company: 'Samsung'
id: 'kopasiak'
timezone: 'Poland/Warsaw'
+ - name: 'Jack Lucas'
+ email: 'jflos@sonoris.net'
+ company: 'Individual'
+ id: 'jackl'
+ timezone: 'USA/EST'
tsc:
approval: 'https://lists.onap.org/pipermail/onap-tsc'
changes:
name: 'Krzysztof Opasiak'
# yamllint disable-line rule:line-length
link: 'https://lists.onap.org/g/onap-tsc/topic/committer_promotion_request/70242499?p=,,,20,0,0,0::recentpostdate%2Fsticky,,,20,2,0,70242499'
+ - type: 'Addition'
+ name: 'Jack Lucas'
+ # yamllint disable-line rule:line-length
+ link: 'https://wiki.onap.org/display/DW/Committer+Promotion+for+%5BOOM%5D+%3A+Jack+Lucas'
echo "*** change ownership of certificates to targeted user"
chown -R 1000 .
-image: onap/ccsdk-oran-a1policymanagementservice:1.2.3
+image: onap/ccsdk-oran-a1policymanagementservice:1.2.5
userID: 1000 #Should match with image-defined user ID
groupID: 999 #Should match with image-defined group ID
pullPolicy: IfNotPresent
#################################################################
# application image
-image: onap/babel:1.9.1
+image: onap/babel:1.9.2
flavor: small
flavorOverride: small
chown -R {{ .Values.user_id }}:{{ .Values.group_id }} {{ .Values.credsPath }}
# application image
-image: onap/aai-graphadmin:1.9.1
+image: onap/aai-graphadmin:1.9.2
pullPolicy: Always
restartPolicy: Always
flavor: small
chown -R 1000 {{ .Values.credsPath }}
# application image
-image: onap/aai-resources:1.9.1
+image: onap/aai-resources:1.9.3
pullPolicy: Always
restartPolicy: Always
flavor: small
chown -R {{ .Values.user_id }}:{{ .Values.group_id }} {{ .Values.credsPath }}
# application image
-image: onap/aai-schema-service:1.9.2
+image: onap/aai-schema-service:1.9.3
pullPolicy: Always
restartPolicy: Always
flavorOverride: small
chown -R 1000 {{ .Values.credsPath }}
# application image
-image: onap/aai-traversal:1.9.1
+image: onap/aai-traversal:1.9.3
pullPolicy: Always
restartPolicy: Always
flavor: small
# limitations under the License.
*/}}
-
-{/*
+{{/*
Calculate if we are on service mesh.
*/}}
{{- define "common.onServiceMesh" -}}
{{- end -}}
{{- end -}}
+{{/*
+ Kills the sidecar proxy associated with a pod.
+*/}}
{{- define "common.serviceMesh.killSidecar" -}}
{{- if (include "common.onServiceMesh" .) }}
RCODE="$?";
exit "$RCODE"
{{- end }}
{{- end -}}
+
+{{/*
+ Wait for job container.
+*/}}
+{{- define "common.waitForJobContainer" -}}
+{{- $dot := default . .dot -}}
+{{- $wait_for_job_container := default $dot.Values.wait_for_job_container .wait_for_job_container -}}
+{{- if (include "common.onServiceMesh" .) }}
+- name: {{ include "common.name" $dot }}{{ ternary "" (printf "-%s" $wait_for_job_container.name) (empty $wait_for_job_container.name) }}-service-mesh-wait-for-job-container
+ image: {{ include "repositoryGenerator.image.quitQuit" $dot }}
+ imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
+ command:
+ - /bin/sh
+ - "-c"
+ args:
+ - echo "waiting 10s for istio side cars to be up"; sleep 10s;
+ {{- range $container := $wait_for_job_container.containers }}
+ /app/ready.py --service-mesh-check {{ tpl $container $dot }} -t 45;
+ {{- end }}
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+{{- end }}
+{{- end }}
{{- include "repositoryGenerator.image._helper" (merge (dict "image" "dbcClientImage") .) }}
{{- end -}}
+{{- define "repositoryGenerator.image.quitQuit" -}}
+ {{- include "repositoryGenerator.image._helper" (merge (dict "image" "quitQuitImage") .) }}
+{{- end -}}
+
{{/*
Resolve the image repository secret token.
The value for .Values.global.repositoryCred is used if provided:
readinessImage: onap/oom/readiness:3.0.1
dcaePolicySyncImage: onap/org.onap.dcaegen2.deployments.dcae-services-policy-sync:1.0.1
dbcClientImage: onap/dmaap/dbc-client:2.0.7
+ quitQuitImage: onap/oom/readiness:4.1.0
# Default credentials
# they're optional. If the target repository doesn't need them, comment them
readinessImage: repository
dcaePolicySyncImage: repository
dbcClientImage: repository
+ quitQuitImage: repository
# ============LICENSE_START=======================================================
-# Copyright (c) 2021 Bell Canada.
+# Copyright (c) 2021 2022 Bell Canada.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#################################################################
# Secrets.
##############################################################
-image: timescale/timescaledb:2.1.1-pg13
+image: timescale/timescaledb:2.5.1-pg14
pullPolicy: Always
containerPorts: 5432
externalSecret: '{{ tpl (default "" .Values.config.pgUserExternalSecret) . }}'
login: '{{ .Values.config.pgUserName }}'
password: '{{ .Values.config.pgUserPassword }}'
-
-# Copyright (C) 2021 Bell Canada
+# Copyright (C) 2021 2022 Bell Canada
# Modifications Copyright © 2021 Orange
# Modifications Copyright © 2021 Nordix Foundation
#
- name: common
version: ~10.x-0
repository: '@local'
+ - name: roles-wrapper
+ version: ~10.x-0
+ repository: '@local'
- name: cps-core
version: ~10.x-0
repository: '@local'
- name: ncmp-dmi-plugin
version: ~10.x-0
repository: '@local'
- condition: ncmp-dmi-plugin.enabled
\ No newline at end of file
+ condition: ncmp-dmi-plugin.enabled
serviceMesh:
enabled: false
tls: true
+ # be aware that linkerd is not well tested
+ engine: "istio" # valid value: istio or linkerd
# metrics part
# If enabled, exporters (for prometheus) will be deployed
GLOBAL_APPC_CDT_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "appc-cdt" "port" 18080) }}'
GLOBAL_APPC_CDT_USERNAME = "demo"
# sdc info - everything is from the private oam network (also called onap private network)
-GLOBAL_SDC_SERVER_PROTOCOL = "https"
-GLOBAL_SDC_FE_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "sdc-fe" "port" 9443) }}'
-GLOBAL_SDC_BE_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "sdc-be" "port" 8443) }}'
-GLOBAL_SDC_BE_ONBOARD_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "sdc-onboarding-be" "port" 8445) }}'
+GLOBAL_SDC_SERVER_PROTOCOL = 'http{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}'
+GLOBAL_SDC_FE_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "sdc-fe" "port" ( ternary 9443 8181 (eq "true" (include "common.needTLS" . )))) }}'
+GLOBAL_SDC_BE_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "sdc-be" "port" ( ternary 8443 8080 (eq "true" (include "common.needTLS" . )))) }}'
+GLOBAL_SDC_BE_ONBOARD_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "sdc-onboarding-be" "port" ( ternary 8445 8081 (eq "true" (include "common.needTLS" . )))) }}'
GLOBAL_SDC_DCAE_BE_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "sdc-dcae-be" "port" 8444) }}'
-GLOBAL_SDC_USERNAME = "beep"
-GLOBAL_SDC_PASSWORD = "boop"
+GLOBAL_SDC_USERNAME = '{{ .Values.sdcUsername }}'
+GLOBAL_SDC_PASSWORD = '{{ .Values.sdcPassword }}'
GLOBAL_SDC_AUTHENTICATION = [GLOBAL_SDC_USERNAME, GLOBAL_SDC_PASSWORD]
# clamp info - everything is from the private oam network (also called onap private network)
GLOBAL_CLAMP_SERVER_PROTOCOL = "https"
# APPC
appcUsername: "appc@appc.onap.org"
appcPassword: "demo123456!"
+# SDC
+sdcUsername: "beep"
+sdcPassword: "boop"
# DCAE
dcaeUsername: "dcae@dcae.onap.org"
dcaePassword: "demo123456!"
cpu: 3m
memory: 20Mi
volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- - name: {{ include "common.fullname" . }}-environments
+ - name: sdc-environments-input
mountPath: /config-input/
- - name: sdc-environments-output
+ - name: sdc-environments
mountPath: /config-output/
{{- end }}
containers:
fieldRef:
fieldPath: status.podIP
volumeMounts:
- - name: sdc-environments-output
+ - name: sdc-environments
mountPath: /app/jetty/chef-solo/environments/
- - name: sdc-environments-output
+ {{- if .Values.global.aafEnabled }}
+ - name: sdc-environments
mountPath: /app/jetty/chef-solo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.p12
subPath: org.onap.sdc.p12
- - name: sdc-environments-output
+ - name: sdc-environments
mountPath: /app/jetty/chef-solo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.trust.jks
subPath: org.onap.sdc.trust.jks
- - name: {{ include "common.fullname" . }}-localtime
+ {{- end }}
+ - name: localtime
mountPath: /etc/localtime
readOnly: true
- name: logs
mountPath: /var/log/onap
- - name: {{ include "common.fullname" . }}-logback
+ - name: logback
mountPath: /tmp/logback.xml
subPath: logback.xml
lifecycle:
{{ include "common.log.sidecar" . | nindent 8 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- - name: {{ include "common.fullname" . }}-localtime
+ - name: localtime
hostPath:
path: /etc/localtime
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
- - name: {{ include "common.fullname" . }}-logback
+ - name: logback
configMap:
name : {{ include "common.fullname" . }}-logging-configmap
- - name: {{ include "common.fullname" . }}-environments
+ - name: sdc-environments
+ {{- if .Values.global.aafEnabled }}
+ emptyDir: { medium: "Memory" }
+ - name: sdc-environments-input
+ {{- end }}
configMap:
name: {{ include "common.release" . }}-sdc-environments-configmap
defaultMode: 0755
- - name: sdc-environments-output
- emptyDir: { medium: "Memory" }
- name: logs
emptyDir: {}
imagePullSecrets:
requests:
cpu: 200m
memory: 200Mi
+ {{ include "common.waitForJobContainer" . | indent 6 | trim }}
volumes:
- name: {{ include "common.fullname" . }}-environments
configMap:
liveness:
initialDelaySeconds: 1
periodSeconds: 10
- timeoutSeconds: 5
+ timeoutSeconds: 180
successThreshold: 1
failureThreshold: 3
# necessary to disable liveness probe when setting breakpoints
readiness:
initialDelaySeconds: 1
periodSeconds: 10
- timeoutSeconds: 5
+ timeoutSeconds: 180
successThreshold: 1
failureThreshold: 3
startup:
initialDelaySeconds: 10
periodSeconds: 10
- timeoutSeconds: 5
+ timeoutSeconds: 180
successThreshold: 1
failureThreshold: 60
visualRange: "1"
serviceName: sdc-deprecated
ports:
- - name: api
+ - name: tcp-api
port: 8443
plain_port: 8080
port_protocol: http
roles:
- read
+wait_for_job_container:
+ containers:
+ - '{{ include "common.name" . }}-job'
+
#Log configuration
log:
path: /var/log/onap
requests:
cpu: 200m
memory: 300Mi
+ {{ include "common.waitForJobContainer" . | indent 6 | trim }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: {{ include "common.fullname" . }}-environments
nameOverride: sdc-cs
roles:
- read
+
+wait_for_job_container:
+ containers:
+ - '{{ include "common.name" . }}-job'
pluginsList:
- pluginId: WORKFLOW
- pluginDiscoveryUrl: "{{ .Values.config.plugins.workflow_discovery_url }}"
+ {{- if (include "common.needTLS" .) }}
+ pluginDiscoveryUrl: "{{ .Values.config.plugins.workflow_discovery_url.https }}"
+ {{- else }}
+ pluginDiscoveryUrl: "{{ .Values.config.plugins.workflow_discovery_url.http }}"
+ {{- end }}
pluginSourceUrl: "{{ .Values.config.plugins.workflow_source_url }}"
pluginStateUrl: "workflowDesigner"
pluginDisplayOptions:
displayName: "WORKFLOW"
displayRoles: ["DESIGNER", "TESTER"]
-connectionTimeout: 1000
\ No newline at end of file
+connectionTimeout: 1000
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
data:
-{{ tpl (.Files.Glob "resources/config/plugins/*").AsConfig . | indent 2 }}
\ No newline at end of file
+{{ tpl (.Files.Glob "resources/config/plugins/*").AsConfig . | indent 2 }}
chmod 0755 /config-output/${PFILE}
done
volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- - name: {{ include "common.fullname" . }}-environments
+ - name: sdc-environments-input
mountPath: /config-input/
- - name: sdc-environments-output
+ - name: sdc-environments
mountPath: /config-output/
resources:
limits:
- name: JAVA_OPTIONS
value: {{ .Values.config.javaOptions }}
volumeMounts:
- - name: sdc-environments-output
+ - name: sdc-environments
mountPath: /app/jetty/chef-solo/environments/
- - name: sdc-environments-output
+ {{- if .Values.global.aafEnabled }}
+ - name: sdc-environments
mountPath: /app/jetty/chef-solo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.p12
subPath: org.onap.sdc.p12
- - name: sdc-environments-output
+ - name: sdc-environments
mountPath: /app/jetty/chef-solo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.trust.jks
subPath: org.onap.sdc.trust.jks
- - name: {{ include "common.fullname" . }}-localtime
+ {{- end }}
+ - name: localtime
mountPath: /etc/localtime
readOnly: true
- name: logs
mountPath: /var/log/onap
- - name: {{ include "common.fullname" . }}-configs
+ - name: configs
mountPath: /app/jetty/config/catalog-fe/plugins-configuration.yaml
subPath: plugins-configuration.yaml
- - name: {{ include "common.fullname" . }}-logback
+ - name: logback
mountPath: /tmp/logback.xml
subPath: logback.xml
lifecycle:
{{ include "common.log.sidecar" . | nindent 8 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- - name: {{ include "common.fullname" . }}-localtime
+ - name: localtime
hostPath:
path: /etc/localtime
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 8 }}
- - name: {{ include "common.fullname" . }}-configs
+ - name: configs
configMap:
name : {{ include "common.fullname" . }}-plugins-configmap
defaultMode: 0777
- - name: {{ include "common.fullname" . }}-logback
+ - name: logback
configMap:
name : {{ include "common.fullname" . }}-logging-configmap
- - name: {{ include "common.fullname" . }}-environments
+ - name: sdc-environments
+ {{- if .Values.global.aafEnabled }}
+ emptyDir: { medium: "Memory" }
+ - name: sdc-environments-input
+ {{- end }}
configMap:
name: {{ include "common.release" . }}-sdc-environments-configmap
defaultMode: 0755
- - name: sdc-environments-output
- emptyDir: { medium: "Memory" }
- name: logs
emptyDir: {}
imagePullSecrets:
spec:
type: {{ .Values.service.type }}
ports:
- {{ if not .Values.security.disableHttp }}
- # setting http port only if enabled
- {{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{ end }}
- {{ end }}
-
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.portName }}2
- {{- else -}}
- - port: {{ .Values.service.externalPort2 }}
+ {{ if eq .Values.service.type "NodePort" -}}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ {{ end }}
+ {{ if (include "common.needTLS" .) }}
+ - port: {{ .Values.service.internalPort2 }}
targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName }}2
- {{- end}}
+ name: {{ .Values.service.portName }}s
+ {{ if eq .Values.service.type "NodePort" -}}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
+ {{ end }}
+ {{ end }}
selector:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
config:
javaOptions: "-Xmx256m -Xms256m"
plugins:
- dcae_discovery_url: "https://sdc-dcae-fe:9444/dcaed/#/home"
+ dcae_discovery_url:
+ https: "https://sdc-dcae-fe:9444/dcaed/#/home"
+ http: "http://sdc-dcae-fe:8183/dcaed/#/home"
dcae_source_url: "https://sdc.dcae.plugin.simpledemo.onap.org:30264/dcaed/#/home"
- dcae_dt_discovery_url: "https://sdc-dcae-dt:9446/dcae/#/dcae/home"
+ dcae_dt_discovery_url:
+ https: "https://sdc-dcae-dt:9446/dcae/#/dcae/home"
+ http: "http://sdc-dcae-dt:8186/dcae/#/dcae/home"
dcae_dt_source_url: "https://sdc.dcae.plugin.simpledemo.onap.org:30266/dcae/#/dcae/home"
- workflow_discovery_url: "https://sdc-wfd-fe:8443/workflows"
+ workflow_discovery_url:
+ https: "https://sdc-wfd-fe:8443/workflows"
+ http: "http://sdc-wfd-fe:8080/workflows"
workflow_source_url: "https://sdc.workflow.plugin.simpledemo.onap.org:30256/workflows/"
#environment file
#service being defined.
type: NodePort
name: sdc-fe
- portName: sdc-fe
+ portName: http
nodePort: "06"
internalPort: 8181
externalPort: 8181
internalPort2: 9443
externalPort2: 9443
-
-
ingress:
enabled: false
service:
{{/*
# Copyright © 2017 Amdocs, AT&T, Bell Canada
# Modifications Copyright © 2018 ZTE
+# Modifications Copyright © 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
chmod 0755 /config-output/${PFILE}
done
volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- - name: {{ include "common.fullname" . }}-environments
+ - name: sdc-environments-input
mountPath: /config-input/
- - name: sdc-environments-output
+ - name: sdc-environments
mountPath: /config-output/
resources:
limits:
securityContext:
runAsUser: 0
volumeMounts:
- - name: {{ include "common.fullname" . }}-cert-storage
+ - name: cert-storage
mountPath: "/onboard/cert"
resources:
limits:
- name: SDC_CERT_DIR
value: {{ .Values.cert.certDir }}
volumeMounts:
- - name: sdc-environments-output
+ - name: sdc-environments
mountPath: /app/jetty/chef-solo/environments/
- - name: sdc-environments-output
+ {{- if .Values.global.aafEnabled }}
+ - name: sdc-environments
mountPath: /app/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.p12
subPath: org.onap.sdc.p12
- - name: sdc-environments-output
+ - name: sdc-environments
mountPath: /app/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.trust.jks
subPath: org.onap.sdc.trust.jks
- - name: {{ include "common.fullname" . }}-localtime
+ {{- end }}
+ - name: localtime
mountPath: /etc/localtime
readOnly: true
- name: logs
mountPath: /var/log/onap
- - name: {{ include "common.fullname" . }}-cert-storage
+ - name: cert-storage
mountPath: "{{ .Values.cert.certDir }}"
- - name: {{ include "common.fullname" . }}-logback
+ - name: logback
mountPath: /tmp/logback.xml
subPath: logback.xml
lifecycle:
{{ include "common.log.sidecar" . | nindent 8 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- - name: {{ include "common.fullname" . }}-localtime
+ - name: localtime
hostPath:
path: /etc/localtime
+
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
- - name: {{ include "common.fullname" . }}-logback
+ - name: logback
configMap:
name : {{ include "common.fullname" . }}-logging-configmap
- - name: {{ include "common.fullname" . }}-environments
+ - name: sdc-environments
+ {{- if .Values.global.aafEnabled }}
+ emptyDir: { medium: "Memory" }
+ - name: sdc-environments-input
+ {{- end }}
configMap:
name: {{ include "common.release" . }}-sdc-environments-configmap
defaultMode: 0755
- - name: sdc-environments-output
- emptyDir: { medium: "Memory" }
- name: logs
emptyDir: {}
- - name: {{ include "common.fullname" . }}-cert-storage
+ - name: cert-storage
persistentVolumeClaim:
claimName: {{ include "common.fullname" . }}-cert
imagePullSecrets:
- name: {{ include "common.name" . }}-job
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.onboardingInitImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- if include "common.onServiceMesh" . }}
+ args:
+ - echo "waiting 10s for istio side cars to be up"; sleep 10s; /home/sdc/startup.sh
+ command:
+ - /bin/sh
+ - -c
+ {{- end }}
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
mountPath: /home/sdc/chef-solo/environments/
requests:
cpu: 200m
memory: 200Mi
+ {{ include "common.waitForJobContainer" . | indent 6 | trim }}
volumes:
- name: {{ include "common.fullname" . }}-environments
configMap:
{{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.externalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName | default "http" }}
+ name: {{ .Values.service.portName | default "http" }}s
- port: {{ .Values.service.externalPort2 }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.portName | default "http" }}2
+ name: {{ .Values.service.portName | default "http" }}}
{{- else -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName | default "http" }}
+ name: {{ .Values.service.portName | default "http" }}s
- port: {{ .Values.service.externalPort2 }}
targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName | default "http" }}2
+ name: {{ .Values.service.portName | default "http" }}
{{- end}}
selector:
app: {{ include "common.name" . }}
service:
type: ClusterIP
name: sdc-onboarding-be
- portName: sdc-onboarding-be
+ portName: http
internalPort: 8445
externalPort: 8445
+
internalPort2: 8081
externalPort2: 8081
roles:
- read
+wait_for_job_container:
+ containers:
+ - '{{ include "common.name" . }}-job'
+
#Log configuration
log:
path: /var/log/onap
+++ /dev/null
-{{- define "wfd-be.internalPort" }}{{ if .Values.config.serverSSLEnabled }}{{ .Values.service.internalPort2 }}{{ else }}{{ .Values.service.internalPort }}{{ end }}{{- end }}
./startup.sh
{{- end }}
ports:
- - containerPort: {{ template "wfd-be.internalPort" . }}
+ - containerPort: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{ if .Values.liveness.enabled }}
livenessProbe:
tcpSocket:
- port: {{ template "wfd-be.internalPort" . }}
+ port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
successThreshold: {{ .Values.liveness.successThreshold }}
{{ end }}
readinessProbe:
tcpSocket:
- port: {{ template "wfd-be.internalPort" . }}
+ port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
successThreshold: {{ .Values.readiness.successThreshold }}
failureThreshold: {{ .Values.readiness.failureThreshold }}
startupProbe:
tcpSocket:
- port: {{ template "wfd-be.internalPort" . }}
+ port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.startup.initialDelaySeconds }}
periodSeconds: {{ .Values.startup.periodSeconds }}
successThreshold: {{ .Values.startup.successThreshold }}
valueFrom:
secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: cs_truststore_password}
- name: SDC_PROTOCOL
- value: "{{ .Values.config.sdcProtocol }}"
+ value: "{{ (eq "true" (include "common.needTLS" .)) | ternary "HTTPS" "HTTP" }}"
- name: SDC_ENDPOINT
- value: "{{ .Values.config.sdcEndpoint }}"
+ value: "{{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.sdcEndpoint.https .Values.config.sdcEndpoint.http }}"
- name: SDC_USER
value: "{{ .Values.config.sdcExternalUser }}"
- name: SDC_PASSWORD
valueFrom:
secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: wf_external_user_password}
+ {{- if (include "common.needTLS" .) }}
- name: SERVER_SSL_ENABLED
- value: "{{ .Values.config.serverSSLEnabled }}"
+ value: "true"
- name: SERVER_SSL_KEYSTORE_TYPE
value: "{{ .Values.config.serverSSLKeyStoreType }}"
- name: SERVER_SSL_TRUSTSTORE_TYPE
value: "{{ .Values.config.serverSSLTrustStoreType }}"
+ {{- else }}
+ - name: SERVER_SSL_ENABLED
+ value: "false"
+ {{- end }}
volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
resources: {{ include "common.resources" . | nindent 12 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
-{{ include "common.ingress" . }}
+{{include "common.ingress" .}}
cpu: 3m
memory: 20Mi
containers:
- - name: {{ include "common.name" . }}-job
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.configInitImage }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
+ - name: {{ include "common.name" . }}-job
+ image:
+ {{ include "repositoryGenerator.repository" . }}/{{ .Values.configInitImage }}
+ imagePullPolicy:
+ {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- if include "common.onServiceMesh" . }}
+ args:
+ - echo "waiting 10s for istio side cars to be up"; sleep 10s; /start.sh
+ command:
+ - /bin/sh
+ - -c
+ {{- end }}
+ env:
- name: CS_HOST
value: "{{ .Values.global.sdc_cassandra.serviceName }}"
- name: CS_PORT
- value: "{{ .Values.config.cassandraClientPort }}"
+ value: {{ .Values.config.cassandraClientPort | quote }}
- name: CS_AUTHENTICATE
- value: "{{ .Values.config.cassandraAuthenticationEnabled }}"
+ value: {{ .Values.config.cassandraAuthenticationEnabled | quote }}
- name: CS_USER
- valueFrom:
- secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_user}
+ valueFrom: {secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_user}}
- name: CS_PASSWORD
- valueFrom:
- secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_password}
- resources: {{ include "common.resources" . | nindent 12 }}
+ valueFrom: {secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_password}}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ {{ include "common.waitForJobContainer" . | indent 6 | trim }}
imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
{{ end }}
type: {{ .Values.service.type }}
ports:
{{if eq .Values.service.type "NodePort" -}}
- - port: {{ template "wfd-be.internalPort" . }}
+ - port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
{{- else -}}
- - port: {{ if .Values.config.serverSslEnabled }}{{ .Values.service.externalPort2 }}{{ else }}{{ .Values.service.externalPort }}{{ end }}
- targetPort: {{ template "wfd-be.internalPort" . }}
- name: {{ .Values.service.portName }}
+ - port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.externalPort2 .Values.service.externalPort }}
+ targetPort: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
{{- end}}
selector:
app: {{ include "common.name" . }}
nodePortPrefix: 302
aafEnabled: true
sdc_cassandra:
- #This flag allows SDC to instantiate its own cluster, serviceName
- #should be sdc-cs if this flag is enabled
+ # This flag allows SDC to instantiate its own cluster, serviceName
+ # should be sdc-cs if this flag is enabled
localCluster: false
- #The cassandra service name to connect to (default: shared cassandra service)
+ # The cassandra service name to connect to
+ # (default: shared cassandra service)
serviceName: cassandra
- #Shared cassandra cluster replicaCount, should be changed if localCluster is enabled
- #to match with its own cluster replica
+ # Shared cassandra cluster replicaCount, should be changed if
+ # localCluster is enabled to match with its own cluster replica
replicaCount: 3
clusterName: cassandra
dataCenter: Pod
javaOptions: "-Xmx1536m -Xms1536m"
cassandraAuthenticationEnabled: true
cassandraClientPort: 9042
- sdcProtocol: HTTPS
- sdcEndpoint: sdc-be:8443
+ sdcEndpoint:
+ https: sdc-be:8443
+ http: sdc-be:8080
sdcExternalUser: workflow
- serverSSLEnabled: true
serverSSLKeyStoreType: jks
serverSSLTrustStoreType: jks
cassandraSSLEnabled: false
affinity: {}
# probe configuration parameters
-liveness:
- initialDelaySeconds: 60
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
+#liveness:
+# initialDelaySeconds: 60
+# periodSeconds: 10
+# # necessary to disable liveness probe when setting breakpoints
+# # in debugger so K8s doesn't restart unresponsive container
+# enabled: true
-readiness:
- initialDelaySeconds: 60
- periodSeconds: 10
+#readiness:
+# initialDelaySeconds: 60
+# periodSeconds: 10
# probe configuration parameters
liveness:
service:
type: NodePort
- portName: sdc-wfd-be
+ portName: http
internalPort: 8080
externalPort: 8080
internalPort2: 8443
nameOverride: sdc-wfd-be
roles:
- read
+
+wait_for_job_container:
+ containers:
+ - '{{ include "common.name" . }}-job'
+++ /dev/null
-{{- define "wfd-fe.internalPort" }}{{ if .Values.config.isHttpsEnabled }}{{ .Values.service.internalPort2 }}{{ else }}{{ .Values.service.internalPort }}{{ end }}{{- end }}
./startup.sh
{{- end }}
ports:
- - containerPort: {{ template "wfd-fe.internalPort" . }}
+ - containerPort: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}
{{ if .Values.liveness.enabled }}
livenessProbe:
tcpSocket:
- port: {{ template "wfd-fe.internalPort" . }}
+ port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
successThreshold: {{ .Values.liveness.successThreshold }}
{{ end }}
readinessProbe:
tcpSocket:
- port: {{ template "wfd-fe.internalPort" . }}
+ port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
successThreshold: {{ .Values.readiness.successThreshold }}
failureThreshold: {{ .Values.readiness.failureThreshold }}
startupProbe:
tcpSocket:
- port: {{ template "wfd-fe.internalPort" . }}
+ port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.startup.initialDelaySeconds }}
periodSeconds: {{ .Values.startup.periodSeconds }}
successThreshold: {{ .Values.startup.successThreshold }}
- name: JAVA_OPTIONS
value: {{ .Values.config.javaOptions }}
- name: BACKEND
- value: {{ .Values.config.backendServerURL }}
+ value: "{{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.backendServerURL.https .Values.config.backendServerURL.http }}"
- name: IS_HTTPS
- value: "{{ .Values.config.isHttpsEnabled}}"
- {{ if and .Values.config.isHttpsEnabled (eq .Values.security.isDefaultStore false) }}
+ value: "{{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}"
+ {{- if and (include "common.needTLS" .) (eq .Values.security.isDefaultStore false) }}
- name: TRUST_ALL
value: "{{ .Values.config.isTrustAll}}"
- {{ end }}
+ {{- end }}
volumeMounts:
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
"version": "v1",
"url": "/",
"protocol": "UI",
- "port": "{{ .Values.service.internalPort2 }}",
+ "port": "{{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}",
"visualRange":"0|1"
}
]'
type: {{ .Values.service.type }}
ports:
{{if eq .Values.service.type "NodePort" -}}
- - port: {{ template "wfd-fe.internalPort" . }}
+ - port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
{{- else -}}
- - port: {{ if .Values.config.isHttpsEnabled }}{{ .Values.service.externalPort2 }}{{ else }}{{ .Values.service.externalPort }}{{ end }}
- targetPort: {{ template "wfd-fe.internalPort" . }}
- name: {{ .Values.service.portName }}
+ - port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.externalPort2 .Values.service.externalPort }}
+ targetPort: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
{{- end}}
selector:
app: {{ include "common.name" . }}
config:
javaOptions: "-Xmx256m -Xms256m"
- backendServerURL: "https://sdc-wfd-be:8443"
- isHttpsEnabled: true
+ backendServerURL:
+ https: "https://sdc-wfd-be:8443"
+ http: "http://sdc-wfd-be:8080"
# following flag decides whether to check the certificate on the outgoing proxy request or whether to trust all parties
isTrustAll: true
# https relevant settings. Change in case you have other trust files then default ones.
"chef_type": "environment",
"default_attributes": {
- "disableHttp": {{ .Values.global.security.disableHttp }},
+ "disableHttp": {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }},
"CS_VIP": "{{.Values.global.sdc_cassandra.serviceName}}.{{include "common.namespace" .}}",
"BE_VIP": "sdc-be.{{include "common.namespace" .}}",
"ONBOARDING_BE_VIP": "sdc-onboarding-be.{{include "common.namespace" .}}",
"username": "user1@sdc.com",
"password": "password=="
}
+ {{- if .Values.global.aafEnabled }}
},
"jetty": {
"keystore_pwd": "${KEYSTORE_PASS}",
"truststore_pwd": "${TRUSTSTORE_PASS}",
"keymanager_pwd": "${KEYMANAGER_PASS}"
+ {{- end }}
}
}
}
writeConsistencyLevel: ALL
clusterName: cassandra
dataCenter: Pod
- security:
- disableHttp: true
centralizedLoggingEnabled: true
sdc-be:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdnc-dmaap-listener-image:2.2.4
+image: onap/sdnc-dmaap-listener-image:2.2.5
pullPolicy: Always
# flag to enable debugging - application support required
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdnc-ansible-server-image:2.2.4
+image: onap/sdnc-ansible-server-image:2.2.5
pullPolicy: Always
# flag to enable debugging - application support required
# Application configuration defaults.
#################################################################
# application image
-image: "onap/sdnc-web-image:2.2.4"
+image: "onap/sdnc-web-image:2.2.5"
pullPolicy: Always
config:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdnc-ueb-listener-image:2.2.4
+image: onap/sdnc-ueb-listener-image:2.2.5
pullPolicy: Always
# flag to enable debugging - application support required
# application images
pullPolicy: Always
-image: onap/sdnc-image:2.2.4
+image: onap/sdnc-image:2.2.5
# flag to enable debugging - application support required
debugEnabled: false
Code Review / oom.git / commitdiff