From e62958b4f1d99fbe1df7a32ff6c4be74e9c6c536 Mon Sep 17 00:00:00 2001 From: efiacor Date: Fri, 27 Sep 2019 16:54:36 +0100 Subject: [PATCH] AAF cert dist for DMaaP DR Change-Id: I0bca8c7a16f8b19a266d9961715b8a04971d7b73 Signed-off-by: efiacor Issue-ID: DMAAP-1269 --- .../dmaap-bc/resources/config/dmaapbc.properties | 2 +- .../components/dmaap-bc/templates/deployment.yaml | 14 ++-- .../resources/config/drNodeCadi.properties | 23 ------ .../dmaap-dr-node/resources/config/node.properties | 40 ++-------- .../components/dmaap-dr-node/templates/pv.yaml | 25 ++++++- .../dmaap-dr-node/templates/statefulset.yaml | 72 +++++++++++++++--- .../dmaap/components/dmaap-dr-node/values.yaml | 23 ++++-- .../resources/config/drProvCadi.properties | 23 ------ .../resources/config/provserver.properties | 11 +-- .../dmaap-dr-prov/templates/deployment.yaml | 87 ++++++++++++++++------ .../dmaap-dr-prov/templates/post-install-job.yaml | 2 - .../components/dmaap-dr-prov/templates/pv.yaml | 41 ++++++++++ .../components/dmaap-dr-prov/templates/pvc.yaml | 45 +++++++++++ .../dmaap-dr-prov/templates/service.yaml | 2 +- .../dmaap/components/dmaap-dr-prov/values.yaml | 60 +++++++++------ .../message-router/templates/statefulset.yaml | 4 +- kubernetes/dmaap/values.yaml | 9 +++ 17 files changed, 322 insertions(+), 161 deletions(-) delete mode 100644 kubernetes/dmaap/components/dmaap-dr-node/resources/config/drNodeCadi.properties delete mode 100644 kubernetes/dmaap/components/dmaap-dr-prov/resources/config/drProvCadi.properties create mode 100644 kubernetes/dmaap/components/dmaap-dr-prov/templates/pv.yaml create mode 100644 kubernetes/dmaap/components/dmaap-dr-prov/templates/pvc.yaml diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties b/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties index bcfefe93cf..e43182daa3 100644 --- a/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties +++ b/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties @@ -25,7 +25,7 @@ # ##################################################### # Indicator for whether to use AAF -UseAAF: true +UseAAF: {{ .Values.global.aafEnabled }} # csit: stubs out some southbound APIs for csit csit: No diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml b/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml index fffd4db847..f362f1c901 100644 --- a/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml +++ b/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml @@ -31,11 +31,8 @@ spec: app: {{ include "common.name" . }} release: {{ .Release.Name }} spec: - hostAliases: - - ip: "10.12.5.145" - hostnames: - - "aaf-onap-test.osaaf.org" initContainers: +{{- if .Values.global.aafEnabled }} - command: - /root/ready.py args: @@ -50,7 +47,8 @@ spec: image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-aaf-readiness -{{ if .Values.PG.enabled }} +{{- end }} +{{- if .Values.PG.enabled }} - command: - /root/ready.py args: @@ -73,7 +71,7 @@ spec: ports: - containerPort: {{ .Values.service.internalPort }} - containerPort: {{ .Values.service.internalPort2 }} - {{if eq .Values.liveness.enabled true }} + {{ if eq .Values.liveness.enabled true -}} livenessProbe: httpGet: port: {{ .Values.service.internalPort }} @@ -92,7 +90,6 @@ spec: - mountPath: /etc/localtime name: localtime readOnly: true - # NOTE: on the following several configMaps, careful to include / at end # since there may be more than one file in each mountPath - name: {{ include "common.name" . }}-config @@ -100,9 +97,8 @@ spec: - name: {{ include "common.name" . }}-aaf-config mountPath: /opt/app/dmaapbc/etc/org.onap.dmaap-bc.props subPath: org.onap.dmaap-bc.props - resources: -{{ include "common.resources" . | indent 12 }} +{{ include "common.resources" . }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 10 }} diff --git a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/drNodeCadi.properties b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/drNodeCadi.properties deleted file mode 100644 index 043bb8bced..0000000000 --- a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/drNodeCadi.properties +++ /dev/null @@ -1,23 +0,0 @@ -cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US -cadi_keyfile=/opt/app/datartr/aaf_certs/org.onap.dmaap-dr.keyfile -cadi_keystore=/opt/app/datartr/aaf_certs/org.onap.dmaap-dr.jks -cadi_keystore_password=WGxd2P6MDo*Bi4+UdzWs{?$8 -cadi_key_password=WGxd2P6MDo*Bi4+UdzWs{?$8 -cadi_alias=dmaap-dr-node@dmaap-dr.onap.org -cadi_truststore=/opt/app/datartr/aaf_certs/org.onap.dmaap-dr.trust.jks -cadi_truststore_password=)OBvCd{e{aWq.^mJJdX:S:1& - -aaf_env=DEV -aaf_locate_url=https://aaf-locate:8095 -aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/AAF_NS.introspect:2.1/introspect -aaf_oauth2_token_url=https://AAF_LOCATE_URL/AAF_NS.token:2.1/token -aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.1 -cadi_protocols=TLSv1.1,TLSv1.2 -cm_url=https://AAF_LOCATE_URL/AAF_NS.cm:2.1 -fs_url=https://AAF_LOCATE_URL/AAF_NS.fs.2.1 -gui_url=https://AAF_LOCATE_URL/AAF_NS.gui.2.1 - -cadi_latitude=53.423 -cadi_longitude=7.940 - -cadi_loglevel=INFO \ No newline at end of file diff --git a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties index 4379dfbf1d..3a95b5a221 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties +++ b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties @@ -71,43 +71,19 @@ SpoolDir=/opt/app/datartr/spool # # The path to the redirection data file # -#RedirectionFile: etc/redirections.dat +RedirectionFile = etc/redirections.dat # # The type of keystore for https -# -KeyStoreType=jks -# -# The path to the keystore for https -# -KeyStoreFile=/opt/app/datartr/aaf_certs/org.onap.dmaap-dr.jks -# -# The password for the https keystore -# -KeyStorePassword=WGxd2P6MDo*Bi4+UdzWs{?$8 -# -# The password for the private key in the https keystore -# -KeyPassword=WGxd2P6MDo*Bi4+UdzWs{?$8 +KeyStoreType = PKCS12 # # The type of truststore for https -# -TrustStoreType=jks -# -# The path to the truststore for https -# -TrustStoreFile=/opt/app/datartr/aaf_certs/org.onap.dmaap-dr.trust.jks -# -# The password for the https truststore -# -TrustStorePassword=)OBvCd{e{aWq.^mJJdX:S:1& +TrustStoreType = jks # # The path to the file used to trigger an orderly shutdown -# -QuiesceFile=etc/SHUTDOWN +QuiesceFile = etc/SHUTDOWN # # The key used to generate passwords for node to node transfers -# -NodeAuthKey=Node123! +NodeAuthKey = Node123! # # DR_NODE DEFAULT ENABLED TLS PROTOCOLS NodeHttpsProtocols = TLSv1.1|TLSv1.2 @@ -121,9 +97,9 @@ AAFInstance = legacy # AAF action to generate permission string - default should be publish AAFAction = publish # -# AAF URL to connect to AAF server -AafUrl = https://aaf-locate:8095 -# # AAF CADI enabled flag CadiEnabled = false +# +# AAF Props file path +AAFPropsFilePath = /opt/app/osaaf/local/org.onap.dmaap-dr.props diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/pv.yaml index 016a6ea023..90a9c2c26b 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/pv.yaml @@ -58,4 +58,27 @@ spec: storageClassName: "{{ include "common.fullname" . }}-event-logs-stcl" persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} hostPath: - path: {{ .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.eventLogsMountSubPath }} \ No newline at end of file + path: {{ .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.eventLogsMountSubPath }} +--- +{{- if .Values.global.aafEnabled }} +kind: PersistentVolume +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }}-aaf-props-pv + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + name: {{ include "common.fullname" . }}-aaf-props-pv +spec: + capacity: + storage: {{ .Values.persistence.aafCredsSize }} + accessModes: + - {{ .Values.persistence.accessMode }} + storageClassName: "{{ include "common.fullname" . }}-aaf-props-stcl" + persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} + hostPath: + path: {{ .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.aafCredsMountSubPath }} +{{ end -}} \ No newline at end of file diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml index a190d0d7d2..9dd5f20748 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml @@ -45,6 +45,38 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + {{- if .Values.global.aafEnabled }} + - name: {{ include "common.name" . }}-dr-node-aaf-config + image: "{{ include "common.repository" . }}/{{ .Values.global.aafAgentImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: {{ .Values.persistence.aafCredsPath }} + name: {{ include "common.fullname" . }}-aaf-props-pvc + command: ["bash","-c","exec /opt/app/aaf_config/bin/agent.sh"] + env: + - name: APP_FQI + value: "{{ .Values.aafConfig.fqi }}" + - name: aaf_locate_url + value: "https://aaf-locate.{{ .Release.Namespace }}:8095" + - name: aaf_locator_container + value: "{{ .Values.global.aafLocatorContainer }}" + - name: aaf_locator_container_ns + value: "{{ .Release.Namespace }}" + - name: aaf_locator_fqdn + value: "{{ .Values.aafConfig.fqdn }}" + - name: aaf_locator_public_fqdn + value: "{{.Values.aafConfig.publicFqdn}}" + - name: aaf_locator_app_ns + value: "{{ .Values.global.aafAppNs }}" + - name: DEPLOY_FQI + value: "{{ .Values.aafConfig.aafDeployFqi }}" + - name: DEPLOY_PASSWORD + value: "{{ .Values.aafConfig.aafDeployPass }}" + - name: cadi_longitude + value: "{{ .Values.aafConfig.cadiLongitude }}" + - name: cadi_latitude + value: "{{ .Values.aafConfig.cadiLatitude }}" + {{- end }} - name: {{ include "common.name" . }}-permission-fixer image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} @@ -53,7 +85,11 @@ spec: name: {{ include "common.fullname" . }}-spool-data-pvc - mountPath: {{ .Values.persistence.eventLogsPath }} name: {{ include "common.fullname" . }}-event-logs-pvc - command: ["chown","-Rf","1000:1001", "/opt/app/datartr"] + {{- if .Values.global.aafEnabled }} + - mountPath: {{ .Values.persistence.aafCredsPath }} + name: {{ include "common.fullname" . }}-aaf-props-pvc + {{- end }} + command: ["chown","-Rf","1000:1001", "/opt/app/"] containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -74,6 +110,10 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: + {{- if .Values.global.aafEnabled }} + - mountPath: {{ .Values.persistence.aafCredsPath }} + name: {{ include "common.fullname" . }}-aaf-props-pvc + {{- end }} - mountPath: {{ .Values.persistence.spoolPath }} name: {{ include "common.fullname" . }}-spool-data-pvc - mountPath: {{ .Values.persistence.eventLogsPath }} @@ -84,16 +124,13 @@ spec: - mountPath: /opt/app/datartr/etc/node.properties name: {{ include "common.fullname" . }}-config subPath: node.properties - - mountPath: /opt/app/datartr/etc/drNodeCadi.properties - name: {{ include "common.fullname" . }}-config - subPath: drNodeCadi.properties - mountPath: /opt/app/datartr/etc/logback.xml name: {{ include "common.fullname" . }}-log-conf subPath: logback.xml - mountPath: {{ .Values.global.loggingDirectory }} name: {{ include "common.fullname" . }}-logs resources: -{{ include "common.resources" . | indent 12 }} +{{ include "common.resources" . }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 10 }} @@ -101,8 +138,8 @@ spec: {{- if .Values.affinity }} affinity: {{ toYaml .Values.affinity | indent 10 }} - {{- end }} - # Filebeat sidecar container + {{- end -}} + # Filebeat sidecar container - name: {{ include "common.name" . }}-filebeat-onap image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} @@ -126,8 +163,6 @@ spec: items: - key: node.properties path: node.properties - - key: drNodeCadi.properties - path: drNodeCadi.properties - name: {{ include "common.fullname" . }}-log-conf configMap: name: {{ include "common.fullname" . }}-log @@ -140,6 +175,10 @@ spec: emptyDir: {} - name: {{ include "common.fullname" . }}-logs emptyDir: {} + {{- if .Values.global.aafEnabled }} + - name: {{ include "common.fullname" . }}-aaf-props-pvc + emptyDir: {} + {{- end }} volumeClaimTemplates: - metadata: name: {{ include "common.fullname" . }}-spool-data-pvc @@ -167,3 +206,18 @@ spec: selector: matchLabels: name: {{ include "common.fullname" . }}-event-logs-pv +{{- if .Values.global.aafEnabled }} + - metadata: + name: {{ include "common.fullname" . }}-aaf-props-pvc + labels: + name: {{ include "common.fullname" . }} + spec: + accessModes: [ {{ .Values.persistence.accessMode }} ] + storageClassName: {{ include "common.fullname" . }}-aaf-props-stcl + resources: + requests: + storage: {{ .Values.persistence.aafCredsSize }} + selector: + matchLabels: + name: {{ include "common.fullname" . }}-aaf-props-pv +{{- end }} diff --git a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml index b5e459b6b9..01309acfe4 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml @@ -17,14 +17,12 @@ ################################################################# global: loggingDirectory: /var/log/onap/datarouter - busyBoxImage: busybox:1.30 - busyBoxRepository: docker.io ################################################################# # Application configuration defaults. ################################################################# # application image -image: onap/dmaap/datarouter-node:2.1.2 +image: onap/dmaap/datarouter-node:2.1.3 pullPolicy: Always # flag to enable debugging - application support required @@ -58,13 +56,28 @@ persistence: mountPath: /dockerdata-nfs spoolMountSubPath: data-router/dr-node/spool-data - spoolSize: 1Gi + spoolSize: 2Gi spoolPath: /opt/app/datartr/spool eventLogsMountSubPath: data-router/dr-node/event-logs - eventLogSize: 1Gi + eventLogSize: 2Gi eventLogsPath: /opt/app/datartr/logs + aafCredsMountSubPath: data-router/dr-node/aaf-props + aafCredsSize: 10M + aafCredsPath: /opt/app/osaaf/local + +#AAF local config +aafConfig: + aafDeployFqi: dmaap-dr@dmaap-dr.onap.org + aafDeployPass: demo123456! + fqdn: dmaap-dr-node + fqi: dmaap-dr-node@dmaap-dr.onap.org + publicFqdn: dmaap-dr.onap.org + cadiLatitude: 0.0 + cadiLongitude: 0.0 + + ingress: enabled: false diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/drProvCadi.properties b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/drProvCadi.properties deleted file mode 100644 index 79abe22a6a..0000000000 --- a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/drProvCadi.properties +++ /dev/null @@ -1,23 +0,0 @@ -cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US -cadi_keyfile=/opt/app/datartr/aaf_certs/org.onap.dmaap-dr.keyfile -cadi_keystore=/opt/app/datartr/aaf_certs/org.onap.dmaap-dr.jks -cadi_keystore_password=FZNkU,B%NJzcT1v7;^v]M#ZX -cadi_key_password=FZNkU,B%NJzcT1v7;^v]M#ZX -cadi_alias=dmaap-dr-prov@dmaap-dr.onap.org -cadi_truststore=/opt/app/datartr/aaf_certs/org.onap.dmaap-dr.trust.jks -cadi_truststore_password=+mzf@J.D^;3!![*Xr.z$c#?b - -aaf_env=DEV -aaf_locate_url=https://aaf-locate:8095 -aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/AAF_NS.introspect:2.1/introspect -aaf_oauth2_token_url=https://AAF_LOCATE_URL/AAF_NS.token:2.1/token -aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.1 -cadi_protocols=TLSv1.1,TLSv1.2 -cm_url=https://AAF_LOCATE_URL/AAF_NS.cm:2.1 -fs_url=https://AAF_LOCATE_URL/AAF_NS.fs.2.1 -gui_url=https://AAF_LOCATE_URL/AAF_NS.gui.2.1 - -cadi_latitude=53.423 -cadi_longitude=7.940 - -cadi_loglevel=INFO \ No newline at end of file diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties index 210fb7c75f..c7714d33a4 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties +++ b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties @@ -27,12 +27,8 @@ org.onap.dmaap.datarouter.provserver.http.port = {{.Values.config.dmaa org.onap.dmaap.datarouter.provserver.https.port = {{.Values.config.dmaapDrProv.internalPort2}} org.onap.dmaap.datarouter.provserver.https.relaxation = true -org.onap.dmaap.datarouter.provserver.keymanager.password = FZNkU,B%NJzcT1v7;^v]M#ZX -org.onap.dmaap.datarouter.provserver.keystore.type = jks -org.onap.dmaap.datarouter.provserver.keystore.path = /opt/app/datartr/aaf_certs/org.onap.dmaap-dr.jks -org.onap.dmaap.datarouter.provserver.keystore.password = FZNkU,B%NJzcT1v7;^v]M#ZX -org.onap.dmaap.datarouter.provserver.truststore.path = /opt/app/datartr/aaf_certs/org.onap.dmaap-dr.trust.jks -org.onap.dmaap.datarouter.provserver.truststore.password = +mzf@J.D^;3!![*Xr.z$c#?b +org.onap.dmaap.datarouter.provserver.aafprops.path = /opt/app/osaaf/local/org.onap.dmaap-dr.props + org.onap.dmaap.datarouter.provserver.accesslog.dir = /opt/app/datartr/logs org.onap.dmaap.datarouter.provserver.spooldir = /opt/app/datartr/spool org.onap.dmaap.datarouter.provserver.dbscripts = /opt/app/datartr/etc/misc @@ -61,6 +57,3 @@ org.onap.dmaap.datarouter.provserver.aaf.instance = legacy org.onap.dmaap.datarouter.provserver.aaf.action.publish = publish org.onap.dmaap.datarouter.provserver.aaf.action.subscribe = subscribe -# AAF URL to connect to AAF server -org.onap.dmaap.datarouter.provserver.cadi.aaf.url = https://aaf-locate:8095 - diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml index 98ad9a373e..a1d148d88b 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml @@ -31,20 +31,59 @@ spec: spec: hostname: {{ .Values.global.dmaapDrProvName }} initContainers: - - command: - - /root/ready.py - args: - - --container-name - - {{ .Values.config.dmaapDrDb.mariadbContName }} - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness + - name: {{ include "common.name" . }}-readiness + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /root/ready.py + args: + - --container-name + - {{ .Values.config.dmaapDrDb.mariadbContName }} + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + {{- if .Values.global.aafEnabled }} + - name: {{ include "common.name" . }}-dr-prov-aaf-config + image: "{{ include "common.repository" . }}/{{ .Values.global.aafAgentImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: ["bash","-c","exec /opt/app/aaf_config/bin/agent.sh"] + volumeMounts: + - mountPath: {{ .Values.persistence.aafCredsPath }} + name: {{ include "common.fullname" . }}-aaf-config-vol + env: + - name: APP_FQI + value: "{{ .Values.aafConfig.fqi }}" + - name: aaf_locate_url + value: "https://aaf-locate.{{ .Release.Namespace }}:8095" + - name: aaf_locator_container + value: "{{ .Values.global.aafLocatorContainer }}" + - name: aaf_locator_container_ns + value: "{{ .Release.Namespace }}" + - name: aaf_locator_fqdn + value: "{{ .Values.aafConfig.fqdn }}" + - name: aaf_locator_public_fqdn + value: "{{.Values.aafConfig.publicFqdn}}" + - name: aaf_locator_app_ns + value: "{{ .Values.global.aafAppNs }}" + - name: DEPLOY_FQI + value: "{{ .Values.aafConfig.aafDeployFqi }}" + - name: DEPLOY_PASSWORD + value: "{{ .Values.aafConfig.aafDeployPass }}" + - name: cadi_longitude + value: "{{ .Values.aafConfig.cadiLongitude }}" + - name: cadi_latitude + value: "{{ .Values.aafConfig.cadiLatitude }}" + - name: {{ include "common.name" . }}-permission-fixer + image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: {{ .Values.persistence.aafCredsPath }} + name: {{ include "common.fullname" . }}-aaf-config-vol + command: ["chown","-Rf","1000:1001", "/opt/app/"] + {{ end }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -64,22 +103,23 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: + {{- if .Values.global.aafEnabled }} + - mountPath: {{ .Values.persistence.aafCredsPath }} + name: {{ include "common.fullname" . }}-aaf-config-vol + {{- end }} - mountPath: /etc/localtime name: localtime readOnly: false - mountPath: /opt/app/datartr/etc/provserver.properties name: {{ include "common.fullname" . }}-config subPath: provserver.properties - - mountPath: /opt/app/datartr/etc/drProvCadi.properties - name: {{ include "common.fullname" . }}-config - subPath: drProvCadi.properties - mountPath: /opt/app/datartr/etc/logback.xml name: {{ include "common.fullname" . }}-log-conf subPath: logback.xml - mountPath: {{ .Values.global.loggingDirectory }} name: {{ include "common.fullname" . }}-logs resources: -{{ include "common.resources" . | indent 12 }} +{{ include "common.resources" . }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 10 }} @@ -87,8 +127,8 @@ spec: {{- if .Values.affinity }} affinity: {{ toYaml .Values.affinity | indent 10 }} - {{- end }} - # Filebeat sidecar container + {{- end -}} + # Filebeat sidecar container - name: {{ include "common.name" . }}-filebeat-onap image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} @@ -110,8 +150,6 @@ spec: items: - key: provserver.properties path: provserver.properties - - key: drProvCadi.properties - path: drProvCadi.properties - name: {{ include "common.fullname" . }}-log-conf configMap: name: {{ include "common.fullname" . }}-log @@ -122,5 +160,10 @@ spec: emptyDir: {} - name: {{ include "common.fullname" . }}-logs emptyDir: {} + {{- if .Values.global.aafEnabled }} + - name: {{ include "common.fullname" . }}-aaf-config-vol + persistentVolumeClaim: + claimName: {{ include "common.fullname" . }}-aaf-props + {{ end }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/post-install-job.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/post-install-job.yaml index 7b71bb03a2..acf87b81a9 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/post-install-job.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/post-install-job.yaml @@ -39,12 +39,10 @@ spec: {{ end }} - name: REQUESTID value: "{{.Chart.Name}}-post-install" - volumeMounts: - mountPath: /etc/localtime name: localtime readOnly: true - # NOTE: on the following several configMaps, careful to include / at end # since there may be more than one file in each mountPath # NOTE: the basename of the subdirectory is important - it matches the DBCL API URI diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/pv.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/pv.yaml new file mode 100644 index 0000000000..b82e67673a --- /dev/null +++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/pv.yaml @@ -0,0 +1,41 @@ +{{/* + # ============LICENSE_START======================================================= + # Copyright (C) 2019 Nordix Foundation. + # ================================================================================ + # Licensed under the Apache License, Version 2.0 (the "License"); + # you may not use this file except in compliance with the License. + # You may obtain a copy of the License at + # + # http://www.apache.org/licenses/LICENSE-2.0 + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, + # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + # See the License for the specific language governing permissions and + # limitations under the License. + # + # SPDX-License-Identifier: Apache-2.0 + # ============LICENSE_END========================================================= +*/}} +{{- if .Values.global.aafEnabled }} +kind: PersistentVolume +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }}-aaf-props + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }}-aaf-props + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + name: {{ include "common.fullname" . }}-aaf-props +spec: + capacity: + storage: {{ .Values.persistence.aafCredsSize}} + accessModes: + - {{ .Values.persistence.accessMode }} + storageClassName: "{{ include "common.fullname" . }}-aaf-props-stcl" + persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} + hostPath: + path: {{ .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.aafCredsMountSubPath }} +{{ end -}} diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/pvc.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/pvc.yaml new file mode 100644 index 0000000000..6ff9e6d615 --- /dev/null +++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/pvc.yaml @@ -0,0 +1,45 @@ +{{/* + # ============LICENSE_START======================================================= + # Copyright (C) 2019 Nordix Foundation. + # ================================================================================ + # Licensed under the Apache License, Version 2.0 (the "License"); + # you may not use this file except in compliance with the License. + # You may obtain a copy of the License at + # + # http://www.apache.org/licenses/LICENSE-2.0 + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, + # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + # See the License for the specific language governing permissions and + # limitations under the License. + # + # SPDX-License-Identifier: Apache-2.0 + # ============LICENSE_END========================================================= +*/}} +{{- if .Values.global.aafEnabled }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }}-aaf-props + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +{{- if .Values.persistence.annotations }} + annotations: +{{ toYaml .Values.persistence.annotations | indent 4 }} +{{- end }} +spec: + selector: + matchLabels: + name: {{ include "common.fullname" . }}-aaf-props + accessModes: + - {{ .Values.persistence.accessMode }} + storageClassName: "{{ include "common.fullname" . }}-aaf-props-stcl" + resources: + requests: + storage: {{ .Values.persistence.aafCredsSize }} +{{ end -}} \ No newline at end of file diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml index 7a94fdb2cd..734ab72c03 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml @@ -38,7 +38,7 @@ metadata: spec: type: {{ .Values.config.dmaapDrProv.servicetype }} ports: - {{if eq .Values.config.dmaapDrProv.servicetype "NodePort" -}} + {{- if eq .Values.config.dmaapDrProv.servicetype "NodePort" -}} {{- if .Values.global.allow_http }} - port: {{ .Values.global.dmaapDrProvExtPort }} targetPort: {{ .Values.config.dmaapDrProv.internalPort }} diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml index 195bcb47be..8c81f1ef43 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml @@ -23,7 +23,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/dmaap/datarouter-prov:2.1.2 +image: onap/dmaap/datarouter-prov:2.1.3 pullPolicy: Always # flag to enable debugging - application support required @@ -52,31 +52,17 @@ readiness: ## Persist data to a persitent volume persistence: - enabled: false + volumeReclaimPolicy: Retain + accessMode: ReadWriteOnce + mountPath: /dockerdata-nfs + + aafCredsMountSubPath: data-router/dr-prov/aaf-props + aafCredsSize: 10M + aafCredsPath: /opt/app/osaaf/local ingress: enabled: false -# Resource Limit flavor -By Default using small -flavor: small -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - cpu: 2000m - memory: 4Gi - requests: - cpu: 500m - memory: 1Gi - large: - limits: - cpu: 4000m - memory: 8Gi - requests: - cpu: 1000m - memory: 2Gi - unlimited: {} - config: # dr provisioning server configuration dmaapDrProv: @@ -111,3 +97,33 @@ mariadb: size: 1Gi mountSubPath: data-router/dr-db-data disableNfsProvisioner: true + +#AAF local config +aafConfig: + aafDeployFqi: dmaap-dr@dmaap-dr.onap.org + aafDeployPass: demo123456! + fqdn: dmaap-dr-prov + fqi: dmaap-dr-prov@dmaap-dr.onap.org + publicFqdn: dmaap-dr.onap.org + cadiLatitude: 0.0 + cadiLongitude: 0.0 + +# Resource Limit flavor -By Default using small +flavor: small +# Segregation for Different environment (Small and Large) +resources: + small: + limits: + cpu: 2000m + memory: 4Gi + requests: + cpu: 500m + memory: 1Gi + large: + limits: + cpu: 4000m + memory: 8Gi + requests: + cpu: 1000m + memory: 2Gi + unlimited: {} \ No newline at end of file diff --git a/kubernetes/dmaap/components/message-router/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/templates/statefulset.yaml index f7b51d1b9e..671b42ff9b 100644 --- a/kubernetes/dmaap/components/message-router/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/message-router/templates/statefulset.yaml @@ -68,7 +68,7 @@ spec: periodSeconds: {{ .Values.readiness.periodSeconds }} env: - name: enableCadi - value: "true" + value: "{{ .Values.global.aafEnabled }}" volumeMounts: - mountPath: /etc/localtime name: localtime @@ -86,7 +86,7 @@ spec: subPath: mykey name: mykey resources: -{{ include "common.resources" . | indent 12 }} +{{ include "common.resources" . }} volumes: - name: localtime hostPath: diff --git a/kubernetes/dmaap/values.yaml b/kubernetes/dmaap/values.yaml index 86c2fe970c..4c0d8d584e 100644 --- a/kubernetes/dmaap/values.yaml +++ b/kubernetes/dmaap/values.yaml @@ -25,6 +25,8 @@ global: loggingImage: beats/filebeat:5.5.0 clientImage: onap/dmaap/dbc-client:1.0.9 repository: nexus3.onap.org:10001 + busyBoxImage: busybox:1.30 + busyBoxRepository: docker.io #Global DMaaP app config allow_http: true @@ -38,6 +40,13 @@ global: dmaapDrProvExtPort2: 443 dmaapDrProvExtPort: 80 + #AAF global config overrides + aafEnabled: true + aafAgentImage: onap/aaf/aaf_agent:2.1.15 + aafAppNs: org.osaaf.aaf + aafLocatorContainer: oom + + #Component overrides message-router: -- 2.16.6