policymanagement.api.simpledemo.onap.org'}|mmanager@osaaf.org|{'file', 'pkcs12'} aaf@aaf.osaaf.org|aaf-hello|local|/opt/app/osaaf/local||mailto:|org.osaaf.aaf|root|30|{'aaf-hello', 'aaf-hello.api.simpledemo.onap.org', 'aaf-hello.onap', 'aaf.osaaf.org'}|aaf_admin@osaaf.org|{'file', 'jks', 'pkcs12', 'script'} aaf@aaf.osaaf.org|aaf|local|/opt/app/osaaf/local||mailto:|org.osaaf.aaf|root|30|{'aaf', 'aaf.api.simpledemo.onap.org', 'aaf.onap'}|aaf_admin@osaaf.org|{'pkcs12', 'script'} -aaf-sms@aaf-sms.onap.org|aaf-sms|local|/opt/app/osaaf/local||mailto:|org.onap.aaf-sms|root|30|{'aaf-sms-db.onap', 'aaf-sms.api.simpledemo.onap.org', 'aaf-sms.onap', 'aaf-sms.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'pkcs12', 'file'} +aaf-sms@aaf-sms.onap.org|aaf-sms|local|/opt/app/osaaf/local||mailto:|org.onap.aaf-sms|root|30|{'aaf-sms-db.onap', 'aaf-sms.api.simpledemo.onap.org', 'aaf-sms.onap', 'aaf-sms.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'file'} aai@aai.onap.org|aai1|local|/opt/app/osaaf/local||mailto:|org.onap.aai|root|30|{'aai-sparky-be.onap', 'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'pkcs12'} aai@aai.onap.org|aai2|aaf|/Users/jf2512||mailto:|org.onap.aai|jf2512|60|{'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.onap aai-sparky-be.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org aai1.onap'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'} aai@aai.onap.org|aai|local|/opt/app/osaaf/local||mailto:|org.onap.aai|root|60|{'aai-search-data.onap', 'aai-sparky-be.onap', 'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12'} aai@aai.onap.org|aai.onap|local|/opt/app/osaaf/local||mailto:|org.onap.aai|root|30|{'aai-sparky-be.onap', 'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'file', 'jks', 'pkcs12'} aai@aai.onap.org|mithrilcsp.sbc.com|local|/tmp/onap||mailto:|org.onap.aai|jg1555|30|{'aai-sparky-be.onap', 'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'file', 'pkcs12', 'script'} -aai-resources@aai-resources.onap.org|aai-resources|local|/opt/app/osaaf/local||mailto:|org.onap.aai-resources|root|30|{'aai-resources', 'aai-resources.onap'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12'} -aai-traversal@aai-traversal.onap.org|aai-traversal|local|/opt/app/osaaf/local||mailto:|org.onap.aai-traversal|root|30|{'aai-traversal', 'aai-traversal.onap'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12'} appc@appc.onap.org|appc|local|/opt/app/osaaf/local||mailto:|org.onap.appc|root|60|{'appc.api.simpledemo.onap.org', 'appc.onap', 'appc.simpledemo.onap.org'}|mmanager@osaaf.org|{'pkcs12'} appc-cdt@appc-cdt.onap.org|appc-cdt|local|/opt/app/osaaf/local||mailto:|org.onap.appc-cdt|root|30|{'appc-cdt', 'appc-cdt.api.simpledemo.onap.org', 'appc-cdt.onap'}|mmanager@osaaf.org|{'file', 'pkcs12', 'script'} clamp@clamp.onap.org|clamp|local|/opt/app/osaaf/local||mailto:|org.onap.clamp|root|30|{'clamp', 'clamp-onap', 'clamp.api.simpledemo.onap.org', 'clamp.onap'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'} clamp@clamp.onap.org|mithrilcsp.sbc.com|local|/tmp/onap||mailto:|org.onap.clamp|jg1555|30|{'clamp.api.simpledemo.onap.org', 'clamp.onap'}|aaf_admin@osaaf.org|{'file', 'pkcs12'} -cli@cli.onap.org|cli|local|/opt/app/osaaf/local||mailto:|org.onap.cli|root|30|{'cli', 'cli.api.simpledemo.onap.org', 'cli.onap'}|mmanager@osaaf.org|{'file', 'pkcs12', 'jks'} dcae@dcae.onap.org|dcae|local|/opt/app/osaaf/local||mailto:|org.onap.dcae|root|60|{'bbs-event-processor', 'bbs-event-processor.onap', 'bbs-event-processor.onap.svc.cluster.local', 'config-binding-service', 'config-binding-service.onap', 'config-binding-service.onap.svc.cluster.local', 'dashboard', 'dashboard.onap', 'dashboard.onap.svc.cluster.local', 'dcae-cloudify-manager', 'dcae-cloudify-manager.onap', 'dcae-cloudify-manager.onap.svc.cluster.local', 'dcae-datafile-collector', 'dcae-datafile-collector.onap', 'dcae-datafile-collector.onap.svc.cluster.local', 'dcae-hv-ves-collector', 'dcae-hv-ves-collector.onap', 'dcae-hv-ves-collector.onap.svc.cluster.local', 'dcae-pm-mapper', 'dcae-pm-mapper.onap', 'dcae-pm-mapper.onap.svc.cluster.local', 'dcae-pmsh', 'dcae-pmsh.onap', 'dcae-pmsh.onap.svc.cluster.local', 'dcae-prh', 'dcae-prh.onap', 'dcae-prh.onap.svc.cluster.local', 'dcae-tca-analytics', 'dcae-tca-analytics.onap', 'dcae-tca-analytics.onap.svc.cluster.local', 'dcae-ves-collector', 'dcae-ves-collector.onap', 'dcae-ves-collector.onap.svc.cluster.local', 'deployment-handler', 'deployment-handler.onap', 'deployment-handler.onap.svc.cluster.local', 'holmes-engine-mgmt', 'holmes-engine-mgmt.onap', 'holmes-engine-mgmt.onap.svc.cluster.local', 'holmes-rule-mgmt', 'holmes-rules-mgmt.onap', 'holmes-rules-mgmt.onap.svc.cluster.local', 'inventory', 'inventory.onap', 'inventory.onap.svc.cluster.local', 'policy-handler', 'policy-handler.onap', 'policy-handler.onap.svc.cluster.local'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'} dmaap-bc@dmaap-bc.onap.org|dmaap-bc|local|/opt/app/osaaf/local||mailto:|org.onap.dmaap-bc|root|30|{'dmaap-bc', 'dmaap-bc.api.simpledemo.onap.org', 'dmaap-bc.onap'}|mmanager@osaaf.org|{'jks', 'pkcs12', 'script'} dmaap-bc-mm-prov@dmaap-bc-mm-prov.onap.org|dmaap-bc-mm-prov|local|/opt/app/osaaf/local||mailto:|org.onap.dmaap-bc-mm-prov|root|30|{'dmaap-bc-mm-prov', 'dmaap-bc-mm-prov.api.simpledemo.onap.org', 'dmaap-bc-mm-prov.onap', 'onap.dmaap-bc-mm-prov'}|aaf_admin@osaaf.org|{'pkcs12', 'script'} @@ -47,7 +43,7 @@ policy@policy.onap.org|policy|local|/opt/app/osaaf/local||mailto:|org.onap.polic policy@policy.onap.org|policy_onap|local|/opt/app/osaaf/local||mailto:|org.onap.policy|root|30|{'*.pdp', '*.pdp.onap.svc.cluster.local', 'brmsgw', 'brmsgw.onap', 'drools', 'drools.onap', 'pap', 'pap.onap', 'pdp', 'pdp.onap', 'policy', 'policy-apex-pdp', 'policy-apex-pdp.onap', 'policy-distribution', 'policy-distribution.onap', 'policy.api.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'pkcs12'} pomba@pomba.onap.org|onap.pomba|local|/opt/app/osaaf/local||mailto:|org.onap.pomba|root|30|{'onap.pomba', 'onap_pomba', 'pomba', 'pomba.api.simpledemo.onap.org', 'pomba.onap', 'pomba_onap'}|aaf_admin@osaaf.org|{'jks', 'pkcs12', 'script'} portal@portal.onap.org|portal|local|/opt/app/osaaf/local||mailto:|org.onap.portal|root|30|{'onap.portal', 'onap_portal', 'portal', 'portal-app', 'portal.api.simpledemo.onap.org', 'portal.onap', 'portal_onap'}|aaf_admin@osaaf.org|{'pkcs12', 'script'} -sdc@sdc.onap.org|sdc-fe.onap|local|/opt/app/osaaf/local||mailto:|org.onap.sdc|root|30|{'sdc-fe.onap', 'sdc.api.simpledemo.onap.org', 'sdc.onap'}|aaf_admin@osaaf.org|{'file', 'jks', 'pkcs12', 'script'} +sdc@sdc.onap.org|sdc-fe.onap|local|/opt/app/osaaf/local||mailto:|org.onap.sdc|root|30|{'sdc-fe.onap', 'sdc.api.simpledemo.onap.org', 'sdc.onap'}|aaf_admin@osaaf.org|{'file', 'jks', 'script'} sdc@sdc.onap.org|sdc|local|/opt/app/osaaf/local||mailto:|org.onap.sdc|root|60|{'*.onap', '*.onap.org', 'sdc', 'sdc-be.onap', 'sdc-dcae-be.onap', 'sdc-dcae-dt.onap', 'sdc-dcae-fe.onap', 'sdc-dcae-tosca-lab.onap', 'sdc-es.onap', 'sdc-fe.onap', 'sdc-kb.onap', 'sdc-onap.org', 'sdc-onboarding-be.onap', 'sdc-wfd-be.onap', 'sdc-wfd-fe.onap', 'sdc.api.fe.simpledemo.onap.org', 'sdc.api.simpledemo.onap.org', 'sdc.dcae.plugin.simpledemo.onap.org', 'sdc.workflow.plugin.simpledemo.onap.org', 'webseal.onap'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'} sdc@sdc.onap.org|sdc.onap|local|/opt/app/osaaf/local||mailto:|org.onap.sdc|root|60|{'*.onap', '*.onap.org', 'sdc', 'sdc-be.onap', 'sdc-dcae-be.onap', 'sdc-dcae-dt.onap', 'sdc-dcae-fe.onap', 'sdc-dcae-tosca-lab.onap', 'sdc-es.onap', 'sdc-fe.onap', 'sdc-kb.onap', 'sdc-onap.org', 'sdc-onboarding-be.onap', 'sdc-wfd-be.onap', 'sdc-wfd-fe.onap', 'sdc.api.fe.simpledemo.onap.org', 'sdc.api.simpledemo.onap.org', 'sdc.dcae.plugin.simpledemo.onap.org', 'sdc.workflow.plugin.simpledemo.onap.org', 'webseal.onap'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'} sdnc-cds@sdnc-cds.onap.org|sdnc-cds|local|/opt/app/osaaf/local||mailto:|org.onap.sdnc-cds|root|30|{'c1.vm1.sdnc-cds.simpledemo.onap', 'c2.vm1.sdnc-cds.simpledemo.onap', 'c3.vm1.sdnc-cds.simpledemo.onap', 'c4.vm1.sdnc-cds.simpledemo.onap', 'onap-sdnc-cds', 'onap-sdnc-cds.onap', 'sdnc-cds', 'sdnc-cds.api.simpledemo.onap.org', 'sdnc-cds.onap', 'vm1.sdnc-cds.simpledemo.onap.org'}|mmanager@osaaf.org|{'file', 'pkcs12', 'script'} @@ -58,8 +54,8 @@ so@so.onap.org|aai-simulator|local|/opt/app/osaaf/local||mailto:|org.onap.so|roo so@so.onap.org|bpmn-infra|local|/opt/app/osaaf/local||mailto:|org.onap.so|root|30|{'bpmn-infra', 'bpmn-infra.onap'}|mmanager@osaaf.org|{'pkcs12'} so@so.onap.org|sdc-simulator|local|/opt/app/osaaf/local||mailto:|org.onap.so|root|30|{'localhost', 'sdc-simulator'}|aaf_admin@osaaf.org|{'pkcs12'} so@so.onap.org|sdnc-simulator|local|/opt/app/osaaf/local||mailto:|org.onap.so|root|30|{'localhost', 'sdnc-simulator'}|aaf_admin@osaaf.org|{'pkcs12'} -so@so.onap.org|so-apih|local|/opt/app/osaaf/local||mailto:rp6768@att.com|org.onap.so|root|30|{'mso-asdc-controller-svc', 'mso-bpmn-infra-svc', 'mso-catalog-db-adapter-svc', 'mso-openstack-adapter-svc', 'mso-request-db-adapter-svc', 'mso-sdnc-adapter-svc'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'} -so@so.onap.org|so-client|local|/opt/app/osaaf/local||mailto:rp6768@att.com|org.onap.so|root|30||mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'} +so@so.onap.org|so-apih|local|/opt/app/osaaf/local||mailto:rp6768@att.com|org.onap.so|root|30|{'mso-asdc-controller-svc', 'mso-bpmn-infra-svc', 'mso-catalog-db-adapter-svc', 'mso-openstack-adapter-svc', 'mso-request-db-adapter-svc', 'mso-sdnc-adapter-svc'}|mmanager@osaaf.org|{'file', 'jks', 'script'} +so@so.onap.org|so-client|local|/opt/app/osaaf/local||mailto:rp6768@att.com|org.onap.so|root|30||mmanager@osaaf.org|{'file', 'jks', 'script'} so@so.onap.org|so|local|/opt/app/osaaf/local||mailto:|org.onap.so|root|30|{'so.api.simpledemo.onap.org', 'so.onap'}|aaf_admin@osaaf.org|{'pkcs12', 'script'} so@so.onap.org|so-vnfm-adapter|local|/opt/app/osaaf/local||mailto:|org.onap.so|root|30|{'so-vnfm-adapter', 'so-vnfm-adapter.onap'}|aaf_admin@osaaf.org|{'pkcs12'} so@so.onap.org|so-vnfm-simulator|local|/opt/app/osaaf/local||mailto:|org.onap.so|root|30|{'so-vnfm-simulator', 'so-vnfm-simulator.onap'}|aaf_admin@osaaf.org|{'pkcs12'} diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/cred.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/cred.dat index bcbffdc3fa..591f732551 100644 --- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/cred.dat +++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/cred.dat @@ -1,15 +1,11 @@ portal@portal.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.portal|53344|| shi@shi.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.shi|53344|| -a1p@a1p.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.a1p|53344|| aaf@aaf.osaaf.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.aaf|53344|| aaf-sms@aaf-sms.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.aaf-sms|53344|| clamp@clamp.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.clamp|53344|| aai@aai.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.aai|53344|| -aai-resources@aai-resources.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.aai-resources|53344|| -aai-traversal@aai-traversal.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.aai-traversal|53344|| appc@appc.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.appc|53344|| appc-cdt@appc-cdt.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.appc-cdt|53344|| -cli@cli.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.cli|53344|| dcae@dcae.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.dcae|53344|| oof@oof.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.oof|53344|| so@so.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.so|53344|| diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/ns.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/ns.dat index 7c5ee26f05..223fe03afa 100644 --- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/ns.dat +++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/ns.dat @@ -1,15 +1,11 @@ -org.onap.a1p||org.onap||3 org.onap.aaf-sms||org.onap||3 org.onap.aai||org.onap||3 -org.onap.aai-resources||org.onap||3 -org.onap.aai-traversal||org.onap||3 org.onap.appc||org.onap||3 org.onap.appc-cdt||org.onap||3 org.onap.cds||org.onap||3 org.onap.clampdemo|Onap clamp demo NS|org.onap|2|2 org.onap.clamp||org.onap||3 org.onap.clamptest|Onap clamp test NS|org.onap|2|2 -org.onap.cli||org.onap||3 org.onap.dcae||org.onap||3 org.onap.dmaap-bc.api||org.onap.dmaap-bc||3 org.onap.dmaap-bc-mm-prov||org.onap||3 diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/perm.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/perm.dat index 281133bc3d..10edaa596a 100644 --- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/perm.dat +++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/perm.dat @@ -1,9 +1,6 @@ org|access|*|*|Org Write Access|{'org.admin'} org|access|*|read,approve|Org Read Access|{'org.owner'} org|access|*|read|Org Read Access|{'org.owner'} -org.onap.a1p|access|*|*|AAF Namespace Write Access|"{'org.onap.a1p|admin', 'org.onap.a1p|service'}" -org.onap.a1p|access|*|read|AAF Namespace Read Access|"{'org.onap.a1p|owner'}" -org.onap.a1p|certman|local|request,ignoreIPs,showpass||"{'org.osaaf.aaf|deploy'}" org.onap.aaf-sms|access|*|*|AAF Namespace Write Access|"{'org.onap.aaf-sms|admin'}" org.onap.aaf-sms|access|*|read|AAF Namespace Read Access|"{'org.onap.aaf-sms|owner'}" org.onap.aaf-sms|certman|local|request,ignoreIPs,showpass||"{'org.osaaf.aaf|deploy'}" @@ -17,12 +14,6 @@ org.onap.aai|resources|*|post||"{'org.onap.aai|resources_all'}" org.onap.aai|resources|*|put||"{'org.onap.aai|resources_all'}" org.onap.aai|traversal|*|advanced||"{'org.onap.aai|traversal_advanced'}" org.onap.aai|traversal|*|basic||"{'org.onap.aai|traversal_basic'}" -org.onap.aai-resources|access|*|*|AAF Namespace Write Access|"{'org.onap.aai-resources|admin', 'org.onap.aai-resources|service'}" -org.onap.aai-resources|access|*|read|AAF Namespace Read Access|"{'org.onap.aai-resources|owner'}" -org.onap.aai-resources|certman|local|request,ignoreIPs,showpass||"{'org.osaaf.aaf|deploy'}" -org.onap.aai-traversal|access|*|*|AAF Namespace Write Access|"{'org.onap.aai-traversal|admin', 'org.onap.aai-traversal|service'}" -org.onap.aai-traversal|access|*|read|AAF Namespace Read Access|"{'org.onap.aai-traversal|owner'}" -org.onap.aai-traversal|certman|local|request,ignoreIPs,showpass||"{'org.osaaf.aaf|deploy'}" org.onap|access|*|*|Onap Write Access|{'org.onap.admin'} org.onap|access|*|read|Onap Read Access|{'org.onap.owner'} org.onap.appc|access|*|*|AAF Namespace Write Access|"{'org.onap.appc|admin', 'org.onap.appc|service'}" @@ -53,9 +44,6 @@ org.onap.clampdemo|access|*|*|ClampDemo Write Access|{'org.onap.clampdemo.admin' org.onap.clampdemo|access|*|read|ClampDemo Read Access|{'org.onap.clampdemo.owner'} org.onap.clamptest|access|*|*|Onap Write Access|{'org.onap.clamptest.admin'} org.onap.clamptest|access|*|read|Onap Read Access|{'org.onap.clamptest.owner'} -org.onap.cli|access|*|*|AAF Namespace Write Access|"{'org.onap.cli|admin', 'org.onap.cli|service'}" -org.onap.cli|access|*|read|AAF Namespace Read Access|"{'org.onap.cli|owner'}" -org.onap.cli|certman|local|request,ignoreIPs,showpass||"{'org.osaaf.aaf|deploy'}" org.onap.dcae|access|*|*|AAF Namespace Write Access|"{'org.onap.dcae|admin', 'org.onap.dmaap-bc-topic-mgr|admin', 'org.onap.dmaap-bc|admin'}" org.onap.dcae|access|*|read|AAF Namespace Read Access|"{'org.onap.dcae|owner'}" org.onap.dcae|certman|local|request,ignoreIPs,showpass||"{'org.onap.dcae|seeCerts', 'org.osaaf.aaf|deploy'}" diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/role.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/role.dat index 87a22747f8..bdacfaa6c3 100644 --- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/role.dat +++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/role.dat @@ -1,7 +1,4 @@ org|admin|Org Admins|"{'org.access|*|*'}" -org.onap.a1p|admin|AAF Namespace Administrators|"{'org.onap.a1p|access|*|*'}" -org.onap.a1p|owner|AAF Namespace Owners|"{'org.onap.a1p|access|*|read'}" -org.onap.a1p|service||"{'org.onap.a1p|access|*|*'}" org.onap.aaf-sms|admin|AAF Namespace Administrators|"{'org.onap.aaf-sms|access|*|*'}" org.onap.aaf-sms|owner|AAF Namespace Owners|"{'org.onap.aaf-sms|access|*|read'}" org.onap.aaf-sms|service||"{'org.onap.aaf-sms|access|*|read'}" @@ -13,12 +10,6 @@ org.onap.aai|resources_all|resources_all|"{'org.onap.aai|resources|*|delete', 'o org.onap.aai|resources_readonly|resources_readonly|"{'org.onap.aai|resources|*|get'}" org.onap.aai|traversal_advanced|traversal_advanced|"{'org.onap.aai|traversal|*|advanced'}" org.onap.aai|traversal_basic|traversal_basic|"{'org.onap.aai|traversal|*|basic'}" -org.onap.aai-resources|admin|AAF Namespace Administrators|"{'org.onap.aai-resources|access|*|*'}" -org.onap.aai-resources|owner|AAF Namespace Owners|"{'org.onap.aai-resources|access|*|read'}" -org.onap.aai-resources|service||"{'org.onapaai-resources|access|*|*'}" -org.onap.aai-traversal|admin|AAF Namespace Administrators|"{'org.onap.aai-traversal|access|*|*'}" -org.onap.aai-traversal|owner|AAF Namespace Owners|"{'org.onap.aai-traversal|access|*|read'}" -org.onap.aai-traversal|service||"{'org.onapaai-traversal|access|*|*'}" org.onap|admin|Onap Admins|"{'org.onap.access|*|*'}" org.onap.appc|admin|AAF Namespace Administrators|"{'org.onap.appc|access|*|*'}" org.onap.appc|apidoc||"{'org.onap.appc|apidoc|/apidoc/.*|ALL'}" @@ -43,9 +34,6 @@ org.onap.clamp|seeCerts||"{'org.onap.clamp|certman|local|request,ignoreIPs,showp org.onap.clamp|service||"{'org.onap.clamp|access|*|*', 'org.onap.clamp|clds.cl.manage|dev|*', 'org.onap.clamp|clds.cl|dev|*', 'org.onap.clamp|clds.filter.vf|dev|*', 'org.onap.clamp|clds.template|dev|*', 'org.onap.clamp|clds.tosca|dev|*'}" org.onap.clamptest|admin|Onap Clamp Test Admins|"{'org.onap.clamptest.access|*|*'}" org.onap.clamptest|owner|onap clamp Test Owners|"{'org.onap.clamptest.access|*|read'}" -org.onap.cli|admin|AAF Namespace Administrators|"{'org.onap.cli|access|*|*'}" -org.onap.cli|owner|AAF Namespace Owners|"{'org.onap.cli|access|*|read'}" -org.onap.cli|service||"{'org.onap.cli|access|*|*'}" org.onap.dcae|admin|AAF Namespace Administrators|"{'org.onap.dcae|access|*|*', 'org.onap.dmaap-bc|access|*|read'}" org.onap.dcae|owner|AAF Namespace Owners|"{'org.onap.dcae|access|*|read'}" org.onap.dcae|pmPublisher|| @@ -323,7 +311,7 @@ org.openecomp.dmaapBC|admin|AAF Admins|"{'org.openecomp.dmaapBC.access|*|*', 'or org.openecomp.dmaapBC|owner|AAF Owners|"{'org.openecomp.dmaapBC.access|*|read'}" org.openecomp|owner|OpenEcomp Owners|"{'org.openecomp.access|*|read'}" org.osaaf.aaf|admin|AAF Admins|"{'org.osaaf.aaf.access|*|*', 'org.osaaf.aaf|cache|all|clear', 'org.osaaf.aaf|cache|role|clear', 'org.osaaf.aaf|password|*|create,reset'}" -org.osaaf.aaf|deploy|ONAP Deployment Role|"{'org.onap.a1p|certman|local|request,ignoreIPs,showpass', 'org.onap.aaf-sms|certman|local|request,ignoreIPs,showpass', 'org.onap.aai|certman|local|request,ignoreIPs,showpass', 'org.onap.aai-resources|certman|local|request,ignoreIPs,showpass', 'org.onap.aai-traversal|certman|local|request,ignoreIPs,showpass', 'org.onap.appc|certman|local|request,ignoreIPs,showpass', 'org.onap.appc-cdt|certman|local|request,ignoreIPs,showpass', 'org.onap.clamp|certman|local|request,ignoreIPs,showpass', 'org.onap.cli|certman|local|request,ignoreIPs,showpass', 'org.onap.dcae|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc-mm-prov|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc-topic-mgr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-dr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-mr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap.mr|certman|local|request,ignoreIPs,showpass', 'org.onap.msb-eag|certman|local|request,ignoreIPs,showpass', 'org.onap.msb-iag|certman|local|request,ignoreIPs,showpass', 'org.onap.music|certman|local|request,ignoreIPs,showpass', 'org.onap.nbi|certman|local|request,ignoreIPs,showpass', 'org.onap.oof|certman|local|request,ignoreIPs,showpass', 'org.onap.policy|certman|local|request,ignoreIPs,showpass', 'org.onap.pomba|certman|local|request,ignoreIPs,showpass', 'org.onap.portal|certman|local|request,ignoreIPs,showpass', 'org.onap.sdc|certman|local|request,ignoreIPs,showpass', 'org.onap.sdnc-cds|certman|local|request,ignoreIPs,showpass', 'org.onap.sdnc|certman|local|request,ignoreIPs,showpass', 'org.onap.so|certman|local|request,ignoreIPs,showpass', 'org.onap.vfc|certman|local|request,ignoreIPs,showpass', 'org.onap.vid1|certman|local|request,ignoreIPs,showpass', 'org.onap.vid2|certman|local|request,ignoreIPs,showpass', 'org.onap.vid|certman|local|request,ignoreIPs,showpass', 'org.osaaf.aaf|certman|local|request,ignoreIPs,showpass'}" +org.osaaf.aaf|deploy|ONAP Deployment Role|"{'org.onap.aaf-sms|certman|local|request,ignoreIPs,showpass', 'org.onap.aai|certman|local|request,ignoreIPs,showpass', 'org.onap.appc|certman|local|request,ignoreIPs,showpass', 'org.onap.appc-cdt|certman|local|request,ignoreIPs,showpass', 'org.onap.clamp|certman|local|request,ignoreIPs,showpass', 'org.onap.dcae|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc-mm-prov|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc-topic-mgr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-dr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-mr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap.mr|certman|local|request,ignoreIPs,showpass', 'org.onap.msb-eag|certman|local|request,ignoreIPs,showpass', 'org.onap.msb-iag|certman|local|request,ignoreIPs,showpass', 'org.onap.music|certman|local|request,ignoreIPs,showpass', 'org.onap.nbi|certman|local|request,ignoreIPs,showpass', 'org.onap.oof|certman|local|request,ignoreIPs,showpass', 'org.onap.policy|certman|local|request,ignoreIPs,showpass', 'org.onap.pomba|certman|local|request,ignoreIPs,showpass', 'org.onap.portal|certman|local|request,ignoreIPs,showpass', 'org.onap.sdc|certman|local|request,ignoreIPs,showpass', 'org.onap.sdnc-cds|certman|local|request,ignoreIPs,showpass', 'org.onap.sdnc|certman|local|request,ignoreIPs,showpass', 'org.onap.so|certman|local|request,ignoreIPs,showpass', 'org.onap.vfc|certman|local|request,ignoreIPs,showpass', 'org.onap.vid1|certman|local|request,ignoreIPs,showpass', 'org.onap.vid2|certman|local|request,ignoreIPs,showpass', 'org.onap.vid|certman|local|request,ignoreIPs,showpass', 'org.osaaf.aaf|certman|local|request,ignoreIPs,showpass'}" org.osaaf.aaf|owner|AAF Owners|"{'org.osaaf.aaf.access|*|read,approve'}" org.osaaf.aaf|service||"{'org.osaaf.aaf|cache|*|clear'}" org.osaaf|admin|OSAAF Admins|"{'org.osaaf.access|*|*'}" diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/user_role.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/user_role.dat index b849f8cc26..a9dc752494 100644 --- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/user_role.dat +++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/user_role.dat @@ -1,13 +1,7 @@ -mmanager@people.osaaf.org|org.onap.a1p.admin|2020-11-26 12:31:54.000+0000|org.onap.a1p|admin -mmanager@people.osaaf.org|org.onap.a1p.owner|2020-11-26 12:31:54.000+0000|org.onap.a1p|owner mmanager@people.osaaf.org|org.onap.aaf-sms.admin|2020-11-26 12:31:54.000+0000|org.onap.aaf-sms|admin mmanager@people.osaaf.org|org.onap.aaf-sms.owner|2020-11-26 12:31:54.000+0000|org.onap.aaf-sms|owner mmanager@people.osaaf.org|org.onap.aai.admin|2020-11-26 12:31:54.000+0000|org.onap.aai|admin mmanager@people.osaaf.org|org.onap.aai.owner|2020-11-26 12:31:54.000+0000|org.onap.aai|owner -mmanager@people.osaaf.org|org.onap.aai-resources.admin|2020-11-26 12:31:54.000+0000|org.onap.aai-resources|admin -mmanager@people.osaaf.org|org.onap.aai-resources.owner|2020-11-26 12:31:54.000+0000|org.onap.aai-resources|owner -mmanager@people.osaaf.org|org.onap.aai-traversal.admin|2020-11-26 12:31:54.000+0000|org.onap.aai-traversal|admin -mmanager@people.osaaf.org|org.onap.aai-traversal.owner|2020-11-26 12:31:54.000+0000|org.onap.aai-traversal|owner mmanager@people.osaaf.org|org.onap.admin|2020-11-26 12:31:54.000+0000|org.onap|admin mmanager@people.osaaf.org|org.onap.appc.admin|2020-11-26 12:31:54.000+0000|org.onap.appc|admin mmanager@people.osaaf.org|org.onap.appc.owner|2020-11-26 12:31:54.000+0000|org.onap.appc|owner @@ -17,8 +11,6 @@ mmanager@people.osaaf.org|org.onap.cds.admin|2020-11-26 12:31:54.000+0000|org.on mmanager@people.osaaf.org|org.onap.cds.owner|2020-11-26 12:31:54.000+0000|org.onap.cds|owner mmanager@people.osaaf.org|org.onap.clamp.admin|2020-11-26 12:31:54.000+0000|org.onap.clamp|admin mmanager@people.osaaf.org|org.onap.clamp.owner|2020-11-26 12:31:54.000+0000|org.onap.clamp|owner -mmanager@people.osaaf.org|org.onap.cli.admin|2020-11-26 12:31:54.000+0000|org.onap.cli|admin -mmanager@people.osaaf.org|org.onap.cli.owner|2020-11-26 12:31:54.000+0000|org.onap.cli|owner mmanager@people.osaaf.org|org.onap.dcae.admin|2020-11-26 12:31:54.000+0000|org.onap.dcae|admin mmanager@people.osaaf.org|org.onap.dcae.owner|2020-11-26 12:31:54.000+0000|org.onap.dcae|owner mmanager@people.osaaf.org|org.onap.dmaap.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap|admin @@ -94,7 +86,6 @@ mmanager@people.osaaf.org|org.onap.vid.owner|2020-11-26 12:31:54.000+0000|org.on mmanager@people.osaaf.org|org.osaaf.people.owner|2020-11-26 12:31:54.000+0000|org.osaaf.people|owner portal@portal.onap.org|org.onap.aaf-sms.admin|2020-11-26 12:31:54.000+0000|org.onap.aaf-sms|admin portal@portal.onap.org|org.onap.aai.admin|2020-11-26 12:31:54.000+0000|org.onap.aai|admin -portal@portal.onap.org|org.onap.aai-resources.admin|2020-11-26 12:31:54.000+0000|org.onap.aai-resources|admin portal@portal.onap.org|org.onap.appc.admin|2020-11-26 12:31:54.000+0000|org.onap.appc|admin portal@portal.onap.org|org.onap.appc.apidoc|2020-11-26 12:31:54.000+0000|org.onap.appc|apidoc portal@portal.onap.org|org.onap.appc.restconf|2020-11-26 12:31:54.000+0000|org.onap.appc|restconf @@ -194,18 +185,14 @@ op0001@people.osaaf.org|org.onap.sdc.TESTOR|2020-11-26 12:31:54.000+0000|org.ona gv0001@people.osaaf.org|org.onap.sdc.TESTOR|2020-11-26 12:31:54.000+0000|org.onap.sdc|TESTOR pm0001@people.osaaf.org|org.onap.sdc.TESTOR|2020-11-26 12:31:54.000+0000|org.onap.sdc|TESTOR ps0001@people.osaaf.org|org.onap.sdc.TESTOR|2020-11-26 12:31:54.000+0000|org.onap.sdc|TESTOR -aaf_admin@people.osaaf.org|org.onap.a1p.admin|2020-11-26 12:31:54.000+0000|org.onap.a1p|admin aaf_admin@people.osaaf.org|org.onap.aaf-sms.admin|2020-11-26 12:31:54.000+0000|org.onap.aaf-sms|admin aaf_admin@people.osaaf.org|org.onap.aai.admin|2020-11-26 12:31:54.000+0000|org.onap.aai|admin -aaf_admin@people.osaaf.org|org.onap.aai-resources.admin|2020-11-26 12:31:54.000+0000|org.onap.aai-resources|admin -aaf_admin@people.osaaf.org|org.onap.aai-traversal.admin|2020-11-26 12:31:54.000+0000|org.onap.aai-traversal|admin aaf_admin@people.osaaf.org|org.onap.appc.admin|2020-11-26 12:31:54.000+0000|org.onap.appc|admin aaf_admin@people.osaaf.org|org.onap.appc.apidoc|2020-11-26 12:31:54.000+0000|org.onap.appc|apidoc aaf_admin@people.osaaf.org|org.onap.appc.restconf|2020-11-26 12:31:54.000+0000|org.onap.appc|restconf aaf_admin@people.osaaf.org|org.onap.appc-cdt.admin|2020-11-26 12:31:54.000+0000|org.onap.appc-cdt|admin aaf_admin@people.osaaf.org|org.onap.cds.admin|2020-11-26 12:31:54.000+0000|org.onap.cds|admin aaf_admin@people.osaaf.org|org.onap.clamp.admin|2020-11-26 12:31:54.000+0000|org.onap.clamp|admin -aaf_admin@people.osaaf.org|org.onap.cli.admin|2020-11-26 12:31:54.000+0000|org.onap.cli|admin aaf_admin@people.osaaf.org|org.onap.dcae.admin|2020-11-26 12:31:54.000+0000|org.onap.dcae|admin aaf_admin@people.osaaf.org|org.onap.dmaap-bc.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap-bc|admin aaf_admin@people.osaaf.org|org.onap.dmaap-bc.api.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap-bc.api|admin @@ -258,20 +245,7 @@ aaf@aaf.osaaf.org|org.osaaf.aaf.admin|2020-11-26 12:31:54.000+0000|org.osaaf.aaf aaf@aaf.osaaf.org|org.osaaf.aaf.service|2020-11-26 12:31:54.000+0000|org.osaaf.aaf|service aaf@aaf.osaaf.org|org.osaaf.people.admin|2020-11-26 12:31:54.000+0000|org.osaaf.people|admin osaaf@aaf.osaaf.org|org.osaaf.aaf.admin|2020-11-26 12:31:54.000+0000|org.osaaf.aaf|admin -a1p@a1p.onap.org|org.onap.a1p.service|2020-11-26 12:31:54.000+0000|org.onap.a1p|service aaf-sms@aaf-sms.onap.org|org.onap.aaf-sms.service|2020-11-26 12:31:54.000+0000|org.onap.aaf-sms|service -aai@aai.onap.org|org.onap.aai.admin|2020-11-26 12:31:54.000+0000|org.onap.aai|admin -aai@aai.onap.org|org.onap.aai.resources_all|2020-11-26 12:31:54.000+0000|org.onap.aai|resources_all -aai@aai.onap.org|org.onap.aai.traversal_advanced|2020-11-26 12:31:54.000+0000|org.onap.aai|traversal_advanced -aai-resources@aai-resources.onap.org|org.onap.aai-resources.service|2020-11-26 12:31:54.000+0000|org.onap.aai-resources|service -aai-traversal@aai-traversal.onap.org|org.onap.aai-traversal.service|2020-11-26 12:31:54.000+0000|org.onap.aai-traversal|service -appc@appc.onap.org|org.onap.aai.resources_all|2020-11-26 12:31:54.000+0000|org.onap.aai|resources_all -appc@appc.onap.org|org.onap.aai.traversal_advanced|2020-11-26 12:31:54.000+0000|org.onap.aai|traversal_advanced -appc@appc.onap.org|org.onap.appc.admin|2020-11-26 12:31:54.000+0000|org.onap.appc|admin -appc@appc.onap.org|org.onap.appc.odl|2020-11-26 12:31:54.000+0000|org.onap.appc|odl -appc@appc.onap.org|org.onap.appc.service|2020-11-26 12:31:54.000+0000|org.onap.appc|service -appc-cdt@appc-cdt.onap.org|org.onap.appc-cdt.service|2020-11-26 12:31:54.000+0000|org.onap.appc-cdt|service -cli@cli.onap.org|org.onap.cli.service|2020-11-26 12:31:54.000+0000|org.onap.cli|service clamp@clampdemo.onap.org|org.onap.clampdemo.owner|2020-11-26 12:31:54.000+0000|org.onap.clampdemo|owner clamp@clampdemo.onap.org|org.onap.clampdemo.service|2020-11-26 12:31:54.000+0000|org.onap.clampdemo|admin clamp@clamp.onap.org|org.onap.clamp.clds.admin.dev|2020-11-26 12:31:54.000+0000|org.onap.clamp|clds.admin.dev @@ -288,6 +262,15 @@ clamp@clamp.onap.org|org.onap.dmaap.mr.dgl000.subscriber|2020-11-26 12:31:54.000 clamp@clamp.osaaf.org|org.onap.clamp.service|2020-11-26 12:31:54.000+0000|org.onap.clamp|service clamp@clamptest.onap.org|org.onap.clamptest.owner|2020-11-26 12:31:54.000+0000|org.onap.clamptest|owner clamp@clamptest.onap.org|org.onap.clamptest.service|2020-11-26 12:31:54.000+0000|org.onap.clamptest|admin +aai@aai.onap.org|org.onap.aai.admin|2020-11-26 12:31:54.000+0000|org.onap.aai|admin +aai@aai.onap.org|org.onap.aai.resources_all|2020-11-26 12:31:54.000+0000|org.onap.aai|resources_all +aai@aai.onap.org|org.onap.aai.traversal_advanced|2020-11-26 12:31:54.000+0000|org.onap.aai|traversal_advanced +appc@appc.onap.org|org.onap.aai.resources_all|2020-11-26 12:31:54.000+0000|org.onap.aai|resources_all +appc@appc.onap.org|org.onap.aai.traversal_advanced|2020-11-26 12:31:54.000+0000|org.onap.aai|traversal_advanced +appc@appc.onap.org|org.onap.appc.admin|2020-11-26 12:31:54.000+0000|org.onap.appc|admin +appc@appc.onap.org|org.onap.appc.odl|2020-11-26 12:31:54.000+0000|org.onap.appc|odl +appc@appc.onap.org|org.onap.appc.service|2020-11-26 12:31:54.000+0000|org.onap.appc|service +appc-cdt@appc-cdt.onap.org|org.onap.appc-cdt.service|2020-11-26 12:31:54.000+0000|org.onap.appc-cdt|service dcae@dcae.onap.org|org.onap.aai.resources_all|2020-11-26 12:31:54.000+0000|org.onap.aai|resources_all dcae@dcae.onap.org|org.onap.aai.traversal_advanced|2020-11-26 12:31:54.000+0000|org.onap.aai|traversal_advanced dcae@dcae.onap.org|org.onap.dcae.pmPublisher|2020-11-26 12:31:54.000+0000|org.onap.dcae|pmPublisher diff --git a/kubernetes/aaf/resources/data/identities.dat b/kubernetes/aaf/resources/data/identities.dat index 1b3f15d1a2..2ddc273aa3 100644 --- a/kubernetes/aaf/resources/data/identities.dat +++ b/kubernetes/aaf/resources/data/identities.dat @@ -48,16 +48,12 @@ deployer|Deployer|Deployer|Depoyer|314-123-1234|deployer@people.osaaf.com|e|aaf_ portal_admin|Portal Admin|Portal|Admin|314-123-1234|portal_admin@people.osaaf.com|e|mmanager # ONAP App IDs -a1p|A1 Policy Mangement|A1P|Application|314-123-1234|no_reply@people.osaaf.com|a|aaf_admin aaf|AAF Application|AAF|Application|314-123-1234|no_reply@people.osaaf.com|a|aaf_admin aaf-sms|AAF SMS Application|AAF SMS|Application|314-123-1234|no_reply@people.osaaf.com|a|aaf_admin clamp|ONAP CLAMP Application|CLAMP|Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager aai|ONAP AAI Application|AAI|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager -aai-resources|ONAP AAI Resources Application|AAI Resources|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager -aai-traversal|ONAP AAI Traversal Application|AAI Resources|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager appc|ONAP APPC Application|APPC|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager appc-cdt|ONAP APPC CDT Application|APPC|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager -cli|ONAP CLI Application|SDNC-CDS|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager dcae|ONAP DCAE Application|CLAMP|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager oof|ONAP OOF Application|OOF|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager so|ONAP SO Application|SO|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager diff --git a/kubernetes/cps/.helmignore b/kubernetes/aai/components/aai-data-router/.helmignore similarity index 94% rename from kubernetes/cps/.helmignore rename to kubernetes/aai/components/aai-data-router/.helmignore index 80b47d2723..daebc7da77 100644 --- a/kubernetes/cps/.helmignore +++ b/kubernetes/aai/components/aai-data-router/.helmignore @@ -1,22 +1,21 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -components/ \ No newline at end of file +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/kubernetes/cps/Chart.yaml b/kubernetes/aai/components/aai-data-router/Chart.yaml similarity index 85% rename from kubernetes/cps/Chart.yaml rename to kubernetes/aai/components/aai-data-router/Chart.yaml index c723baecc6..70f75f6dd5 100644 --- a/kubernetes/cps/Chart.yaml +++ b/kubernetes/aai/components/aai-data-router/Chart.yaml @@ -1,4 +1,4 @@ -# Copyright (C) 2021 Pantheon.tech +# Copyright © 2018 Amdocs, Bell Canada, AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,6 +13,6 @@ # limitations under the License. apiVersion: v1 -description: Configuration Persistance Service (CPS) -name: cps +description: ONAP AAI Data-Router +name: aai-data-router version: 7.0.0 diff --git a/kubernetes/cps/requirements.yaml b/kubernetes/aai/components/aai-data-router/requirements.yaml similarity index 69% rename from kubernetes/cps/requirements.yaml rename to kubernetes/aai/components/aai-data-router/requirements.yaml index ce06a4df3b..42641a2e5c 100644 --- a/kubernetes/cps/requirements.yaml +++ b/kubernetes/aai/components/aai-data-router/requirements.yaml @@ -1,4 +1,6 @@ -# Copyright (C) 2021 Pantheon.tech, Orange +# Copyright © 2018 Amdocs, AT&T +# Modifications Copyright © 2018 Bell Canada +# Modifications Copyright © 2020 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,16 +17,10 @@ dependencies: - name: common version: ~7.x-0 - repository: '@local' - - name: postgres - version: ~7.x-0 - repository: '@local' - - name: readinessCheck - version: ~7.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) repository: '@local' - name: repositoryGenerator - version: ~7.x-0 - repository: '@local' - - name: serviceAccount version: ~7.x-0 repository: '@local' \ No newline at end of file diff --git a/kubernetes/aai/components/aai-data-router/resources/config/auth/client-cert-onap.p12 b/kubernetes/aai/components/aai-data-router/resources/config/auth/client-cert-onap.p12 new file mode 100644 index 0000000000..dbf4fcacec Binary files /dev/null and b/kubernetes/aai/components/aai-data-router/resources/config/auth/client-cert-onap.p12 differ diff --git a/kubernetes/aai/components/aai-data-router/resources/config/auth/data-router_policy.json b/kubernetes/aai/components/aai-data-router/resources/config/auth/data-router_policy.json new file mode 100644 index 0000000000..c03870e288 --- /dev/null +++ b/kubernetes/aai/components/aai-data-router/resources/config/auth/data-router_policy.json @@ -0,0 +1,18 @@ +{ + "roles": [ + { + "name": "admin", + "functions": [ + { + "name": "search", "methods": [ { "name": "GET" },{ "name": "DELETE" }, { "name": "PUT" }, { "name": "POST" } ] + } + ], + + "users": [ + { + "username": "CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA" + } + ] + } + ] +} diff --git a/kubernetes/aai/components/aai-data-router/resources/config/auth/tomcat_keystore b/kubernetes/aai/components/aai-data-router/resources/config/auth/tomcat_keystore new file mode 100644 index 0000000000..7a7738602d Binary files /dev/null and b/kubernetes/aai/components/aai-data-router/resources/config/auth/tomcat_keystore differ diff --git a/kubernetes/aai/components/aai-data-router/resources/config/data-router.properties b/kubernetes/aai/components/aai-data-router/resources/config/data-router.properties new file mode 100644 index 0000000000..e69de29bb2 diff --git a/kubernetes/aai/components/aai-data-router/resources/config/log/logback.xml b/kubernetes/aai/components/aai-data-router/resources/config/log/logback.xml new file mode 100644 index 0000000000..d7ff0143a1 --- /dev/null +++ b/kubernetes/aai/components/aai-data-router/resources/config/log/logback.xml @@ -0,0 +1,193 @@ + + + + + + + + + + + + + + + + + + + + + + + + + ${errorLogPattern} + + + + + + + + + + + ${logDirectory}/${generalLogName}.log + + ${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.log.zip + + 60 + + + ${errorLogPattern} + + + + + + INFO + + 256 + + + + + + + ${logDirectory}/${auditLogName}.log + + ${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.log.zip + + 60 + + + ${auditMetricPattern} + + + + 256 + + + + + ${logDirectory}/${metricsLogName}.log + + ${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.log.zip + + 60 + + + + ${auditMetricPattern} + + + + + 256 + + + + + ${logDirectory}/${debugLogName}.log + + ${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.log.zip + + 60 + + + ${errorLogPattern} + + + + + 256 + + false + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/kubernetes/aai/components/aai-data-router/resources/config/schemaIngest.properties b/kubernetes/aai/components/aai-data-router/resources/config/schemaIngest.properties new file mode 100644 index 0000000000..33f79fb810 --- /dev/null +++ b/kubernetes/aai/components/aai-data-router/resources/config/schemaIngest.properties @@ -0,0 +1,67 @@ +{{/* +# +# ============LICENSE_START======================================================= +# org.onap.aai +# ================================================================================ +# Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. +# Copyright © 2017-2018 Amdocs +# Modifications Copyright © 2018 Bell Canada +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +# + + +# Properties for the SchemaLocationsBean +# Files named aai_oxm_v*.xml are unpacked here: +*/}} +nodeDir=/opt/app/data-router/onap/oxm +# Dummy folder/directory: +edgeDir= + +# Properties required by the aai-common - aai-schema-ingest lib as of 1.3.0 +schema.configuration.location=N/A +schema.nodes.location=/opt/app/data-router/onap/oxm/ +schema.edges.location= +# These versions need to exist if they are included in the list +schema.version.list={{ .Values.config.schemaVersionList }} +# Decalares the oxm version to load +schema.version.api.default={{ .Values.config.schemaApiDefault }} + +# Don't use these properties in our application, need to be set to prevent an exception on startup (see SchemaVersions bean) +schema.version.depth.start={{.Values.global.config.schema.version.depth}} +schema.version.related.link.start={{.Values.global.config.schema.version.related.link}} +schema.version.app.root.start={{.Values.global.config.schema.version.app.root}} +schema.version.namespace.change.start={{.Values.global.config.schema.version.namespace.change}} +schema.version.edge.label.start={{.Values.global.config.schema.version.edge.label}} + +#This property is used to enable or disable schema service, possible values are: schema-service or config +schema.translator.list={{.Values.config.schemaTranslatorList}} + +#These properties are needed when schema service is enabled +schema.service.base.url=https://aai-schema-service:8452/aai/schema-service/v1/ +schema.service.nodes.endpoint=nodes?version= +schema.service.edges.endpoint=edgerules?version= +schema.service.versions.endpoint=versions +schema.local=true +schema.filename=mockrequests +#Default rest client is the two-way-ssl +#schema.service.client=two-way-ssl +#Replace the below with the A&AI client key store +schema.service.ssl.key-store=${CONFIG_HOME}/auth/{{.Values.global.config.keystore.filename}} +#Replace the below with the A&AI tomcat trust store +schema.service.ssl.trust-store=${CONFIG_HOME}/auth/{{.Values.global.config.truststore.filename}} +schema.service.ssl.key-store-password={{.Values.global.config.keystore.passwd}} +schema.service.ssl.trust-store-password={{.Values.global.config.truststore.passwd}} + +spring.application.name=datarouter diff --git a/kubernetes/aai/components/aai-data-router/resources/dynamic/conf/data-router-oxm.xml b/kubernetes/aai/components/aai-data-router/resources/dynamic/conf/data-router-oxm.xml new file mode 100644 index 0000000000..2e3361d164 --- /dev/null +++ b/kubernetes/aai/components/aai-data-router/resources/dynamic/conf/data-router-oxm.xml @@ -0,0 +1,17 @@ + + + + + + + + + + diff --git a/kubernetes/aai/components/aai-data-router/resources/dynamic/conf/entity-event-policy.xml b/kubernetes/aai/components/aai-data-router/resources/dynamic/conf/entity-event-policy.xml new file mode 100644 index 0000000000..039738a50d --- /dev/null +++ b/kubernetes/aai/components/aai-data-router/resources/dynamic/conf/entity-event-policy.xml @@ -0,0 +1,57 @@ +{{/* + +*/}} + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/kubernetes/aai/components/aai-data-router/resources/dynamic/routes/entity-event.route b/kubernetes/aai/components/aai-data-router/resources/dynamic/routes/entity-event.route new file mode 100644 index 0000000000..14db6d6596 --- /dev/null +++ b/kubernetes/aai/components/aai-data-router/resources/dynamic/routes/entity-event.route @@ -0,0 +1,4 @@ + + + + \ No newline at end of file diff --git a/kubernetes/aai/components/aai-data-router/templates/configmap.yaml b/kubernetes/aai/components/aai-data-router/templates/configmap.yaml new file mode 100644 index 0000000000..e6b31fcf97 --- /dev/null +++ b/kubernetes/aai/components/aai-data-router/templates/configmap.yaml @@ -0,0 +1,70 @@ +{{/* +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-prop + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-dynamic + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/dynamic/routes/entity-event.route").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/dynamic/conf/data-router-oxm.xml").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/dynamic/conf/entity-event-policy.xml").AsConfig . | indent 2 }} + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-log-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/log/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-filebeat-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/log/filebeat/*").AsConfig . | indent 2 }} diff --git a/kubernetes/aai/components/aai-data-router/templates/deployment.yaml b/kubernetes/aai/components/aai-data-router/templates/deployment.yaml new file mode 100644 index 0000000000..55cf572b36 --- /dev/null +++ b/kubernetes/aai/components/aai-data-router/templates/deployment.yaml @@ -0,0 +1,191 @@ +{{/* +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# Modifications Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ include "common.name" . }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} + name: {{ include "common.name" . }} + spec: + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + initContainers: + - command: + - /bin/sh + - -c + - | + mkdir -p /logroot/data-router/logs + chmod -R 777 /logroot/data-router/logs + chown -R root:root /logroot + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + securityContext: + privileged: true + image: {{ include "repositoryGenerator.image.busybox" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: init-sysctl + volumeMounts: + - name: {{ include "common.fullname" . }}-logs + mountPath: /logroot/ + containers: + - name: {{ include "common.name" . }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: SERVICE_BEANS + value: /opt/app/data-router/dynamic/conf + - name: CONFIG_HOME + value: /opt/app/data-router/config/ + - name: KEY_STORE_PASSWORD + value: {{ .Values.config.keyStorePassword }} + - name: DYNAMIC_ROUTES + value: /opt/app/data-router/dynamic/routes + - name: KEY_MANAGER_PASSWORD + value: {{ .Values.config.keyManagerPassword }} + - name: PATH + value: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + - name: JAVA_HOME + value: usr/lib/jvm/java-8-openjdk-amd64 + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/data-router/config/auth + name: {{ include "common.fullname" . }}-auth + - mountPath: /opt/app/data-router/config/data-router.properties + subPath: data-router.properties + name: {{ include "common.fullname" . }}-properties + - mountPath: /opt/app/data-router/config/schemaIngest.properties + subPath: schemaIngest.properties + name: {{ include "common.fullname" . }}-properties + - mountPath: /opt/app/data-router/dynamic/routes/entity-event.route + subPath: entity-event.route + name: {{ include "common.fullname" . }}-dynamic-route + - mountPath: /opt/app/data-router/dynamic/conf/entity-event-policy.xml + subPath: entity-event-policy.xml + name: {{ include "common.fullname" . }}-dynamic-policy + - mountPath: /opt/app/data-router/dynamic/conf/data-router-oxm.xml + subPath: data-router-oxm.xml + name: {{ include "common.fullname" . }}-dynamic-oxm + - mountPath: /opt/app/data-router/bundleconfig/etc/logback.xml + name: {{ include "common.fullname" . }}-logback-config + subPath: logback.xml + - mountPath: /var/log/onap + name: {{ include "common.fullname" . }}-logs + - mountPath: /logs + name: {{ include "common.fullname" . }}-logs + + ports: + - containerPort: {{ .Values.service.internalPort }} + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + resources: +{{ include "common.resources" . }} + + # side car containers + - name: filebeat-onap + image: {{ include "repositoryGenerator.image.logging" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: /usr/share/filebeat/filebeat.yml + subPath: filebeat.yml + name: filebeat-conf + - mountPath: /var/log/onap + name: {{ include "common.fullname" . }}-logs + - mountPath: /logs + name: {{ include "common.fullname" . }}-logs + - mountPath: /usr/share/filebeat/data + name: aai-filebeat + resources: +{{ include "common.resources" . }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: filebeat-conf + configMap: + name: aai-filebeat + - name: aai-filebeat + emptyDir: {} + - name: {{ include "common.fullname" . }}-auth + secret: + secretName: {{ include "common.fullname" . }} + - name: {{ include "common.fullname" . }}-properties + configMap: + name: {{ include "common.fullname" . }}-prop + items: + - key: data-router.properties + path: data-router.properties + - key: schemaIngest.properties + path: schemaIngest.properties + - name: {{ include "common.fullname" . }}-dynamic-route + configMap: + name: {{ include "common.fullname" . }}-dynamic + - name: {{ include "common.fullname" . }}-dynamic-policy + configMap: + name: {{ include "common.fullname" . }}-dynamic + - name: {{ include "common.fullname" . }}-dynamic-oxm + configMap: + name: {{ include "common.fullname" . }}-dynamic + - name: {{ include "common.fullname" . }}-logs + emptyDir: {} + - name: {{ include "common.fullname" . }}-logback-config + configMap: + name: {{ include "common.fullname" . }}-log-configmap + items: + - key: logback.xml + path: logback.xml + restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aai/components/aai-traversal/templates/secret.yaml b/kubernetes/aai/components/aai-data-router/templates/secret.yaml similarity index 85% rename from kubernetes/aai/components/aai-traversal/templates/secret.yaml rename to kubernetes/aai/components/aai-data-router/templates/secret.yaml index 8e022fe6b0..d6013c832e 100644 --- a/kubernetes/aai/components/aai-traversal/templates/secret.yaml +++ b/kubernetes/aai/components/aai-data-router/templates/secret.yaml @@ -1,6 +1,5 @@ {{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T -# Copyright © 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,7 +17,7 @@ apiVersion: v1 kind: Secret metadata: - name: {{ include "common.fullname" . }}-aaf + name: {{ include "common.fullname" . }} namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} @@ -27,4 +26,4 @@ metadata: heritage: {{ .Release.Service }} type: Opaque data: -{{ tpl (.Files.Glob "resources/config/aaf/bath_config.csv").AsSecrets . | indent 2 }} \ No newline at end of file +{{ tpl (.Files.Glob "resources/config/auth/*").AsSecrets . | indent 2 }} diff --git a/kubernetes/aai/components/aai-data-router/values.yaml b/kubernetes/aai/components/aai-data-router/values.yaml new file mode 100644 index 0000000000..68e2d32ebf --- /dev/null +++ b/kubernetes/aai/components/aai-data-router/values.yaml @@ -0,0 +1,138 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# Modifications Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Default values for data-router. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +global: # global defaults + nodePortPrefix: 302 + config: + schema: + version: + # Specifies which version the depth parameter is configurable + depth: v11 + # Specifies from which version related link should appear + related: + link: v11 + # Specifies from which version the app root change happened + app: + root: v11 + # Specifies from which version the xml namespace changed + namespace: + change: v12 + # Specifies from which version the edge label appeared in API + edge: + label: v12 + # Keystore configuration password and filename + keystore: + filename: aai_keystore + passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 + + # Truststore configuration password and filename + truststore: + filename: aai_keystore + passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 + + searchData: + serviceName: aai-search-data + +# application image +image: onap/data-router:1.7.0 +pullPolicy: Always +restartPolicy: Always +flavor: small +flavorOverride: small + +# application configuration +config: + keyStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 + keyManagerPassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 + schemaTranslatorList: config + schemaVersionList: "v11,v12,v13,v14,v15,v16,v17,v18,v19" + schemaApiDefault: "v19" + + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 300 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 120 + periodSeconds: 10 + +service: + name: aai-data-router + internalPort: 9502 + +ingress: + enabled: false + +persistence: + enabled: true + + ## A manually managed Persistent Volume and Claim + ## Requires persistence.enabled: true + ## If defined, PVC must be created manually before volume will be bound + # existingClaim: + volumeReclaimPolicy: Retain + + ## database data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + ## storageClass: "-" + accessMode: ReadWriteMany + size: 2Gi + mountPath: /dockerdata-nfs + mountSubPath: aai/data-router/logs + +resources: + small: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 0.25 + memory: 750Mi + large: + limits: + cpu: 4 + memory: 8Gi + requests: + cpu: 0.5 + memory: 1536Mi + unlimited: {} + +# Entity Event route configuration +event: + port: + dmaap: 3905 + protocol: https + consumer: + topic: AAI-EVENT diff --git a/kubernetes/aai/components/aai-elasticsearch/.helmignore b/kubernetes/aai/components/aai-elasticsearch/.helmignore new file mode 100644 index 0000000000..daebc7da77 --- /dev/null +++ b/kubernetes/aai/components/aai-elasticsearch/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/kubernetes/cps/templates/ingress.yaml b/kubernetes/aai/components/aai-elasticsearch/Chart.yaml similarity index 80% rename from kubernetes/cps/templates/ingress.yaml rename to kubernetes/aai/components/aai-elasticsearch/Chart.yaml index 16f9440aba..93c6b255a7 100644 --- a/kubernetes/cps/templates/ingress.yaml +++ b/kubernetes/aai/components/aai-elasticsearch/Chart.yaml @@ -1,5 +1,4 @@ -{{/* -# Copyright (C) 2021 Pantheon.tech +# Copyright © 2018 Amdocs, Bell Canada, AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,6 +11,8 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -*/}} -{{ include "common.ingress" . }} +apiVersion: v1 +description: ONAP AAI elasticsearch +name: aai-elasticsearch +version: 7.0.0 diff --git a/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/requirements.yaml b/kubernetes/aai/components/aai-elasticsearch/requirements.yaml similarity index 58% rename from kubernetes/dcaegen2/components/dcae-ves-openapi-manager/requirements.yaml rename to kubernetes/aai/components/aai-elasticsearch/requirements.yaml index 628b6d54cd..42641a2e5c 100644 --- a/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/requirements.yaml +++ b/kubernetes/aai/components/aai-elasticsearch/requirements.yaml @@ -1,26 +1,26 @@ -#============LICENSE_START======================================================== -# Copyright (c) 2021 Nokia. All rights reserved. -# ================================================================================ +# Copyright © 2018 Amdocs, AT&T +# Modifications Copyright © 2018 Bell Canada +# Modifications Copyright © 2020 Orange +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -# ============LICENSE_END========================================================= dependencies: - name: common version: ~7.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) repository: '@local' - name: repositoryGenerator version: ~7.x-0 - repository: '@local' - - name: readinessCheck - version: ~7.x-0 - repository: '@local' + repository: '@local' \ No newline at end of file diff --git a/kubernetes/aai/components/aai-elasticsearch/resources/config/elasticsearch.yml b/kubernetes/aai/components/aai-elasticsearch/resources/config/elasticsearch.yml new file mode 100644 index 0000000000..1cbe3c4a69 --- /dev/null +++ b/kubernetes/aai/components/aai-elasticsearch/resources/config/elasticsearch.yml @@ -0,0 +1,390 @@ +{{/* +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +##################### Elasticsearch Configuration Example ##################### + +# This file contains an overview of various configuration settings, +# targeted at operations staff. Application developers should +# consult the guide at . +# +# The installation procedure is covered at +# . +# +# Elasticsearch comes with reasonable defaults for most settings, +# so you can try it out without bothering with configuration. +# +# Most of the time, these defaults are just fine for running a production +# cluster. If you're fine-tuning your cluster, or wondering about the +# effect of certain configuration option, please _do ask_ on the +# mailing list or IRC channel [http://elasticsearch.org/community]. + +# Any element in the configuration can be replaced with environment variables +# by placing them in ${...} notation. For example: +# +# node.rack: ${RACK_ENV_VAR} + +# For information on supported formats and syntax for the config file, see +# +################################### Cluster ################################### + +# Cluster name identifies your cluster for auto-discovery. If you're running +# multiple clusters on the same network, make sure you're using unique names. +# +# cluster.name: elasticsearch +*/}} +cluster.name: ES_AAI + +#################################### Node ##################################### + +node.name: ES_ONAP +node.master: true +node.data: true + +{{/* +# Use the Cluster Health API [http://localhost:9200/_cluster/health], the +# Node Info API [http://localhost:9200/_nodes] or GUI tools +# such as , +# , +# and +# to inspect the cluster state. + +# By default, multiple nodes are allowed to start from the same installation location +# to disable it, set the following: +*/}} +node.max_local_storage_nodes: 1 + +{{/* +#################################### Index #################################### +# You can set a number of options (such as shard/replica options, mapping +# or analyzer definitions, translog settings, ...) for indices globally, +# in this file. +# +# Note, that it makes more sense to configure index settings specifically for +# a certain index, either when creating it or by using the index templates API. +# +# See and +# +# for more information. + +# Set the number of shards (splits) of an index (5 by default): + +#index.number_of_shards: 5 + +# Set the number of replicas (additional copies) of an index (1 by default): + +#index.number_of_replicas: 1 + +# These settings directly affect the performance of index and search operations +# in your cluster. Assuming you have enough machines to hold shards and +# replicas, the rule of thumb is: +# +# 1. Having more *shards* enhances the _indexing_ performance and allows to +# _distribute_ a big index across machines. +# 2. Having more *replicas* enhances the _search_ performance and improves the +# cluster _availability_. +# +# The "number_of_shards" is a one-time setting for an index. +# +# The "number_of_replicas" can be increased or decreased anytime, +# by using the Index Update Settings API. +# +# Elasticsearch takes care about load balancing, relocating, gathering the +# results from nodes, etc. Experiment with different settings to fine-tune +# your setup. + +# Use the Index Status API () to inspect +# the index status. + + +#################################### Paths #################################### + +# Path to directory containing configuration (this file and logging.yml): +#path.conf: /opt/app/elasticsearch/config + +# Path to directory where to store index data allocated for this node. +# Use swm auto link to redirect the data directory if necessary. +*/}} +path.data: /usr/share/elasticsearch/data + +# path.data: /path/to/data1,/path/to/data2 + +# path.work: /path/to/work + +path.logs: /usr/share/elasticsearch/logs + +#path.plugins: /opt/app/elasticsearch/plugins + +{{/* +#################################### Plugin ################################### + +# If a plugin listed here is not installed for current node, the node will not start. +# +# plugin.mandatory: mapper-attachments,lang-groovy + + +################################### Memory #################################### + +# Elasticsearch performs poorly when JVM starts swapping: you should ensure that +# it _never_ swaps. +# +# Set this property to true to lock the memory: default is true + +#bootstrap.memory_lock: true + +# Make sure that the ES_MIN_MEM and ES_MAX_MEM environment variables are set +# to the same value, and that the machine has enough memory to allocate +# for Elasticsearch, leaving enough memory for the operating system itself. +# +# You should also make sure that the Elasticsearch process is allowed to lock +# the memory, eg. by using `ulimit -l unlimited`. + +### Kernel Settings + +# Elasticsearch installs system call filters of various flavors depending on the +# operating system (e.g., seccomp on Linux). These system call filters are +# installed to prevent the ability to execute system calls related to forking +# as a defense mechanism against arbitrary code execution attacks on +# Elasticsearch The system call filter check ensures that if system call +# filters are enabled, then they were successfully installed. To pass the system +# call filter check you must either fix any configuration errors on your system +# that prevented system call filters from installing (check your logs), or at +# your own risk disable system call filters by setting +# bootstrap.system_call_filter to false. +# See: https://www.elastic.co/guide/en/elasticsearch/reference/current/system-call-filter-check.html +# +# seccomp is found in Linux kernels: 2.6.37�2.6.39, 3.0�3.19, 4.0�4.9, +# 4.10-rc+HEAD +# +# The default setting is to disable the filters assuming an older kernel +# version where seccomp is not available. +# See: https://discuss.elastic.co/t/elasticsearch-warn-unable-to-install-syscall-filter/42819 +*/}} +bootstrap.system_call_filter: false + +{{/* +############################## Network And HTTP ############################### +# Elasticsearch, by default, binds itself to the 0.0.0.0 address, and listens +# on port [9200-9300] for HTTP traffic and on port [9300-9400] for node-to-node +# communication. (the range means that if the port is busy, it will automatically +# try the next port). + +# Set the bind address specifically (IPv4 or IPv6): +*/}} +network.bind_host: 0.0.0.0 + +{{/* +# Set the address other nodes will use to communicate with this node. If not +# set, it is automatically derived. It must point to an actual IP address. + +# network.publish_host: 0.0.0.0 + +# Set both 'bind_host' and 'publish_host': +# network.host: 192.168.0.1 + + +# Set a custom port for the node to node communication (9300 by default): +*/}} +transport.tcp.port: {{ .Values.service.internalPort2 }} + +# Enable compression for all communication between nodes (disabled by default): +transport.tcp.compress: false + +# Set a custom port to listen for HTTP traffic: +# http.port: 9200 +http.port: {{ .Values.service.internalPort }} + +# Set a custom allowed content length: +# http.max_content_length: 100mb +http.max_content_length: 100mb + +# Disable HTTP completely: +# http.enabled: false +http.enabled: true + +# This is specifically useful for permitting which front end Kibana Url's are permitted to access elastic search. +http.cors.enabled: false +http.cors.allow-origin: "/.*/" +http.cors.allow-headers: X-Requested-With, Content-Type, Content-Length +http.cors.allow-credentials: false +{{/* +################################### Gateway ################################### + +# The gateway allows for persisting the cluster state between full cluster +# restarts. Every change to the state (such as adding an index) will be stored +# in the gateway, and when the cluster starts up for the first time, +# it will read its state from the gateway. +# There are several types of gateway implementations. For more information, see +# . + +# The default gateway type is the "local" gateway (recommended): +# +#gateway.type: local +#gateway.type: local + +# Settings below control how and when to start the initial recovery process on +# a full cluster restart (to reuse as much local data as possible when using shared +# gateway). + +# Allow recovery process after N nodes in a cluster are up: +# +# gateway.recover_after_nodes: 1 +*/}} +gateway.recover_after_nodes: 1 + +# Set the timeout to initiate the recovery process, once the N nodes +# from previous setting are up (accepts time value): +# +#gateway.recover_after_time: 5m +gateway.recover_after_time: 5m + +# Set how many nodes are expected in this cluster. Once these N nodes +# are up (and recover_after_nodes is met), begin recovery process immediately +# (without waiting for recover_after_time to expire): +# +# gateway.expected_nodes: 2 +gateway.expected_nodes: 2 + +{{/* +############################# Recovery Throttling ############################# + +# These settings allow to control the process of shards allocation between +# nodes during initial recovery, replica allocation, rebalancing, +# or when adding and removing nodes. + +# Set the number of concurrent recoveries happening on a node: +# +# 1. During the initial recovery +# +# cluster.routing.allocation.node_initial_primaries_recoveries: 4 +# +# 2. During adding/removing nodes, rebalancing, etc +# +# cluster.routing.allocation.node_concurrent_recoveries: 2 + +# Set to throttle throughput when recovering (eg. 100mb, by default 20mb): +# indices.recovery.max_bytes_per_sec: 20mb +*/}} +indices.recovery.max_bytes_per_sec: 20mb + +{{/* +# Set to limit the number of open concurrent streams when +# recovering a shard from a peer: +# +# indices.recovery.concurrent_streams: 5 +#indices.recovery.concurrent_streams: 5 + +################################## Discovery ################################## + +# Discovery infrastructure ensures nodes can be found within a cluster +# and master node is elected. Multicast discovery is the default. + +# Set to ensure a node sees N other master eligible nodes to be considered +# operational within the cluster. Its recommended to set it to a higher value +# than 1 when running more than 2 nodes in the cluster. +# +*/}} +discovery.zen.minimum_master_nodes: 1 + +{{/* +# Set the time to wait for ping responses from other nodes when discovering. +# Set this option to a higher value on a slow or congested network +# to minimize discovery failures: +# +# discovery.zen.ping_timeout: 3s +*/}} +discovery.zen.ping_timeout: 3s + +{{/* +# For more information, see +# + +# Unicast discovery allows to explicitly control which nodes will be used +# to discover the cluster. It can be used when multicast is not present, +# or to restrict the cluster communication-wise. +# +# 1. Disable multicast discovery (enabled by default): +# discovery.zen.ping.multicast.enabled: false +#discovery.zen.ping.multicast.enabled: false + + +# 2. Configure an initial list of master nodes in the cluster +# to perform discovery when new nodes (master or data) are started: +# +# discovery.zen.ping.unicast.hosts: ["host1", "host2:port"] + +*/}} +discovery.zen.ping.unicast.hosts: ["0.0.0.0"] + +{{/* +# EC2 discovery allows to use AWS EC2 API in order to perform discovery. +# +# You have to install the cloud-aws plugin for enabling the EC2 discovery. +# +# For more information, see +# +# +# +# See +# for a step-by-step tutorial. + +# GCE discovery allows to use Google Compute Engine API in order to perform discovery. +# +# You have to install the cloud-gce plugin for enabling the GCE discovery. +# +# For more information, see . + +# Azure discovery allows to use Azure API in order to perform discovery. +# +# You have to install the cloud-azure plugin for enabling the Azure discovery. +# +# For more information, see . + +################################## Slow Log ################################## + +# Shard level query and fetch threshold logging. + +#index.search.slowlog.threshold.query.warn: 10s +#index.search.slowlog.threshold.query.info: 5s +#index.search.slowlog.threshold.query.debug: 2s +#index.search.slowlog.threshold.query.trace: 500ms + +#index.search.slowlog.threshold.fetch.warn: 1s +#index.search.slowlog.threshold.fetch.info: 800ms +#index.search.slowlog.threshold.fetch.debug: 500ms +#index.search.slowlog.threshold.fetch.trace: 200ms + +#index.indexing.slowlog.threshold.index.warn: 10s +#index.indexing.slowlog.threshold.index.info: 5s +#index.indexing.slowlog.threshold.index.debug: 2s +#index.indexing.slowlog.threshold.index.trace: 500ms + +################################## GC Logging ################################ + +#monitor.jvm.gc.young.warn: 1000ms +#monitor.jvm.gc.young.info: 700ms +#monitor.jvm.gc.young.debug: 400ms + +#monitor.jvm.gc.old.warn: 10s +#monitor.jvm.gc.old.info: 5s +#monitor.jvm.gc.old.debug: 2s + + +# x-pack security conflicts with searchguard +*/}} +xpack.security.enabled: false +xpack.ml.enabled: false +xpack.monitoring.enabled: false +xpack.watcher.enabled: false diff --git a/kubernetes/aai/components/aai-elasticsearch/resources/config/jvm.options b/kubernetes/aai/components/aai-elasticsearch/resources/config/jvm.options new file mode 100644 index 0000000000..db4d2f0779 --- /dev/null +++ b/kubernetes/aai/components/aai-elasticsearch/resources/config/jvm.options @@ -0,0 +1,122 @@ +{{/* +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +## JVM configuration + +################################################################ +## IMPORTANT: JVM heap size +################################################################ +## +## You should always set the min and max JVM heap +## size to the same value. For example, to set +## the heap to 4 GB, set: +## +## -Xms4g +## -Xmx4g +## +## See https://www.elastic.co/guide/en/elasticsearch/reference/current/heap-size.html +## for more information +## +################################################################ + +# Xms represents the initial size of total heap space +# Xmx represents the maximum size of total heap space +*/}} +-Xms1g +-Xmx1g + +{{/* +################################################################ +## Expert settings +################################################################ +## +## All settings below this section are considered +## expert settings. Don't tamper with them unless +## you understand what you are doing +## +################################################################ + +## GC configuration +*/}} +-XX:+UseConcMarkSweepGC +-XX:CMSInitiatingOccupancyFraction=75 +-XX:+UseCMSInitiatingOccupancyOnly + +## optimizations + +# pre-touch memory pages used by the JVM during initialization +-XX:+AlwaysPreTouch + +## basic + +# force the server VM +-server + +# explicitly set the stack size +-Xss1m + +# set to headless, just in case +-Djava.awt.headless=true + +# ensure UTF-8 encoding by default (e.g. filenames) +-Dfile.encoding=UTF-8 + +# use our provided JNA always versus the system one +-Djna.nosys=true + +# turn off a JDK optimization that throws away stack traces for common +# exceptions because stack traces are important for debugging +-XX:-OmitStackTraceInFastThrow + +# flags to configure Netty +-Dio.netty.noUnsafe=true +-Dio.netty.noKeySetOptimization=true +-Dio.netty.recycler.maxCapacityPerThread=0 + +# log4j 2 +-Dlog4j.shutdownHookEnabled=false +-Dlog4j2.disable.jmx=true + +## heap dumps + +# generate a heap dump when an allocation from the Java heap fails +# heap dumps are created in the working directory of the JVM +-XX:+HeapDumpOnOutOfMemoryError + +{{/* +# specify an alternative path for heap dumps +# ensure the directory exists and has sufficient space +#-XX:HeapDumpPath=/heap/dump/path + +## GC logging + +#-XX:+PrintGCDetails +#-XX:+PrintGCTimeStamps +#-XX:+PrintGCDateStamps +#-XX:+PrintClassHistogram +#-XX:+PrintTenuringDistribution +#-XX:+PrintGCApplicationStoppedTime + +# log GC status to a file with time stamps +# ensure the directory exists +#-Xloggc:${loggc} + +# By default, the GC log file will not rotate. +# By uncommenting the lines below, the GC log file +# will be rotated every 128MB at most 32 times. +#-XX:+UseGCLogFileRotation +#-XX:NumberOfGCLogFiles=32 +#-XX:GCLogFileSize=128M +*/}} \ No newline at end of file diff --git a/kubernetes/aai/components/aai-elasticsearch/resources/config/log4j2.properties b/kubernetes/aai/components/aai-elasticsearch/resources/config/log4j2.properties new file mode 100644 index 0000000000..86200c6c10 --- /dev/null +++ b/kubernetes/aai/components/aai-elasticsearch/resources/config/log4j2.properties @@ -0,0 +1,91 @@ +{{/* +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +status = error + +# log action execution errors for easier debugging +logger.action.name = org.elasticsearch.action +logger.action.level = INFO + +appender.console.type = Console +appender.console.name = console +appender.console.layout.type = PatternLayout +appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%m%n + +appender.rolling.type = RollingFile +appender.rolling.name = rolling +appender.rolling.fileName = ${sys:es.logs.base_path}.log +appender.rolling.layout.type = PatternLayout +appender.rolling.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%.10000m%n +appender.rolling.filePattern = ${sys:es.logs.base_path}-%d{yyyy-MM-dd}.log +appender.rolling.policies.type = Policies +appender.rolling.policies.time.type = TimeBasedTriggeringPolicy +appender.rolling.policies.time.interval = 1 +appender.rolling.policies.time.modulate = true + +rootLogger.level = info +rootLogger.appenderRef.console.ref = console +rootLogger.appenderRef.rolling.ref = rolling + +{{/* +# appender.deprecation_rolling.type = RollingFile +# appender.deprecation_rolling.name = deprecation_rolling +# appender.deprecation_rolling.fileName = ${sys:es.logs.base_path}_deprecation.log +# appender.deprecation_rolling.layout.type = PatternLayout +# appender.deprecation_rolling.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%.10000m%n +# appender.deprecation_rolling.filePattern = ${sys:es.logs.base_path}_deprecation-%i.log.gz +# appender.deprecation_rolling.policies.type = Policies +# appender.deprecation_rolling.policies.size.type = SizeBasedTriggeringPolicy +# appender.deprecation_rolling.policies.size.size = 1GB +# appender.deprecation_rolling.strategy.type = DefaultRolloverStrategy +# appender.deprecation_rolling.strategy.max = 4 + +# logger.deprecation.name = org.elasticsearch.deprecation +# logger.deprecation.level = warn +# logger.deprecation.appenderRef.deprecation_rolling.ref = deprecation_rolling +# logger.deprecation.additivity = false +*/}} +appender.index_search_slowlog_rolling.type = RollingFile +appender.index_search_slowlog_rolling.name = index_search_slowlog_rolling +appender.index_search_slowlog_rolling.fileName = ${sys:es.logs.base_path}_index_search_slowlog.log +appender.index_search_slowlog_rolling.layout.type = PatternLayout +appender.index_search_slowlog_rolling.layout.pattern = [%d{ISO8601}][%-5p][%-25c] %marker%.10000m%n +appender.index_search_slowlog_rolling.filePattern = ${sys:es.logs.base_path}_index_search_slowlog-%d{yyyy-MM-dd}.log +appender.index_search_slowlog_rolling.policies.type = Policies +appender.index_search_slowlog_rolling.policies.time.type = TimeBasedTriggeringPolicy +appender.index_search_slowlog_rolling.policies.time.interval = 1 +appender.index_search_slowlog_rolling.policies.time.modulate = true + +logger.index_search_slowlog_rolling.name = index.search.slowlog +logger.index_search_slowlog_rolling.level = trace +logger.index_search_slowlog_rolling.appenderRef.index_search_slowlog_rolling.ref = index_search_slowlog_rolling +logger.index_search_slowlog_rolling.additivity = false + +appender.index_indexing_slowlog_rolling.type = RollingFile +appender.index_indexing_slowlog_rolling.name = index_indexing_slowlog_rolling +appender.index_indexing_slowlog_rolling.fileName = ${sys:es.logs.base_path}_index_indexing_slowlog.log +appender.index_indexing_slowlog_rolling.layout.type = PatternLayout +appender.index_indexing_slowlog_rolling.layout.pattern = [%d{ISO8601}][%-5p][%-25c] %marker%.10000m%n +appender.index_indexing_slowlog_rolling.filePattern = ${sys:es.logs.base_path}_index_indexing_slowlog-%d{yyyy-MM-dd}.log +appender.index_indexing_slowlog_rolling.policies.type = Policies +appender.index_indexing_slowlog_rolling.policies.time.type = TimeBasedTriggeringPolicy +appender.index_indexing_slowlog_rolling.policies.time.interval = 1 +appender.index_indexing_slowlog_rolling.policies.time.modulate = true + +logger.index_indexing_slowlog.name = index.indexing.slowlog.index +logger.index_indexing_slowlog.level = trace +logger.index_indexing_slowlog.appenderRef.index_indexing_slowlog_rolling.ref = index_indexing_slowlog_rolling +logger.index_indexing_slowlog.additivity = false diff --git a/kubernetes/cli/templates/configmap.yaml b/kubernetes/aai/components/aai-elasticsearch/templates/configmap.yaml similarity index 83% rename from kubernetes/cli/templates/configmap.yaml rename to kubernetes/aai/components/aai-elasticsearch/templates/configmap.yaml index ae515a0ec5..63775038f4 100644 --- a/kubernetes/cli/templates/configmap.yaml +++ b/kubernetes/aai/components/aai-elasticsearch/templates/configmap.yaml @@ -1,5 +1,5 @@ {{/* -# Copyright © 2021 Orange +# Copyright © 2018 Amdocs, Bell Canada, AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,7 +17,7 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "common.fullname" . }}-lighttpd + name: {{ include "common.fullname" . }}-es-config namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} @@ -25,4 +25,4 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} data: -{{ tpl (.Files.Glob "resources/configuration/*").AsConfig . | indent 2 }} \ No newline at end of file +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} diff --git a/kubernetes/aai/components/aai-elasticsearch/templates/deployment.yaml b/kubernetes/aai/components/aai-elasticsearch/templates/deployment.yaml new file mode 100644 index 0000000000..3a92d97ff7 --- /dev/null +++ b/kubernetes/aai/components/aai-elasticsearch/templates/deployment.yaml @@ -0,0 +1,123 @@ +{{/* +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# Modifications Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ include "common.name" . }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} + name: {{ include "common.name" . }} + spec: + hostname: {{ include "common.name" . }} + initContainers: + - command: + - /bin/sh + - -c + - | + sysctl -w vm.max_map_count=262144 + mkdir -p /logroot/elasticsearch/logs + mkdir -p /logroot/elasticsearch/data + chmod -R 777 /logroot/elasticsearch + chown -R 1000:1000 /logroot + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + securityContext: + privileged: true + image: {{ include "repositoryGenerator.image.busybox" . }} + imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} + name: init-sysctl + volumeMounts: + - name: elasticsearch-data + mountPath: /logroot/ + containers: + - name: {{ include "common.name" . }} + image: {{ include "repositoryGenerator.elasticRepository" . }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} + ports: + - containerPort: {{ .Values.service.internalPort }} + - containerPort: {{ .Values.service.internalPort2 }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + volumeMounts: + - name: localtime + mountPath: /etc/localtime + readOnly: true + - name: elasticsearch-config + subPath: elasticsearch.yml + mountPath: /usr/share/elasticsearch/config/elasticsearch.yml + - name: elasticsearch-config + subPath: jvm.options + mountPath: /usr/share/elasticsearch/config/jvm.options + - name: elasticsearch-config + subPath: log4j2.properties + mountPath: /usr/share/elasticsearch/config/log4j2.properties + - name: elasticsearch-data + mountPath: /usr/share/elasticsearch/data + resources: +{{ include "common.resources" . | indent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: elasticsearch-config + configMap: + name: {{ include "common.fullname" . }}-es-config + - name: elasticsearch-data + persistentVolumeClaim: + claimName: {{ include "common.fullname" . }}-data + restartPolicy: {{ .Values.restartPolicy }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aai/components/aai-elasticsearch/templates/pv.yaml b/kubernetes/aai/components/aai-elasticsearch/templates/pv.yaml new file mode 100644 index 0000000000..0838e3367b --- /dev/null +++ b/kubernetes/aai/components/aai-elasticsearch/templates/pv.yaml @@ -0,0 +1,42 @@ +{{/* +# Copyright ▒ 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if eq "True" (include "common.needPV" .) -}} +kind: PersistentVolume +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: "{{ include "common.release" . }}" + heritage: "{{ .Release.Service }}" + name: {{ include "common.fullname" . }} + annotations: + "helm.sh/hook": pre-upgrade,pre-install + "helm.sh/hook-weight": "0" + "helm.sh/hook-delete-policy": before-hook-creation +spec: + capacity: + storage: {{ .Values.persistence.size}} + accessModes: + - {{ .Values.persistence.accessMode }} + persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} + storageClassName: "{{ include "common.fullname" . }}-data" + hostPath: + path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }} +{{- end -}} \ No newline at end of file diff --git a/kubernetes/aai/components/aai-elasticsearch/templates/pvc.yaml b/kubernetes/aai/components/aai-elasticsearch/templates/pvc.yaml new file mode 100644 index 0000000000..513a7e80f6 --- /dev/null +++ b/kubernetes/aai/components/aai-elasticsearch/templates/pvc.yaml @@ -0,0 +1,36 @@ +{{/* +# Copyright ▒ 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }}-data + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ include "common.release" . }}" + heritage: "{{ .Release.Service }}" +{{- if .Values.persistence.annotations }} +{{ toYaml .Values.persistence.annotations | indent 4 }} +{{- end }} +spec: + accessModes: + - {{ .Values.persistence.accessMode }} + resources: + requests: + storage: {{ .Values.persistence.size }} + storageClassName: {{ include "common.storageClass" . }} diff --git a/kubernetes/aai/components/aai-elasticsearch/templates/service.yaml b/kubernetes/aai/components/aai-elasticsearch/templates/service.yaml new file mode 100644 index 0000000000..66dfd493dd --- /dev/null +++ b/kubernetes/aai/components/aai-elasticsearch/templates/service.yaml @@ -0,0 +1,46 @@ +{{/* +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + - port: {{ .Values.service.internalPort2 }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} + name: {{ .Values.service.portName2 }} + {{- else -}} + - port: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + - port: {{ .Values.service.internalPort2 }} + name: {{ .Values.service.portName2 }} + {{- end}} + selector: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} + clusterIP: None diff --git a/kubernetes/aai/components/aai-elasticsearch/values.yaml b/kubernetes/aai/components/aai-elasticsearch/values.yaml new file mode 100644 index 0000000000..c0ef11ce7b --- /dev/null +++ b/kubernetes/aai/components/aai-elasticsearch/values.yaml @@ -0,0 +1,109 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# Modifications Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Default values for elasticsearch. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +global: # global defaults + nodePortPrefix: 302 + persistence: + mountPath: /dockerdata-nfs + +# application image +image: elasticsearch/elasticsearch:6.1.2 +pullPolicy: Always +restartPolicy: Always + +flavor: small +flavorOverride: small + +# application configuration +config: + tcpPort: 8443 + nodeKeyStore: esaai-keystore.jks + nodeKeyStorePassword: b87b46d3da7d3d4aadfe + adminKeyStore: sgadmin-keystore.p12 + adminKeyStorePassword: 341274302a70ad691e12 + trustStore: truststore.jks + trustStorePassword: b200926e9da205487f63 + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 10 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 10 + periodSeconds: 10 + +service: + type: ClusterIP + name: aai-elasticsearch + portName: aai-elasticsearch + internalPort: 9200 + portName2: aai-elasticsearch-tcp + internalPort2: 8443 + +ingress: + enabled: false + +persistence: + enabled: true + + ## A manually managed Persistent Volume and Claim + ## Requires persistence.enabled: true + ## If defined, PVC must be created manually before volume will be bound + # existingClaim: + volumeReclaimPolicy: Retain + + ## database data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + ## storageClass: "-" + accessMode: ReadWriteOnce + size: 2Gi + mountPath: /dockerdata-nfs + mountSubPath: aai/elasticsearch/data + +resources: + small: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 0.5 + memory: 2Gi + large: + limits: + cpu: 4 + memory: 8Gi + requests: + cpu: 1 + memory: 4Gi + unlimited: {} diff --git a/kubernetes/aai/components/aai-graphadmin/values.yaml b/kubernetes/aai/components/aai-graphadmin/values.yaml index 63c668fb9e..533826eb2c 100644 --- a/kubernetes/aai/components/aai-graphadmin/values.yaml +++ b/kubernetes/aai/components/aai-graphadmin/values.yaml @@ -118,7 +118,7 @@ global: # global defaults # application image -image: onap/aai-graphadmin:1.8.0 +image: onap/aai-graphadmin:1.7.1 pullPolicy: Always restartPolicy: Always flavor: small diff --git a/kubernetes/aai/components/aai-resources/requirements.yaml b/kubernetes/aai/components/aai-resources/requirements.yaml index 498f1b837d..42641a2e5c 100644 --- a/kubernetes/aai/components/aai-resources/requirements.yaml +++ b/kubernetes/aai/components/aai-resources/requirements.yaml @@ -21,9 +21,6 @@ dependencies: # a part of this chart's package and will not # be published independently to a repo (at this point) repository: '@local' - - name: certInitializer - version: ~7.x-0 - repository: '@local' - name: repositoryGenerator version: ~7.x-0 repository: '@local' \ No newline at end of file diff --git a/kubernetes/aai/components/aai-resources/resources/config/aaf/org.onap.aai.keyfile b/kubernetes/aai/components/aai-resources/resources/config/aaf/org.onap.aai.keyfile new file mode 100644 index 0000000000..4c14bc37f1 --- /dev/null +++ b/kubernetes/aai/components/aai-resources/resources/config/aaf/org.onap.aai.keyfile @@ -0,0 +1,27 @@ +VoVoSXQrAveX2NBnoAGs7p5q5Zn5vWkVXC81HQrzers30k7OzSy5rfCRSUVO13wuo-wzJQ4GGn4e +ZSOZrtTCenFwunUX6mirkIlip8W2TLNVH6O3VN-F7JS6t_6EFF5z1y7amr9MCWQ8p72Ig9uHMUWC +uPLjD6GUWAEw0BIGtCbXgJDs6v2EOCv0TV8Mq1uYSaiAOZgMlehwt1tWcE3iSRfZscjIp4Kjpe4e +QsZ9Bc5ATTnY3Tc5Mtmubc-1cwGDQQWFIo5k_cWfxhtpMAsNSidwp-zBjCKEWC465BKSSiUHwp4M +YW_6xrmN1FobnFqLCNoUEoXH3Mcgeze74dXmaN8_JyQ6T5pT1EtETsitnktrfFh-XsLKGf8vE1m8 +pfAtq4hPeq1jMdG0D8SRVGFxJlHa9VsmYpbUj_4I3GGsaBt_EBl9ZUtL0b3Vnx5fnqS1OZ1amL0z +94rQfQMf2UAnbI1j2j5oV6Hy2eBmSiLft2aNxs1VPmmZLQsm5dXDKF1eJ6twNmaZvzmQaSHTpN4b +YqPonSwlYK1ZARaKzx1SivpRWzRP-nqqFazfAnPlLdvCBpCK0g_SjwLvlifozVmH2j0Vd6E9F9XE +NzJSfUY6NsX6_7t10yDYtBKbFKID3jIKmSj7yn5PKNbEWBwmgvkBh4PIKTRij11udR8S8PnYsfTT +PyC52LH37LL5Me3Y443zOUXtYWwN6wfCi9H4pDQGmg7mcnpKV0Z-Iw59AuLKypTriG3-9DxYgMSa +_GCDiCIXhcWSEYieRV45qHoeVdgrPGN8iy9leO_JmikGsjcIKl0-mGrojsV0zHrqeP-fyvgpFD1x +NXLKeqErqSw_KMFOxCa0-cUQHgrVvrs5wDYeetZ4TRafKEYkojZhq6mbM5V2zScQTxU_VEHK0PIs +BJ6xHzcw9DLUjPTVtHXXbag9ly9ReoHXRLD5O9RZUvLH9pGRIkn_tMrVD1scMiS4ln9QplyGRF1_ +AAXysVgCna3-xuOIYo8zG74d29eNcuEpejPR8CiSWKiKNqp0zMYB5Jpv2dlf0XMucMne-6WV1-gg +EETogBbymFC6rcc31TjPwqnqyLY0XP7Gy1trJ47aI9zBXS3IZLmGaKW1d12ELDRsWctujcjHyt1_ +Vp3hrny5w7BNWD8SIueUzke3-OuEhOmu0o84TGvfHc6fmKCggRBn_oXee4OeCnt2HzNSlLvOV9AZ +g5e1UKuzl2dODQCZHNNdj-7f25LIVSV44m0SVNsDwboQ4s7T5HOTn3NM2KpklwBnB6w5ze2FFBzb +5XNzyXOpDgHEnszN1U90WrpoFvJ0LFJ5XeX8mH0q9lpcKZXbOqP383_dBXyEd237m2OF6WVG4VVm +4dqB98pBLiGpCR1K6ocdcZE6mAMQn-OdDaLIJLcXt77i1j2MNlODeax-MJnxMW8EjPAzNJzrdq5e +21spFMZJT9vthdl0qqiiduuTazaXGrmvnB85uvRCXVqJOesVG3HebubWrQuuuePxVTSL18R_PhId +0hmqho-MOZUHHTxGzqFDR0iOO8Y4hZfiAipHAd49IkkmYJUrEAb258in8W4__vJ5UcIdq2Rd8L9l +vtIzf7AKcFCyx7Woi95GpEJ2Kr_f6aG1_04hbFY_LHP3EHPcOxsDHjz-8FYreze_LUdsYx-fBMft +mcFmbFAblk8Jz7GYQ7c4XwULt2BbMr9rsuGuZHL3Ap6lX1eI0-6d8ZZ3DIXIWubTTqHG_mRNd5XW +b0x5nlEbnvw4t4DdjGsEONpQfllnnmkr25tPQBncPjlsA3oso6h5QM4psvkkKi8yd0N6t-yyLwra +w1B3p9YQFzK2hGA24Seo83baLRgIK6YvEsNnXdI7fmVEOetIslQue__6S6GupdqgUFx9xrtDLN-d +TbdxpezKWfkjCxEBxXyAhOttb3qqP0-jtZV7OEsZmmz0T9DG4hYnNfs-clD7rrD3Va7znzDru2sq +PtgpapahbNjM9pbx9_fU7M35aEYnGtEwG9BVGVxsWmIBMTc05ncru4qE0fLkjsDSnCMQ54e0 \ No newline at end of file diff --git a/kubernetes/aai/components/aai-resources/resources/config/aaf/org.onap.aai.p12 b/kubernetes/aai/components/aai-resources/resources/config/aaf/org.onap.aai.p12 new file mode 100644 index 0000000000..b2449c6a54 Binary files /dev/null and b/kubernetes/aai/components/aai-resources/resources/config/aaf/org.onap.aai.p12 differ diff --git a/kubernetes/aai/components/aai-resources/resources/config/aaf/org.onap.aai.props b/kubernetes/aai/components/aai-resources/resources/config/aaf/org.onap.aai.props index f4bb9ee89c..d5a64750f4 100644 --- a/kubernetes/aai/components/aai-resources/resources/config/aaf/org.onap.aai.props +++ b/kubernetes/aai/components/aai-resources/resources/config/aaf/org.onap.aai.props @@ -1,15 +1,15 @@ ############################################################ # Properties Generated by AT&T Certificate Manager # @copyright 2016, AT&T -# Modifications Copyright © 2020 Orange ############################################################ cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US -cadi_keyfile={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.keyfile -cadi_keystore={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 -cadi_keystore_password=${KEYSTORE_PASSWORD} +cadi_keyfile=/opt/app/aai-resources/resources/aaf/org.onap.aai.keyfile +cadi_keystore=/opt/app/aai-resources/resources/aaf/org.onap.aai.p12 +cadi_keystore_password=enc:dgVjUeXy3cuR7nJ3TFVrXFfAu19gn6rie-RsS96-0fmeZwMsXlNIgK_rHd2eRY_p +#cadi_key_password=enc:9xs_lJ9QQRDoMcHqLbGg40-gefGrw-sLMjWL40ejbyqdC7Jt_pQfY6ajBLGcbLuL cadi_alias=aai@aai.onap.org -cadi_truststore={{ .Values.certInitializer.credsPath }}/truststoreONAPall.jks -cadi_truststore_password=${TRUSTSTORE_ALL_PASSWORD} +cadi_truststore=/opt/app/aai-resources/resources/aaf/truststoreONAPall.jks +cadi_truststore_password=enc:nF3CZ7w_swzgWJX8CtEOsKWA50x-Da_HbiYlXPWrQym cadi_loglevel=INFO cadi_bath_convert=/opt/app/aai-resources/resources/aaf/bath_config.csv diff --git a/kubernetes/aai/components/aai-resources/resources/config/aaiconfig.properties b/kubernetes/aai/components/aai-resources/resources/config/aaiconfig.properties index 0d51326f3b..70e8bec01a 100644 --- a/kubernetes/aai/components/aai-resources/resources/config/aaiconfig.properties +++ b/kubernetes/aai/components/aai-resources/resources/config/aaiconfig.properties @@ -4,7 +4,6 @@ # org.onap.aai # ================================================================================ # Copyright © 2017 AT&T Intellectual Property. All rights reserved. -# Modifications Copyright © 2020 Orange # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -48,10 +47,10 @@ aai.tools.username={{ .Values.global.config.basic.auth.username }} aai.tools.password={{ .Values.global.config.basic.auth.passwd }} {{ end }} -aai.truststore.filename={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks -aai.truststore.passwd.x=${TRUSTSTORE_PASSWORD} -aai.keystore.filename={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 -aai.keystore.passwd.x=${KEYSTORE_PASSWORD} +aai.truststore.filename={{ .Values.global.config.truststore.filename }} +aai.truststore.passwd.x={{ .Values.global.config.truststore.passwd }} +aai.keystore.filename={{ .Values.global.config.keystore.filename }} +aai.keystore.passwd.x={{ .Values.global.config.keystore.passwd }} aai.notification.current.version={{ .Values.global.config.schema.version.api.default }} aai.notificationEvent.default.status=UNPROCESSED diff --git a/kubernetes/aai/components/aai-resources/resources/config/application.properties b/kubernetes/aai/components/aai-resources/resources/config/application.properties index 70ebd3ac54..61410c551e 100644 --- a/kubernetes/aai/components/aai-resources/resources/config/application.properties +++ b/kubernetes/aai/components/aai-resources/resources/config/application.properties @@ -1,6 +1,5 @@ {{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T -# Modifications Copyright © 2020 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -45,10 +44,10 @@ server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties server.port=8447 server.ssl.enabled-protocols=TLSv1.1,TLSv1.2 -server.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 -server.ssl.key-store-password=${KEYSTORE_PASSWORD} -server.ssl.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks -server.ssl.trust-store-password=${TRUSTSTORE_PASSWORD} +server.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }} +server.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }}) +server.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.truststore.filename }} +server.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }}) server.ssl.client-auth=want server.ssl.key-store-type=JKS @@ -93,7 +92,7 @@ schema.service.edges.endpoint=edgerules?version= schema.service.versions.endpoint=versions schema.service.client={{ .Values.global.config.schema.service.client }} -schema.service.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 -schema.service.ssl.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks -schema.service.ssl.key-store-password=${KEYSTORE_PASSWORD} -schema.service.ssl.trust-store-password=${TRUSTSTORE_PASSWORD} +schema.service.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }} +schema.service.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.truststore.filename }} +schema.service.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }}) +schema.service.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }}) diff --git a/kubernetes/aai/components/aai-resources/resources/config/localhost-access-logback.xml b/kubernetes/aai/components/aai-resources/resources/config/localhost-access-logback.xml index f5829a1dac..7f6a03168e 100644 --- a/kubernetes/aai/components/aai-resources/resources/config/localhost-access-logback.xml +++ b/kubernetes/aai/components/aai-resources/resources/config/localhost-access-logback.xml @@ -25,22 +25,22 @@ --> */}} - - - ${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log - - ${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log.%d{yyyy-MM-dd} - - - - %a %u %z [%t] "%m %U%q" %s %b %y %i{X-TransactionId} %i{X-FromAppId} %i{X-Forwarded-For} %i{X-AAI-SSL-Client-CN} %i{X-AAI-SSL-Client-OU} %i{X-AAI-SSL-Client-O} %i{X-AAI-SSL-Client-L} %i{X-AAI-SSL-Client-ST} %i{X-AAI-SSL-Client-C} %i{X-AAI-SSL-Client-NotBefore} %i{X-AAI-SSL-Client-NotAfter} %i{X-AAI-SSL-Client-DN} %D - - - + + + ${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log + + ${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log.%d{yyyy-MM-dd} + + + + %a %u %z [%t] "%m %U%q" %s %b %y %i{X-TransactionId} %i{X-FromAppId} %i{X-Forwarded-For} %i{X-AAI-SSL-Client-CN} %i{X-AAI-SSL-Client-OU} %i{X-AAI-SSL-Client-O} %i{X-AAI-SSL-Client-L} %i{X-AAI-SSL-Client-ST} %i{X-AAI-SSL-Client-C} %i{X-AAI-SSL-Client-NotBefore} %i{X-AAI-SSL-Client-NotAfter} %i{X-AAI-SSL-Client-DN} %D + + + {{/* - -*/}} - + --> +*/}} \ No newline at end of file diff --git a/kubernetes/aai/components/aai-resources/resources/config/logback.xml b/kubernetes/aai/components/aai-resources/resources/config/logback.xml index 287b59f535..df35aaa0ed 100644 --- a/kubernetes/aai/components/aai-resources/resources/config/logback.xml +++ b/kubernetes/aai/components/aai-resources/resources/config/logback.xml @@ -11,7 +11,7 @@ you may not use this file except in compliance with the License. You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 + http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, @@ -25,322 +25,322 @@ --> */}} - + - + - + - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + - - - - %clr(%d{yyyy-MM-dd HH:mm:ss.SSS}){faint} %clr(${LOG_LEVEL_PATTERN:-%5p}) %clr(${PID:- }){magenta} %clr(---){faint} %clr([%15.15t]){faint} %clr(%-40.40logger{39}){cyan} %clr(:){faint} %m%n${LOG_EXCEPTION_CONVERSION_WORD:-%wEx} - - - + + + + %clr(%d{yyyy-MM-dd HH:mm:ss.SSS}){faint} %clr(${LOG_LEVEL_PATTERN:-%5p}) %clr(${PID:- }){magenta} %clr(---){faint} %clr([%15.15t]){faint} %clr(%-40.40logger{39}){cyan} %clr(:){faint} %m%n${LOG_EXCEPTION_CONVERSION_WORD:-%wEx} + + + - - ${logDirectory}/rest/sane.log - - ${logDirectory}/rest/sane.log.%d{yyyy-MM-dd} - - - %d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n - - - + + ${logDirectory}/rest/sane.log + + ${logDirectory}/rest/sane.log.%d{yyyy-MM-dd} + + + %d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n + + + - - 1000 - true - - - - ${logDirectory}/rest/metrics.log - - ${logDirectory}/rest/metrics.log.%d{yyyy-MM-dd} - - - ${metricPattern} - - + + 1000 + true + + + + ${logDirectory}/rest/metrics.log + + ${logDirectory}/rest/metrics.log.%d{yyyy-MM-dd} + + + ${metricPattern} + + - - 1000 - true - - + + 1000 + true + + - - - DEBUG - ACCEPT - DENY - - ${logDirectory}/rest/debug.log - - ${logDirectory}/rest/debug.log.%d{yyyy-MM-dd} - - - ${debugPattern} - - + + + DEBUG + ACCEPT + DENY + + ${logDirectory}/rest/debug.log + + ${logDirectory}/rest/debug.log.%d{yyyy-MM-dd} + + + ${debugPattern} + + - - 1000 - - true - - - ${logDirectory}/rest/error.log - - ${logDirectory}/rest/error.log.%d{yyyy-MM-dd} - - - WARN - - - ${errorPattern} - - + + 1000 + + true + + + ${logDirectory}/rest/error.log + + ${logDirectory}/rest/error.log.%d{yyyy-MM-dd} + + + WARN + + + ${errorPattern} + + - - 1000 - - + + 1000 + + - - ${logDirectory}/rest/audit.log - - ${logDirectory}/rest/audit.log.%d{yyyy-MM-dd} - - - - ${auditPattern} - - + + ${logDirectory}/rest/audit.log + + ${logDirectory}/rest/audit.log.%d{yyyy-MM-dd} + + + + ${auditPattern} + + - - 1000 - true - - + + 1000 + true + + - - - DEBUG - ACCEPT - DENY - - ${logDirectory}/rest/translog.log - - ${logDirectory}/rest/translog.log.%d{yyyy-MM-dd} - - - - ${transLogPattern} - - + + + DEBUG + ACCEPT + DENY + + ${logDirectory}/rest/translog.log + + ${logDirectory}/rest/translog.log.%d{yyyy-MM-dd} + + + + ${transLogPattern} + + - - 1000 - true - - + + 1000 + true + + - - - WARN - - ${logDirectory}/dmaapAAIEventConsumer/error.log - - ${logDirectory}/dmaapAAIEventConsumer/error.log.%d{yyyy-MM-dd} - - - - ${errorPattern} - + + + WARN + + ${logDirectory}/dmaapAAIEventConsumer/error.log + + ${logDirectory}/dmaapAAIEventConsumer/error.log.%d{yyyy-MM-dd} + + + + ${errorPattern} + - + - - - DEBUG - ACCEPT - DENY - - ${logDirectory}/dmaapAAIEventConsumer/debug.log - - ${logDirectory}/dmaapAAIEventConsumer/debug.log.%d{yyyy-MM-dd} - - - - ${debugPattern} - - - - - INFO - ACCEPT - DENY - - ${logDirectory}/dmaapAAIEventConsumer/dmaap-transaction.log - - ${logDirectory}/dmaapAAIEventConsumer/dmaap-transaction.log.%d{yyyy-MM-dd} - - - - ${auditPattern} - - - - - INFO - ACCEPT - DENY - - ${logDirectory}/dmaapAAIEventConsumer/metrics.log - - ${logDirectory}/dmaapAAIEventConsumer/metrics.log.%d{yyyy-MM-dd} - - - - ${metricPattern} - - - - - WARN - - ${logDirectory}/external/external.log - - ${logDirectory}/external/external.log.%d{yyyy-MM-dd} - - - - ${debugPattern} - - - - - DEBUG - - ${logDirectory}/auth/auth.log - - ${logDirectory}/auth/auth.log.%d{yyyy-MM-dd} - - - - %d{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}[%thread] %-5level %logger{1024} - %msg%n - - - - 1000 - true - - - + + + DEBUG + ACCEPT + DENY + + ${logDirectory}/dmaapAAIEventConsumer/debug.log + + ${logDirectory}/dmaapAAIEventConsumer/debug.log.%d{yyyy-MM-dd} + + + + ${debugPattern} + + + + + INFO + ACCEPT + DENY + + ${logDirectory}/dmaapAAIEventConsumer/dmaap-transaction.log + + ${logDirectory}/dmaapAAIEventConsumer/dmaap-transaction.log.%d{yyyy-MM-dd} + + + + ${auditPattern} + + + + + INFO + ACCEPT + DENY + + ${logDirectory}/dmaapAAIEventConsumer/metrics.log + + ${logDirectory}/dmaapAAIEventConsumer/metrics.log.%d{yyyy-MM-dd} + + + + ${metricPattern} + + + + + WARN + + ${logDirectory}/external/external.log + + ${logDirectory}/external/external.log.%d{yyyy-MM-dd} + + + + ${debugPattern} + + + + + DEBUG + + ${logDirectory}/auth/auth.log + + ${logDirectory}/auth/auth.log.%d{yyyy-MM-dd} + + + + %d{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}[%thread] %-5level %logger{1024} - %msg%n + + + + 1000 + true + + + - - + + - - + + - - - - - - - - - - - + + + + + + + + + + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - + + + + - - - + + + - - - - + + + + diff --git a/kubernetes/aai/components/aai-resources/templates/configmap.yaml b/kubernetes/aai/components/aai-resources/templates/configmap.yaml index 99973565f8..f173916104 100644 --- a/kubernetes/aai/components/aai-resources/templates/configmap.yaml +++ b/kubernetes/aai/components/aai-resources/templates/configmap.yaml @@ -18,7 +18,7 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "common.fullname" . }} + name: {{ include "common.fullname" . }}-configmap namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} diff --git a/kubernetes/aai/components/aai-resources/templates/deployment.yaml b/kubernetes/aai/components/aai-resources/templates/deployment.yaml index 7dc79a774f..6fbbf1c089 100644 --- a/kubernetes/aai/components/aai-resources/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-resources/templates/deployment.yaml @@ -72,28 +72,30 @@ spec: {{- end }} spec: hostname: aai-resources - initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} - - name: {{ include "common.name" . }}-readiness - command: + initContainers: + - command: + {{- if .Values.global.jobs.migration.enabled }} - /app/ready.py args: - {{- if .Values.global.jobs.migration.enabled }} - --job-name - {{ include "common.release" . }}-aai-graphadmin-migration - {{- else }} - {{- if .Values.global.jobs.createSchema.enabled }} + {{- else }} + {{- if .Values.global.jobs.createSchema.enabled }} + - /app/ready.py + args: - --job-name - {{ include "common.release" . }}-aai-graphadmin-create-db-schema - {{- else }} + {{- else }} + - /app/ready.py + args: - --container-name - {{- if .Values.global.cassandra.localCluster }} + {{- if .Values.global.cassandra.localCluster }} - aai-cassandra - {{- else }} + {{- else }} - cassandra - {{- end }} + {{- end }} - --container-name - aai-schema-service - {{- end }} {{- end }} env: - name: NAMESPACE @@ -103,29 +105,20 @@ spec: fieldPath: metadata.namespace image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-readiness + {{- end }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - sh - args: - - -c - - | - echo "*** retrieve Truststore and Keystore password" - export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0) - echo "*** actual launch of AAI Resources" - /bin/bash /opt/app/aai-resources/docker-entrypoint.sh env: - name: LOCAL_USER_ID value: {{ .Values.global.config.userId | quote }} - name: LOCAL_GROUP_ID value: {{ .Values.global.config.groupId | quote }} - name: POST_JAVA_OPTS - value: '-Djavax.net.ssl.trustStore=/opt/app/aai-resources/resources/aaf/truststoreONAPall.jks -Djavax.net.ssl.trustStorePassword={{ .Values.certInitializer.truststoreAllPassword }}' - - name: TRUSTORE_ALL_PASSWORD - value: {{ .Values.certInitializer.truststoreAllPassword }} - volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} + value: '-Djavax.net.ssl.trustStore=/opt/app/aai-resources/resources/aaf/truststoreONAPall.jks -Djavax.net.ssl.trustStorePassword=changeit' + volumeMounts: - mountPath: /etc/localtime name: localtime readOnly: true @@ -149,6 +142,9 @@ spec: - mountPath: /opt/app/aai-resources/resources/etc/auth/realm.properties name: {{ include "common.fullname" . }}-config subPath: realm.properties + - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.keyfile + name: {{ include "common.fullname" . }}-aaf-certs + subPath: org.onap.aai.keyfile - mountPath: /opt/app/aai-resources/resources/aaf/bath_config.csv name: {{ include "common.fullname" . }}-aaf-certs subPath: bath_config.csv @@ -164,12 +160,24 @@ spec: - mountPath: /opt/app/aai-resources/resources/cadi.properties name: {{ include "common.fullname" . }}-aaf-properties subPath: cadi.properties + - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.p12 + name: {{ include "common.fullname" . }}-aaf-certs + subPath: org.onap.aai.p12 + - mountPath: /opt/app/aai-resources/resources/aaf/truststoreONAPall.jks + name: aai-common-aai-auth-mount + subPath: truststoreONAPall.jks - mountPath: /opt/app/aai-resources/resources/application.properties name: {{ include "common.fullname" . }}-config subPath: application.properties - mountPath: /opt/app/aai-resources/resources/application-keycloak.properties name: {{ include "common.fullname" . }}-config subPath: application-keycloak.properties + {{- $global := . }} + {{- range $job := .Values.global.config.auth.files }} + - mountPath: /opt/app/aai-resources/resources/etc/auth/{{ . }} + name: {{ include "common.fullname" $global }}-auth-truststore-sec + subPath: {{ . }} + {{- end }} ports: - containerPort: {{ .Values.service.internalPort }} - containerPort: {{ .Values.service.internalPort2 }} @@ -207,7 +215,10 @@ spec: - mountPath: /usr/share/filebeat/data name: {{ include "common.fullname" . }}-filebeat resources: {{ include "common.resources" . | nindent 12 }} - volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} + volumes: + - name: aai-common-aai-auth-mount + secret: + secretName: aai-common-aai-auth - name: localtime hostPath: path: /etc/localtime @@ -220,13 +231,21 @@ spec: emptyDir: {} - name: {{ include "common.fullname" . }}-config configMap: - name: {{ include "common.fullname" . }} + name: {{ include "common.fullname" . }}-configmap - name: {{ include "common.fullname" . }}-aaf-properties configMap: name: {{ include "common.fullname" . }}-aaf-props - name: {{ include "common.fullname" . }}-aaf-certs secret: secretName: {{ include "common.fullname" . }}-aaf-keys + - name: {{ include "common.fullname" . }}-auth-truststore-sec + secret: + secretName: aai-common-truststore + items: + {{- range $job := .Values.global.config.auth.files }} + - key: {{ . }} + path: {{ . }} + {{- end }} restartPolicy: {{ .Values.restartPolicy }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aai/components/aai-resources/templates/secret.yaml b/kubernetes/aai/components/aai-resources/templates/secret.yaml index a0d8629459..d24149086e 100644 --- a/kubernetes/aai/components/aai-resources/templates/secret.yaml +++ b/kubernetes/aai/components/aai-resources/templates/secret.yaml @@ -26,6 +26,6 @@ metadata: heritage: {{ .Release.Service }} type: Opaque data: -{{ tpl (.Files.Glob "resources/config/aaf/bath_config.csv").AsSecrets . | indent 2 }} ---- -{{ include "common.secretFast" . }} +{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.keyfile").AsSecrets . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.p12").AsSecrets . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/aaf/bath_config.csv").AsSecrets . | indent 2 }} \ No newline at end of file diff --git a/kubernetes/aai/components/aai-resources/templates/service.yaml b/kubernetes/aai/components/aai-resources/templates/service.yaml index e4f84a963d..460e0d5b93 100644 --- a/kubernetes/aai/components/aai-resources/templates/service.yaml +++ b/kubernetes/aai/components/aai-resources/templates/service.yaml @@ -43,3 +43,4 @@ spec: selector: app: {{ include "common.name" . }} release: {{ include "common.release" . }} + clusterIP: None diff --git a/kubernetes/aai/components/aai-resources/values.yaml b/kubernetes/aai/components/aai-resources/values.yaml index 37af7a7142..5210a249d2 100644 --- a/kubernetes/aai/components/aai-resources/values.yaml +++ b/kubernetes/aai/components/aai-resources/values.yaml @@ -24,6 +24,9 @@ global: # global defaults #Override it to aai-cassandra if localCluster is enabled. serviceName: cassandra + initContainers: + enabled: true + # Specifies a list of jobs to be run jobs: # When enabled, it will create the schema based on oxm and edge rules @@ -92,6 +95,21 @@ global: # global defaults edge: label: v12 + # Keystore configuration password and filename + keystore: + filename: aai_keystore + passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 + + # Truststore configuration password and filename + truststore: + filename: aai_keystore + passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 + + # Specifies a list of files to be included in auth volume + auth: + files: + - aai_keystore + # Specifies which clients should always default to realtime graph connection realtime: clients: SDNC,MSO,SO,robot-ete @@ -120,41 +138,9 @@ aai_enpoints: url: network - name: aai-externalSystem url: external-system -################################################################# -# Certificate configuration -################################################################# -certInitializer: - nameOverride: aai-resources-cert-initializer - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - # aafDeployCredsExternalSecret: some secret - fqdn: aai-resources - fqi: aai-resources@aai-resources.onap.org - public_fqdn: aai-resources.onap.org - cadi_longitude: "0.0" - cadi_latitude: "0.0" - app_ns: org.osaaf.aaf - credsPath: /opt/app/osaaf/local - fqi_namespace: org.onap.aai-resources - aaf_add_config: | - echo "*** retrieving password for keystore and trustore" - export $(/opt/app/aaf_config/bin/agent.sh local showpass \ - {{.Values.fqi}} {{ .Values.fqdn }} | grep '^c' | xargs -0) - if [ -z "$cadi_keystore_password_p12" ] - then - echo " /!\ certificates retrieval wasn't good" - exit 1 - else - echo "*** writing passwords into prop file" - echo "KEYSTORE_PASSWORD=${cadi_keystore_password_p12}" > {{ .Values.credsPath }}/mycreds.prop - echo "TRUSTSTORE_PASSWORD=${cadi_truststore_password}" >> {{ .Values.credsPath }}/mycreds.prop - echo "*** change ownership of certificates to targeted user" - chown -R 1000 {{ .Values.credsPath }} - fi - truststoreAllPassword: changeit # application image -image: onap/aai-resources:1.8.2 +image: onap/aai-resources:1.7.2 pullPolicy: Always restartPolicy: Always flavor: small @@ -204,6 +190,12 @@ readiness: initialDelaySeconds: 60 periodSeconds: 10 +# application configuration +sidecar: + keyStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 + keyManagerPassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 + trustStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 + service: type: ClusterIP portName: aai-resources-8447 diff --git a/kubernetes/aai/components/aai-schema-service/values.yaml b/kubernetes/aai/components/aai-schema-service/values.yaml index 50bd6c38b8..04d5342955 100644 --- a/kubernetes/aai/components/aai-schema-service/values.yaml +++ b/kubernetes/aai/components/aai-schema-service/values.yaml @@ -40,11 +40,11 @@ global: # global defaults version: # Current version of the REST API api: - default: v23 + default: v21 # Specifies which version the depth parameter is configurable depth: v11 # List of all the supported versions of the API - list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23 + list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21 # Specifies from which version related link should appear related: link: v11 @@ -74,7 +74,7 @@ global: # global defaults - aai_keystore # application image -image: onap/aai-schema-service:1.8.6 +image: onap/aai-schema-service:1.7.13 pullPolicy: Always restartPolicy: Always flavorOverride: small diff --git a/kubernetes/aai/components/aai-search-data/.helmignore b/kubernetes/aai/components/aai-search-data/.helmignore new file mode 100644 index 0000000000..daebc7da77 --- /dev/null +++ b/kubernetes/aai/components/aai-search-data/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/kubernetes/cps/templates/secrets.yaml b/kubernetes/aai/components/aai-search-data/Chart.yaml similarity index 80% rename from kubernetes/cps/templates/secrets.yaml rename to kubernetes/aai/components/aai-search-data/Chart.yaml index f25044d339..b05b354512 100644 --- a/kubernetes/cps/templates/secrets.yaml +++ b/kubernetes/aai/components/aai-search-data/Chart.yaml @@ -1,5 +1,4 @@ -{{/* -# Copyright (C) 2021 Pantheon.tech +# Copyright © 2018 Amdocs, Bell Canada, AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,6 +11,8 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -*/}} -{{ include "common.secretFast" . }} +apiVersion: v1 +description: ONAP AAI search-data +name: aai-search-data +version: 7.0.0 diff --git a/kubernetes/cps/templates/configmap.yaml b/kubernetes/aai/components/aai-search-data/requirements.yaml similarity index 56% rename from kubernetes/cps/templates/configmap.yaml rename to kubernetes/aai/components/aai-search-data/requirements.yaml index eeb057cbd8..42641a2e5c 100644 --- a/kubernetes/cps/templates/configmap.yaml +++ b/kubernetes/aai/components/aai-search-data/requirements.yaml @@ -1,5 +1,6 @@ -{{/* -# Copyright (C) 2021 Pantheon.tech +# Copyright © 2018 Amdocs, AT&T +# Modifications Copyright © 2018 Bell Canada +# Modifications Copyright © 2020 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,9 +13,14 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -*/}} -apiVersion: v1 -kind: ConfigMap -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -data: {{ tpl (.Files.Glob "resources/config/*").AsConfig . | nindent 2 }} +dependencies: + - name: common + version: ~7.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' + - name: repositoryGenerator + version: ~7.x-0 + repository: '@local' \ No newline at end of file diff --git a/kubernetes/aai/components/aai-search-data/resources/config/analysis-config.json b/kubernetes/aai/components/aai-search-data/resources/config/analysis-config.json new file mode 100644 index 0000000000..5fc135df5a --- /dev/null +++ b/kubernetes/aai/components/aai-search-data/resources/config/analysis-config.json @@ -0,0 +1,32 @@ +[ + { + "name": "whitespace_analyzer", + "description": "A standard whitespace analyzer.", + "behaviours": [ + "Tokenize the text using white space characters as delimeters.", + "Convert all characters to lower case.", + "Convert all alphanumeric and symbolic Unicode characters above the first 127 ASCII characters into their ASCII equivalents." + ], + "tokenizer": "whitespace", + "filters": [ + "lowercase", + "asciifolding" + ] + }, + { + "name": "ngram_analyzer", + "description": "An analyzer which performs ngram filtering on the data stream.", + "behaviours": [ + "Tokenize the text using white space characters as delimeters.", + "Convert all characters to lower case.", + "Convert all alphanumeric and symbolic Unicode characters above the first 127 ASCII characters into their ASCII equivalents.", + "Apply ngram filtering using the following values for minimum and maximum size in codepoints of a single n-gram: minimum = 1, maximum = 2." + ], + "tokenizer": "whitespace", + "filters": [ + "lowercase", + "asciifolding", + "ngram_filter" + ] + } +] \ No newline at end of file diff --git a/kubernetes/aai/components/aai-search-data/resources/config/auth/search_policy.json b/kubernetes/aai/components/aai-search-data/resources/config/auth/search_policy.json new file mode 100644 index 0000000000..bbbe52f5b5 --- /dev/null +++ b/kubernetes/aai/components/aai-search-data/resources/config/auth/search_policy.json @@ -0,0 +1,18 @@ +{ + "roles": [ + { + "name": "admin", + "functions": [ + { + "name": "search", "methods": [ { "name": "GET" },{ "name": "DELETE" }, { "name": "PUT" }, { "name": "POST" } ] + } + ], + + "users": [ + { + "username": "CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA" + } + ] + } + ] +} diff --git a/kubernetes/aai/components/aai-search-data/resources/config/auth/tomcat_keystore b/kubernetes/aai/components/aai-search-data/resources/config/auth/tomcat_keystore new file mode 100644 index 0000000000..e280b3181a Binary files /dev/null and b/kubernetes/aai/components/aai-search-data/resources/config/auth/tomcat_keystore differ diff --git a/kubernetes/aai/components/aai-search-data/resources/config/dynamic-custom-template.json b/kubernetes/aai/components/aai-search-data/resources/config/dynamic-custom-template.json new file mode 100644 index 0000000000..2dac8f75c7 --- /dev/null +++ b/kubernetes/aai/components/aai-search-data/resources/config/dynamic-custom-template.json @@ -0,0 +1,12 @@ +"dynamic_templates":[ + { + "strings":{ + "match_mapping_type":"string", + "match": "*", + "mapping":{ + "type":"text", + "fielddata":true + } + } + } +], diff --git a/kubernetes/common/certInitializer/resources/retrieval_check.sh b/kubernetes/aai/components/aai-search-data/resources/config/elastic-search.properties similarity index 58% rename from kubernetes/common/certInitializer/resources/retrieval_check.sh rename to kubernetes/aai/components/aai-search-data/resources/config/elastic-search.properties index f3af14b17a..e3ebbfac39 100644 --- a/kubernetes/common/certInitializer/resources/retrieval_check.sh +++ b/kubernetes/aai/components/aai-search-data/resources/config/elastic-search.properties @@ -1,5 +1,5 @@ {{/* -# Copyright © 2021 Orange +# Copyright © 2018 Amdocs, Bell Canada, AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,15 +12,15 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. + +# ElasticSearch Configuration */}} -#!/bin/sh +es.cluster-name=ES_AAI +es.ip-address=aai-elasticsearch.{{.Release.Namespace}} +es.http-port={{ .Values.config.elasticsearchHttpPort }} +es.uri-scheme=http +es.auth-user=admin +es.auth-password=OBF:1u2a1toa1w8v1tok1u30 +es.trust-store=auth/tomcat_keystore +es.trust-store-password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 -echo "*** retrieving passwords for certificates" -export $(/opt/app/aaf_config/bin/agent.sh local showpass \ - {{.Values.fqi}} {{ .Values.fqdn }} | grep '^c' | xargs -0) -if [ -z "${{ .Values.envVarToCheck }}" ] -then - echo " /!\ certificates retrieval failed" - exit 1 -fi -echo "*** password retrieval succeeded" diff --git a/kubernetes/aai/components/aai-search-data/resources/config/es-payload-translation.json b/kubernetes/aai/components/aai-search-data/resources/config/es-payload-translation.json new file mode 100644 index 0000000000..8a29863bf3 --- /dev/null +++ b/kubernetes/aai/components/aai-search-data/resources/config/es-payload-translation.json @@ -0,0 +1,17 @@ +{ + "attr-translations": [ + { + "query": "$..[?(@.type=='string' && @.index=='analyzed')]", + "update": {"type": "text", "index": true, "fielddata": true} + }, + { + "query": "$..[?(@.type=='string' && @.index=='not_analyzed')]", + "update": {"type": "keyword", "index": true} + }, + { + "query": "$..[?(@.type=='string' && !@.index)]", + "update": {"type": "text", "fielddata": true} + } + ] +} + diff --git a/kubernetes/aai/components/aai-search-data/resources/config/filter-config.json b/kubernetes/aai/components/aai-search-data/resources/config/filter-config.json new file mode 100644 index 0000000000..a27f75b000 --- /dev/null +++ b/kubernetes/aai/components/aai-search-data/resources/config/filter-config.json @@ -0,0 +1,7 @@ +[ + { + "name": "ngram_filter", + "description": "Custom NGram Filter.", + "configuration": " \"type\": \"nGram\", \"min_gram\": 1, \"max_gram\": 50, \"token_chars\": [ \"letter\", \"digit\", \"punctuation\", \"symbol\" ]" + } +] \ No newline at end of file diff --git a/kubernetes/aai/components/aai-search-data/resources/config/log/logback.xml b/kubernetes/aai/components/aai-search-data/resources/config/log/logback.xml new file mode 100644 index 0000000000..58bff2a02d --- /dev/null +++ b/kubernetes/aai/components/aai-search-data/resources/config/log/logback.xml @@ -0,0 +1,194 @@ +{{/* + +*/}} + + + + + + + + + + + + + + + + + + + + + + + + + ${errorLogPattern} + + + + + + + + + + + ${logDirectory}/${generalLogName}.log + + ${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.log.zip + + 60 + + + ${errorLogPattern} + + + + + + INFO + + 256 + + + + + + + + ${logDirectory}/${auditLogName}.log + + ${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.log.zip + + 60 + + + ${auditMetricPattern} + + + + 256 + + + + + ${logDirectory}/${metricsLogName}.log + + ${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.log.zip + + 60 + + + + ${auditMetricPattern} + + + + + + 256 + + + + + ${logDirectory}/${debugLogName}.log + + ${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.log.zip + + 60 + + + ${errorLogPattern} + + + + + 256 + + false + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/kubernetes/aai/components/aai-search-data/templates/configmap.yaml b/kubernetes/aai/components/aai-search-data/templates/configmap.yaml new file mode 100644 index 0000000000..0d76239ef9 --- /dev/null +++ b/kubernetes/aai/components/aai-search-data/templates/configmap.yaml @@ -0,0 +1,42 @@ +{{/* +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# Modifications Copyright (c) 2021 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-service-log + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/log/logback.xml").AsConfig . | indent 2 }} diff --git a/kubernetes/aai/components/aai-search-data/templates/deployment.yaml b/kubernetes/aai/components/aai-search-data/templates/deployment.yaml new file mode 100644 index 0000000000..eaa90870b0 --- /dev/null +++ b/kubernetes/aai/components/aai-search-data/templates/deployment.yaml @@ -0,0 +1,146 @@ +{{/* +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# Modifications Copyright © 2020,2021 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ include "common.name" . }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} + name: {{ include "common.name" . }} + spec: + containers: + - name: {{ include "common.name" . }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: CONFIG_HOME + value: /opt/app/search-data-service/config/ + - name: KEY_STORE_PASSWORD + value: {{ .Values.config.keyStorePassword }} + - name: KEY_MANAGER_PASSWORD + value: {{ .Values.config.keyManagerPassword }} + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/search-data-service/config/filter-config.json + subPath: filter-config.json + name: {{ include "common.fullname" . }}-service-config + - mountPath: /opt/app/search-data-service/config/elastic-search.properties + subPath: elastic-search.properties + name: {{ include "common.fullname" . }}-service-config + - mountPath: /opt/app/search-data-service/config/analysis-config.json + subPath: analysis-config.json + name: {{ include "common.fullname" . }}-service-config + - mountPath: /opt/app/search-data-service/config/es-payload-translation.json + subPath: es-payload-translation.json + name: {{ include "common.fullname" . }}-service-config + - mountPath: /opt/app/search-data-service/config/dynamic-custom-template.json + subPath: dynamic-custom-template.json + name: {{ include "common.fullname" . }}-service-config + - mountPath: /opt/app/search-data-service/config/auth/tomcat_keystore + subPath: tomcat_keystore + name: {{ include "common.fullname" . }}-service-auth-config + - mountPath: /opt/app/search-data-service/config/auth/search_policy.json + subPath: search_policy.json + name: {{ include "common.fullname" . }}-search-policy-config + - mountPath: /var/log/onap + name: {{ include "common.fullname" . }}-service-logs + - mountPath: /opt/app/search-data-service/bundleconfig/etc/logback.xml + name: {{ include "common.fullname" . }}-service-log-conf + subPath: logback.xml + ports: + - containerPort: {{ .Values.service.internalPort }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + resources: +{{ include "common.resources" . }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + + # side car containers + - name: filebeat-onap + image: {{ include "repositoryGenerator.image.logging" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: /usr/share/filebeat/filebeat.yml + subPath: filebeat.yml + name: filebeat-conf + - mountPath: /var/log/onap + name: {{ include "common.fullname" . }}-service-logs + - mountPath: /usr/share/filebeat/data + name: {{ include "common.fullname" . }}-service-filebeat + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: {{ include "common.fullname" . }}-service-config + configMap: + name: {{ include "common.fullname" . }} + - name: {{ include "common.fullname" . }}-service-auth-config + secret: + secretName: {{ include "common.fullname" . }}-keystone + - name: {{ include "common.fullname" . }}-search-policy-config + secret: + secretName: {{ include "common.fullname" . }}-policy + - name: filebeat-conf + configMap: + name: aai-filebeat + - name: {{ include "common.fullname" . }}-service-logs + emptyDir: {} + - name: {{ include "common.fullname" . }}-service-filebeat + emptyDir: {} + - name: {{ include "common.fullname" . }}-service-log-conf + configMap: + name: {{ include "common.fullname" . }}-service-log + restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aai/components/aai-search-data/templates/secret.yaml b/kubernetes/aai/components/aai-search-data/templates/secret.yaml new file mode 100644 index 0000000000..3135df6f07 --- /dev/null +++ b/kubernetes/aai/components/aai-search-data/templates/secret.yaml @@ -0,0 +1,43 @@ +{{/* +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# Modifications Copyright (c) 2021 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-keystone + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/config/auth/tomcat_keystore").AsSecrets . | indent 2 }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-policy + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/auth/search_policy.json").AsSecrets . | indent 2 }} diff --git a/kubernetes/aai/components/aai-search-data/templates/service.yaml b/kubernetes/aai/components/aai-search-data/templates/service.yaml new file mode 100644 index 0000000000..e031410737 --- /dev/null +++ b/kubernetes/aai/components/aai-search-data/templates/service.yaml @@ -0,0 +1,42 @@ +{{/* +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# Modifications Copyright (c) 2021 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + {{- if eq .Values.service.type "NodePort" }} + - port: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + {{- else }} + - port: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + {{- end }} + selector: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} + clusterIP: None diff --git a/kubernetes/aai/components/aai-search-data/values.yaml b/kubernetes/aai/components/aai-search-data/values.yaml new file mode 100644 index 0000000000..4bd535a475 --- /dev/null +++ b/kubernetes/aai/components/aai-search-data/values.yaml @@ -0,0 +1,78 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# Modifications Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Default values for search-data. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +global: # global defaults + nodePortPrefix: 302 + + +# application image +image: onap/search-data-service:1.6.2 +pullPolicy: Always +restartPolicy: Always +flavor: small +flavorOverride: small +# application configuration +config: + elasticsearchHttpPort: 9200 + keyStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 + keyManagerPassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 + trustStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 10 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 10 + periodSeconds: 10 + +service: + type: ClusterIP + portName: aai-search-data + internalPort: "9509" + +ingress: + enabled: false + +resources: + small: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 0.25 + memory: 750Mi + large: + limits: + cpu: 4 + memory: 8Gi + requests: + cpu: 0.5 + memory: 1Gi + unlimited: {} diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application.properties index a9bce0ef2a..1ae00d95c4 100644 --- a/kubernetes/aai/components/aai-sparky-be/resources/config/application.properties +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application.properties @@ -24,7 +24,7 @@ spring.mvc.favicon.enabled=false # and in the values.yaml change the internalPort to 9517 # -spring.profiles.active=camel,ssl,fe-prod,oxm-schema-prod,oxm-default,resources,aai-proxy +spring.profiles.active=camel,ssl,fe-prod,oxm-schema-prod,oxm-default,resources,portal,aai-proxy portal.cadiFileLocation={{.Values.config.cadiFileLocation}} portal.cadiFileLocation={{.Values.config.cadiFileLocation}} diff --git a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml index 6e74526ddc..c441a49732 100644 --- a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml @@ -43,6 +43,10 @@ spec: - /app/ready.py args: - --container-name + - aai-elasticsearch + - --container-name + - aai-search-data + - --container-name - aai env: - name: NAMESPACE diff --git a/kubernetes/aai/components/aai-sparky-be/values.yaml b/kubernetes/aai/components/aai-sparky-be/values.yaml index ed21030dc8..dae42474f5 100644 --- a/kubernetes/aai/components/aai-sparky-be/values.yaml +++ b/kubernetes/aai/components/aai-sparky-be/values.yaml @@ -28,7 +28,7 @@ global: # global defaults serviceName: aai-search-data # application image -image: onap/sparky-be:2.0.2 +image: onap/sparky-be:2.0.0 pullPolicy: Always restartPolicy: Always flavor: small diff --git a/kubernetes/aai/components/aai-traversal/requirements.yaml b/kubernetes/aai/components/aai-traversal/requirements.yaml index 498f1b837d..42641a2e5c 100644 --- a/kubernetes/aai/components/aai-traversal/requirements.yaml +++ b/kubernetes/aai/components/aai-traversal/requirements.yaml @@ -21,9 +21,6 @@ dependencies: # a part of this chart's package and will not # be published independently to a repo (at this point) repository: '@local' - - name: certInitializer - version: ~7.x-0 - repository: '@local' - name: repositoryGenerator version: ~7.x-0 repository: '@local' \ No newline at end of file diff --git a/kubernetes/aai/components/aai-traversal/resources/config/aaf/org.onap.aai.keyfile b/kubernetes/aai/components/aai-traversal/resources/config/aaf/org.onap.aai.keyfile new file mode 100644 index 0000000000..4c14bc37f1 --- /dev/null +++ b/kubernetes/aai/components/aai-traversal/resources/config/aaf/org.onap.aai.keyfile @@ -0,0 +1,27 @@ +VoVoSXQrAveX2NBnoAGs7p5q5Zn5vWkVXC81HQrzers30k7OzSy5rfCRSUVO13wuo-wzJQ4GGn4e +ZSOZrtTCenFwunUX6mirkIlip8W2TLNVH6O3VN-F7JS6t_6EFF5z1y7amr9MCWQ8p72Ig9uHMUWC +uPLjD6GUWAEw0BIGtCbXgJDs6v2EOCv0TV8Mq1uYSaiAOZgMlehwt1tWcE3iSRfZscjIp4Kjpe4e +QsZ9Bc5ATTnY3Tc5Mtmubc-1cwGDQQWFIo5k_cWfxhtpMAsNSidwp-zBjCKEWC465BKSSiUHwp4M +YW_6xrmN1FobnFqLCNoUEoXH3Mcgeze74dXmaN8_JyQ6T5pT1EtETsitnktrfFh-XsLKGf8vE1m8 +pfAtq4hPeq1jMdG0D8SRVGFxJlHa9VsmYpbUj_4I3GGsaBt_EBl9ZUtL0b3Vnx5fnqS1OZ1amL0z +94rQfQMf2UAnbI1j2j5oV6Hy2eBmSiLft2aNxs1VPmmZLQsm5dXDKF1eJ6twNmaZvzmQaSHTpN4b +YqPonSwlYK1ZARaKzx1SivpRWzRP-nqqFazfAnPlLdvCBpCK0g_SjwLvlifozVmH2j0Vd6E9F9XE +NzJSfUY6NsX6_7t10yDYtBKbFKID3jIKmSj7yn5PKNbEWBwmgvkBh4PIKTRij11udR8S8PnYsfTT +PyC52LH37LL5Me3Y443zOUXtYWwN6wfCi9H4pDQGmg7mcnpKV0Z-Iw59AuLKypTriG3-9DxYgMSa +_GCDiCIXhcWSEYieRV45qHoeVdgrPGN8iy9leO_JmikGsjcIKl0-mGrojsV0zHrqeP-fyvgpFD1x +NXLKeqErqSw_KMFOxCa0-cUQHgrVvrs5wDYeetZ4TRafKEYkojZhq6mbM5V2zScQTxU_VEHK0PIs +BJ6xHzcw9DLUjPTVtHXXbag9ly9ReoHXRLD5O9RZUvLH9pGRIkn_tMrVD1scMiS4ln9QplyGRF1_ +AAXysVgCna3-xuOIYo8zG74d29eNcuEpejPR8CiSWKiKNqp0zMYB5Jpv2dlf0XMucMne-6WV1-gg +EETogBbymFC6rcc31TjPwqnqyLY0XP7Gy1trJ47aI9zBXS3IZLmGaKW1d12ELDRsWctujcjHyt1_ +Vp3hrny5w7BNWD8SIueUzke3-OuEhOmu0o84TGvfHc6fmKCggRBn_oXee4OeCnt2HzNSlLvOV9AZ +g5e1UKuzl2dODQCZHNNdj-7f25LIVSV44m0SVNsDwboQ4s7T5HOTn3NM2KpklwBnB6w5ze2FFBzb +5XNzyXOpDgHEnszN1U90WrpoFvJ0LFJ5XeX8mH0q9lpcKZXbOqP383_dBXyEd237m2OF6WVG4VVm +4dqB98pBLiGpCR1K6ocdcZE6mAMQn-OdDaLIJLcXt77i1j2MNlODeax-MJnxMW8EjPAzNJzrdq5e +21spFMZJT9vthdl0qqiiduuTazaXGrmvnB85uvRCXVqJOesVG3HebubWrQuuuePxVTSL18R_PhId +0hmqho-MOZUHHTxGzqFDR0iOO8Y4hZfiAipHAd49IkkmYJUrEAb258in8W4__vJ5UcIdq2Rd8L9l +vtIzf7AKcFCyx7Woi95GpEJ2Kr_f6aG1_04hbFY_LHP3EHPcOxsDHjz-8FYreze_LUdsYx-fBMft +mcFmbFAblk8Jz7GYQ7c4XwULt2BbMr9rsuGuZHL3Ap6lX1eI0-6d8ZZ3DIXIWubTTqHG_mRNd5XW +b0x5nlEbnvw4t4DdjGsEONpQfllnnmkr25tPQBncPjlsA3oso6h5QM4psvkkKi8yd0N6t-yyLwra +w1B3p9YQFzK2hGA24Seo83baLRgIK6YvEsNnXdI7fmVEOetIslQue__6S6GupdqgUFx9xrtDLN-d +TbdxpezKWfkjCxEBxXyAhOttb3qqP0-jtZV7OEsZmmz0T9DG4hYnNfs-clD7rrD3Va7znzDru2sq +PtgpapahbNjM9pbx9_fU7M35aEYnGtEwG9BVGVxsWmIBMTc05ncru4qE0fLkjsDSnCMQ54e0 \ No newline at end of file diff --git a/kubernetes/aai/components/aai-traversal/resources/config/aaf/org.onap.aai.p12 b/kubernetes/aai/components/aai-traversal/resources/config/aaf/org.onap.aai.p12 new file mode 100644 index 0000000000..b2449c6a54 Binary files /dev/null and b/kubernetes/aai/components/aai-traversal/resources/config/aaf/org.onap.aai.p12 differ diff --git a/kubernetes/aai/components/aai-traversal/resources/config/aaf/org.onap.aai.props b/kubernetes/aai/components/aai-traversal/resources/config/aaf/org.onap.aai.props index b46defa6b7..ef78622641 100644 --- a/kubernetes/aai/components/aai-traversal/resources/config/aaf/org.onap.aai.props +++ b/kubernetes/aai/components/aai-traversal/resources/config/aaf/org.onap.aai.props @@ -1,16 +1,15 @@ ############################################################ # Properties Generated by AT&T Certificate Manager # @copyright 2016, AT&T -# Modifications Copyright (c) 2020 Orange ############################################################ cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US -cadi_keyfile={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.keyfile -cadi_keystore={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 -cadi_keystore_password=${KEYSTORE_PASSWORD} +cadi_keyfile=/opt/app/aai-traversal/resources/aaf/org.onap.aai.keyfile +cadi_keystore=/opt/app/aai-traversal/resources/aaf/org.onap.aai.p12 +cadi_keystore_password=enc:dgVjUeXy3cuR7nJ3TFVrXFfAu19gn6rie-RsS96-0fmeZwMsXlNIgK_rHd2eRY_p #cadi_key_password=enc:9xs_lJ9QQRDoMcHqLbGg40-gefGrw-sLMjWL40ejbyqdC7Jt_pQfY6ajBLGcbLuL cadi_alias=aai@aai.onap.org -cadi_truststore={{ .Values.certInitializer.credsPath }}/truststoreONAPall.jks -cadi_truststore_password=${TRUSTSTORE_ALL_PASSWORD} +cadi_truststore=/opt/app/aai-traversal/resources/aaf/truststoreONAPall.jks +cadi_truststore_password=enc:nF3CZ7w_swzgWJX8CtEOsKWA50x-Da_HbiYlXPWrQym cadi_loglevel=INFO cadi_bath_convert=/opt/app/aai-traversal/resources/aaf/bath_config.csv diff --git a/kubernetes/aai/components/aai-traversal/resources/config/aaiconfig.properties b/kubernetes/aai/components/aai-traversal/resources/config/aaiconfig.properties index 843a90bbcd..c7771e1133 100644 --- a/kubernetes/aai/components/aai-traversal/resources/config/aaiconfig.properties +++ b/kubernetes/aai/components/aai-traversal/resources/config/aaiconfig.properties @@ -4,7 +4,6 @@ # org.onap.aai # ================================================================================ # Copyright © 2017 AT&T Intellectual Property. All rights reserved. -# Modifications Copyright © 2020 Orange # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -38,10 +37,10 @@ aai.tools.username={{ .Values.global.config.basic.auth.username }} aai.tools.password={{ .Values.global.config.basic.auth.passwd }} {{ end }} -aai.truststore.filename={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks -aai.truststore.passwd.x=${TRUSTSTORE_PASSWORD} -aai.keystore.filename={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 -aai.keystore.passwd.x=${KEYSTORE_PASSWORD} +aai.truststore.filename={{ .Values.global.config.truststore.filename }} +aai.truststore.passwd.x={{ .Values.global.config.truststore.passwd }} +aai.keystore.filename={{ .Values.global.config.keystore.filename }} +aai.keystore.passwd.x={{ .Values.global.config.keystore.passwd }} aai.notification.current.version={{ .Values.global.config.schema.version.api.default }} aai.notificationEvent.default.status=UNPROCESSED diff --git a/kubernetes/aai/components/aai-traversal/resources/config/application.properties b/kubernetes/aai/components/aai-traversal/resources/config/application.properties index a5e92c5a61..31ed2be3fe 100644 --- a/kubernetes/aai/components/aai-traversal/resources/config/application.properties +++ b/kubernetes/aai/components/aai-traversal/resources/config/application.properties @@ -1,6 +1,5 @@ {{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T -# Modifications Copyright © 2020 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -45,10 +44,10 @@ server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties server.port=8446 server.ssl.enabled-protocols=TLSv1.1,TLSv1.2 -server.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 -server.ssl.key-store-password=${KEYSTORE_PASSWORD} -server.ssl.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks -server.ssl.trust-store-password=${TRUSTSTORE_PASSWORD} +server.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }} +server.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }}) +server.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.truststore.filename }} +server.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }}) server.ssl.client-auth=want server.ssl.key-store-type=JKS @@ -96,7 +95,7 @@ schema.service.versions.endpoint=versions schema.service.custom.queries.endpoint=stored-queries schema.service.client={{ .Values.global.config.schema.service.client }} -schema.service.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 -schema.service.ssl.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks -schema.service.ssl.key-store-password=${KEYSTORE_PASSWORD} -schema.service.ssl.trust-store-password=${TRUSTSTORE_PASSWORD} +schema.service.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }} +schema.service.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.truststore.filename }} +schema.service.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }}) +schema.service.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }}) diff --git a/kubernetes/aai/components/aai-traversal/resources/config/localhost-access-logback.xml b/kubernetes/aai/components/aai-traversal/resources/config/localhost-access-logback.xml index b801a7ae5f..7f6a03168e 100644 --- a/kubernetes/aai/components/aai-traversal/resources/config/localhost-access-logback.xml +++ b/kubernetes/aai/components/aai-traversal/resources/config/localhost-access-logback.xml @@ -1,16 +1,17 @@ -{{/* -*/}} - - - ${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log - - ${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log.%d{yyyy-MM-dd} - - - - %a %u %z [%t] "%m %U%q" %s %b %y %i{X-TransactionId} %i{X-FromAppId} %i{X-Forwarded-For} %i{X-AAI-SSL-Client-CN} %i{X-AAI-SSL-Client-OU} %i{X-AAI-SSL-Client-O} %i{X-AAI-SSL-Client-L} %i{X-AAI-SSL-Client-ST} %i{X-AAI-SSL-Client-C} %i{X-AAI-SSL-Client-NotBefore} %i{X-AAI-SSL-Client-NotAfter} %i{X-AAI-SSL-Client-DN} %D - - - -{{/**/}} \ No newline at end of file + --> +*/}} \ No newline at end of file diff --git a/kubernetes/aai/components/aai-traversal/resources/config/logback.xml b/kubernetes/aai/components/aai-traversal/resources/config/logback.xml index 96bb197519..df35aaa0ed 100644 --- a/kubernetes/aai/components/aai-traversal/resources/config/logback.xml +++ b/kubernetes/aai/components/aai-traversal/resources/config/logback.xml @@ -1,16 +1,17 @@ -{{/* -*/}} - +*/}} + + - + - + - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + %clr(%d{yyyy-MM-dd HH:mm:ss.SSS}){faint} %clr(${LOG_LEVEL_PATTERN:-%5p}) %clr(${PID:- }){magenta} %clr(---){faint} %clr([%15.15t]){faint} %clr(%-40.40logger{39}){cyan} %clr(:){faint} %m%n${LOG_EXCEPTION_CONVERSION_WORD:-%wEx} - - - + + + - - ${logDirectory}/rest/sane.log - - ${logDirectory}/rest/sane.log.%d{yyyy-MM-dd} - - - %d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n - - - + + ${logDirectory}/rest/sane.log + + ${logDirectory}/rest/sane.log.%d{yyyy-MM-dd} + + + %d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n + + + - - 1000 - true - - - - ${logDirectory}/rest/metrics.log - - ${logDirectory}/rest/metrics.log.%d{yyyy-MM-dd} - - - ${metricPattern} - - + + 1000 + true + + + + ${logDirectory}/rest/metrics.log + + ${logDirectory}/rest/metrics.log.%d{yyyy-MM-dd} + + + ${metricPattern} + + - - 1000 - true - - + + 1000 + true + + - - - DEBUG - ACCEPT - DENY - - ${logDirectory}/rest/debug.log - - ${logDirectory}/rest/debug.log.%d{yyyy-MM-dd} - - - ${debugPattern} - - + + + DEBUG + ACCEPT + DENY + + ${logDirectory}/rest/debug.log + + ${logDirectory}/rest/debug.log.%d{yyyy-MM-dd} + + + ${debugPattern} + + - - 1000 - - true - - - ${logDirectory}/rest/error.log - - ${logDirectory}/rest/error.log.%d{yyyy-MM-dd} - - - WARN - - - ${errorPattern} - - + + 1000 + + true + + + ${logDirectory}/rest/error.log + + ${logDirectory}/rest/error.log.%d{yyyy-MM-dd} + + + WARN + + + ${errorPattern} + + - - 1000 - - + + 1000 + + - - ${logDirectory}/rest/audit.log - - ${logDirectory}/rest/audit.log.%d{yyyy-MM-dd} - - - - ${auditPattern} - - + + ${logDirectory}/rest/audit.log + + ${logDirectory}/rest/audit.log.%d{yyyy-MM-dd} + + + + ${auditPattern} + + - - 1000 - true - - + + 1000 + true + + - - - DEBUG - ACCEPT - DENY - - ${logDirectory}/rest/translog.log - - ${logDirectory}/rest/translog.log.%d{yyyy-MM-dd} - - - - ${transLogPattern} - - + + + DEBUG + ACCEPT + DENY + + ${logDirectory}/rest/translog.log + + ${logDirectory}/rest/translog.log.%d{yyyy-MM-dd} + + + + ${transLogPattern} + + - - 1000 - true - - + + 1000 + true + + - - - WARN - - ${logDirectory}/dmaapAAIEventConsumer/error.log - - ${logDirectory}/dmaapAAIEventConsumer/error.log.%d{yyyy-MM-dd} - - - - ${errorPattern} - + + + WARN + + ${logDirectory}/dmaapAAIEventConsumer/error.log + + ${logDirectory}/dmaapAAIEventConsumer/error.log.%d{yyyy-MM-dd} + + + + ${errorPattern} + - + - - - DEBUG - ACCEPT - DENY - - ${logDirectory}/dmaapAAIEventConsumer/debug.log - - ${logDirectory}/dmaapAAIEventConsumer/debug.log.%d{yyyy-MM-dd} - - - - ${debugPattern} - - - - - INFO - ACCEPT - DENY - - ${logDirectory}/dmaapAAIEventConsumer/dmaap-transaction.log - - ${logDirectory}/dmaapAAIEventConsumer/dmaap-transaction.log.%d{yyyy-MM-dd} - - - - ${auditPattern} - - - - - INFO - ACCEPT - DENY - - ${logDirectory}/dmaapAAIEventConsumer/metrics.log - - ${logDirectory}/dmaapAAIEventConsumer/metrics.log.%d{yyyy-MM-dd} - - - - ${metricPattern} - - - - - WARN - - ${logDirectory}/external/external.log - - ${logDirectory}/external/external.log.%d{yyyy-MM-dd} - - - - ${debugPattern} - - - - - DEBUG - - ${logDirectory}/auth/auth.log - - ${logDirectory}/auth/auth.log.%d{yyyy-MM-dd} - - - - %d{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}[%thread] %-5level %logger{1024} - %msg%n - - - - 1000 - true - - - + + + DEBUG + ACCEPT + DENY + + ${logDirectory}/dmaapAAIEventConsumer/debug.log + + ${logDirectory}/dmaapAAIEventConsumer/debug.log.%d{yyyy-MM-dd} + + + + ${debugPattern} + + + + + INFO + ACCEPT + DENY + + ${logDirectory}/dmaapAAIEventConsumer/dmaap-transaction.log + + ${logDirectory}/dmaapAAIEventConsumer/dmaap-transaction.log.%d{yyyy-MM-dd} + + + + ${auditPattern} + + + + + INFO + ACCEPT + DENY + + ${logDirectory}/dmaapAAIEventConsumer/metrics.log + + ${logDirectory}/dmaapAAIEventConsumer/metrics.log.%d{yyyy-MM-dd} + + + + ${metricPattern} + + + + + WARN + + ${logDirectory}/external/external.log + + ${logDirectory}/external/external.log.%d{yyyy-MM-dd} + + + + ${debugPattern} + + + + + DEBUG + + ${logDirectory}/auth/auth.log + + ${logDirectory}/auth/auth.log.%d{yyyy-MM-dd} + + + + %d{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}[%thread] %-5level %logger{1024} - %msg%n + + + + 1000 + true + + + - - + + - - + + - - - - - - - - - - - + + + + + + + + + + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - + + + + - - - + + + - - - - - \ No newline at end of file + + + + + diff --git a/kubernetes/aai/components/aai-traversal/templates/configmap.yaml b/kubernetes/aai/components/aai-traversal/templates/configmap.yaml index c0bcb3b491..5c6dc7293d 100644 --- a/kubernetes/aai/components/aai-traversal/templates/configmap.yaml +++ b/kubernetes/aai/components/aai-traversal/templates/configmap.yaml @@ -1,6 +1,5 @@ {{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T -# Copyright © 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,7 +17,7 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "common.fullname" . }} + name: {{ include "common.fullname" . }}-configmap namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} @@ -49,3 +48,19 @@ data: {{ tpl (.Files.Glob "resources/config/aaf/permissions.properties").AsConfig . | indent 2 }} {{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.props").AsConfig . | indent 2 }} {{ tpl (.Files.Glob "resources/config/aaf/cadi.properties").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-aaf-keys + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.keyfile").AsSecrets . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.p12").AsSecrets . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/aaf/bath_config.csv").AsSecrets . | indent 2 }} diff --git a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml index 23621491e7..6f5ac8263b 100644 --- a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml @@ -91,28 +91,31 @@ spec: {{- end }} spec: hostname: aai-traversal - initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} + {{ if .Values.global.initContainers.enabled }} + initContainers: - command: + {{ if .Values.global.jobs.migration.enabled }} - /app/ready.py args: - {{- if .Values.global.jobs.migration.enabled }} - --job-name - {{ include "common.release" . }}-aai-graphadmin-migration - {{- else }} - {{- if .Values.global.jobs.createSchema.enabled }} + {{ else if .Values.global.jobs.createSchema.enabled }} + - /app/ready.py + args: - --job-name - {{ include "common.release" . }}-aai-graphadmin-create-db-schema - {{- else }} + {{ else }} + - /app/ready.py + args: - --container-name - {{- if .Values.global.cassandra.localCluster }} + {{- if .Values.global.cassandra.localCluster }} - aai-cassandra - {{- else }} + {{- else }} - cassandra - {{- end }} + {{- end }} - --container-name - aai-schema-service - {{- end }} - {{- end }} + {{ end }} env: - name: NAMESPACE valueFrom: @@ -122,29 +125,19 @@ spec: image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness + {{ end }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - sh - args: - - -c - - | - echo "*** retrieve Truststore and Keystore password" - export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0) - echo "*** actual launch of AAI Resources" - /bin/bash /opt/app/aai-traversal/docker-entrypoint.sh env: - - name: TRUSTORE_ALL_PASSWORD - value: {{ .Values.certInitializer.truststoreAllPassword }} - name: DISABLE_UPDATE_QUERY value: {{ .Values.config.disableUpdateQuery | quote }} - name: LOCAL_USER_ID value: {{ .Values.global.config.userId | quote }} - name: LOCAL_GROUP_ID value: {{ .Values.global.config.groupId | quote }} - volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} + volumeMounts: - mountPath: /etc/localtime name: localtime readOnly: true @@ -170,6 +163,9 @@ spec: - mountPath: /opt/app/aai-traversal/resources/etc/auth/realm.properties name: {{ include "common.fullname" . }}-config subPath: realm.properties + - mountPath: /opt/app/aai-traversal/resources/aaf/org.onap.aai.keyfile + name: {{ include "common.fullname" . }}-aaf-certs + subPath: org.onap.aai.keyfile - mountPath: /opt/app/aai-traversal/resources/aaf/bath_config.csv name: {{ include "common.fullname" . }}-aaf-certs subPath: bath_config.csv @@ -185,9 +181,21 @@ spec: - mountPath: /opt/app/aai-traversal/resources/cadi.properties name: {{ include "common.fullname" . }}-aaf-properties subPath: cadi.properties + - mountPath: /opt/app/aai-traversal/resources/aaf/org.onap.aai.p12 + name: {{ include "common.fullname" . }}-aaf-certs + subPath: org.onap.aai.p12 + - mountPath: /opt/app/aai-traversal/resources/aaf/truststoreONAPall.jks + name: aai-common-aai-auth-mount + subPath: truststoreONAPall.jks - mountPath: /opt/app/aai-traversal/resources/application.properties name: {{ include "common.fullname" . }}-config subPath: application.properties + {{ $global := . }} + {{ range $job := .Values.global.config.auth.files }} + - mountPath: /opt/app/aai-traversal/resources/etc/auth/{{ . }} + name: {{ include "common.fullname" $global }}-auth-truststore-sec + subPath: {{ . }} + {{ end }} ports: - containerPort: {{ .Values.service.internalPort }} - containerPort: {{ .Values.service.internalPort2 }} @@ -210,7 +218,7 @@ spec: {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 8 }} - {{- end }} + {{- end -}} {{- if .Values.affinity }} affinity: {{ toYaml .Values.affinity | indent 8 }} @@ -230,7 +238,7 @@ spec: name: {{ include "common.fullname" . }}-filebeat resources: {{ include "common.resources" . }} - volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} + volumes: - name: localtime hostPath: path: /etc/localtime @@ -245,16 +253,24 @@ spec: emptyDir: {} - name: {{ include "common.fullname" . }}-config configMap: - name: {{ include "common.fullname" . }} + name: {{ include "common.fullname" . }}-configmap - name: {{ include "common.fullname" . }}-aaf-properties configMap: name: {{ include "common.fullname" . }}-aaf-props - name: {{ include "common.fullname" . }}-aaf-certs secret: - secretName: {{ include "common.fullname" . }}-aaf + secretName: {{ include "common.fullname" . }}-aaf-keys - name: aai-common-aai-auth-mount secret: secretName: aai-common-aai-auth + - name: {{ include "common.fullname" . }}-auth-truststore-sec + secret: + secretName: aai-common-truststore + items: + {{ range $job := .Values.global.config.auth.files }} + - key: {{ . }} + path: {{ . }} + {{ end }} restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aai/components/aai-traversal/templates/job.yaml b/kubernetes/aai/components/aai-traversal/templates/job.yaml index 2eac7fe722..16e7022c0d 100644 --- a/kubernetes/aai/components/aai-traversal/templates/job.yaml +++ b/kubernetes/aai/components/aai-traversal/templates/job.yaml @@ -106,6 +106,12 @@ spec: - mountPath: /opt/app/aai-traversal/resources/application.properties name: {{ include "common.fullname" . }}-config subPath: application.properties + {{ $global := . }} + {{ range $job := .Values.global.config.auth.files }} + - mountPath: /opt/app/aai-traversal/resources/etc/auth/{{ . }} + name: {{ include "common.fullname" $global }}-auth-truststore-sec + subPath: {{ . }} + {{ end }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container volumes: @@ -123,7 +129,15 @@ spec: emptyDir: {} - name: {{ include "common.fullname" . }}-config configMap: - name: {{ include "common.fullname" . }} + name: {{ include "common.fullname" . }}-configmap + - name: {{ include "common.fullname" . }}-auth-truststore-sec + secret: + secretName: aai-common-truststore + items: + {{ range $job := .Values.global.config.auth.files }} + - key: {{ . }} + path: {{ . }} + {{ end }} restartPolicy: OnFailure imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aai/components/aai-traversal/templates/service.yaml b/kubernetes/aai/components/aai-traversal/templates/service.yaml index fad857bb41..66dfd493dd 100644 --- a/kubernetes/aai/components/aai-traversal/templates/service.yaml +++ b/kubernetes/aai/components/aai-traversal/templates/service.yaml @@ -43,3 +43,4 @@ spec: selector: app: {{ include "common.name" . }} release: {{ include "common.release" . }} + clusterIP: None diff --git a/kubernetes/aai/components/aai-traversal/values.yaml b/kubernetes/aai/components/aai-traversal/values.yaml index 1e3a9629f6..0242cedd0b 100644 --- a/kubernetes/aai/components/aai-traversal/values.yaml +++ b/kubernetes/aai/components/aai-traversal/values.yaml @@ -26,6 +26,8 @@ global: # global defaults #Override it to aai-cassandra if localCluster is enabled. serviceName: cassandra + initContainers: + enabled: true # Specifies a list of jobs to be run jobs: # When enabled, it will create the schema based on oxm and edge rules @@ -102,45 +104,28 @@ global: # global defaults edge: label: v12 + # Keystore configuration password and filename + keystore: + filename: aai_keystore + passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 + + # Truststore configuration password and filename + truststore: + filename: aai_keystore + passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 + + # Specifies a list of files to be included in auth volume + auth: + files: + - aai_keystore + # Specifies which clients should always default to realtime graph connection realtime: clients: SDNC,MSO,SO,robot-ete -################################################################# -# Certificate configuration -################################################################# -certInitializer: - nameOverride: aai-traversal-cert-initializer - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - # aafDeployCredsExternalSecret: some secret - fqdn: aai-traversal - fqi: aai-traversal@aai-traversal.onap.org - public_fqdn: aai-traversal.onap.org - cadi_longitude: "0.0" - cadi_latitude: "0.0" - app_ns: org.osaaf.aaf - credsPath: /opt/app/osaaf/local - fqi_namespace: org.onap.aai-traversal - aaf_add_config: | - echo "*** retrieving password for keystore and trustore" - export $(/opt/app/aaf_config/bin/agent.sh local showpass \ - {{.Values.fqi}} {{ .Values.fqdn }} | grep '^c' | xargs -0) - if [ -z "$cadi_keystore_password_p12" ] - then - echo " /!\ certificates retrieval wasn't good" - exit 1 - else - echo "*** writing passwords into prop file" - echo "KEYSTORE_PASSWORD=${cadi_keystore_password_p12}" > {{ .Values.credsPath }}/mycreds.prop - echo "TRUSTSTORE_PASSWORD=${cadi_truststore_password}" >> {{ .Values.credsPath }}/mycreds.prop - echo "*** change ownership of certificates to targeted user" - chown -R 1000 {{ .Values.credsPath }} - fi - truststoreAllPassword: changeit # application image -image: onap/aai-traversal:1.8.0 +image: onap/aai-traversal:1.7.2 pullPolicy: Always restartPolicy: Always flavor: small diff --git a/kubernetes/aai/requirements.yaml b/kubernetes/aai/requirements.yaml index 42b0f00874..c8970da183 100644 --- a/kubernetes/aai/requirements.yaml +++ b/kubernetes/aai/requirements.yaml @@ -38,6 +38,14 @@ dependencies: version: ~7.x-0 repository: 'file://components/aai-babel' condition: aai-babel.enabled + - name: aai-data-router + version: ~7.x-0 + repository: 'file://components/aai-data-router' + condition: aai-data-router.enabled + - name: aai-elasticsearch + version: ~7.x-0 + repository: 'file://components/aai-elasticsearch' + condition: aai-elasticsearch.enabled - name: aai-graphadmin version: ~7.x-0 repository: 'file://components/aai-graphadmin' @@ -54,6 +62,10 @@ dependencies: version: ~7.x-0 repository: 'file://components/aai-schema-service' condition: aai-schema-service.enabled + - name: aai-search-data + version: ~7.x-0 + repository: 'file://components/aai-search-data' + condition: aai-search-data.enabled - name: aai-sparky-be version: ~7.x-0 repository: 'file://components/aai-sparky-be' diff --git a/kubernetes/aai/values.yaml b/kubernetes/aai/values.yaml index 1e509bd48d..516dcc4d70 100644 --- a/kubernetes/aai/values.yaml +++ b/kubernetes/aai/values.yaml @@ -228,11 +228,11 @@ global: # global defaults version: # Current version of the REST API api: - default: v23 + default: v21 # Specifies which version the depth parameter is configurable depth: v11 # List of all the supported versions of the API - list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23 + list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21 # Specifies from which version related link should appear related: link: v11 diff --git a/kubernetes/cds/components/Makefile b/kubernetes/cds/components/Makefile index bf267b7720..f2e7a1fb82 100644 --- a/kubernetes/cds/components/Makefile +++ b/kubernetes/cds/components/Makefile @@ -17,9 +17,9 @@ OUTPUT_DIR := $(ROOT_DIR)/../../dist PACKAGE_DIR := $(OUTPUT_DIR)/packages SECRET_DIR := $(OUTPUT_DIR)/secrets -EXCLUDES := +EXCLUDES := soHelpers HELM_BIN := helm -HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) +HELM_CHARTS := soHelpers $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) .PHONY: $(EXCLUDES) $(HELM_CHARTS) diff --git a/kubernetes/cds/components/cds-ui/requirements.yaml b/kubernetes/cds/components/cds-ui/requirements.yaml index 2f608f1baf..ff51b4420a 100644 --- a/kubernetes/cds/components/cds-ui/requirements.yaml +++ b/kubernetes/cds/components/cds-ui/requirements.yaml @@ -16,9 +16,6 @@ dependencies: - name: common version: ~7.x-0 repository: '@local' - - name: certInitializer - version: ~7.x-0 - repository: '@local' - name: repositoryGenerator version: ~7.x-0 repository: '@local' \ No newline at end of file diff --git a/kubernetes/cds/components/cds-ui/templates/deployment.yaml b/kubernetes/cds/components/cds-ui/templates/deployment.yaml index 359c713ed4..1c88f56d99 100644 --- a/kubernetes/cds/components/cds-ui/templates/deployment.yaml +++ b/kubernetes/cds/components/cds-ui/templates/deployment.yaml @@ -37,9 +37,6 @@ spec: release: {{ include "common.release" . }} name: {{ include "common.fullname" . }} spec: - {{- if .Values.global.aafEnabled }} - initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} - {{- end }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} @@ -74,18 +71,12 @@ spec: value: "{{ .Values.config.api.processor.grpc.port }}" - name: API_BLUEPRINT_PROCESSOR_GRPC_AUTH_TOKEN value: {{ .Values.config.api.processor.grpc.authToken }} - {{- if .Values.global.aafEnabled }} - - name: KEYSTORE - value: "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12" - - name: PASSPHRASE - value: "{{ .Values.certInitializer.credsPath }}/mycreds.prop" - {{- end }} readinessProbe: tcpSocket: port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} - volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 12 }} + volumeMounts: - mountPath: /etc/localtime name: localtime readOnly: true @@ -99,7 +90,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} - volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} + volumes: - name: localtime hostPath: path: /etc/localtime diff --git a/kubernetes/cds/components/cds-ui/values.yaml b/kubernetes/cds/components/cds-ui/values.yaml index a7d0667695..1c7f628b2c 100644 --- a/kubernetes/cds/components/cds-ui/values.yaml +++ b/kubernetes/cds/components/cds-ui/values.yaml @@ -22,27 +22,6 @@ global: subChartsOnly: enabled: true -################################################################# -# AAF part -################################################################# -certInitializer: - nameOverride: cds-cert-initializer - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - # aafDeployCredsExternalSecret: some secret - fqdn: sdnc-cds - fqi: sdnc-cds@sdnc-cds.onap.org - public_fqdn: sdnc-cds.onap.org - cadi_longitude: "0.0" - cadi_latitude: "0.0" - app_ns: org.osaaf.aaf - credsPath: /opt/app/osaaf/local - fqi_namespace: org.onap.sdnc-cds - aaf_add_config: > - /opt/app/aaf_config/bin/agent.sh; - /opt/app/aaf_config/bin/agent.sh local showpass - {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop - # application image image: onap/ccsdk-cds-ui-server:1.0.3 pullPolicy: Always diff --git a/kubernetes/cli/requirements.yaml b/kubernetes/cli/requirements.yaml index 2050d85f07..1e08aaf3cd 100644 --- a/kubernetes/cli/requirements.yaml +++ b/kubernetes/cli/requirements.yaml @@ -19,9 +19,6 @@ dependencies: # a part of this chart's package and will not # be published independently to a repo (at this point) repository: '@local' - - name: certInitializer - version: ~7.x-0 - repository: '@local' - name: repositoryGenerator version: ~7.x-0 repository: '@local' diff --git a/kubernetes/cli/resources/certificates/ocomp.pem b/kubernetes/cli/resources/certificates/ocomp.pem new file mode 100644 index 0000000000..5321c65d21 --- /dev/null +++ b/kubernetes/cli/resources/certificates/ocomp.pem @@ -0,0 +1,49 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDDIyIm/AvmgI0A +DDVZb6pe8Qlh9YHoGnm5I3S3dvu1YBT6jLvP7N1v1BAx6+xxg4RQ2v+WAxUwKgy3 +gSo2mhmBwPZGlhLX+IdbT+sb7Cl/xfB7kkegLsnWhlM4YEtlAQW8FYi9gMqssBiO +lk6zlWqVrShNC566vpEURQOjU1CanZWMhXtYzw4gbMBGlrC54EtRwmn6a7Gp/avA +FZ05c/7BQyfFq/jc7ttmaeNtYdFwPkuljdE/0h4ZtmZjY5hxrBkCHUXtf/obhxep +q5PzR16MA1zwis+OHoadqm4qP8w9Wo7KNQo62Sm6zB4gbQO+qA/ZwcSHlJNPAavt +7KB3lIN1AgMBAAECggEAcXtgJC3WOeGunkV7TRzchsREgZyGRNYIzftpqDxg27UZ +3i+0FZKZoKxCEtYyNj2W2HLTyojWbKE3rgxG4WQyyzvNvXUPVlwpU5ghkaaA59bU +KPkEAIrVRJXvlcyibAXxMNWRJSveMhli3qFY+aU+S/dchZnpYI7szk3odLZCHPfd +7KWMOlm3RYUGo4XIXY9nqAgsgg0ml3s5NUoLwVtxtZFocEiLTxTuvjsirE+IVYNx +kgGJ5EYpfCkAPQkNF+L27BHrrQpGdmQnCft3iqkGJa8+oPE0DY+TPoY1VNoPmKKg +CTDouuaJQHq62MvkSj2EauHBshzzrL6UhW5FpqybIQKBgQDl40/jhvZ3i64rXUB+ +3GXFnSJuhG6ys/bHQBP+rtHCdyYlfgEe3ZjSKq16HNFErgUBXiVjR+VvPS2m/r9R +zYCD9jJ9YYfAdcyo58kZZrut8atu94G0Un9hNz5nQ+hy9YNOsI8woJdCfw41jGcx +A1hP05fDxw5Ozi2uZBhwI39keQKBgQDZTVbuASj4tMgsHHgpqVt0j6nD3t4kG5h5 +333arMmklsWrX1nnEHE73S72JO/sz0GJtAu7EpjMNkZlTmZz+U5geuhfrTLEGrti +MG8o9VakLbxdZBVbpHznoY+bb6o5pW6jKyOR9jPuX5AhgAj8eeP5OOU5nHh/2wOG +HMZyDak/3QKBgFTBI5j9Dy0v4Dy4mqiq1RKwRht809sqolb/dt+00Dzj9Lpp5Dve +8xK5DVAyA61QgyPn89zQivQiGAyzaxHbs//y6tZy+LuqMpQrMGcfCx6sNMoqkjVL +HQ9YcLddv/tyLMD8My54Zovrj++KHhlh5FM57YAOiWXgedMLsD7Xt4XxAoGBAJk8 +X6vQp5rSqUHqBZajdfm5gWa9l/rwdtKilraJGFz3cYdK4zP9NUyYyhALtiFReg7o +J0mRcKy5LWUtJzRrPyjsI0es9Fqz2yX/r7O7ZpC6K9XTyPfqA6a4GHPtB6ZFEcMA +ncHFU5OqUhI9npikP+40f/jjbVoEEPUW/53YIl0FAoGAR7g3so9iKRttgfMTpA3G +U480A8tTxZpP3agmvGvOw8HuLXzjGU5P6cntFGNxg1fDOOi8Qf+726gowMDij2nK +ACewXgS8aix8l0U/kzoUL4yUuc4AwobOMyefhCJ89hFaLRZn1LNKZIuNKcWApekh +kxMQk6Ent5/OF/yYOsIzlLs= +-----END PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIIDXTCCAkWgAwIBAgIJAITRlPCTLzArMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV +BAYTAklOMQswCQYDVQQIDAJLQTEMMAoGA1UEBwwDQkxSMQwwCgYDVQQKDANDTEkx +DTALBgNVBAMMBG9uYXAwHhcNMjAwMjIxMTAyOTM4WhcNNDcwNzA4MTAyOTM4WjBF +MQswCQYDVQQGEwJJTjELMAkGA1UECAwCS0ExDDAKBgNVBAcMA0JMUjEMMAoGA1UE +CgwDQ0xJMQ0wCwYDVQQDDARvbmFwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +CgKCAQEAwyMiJvwL5oCNAAw1WW+qXvEJYfWB6Bp5uSN0t3b7tWAU+oy7z+zdb9QQ +MevscYOEUNr/lgMVMCoMt4EqNpoZgcD2RpYS1/iHW0/rG+wpf8Xwe5JHoC7J1oZT +OGBLZQEFvBWIvYDKrLAYjpZOs5Vqla0oTQueur6RFEUDo1NQmp2VjIV7WM8OIGzA +RpawueBLUcJp+muxqf2rwBWdOXP+wUMnxav43O7bZmnjbWHRcD5LpY3RP9IeGbZm +Y2OYcawZAh1F7X/6G4cXqauT80dejANc8IrPjh6GnapuKj/MPVqOyjUKOtkpuswe +IG0DvqgP2cHEh5STTwGr7eygd5SDdQIDAQABo1AwTjAdBgNVHQ4EFgQUP0Dxq/ZI +TM5F62E87YD+09zk+7wwHwYDVR0jBBgwFoAUP0Dxq/ZITM5F62E87YD+09zk+7ww +DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAqPlrvhP2ah4z5sDw/z31 +5v/20VKfQVDDeq3MHXRC2QCD3GR32aZYXSdtTKsBAS+jFzV42+T8ry0XBKPR0gtg +O2oZzfUkTG3eyAmOE1PFUIf+JaQiYN1v5uFsIhDbMngzvB66F9SCD5zzsSVv++DG +5YDqJFgHadp8BmTOkiA8u6YnnKF8UgBYwfuZFsSgzIDOjyLYULase+nqJVG841UN +MMWQzqyhHmzIvXcY3kYBbtI7n0ryW0u1ZkomBZs/DbixZ2w6G1K3UONHgdIX6uf4 +hca+vTR3xZuPJ9dXhwNhZVfQZr3SfGW89Xmu/LOGx+lZoAxFXw5PdbA0LPi5k+wU +xg== +-----END CERTIFICATE----- diff --git a/kubernetes/cli/resources/configuration/lighttpd.conf b/kubernetes/cli/resources/configuration/lighttpd.conf deleted file mode 100644 index 0809868b35..0000000000 --- a/kubernetes/cli/resources/configuration/lighttpd.conf +++ /dev/null @@ -1,55 +0,0 @@ -{{/* -# Copyright 2018 Huawei Technologies Co., Ltd. -# Copyright 2021 Huawei Technologies Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -server.document-root = "/var/www-data/servers/open-cli/" -server.username = "www-data" -server.groupname = "www-data" -server.port = 443 -ssl.engine = "enable" -ssl.pemfile = "{{ .Values.certInitializer.credsPath }}/certs/fullchain.pem" - -mimetype.assign = ( - ".html" => "text/html", - ".txt" => "text/plain", - ".jpg" => "image/jpeg", - ".png" => "image/png" -) - -index-file.names = ( "index.html" ) -dir-listing.activate = "disable" - - -server.modules = ( - "mod_access", - "mod_proxy", - "mod_alias", - "mod_compress", - "mod_redirect", -# "mod_rewrite", -) - -#server.upload-dirs = ( "/var/cache/lighttpd/uploads" ) -server.errorlog = "/var/log/lighttpd/error.log" -server.pid-file = "/var/run/lighttpd.pid" -#compress.cache-dir = "/var/cache/lighttpd/compress/" -#compress.filetype = ( "application/javascript", "text/css", "text/html", "text/plain" ) - -# default listening port for IPv6 falls back to the IPv4 port -## Use ipv6 if available -#include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port -#include_shell "/usr/share/lighttpd/create-mime.assign.pl" -#include_shell "/usr/share/lighttpd/include-conf-enabled.pl" \ No newline at end of file diff --git a/kubernetes/cli/templates/deployment.yaml b/kubernetes/cli/templates/deployment.yaml index 735308754f..74b2d2df37 100644 --- a/kubernetes/cli/templates/deployment.yaml +++ b/kubernetes/cli/templates/deployment.yaml @@ -35,7 +35,6 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} @@ -57,10 +56,10 @@ spec: port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} - volumeMounts: {{- include "common.certInitializer.volumeMount" . | nindent 10 }} - - name: lighttpd - mountPath: "/etc/lighttpd/lighttpd.conf" - subPath: lighttpd.conf + volumeMounts: + - name: ocomp-pem + mountPath: "/etc/lighttpd/ocomp.pem" + subPath: ocomp.pem readOnly: true env: - name: OPEN_CLI_MODE @@ -75,9 +74,9 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} - volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - - name: lighttpd - configMap: - name: {{ include "common.fullname" . }}-lighttpd + volumes: + - name: ocomp-pem + secret: + secretName: ocomp-pem imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/Chart.yaml b/kubernetes/cli/templates/secrets.yaml similarity index 54% rename from kubernetes/dcaegen2/components/dcae-ves-openapi-manager/Chart.yaml rename to kubernetes/cli/templates/secrets.yaml index 1ba7695a30..213b709026 100644 --- a/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/Chart.yaml +++ b/kubernetes/cli/templates/secrets.yaml @@ -1,7 +1,6 @@ -#============LICENSE_START======================================================== -# ================================================================================ -# Copyright (c) 2021 Nokia. All rights reserved. -# ================================================================================ +{{/* +# Copyright 2020 Huawei Technologies Co., Ltd. +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -13,9 +12,20 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -# ============LICENSE_END========================================================= +*/}} apiVersion: v1 -description: ONAP DCAE VES OpenApi Manager -name: dcae-ves-openapi-manager -version: 7.0.0 +kind: Secret +metadata: + name: ocomp-pem + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +type: Opaque +data: + ocomp.pem: +{{ tpl (.Files.Glob "resources/certificates/ocomp.pem").AsSecrets . | indent 2 }} + diff --git a/kubernetes/cli/values.yaml b/kubernetes/cli/values.yaml index c521fb8c84..6e711c51c0 100644 --- a/kubernetes/cli/values.yaml +++ b/kubernetes/cli/values.yaml @@ -17,58 +17,11 @@ ################################################################# global: nodePortPrefix: 302 - -################################################################# -# Certificate configuration -################################################################# -certInitializer: - nameOverride: cli-cert-initializer - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - # aafDeployCredsExternalSecret: some secret - fqdn: "cli" - app_ns: "org.osaaf.aaf" - fqi_namespace: "org.onap.cli" - fqi: "cli@cli.onap.org" - public_fqdn: "aaf.osaaf.org" - cadi_longitude: "0.0" - cadi_latitude: "0.0" - credsPath: /opt/app/osaaf/local - aaf_add_config: | - echo "*** retrieving password for keystore and trustore" - export $(/opt/app/aaf_config/bin/agent.sh local showpass \ - {{.Values.fqi}} {{ .Values.fqdn }} | grep '^c' | xargs -0) - if [ -z "$cadi_keystore_password_p12" ] - then - echo " /!\ certificates retrieval failed" - exit 1 - else - echo "*** transform AAF certs into pem files" - mkdir -p {{ .Values.credsPath }}/certs - keytool -exportcert -rfc -file {{ .Values.credsPath }}/certs/cacert.pem \ - -keystore {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.trust.jks \ - -alias ca_local_0 \ - -storepass $cadi_truststore_password - openssl pkcs12 -in {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.p12 \ - -nokeys -out {{ .Values.credsPath }}/certs/cert.pem \ - -passin pass:$cadi_keystore_password_p12 \ - -passout pass:$cadi_keystore_password_p12 - echo "*** generating needed file" - cat {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key \ - {{ .Values.credsPath }}/certs/cert.pem \ - {{ .Values.credsPath }}/certs/cacert.pem \ - > {{ .Values.credsPath }}/certs/fullchain.pem; - cat {{ .Values.credsPath }}/certs/fullchain.pem - echo "*** change ownership of certificates to targeted user" - chown -R 33 {{ .Values.credsPath }} - fi - - ################################################################# # Application configuration defaults. ################################################################# # application image -image: onap/cli:6.0.1 +image: onap/cli:6.0.0 pullPolicy: Always flavor: small diff --git a/kubernetes/common/cassandra/values.yaml b/kubernetes/common/cassandra/values.yaml index c3d22cedc0..fbdf8e3e19 100644 --- a/kubernetes/common/cassandra/values.yaml +++ b/kubernetes/common/cassandra/values.yaml @@ -55,8 +55,8 @@ affinity: {} # probe configuration parameters liveness: initialDelaySeconds: 60 - periodSeconds: 20 - timeoutSeconds: 10 + periodSeconds: 10 + timeoutSeconds: 3 successThreshold: 1 failureThreshold: 3 # necessary to disable liveness probe when setting breakpoints @@ -65,8 +65,8 @@ liveness: readiness: initialDelaySeconds: 120 - periodSeconds: 20 - timeoutSeconds: 10 + periodSeconds: 10 + timeoutSeconds: 3 successThreshold: 1 failureThreshold: 3 diff --git a/kubernetes/common/certInitializer/templates/_certInitializer.yaml b/kubernetes/common/certInitializer/templates/_certInitializer.yaml index 414192e2bc..5a8e84cd8c 100644 --- a/kubernetes/common/certInitializer/templates/_certInitializer.yaml +++ b/kubernetes/common/certInitializer/templates/_certInitializer.yaml @@ -55,9 +55,6 @@ - mountPath: /opt/app/aaf_config/cert/truststoreONAP.p12.b64 name: aaf-agent-certs subPath: truststoreONAP.p12.b64 - - name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }} - mountPath: /opt/app/aaf_config/bin/retrieval_check.sh - subPath: retrieval_check.sh {{- if $initRoot.aaf_add_config }} - name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }} mountPath: /opt/app/aaf_config/bin/aaf-add-config.sh @@ -67,8 +64,8 @@ - sh - -c - | + #!/usr/bin/env bash /opt/app/aaf_config/bin/agent.sh - . /opt/app/aaf_config/bin/retrieval_check.sh {{- if $initRoot.aaf_add_config }} /opt/app/aaf_config/bin/aaf-add-config.sh {{- end }} @@ -177,10 +174,13 @@ configMap: name: {{ tpl $subchartDot.Values.certsCMName $subchartDot }} defaultMode: 0700 + +{{- if $initRoot.aaf_add_config }} - name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }} configMap: name: {{ include "common.fullname" $subchartDot }}-add-config defaultMode: 0700 +{{- end -}} {{- if $dot.Values.global.importCustomCertsEnabled }} - name: updated-truststore emptyDir: {} diff --git a/kubernetes/common/certInitializer/templates/configmap.yaml b/kubernetes/common/certInitializer/templates/configmap.yaml index 1e9254abef..7eae899cc1 100644 --- a/kubernetes/common/certInitializer/templates/configmap.yaml +++ b/kubernetes/common/certInitializer/templates/configmap.yaml @@ -14,13 +14,12 @@ # limitations under the License. */}} +{{ if .Values.aaf_add_config }} apiVersion: v1 kind: ConfigMap {{- $suffix := "add-config" }} metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }} data: -{{ tpl (.Files.Glob "resources/*").AsConfig . | indent 2 }} -{{ if .Values.aaf_add_config }} aaf-add-config.sh: | {{ tpl .Values.aaf_add_config . | indent 4 | trim }} {{- end }} diff --git a/kubernetes/common/certInitializer/values.yaml b/kubernetes/common/certInitializer/values.yaml index 52b2765329..e7a0a3f02e 100644 --- a/kubernetes/common/certInitializer/values.yaml +++ b/kubernetes/common/certInitializer/values.yaml @@ -54,7 +54,6 @@ importCustomCertsEnabled: false truststoreMountpath: "" truststoreOutputFileName: truststore.jks truststorePassword: changeit -envVarToCheck: cadi_keystore_password_p12 # This introduces implicit dependency on cert-wrapper # if you are using cert initializer cert-wrapper has to be also deployed. diff --git a/kubernetes/common/certManagerCertificate/templates/_certificate.tpl b/kubernetes/common/certManagerCertificate/templates/_certificate.tpl index f820c30ca9..4e43f621de 100644 --- a/kubernetes/common/certManagerCertificate/templates/_certificate.tpl +++ b/kubernetes/common/certManagerCertificate/templates/_certificate.tpl @@ -181,10 +181,8 @@ spec: {{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global -}} {{- range $i, $certificate := $dot.Values.certificates -}} {{- $mountPath := $certificate.mountPath -}} -- mountPath: {{ (printf "%s/secret-%d" $mountPath $i) }} - name: certmanager-certs-volume-{{ $i }} - mountPath: {{ $mountPath }} - name: certmanager-certs-volume-{{ $i }}-dir + name: certmanager-certs-volume-{{ $i }} {{- end -}} {{- end -}} @@ -196,8 +194,6 @@ spec: {{- range $i, $certificate := $certificates -}} {{- $name := include "common.fullname" $dot -}} {{- $certificatesSecretName := default (printf "%s-secret-%d" $name $i) $certificate.secretName -}} -- name: certmanager-certs-volume-{{ $i }}-dir - emptyDir: {} - name: certmanager-certs-volume-{{ $i }} projected: sources: @@ -221,17 +217,3 @@ spec: {{- end }} {{- end -}} {{- end -}} - -{{- define "common.certManager.linkVolumeMounts" -}} -{{- $dot := default . .dot -}} -{{- $initRoot := default $dot.Values.certManagerCertificate .initRoot -}} -{{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global -}} -{{- $certificates := $dot.Values.certificates -}} -{{- $certsLinkCommand := "" -}} - {{- range $i, $certificate := $certificates -}} - {{- $destnationPath := (required "'mountPath' for Certificate is required." $certificate.mountPath) -}} - {{- $sourcePath := (printf "%s/secret-%d/*" $destnationPath $i) -}} - {{- $certsLinkCommand = (printf "ln -s %s %s; %s" $sourcePath $destnationPath $certsLinkCommand) -}} - {{- end -}} -{{ $certsLinkCommand }} -{{- end -}} diff --git a/kubernetes/common/cmpv2Certificate/templates/_certServiceClient.tpl b/kubernetes/common/cmpv2Certificate/templates/_certServiceClient.tpl index 58cc9c7249..57e6c69b1f 100644 --- a/kubernetes/common/cmpv2Certificate/templates/_certServiceClient.tpl +++ b/kubernetes/common/cmpv2Certificate/templates/_certServiceClient.tpl @@ -27,9 +27,7 @@ Full example (other fields are ignored): certificates: - mountPath: /var/custom-certs caName: RA - keystore: - outputType: - - jks + outputType: JKS commonName: common-name dnsNames: - dns-name-1 @@ -67,7 +65,7 @@ There also need to be some includes used in a target component deployment (inden {{- if and $subchartGlobal.cmpv2Enabled (not $subchartGlobal.CMPv2CertManagerIntegration) -}} {{- range $index, $certificate := $dot.Values.certificates -}} {{/*# General certifiacate attributes #*/}} -{{- $commonName := (required "'commonName' for Certificate is required." $certificate.commonName) -}} +{{- $commonName := $certificate.commonName -}} {{/*# SAN's #*/}} {{- $dnsNames := default (list) $certificate.dnsNames -}} {{- $ipAddresses := default (list) $certificate.ipAddresses -}} @@ -89,11 +87,7 @@ There also need to be some includes used in a target component deployment (inden {{- $orgUnit := $certificate.subject.organizationalUnit -}} {{- end -}} {{- $caName := default $subchartGlobal.platform.certServiceClient.envVariables.caName $certificate.caName -}} -{{- $outputType := $subchartGlobal.platform.certServiceClient.envVariables.outputType -}} -{{- if $certificate.keystore -}} -{{- $outputTypeList := (required "'outputType' in 'keystore' section is required." $certificate.keystore.outputType) -}} -{{- $outputType = mustFirst ($outputTypeList) | upper -}} -{{- end -}} +{{- $outputType := default $subchartGlobal.platform.certServiceClient.envVariables.outputType $certificate.outputType -}} {{- $requestUrl := $subchartGlobal.platform.certServiceClient.envVariables.requestURL -}} {{- $certPath := $subchartGlobal.platform.certServiceClient.envVariables.certPath -}} {{- $requestTimeout := $subchartGlobal.platform.certServiceClient.envVariables.requestTimeout -}} diff --git a/kubernetes/common/common/templates/_pod.tpl b/kubernetes/common/common/templates/_pod.tpl index b38a7f1105..de2548562d 100644 --- a/kubernetes/common/common/templates/_pod.tpl +++ b/kubernetes/common/common/templates/_pod.tpl @@ -36,13 +36,13 @@ {{- $global := . }} {{- range $index, $port := $ports }} {{- if (include "common.needTLS" $global) }} -- containerPort: {{ default $port.port $port.internal_port }} +- containerPort: {{ $port.port }} {{- else }} -- containerPort: {{ default (default $port.port $port.internal_port) (default $port.plain_port $port.internal_plain_port) }} +- containerPort: {{ default $port.port $port.plain_port }} {{- end }} name: {{ $port.name }} {{- if (and $port.plain_port (and (include "common.needTLS" $global) $both_tls_and_plain)) }} -- containerPort: {{ default $port.plain_port $port.internal_plain_port }} +- containerPort: {{ $port.plain_port }} name: {{ $port.name }}-plain {{- end }} {{- end }} @@ -67,3 +67,4 @@ securityContext: privileged: false allowPrivilegeEscalation: false {{- end }} + diff --git a/kubernetes/common/etcd/templates/statefulset.yaml b/kubernetes/common/etcd/templates/statefulset.yaml index a343d4fce5..e39b8c4ca2 100644 --- a/kubernetes/common/etcd/templates/statefulset.yaml +++ b/kubernetes/common/etcd/templates/statefulset.yaml @@ -184,7 +184,7 @@ spec: fi cat /var/run/etcd/new_member_envs - . /var/run/etcd/new_member_envs + source /var/run/etcd/new_member_envs collect_member & diff --git a/kubernetes/common/music/components/music-cassandra/templates/statefulset.yaml b/kubernetes/common/music/components/music-cassandra/templates/statefulset.yaml index 2a1fb4f59e..665cdaad0a 100644 --- a/kubernetes/common/music/components/music-cassandra/templates/statefulset.yaml +++ b/kubernetes/common/music/components/music-cassandra/templates/statefulset.yaml @@ -58,9 +58,6 @@ spec: - nodetool status | grep $POD_IP | awk '$1!="UN" { exit 1; }' initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} - timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} - successThreshold: {{ .Values.liveness.successThreshold }} - failureThreshold: {{ .Values.liveness.failureThreshold }} {{ end -}} readinessProbe: exec: @@ -70,9 +67,6 @@ spec: - nodetool status | grep $POD_IP | awk '$1!="UN" { exit 1; }' initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} - timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} - successThreshold: {{ .Values.readiness.successThreshold }} - failureThreshold: {{ .Values.readiness.failureThreshold }} lifecycle: preStop: exec: diff --git a/kubernetes/common/music/components/music-cassandra/values.yaml b/kubernetes/common/music/components/music-cassandra/values.yaml index 8530172269..317087cf24 100644 --- a/kubernetes/common/music/components/music-cassandra/values.yaml +++ b/kubernetes/common/music/components/music-cassandra/values.yaml @@ -73,10 +73,7 @@ cql: # probe configuration parameters liveness: initialDelaySeconds: 120 - periodSeconds: 20 - timeoutSeconds: 10 - successThreshold: 1 - failureThreshold: 3 + periodSeconds: 10 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: true @@ -85,10 +82,7 @@ readinessTimeout: 240 readiness: initialDelaySeconds: 10 - periodSeconds: 20 - timeoutSeconds: 10 - successThreshold: 1 - failureThreshold: 3 + periodSeconds: 10 podManagementPolicy: OrderedReady updateStrategy: diff --git a/kubernetes/common/postgres/templates/_deployment.tpl b/kubernetes/common/postgres/templates/_deployment.tpl index 38a7ce1f63..6142baa63f 100644 --- a/kubernetes/common/postgres/templates/_deployment.tpl +++ b/kubernetes/common/postgres/templates/_deployment.tpl @@ -1,7 +1,6 @@ {{/* # Copyright © 2018 Amdocs, AT&T, Bell Canada # Copyright © 2020 Samsung Electronics -# Modifications Copyright (C) 2021 Bell Canada. # # # # Licensed under the Apache License, Version 2.0 (the "License"); # # you may not use this file except in compliance with the License. @@ -135,8 +134,6 @@ spec: value: "{{ $dot.Values.config.pgDatabase }}" - name: PG_ROOT_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.rootPassUID" .) "key" "password") | indent 10 }} - - name: PGDATA_PATH_OVERRIDE - value: "{{ $dot.Values.config.pgDataPath }}" volumeMounts: - name: config mountPath: /pgconf/pool_hba.conf diff --git a/kubernetes/common/postgres/values.yaml b/kubernetes/common/postgres/values.yaml index 93f6d66385..f815847f06 100644 --- a/kubernetes/common/postgres/values.yaml +++ b/kubernetes/common/postgres/values.yaml @@ -1,5 +1,4 @@ # Copyright © 2018 Amdocs, AT&T, Bell Canada -# Modifications Copyright (C) 2021 Bell Canada. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -42,16 +41,12 @@ secrets: # Application configuration defaults. ################################################################# -# bitnami image doesn't support well single quote in password -passwordStrengthOverride: basic - pullPolicy: Always # application configuration config: pgUserName: testuser pgDatabase: userdb - pgDataPath: data # pgPrimaryPassword: password # pgUserPassword: password # pgRootPassword: password diff --git a/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl b/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl index 71201a1cc6..95de6ec29f 100644 --- a/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl +++ b/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl @@ -67,9 +67,6 @@ - name: {{ include "common.name" $dot }}{{ ternary "" (printf "-%s" $namePart) (empty $namePart) }}-readiness image: {{ include "repositoryGenerator.image.readiness" $subchartDot }} imagePullPolicy: {{ $subchartDot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }} - securityContext: - runAsUser: {{ $subchartDot.Values.user }} - runAsGroup: {{ $subchartDot.Values.group }} command: - /app/ready.py args: diff --git a/kubernetes/common/readinessCheck/values.yaml b/kubernetes/common/readinessCheck/values.yaml index 128c5057cc..b15b1c2af3 100644 --- a/kubernetes/common/readinessCheck/values.yaml +++ b/kubernetes/common/readinessCheck/values.yaml @@ -15,9 +15,6 @@ global: pullPolicy: Always -user: 100 -group: 65533 - limits: cpu: 100m memory: 100Mi diff --git a/kubernetes/cps/README.md b/kubernetes/cps/README.md deleted file mode 100644 index 4b578c41c2..0000000000 --- a/kubernetes/cps/README.md +++ /dev/null @@ -1,22 +0,0 @@ -# ============LICENSE_START========================================== -# =================================================================== -# Copyright (C) 2021 Pantheon.tech -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#============LICENSE_END============================================ - -# Helm Chart for CPS Applications - -ONAP Configuration Persistence Service (CPS) includes the following Kubernetes services: - -1) Cps and xNF - Configuration Persistence Service together with Nf Configuration Persistence Service \ No newline at end of file diff --git a/kubernetes/cps/resources/config/application.yml b/kubernetes/cps/resources/config/application.yml deleted file mode 100644 index 983a75444b..0000000000 --- a/kubernetes/cps/resources/config/application.yml +++ /dev/null @@ -1,68 +0,0 @@ -{{/* - # Copyright (C) 2021 Pantheon.tech - # Modifications Copyright (C) 2020 Bell Canada. All rights reserved. - # - # Licensed under the Apache License, Version 2.0 (the "License"); - # you may not use this file except in compliance with the License. - # You may obtain a copy of the License at - # - # http://www.apache.org/licenses/LICENSE-2.0 - # - # Unless required by applicable law or agreed to in writing, software - # distributed under the License is distributed on an "AS IS" BASIS, - # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - # See the License for the specific language governing permissions and - # limitations under the License. -*/}} ---- -server: - port: 8080 - -rest: - api: - cps-base-path: /cps/api - xnf-base-path: /cps-nf-proxy/api - -spring: - main: - banner-mode: "off" - jpa: - ddl-auto: create - open-in-view: false - properties: - hibernate: - enable_lazy_load_no_trans: true - dialect: org.hibernate.dialect.PostgreSQLDialect - - datasource: - url: jdbc:postgresql://{{ .Values.postgres.service.name2 }}:5432/{{ .Values.postgres.config.pgDatabase }} - username: ${DB_USERNAME} - password: ${DB_PASSWORD} - driverClassName: org.postgresql.Driver - initialization-mode: always - - cache: - type: caffeine - cache-names: yangSchema - caffeine: - spec: maximumSize=10000,expireAfterAccess=10m -# Actuator -management: - endpoints: - web: - base-path: /manage - exposure: - include: info,health,loggers - endpoint: - health: - show-details: always - # kubernetes probes: liveness and readiness - probes: - enabled: true - loggers: - enabled: true - -logging: - level: - org: - springframework: {{ .Values.logging.level }} diff --git a/kubernetes/cps/resources/config/logback.xml b/kubernetes/cps/resources/config/logback.xml deleted file mode 100644 index 56ffc88220..0000000000 --- a/kubernetes/cps/resources/config/logback.xml +++ /dev/null @@ -1,34 +0,0 @@ - - - - - - - %d - %highlight(%-5level) [%-20.20thread] %cyan(%logger{36}) - %msg%n - - - - - - - - - - - - diff --git a/kubernetes/cps/templates/NOTES.txt b/kubernetes/cps/templates/NOTES.txt deleted file mode 100644 index 09d22dfa7c..0000000000 --- a/kubernetes/cps/templates/NOTES.txt +++ /dev/null @@ -1,35 +0,0 @@ -# Copyright © 2018 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - export SERVICE_PORT=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.spec.ports[0].port}') - echo http://$SERVICE_IP:$SERVICE_PORT -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - export POD_PORT=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].spec.containers[0].ports[0].containerPort}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:$POD_PORT -{{- end }} diff --git a/kubernetes/cps/templates/deployment.yaml b/kubernetes/cps/templates/deployment.yaml deleted file mode 100644 index e15ae7103f..0000000000 --- a/kubernetes/cps/templates/deployment.yaml +++ /dev/null @@ -1,96 +0,0 @@ -{{/* -# Copyright (C) 2021 Pantheon.tech, Orange -# Modifications Copyright (C) 2020 Bell Canada. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: apps/v1 -kind: Deployment -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -spec: - replicas: {{ .Values.replicaCount }} - selector: {{- include "common.selectors" . | nindent 4 }} - template: - metadata: {{- include "common.templateMetadata" . | nindent 6 }} - spec: - {{ include "common.podSecurityContext" . | indent 6 | trim}} - serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . ) }} - initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 6 }} - - name: {{ include "common.name" . }}-update-config - image: {{ include "repositoryGenerator.image.envsubst" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - sh - args: - - -c - - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; done" - env: - - name: DB_USERNAME - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 12 }} - - name: DB_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 12 }} - volumeMounts: - - mountPath: /config-input - name: init-data-input - - mountPath: /config - name: init-data - containers: - - name: {{ include "common.name" . }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: {{ include "common.containerPorts" . | nindent 10 }} - {{ include "common.containerSecurityContext" . | indent 8 | trim }} - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - httpGet: - port: {{ .Values.liveness.port }} - path: {{ .Values.liveness.path }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} - readinessProbe: - httpGet: - port: {{ .Values.readiness.port }} - path: {{ .Values.readiness.path }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - resources: {{ include "common.resources" . | nindent 10 }} - {{- if .Values.nodeSelector }} - nodeSelector: {{ toYaml .Values.nodeSelector | nindent 12 }} - {{- end }} - {{- if .Values.affinity }} - affinity: {{ toYaml .Values.affinity | nindent 12 }} - {{- end }} - volumeMounts: - - mountPath: /app/resources/application.yml - subPath: application.yml - name: init-data - - mountPath: /app/resources/logback.xml - subPath: logback.xml - name: init-data - - mountPath: /tmp - name: init-temp - volumes: - - name: init-data-input - configMap: - name: {{ include "common.fullname" . }} - - name: init-data - emptyDir: - medium: Memory - - name: init-temp - emptyDir: {} - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" \ No newline at end of file diff --git a/kubernetes/cps/templates/service.yaml b/kubernetes/cps/templates/service.yaml deleted file mode 100644 index bfcaabc178..0000000000 --- a/kubernetes/cps/templates/service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{/* - # Copyright (C) 2021 Pantheon.tech, Orange - # - # Licensed under the Apache License, Version 2.0 (the "License"); - # you may not use this file except in compliance with the License. - # You may obtain a copy of the License at - # - # http://www.apache.org/licenses/LICENSE-2.0 - # - # Unless required by applicable law or agreed to in writing, software - # distributed under the License is distributed on an "AS IS" BASIS, - # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - # See the License for the specific language governing permissions and - # limitations under the License. - */}} - -{{ include "common.service" . }} diff --git a/kubernetes/cps/values.yaml b/kubernetes/cps/values.yaml deleted file mode 100644 index ee797a5f04..0000000000 --- a/kubernetes/cps/values.yaml +++ /dev/null @@ -1,143 +0,0 @@ -# Copyright (C) 2021 Pantheon.tech, Orange -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Secrets. -################################################################# -secrets: - - uid: pg-root-pass - name: &pgRootPassSecretName '{{ include "common.release" . }}-cps-pg-root-pass' - type: password - externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "cps-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}' - password: '{{ .Values.postgres.config.pgRootpassword }}' - policy: generate - - uid: pg-user-creds - name: &pgUserCredsSecretName '{{ include "common.release" . }}-cps-pg-user-creds' - type: basicAuth - externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "cps-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}' - login: '{{ .Values.postgres.config.pgUserName }}' - password: '{{ .Values.postgres.config.pgUserPassword }}' - passwordPolicy: generate - -################################################################# -# Global configuration defaults. -################################################################# - -# bitnami image doesn't support well single quote in password -passwordStrengthOverride: basic -global: - ingress: - virtualhost: - baseurl: "simpledemo.onap.org" - -image: onap/cps-and-nf-proxy:0.0.1 -containerPort: &svc_port 8080 - -service: - type: ClusterIP - name: cps - ports: - - name: &port http - port: *svc_port - -pullPolicy: Always -# flag to enable debugging - application support required -debugEnabled: false -nodeSelector: {} -affinity: {} -# Resource Limit flavor -By Default using small -flavor: small -# default number of instances -replicaCount: 1 -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - cpu: 2 - memory: 2Gi - requests: - cpu: 1 - memory: 1Gi - large: - limits: - cpu: 4 - memory: 4Gi - requests: - cpu: 2 - memory: 2Gi - unlimited: {} -# probe configuration parameters -liveness: - initialDelaySeconds: 20 - periodSeconds: 20 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - path: /manage/health - port: *port - -readiness: - initialDelaySeconds: 15 - periodSeconds: 15 - path: /manage/health - port: *port - -ingress: - enabled: true - service: - - baseaddr: "cps" - path: "/" - name: "cps" - port: *svc_port - -serviceAccount: - nameOverride: cps - roles: - - read - -securityContext: - user_id: 100 - group_id: 655533 - -################################################################# -# Application configuration defaults. -################################################################# -logging: - level: INFO - path: /tmp -################################################################# -# Postgres overriding defaults in the postgres -################################################################# -postgres: - nameOverride: &postgresName cps-postgres - service: - name: *postgresName - name2: cps-pg-primary - name3: cps-pg-replica - container: - name: - primary: cps-pg-primary - replica: cps-pg-replica - persistence: - mountSubPath: cps/data - mountInitPath: cps - config: - pgUserName: cps - pgDatabase: cpsdb - pgUserExternalSecret: *pgUserCredsSecretName - pgRootPasswordExternalSecret: *pgRootPassSecretName - -readinessCheck: - wait_for: - - cps-postgres \ No newline at end of file diff --git a/kubernetes/dcaegen2/Makefile b/kubernetes/dcaegen2/Makefile index fd059a9fad..bf20455a5f 100644 --- a/kubernetes/dcaegen2/Makefile +++ b/kubernetes/dcaegen2/Makefile @@ -1,4 +1,4 @@ -# Copyright © 2021 Samsung Electronics +# Copyright © 2019 AT&T Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -11,41 +11,37 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +HELM_BIN := helm -ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) -OUTPUT_DIR := $(ROOT_DIR)/../dist -PACKAGE_DIR := $(OUTPUT_DIR)/packages -SECRET_DIR := $(OUTPUT_DIR)/secrets +make-dcaegen2: make-dcae-bootstrap make-dcae-cloudify-manager make-dcae-config-binding-service make-dcae-healthcheck make-dcae-servicechange-handler make-dcae-inventory-api make-dcae-deployment-handler make-dcae-policy-handler make-dcae-dashboard -EXCLUDES := dist resources templates charts docker -HELM_BIN := helm -HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) +make-dcae-bootstrap: + cd components && $(HELM_BIN) dep up dcae-bootstrap && $(HELM_BIN) lint dcae-bootstrap + +make-dcae-cloudify-manager: + cd components && $(HELM_BIN) dep up dcae-cloudify-manager && $(HELM_BIN) lint dcae-cloudify-manager -.PHONY: $(EXCLUDES) $(HELM_CHARTS) +make-dcae-config-binding-service: + cd components && $(HELM_BIN) dep up dcae-config-binding-service && $(HELM_BIN) lint dcae-config-binding-service -all: $(HELM_CHARTS) +make-dcae-healthcheck: + cd components && $(HELM_BIN) dep up dcae-healthcheck && $(HELM_BIN) lint dcae-healthcheck -$(HELM_CHARTS): - @echo "\n[$@]" - @make package-$@ +make-dcae-servicechange-handler: + cd components && $(HELM_BIN) dep up dcae-servicechange-handler && $(HELM_BIN) lint dcae-servicechange-handler -make-%: - @if [ -f $*/Makefile ]; then make -C $*; fi +make-dcae-inventory-api: + cd components && $(HELM_BIN) dep up dcae-inventory-api && $(HELM_BIN) lint dcae-inventory-api -dep-%: make-% - @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi +make-dcae-deployment-handler: + cd components && $(HELM_BIN) dep up dcae-deployment-handler && $(HELM_BIN) lint dcae-deployment-handler -lint-%: dep-% - @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi +make-dcae-policy-handler: + cd components && $(HELM_BIN) dep up dcae-policy-handler && $(HELM_BIN) lint dcae-policy-handler -package-%: lint-% - @mkdir -p $(PACKAGE_DIR) - @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi - @$(HELM_BIN) repo index $(PACKAGE_DIR) +make-dcae-dashboard: + cd components && $(HELM_BIN) dep up dcae-dashboard && $(HELM_BIN) lint dcae-dashboard clean: - @rm -f */requirements.lock - @rm -f *tgz */charts/*tgz - @rm -rf $(PACKAGE_DIR) -%: - @: + @find . -type f -name '*.tgz' -delete + @find . -type f -name '*.lock' -delete diff --git a/kubernetes/dcaegen2/components/Makefile b/kubernetes/dcaegen2/components/Makefile deleted file mode 100644 index 4ffaa330b9..0000000000 --- a/kubernetes/dcaegen2/components/Makefile +++ /dev/null @@ -1,51 +0,0 @@ -# Copyright © 2021 Samsung Electronics -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) -OUTPUT_DIR := $(ROOT_DIR)/../../dist -PACKAGE_DIR := $(OUTPUT_DIR)/packages -SECRET_DIR := $(OUTPUT_DIR)/secrets - -EXCLUDES := -HELM_BIN := helm -HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) - -.PHONY: $(EXCLUDES) $(HELM_CHARTS) - -all: $(HELM_CHARTS) - -$(HELM_CHARTS): - @echo "\n[$@]" - @make package-$@ - -make-%: - @if [ -f $*/Makefile ]; then make -C $*; fi - -dep-%: make-% - @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi - -lint-%: dep-% - @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi - -package-%: lint-% - @mkdir -p $(PACKAGE_DIR) - @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi - @$(HELM_BIN) repo index $(PACKAGE_DIR) - -clean: - @rm -f */requirements.lock - @rm -f *tgz */charts/*tgz - @rm -rf $(PACKAGE_DIR) -%: - @: diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml index 458ec101dc..6412bf8ac4 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml @@ -104,7 +104,7 @@ mongo: disableNfsProvisioner: true # application image -image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:3.0.2 +image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:3.0.0 default_k8s_location: central # DCAE component images to be deployed via Cloudify Manager diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/resources/config/plugins/k8s-plugin.json b/kubernetes/dcaegen2/components/dcae-cloudify-manager/resources/config/plugins/k8s-plugin.json index 6018abe309..c967774cb9 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/resources/config/plugins/k8s-plugin.json +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/resources/config/plugins/k8s-plugin.json @@ -3,7 +3,7 @@ #================================================================================= # Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2018 Amdocs, Bell Canada -# Modifications (c) 2020-2021 Nokia. All rights reserved. +# Modifications (c) 2020 Nokia. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -55,9 +55,5 @@ }, "cert_post_processor": { "image_tag": "{{ include "repositoryGenerator.repository" . }}/{{ .Values.cmpv2Config.global.platform.certPostProcessor.image }}" - }, - "cmpv2_issuer": { - "enabled": "{{ .Values.global.CMPv2CertManagerIntegration }}", - "name": "{{ .Values.cmpv2issuer.name }}" } } diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml index 312eaa47fb..711c1d54e7 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml @@ -28,11 +28,6 @@ global: repositoryCred: user: docker password: docker - # Enabling CMPv2 with CertManager - CMPv2CertManagerIntegration: false - -cmpv2issuer: - name: cmpv2-issuer-onap secrets: - uid: 'cm-pass' @@ -55,7 +50,7 @@ config: # Application configuration defaults. ################################################################# # application image -image: onap/org.onap.dcaegen2.deployments.cm-container:4.4.0 +image: onap/org.onap.dcaegen2.deployments.cm-container:4.2.0 pullPolicy: Always # name of shared ConfigMap with kubeconfig for multiple clusters diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml b/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml index 1bc13efc55..7abf0ca745 100644 --- a/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml @@ -44,7 +44,7 @@ config: # Application configuration defaults. ################################################################# # application image -image: onap/org.onap.dcaegen2.platform.inventory-api:3.5.2 +image: onap/org.onap.dcaegen2.platform.inventory-api:3.5.1 pullPolicy: Always diff --git a/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/templates/deployment.yaml deleted file mode 100644 index b244d91ff5..0000000000 --- a/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/templates/deployment.yaml +++ /dev/null @@ -1,65 +0,0 @@ -{{/* -#============LICENSE_START======================================================== -# ================================================================================ -# Copyright (c) 2021 Nokia. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= -*/}} - -apiVersion: apps/v1 -kind: Deployment -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -spec: - replicas: 1 - selector: {{- include "common.selectors" . | nindent 4 }} - template: - metadata: {{- include "common.templateMetadata" . | nindent 6 }} - spec: - initContainers: - {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }} - containers: - - name: {{ include "common.name" . }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - resources: {{ include "common.resources" . | nindent 12 }} - ports: {{ include "common.containerPorts" . | nindent 12 }} - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - httpGet: - path: {{ .Values.liveness.path }} - port: {{ .Values.liveness.port }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end }} - env: - - name: ASDC_ADDRESS - value: {{ .Values.externalServices.sdc_be_https }} - - name: SCHEMA_MAP_PATH - value: {{ .Values.schemaMap.directory }}/{{ .Values.schemaMap.filename }} - volumeMounts: - - name: schema-map - mountPath: {{ .Values.schemaMap.directory }}/{{ .Values.schemaMap.filename }} - subPath: {{ .Values.schemaMap.filename }} - volumes: - - name: schema-map - configMap: - name: dcae-external-repo-configmap-schema-map - defaultMode: 0755 - items: - - key: {{ .Values.schemaMap.filename }} - path: {{ .Values.schemaMap.filename }} - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" \ No newline at end of file diff --git a/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/values.yaml b/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/values.yaml deleted file mode 100644 index 66978bdc0f..0000000000 --- a/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/values.yaml +++ /dev/null @@ -1,67 +0,0 @@ -#============LICENSE_START======================================================== -#================================================================================= -# Copyright (c) 2021 Nokia. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= - -# Global values -global: - pullPolicy: Always -image: onap/org.onap.dcaegen2.platform.ves-openapi-manager:1.0.1 -containerPort: &svc_port 8080 - -service: - ports: - - name: &port http - port: *svc_port - -externalServices: - sdc_be_https: "sdc-be:8443" - -schemaMap: - filename: "schema-map.json" - directory: "/app" - -liveness: - initialDelaySeconds: 30 - periodSeconds: 30 - path: /health - port: *port - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - # liveness not desirable for Cloudify Manager container - enabled: true - -readinessCheck: - wait_for: - - message-router - - sdc-be - -flavor: small -resources: - small: - limits: - cpu: 1 - memory: 1Gi - requests: - cpu: 1 - memory: 512Mi - large: - limits: - cpu: 2 - memory: 2Gi - requests: - cpu: 1 - memory: 1Gi - unlimited: {} \ No newline at end of file diff --git a/kubernetes/dcaegen2/requirements.yaml b/kubernetes/dcaegen2/requirements.yaml index eaf9549af5..bbdcb4815c 100644 --- a/kubernetes/dcaegen2/requirements.yaml +++ b/kubernetes/dcaegen2/requirements.yaml @@ -1,5 +1,4 @@ # Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. -# Modifications Copyright © 2021 Nokia # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -53,7 +52,4 @@ dependencies: version: ~7.x-0 repository: 'file://components/dcae-dashboard' condition: dcae-dashboard.enabled - - name: dcae-ves-openapi-manager - version: ~7.x-0 - repository: 'file://components/dcae-ves-openapi-manager' - condition: dcae-ves-openapi-manager.enabled + diff --git a/kubernetes/dcaegen2/resources/expected-components.json b/kubernetes/dcaegen2/resources/expected-components.json index 6b3a221661..d89203b070 100644 --- a/kubernetes/dcaegen2/resources/expected-components.json +++ b/kubernetes/dcaegen2/resources/expected-components.json @@ -1,6 +1,6 @@ [ {{- $ctx := . }} -{{- $components := tuple "dcae-cloudify-manager" "dcae-config-binding-service" "dcae-dashboard" "dcae-deployment-handler" "dcae-inventory-api" "dcae-policy-handler" "dcae-servicechange-handler" "dcae-ves-openapi-manager" }} +{{- $components := tuple "dcae-cloudify-manager" "dcae-config-binding-service" "dcae-dashboard" "dcae-deployment-handler" "dcae-inventory-api" "dcae-policy-handler" "dcae-servicechange-handler" }} {{- range $i, $v := $components }} {{- if index $ctx.Values . "enabled" }} {{- if $i }},{{ end }} diff --git a/kubernetes/dcaegen2/resources/external/map/schema-map.json b/kubernetes/dcaegen2/resources/external/map/schema-map.json deleted file mode 100644 index a70c597bff..0000000000 --- a/kubernetes/dcaegen2/resources/external/map/schema-map.json +++ /dev/null @@ -1,18 +0,0 @@ -[ - { - "publicURL": "https://forge.3gpp.org/rep/sa5/MnS/blob/SA88-Rel16/OpenAPI/faultMnS.yaml", - "localURL": "3gpp/rep/sa5/MnS/blob/SA88-Rel16/OpenAPI/faultMnS.yaml" - }, - { - "publicURL": "https://forge.3gpp.org/rep/sa5/MnS/blob/SA88-Rel16/OpenAPI/heartbeatNtf.yaml", - "localURL": "3gpp/rep/sa5/MnS/blob/SA88-Rel16/OpenAPI/heartbeatNtf.yaml" - }, - { - "publicURL": "https://forge.3gpp.org/rep/sa5/MnS/blob/SA88-Rel16/OpenAPI/PerDataFileReportMnS.yaml", - "localURL": "3gpp/rep/sa5/MnS/blob/SA88-Rel16/OpenAPI/PerDataFileReportMnS.yaml" - }, - { - "publicURL": "https://forge.3gpp.org/rep/sa5/MnS/blob/SA88-Rel16/OpenAPI/provMnS.yaml", - "localURL": "3gpp/rep/sa5/MnS/blob/SA88-Rel16/OpenAPI/provMnS.yaml" - } -] \ No newline at end of file diff --git a/kubernetes/dcaegen2/resources/external/schema/rel16/PerDataFileReportMnS.yaml b/kubernetes/dcaegen2/resources/external/schema/rel16/PerDataFileReportMnS.yaml deleted file mode 100644 index dfacc14f8c..0000000000 --- a/kubernetes/dcaegen2/resources/external/schema/rel16/PerDataFileReportMnS.yaml +++ /dev/null @@ -1,272 +0,0 @@ -openapi: 3.0.1 -info: - title: TS 28.532 Performance data file reporting Service - version: 16.4.0 - description: >- - OAS 3.0.1 specification of the Performance data file reporting Management Service © 2020, - 3GPP Organizational Partners (ARIB, ATIS, CCSA, ETSI, TSDSI, TTA, TTC). All - rights reserved. -externalDocs: - description: 3GPP TS 28.532 V16.4.0; Generic management services - url: 'http://www.3gpp.org/ftp/Specs/archive/28_series/28.532/' -servers: - - url: '{MnSRoot}/PerfDataFileReportMnS/v1640' - variables: - MnSRoot: - description: See subclause 4.4 of TS 32.158 - default: http://example.com/3GPPManagement -paths: - /Files: - get: - summary: Read resources of information of available files - description: 'With HTTP GET, resources of information of available files are read. The resources to be read are identified with the path component (base resource) and the query component (managementDataType, beginTime and endTime) of the URI. The fields query component allows to select the resource properties to be returned.' - parameters: - - name: managementDataType - in: query - description: This parameter identifies the type of management data that the file contains to select the resources from the collection resources identified with the path component of the URI. - required: true - $ref: '#/components/schemas/managementDataType-Type' - - name: beginTime - in: query - description: This parameter identifies the time stamp no later than which the file became available to select the resources from the collection resources identified with the path component of the URI. - required: true - $ref: '#/components/schemas/dateTime-Type' - - name: endTime - in: query - description: This parameter identifies the time stamp no earlier than which the file became available to select the resources from the collection resources identified with the path component of the URI. - required: true - $ref: '#/components/schemas/dateTime-Type' - responses: - '200': - description: 'Success case ("200 OK"). The resources identified in the request for retrieval are returned in the response message body. In case the fields query parameter is used, the selected resources are returned.' - content: - application/json: - schema: - $ref: '#/components/schemas/fileInfoRetrieval-ResponseType' - default: - description: Error case. - content: - application/json: - schema: - $ref: '#/components/schemas/error-ResponseType' - /subscriptions: - post: - summary: Create a subscription - description: To create a subscription the representation of the subscription is POSTed on the /subscriptions collection resource. - requestBody: - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/subscription-RequestType' - responses: - '201': - description: Success case ("201 Created"). The representation of the newly created subscription resource shall be returned. - content: - application/json: - schema: - $ref: '#/components/schemas/subscription-ResponseType' - default: - description: Error case. - content: - application/json: - schema: - $ref: '#/components/schemas/error-ResponseType' - callbacks: - notifyFileReady: - '{request.body#/consumerReference}': - post: - requestBody: - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/notifyFileReady-NotifType' - responses: - '204': - description: Success case ("204 No Content"). The notification is successfully delivered. The response message body is absent. - default: - description: Error case. - content: - application/json: - schema: - $ref: '#/components/schemas/error-ResponseType' - notifyFilePreparationError: - '{request.body#/consumerReference}': - post: - requestBody: - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/notifyFilePreparationError-NotifType' - responses: - '204': - description: Success case ("204 No Content"). The notification is successfully delivered. The response message body is absent. - default: - description: Error case. - content: - application/json: - schema: - $ref: '#/components/schemas/error-ResponseType' - delete: - summary: Delete all subscriptions made with a specific consumerReferenceId - description: The subscriptions are deleted by deleting the corresponding subscription resources. The resources to be deleted are identified with the path component of the URI pointing to the /subscription collection resource and filtering on the consumerReferenceId provided in the query part. - parameters: - - name: consumerReferenceId - in: query - description: Identifies the subscriptions to be deleted. - required: true - schema: - $ref: '#/components/schemas/consumerReferenceId-QueryType' - responses: - '204': - description: Success case ("204 No Content"). The subscription resources have been deleted. The response message body is absent. - default: - description: Error case. - content: - application/json: - schema: - $ref: '#/components/schemas/error-ResponseType' - '/subscriptions/{subscriptionId}': - delete: - summary: Delete a single subscription - description: The subscription is deleted by deleting the corresponding subscription resource. The resource to be deleted is identified with the path component of the URI. - parameters: - - name: subscriptionId - in: path - description: Identifies the subscription to be deleted. - required: true - schema: - $ref: '#/components/schemas/subscriptionId-PathType' - responses: - '204': - description: Success case ("204 No Content"). The subscription resource has been deleted. The response message body is absent. - default: - description: Error case. - content: - application/json: - schema: - $ref: '#/components/schemas/error-ResponseType' -components: - schemas: - dateTime-Type: - type: string - format: date-Time - uri-Type: - type: string - long-Type: - type: string - format: long - additionalText-Type: - type: string - reason-Type: - type: string - fileInfoRetrieval-ResponseType: - type: object - properties: - data: - type: array - items: - $ref: '#/components/schemas/fileInfo-Type' - fileInfo-Type: - type: object - properties: - fileLocation: - $ref: '#/components/schemas/uri-Type' - fileSize: - $ref: '#/components/schemas/long-Type' - fileReadyTime: - $ref: '#/components/schemas/dateTime-Type' - fileExpirationTime: - $ref: '#/components/schemas/dateTime-Type' - fileCompression: - type: string - fileFormat: - type: string - error-ResponseType: - type: object - properties: - error: - type: object - properties: - errorInfo: - type: string - managementDataType-Type: - type: string - enum: - - PM - header-Type: - description: Header used in notifications as notification header - type: object - properties: - uri: - $ref: '#/components/schemas/uri-Type' - notificationId: - $ref: '#/components/schemas/notificationId-Type' - notificationType: - $ref: '#/components/schemas/notificationType-Type' - eventTime: - $ref: '#/components/schemas/dateTime-Type' - subscriptionId-PathType: - type: string - filter-Type: - type: string - notificationId-Type: - $ref: '#/components/schemas/long-Type' - notificationType-Type: - type: string - enum: - - notifyFileReady - - notifyFilePreparationError - subscription-ResourceType: - type: object - properties: - consumerReference: - $ref: '#/components/schemas/uri-Type' - timeTick: - $ref: '#/components/schemas/long-Type' - filter: - $ref: '#/components/schemas/filter-Type' - subscription-RequestType: - type: object - properties: - data: - $ref: '#/components/schemas/subscription-ResourceType' - subscription-ResponseType: - type: object - properties: - data: - $ref: '#/components/schemas/subscription-ResourceType' - consumerReferenceId-QueryType: - $ref: '#/components/schemas/uri-Type' - notifyFileReady-NotifType: - type: object - properties: - header: - $ref: '#/components/schemas/header-Type' - body: - type: object - properties: - fileInfoList: - type: array - items: - $ref: '#/components/schemas/fileInfo-Type' - additionalText: - $ref: '#/components/schemas/additionalText-Type' - notifyFilePreparationError-NotifType: - type: object - properties: - header: - $ref: '#/components/schemas/header-Type' - body: - type: object - properties: - fileInfoList: - type: array - items: - $ref: '#/components/schemas/fileInfo-Type' - reason: - $ref: '#/components/schemas/reason-Type' - additionalText: - $ref: '#/components/schemas/additionalText-Type' diff --git a/kubernetes/dcaegen2/resources/external/schema/rel16/faultMnS.yaml b/kubernetes/dcaegen2/resources/external/schema/rel16/faultMnS.yaml deleted file mode 100644 index 499123b903..0000000000 --- a/kubernetes/dcaegen2/resources/external/schema/rel16/faultMnS.yaml +++ /dev/null @@ -1,1144 +0,0 @@ -openapi: 3.0.1 -info: - title: Fault Supervision MnS - version: 16.4.0 - description: >- - OAS 3.0.1 definition of the Fault Supervision MnS - © 2020, 3GPP Organizational Partners (ARIB, ATIS, CCSA, ETSI, TSDSI, TTA, TTC). - All rights reserved. -externalDocs: - description: 3GPP TS 28.532 V16.4.0; Generic management services - url: http://www.3gpp.org/ftp/Specs/archive/28_series/28.532/ -servers: - - url: '{MnSRoot}/FaultSupervisionMnS/{version}' - variables: - MnSRoot: - description: See subclause 4.4.3 of TS 32.158 - default: http://example.com/3GPPManagement - version: - description: Versi on number of the OpenAPI definition - default: XXX -paths: - /alarms: - get: - summary: Retrieve multiple alarms - description: >- - Retrieves the alarms identified by alarmAckState, baseObjectInstance - and filter. - parameters: - - name: alarmAckState - in: query - required: false - schema: - $ref: '#/components/schemas/AlarmAckState' - - name: baseObjectInstance - in: query - required: false - schema: - $ref: '#/components/schemas/Dn' - - name: filter - in: query - required: false - schema: - $ref: '#/components/schemas/Filter' - responses: - '200': - description: >- - Success case ("200 OK"). - Returns the alarms identified in the request. The alarmId is the key - of the map. - content: - application/json: - schema: - type: object - additionalProperties: - type: object - allOf: - - type: object - properties: - lastNotificationHeader: - $ref: '#/components/schemas/NotificationHeader' - - $ref: '#/components/schemas/AlarmRecord' - - type: object - properties: - comments: - $ref: '#/components/schemas/Comments' - default: - description: Response in case of error. - content: - application/json: - schema: - $ref: '#/components/schemas/ErrorResponse' - patch: - summary: 'Clear, acknowledge or unacknowledge multiple alarms' - description: >- - Clears, acknowledges or unacknowledges multiple alarms using patch. Depending - on which action is to be performed, different merge patch documents need - to be used. - requestBody: - description: >- - Patch documents for acknowledging and unacknowledging, or clearing multiple - alarms. The keys in the map are the alarmIds to be patched. - content: - application/merge-patch+json: - schema: - oneOf: - - type: object - additionalProperties: - $ref: '#/components/schemas/MergePatchAcknowledgeAlarm' - - type: object - additionalProperties: - $ref: '#/components/schemas/MergePatchClearAlarm' - responses: - '204': - description: >- - Success case ("204 No content"). - The response message body is empty. - default: - description: Response in case of error. - content: - application/json: - schema: - type: array - items: - $ref: '#/components/schemas/FailedAlarm' - /alarms/alarmCount: - get: - summary: Get the alarm count per perceived severity - parameters: - - name: alarmAckState - in: query - required: false - schema: - $ref: '#/components/schemas/AlarmAckState' - - name: filter - in: query - required: false - schema: - type: string - responses: - '200': - description: >- - Success case ("200 OK"). - The alarm count per perceived severity is returned. - content: - application/json: - schema: - $ref: '#/components/schemas/AlarmCount' - default: - description: Response in case of error. The error case needs rework. - content: - application/json: - schema: - $ref: '#/components/schemas/ErrorResponse' - /alarms/{alarmId}: - patch: - summary: 'Clear, acknowledge or unacknowledge a single alarm' - description: >- - Clears, acknowledges or uncknowldeges a single alarm by patching the alarm - information. A conditional acknowledge request based on the perceived - severity is not supported. - parameters: - - name: alarmId - in: path - description: Identifies the alarm to be patched. - required: true - schema: - type: string - requestBody: - required: true - content: - application/merge-patch+json: - schema: - oneOf: - - $ref: '#/components/schemas/MergePatchAcknowledgeAlarm' - - $ref: '#/components/schemas/MergePatchClearAlarm' - responses: - '204': - description: >- - Success case (204 No content). - The response message body is absent. - default: - description: Response in case of error. - content: - application/json: - schema: - $ref: '#/components/schemas/ErrorResponse' - /alarms/{alarmId}/comments: - post: - summary: Add a comment to a single alarm - description: >- - Adds a comment to an alarm identified by alarmId. The id of the new comment - is allocated by the producer. - parameters: - - name: alarmId - in: path - description: Identifies the alarm to which the comment shall be added. - required: true - schema: - type: string - requestBody: - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/Comment' - responses: - '201': - description: >- - Success case (201 Created). - The representation of the newly created comment resource shall be returned. - content: - application/json: - schema: - $ref: '#/components/schemas/Comment' - headers: - Location: - description: URI of the newly created comment resource. - required: true - schema: - type: string - default: - description: Error case. - content: - application/json: - schema: - $ref: '#/components/schemas/ErrorResponse' - - /subscriptions: - post: - summary: Create a subscription - description: >- - To create a subscription the representation of the subscription is - POSTed on the /subscriptions collection resource. - requestBody: - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/Subscription' - responses: - '201': - description: >- - Success case ("201 Created"). - The representation of the newly created subscription resource shall - be returned. - content: - application/json: - schema: - $ref: '#/components/schemas/Subscription' - headers: - Location: - description: URI of the newly created subscription resource - required: true - schema: - type: string - default: - description: Error case. - content: - application/json: - schema: - $ref: '#/components/schemas/ErrorResponse' - callbacks: - notifyNewAlarm: - '{request.body#/consumerReference}': - post: - requestBody: - required: true - content: - application/json: - schema: - oneOf: - - $ref: '#/components/schemas/NotifyNewAlarm' - - $ref: '#/components/schemas/NotifyNewSecAlarm' - responses: - '204': - description: >- - Success case ("204 No Content"). - The notification is successfully delivered. The response message - body is absent. - default: - description: Error case. - content: - application/json: - schema: - $ref: '#/components/schemas/ErrorResponse' - notifyClearedAlarm: - '{request.body#/consumerReference}': - post: - requestBody: - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/NotifyClearedAlarm' - responses: - '204': - description: >- - Success case ("204 No Content"). - The notification is successfully delivered. The response message - body is absent. - default: - description: Error case. - content: - application/json: - schema: - $ref: '#/components/schemas/ErrorResponse' - notifyChangedAlarm: - '{request.body#/consumerReference}': - post: - requestBody: - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/NotifyChangedAlarm' - responses: - '204': - description: >- - Success case ("204 No Content"). - The notification is successfully delivered. The response message - body is absent. - default: - description: Error case. - content: - application/json: - schema: - $ref: '#/components/schemas/ErrorResponse' - notifyChangedAlarmGeneral: - '{request.body#/consumerReference}': - post: - requestBody: - required: true - content: - application/json: - schema: - oneOf: - - $ref: '#/components/schemas/NotifyChangedAlarmGeneral' - - $ref: '#/components/schemas/NotifyChangedSecAlarmGeneral' - responses: - '204': - description: >- - Success case ("204 No Content"). - The notification is successfully delivered. The response message - body is absent. - default: - description: Error case. - content: - application/json: - schema: - $ref: '#/components/schemas/ErrorResponse' - notifyCorrelatedNotificationChanged: - '{request.body#/consumerReference}': - post: - requestBody: - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/NotifyCorrelatedNotificationChanged' - responses: - '204': - description: >- - Success case ("204 No Content"). - The notification is successfully delivered. The response message - body is absent. - default: - description: Error case. - content: - application/json: - schema: - $ref: '#/components/schemas/ErrorResponse' - notifyAckStateChanged: - '{request.body#/consumerReference}': - post: - requestBody: - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/NotifyAckStateChanged' - responses: - '204': - description: >- - Success case ("204 No Content"). - The notification is successfully delivered. The response message - body is absent. - default: - description: Error case. - content: - application/json: - schema: - $ref: '#/components/schemas/ErrorResponse' - notifyComments: - '{request.body#/consumerReference}': - post: - requestBody: - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/NotifyComments' - responses: - '204': - description: >- - Success case ("204 No Content"). - The notification is successfully delivered. The response message - body is absent. - default: - description: Error case. - content: - application/json: - schema: - $ref: '#/components/schemas/ErrorResponse' - notifyPotentialFaultyAlarmList: - '{request.body#/consumerReference}': - post: - requestBody: - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/NotifyPotentialFaultyAlarmList' - responses: - '204': - description: >- - Success case ("204 No Content"). - The notification is successfully delivered. The response message - body is absent. - default: - description: Error case. - content: - application/json: - schema: - $ref: '#/components/schemas/ErrorResponse' - notifyAlarmListRebuilt: - '{request.body#/consumerReference}': - post: - requestBody: - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/NotifyAlarmListRebuilt' - responses: - '204': - description: >- - Success case ("204 No Content"). - The notification is successfully delivered. The response message - body is absent. - default: - description: Error case. - content: - application/json: - schema: - $ref: '#/components/schemas/ErrorResponse' - /subscriptions/{subscriptionId}: - delete: - summary: Delete a subscription - description: >- - The subscription is deleted by deleting the corresponding subscription - resource. The resource to be deleted is identified with the path - component of the URI. - parameters: - - name: subscriptionId - in: path - description: Identifies the subscription to be deleted. - required: true - schema: - type: string - responses: - '204': - description: >- - Success case ("204 No Content"). - The subscription resource has been deleted. The response message body - is absent. - default: - description: Error case. - content: - application/json: - schema: - $ref: '#/components/schemas/ErrorResponse' - -components: - schemas: - - #---- Definitions to be moved to comDefs.yaml --------------------------------------# - - Long: - type: string - format: long - Float: - type: string - format: float - DateTime: - type: string - format: date-Time - - Dn: - type: string - Uri: - type: string - - AttributeNameValuePairSet: - type: object - minProperties: 1 - AttributeValueChangeSet: - description: >- - The key in this map is the attribute name. The value of each key is an array. - When only one item is present in the array, it carries the new attribute - value. If two items are present, then the first item carries the old value - and the second item the new value. The items can be of any type including null. - type: object - additionalProperties: - type: array - minItems: 1 - maxItems: 2 - items: - nullable: true - - Filter: - type: string - SystemDN: - type: string - - NotificationId: - type: integer - NotificationHeader: - description: >- - Header used for all notification types - type: object - required: - - href - - notificationId - - notificationType - - eventTime - - systemDN - properties: - uri: - $ref: '#/components/schemas/Uri' - notificationId: - $ref: '#/components/schemas/NotificationId' - notificationType: - oneOf: - - $ref: '#/components/schemas/AlarmNotificationTypes' - #- $ref: 'faultMnS.yaml#/components/schemas/AlarmNotificationTypes' - #- $ref: 'provMnS.yaml#/components/schemas/CmNotificationTypes' - # more to be added - eventTime: - $ref: '#/components/schemas/DateTime' - systemDN: - $ref: '#/components/schemas/SystemDN' - - ErrorResponse: - description: >- - Default schema for the response message body in case the request is not - successful. - type: object - properties: - error: - type: object - properties: - errorInfo: - type: string - - #---- End of definitions to be moved to comDefs.yaml -------------------------------# - - #---- Definition of AlarmRecord ----------------------------------------------------# - - AlarmId: - type: string - AlarmType: - type: string - enum: - - COMMUNICATIONS_ALARM - - QUALITY_OF_SERVICE_ALARM - - PROCESSING_ERROR_ALARM - - EQUIPMENT_ALARM - - ENVIRONMENTAL_ALARM - - INTEGRITY_VIOLATION - - OPERATIONAL_VIOLATION - - PHYSICAL_VIOLATION - - SECURITY_SERVICE_OR_MECHANISM_VIOLATION - - TIME_DOMAIN_VIOLATION - ProbableCause: - description: >- - The value of the probable cause may be a specific standardized string, or any - vendor provided string. Probable cause strings are not standardized in the - present document. They may be added in a future version. Up to then the - mapping of the generic probable cause strings "PROBABLE_CAUSE_001" to - "PROBABLE_CAUSE_005" is vendor specific. - The value of the probable cause may also be an integer. The mapping of integer - values to probable causes is vendor specific. - oneOf: - - anyOf: - - type: string - enum: - - PROBABLE_CAUSE_001 - - PROBABLE_CAUSE_002 - - PROBABLE_CAUSE_003 - - PROBABLE_CAUSE_004 - - PROBABLE_CAUSE_005 - - type: string - - type: integer - SpecificProblem: - oneOf: - - type: string - - type: integer - PerceivedSeverity: - type: string - enum: - - INDETERMINATE - - CRITICAL - - MAJOR - - MINOR - - WARNING - - CLEARED - TrendIndication: - type: string - enum: - - MORE_SEVERE - - NO_CHANGE - - LESS_SEVERE - ThresholdHysteresis: - type: object - required: - - high - properties: - high: - oneOf: - - type: integer - - $ref: '#/components/schemas/Float' - low: - $ref: '#/components/schemas/Float' - ThresholdLevelInd: - type: object - required: - - up - properties: - up: - $ref: '#/components/schemas/ThresholdHysteresis' - low: - $ref: '#/components/schemas/ThresholdHysteresis' - ThresholdInfo: - type: object - required: - - observedMeasurement - - observedValue - properties: - observedMeasurement: - type: string - observedValue: - oneOf: - - type: integer - - $ref: '#/components/schemas/Float' - thresholdLevelInd: - $ref: '#/components/schemas/ThresholdLevelInd' - armTime: - $ref: '#/components/schemas/DateTime' - CorrelatedNotification: - type: object - required: - - source - - notificationId - properties: - sourceObjectInstance: - $ref: '#/components/schemas/Dn' - notificationIds: - type: array - items: - $ref: '#/components/schemas/NotificationId' - CorrelatedNotifications: - type: array - items: - $ref: '#/components/schemas/CorrelatedNotification' - AckState: - type: string - enum: - - ACKNOWLEDGED - - UNACKNOWLEDGED - - AlarmRecord: - description: >- - The alarmId is not a property of an alarm record. It is used as key - in the map of alarm records instead. - type: object - properties: - # alarmId: - # $ref: '#/components/schemas/AlarmId' - objectInstance: - $ref: '#/components/schemas/Dn' - notificationId: - $ref: '#/components/schemas/NotificationId' - alarmRaisedTime: - $ref: '#/components/schemas/DateTime' - alarmChangedTime: - $ref: '#/components/schemas/DateTime' - alarmClearedTime: - $ref: '#/components/schemas/DateTime' - alarmType: - $ref: '#/components/schemas/AlarmType' - probableCause: - $ref: '#/components/schemas/ProbableCause' - specificProblem: - $ref: '#/components/schemas/SpecificProblem' - perceivedSeverity: - $ref: '#/components/schemas/PerceivedSeverity' - backedUpStatus: - type: boolean - backUpObject: - $ref: '#/components/schemas/Dn' - trendIndication: - $ref: '#/components/schemas/TrendIndication' - thresholdinfo: - $ref: '#/components/schemas/ThresholdInfo' - correlatedNotifications: - $ref: '#/components/schemas/CorrelatedNotifications' - stateChangeDefinition: - $ref: '#/components/schemas/AttributeValueChangeSet' - monitoredAttributes: - $ref: '#/components/schemas/AttributeNameValuePairSet' - proposedRepairActions: - type: string - additionalText: - type: string - additionalInformation: - $ref: '#/components/schemas/AttributeNameValuePairSet' - - rootCauseIndicator: - type: boolean - - ackTime: - $ref: '#/components/schemas/DateTime' - ackUserId: - type: string - ackSystemId: - type: string - ackState: - $ref: '#/components/schemas/AckState' - - clearUserId: - type: string - clearSystemId: - type: string - serviceUser: - type: string - serviceProvider: - type: string - securityAlarmDetector: - type: string - - #---- Definition of alarm notifications --------------------------------------------# - - AlarmNotificationTypes: - type: string - enum: - - notifyNewAlarm - - notifyChangedAlarm - - notifyChangedAlarmGeneral - - notifyAckStateChanged - - notifyCorrelatedNotificationChanged - - notifyComments - - notifyClearedAlarm - - notifyAlarmListRebuiltAlarm - - notifyPotentialFaultyAlarmList - AlarmListAlignmentRequirement: - type: string - enum: - - ALIGNMENT_REQUIRED - - ALIGNMENT_NOT_REQUIRED - - NotifyNewAlarm: - allOf: - - $ref: '#/components/schemas/NotificationHeader' - - type: object - required: - - alarmId - - alarmType - - probableCause - - perceivedSeverity - properties: - alarmId: - $ref: '#/components/schemas/AlarmId' - alarmType: - $ref: '#/components/schemas/AlarmType' - probableCause: - $ref: '#/components/schemas/ProbableCause' - specificProblem: - $ref: '#/components/schemas/SpecificProblem' - perceivedSeverity: - $ref: '#/components/schemas/PerceivedSeverity' - backedUpStatus: - type: boolean - backUpObject: - $ref: '#/components/schemas/Dn' - trendIndication: - $ref: '#/components/schemas/TrendIndication' - thresholdInfo: - $ref: '#/components/schemas/ThresholdInfo' - correlatedNotifications: - $ref: '#/components/schemas/CorrelatedNotifications' - stateChangeDefinition: - $ref: '#/components/schemas/AttributeValueChangeSet' - monitoredAttributes: - $ref: '#/components/schemas/AttributeNameValuePairSet' - proposedRepairActions: - type: string - additionalText: - type: string - additionalInformation: - $ref: '#/components/schemas/AttributeNameValuePairSet' - rootCauseIndicator: - type: boolean - NotifyNewSecAlarm: - allOf: - - $ref: '#/components/schemas/NotificationHeader' - - type: object - required: - - alarmId - - alarmType - - probableCause - - perceivedSeverity - - serviceUser - - serviceProvider - - securityAlarmDetector - properties: - alarmId: - $ref: '#/components/schemas/AlarmId' - alarmType: - $ref: '#/components/schemas/AlarmType' - probableCause: - $ref: '#/components/schemas/ProbableCause' - perceivedSeverity: - $ref: '#/components/schemas/PerceivedSeverity' - correlatedNotifications: - $ref: '#/components/schemas/CorrelatedNotifications' - additionalText: - type: string - additionalInformation: - $ref: '#/components/schemas/AttributeNameValuePairSet' - rootCauseIndicator: - type: boolean - serviceUser: - type: string - serviceProvider: - type: string - securityAlarmDetector: - type: string - NotifyClearedAlarm: - allOf: - - $ref: '#/components/schemas/NotificationHeader' - - type: object - required: - - alarmId - - alarmType - - probableCause - - perceivedSeverity - properties: - alarmId: - $ref: '#/components/schemas/AlarmId' - alarmType: - $ref: '#/components/schemas/AlarmType' - probableCause: - $ref: '#/components/schemas/ProbableCause' - perceivedSeverity: - $ref: '#/components/schemas/PerceivedSeverity' - correlatedNotifications: - $ref: '#/components/schemas/CorrelatedNotifications' - clearUserId: - type: string - clearSystemId: - type: string - NotifyChangedAlarm: - allOf: - - $ref: '#/components/schemas/NotificationHeader' - - type: object - required: - - alarmId - - alarmType - - probableCause - - perceivedSeverity - properties: - alarmId: - $ref: '#/components/schemas/AlarmId' - alarmType: - $ref: '#/components/schemas/AlarmType' - probableCause: - $ref: '#/components/schemas/ProbableCause' - perceivedSeverity: - $ref: '#/components/schemas/PerceivedSeverity' - NotifyChangedAlarmGeneral: - allOf: - - $ref: '#/components/schemas/NotificationHeader' - - type: object - required: - - alarmId - - alarmType - - probableCause - - perceivedSeverity - - changedAlarmAttributes - properties: - alarmId: - $ref: '#/components/schemas/AlarmId' - alarmType: - $ref: '#/components/schemas/AlarmType' - probableCause: - $ref: '#/components/schemas/ProbableCause' - specificProblem: - $ref: '#/components/schemas/SpecificProblem' - perceivedSeverity: - $ref: '#/components/schemas/PerceivedSeverity' - correlatedNotifications: - $ref: '#/components/schemas/CorrelatedNotifications' - backedUpStatus: - type: boolean - backUpObject: - $ref: '#/components/schemas/Dn' - trendIndication: - $ref: '#/components/schemas/TrendIndication' - thresholdInfo: - $ref: '#/components/schemas/ThresholdInfo' - stateChangeDefinition: - $ref: '#/components/schemas/AttributeValueChangeSet' - monitoredAttributes: - $ref: '#/components/schemas/AttributeNameValuePairSet' - proposedRepairActions: - type: string - additionalText: - type: string - additionalInformation: - $ref: '#/components/schemas/AttributeNameValuePairSet' - rootCauseIndicator: - type: boolean - changedAlarmAttributes: - $ref: '#/components/schemas/AttributeNameValuePairSet' - NotifyChangedSecAlarmGeneral: - allOf: - - $ref: '#/components/schemas/NotificationHeader' - - type: object - required: - - alarmId - - alarmType - - probableCause - - perceivedSeverity - - serviceUser - - serviceProvider - - securityAlarmDetector - - changedAlarmAttributes - properties: - alarmId: - $ref: '#/components/schemas/AlarmId' - alarmType: - $ref: '#/components/schemas/AlarmType' - probableCause: - $ref: '#/components/schemas/ProbableCause' - perceivedSeverity: - $ref: '#/components/schemas/PerceivedSeverity' - correlatedNotifications: - $ref: '#/components/schemas/CorrelatedNotifications' - additionalText: - type: string - additionalInformation: - $ref: '#/components/schemas/AttributeNameValuePairSet' - rootCauseIndicator: - type: boolean - serviceUser: - type: string - serviceProvider: - type: string - securityAlarmDetector: - type: string - changedAlarmAttributes: - $ref: '#/components/schemas/AttributeNameValuePairSet' - NotifyCorrelatedNotificationChanged: - allOf: - - $ref: '#/components/schemas/NotificationHeader' - - type: object - required: - - alarmId - - correlatedNotifications - properties: - alarmId: - $ref: '#/components/schemas/AlarmId' - correlatedNotifications: - $ref: '#/components/schemas/CorrelatedNotifications' - rootCauseIndicator: - type: boolean - NotifyAckStateChanged: - allOf: - - $ref: '#/components/schemas/NotificationHeader' - - type: object - required: - - alarmId - - alarmType - - probableCause - - perceivedSeverity - - ackState - - ackUserId - properties: - alarmId: - $ref: '#/components/schemas/AlarmId' - alarmType: - $ref: '#/components/schemas/AlarmType' - probableCause: - $ref: '#/components/schemas/ProbableCause' - perceivedSeverity: - $ref: '#/components/schemas/PerceivedSeverity' - ackState: - $ref: '#/components/schemas/AckState' - ackUserId: - type: string - ackSystemId: - type: string - NotifyComments: - allOf: - - $ref: '#/components/schemas/NotificationHeader' - - type: object - required: - - alarmId - - alarmType - - probableCause - - perceivedSeverity - - comments - properties: - alarmId: - $ref: '#/components/schemas/AlarmId' - alarmType: - $ref: '#/components/schemas/AlarmType' - probableCause: - $ref: '#/components/schemas/ProbableCause' - perceivedSeverity: - $ref: '#/components/schemas/PerceivedSeverity' - comments: - $ref: '#/components/schemas/Comments' - NotifyPotentialFaultyAlarmList: - allOf: - - $ref: '#/components/schemas/NotificationHeader' - - type: object - required: - - reason - properties: - reason: - type: string - NotifyAlarmListRebuilt: - allOf: - - $ref: '#/components/schemas/NotificationHeader' - - type: object - required: - - reason - properties: - reason: - type: string - alarmListAlignmentRequirement: - $ref: '#/components/schemas/AlarmListAlignmentRequirement' - - #---- Definition of query parameters -----------------------------------------------# - - AlarmAckState: - type: string - enum: - - ALL_ALARMS - - ALL_ACTIVE_ALARMS - - ALL_ACTIVE_AND_ACKNOWLEDGED_ALARMS - - ALL_ACTIVE_AND_UNACKNOWLEDGED_ALARMS - - ALL_CLEARED_AND_UNACKNOWLEDGED_ALARMS - - ALL_UNACKNOWLEDGED_ALARMS - - #---- Definition of patch documents ------------------------------------------------# - - MergePatchAcknowledgeAlarm: - description: >- - Patch document acknowledging or unacknowledging a single alarm. For - acknowleding an alarm the value of ackState is ACKNOWLEDGED, for unacknowleding - an alarm the value of ackState is UNACKNOWLEDGED. - type: object - required: - - ackUserId - - ackState - properties: - ackUserId: - type: string - ackSystemId: - type: string - ackState: - $ref: '#/components/schemas/AckState' - MergePatchClearAlarm: - description: Patch document for clearing a single alarm - type: object - required: - - clearUserId - - perceivedSeverity - properties: - clearUserId: - type: string - clearSystemId: - type: string - perceivedSeverity: - type: string - enum: - - CLEARED - - #---- Definition of method responses -----------------------------------------------# - - FailedAlarm: - type: object - required: - - alarmId - - failureReason - properties: - alarmId: - $ref: '#/components/schemas/AlarmId' - failureReason: - type: string - - #---- Definition of resources ------------------------------------------------------# - - AlarmCount: - type: object - required: - - criticalCount - - majorCount - - minorCount - - warningCount - - indeterminateCount - - clearedCount - properties: - criticalCount: - type: integer - majorCount: - type: integer - minorCount: - type: integer - warningCount: - type: integer - indeterminateCount: - type: integer - clearedCount: - type: integer - Comment: - type: object - properties: - commentTime: - $ref: '#/components/schemas/DateTime' - commentUserId: - type: string - commentSystemId: - type: string - commentText: - type: string - Comments: - description: >- - Collection of comments. The comment identifiers are allocated by the - MnS producer and used as key in the map. - type: object - additionalProperties: - $ref: '#/components/schemas/Comment' - Subscription: - type: object - properties: - consumerReference: - $ref: '#/components/schemas/Uri' - timeTick: - $ref: '#/components/schemas/Long' - filter: - $ref: '#/components/schemas/Filter' diff --git a/kubernetes/dcaegen2/resources/external/schema/rel16/heartbeatNtf.yaml b/kubernetes/dcaegen2/resources/external/schema/rel16/heartbeatNtf.yaml deleted file mode 100644 index afde5066dd..0000000000 --- a/kubernetes/dcaegen2/resources/external/schema/rel16/heartbeatNtf.yaml +++ /dev/null @@ -1,23 +0,0 @@ -openapi: 3.0.1 -info: - title: Heartbeat notification - version: 16.3.0 - description: >- - OAS 3.0.1 specification of the heartbeat notification - © 2020, 3GPP Organizational Partners (ARIB, ATIS, CCSA, ETSI, TSDSI, TTA, TTC). - All rights reserved. -externalDocs: - description: 3GPP TS 28.532 V16.3.0; Heartbeat notification - url: http://www.3gpp.org/ftp/Specs/archive/28_series/28.6532/ -paths: {} -components: - schemas: - hearbeatNtfPeriod-Type: - type: integer - notifyHeartbeat-NotifType: - allOf: - - $ref: 'provMnS.yaml#/components/schemas/header-Type' - - type: object - properties: - heartbeatNtfPeriod: - $ref: '#/components/schemas/hearbeatNtfPeriod-Type' diff --git a/kubernetes/dcaegen2/resources/external/schema/rel16/provMnS.yaml b/kubernetes/dcaegen2/resources/external/schema/rel16/provMnS.yaml deleted file mode 100644 index b2f84a4d2a..0000000000 --- a/kubernetes/dcaegen2/resources/external/schema/rel16/provMnS.yaml +++ /dev/null @@ -1,579 +0,0 @@ -openapi: 3.0.1 -info: - title: Provisioning MnS - version: 16.4.0 - description: >- - OAS 3.0.1 definition of the Provisioning MnS - © 2020, 3GPP Organizational Partners (ARIB, ATIS, CCSA, ETSI, TSDSI, TTA, TTC). - All rights reserved. -externalDocs: - description: 3GPP TS 28.532 V16.4.0; Generic management services - url: http://www.3gpp.org/ftp/Specs/archive/28_series/28.532/ -servers: - - url: 'http://{URI-DN-prefix}/{root}/ProvMnS/v1640/{LDN-first-part}' - variables: - URI-DN-prefix: - description: See subclause 4.4 of TS 32.158 - default: example.com - root: - description: See subclause 4.4 of TS 32.158 - default: 3GPPManagement - LDN-first-part: - description: See subclause 4.4 of TS 32.158 - default: '' -paths: - '/{className}={id}': - parameters: - - name: className - in: path - required: true - schema: - $ref: '#/components/schemas/className-PathType' - - name: id - in: path - required: true - schema: - $ref: '#/components/schemas/id-PathType' - put: - summary: Replaces a complete single resource or creates it if it does not exist - description: >- - With HTTP PUT a complete resource is replaced or created if it does not - exist. The target resource is identified by the target URI. - requestBody: - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/resourcePut-RequestType' - responses: - '200': - description: >- - Success case ("200 OK"). - This status code shall be returned when the resource is replaced, and - when the replaced resource representation is not identical to the resource - representation in the request. - This status code may be retourned when the resource is updated and when the - updated resource representation is identical to the resource representation - in the request. - The representation of the updated resource is returned in the response - message body. - content: - application/json: - schema: - $ref: '#/components/schemas/resourceUpdate-ResponseType' - '201': - description: >- - Success case ("201 Created"). - This status code shall be returned when the resource is created. - The representation of the created resource is returned in the response - message body. - content: - application/json: - schema: - $ref: '#/components/schemas/resourceCreation-ResponseType' - '204': - description: >- - Success case ("204 No Content"). - This status code may be returned only when the replaced resource - representation is identical to the representation in the request. - The response has no message body. - default: - description: Error case. - content: - application/json: - schema: - $ref: '#/components/schemas/error-ResponseType' - callbacks: - notifyMOICreation: - '{request.body#/notificationRecipientAddress}': - post: - requestBody: - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/notifyMOICreation-NotifType' - responses: - '204': - description: >- - Success case ("204 No Content"). - The notification is successfully delivered. The response - has no message body. - default: - description: Error case. - content: - application/json: - schema: - $ref: '#/components/schemas/error-ResponseType' - notifyMOIDeletion: - '{request.body#/notificationRecipientAddress}': - post: - requestBody: - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/notifyMOIDeletion-NotifType' - responses: - '204': - description: >- - Success case ("204 No Content"). - The notification is successfully delivered. The response - has no message body. - default: - description: Error case. - content: - application/json: - schema: - $ref: '#/components/schemas/error-ResponseType' - notifyMOIAttributeValueChange: - '{request.body#/notificationRecipientAddress}': - post: - requestBody: - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/notifyMOIAttributeValueChange-NotifType' - responses: - '204': - description: >- - Success case ("204 No Content"). - The notification is successfully delivered. The response - has no message body. - default: - description: Error case. - content: - application/json: - schema: - $ref: '#/components/schemas/error-ResponseType' - notifyMOIChanges: - '{request.body#/notificationRecipientAddress}': - post: - requestBody: - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/notifyMOIChanges-NotifType' - responses: - '204': - description: >- - Success case ("204 No Content"). - The notification is successfully delivered. The response - has no message body. - default: - description: Error case. - content: - application/json: - schema: - $ref: '#/components/schemas/error-ResponseType' - get: - summary: Reads one or multiple resources - description: >- - With HTTP GET resources are read. The resources to be retrieved are - identified with the target URI. The attributes and fields parameter - of the query components allow to select the resource properties to be returned. - parameters: - - name: scope - in: query - description: >- - This parameter extends the set of targeted resources beyond the base - resource identified with the path component of the URI. No scoping - mechanism is specified in the present document. - required: false - schema: - $ref: '#/components/schemas/scope-QueryType' - style: form - explode: true - - name: filter - in: query - description: >- - This parameter reduces the targeted set of resources by applying a - filter to the scoped set of resource representations. Only resource - representations for which the filter construct evaluates to "true" - are targeted. No filter language is specified in the present - document. - required: false - schema: - $ref: '#/components/schemas/filter-QueryType' - - name: attributes - in: query - description: >- - This parameter specifies the attributes of the scoped resources that - are returned. - required: true - schema: - $ref: '#/components/schemas/attributes-QueryType' - style: form - explode: false - - name: fields - in: query - description: >- - This parameter specifies the attribute field of the scoped resources - that are returned. - required: false - schema: - $ref: '#/components/schemas/fields-QueryType' - style: form - explode: false - responses: - '200': - description: >- - Success case ("200 OK"). - The resources identified in the request for retrieval are returned - in the response message body. In case the attributes or fields query - parameters are used, only the selected attributes or sub-attributes are - returned. The response message body is constructed according to the - hierarchical response construction method (TS 32.158 [15]). - content: - application/json: - schema: - $ref: '#/components/schemas/resourceRetrieval-ResponseType' - default: - description: Error case. - content: - application/json: - schema: - $ref: '#/components/schemas/error-ResponseType' - patch: - summary: Patches one or multiple resources - description: >- - With HTTP PATCH resources are created, updated or deleted. The resources - to be modified are identified with the target URI (base resource) and - the patch document included in the request message body. - requestBody: - description: >- - The request body describes changes to be made to the target resources. - The following patch media types are available - - "application/merge-patch+json" (RFC 7396) - - "application/3gpp-merge-patch+json" (TS 32.158) - - "application/json-patch+json" (RFC 6902) - - "application/3gpp-json-patch+json" (TS 32.158) - required: true - content: - application/merge-patch+json: - schema: - $ref: '#/components/schemas/jsonMergePatch-RequestType' - application/3gpp-merge-patch+json: - schema: - $ref: '#/components/schemas/3gppJsonMergePatch-RequestType' - application/json-patch+json: - schema: - $ref: '#/components/schemas/jsonPatch-RequestType' - application/3gpp-json-patch+json: - schema: - $ref: '#/components/schemas/3gppJsonPatch-RequestType' - responses: - '200': - description: >- - Success case ("200 OK"). - This status code is returned when the updated the resource representations - shall be returned for some reason. - The resource representations are returned in the response message body. The - response message body is constructed according to the hierarchical response - construction method (TS 32.158 [15]) - content: - application/json: - schema: - $ref: '#/components/schemas/resourceUpdate-ResponseType' - '204': - description: >- - Success case ("204 No Content"). - This status code is returned when there is no need to return the updated - resource representations. - The response message body is empty. - default: - description: Error case. - content: - application/json: - schema: - $ref: '#/components/schemas/error-ResponseType' - delete: - summary: Deletes one or multiple resources - description: >- - With HTTP DELETE resources are deleted. The resources to be deleted are - identified with the target URI. - parameters: - - name: scope - in: query - description: >- - This parameter extends the set of targeted resources beyond the base - resource identified with the path component of the URI. No scoping - mechanism is specified in the present document. - required: false - schema: - $ref: '#/components/schemas/scope-QueryType' - - name: filter - in: query - description: >- - This parameter reduces the targeted set of resources by applying a - filter to the scoped set of resource representations. Only resources - representations for which the filter construct evaluates to "true" - are returned. No filter language is specified in the present - document. - required: false - schema: - $ref: '#/components/schemas/filter-QueryType' - responses: - '200': - description: >- - Success case ("200 OK"). - This status code shall be returned, when query parameters are present in - the request and one or multiple resources are deleted. - The URIs of the deleted resources are returned in the response message body. - '204': - description: >- - Success case ("204 No Content"). - This status code shall be returned, when no query parameters are present in - the request and only one resource is deleted. - The message body is empty. - content: - application/json: - schema: - $ref: '#/components/schemas/resourceDeletion-ResponseType' - default: - description: Error case. - content: - application/json: - schema: - $ref: '#/components/schemas/error-ResponseType' -components: - schemas: - dateTime-Type: - type: string - format: date-time - long-Type: - type: integer - format: int64 - uri-Type: - type: string - correlatedNotification-Type: - type: object - properties: - source: - $ref: '#/components/schemas/uri-Type' - notificationIds: - type: array - items: - $ref: '#/components/schemas/notificationId-Type' - notificationId-Type: - $ref: '#/components/schemas/long-Type' - notificationType-Type: - type: string - enum: - - notifyMOICreation - - notifyMOIDeletion - - notifyMOIAttributeValueChange - systemDN-Type: - type: string - additionalText-Type: - type: string - sourceIndicator-Type: - type: string - enum: - - resourceOperation - - mangementOperation - - sONOperation - - unknown - header-Type: - type: object - properties: - href: - $ref: '#/components/schemas/uri-Type' - notificationId: - $ref: '#/components/schemas/notificationId-Type' - notificationType: - $ref: '#/components/schemas/notificationType-Type' - eventTime: - $ref: '#/components/schemas/dateTime-Type' - systemDN: - $ref: '#/components/schemas/systemDN-Type' - required: - - href - - notificationId - - notificationType - - eventTime - - systemDN - scopeType-Type: - type: string - enum: - - BASE_ONLY - - BASE_NTH_LEVEL - - BASE_SUBTREE - - BASE_ALL - scopeLevel-Type: - type: integer - className-PathType: - type: string - id-PathType: - type: string - attributes-QueryType: - type: array - items: - type: string - fields-QueryType: - type: array - items: - type: string - filter-QueryType: - type: string - scope-QueryType: - type: object - properties: - scopeType: - $ref: '#/components/schemas/scopeType-Type' - scopeLevel: - $ref: '#/components/schemas/scopeLevel-Type' - - resourcePut-RequestType: - $ref: '#/components/schemas/resourceRepresentation-Type' - jsonMergePatch-RequestType: - $ref: '#/components/schemas/resourceRepresentation-Type' - 3gppJsonMergePatch-RequestType: - $ref: '#/components/schemas/resourceRepresentation-Type' - jsonPatch-RequestType: - type: array - items: - type: object - 3gppJsonPatch-RequestType: - type: array - items: - type: object - - error-ResponseType: - type: object - properties: - error: - type: object - properties: - errorInfo: - type: string - resourceRetrieval-ResponseType: - $ref: '#/components/schemas/resourceRepresentation-Type' - resourceCreation-ResponseType: - $ref: '#/components/schemas/resourceRepresentation-Type' - resourceUpdate-ResponseType: - $ref: '#/components/schemas/resourceRepresentation-Type' - resourceDeletion-ResponseType: - type: array - items: - $ref: '#/components/schemas/uri-Type' - - resourceRepresentation-Type: - oneOf: - - type: object - properties: - id: - type: string - attributes: - type: object - additionalProperties: - type: array - items: - type: object - - anyOf: - - $ref: 'genericNrm.yaml#/components/schemas/resources-genericNrm' - - $ref: 'nrNrm.yaml#/components/schemas/resources-nrNrm' - - $ref: '5gcNrm.yaml#/components/schemas/resources-5gcNrm' - - $ref: 'sliceNrm.yaml#/components/schemas/resources-sliceNrm' - - mOIChange-Type: - type: object - properties: - notificationId: - $ref: '#/components/schemas/notificationId-Type' - correlatedNotifications: - type: array - items: - $ref: '#/components/schemas/correlatedNotification-Type' - additionalText: - $ref: '#/components/schemas/additionalText-Type' - sourceIndicator: - $ref: '#/components/schemas/sourceIndicator-Type' - path: - $ref: '#/components/schemas/uri-Type' - operation: - type: string - enum: - - CREATE - - DELETE - - REPLACE - value: - oneOf: - - type: object - additionalProperties: - nullable: true - - type: array - items: - type: object - minItems: 1 - maxItems: 2 - - notifyMOICreation-NotifType: - allOf: - - $ref: '#/components/schemas/header-Type' - - type: object - properties: - correlatedNotifications: - type: array - items: - $ref: '#/components/schemas/correlatedNotification-Type' - additionalText: - $ref: '#/components/schemas/additionalText-Type' - sourceIndicator: - $ref: '#/components/schemas/sourceIndicator-Type' - attributeList: - type: object - additionalProperties: - nullable: true - notifyMOIDeletion-NotifType: - allOf: - - $ref: '#/components/schemas/header-Type' - - type: object - properties: - correlatedNotifications: - type: array - items: - $ref: '#/components/schemas/correlatedNotification-Type' - additionalText: - $ref: '#/components/schemas/additionalText-Type' - sourceIndicator: - $ref: '#/components/schemas/sourceIndicator-Type' - attributeList: - type: object - additionalProperties: true - notifyMOIAttributeValueChange-NotifType: - allOf: - - $ref: '#/components/schemas/header-Type' - - type: object - properties: - correlatedNotifications: - type: array - items: - $ref: '#/components/schemas/correlatedNotification-Type' - additionalText: - $ref: '#/components/schemas/additionalText-Type' - sourceIndicator: - $ref: '#/components/schemas/sourceIndicator-Type' - attributeValueChange: - type: object - additionalProperties: - type: array - minItems: 1 - maxItems: 2 - items: - nullable: true - required: - - attributeValueChange - notifyMOIChanges-NotifType: - allOf: - - $ref: '#/components/schemas/header-Type' - - type: object - properties: - mOIChanges: - type: array - items: - $ref: '#/components/schemas/mOIChange-Type' - required: - - mOIChanges diff --git a/kubernetes/dcaegen2/templates/configmap.yaml b/kubernetes/dcaegen2/templates/configmap.yaml index a9917a55ce..4a1877f02e 100644 --- a/kubernetes/dcaegen2/templates/configmap.yaml +++ b/kubernetes/dcaegen2/templates/configmap.yaml @@ -23,20 +23,4 @@ metadata: name: {{ include "common.release" . }}-dcae-expected-components namespace: {{ include "common.namespace" . }} data: -{{ tpl (.Files.Glob "resources/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: dcae-external-repo-configmap-schema-map - namespace: {{ include "common.namespace" . }} -data: -{{ (.Files.Glob "resources/external/map/*").AsConfig | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: dcae-external-repo-configmap-sa88-rel16 - namespace: {{ include "common.namespace" . }} -data: -{{ (.Files.Glob "resources/external/schema/rel16/*").AsConfig | indent 2 }} +{{ tpl (.Files.Glob "resources/*").AsConfig . | indent 2 }} \ No newline at end of file diff --git a/kubernetes/dcaegen2/values.yaml b/kubernetes/dcaegen2/values.yaml index 340c159a2f..232f8b45d5 100644 --- a/kubernetes/dcaegen2/values.yaml +++ b/kubernetes/dcaegen2/values.yaml @@ -1,7 +1,6 @@ # Copyright © 2018 Amdocs, Bell Canada # Modifications Copyright © 2018-2019 AT&T # Modifications Copyright © 2020 Samsung Electronics -# Modifications Copyright © 2021 Nokia # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -67,5 +66,3 @@ dcae-policy-handler: cloudifyManagerPasswordExternalSecret: *cmPassSecretName dcae-servicechange-handler: enabled: true -dcae-ves-openapi-manager: - enabled: true \ No newline at end of file diff --git a/kubernetes/helm/plugins/deploy/deploy.sh b/kubernetes/helm/plugins/deploy/deploy.sh index 3bcb404032..40338b9485 100755 --- a/kubernetes/helm/plugins/deploy/deploy.sh +++ b/kubernetes/helm/plugins/deploy/deploy.sh @@ -266,11 +266,7 @@ deploy() { done # report on success/failures of installs/upgrades - if [[ $HELM_VER == "v3."* ]]; then - helm ls --all-namespaces | grep -i FAILED | grep $RELEASE - else - helm ls | grep FAILED | grep $RELEASE - fi + helm ls | grep FAILED | grep $RELEASE } HELM_VER=$(helm version --template "{{.Version}}") echo $HELM_VER diff --git a/kubernetes/modeling/components/modeling-etsicatalog/values.yaml b/kubernetes/modeling/components/modeling-etsicatalog/values.yaml index c9e24fc07b..7fb611b348 100644 --- a/kubernetes/modeling/components/modeling-etsicatalog/values.yaml +++ b/kubernetes/modeling/components/modeling-etsicatalog/values.yaml @@ -100,7 +100,7 @@ config: # application image flavor: small -image: onap/modeling/etsicatalog:1.0.10 +image: onap/modeling/etsicatalog:1.0.9 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/multicloud/components/multicloud-k8s/values.yaml b/kubernetes/multicloud/components/multicloud-k8s/values.yaml index a8ccc5ddfc..5c840ec9a4 100644 --- a/kubernetes/multicloud/components/multicloud-k8s/values.yaml +++ b/kubernetes/multicloud/components/multicloud-k8s/values.yaml @@ -24,7 +24,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/multicloud/k8s:0.8.0 +image: onap/multicloud/k8s:0.7.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/nbi/values.yaml b/kubernetes/nbi/values.yaml index 7b9c15083c..bc1f19a6e9 100644 --- a/kubernetes/nbi/values.yaml +++ b/kubernetes/nbi/values.yaml @@ -66,7 +66,7 @@ subChartsOnly: # application image repository: nexus3.onap.org:10001 -image: onap/externalapi/nbi:8.0.1 +image: onap/externalapi/nbi:8.0.0-latest pullPolicy: IfNotPresent sdc_authorization: Basic YWFpOktwOGJKNFNYc3pNMFdYbGhhazNlSGxjc2UyZ0F3ODR2YW9HR21KdlV5MlU= aai_authorization: Basic QUFJOkFBSQ== diff --git a/kubernetes/onap/requirements.yaml b/kubernetes/onap/requirements.yaml index 4f4696263c..3e96bdf3ec 100755 --- a/kubernetes/onap/requirements.yaml +++ b/kubernetes/onap/requirements.yaml @@ -54,10 +54,6 @@ dependencies: version: ~7.x-0 repository: '@local' condition: global.addTestingComponents - - name: cps - version: ~7.x-0 - repository: '@local' - condition: cps.enabled - name: dcaegen2 version: ~7.x-0 repository: '@local' diff --git a/kubernetes/onap/resources/environments/core-onap.yaml b/kubernetes/onap/resources/environments/core-onap.yaml index 9932691b2d..027bc7b850 100644 --- a/kubernetes/onap/resources/environments/core-onap.yaml +++ b/kubernetes/onap/resources/environments/core-onap.yaml @@ -67,8 +67,6 @@ consul: enabled: false contrib: enabled: false -cps: - enabled: false dcaegen2: enabled: false dmaap: diff --git a/kubernetes/onap/resources/environments/dev.yaml b/kubernetes/onap/resources/environments/dev.yaml index 84713498fa..dd22d8fc75 100644 --- a/kubernetes/onap/resources/environments/dev.yaml +++ b/kubernetes/onap/resources/environments/dev.yaml @@ -71,8 +71,6 @@ consul: enabled: false contrib: enabled: false -cps: - enabled: false dcaegen2: enabled: false dmaap: diff --git a/kubernetes/onap/resources/environments/disable-allcharts.yaml b/kubernetes/onap/resources/environments/disable-allcharts.yaml index c7dcdfc974..27588fa4a8 100644 --- a/kubernetes/onap/resources/environments/disable-allcharts.yaml +++ b/kubernetes/onap/resources/environments/disable-allcharts.yaml @@ -41,8 +41,6 @@ consul: enabled: false contrib: enabled: false -cps: - enabled: false dcaegen2: enabled: false dmaap: diff --git a/kubernetes/onap/resources/environments/minimal-onap.yaml b/kubernetes/onap/resources/environments/minimal-onap.yaml index 0186a9c0f7..336e93788c 100644 --- a/kubernetes/onap/resources/environments/minimal-onap.yaml +++ b/kubernetes/onap/resources/environments/minimal-onap.yaml @@ -62,8 +62,6 @@ consul: enabled: false contrib: enabled: false -cps: - enabled: false dcaegen2: enabled: false dmaap: diff --git a/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml b/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml index 2481623685..be052996b7 100644 --- a/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml +++ b/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml @@ -94,8 +94,6 @@ consul: enabled: false contrib: enabled: false -cps: - enabled: false dcaegen2: enabled: false dmaap: diff --git a/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml b/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml index 63a8a74c76..997bca9f4d 100644 --- a/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml +++ b/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml @@ -36,8 +36,6 @@ consul: enabled: true contrib: enabled: true -cps: - enabled: true dcaegen2: enabled: true dmaap: diff --git a/kubernetes/onap/resources/overrides/onap-all.yaml b/kubernetes/onap/resources/overrides/onap-all.yaml index c8551cbf8e..13b90ac45e 100644 --- a/kubernetes/onap/resources/overrides/onap-all.yaml +++ b/kubernetes/onap/resources/overrides/onap-all.yaml @@ -44,8 +44,6 @@ contrib: enabled: *testing consul: enabled: true -cps: - enabled: true dcaegen2: enabled: true dcaemod: diff --git a/kubernetes/onap/resources/overrides/sm-onap.yaml b/kubernetes/onap/resources/overrides/sm-onap.yaml index bd8ed9d9c5..796643171b 100644 --- a/kubernetes/onap/resources/overrides/sm-onap.yaml +++ b/kubernetes/onap/resources/overrides/sm-onap.yaml @@ -66,10 +66,10 @@ consul: enabled: false contrib: enabled: false -cps: - enabled: false dcaegen2: enabled: false +dmaap: + enabled: true esr: enabled: false log: diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index d5d3e109b1..0920222ad7 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -301,8 +301,6 @@ consul: # addTestingComponents contrib: enabled: *testing -cps: - enabled: false dcaegen2: enabled: false dcaemod: diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/values.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/values.yaml index aa6ae1941c..0c7eb8d6a7 100644 --- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/values.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/values.yaml @@ -24,12 +24,12 @@ subChartsOnly: enabled: true # application image -image: onap/optf-cmso-optimizer:2.3.1 +image: onap/optf-cmso-optimizer:2.3.0 pullPolicy: Always #init container image dbinit: - image: onap/optf-cmso-dbinit:2.3.1 + image: onap/optf-cmso-dbinit:2.3.0 # flag to enable debugging - application support required debugEnabled: false diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/values.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/values.yaml index f0e62e458d..9973f85cff 100644 --- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/values.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/values.yaml @@ -23,13 +23,13 @@ subChartsOnly: enabled: true # application image -image: onap/optf-cmso-service:2.3.1 -robotimage: onap/optf-cmso-robot:2.3.1 +image: onap/optf-cmso-service:2.3.0 +robotimage: onap/optf-cmso-robot:2.3.0 pullPolicy: Always #init container image dbinit: - image: onap/optf-cmso-dbinit:2.3.1 + image: onap/optf-cmso-dbinit:2.3.0 # flag to enable debugging - application support required debugEnabled: false diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/values.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/values.yaml index d88e1b22c2..3720c7d44b 100644 --- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/values.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/values.yaml @@ -23,7 +23,7 @@ subChartsOnly: enabled: true # application image -image: onap/optf-cmso-ticketmgt:2.3.1 +image: onap/optf-cmso-ticketmgt:2.3.0 pullPolicy: Always diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/values.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/values.yaml index 56d9c7c12a..bdf1606dd4 100644 --- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/values.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/values.yaml @@ -22,7 +22,7 @@ subChartsOnly: enabled: true # application image -image: onap/optf-cmso-topology:2.3.1 +image: onap/optf-cmso-topology:2.3.0 pullPolicy: Always diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml index 0f2e01f5c7..46d7172b84 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml @@ -16,7 +16,7 @@ global: # global defaults nodePortPrefix: 302 image: - optf_has: onap/optf-has:2.1.3 + optf_has: onap/optf-has:2.1.2 ################################################################# # secrets metaconfig diff --git a/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml index df50561d51..99dd66cf0f 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml @@ -14,7 +14,7 @@ global: image: - optf_has: onap/optf-has:2.1.3 + optf_has: onap/optf-has:2.1.2 ################################################################# # Secrets metaconfig diff --git a/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml index b069be6d9c..e7a63c5679 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml @@ -14,7 +14,7 @@ global: image: - optf_has: onap/optf-has:2.1.3 + optf_has: onap/optf-has:2.1.2 ################################################################# # secrets metaconfig diff --git a/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml index b069be6d9c..e7a63c5679 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml @@ -14,7 +14,7 @@ global: image: - optf_has: onap/optf-has:2.1.3 + optf_has: onap/optf-has:2.1.2 ################################################################# # secrets metaconfig diff --git a/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml index b069be6d9c..e7a63c5679 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml @@ -14,7 +14,7 @@ global: image: - optf_has: onap/optf-has:2.1.3 + optf_has: onap/optf-has:2.1.2 ################################################################# # secrets metaconfig diff --git a/kubernetes/oof/components/oof-has/resources/config/conductor.conf b/kubernetes/oof/components/oof-has/resources/config/conductor.conf index ded979c4fc..a259a6d8d0 100755 --- a/kubernetes/oof/components/oof-has/resources/config/conductor.conf +++ b/kubernetes/oof/components/oof-has/resources/config/conductor.conf @@ -638,94 +638,3 @@ concurrent = true # Extensions list to use (list value) #extensions = multicloud - - -[sdc] - -# -# From conductor -# - -# Data Store table prefix. (string value) -#table_prefix = sdc - -# Base URL for SDC, up to and not including the version, and without a -# trailing slash. (string value) -#server_url = https://controller:8443/sdc -server_url = https://{{.Values.config.sdc.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.sdc.port}}/sdc - -# Timeout for SDC Rest Call (string value) -#sdc_rest_timeout = 30 - -# Number of retry for SDC Rest Call (string value) -#sdc_retries = 3 - -# The version of A&AI in v# format. (string value) -server_url_version = v1 - -# SSL/TLS certificate file in pem format. This certificate must be registered -# with the SDC endpoint. (string value) -#certificate_file = certificate.pem -certificate_file = - -# Private Certificate Key file in pem format. (string value) -#certificate_key_file = certificate_key.pem -certificate_key_file = - -# Certificate Authority Bundle file in pem format. Must contain the appropriate -# trust chain for the Certificate file. (string value) -#certificate_authority_bundle_file = certificate_authority_bundle.pem -certificate_authority_bundle_file = /usr/local/bin/AAF_RootCA.cer - -# Username for SDC. (string value) -#username = - -# Password for SDC. (string value) -#password = - -temp_path = "/tmp/nsttemplates" - - -[cps] - -# -# From conductor -# - -# Data Store table prefix. (string value) -#table_prefix = cps - -# Base URL for CPS, up to and not including the version, and without a -# trailing slash. (string value) -#yet to be finalized -#server_url = https://cps.api.simpledemo.onap.org:8443/cps -server_url=http://{{.Values.config.cps.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.cps.port}}/ - -# Timeout for CPS Rest Call (string value) -#cps_rest_timeout = 30 - -# Number of retry for CPS Rest Call (string value) -#cps_retries = 3 - - -# SSL/TLS certificate file in pem format. This certificate must be registered -# with the CPS endpoint. (string value) -#certificate_file = certificate.pem -certificate_file = - -# Private Certificate Key file in pem format. (string value) -#certificate_key_file = certificate_key.pem -certificate_key_file = - -# Certificate Authority Bundle file in pem format. Must contain the appropriate -# trust chain for the Certificate file. (string value) -#certificate_authority_bundle_file = certificate_authority_bundle.pem -certificate_authority_bundle_file = /usr/local/bin/AAF_RootCA.cer - -# Username for CPS. (string value) -#username = - -# Password for CPS. (string value) -#password = - -get_ta_list_url = "/api/v1/execute/ran-coverage-area/get_ta_list" diff --git a/kubernetes/oof/components/oof-has/values.yaml b/kubernetes/oof/components/oof-has/values.yaml index 2891f806c3..1389044870 100755 --- a/kubernetes/oof/components/oof-has/values.yaml +++ b/kubernetes/oof/components/oof-has/values.yaml @@ -19,7 +19,7 @@ global: commonConfigPrefix: onap-oof-has image: - optf_has: onap/optf-has:2.1.3 + optf_has: onap/optf-has:2.1.2 persistence: enabled: true @@ -52,12 +52,6 @@ config: sms: serviceName: aaf-sms port: 10443 - sdc: - serviceName: sdc-be - port: 8443 - cps: - service: cps-tbdmt - port: 8080 # Resource Limit flavor -By Default using small flavor: small # Segregation for Different environment (Small and Large) diff --git a/kubernetes/oof/resources/config/conf/common_config.yaml b/kubernetes/oof/resources/config/conf/common_config.yaml index 78afa5e5f8..1109ab8167 100644 --- a/kubernetes/oof/resources/config/conf/common_config.yaml +++ b/kubernetes/oof/resources/config/conf/common_config.yaml @@ -12,7 +12,6 @@ osdf_temp: # special configuration required for "workarounds" or testing global_disabled: True local_placement_policies_enabled: True local_slice_selection_policies_enabled: True - local_nst_selection_policies_enabled: True placement_policy_dir_vcpe: "./test/policy-local-files/" placement_policy_files_vcpe: # workaroud for policy platform glitches (or "work-arounds" for other components) - Affinity_vCPE_1.json @@ -46,12 +45,6 @@ osdf_temp: # special configuration required for "workarounds" or testing - query_policy_nsi.json - threshold_policy_nsi.json - vnf_policy_nsi_shared_case.json - nst_selection_policy_dir_nst: "./test/policy-local-files/nst-selection-files/" - nst_selection_policy_files_nst: - - query_policy_nst.json - - attribute_policy_nst.json - - vnf_policy_nst.json - - optimization_policy_nst.json service_info: vCPE: @@ -102,17 +95,6 @@ policy_info: resources: - get_param: service_name - nst_selection: - policy_fetch: by_scope - policy_scope: - - - scope: - - OSDF_GUILIN - services: - - nst - resources: - - nst - subnet_selection: policy_fetch: by_scope policy_scope: diff --git a/kubernetes/oof/resources/config/conf/osdf_config.yaml b/kubernetes/oof/resources/config/conf/osdf_config.yaml index 6df3ed948b..97d037a8f8 100755 --- a/kubernetes/oof/resources/config/conf/osdf_config.yaml +++ b/kubernetes/oof/resources/config/conf/osdf_config.yaml @@ -67,6 +67,3 @@ desPassword: {{ .Values.config.desPassword }} #key appkey: '' - -activateConsulConfig: False - diff --git a/kubernetes/oof/values.yaml b/kubernetes/oof/values.yaml index 87e6536c35..9f74986174 100644 --- a/kubernetes/oof/values.yaml +++ b/kubernetes/oof/values.yaml @@ -35,7 +35,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/optf-osdf:3.0.3 +image: onap/optf-osdf:3.0.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml index 586f468334..10c2a054e7 100755 --- a/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml @@ -71,7 +71,7 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["sh","-c"] args: ["if [ -f {{ .Values.certInitializer.credsPath }}/.ci ]; then \ - . {{ .Values.certInitializer.credsPath }}/.ci; fi;\ + source {{ .Values.certInitializer.credsPath }}/.ci; fi;\ /opt/app/policy/apex-pdp/bin/apexOnapPf.sh -c /home/apexuser/config/OnapPfConfig.json"] ports: - containerPort: {{ .Values.service.externalPort }} diff --git a/kubernetes/policy/components/policy-apex-pdp/values.yaml b/kubernetes/policy/components/policy-apex-pdp/values.yaml index fb4742e9e4..6b13133815 100755 --- a/kubernetes/policy/components/policy-apex-pdp/values.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/values.yaml @@ -1,6 +1,6 @@ # ============LICENSE_START======================================================= # Copyright (C) 2018 Ericsson. All rights reserved. -# Modifications Copyright (C) 2019-2021 AT&T Intellectual Property. +# Modifications Copyright (C) 2019-2020 AT&T Intellectual Property. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -49,7 +49,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/policy-apex-pdp:2.5.0 +image: onap/policy-apex-pdp:2.4.4 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-api/values.yaml b/kubernetes/policy/components/policy-api/values.yaml index 9d3ea8c4b5..3657bc1f53 100755 --- a/kubernetes/policy/components/policy-api/values.yaml +++ b/kubernetes/policy/components/policy-api/values.yaml @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2019-2021 AT&T Intellectual Property. All rights reserved. +# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -81,7 +81,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/policy-api:2.4.0 +image: onap/policy-api:2.3.3 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-clamp-be/values.yaml b/kubernetes/policy/components/policy-clamp-be/values.yaml index cd78850150..1446ac42b6 100644 --- a/kubernetes/policy/components/policy-clamp-be/values.yaml +++ b/kubernetes/policy/components/policy-clamp-be/values.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018-2021 AT&T +# Modifications Copyright © 2018-2019 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -63,7 +63,7 @@ secrets: flavor: small # application image -image: onap/policy-clamp-backend:6.0.1 +image: onap/policy-clamp-backend:6.0.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-clamp-fe/values.yaml b/kubernetes/policy/components/policy-clamp-fe/values.yaml index 15b69ef93d..91a096d1b2 100644 --- a/kubernetes/policy/components/policy-clamp-fe/values.yaml +++ b/kubernetes/policy/components/policy-clamp-fe/values.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018-2021 AT&T +# Modifications Copyright © 2018-2019 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -62,7 +62,7 @@ subChartsOnly: flavor: small # application image -image: onap/policy-clamp-frontend:6.0.1 +image: onap/policy-clamp-frontend:6.0.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-distribution/values.yaml b/kubernetes/policy/components/policy-distribution/values.yaml index 752b83cf00..a099bb6bf0 100755 --- a/kubernetes/policy/components/policy-distribution/values.yaml +++ b/kubernetes/policy/components/policy-distribution/values.yaml @@ -1,6 +1,6 @@ # ============LICENSE_START======================================================= # Copyright (C) 2018 Ericsson. All rights reserved. -# Modifications Copyright (C) 2019-2021 AT&T Intellectual Property. +# Modifications Copyright (C) 2019-2020 AT&T Intellectual Property. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -67,7 +67,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/policy-distribution:2.5.0 +image: onap/policy-distribution:2.4.3 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-drools-pdp/values.yaml b/kubernetes/policy/components/policy-drools-pdp/values.yaml index 459767e13f..c44691e275 100755 --- a/kubernetes/policy/components/policy-drools-pdp/values.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/values.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018-2021 AT&T Intellectual Property +# Modifications Copyright © 2018-2020 AT&T Intellectual Property # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -34,7 +34,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/policy-pdpd-cl:1.8.0 +image: onap/policy-pdpd-cl:1.7.5 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-pap/values.yaml b/kubernetes/policy/components/policy-pap/values.yaml index 42f0e13b71..0ab62ffa66 100755 --- a/kubernetes/policy/components/policy-pap/values.yaml +++ b/kubernetes/policy/components/policy-pap/values.yaml @@ -1,6 +1,6 @@ # ============LICENSE_START======================================================= # Copyright (C) 2019 Nordix Foundation. -# Modifications Copyright (C) 2019-2021 AT&T Intellectual Property. +# Modifications Copyright (C) 2019-2020 AT&T Intellectual Property. # Modifications Copyright (C) 2020 Bell Canada. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); @@ -95,7 +95,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/policy-pap:2.4.0 +image: onap/policy-pap:2.3.3 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json b/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json index a626a046a5..8ad9fcc3c0 100755 --- a/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json +++ b/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json @@ -1,6 +1,6 @@ {{/* # ============LICENSE_START======================================================= -# Copyright (C) 2019-2021 AT&T Intellectual Property. All rights reserved. +# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -20,7 +20,6 @@ { "name": "XacmlPdpParameters", "pdpGroup": "defaultGroup", - "pdpType": "xacml", "restServerParameters": { "host": "0.0.0.0", "port": 6969, diff --git a/kubernetes/policy/components/policy-xacml-pdp/values.yaml b/kubernetes/policy/components/policy-xacml-pdp/values.yaml index 41bec0ba74..acc1d55002 100755 --- a/kubernetes/policy/components/policy-xacml-pdp/values.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/values.yaml @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2019-2021 AT&T Intellectual Property. All rights reserved. +# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -86,7 +86,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/policy-xacml-pdp:2.4.0 +image: onap/policy-xacml-pdp:2.3.3 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml b/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml index 59eace693a..20c396fa42 100644 --- a/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml +++ b/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml @@ -62,7 +62,6 @@ spec: nodetool status initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} - timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} successThreshold: {{ .Values.liveness.successThreshold }} failureThreshold: {{ .Values.liveness.failureThreshold }} {{ end }} @@ -75,7 +74,6 @@ spec: nodetool status | grep -E "^UN\\s+${POD_IP}" initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} - timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} successThreshold: {{ .Values.readiness.successThreshold }} failureThreshold: {{ .Values.readiness.failureThreshold }} lifecycle: diff --git a/kubernetes/portal/components/portal-cassandra/values.yaml b/kubernetes/portal/components/portal-cassandra/values.yaml index bed75e5051..b06761a870 100644 --- a/kubernetes/portal/components/portal-cassandra/values.yaml +++ b/kubernetes/portal/components/portal-cassandra/values.yaml @@ -53,18 +53,16 @@ affinity: {} # probe configuration parameters liveness: initialDelaySeconds: 10 - periodSeconds: 20 - timeoutSeconds: 10 - successThreshold: 1 - failureThreshold: 3 + periodSeconds: 10 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: true + successThreshold: 1 + failureThreshold: 3 readiness: initialDelaySeconds: 10 - periodSeconds: 20 - timeoutSeconds: 10 + periodSeconds: 10 successThreshold: 1 failureThreshold: 3 diff --git a/kubernetes/robot/resources/config/eteshare/config/robot_properties.py b/kubernetes/robot/resources/config/eteshare/config/robot_properties.py index 807f070aa0..50117bd359 100644 --- a/kubernetes/robot/resources/config/eteshare/config/robot_properties.py +++ b/kubernetes/robot/resources/config/eteshare/config/robot_properties.py @@ -223,22 +223,6 @@ GLOBAL_INVENTORY_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "h GLOBAL_DEPLOYMENT_HANDLER_SERVER_NAME = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "deployment-handler") }}' GLOBAL_DEPLOYMENT_HANDLER_SERVER_PROTOCOL = "https" GLOBAL_DEPLOYMENT_HANDLER_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "deployment-handler" "port" 8443) }}' -# dcae mod info -GLOBAL_DCAEMOD_ONBOARDING_API_SERVER_PROTOCOL = "http" -GLOBAL_DCAEMOD_ONBOARDING_API_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dcaemod-onboarding-api" "port" 8080) }}' -GLOBAL_DCAEMOD_ONBOARDING_API_SERVER_NAME = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dcaemod-onboarding-api") }}' -GLOBAL_DCAEMOD_RUNTIME_API_SERVER_PROTOCOL = "http" -GLOBAL_DCAEMOD_RUNTIME_API_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dcaemod-runtime-api" "port" 9090) }}' -GLOBAL_DCAEMOD_RUNTIME_API_SERVER_NAME = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dcaemod-runtime-api") }}' -GLOBAL_DCAEMOD_DISTRIBUTOR_API_SERVER_PROTOCOL = "http" -GLOBAL_DCAEMOD_DISTRIBUTOR_API_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dcaemod-distributor-api" "port" 8080) }}' -GLOBAL_DCAEMOD_DISTRIBUTOR_API_SERVER_NAME = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dcaemod-distributor-api") }}' -GLOBAL_DCAEMOD_DESIGNTOOL_SERVER_PROTOCOL = "http" -GLOBAL_DCAEMOD_DESIGNTOOL_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dcaemod-designtool" "port" 8080) }}' -GLOBAL_DCAEMOD_DESIGNTOOL_SERVER_NAME = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dcaemod-designtool") }}' -GLOBAL_DCAEMOD_NIFI_REGISTRY_PROTOCOL = "http" -GLOBAL_DCAEMOD_NIFI_REGISTRY_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dcaemod-nifi-registry" "port" 18080) }}' -GLOBAL_DCAEMOD_NIFI_REGISTRY_NAME = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dcaemod-nifi-registry") }}' # SO containers - everything is from the private oam network (also called onap private network) GLOBAL_SO_APIHAND_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "so" "port" 8080) }}' GLOBAL_SO_SDCHAND_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "so-sdc-controller" "port" 8085) }}' diff --git a/kubernetes/robot/values.yaml b/kubernetes/robot/values.yaml index f8120973e2..bbc4a952de 100644 --- a/kubernetes/robot/values.yaml +++ b/kubernetes/robot/values.yaml @@ -22,7 +22,7 @@ global: # global defaults # application image repository: nexus3.onap.org:10001 -image: onap/testsuite:1.7.3 +image: onap/testsuite:1.7.2 pullPolicy: Always ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 diff --git a/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.monitor b/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.monitor index 678b48cb84..7eac9a3fd5 100755 --- a/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.monitor +++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.monitor @@ -1,6 +1,5 @@ -#!/usr/bin/env python3 +#!/usr/bin/env python2 {{/* - # encoding: utf-8 # Copyright © 2018 Amdocs diff --git a/kubernetes/sdnc/templates/statefulset.yaml b/kubernetes/sdnc/templates/statefulset.yaml index 96fa3378fb..7441dacd23 100644 --- a/kubernetes/sdnc/templates/statefulset.yaml +++ b/kubernetes/sdnc/templates/statefulset.yaml @@ -128,13 +128,6 @@ spec: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - {{- if and .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration }} - {{- $linkCommand := include "common.certManager.linkVolumeMounts" . }} - lifecycle: - postStart: - exec: - command: ["sh", "-c", {{$linkCommand | quote}} ] - {{- end }} command: ["/bin/bash"] args: ["-c", "/opt/onap/sdnc/bin/createLinks.sh ; /opt/onap/sdnc/bin/startODL.sh"] ports: @@ -204,11 +197,7 @@ spec: {{- if .Values.config.sdnr.sdnrdbTrustAllCerts }} - name: SDNRDBTRUSTALLCERTS value: "true" - {{- end }} - {{- if .Values.global.cmpv2Enabled }} - - name: ODL_CERT_DIR - value: {{ (mustFirst (.Values.certificates)).mountPath }} - {{- end }} + {{ end }} volumeMounts: {{ include "common.certInitializer.volumeMount" . | indent 10 }} diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml index 802722f400..5a4d204c58 100644 --- a/kubernetes/sdnc/values.yaml +++ b/kubernetes/sdnc/values.yaml @@ -386,7 +386,7 @@ elasticsearch: # handles master and data node functionality dedicatednode: "no" nameOverride: *elasticSearchName - cluster_name: sdnrdb-cluster + cluster_name: *elasticSearchName # enable sdnc-web: enabled: true diff --git a/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/01-create-camundabpmn.sh b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/01-create-camundabpmn.sh index fc5f905df7..72963d9efc 100755 --- a/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/01-create-camundabpmn.sh +++ b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/01-create-camundabpmn.sh @@ -36,7 +36,7 @@ EOF cd /docker-entrypoint-initdb.d/db-sql-scripts -mysql -uroot -p$MYSQL_ROOT_PASSWORD -f < mariadb_engine_7.14.0.sql || exit 1 -mysql -uroot -p$MYSQL_ROOT_PASSWORD -f < mariadb_identity_7.14.0.sql || exit 1 +mysql -uroot -p$MYSQL_ROOT_PASSWORD -f < mariadb_engine_7.10.0.sql || exit 1 +mysql -uroot -p$MYSQL_ROOT_PASSWORD -f < mariadb_identity_7.10.0.sql || exit 1 echo "Created camundabpmn database . . ." 1>>/tmp/mariadb-camundabpmn.log 2>&1 diff --git a/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/db-sql-scripts/mariadb_engine_7.14.0.sql b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/db-sql-scripts/mariadb_engine_7.10.0.sql similarity index 89% rename from kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/db-sql-scripts/mariadb_engine_7.14.0.sql rename to kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/db-sql-scripts/mariadb_engine_7.10.0.sql index e0ae386119..41377fb9eb 100644 --- a/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/db-sql-scripts/mariadb_engine_7.14.0.sql +++ b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/db-sql-scripts/mariadb_engine_7.10.0.sql @@ -1,9 +1,8 @@ -- --- Copyright Camunda Services GmbH and/or licensed to Camunda Services GmbH --- under one or more contributor license agreements. See the NOTICE file --- distributed with this work for additional information regarding copyright --- ownership. Camunda licenses this file to you under the Apache License, --- Version 2.0; you may not use this file except in compliance with the License. +-- Copyright © 2012 - 2018 camunda services GmbH and various authors (info@camunda.com) +-- +-- Licensed under the Apache License, Version 2.0 (the "License"); +-- you may not use this file except in compliance with the License. -- You may obtain a copy of the License at -- -- http://www.apache.org/licenses/LICENSE-2.0 @@ -42,12 +41,6 @@ values ('history.cleanup.job.lock', '0', 1); insert into ACT_GE_PROPERTY values ('startup.lock', '0', 1); -insert into ACT_GE_PROPERTY -values ('telemetry.lock', '0', 1); - -insert into ACT_GE_PROPERTY -values ('installationId.lock', '0', 1); - create table ACT_GE_BYTEARRAY ( ID_ varchar(64), REV_ integer, @@ -63,20 +56,10 @@ create table ACT_GE_BYTEARRAY ( primary key (ID_) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; -create table ACT_GE_SCHEMA_LOG ( - ID_ varchar(64), - TIMESTAMP_ datetime(3), - VERSION_ varchar(255), - primary key (ID_) -) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; - -insert into ACT_GE_SCHEMA_LOG -values ('0', CURRENT_TIMESTAMP, '7.14.0'); - create table ACT_RE_DEPLOYMENT ( ID_ varchar(64), NAME_ varchar(255), - DEPLOY_TIME_ datetime(3), + DEPLOY_TIME_ timestamp(3), SOURCE_ varchar(255), TENANT_ID_ varchar(64), primary key (ID_) @@ -110,7 +93,7 @@ create table ACT_RU_JOB ( ID_ varchar(64) NOT NULL, REV_ integer, TYPE_ varchar(255) NOT NULL, - LOCK_EXP_TIME_ datetime(3) NULL, + LOCK_EXP_TIME_ timestamp(3) NULL, LOCK_OWNER_ varchar(255), EXCLUSIVE_ boolean, EXECUTION_ID_ varchar(64), @@ -120,10 +103,8 @@ create table ACT_RU_JOB ( RETRIES_ integer, EXCEPTION_STACK_ID_ varchar(64), EXCEPTION_MSG_ varchar(4000), - FAILED_ACT_ID_ varchar(255), - DUEDATE_ datetime(3) NULL, + DUEDATE_ timestamp(3) NULL, REPEAT_ varchar(255), - REPEAT_OFFSET_ bigint DEFAULT 0, HANDLER_TYPE_ varchar(255), HANDLER_CFG_ varchar(4000), DEPLOYMENT_ID_ varchar(64), @@ -147,7 +128,6 @@ create table ACT_RU_JOBDEF ( SUSPENSION_STATE_ integer, JOB_PRIORITY_ bigint, TENANT_ID_ varchar(64), - DEPLOYMENT_ID_ varchar(64), primary key (ID_) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; @@ -187,7 +167,7 @@ create table ACT_RU_TASK ( ASSIGNEE_ varchar(255), DELEGATION_ varchar(64), PRIORITY_ integer, - CREATE_TIME_ datetime(3), + CREATE_TIME_ timestamp(3), DUE_DATE_ datetime(3), FOLLOW_UP_DATE_ datetime(3), SUSPENSION_STATE_ integer, @@ -214,16 +194,14 @@ create table ACT_RU_VARIABLE ( NAME_ varchar(255) not null, EXECUTION_ID_ varchar(64), PROC_INST_ID_ varchar(64), - PROC_DEF_ID_ varchar(64), CASE_EXECUTION_ID_ varchar(64), CASE_INST_ID_ varchar(64), TASK_ID_ varchar(64), - BATCH_ID_ varchar(64), BYTEARRAY_ID_ varchar(64), DOUBLE_ double, LONG_ bigint, - TEXT_ varchar(4000), - TEXT2_ varchar(4000), + TEXT_ LONGBLOB, + TEXT2_ LONGBLOB, VAR_SCOPE_ varchar(64) not null, SEQUENCE_COUNTER_ bigint, IS_CONCURRENT_LOCAL_ TINYINT, @@ -240,7 +218,7 @@ create table ACT_RU_EVENT_SUBSCR ( PROC_INST_ID_ varchar(64), ACTIVITY_ID_ varchar(255), CONFIGURATION_ varchar(255), - CREATED_ datetime(3) not null, + CREATED_ timestamp(3) not null, TENANT_ID_ varchar(64), primary key (ID_) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; @@ -248,12 +226,11 @@ create table ACT_RU_EVENT_SUBSCR ( create table ACT_RU_INCIDENT ( ID_ varchar(64) not null, REV_ integer not null, - INCIDENT_TIMESTAMP_ datetime(3) not null, + INCIDENT_TIMESTAMP_ timestamp(3) not null, INCIDENT_MSG_ varchar(4000), INCIDENT_TYPE_ varchar(255) not null, EXECUTION_ID_ varchar(64), ACTIVITY_ID_ varchar(255), - FAILED_ACTIVITY_ID_ varchar(255), PROC_INST_ID_ varchar(64), PROC_DEF_ID_ varchar(64), CAUSE_INCIDENT_ID_ varchar(64), @@ -273,8 +250,6 @@ create table ACT_RU_AUTHORIZATION ( RESOURCE_TYPE_ integer not null, RESOURCE_ID_ varchar(255), PERMS_ integer, - REMOVAL_TIME_ datetime(3), - ROOT_PROC_INST_ID_ varchar(64), primary key (ID_) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; @@ -294,7 +269,7 @@ create table ACT_RU_METER_LOG ( NAME_ varchar(64) not null, REPORTER_ varchar(255), VALUE_ bigint, - TIMESTAMP_ datetime(3), + TIMESTAMP_ timestamp(3), MILLISECONDS_ bigint DEFAULT 0, primary key (ID_) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; @@ -307,7 +282,7 @@ create table ACT_RU_EXT_TASK ( RETRIES_ integer, ERROR_MSG_ varchar(4000), ERROR_DETAILS_ID_ varchar(64), - LOCK_EXP_TIME_ datetime(3) NULL, + LOCK_EXP_TIME_ timestamp(3) NULL, SUSPENSION_STATE_ integer, EXECUTION_ID_ varchar(64), PROC_INST_ID_ varchar(64), @@ -343,17 +318,13 @@ create index ACT_IDX_EXEC_BUSKEY on ACT_RU_EXECUTION(BUSINESS_KEY_); create index ACT_IDX_EXEC_TENANT_ID on ACT_RU_EXECUTION(TENANT_ID_); create index ACT_IDX_TASK_CREATE on ACT_RU_TASK(CREATE_TIME_); create index ACT_IDX_TASK_ASSIGNEE on ACT_RU_TASK(ASSIGNEE_); -create index ACT_IDX_TASK_OWNER on ACT_RU_TASK(OWNER_); create index ACT_IDX_TASK_TENANT_ID on ACT_RU_TASK(TENANT_ID_); create index ACT_IDX_IDENT_LNK_USER on ACT_RU_IDENTITYLINK(USER_ID_); create index ACT_IDX_IDENT_LNK_GROUP on ACT_RU_IDENTITYLINK(GROUP_ID_); create index ACT_IDX_EVENT_SUBSCR_CONFIG_ on ACT_RU_EVENT_SUBSCR(CONFIGURATION_); create index ACT_IDX_EVENT_SUBSCR_TENANT_ID on ACT_RU_EVENT_SUBSCR(TENANT_ID_); - create index ACT_IDX_VARIABLE_TASK_ID on ACT_RU_VARIABLE(TASK_ID_); create index ACT_IDX_VARIABLE_TENANT_ID on ACT_RU_VARIABLE(TENANT_ID_); -create index ACT_IDX_VARIABLE_TASK_NAME_TYPE on ACT_RU_VARIABLE(TASK_ID_, NAME_, TYPE_); - create index ACT_IDX_ATHRZ_PROCEDEF on ACT_RU_IDENTITYLINK(PROC_DEF_ID_); create index ACT_IDX_INC_CONFIGURATION on ACT_RU_INCIDENT(CONFIGURATION_); create index ACT_IDX_INC_TENANT_ID on ACT_RU_INCIDENT(TENANT_ID_); @@ -527,12 +498,6 @@ alter table ACT_RU_BATCH foreign key (BATCH_JOB_DEF_ID_) references ACT_RU_JOBDEF (ID_); -create index ACT_IDX_BATCH_ID ON ACT_RU_VARIABLE(BATCH_ID_); -alter table ACT_RU_VARIABLE - add constraint ACT_FK_VAR_BATCH - foreign key (BATCH_ID_) - references ACT_RU_BATCH (ID_); - -- indexes for deadlock problems - https://app.camunda.com/jira/browse/CAM-2567 -- create index ACT_IDX_INC_CAUSEINCID on ACT_RU_INCIDENT(CAUSE_INCIDENT_ID_); create index ACT_IDX_INC_EXID on ACT_RU_INCIDENT(EXECUTION_ID_); @@ -556,16 +521,11 @@ create index ACT_IDX_EVENT_SUBSCR_EVT_NAME ON ACT_RU_EVENT_SUBSCR(EVENT_NAME_); create index ACT_IDX_PROCDEF_DEPLOYMENT_ID ON ACT_RE_PROCDEF(DEPLOYMENT_ID_); create index ACT_IDX_PROCDEF_TENANT_ID ON ACT_RE_PROCDEF(TENANT_ID_); create index ACT_IDX_PROCDEF_VER_TAG ON ACT_RE_PROCDEF(VERSION_TAG_); - --- indices for history cleanup: https://jira.camunda.com/browse/CAM-11616 -create index ACT_IDX_AUTH_ROOT_PI on ACT_RU_AUTHORIZATION(ROOT_PROC_INST_ID_); -create index ACT_IDX_AUTH_RM_TIME on ACT_RU_AUTHORIZATION(REMOVAL_TIME_); -- --- Copyright Camunda Services GmbH and/or licensed to Camunda Services GmbH --- under one or more contributor license agreements. See the NOTICE file --- distributed with this work for additional information regarding copyright --- ownership. Camunda licenses this file to you under the Apache License, --- Version 2.0; you may not use this file except in compliance with the License. +-- Copyright © 2012 - 2018 camunda services GmbH and various authors (info@camunda.com) +-- +-- Licensed under the Apache License, Version 2.0 (the "License"); +-- you may not use this file except in compliance with the License. -- You may obtain a copy of the License at -- -- http://www.apache.org/licenses/LICENSE-2.0 @@ -688,11 +648,10 @@ alter table ACT_RU_CASE_SENTRY_PART create index ACT_IDX_CASE_DEF_TENANT_ID on ACT_RE_CASE_DEF(TENANT_ID_); create index ACT_IDX_CASE_EXEC_TENANT_ID on ACT_RU_CASE_EXECUTION(TENANT_ID_); -- --- Copyright Camunda Services GmbH and/or licensed to Camunda Services GmbH --- under one or more contributor license agreements. See the NOTICE file --- distributed with this work for additional information regarding copyright --- ownership. Camunda licenses this file to you under the Apache License, --- Version 2.0; you may not use this file except in compliance with the License. +-- Copyright © 2012 - 2018 camunda services GmbH and various authors (info@camunda.com) +-- +-- Licensed under the Apache License, Version 2.0 (the "License"); +-- you may not use this file except in compliance with the License. -- You may obtain a copy of the License at -- -- http://www.apache.org/licenses/LICENSE-2.0 @@ -747,11 +706,10 @@ create index ACT_IDX_DEC_DEF_TENANT_ID on ACT_RE_DECISION_DEF(TENANT_ID_); create index ACT_IDX_DEC_DEF_REQ_ID on ACT_RE_DECISION_DEF(DEC_REQ_ID_); create index ACT_IDX_DEC_REQ_DEF_TENANT_ID on ACT_RE_DECISION_REQ_DEF(TENANT_ID_); -- --- Copyright Camunda Services GmbH and/or licensed to Camunda Services GmbH --- under one or more contributor license agreements. See the NOTICE file --- distributed with this work for additional information regarding copyright --- ownership. Camunda licenses this file to you under the Apache License, --- Version 2.0; you may not use this file except in compliance with the License. +-- Copyright © 2012 - 2018 camunda services GmbH and various authors (info@camunda.com) +-- +-- Licensed under the Apache License, Version 2.0 (the "License"); +-- you may not use this file except in compliance with the License. -- You may obtain a copy of the License at -- -- http://www.apache.org/licenses/LICENSE-2.0 @@ -801,7 +759,7 @@ create table ACT_HI_ACTINST ( CALL_CASE_INST_ID_ varchar(64), ACT_NAME_ varchar(255), ACT_TYPE_ varchar(255) not null, - ASSIGNEE_ varchar(255), + ASSIGNEE_ varchar(64), START_TIME_ datetime(3) not null, END_TIME_ datetime(3), DURATION_ bigint, @@ -862,8 +820,8 @@ create table ACT_HI_VARINST ( BYTEARRAY_ID_ varchar(64), DOUBLE_ double, LONG_ bigint, - TEXT_ varchar(4000), - TEXT2_ varchar(4000), + TEXT_ LONGBLOB, + TEXT2_ LONGBLOB, TENANT_ID_ varchar(64), STATE_ varchar(20), REMOVAL_TIME_ datetime(3), @@ -892,13 +850,12 @@ create table ACT_HI_DETAIL ( BYTEARRAY_ID_ varchar(64), DOUBLE_ double, LONG_ bigint, - TEXT_ varchar(4000), - TEXT2_ varchar(4000), + TEXT_ LONGBLOB, + TEXT2_ LONGBLOB, SEQUENCE_COUNTER_ bigint, TENANT_ID_ varchar(64), OPERATION_ID_ varchar(64), REMOVAL_TIME_ datetime(3), - INITIAL_ boolean, primary key (ID_) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; @@ -978,9 +935,6 @@ create table ACT_HI_OP_LOG ( NEW_VALUE_ varchar(4000), TENANT_ID_ varchar(64), REMOVAL_TIME_ datetime(3), - CATEGORY_ varchar(64), - EXTERNAL_TASK_ID_ varchar(64), - ANNOTATION_ varchar(4000), primary key (ID_) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; @@ -996,11 +950,9 @@ create table ACT_HI_INCIDENT ( INCIDENT_MSG_ varchar(4000), INCIDENT_TYPE_ varchar(255) not null, ACTIVITY_ID_ varchar(255), - FAILED_ACTIVITY_ID_ varchar(255), CAUSE_INCIDENT_ID_ varchar(64), ROOT_CAUSE_INCIDENT_ID_ varchar(64), CONFIGURATION_ varchar(255), - HISTORY_CONFIGURATION_ varchar(255), INCIDENT_STATE_ integer, TENANT_ID_ varchar(64), JOB_DEF_ID_ varchar(64), @@ -1010,9 +962,9 @@ create table ACT_HI_INCIDENT ( create table ACT_HI_JOB_LOG ( ID_ varchar(64) not null, - TIMESTAMP_ datetime(3) not null, + TIMESTAMP_ timestamp(3) not null, JOB_ID_ varchar(64) not null, - JOB_DUEDATE_ datetime(3) NULL, + JOB_DUEDATE_ timestamp(3) NULL, JOB_RETRIES_ integer, JOB_PRIORITY_ bigint NOT NULL DEFAULT 0, JOB_EXCEPTION_MSG_ varchar(4000), @@ -1022,7 +974,6 @@ create table ACT_HI_JOB_LOG ( JOB_DEF_TYPE_ varchar(255), JOB_DEF_CONFIGURATION_ varchar(255), ACT_ID_ varchar(255), - FAILED_ACT_ID_ varchar(255), ROOT_PROC_INST_ID_ varchar(64), EXECUTION_ID_ varchar(64), PROCESS_INSTANCE_ID_ varchar(64), @@ -1031,7 +982,6 @@ create table ACT_HI_JOB_LOG ( DEPLOYMENT_ID_ varchar(64), SEQUENCE_COUNTER_ bigint, TENANT_ID_ varchar(64), - HOSTNAME_ varchar(255), REMOVAL_TIME_ datetime(3), primary key (ID_) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; @@ -1086,7 +1036,7 @@ create index ACT_IDX_HI_PRO_INST_ROOT_PI on ACT_HI_PROCINST(ROOT_PROC_INST_ID_); create index ACT_IDX_HI_PRO_INST_RM_TIME on ACT_HI_PROCINST(REMOVAL_TIME_); create index ACT_IDX_HI_ACTINST_ROOT_PI on ACT_HI_ACTINST(ROOT_PROC_INST_ID_); -create index ACT_IDX_HI_ACT_INST_START_END on ACT_HI_ACTINST(START_TIME_, END_TIME_); +create index ACT_IDX_HI_ACT_INST_START on ACT_HI_ACTINST(START_TIME_); create index ACT_IDX_HI_ACT_INST_END on ACT_HI_ACTINST(END_TIME_); create index ACT_IDX_HI_ACT_INST_PROCINST on ACT_HI_ACTINST(PROC_INST_ID_, ACT_ID_); create index ACT_IDX_HI_ACT_INST_COMP on ACT_HI_ACTINST(EXECUTION_ID_, ACT_ID_, END_TIME_, ID_); @@ -1118,7 +1068,6 @@ create index ACT_IDX_HI_DETAIL_PROC_DEF_KEY on ACT_HI_DETAIL(PROC_DEF_KEY_); create index ACT_IDX_HI_DETAIL_BYTEAR on ACT_HI_DETAIL(BYTEARRAY_ID_); create index ACT_IDX_HI_DETAIL_RM_TIME on ACT_HI_DETAIL(REMOVAL_TIME_); create index ACT_IDX_HI_DETAIL_TASK_BYTEAR on ACT_HI_DETAIL(BYTEARRAY_ID_, TASK_ID_); -create index ACT_IDX_HI_DETAIL_VAR_INST_ID on ACT_HI_DETAIL(VAR_INST_ID_); create index ACT_IDX_HI_IDENT_LNK_ROOT_PI on ACT_HI_IDENTITYLINK(ROOT_PROC_INST_ID_); create index ACT_IDX_HI_IDENT_LNK_USER on ACT_HI_IDENTITYLINK(USER_ID_); @@ -1127,7 +1076,6 @@ create index ACT_IDX_HI_IDENT_LNK_TENANT_ID on ACT_HI_IDENTITYLINK(TENANT_ID_); create index ACT_IDX_HI_IDENT_LNK_PROC_DEF_KEY on ACT_HI_IDENTITYLINK(PROC_DEF_KEY_); create index ACT_IDX_HI_IDENT_LINK_TASK on ACT_HI_IDENTITYLINK(TASK_ID_); create index ACT_IDX_HI_IDENT_LINK_RM_TIME on ACT_HI_IDENTITYLINK(REMOVAL_TIME_); -create index ACT_IDX_HI_IDENT_LNK_TIMESTAMP on ACT_HI_IDENTITYLINK(TIMESTAMP_); create index ACT_IDX_HI_VARINST_ROOT_PI on ACT_HI_VARINST(ROOT_PROC_INST_ID_); create index ACT_IDX_HI_PROCVAR_PROC_INST on ACT_HI_VARINST(PROC_INST_ID_); @@ -1137,15 +1085,12 @@ create index ACT_IDX_HI_VAR_INST_TENANT_ID on ACT_HI_VARINST(TENANT_ID_); create index ACT_IDX_HI_VAR_INST_PROC_DEF_KEY on ACT_HI_VARINST(PROC_DEF_KEY_); create index ACT_IDX_HI_VARINST_BYTEAR on ACT_HI_VARINST(BYTEARRAY_ID_); create index ACT_IDX_HI_VARINST_RM_TIME on ACT_HI_VARINST(REMOVAL_TIME_); -create index ACT_IDX_HI_VAR_PI_NAME_TYPE on ACT_HI_VARINST(PROC_INST_ID_, NAME_, VAR_TYPE_); create index ACT_IDX_HI_INCIDENT_TENANT_ID on ACT_HI_INCIDENT(TENANT_ID_); create index ACT_IDX_HI_INCIDENT_PROC_DEF_KEY on ACT_HI_INCIDENT(PROC_DEF_KEY_); create index ACT_IDX_HI_INCIDENT_ROOT_PI on ACT_HI_INCIDENT(ROOT_PROC_INST_ID_); create index ACT_IDX_HI_INCIDENT_PROCINST on ACT_HI_INCIDENT(PROC_INST_ID_); create index ACT_IDX_HI_INCIDENT_RM_TIME on ACT_HI_INCIDENT(REMOVAL_TIME_); -create index ACT_IDX_HI_INCIDENT_CREATE_TIME on ACT_HI_INCIDENT(CREATE_TIME_); -create index ACT_IDX_HI_INCIDENT_END_TIME on ACT_HI_INCIDENT(END_TIME_); create index ACT_IDX_HI_JOB_LOG_ROOT_PI on ACT_HI_JOB_LOG(ROOT_PROC_INST_ID_); create index ACT_IDX_HI_JOB_LOG_PROCINST on ACT_HI_JOB_LOG(PROCESS_INSTANCE_ID_); @@ -1155,7 +1100,6 @@ create index ACT_IDX_HI_JOB_LOG_JOB_DEF_ID on ACT_HI_JOB_LOG(JOB_DEF_ID_); create index ACT_IDX_HI_JOB_LOG_PROC_DEF_KEY on ACT_HI_JOB_LOG(PROCESS_DEF_KEY_); create index ACT_IDX_HI_JOB_LOG_EX_STACK on ACT_HI_JOB_LOG(JOB_EXCEPTION_STACK_ID_); create index ACT_IDX_HI_JOB_LOG_RM_TIME on ACT_HI_JOB_LOG(REMOVAL_TIME_); -create index ACT_IDX_HI_JOB_LOG_JOB_CONF on ACT_HI_JOB_LOG(JOB_DEF_CONFIGURATION_); create index ACT_HI_BAT_RM_TIME on ACT_HI_BATCH(REMOVAL_TIME_); @@ -1173,9 +1117,6 @@ create index ACT_IDX_HI_OP_LOG_PROCDEF on ACT_HI_OP_LOG(PROC_DEF_ID_); create index ACT_IDX_HI_OP_LOG_TASK on ACT_HI_OP_LOG(TASK_ID_); create index ACT_IDX_HI_OP_LOG_RM_TIME on ACT_HI_OP_LOG(REMOVAL_TIME_); create index ACT_IDX_HI_OP_LOG_TIMESTAMP on ACT_HI_OP_LOG(TIMESTAMP_); -create index ACT_IDX_HI_OP_LOG_USER_ID on ACT_HI_OP_LOG(USER_ID_); -create index ACT_IDX_HI_OP_LOG_OP_TYPE on ACT_HI_OP_LOG(OPERATION_TYPE_); -create index ACT_IDX_HI_OP_LOG_ENTITY_TYPE on ACT_HI_OP_LOG(ENTITY_TYPE_); create index ACT_IDX_HI_COMMENT_TASK on ACT_HI_COMMENT(TASK_ID_); create index ACT_IDX_HI_COMMENT_ROOT_PI on ACT_HI_COMMENT(ROOT_PROC_INST_ID_); @@ -1188,11 +1129,10 @@ create index ACT_IDX_HI_ATTACHMENT_PROCINST on ACT_HI_ATTACHMENT(PROC_INST_ID_); create index ACT_IDX_HI_ATTACHMENT_TASK on ACT_HI_ATTACHMENT(TASK_ID_); create index ACT_IDX_HI_ATTACHMENT_RM_TIME on ACT_HI_ATTACHMENT(REMOVAL_TIME_); -- --- Copyright Camunda Services GmbH and/or licensed to Camunda Services GmbH --- under one or more contributor license agreements. See the NOTICE file --- distributed with this work for additional information regarding copyright --- ownership. Camunda licenses this file to you under the Apache License, --- Version 2.0; you may not use this file except in compliance with the License. +-- Copyright © 2012 - 2018 camunda services GmbH and various authors (info@camunda.com) +-- +-- Licensed under the Apache License, Version 2.0 (the "License"); +-- you may not use this file except in compliance with the License. -- You may obtain a copy of the License at -- -- http://www.apache.org/licenses/LICENSE-2.0 @@ -1250,11 +1190,10 @@ create index ACT_IDX_HI_CAS_A_I_COMP on ACT_HI_CASEACTINST(CASE_ACT_ID_, END_TIM create index ACT_IDX_HI_CAS_A_I_CASEINST on ACT_HI_CASEACTINST(CASE_INST_ID_, CASE_ACT_ID_); create index ACT_IDX_HI_CAS_A_I_TENANT_ID on ACT_HI_CASEACTINST(TENANT_ID_); -- --- Copyright Camunda Services GmbH and/or licensed to Camunda Services GmbH --- under one or more contributor license agreements. See the NOTICE file --- distributed with this work for additional information regarding copyright --- ownership. Camunda licenses this file to you under the Apache License, --- Version 2.0; you may not use this file except in compliance with the License. +-- Copyright © 2012 - 2018 camunda services GmbH and various authors (info@camunda.com) +-- +-- Licensed under the Apache License, Version 2.0 (the "License"); +-- you may not use this file except in compliance with the License. -- You may obtain a copy of the License at -- -- http://www.apache.org/licenses/LICENSE-2.0 @@ -1302,8 +1241,8 @@ create table ACT_HI_DEC_IN ( BYTEARRAY_ID_ varchar(64), DOUBLE_ double, LONG_ bigint, - TEXT_ varchar(4000), - TEXT2_ varchar(4000), + TEXT_ LONGBLOB, + TEXT2_ LONGBLOB, TENANT_ID_ varchar(64), CREATE_TIME_ datetime(3), ROOT_PROC_INST_ID_ varchar(64), @@ -1324,8 +1263,8 @@ create table ACT_HI_DEC_OUT ( BYTEARRAY_ID_ varchar(64), DOUBLE_ double, LONG_ bigint, - TEXT_ varchar(4000), - TEXT2_ varchar(4000), + TEXT_ LONGBLOB, + TEXT2_ LONGBLOB, TENANT_ID_ varchar(64), CREATE_TIME_ datetime(3), ROOT_PROC_INST_ID_ varchar(64), diff --git a/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/db-sql-scripts/mariadb_identity_7.14.0.sql b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/db-sql-scripts/mariadb_identity_7.10.0.sql similarity index 86% rename from kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/db-sql-scripts/mariadb_identity_7.14.0.sql rename to kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/db-sql-scripts/mariadb_identity_7.10.0.sql index 44bea24e2a..35cb979781 100644 --- a/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/db-sql-scripts/mariadb_identity_7.14.0.sql +++ b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/db-sql-scripts/mariadb_identity_7.10.0.sql @@ -1,9 +1,8 @@ -- --- Copyright Camunda Services GmbH and/or licensed to Camunda Services GmbH --- under one or more contributor license agreements. See the NOTICE file --- distributed with this work for additional information regarding copyright --- ownership. Camunda licenses this file to you under the Apache License, --- Version 2.0; you may not use this file except in compliance with the License. +-- Copyright © 2012 - 2018 camunda services GmbH and various authors (info@camunda.com) +-- +-- Licensed under the Apache License, Version 2.0 (the "License"); +-- you may not use this file except in compliance with the License. -- You may obtain a copy of the License at -- -- http://www.apache.org/licenses/LICENSE-2.0 @@ -39,7 +38,7 @@ create table ACT_ID_USER ( EMAIL_ varchar(255), PWD_ varchar(255), SALT_ varchar(255), - LOCK_EXP_TIME_ datetime(3) NULL, + LOCK_EXP_TIME_ timestamp(3) NULL, ATTEMPTS_ integer, PICTURE_ID_ varchar(64), primary key (ID_) diff --git a/kubernetes/vnfsdk/values.yaml b/kubernetes/vnfsdk/values.yaml index 28a2ac419e..55eea0fa60 100644 --- a/kubernetes/vnfsdk/values.yaml +++ b/kubernetes/vnfsdk/values.yaml @@ -37,7 +37,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/vnfsdk/refrepo:1.6.3 +image: onap/vnfsdk/refrepo:1.6.2 pullPolicy: Always # application configuration override for postgres @@ -96,8 +96,8 @@ liveness: enabled: true readiness: - initialDelaySeconds: 60 - periodSeconds: 30 + initialDelaySeconds: 10 + periodSeconds: 10 service: type: NodePort diff --git a/tox.ini b/tox.ini index fb6aca0cd9..7c7060f16d 100644 --- a/tox.ini +++ b/tox.ini @@ -43,14 +43,3 @@ deps = commands = gitlint -[testenv:autopep8] -deps = autopep8 -commands = - autopep8 --max-line-length 120 --in-place --recursive kubernetes/ TOSCA/ docs/ - -[testenv:pylint] -deps = pylint -whitelist_externals = find -commands = - find kubernetes/ TOSCA/ docs/ -name *.py -exec pylint --max-line-length=120 --disable=missing-docstring --method-rgx="(([a-z_][a-zA-Z0-9_]{2,})|(_[a-z0-9_]*)|(__[a-zA-Z][a-zA-Z0-9_]+__))$" --variable-rgx="[a-zA-Z_][a-zA-Z0-9_]{1,30}$" --reports=y --score=y --output-format=colorized \{\} + -