- name: common
version: ~12.x-0
repository: '@local'
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- name: oof-has
version: ~12.x-0
repository: 'file://components/oof-has'
- name: serviceAccount
version: ~12.x-0
repository: '@local'
+ - name: readinessCheck
+ version: ~12.x-0
+ repository: '@local'
- name: common
version: ~12.x-0
repository: '@local'
- - name: music
- version: ~12.x-0
- repository: '@local'
- condition: music.enabled
- name: etcd
version: ~12.x-0
repository: '@local'
- name: common
version: ~12.x-0
repository: '@local'
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- name: oof-templates
version: ~12.x-0
repository: 'file://../../../oof-templates'
- name: serviceAccount
version: ~12.x-0
repository: '@local'
+ - name: readinessCheck
+ version: ~12.x-0
+ repository: '@local'
+
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- - name: {{ include "common.name" . }}-readiness
- command:
- - /app/ready.py
- args:
- - --container-name
- - oof-has-controller
- {{- if (include "common.needTLS" .) }}
- - --container-name
- - aaf-service
- {{- end }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-
- {{- if (include "common.needTLS" .) }}
- - name: {{ include "common.name" . }}-has-sms-readiness
- command:
- - sh
- - -c
- - resp="FAILURE";
- until [ $resp = "200" ]; do
- resp=$(curl -s -o /dev/null -k --write-out %{http_code} https://aaf-sms.{{ include "common.namespace" . }}:10443/v1/sms/domain/has/secret);
- echo $resp;
- sleep 2;
- done
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.curl" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- {{- end }}
-{{ include "common.certInitializer.initContainer" . | indent 6 }}
-
+ {{ include "common.readinessCheck.waitFor" . | nindent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.image.optf_has }}
- mountPath: /usr/local/bin/log.conf
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: log.conf
- {{- if (include "common.needTLS" .) }}
- - mountPath: /usr/local/bin/AAF_RootCA.cer
- name: {{ include "common.fullname" . }}-onap-certs
- subPath: aaf_root_ca.cer
- {{- end }}
resources:
{{ include "common.resources" . | indent 12 }}
- name: {{ include "common.name" . }}-nginx
args:
- "-c"
- |
- {{- if (include "common.needTLS" .) }}
- grep -v '^$' /opt/bitnami/nginx/ssl/local/org.onap.oof.crt > /tmp/oof.crt
- cat /tmp/oof.crt /tmp/intermediate_root_ca.pem /tmp/AAF_RootCA.cer >> /opt/bitnami/nginx/org.onap.oof.crt
- {{- end }}
/opt/bitnami/scripts/nginx/entrypoint.sh /opt/bitnami/scripts/nginx/run.sh
ports:
- containerPort: {{ .Values.service.internalPort }}
+ name: http
{{- if .Values.liveness.enabled }}
livenessProbe:
tcpSocket:
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
-{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
- mountPath: /opt/bitnami/nginx/conf/nginx.conf
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: nginx.conf
- {{- if (include "common.needTLS" .) }}
- - mountPath: /tmp/AAF_RootCA.cer
- name: {{ include "common.fullname" . }}-onap-certs
- subPath: aaf_root_ca.cer
- - mountPath: /tmp/intermediate_root_ca.pem
- name: {{ include "common.fullname" . }}-onap-certs
- subPath: intermediate_root_ca.pem
- {{- end }}
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
path: conductor.conf
- key: log.conf
path: log.conf
-{{- if (include "common.needTLS" .) }}
-{{ include "oof.certificate.volume" . | indent 8 }}
-{{- end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T,VMware
+# Modifications Copyright © 2023 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }}
# secrets metaconfig
#################################################################
secrets:
- - uid: oof-onap-certs
- externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
- type: generic
- filePaths: '{{ .Values.secretsFilePaths }}'
- uid: oof-has-etcd-secret
name: &user-creds '{{ include "common.release" . }}-oof-has-etcd-secret'
type: basicAuth
service:
type: NodePort
name: oof-has-api
- externalPort: 8091
internalPort: 8091
- nodePort: 75
- portName: http
+ ports:
+ - name: http
+ port: 8091
+ nodePort: '75'
#backend container info
uwsgi:
internalPort: 8080
-ingress:
- enabled: false
replicaCount: 1
nodeSelector: {}
affinity: {}
initialDelaySeconds: 10
periodSeconds: 10
-#sub-charts configuration
-certInitializer:
- nameOverride: oof-has-cert-initializer
- fqdn: "oof.onap"
- app_ns: "org.osaaf.aaf"
- fqi: "oof@oof.onap.org"
- fqi_namespace: org.onap.oof
- public_fqdn: "oof.onap.org"
- aafDeployFqi: "deployer@people.osaaf.org"
- aafDeployPass: demo123456!
- cadi_latitude: "0.0"
- cadi_longitude: "0.0"
- credsPath: /opt/app/osaaf/local
- appMountPath: /opt/bitnami/nginx/ssl
- aaf_add_config: >
- chmod 444 {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key;
-
-
ingress:
enabled: false
service:
config:
ssl: "redirect"
+readinessCheck:
+ wait_for:
+ - oof-has-controller
+
#Pods Service Account
serviceAccount:
nameOverride: oof-has-api
- name: serviceAccount
version: ~12.x-0
repository: '@local'
+ - name: readinessCheck
+ version: ~12.x-0
+ repository: '@local'
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- - name: {{ include "common.name" . }}-readiness
- command:
- - /app/ready.py
- args:
- - --job-name
- - {{ include "common.release" . }}-{{ .Values.config.etcd.configJobNameOverride }}-job
- {{- if (include "common.needTLS" .) }}
- - --container-name
- - aaf-sms
- {{- end }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-
- {{- if (include "common.needTLS" .) }}
- - name: {{ include "common.name" . }}-cont-sms-readiness
- command:
- - sh
- - -c
- - resp="FAILURE";
- until [ $resp = "200" ]; do
- resp=$(curl -s -o /dev/null -k --write-out %{http_code} https://aaf-sms.{{ include "common.namespace" . }}:10443/v1/sms/domain/has/secret);
- echo $resp;
- sleep 2;
- done
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.curl" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- {{- end }}
+ {{ include "common.readinessCheck.waitFor" . | nindent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.image.optf_has }}
- mountPath: /usr/local/bin/healthy.sh
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: healthy.sh
- {{- if (include "common.needTLS" .) }}
- - mountPath: /usr/local/bin/AAF_RootCA.cer
- name: {{ include "common.fullname" . }}-onap-certs
- subPath: aaf_root_ca.cer
- {{- end }}
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
path: log.conf
- key: healthy.sh
path: healthy.sh
-{{- if (include "common.needTLS" .) }}
-{{ include "oof.certificate.volume" . | indent 8 }}
-{{- end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
# Secrets metaconfig
#################################################################
secrets:
- - uid: oof-onap-certs
- externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
- type: generic
- filePaths: '{{ .Values.secretsFilePaths }}'
- uid: oof-has-etcd-secret
name: &user-creds '{{ include "common.release" . }}-oof-has-etcd-secret'
type: basicAuth
initialDelaySeconds: 10
periodSeconds: 10
+readinessCheck:
+ wait_for:
+ jobs:
+ - '{{ include "common.release" . }}-{{ .Values.config.etcd.configJobNameOverride }}-job'
+
#Pods Service Account
serviceAccount:
nameOverride: oof-has-controller
- name: serviceAccount
version: ~12.x-0
repository: '@local'
+ - name: readinessCheck
+ version: ~12.x-0
+ repository: '@local'
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- - name: {{ include "common.name" . }}-readiness
- command:
- - /app/ready.py
- args:
- - --job-name
- - {{ include "common.release" . }}-{{ .Values.config.etcd.configJobNameOverride }}-job
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-
- {{- if (include "common.needTLS" .) }}
- - name: {{ include "common.name" . }}-data-sms-readiness
- command:
- - sh
- - -c
- - resp="FAILURE";
- until [ $resp = "200" ]; do
- resp=$(curl -s -o /dev/null -k --write-out %{http_code} https://aaf-sms.{{ include "common.namespace" . }}:10443/v1/sms/domain/has/secret);
- echo $resp;
- sleep 2;
- done
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.curl" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- {{- end }}
-
+ {{ include "common.readinessCheck.waitFor" . | nindent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.image.optf_has }}
- mountPath: /usr/local/bin/healthy.sh
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: healthy.sh
- {{- if (include "common.needTLS" .) }}
- - mountPath: /usr/local/bin/aai_cert.cer
- name: {{ .Values.global.commonConfigPrefix }}-config
- subPath: aai_cert.cer
- - mountPath: /usr/local/bin/aai_key.key
- name: {{ .Values.global.commonConfigPrefix }}-config
- subPath: aai_key.key
- - mountPath: /usr/local/bin/AAF_RootCA.cer
- name: {{ include "common.fullname" . }}-onap-certs
- subPath: aaf_root_ca.cer
- {{- end }}
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
path: log.conf
- key: healthy.sh
path: healthy.sh
- {{- if (include "common.needTLS" .) }}
- - key: aai_cert.cer
- path: aai_cert.cer
- - key: aai_key.key
- path: aai_key.key
- {{- end }}
-{{- if (include "common.needTLS" .) }}
-{{ include "oof.certificate.volume" . | indent 8 }}
-{{- end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
# secrets metaconfig
#################################################################
secrets:
- - uid: oof-onap-certs
- externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
- type: generic
- filePaths: '{{ .Values.secretsFilePaths }}'
- uid: oof-has-etcd-secret
name: &user-creds '{{ include "common.release" . }}-oof-has-etcd-secret'
type: basicAuth
initialDelaySeconds: 10
periodSeconds: 10
+readinessCheck:
+ wait_for:
+ jobs:
+ - '{{ include "common.release" . }}-{{ .Values.config.etcd.configJobNameOverride }}-job'
+
#Pods Service Account
serviceAccount:
nameOverride: oof-has-data
- name: serviceAccount
version: ~12.x-0
repository: '@local'
+ - name: readinessCheck
+ version: ~12.x-0
+ repository: '@local'
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- - name: {{ include "common.name" . }}-readiness
- command:
- - /app/ready.py
- args:
- - --job-name
- - {{ include "common.release" . }}-{{ .Values.config.etcd.configJobNameOverride }}-job
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-
- {{- if (include "common.needTLS" .) }}
- - name: {{ include "common.name" . }}-resrv-sms-readiness
- command:
- - sh
- - -c
- - resp="FAILURE";
- until [ $resp = "200" ]; do
- resp=$(curl -s -o /dev/null -k --write-out %{http_code} https://aaf-sms.{{ include "common.namespace" .}}:10443/v1/sms/domain/has/secret);
- echo $resp;
- sleep 2;
- done
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.curl" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- {{- end }}
-
+ {{ include "common.readinessCheck.waitFor" . | nindent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.image.optf_has }}
- mountPath: /usr/local/bin/healthy.sh
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: healthy.sh
- {{- if (include "common.needTLS" .) }}
- - mountPath: /usr/local/bin/AAF_RootCA.cer
- name: {{ include "common.fullname" . }}-onap-certs
- subPath: aaf_root_ca.cer
- {{- end }}
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
path: log.conf
- key: healthy.sh
path: healthy.sh
-{{- if (include "common.needTLS" .) }}
-{{ include "oof.certificate.volume" . | indent 8 }}
-{{- end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
# secrets metaconfig
#################################################################
secrets:
- - uid: oof-onap-certs
- externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
- type: generic
- filePaths: '{{ .Values.secretsFilePaths }}'
- uid: oof-has-etcd-secret
name: &user-creds '{{ include "common.release" . }}-oof-has-etcd-secret'
type: basicAuth
initialDelaySeconds: 10
periodSeconds: 10
+readinessCheck:
+ wait_for:
+ jobs:
+ - '{{ include "common.release" . }}-{{ .Values.config.etcd.configJobNameOverride }}-job'
+
#Pods Service Account
serviceAccount:
nameOverride: oof-has-reservation
- name: serviceAccount
version: ~12.x-0
repository: '@local'
+ - name: readinessCheck
+ version: ~12.x-0
+ repository: '@local'
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- - name: {{ include "common.name" . }}-readiness
- command:
- - /app/ready.py
- args:
- - --job-name
- - {{ include "common.release" . }}-{{ .Values.config.etcd.configJobNameOverride }}-job
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-
- {{- if (include "common.needTLS" .) }}
- - name: {{ include "common.name" . }}-solvr-sms-readiness
- command:
- - sh
- - -c
- - resp="FAILURE";
- until [ $resp = "200" ]; do
- resp=$(curl -s -o /dev/null -k --write-out %{http_code} https://aaf-sms.{{ include "common.namespace" . }}:10443/v1/sms/domain/has/secret);
- echo $resp;
- sleep 2;
- done
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.curl" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- {{- end }}
-
+ {{ include "common.readinessCheck.waitFor" . | nindent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.image.optf_has }}
- mountPath: /usr/local/bin/healthy.sh
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: healthy.sh
- {{- if (include "common.needTLS" .) }}
- - mountPath: /usr/local/bin/AAF_RootCA.cer
- name: {{ include "common.fullname" . }}-onap-certs
- subPath: aaf_root_ca.cer
- {{- end }}
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
path: log.conf
- key: healthy.sh
path: healthy.sh
-{{- if (include "common.needTLS" .) }}
-{{ include "oof.certificate.volume" . | indent 8 }}
-{{- end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
# secrets metaconfig
#################################################################
secrets:
- - uid: oof-onap-certs
- externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
- type: generic
- filePaths: '{{ .Values.secretsFilePaths }}'
- uid: oof-has-etcd-secret
name: &user-creds '{{ include "common.release" . }}-oof-has-etcd-secret'
type: basicAuth
initialDelaySeconds: 10
periodSeconds: 10
+readinessCheck:
+ wait_for:
+ jobs:
+ - '{{ include "common.release" . }}-{{ .Values.config.etcd.configJobNameOverride }}-job'
+
#Pods Service Account
serviceAccount:
nameOverride: oof-has-solver
+++ /dev/null
------BEGIN CERTIFICATE-----\r
-MIIEKjCCAxKgAwIBAgIBHjANBgkqhkiG9w0BAQsFADBHMQswCQYDVQQGEwJVUzEN\r
-MAsGA1UECgwET05BUDEOMAwGA1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVk\r
-aWF0ZUNBXzEwHhcNMTgwNDI1MTIxMzAxWhcNMTkwNDIwMTIxMzAxWjBtMQswCQYD\r
-VQQGEwJVUzENMAsGA1UECgwET05BUDEZMBcGA1UECwwQb29mQG9vZi5vbmFwLm9y\r
-ZzEOMAwGA1UECwwFT1NBQUYxJDAiBgNVBAMMG29vZi5hcGkuc2ltcGxlZGVtby5v\r
-bmFwLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANGpQUtgLXG3\r
-dVikd/QC2Q24wzeTOeZzbx3PnidNYZT5K0sJ/TdnZF6O/4+9gXQ6AQS2Q8wfQ009\r
-MQAA5vhUaq5yZ2K+XAtEFGln1TxTFpGu3WDOwQ800Vw18Dk8WidrkzDJv489Bn1f\r
-SSaPC0IaRB0K1d8BD63ZHgsuEY8lt31DX2wFWJcfN9mxNDzuLTZoLxtxKsedoZKH\r
-rsOOILwXOhwuunfx40i6RQN/pFX6C2i8dtOA5OwUm9Q1RrZ2Tv1Uf4IURriH6bfZ\r
-5n50yxTuL22TMYXsF/ohrdgwacuC0aV9ZSGhIZUJPyHVg7+QTBioHmoUJInVKuIx\r
-kkC4lENbLYUCAwEAAaOB+jCB9zAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIG\r
-wDAzBglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgU2VydmVyIENlcnRp\r
-ZmljYXRlMB0GA1UdDgQWBBQwbU5oHU2iYHCoVz4hFCvBW59cdTBUBgNVHSMETTBL\r
-gBQd5lldG54KOKRipsGF8/PP1vGX6qEwpC4wLDEOMAwGA1UECwwFT1NBQUYxDTAL\r
-BgNVBAoMBE9OQVAxCzAJBgNVBAYTAlVTggEBMA4GA1UdDwEB/wQEAwIF4DAdBgNV\r
-HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBADEa\r
-0VuxoFIygeQTqlizpHNwfApPmlAVSKDTWuEu4rhJs8GT61EuWZQPygXEUHCYmGvJ\r
-GMwEGGIDGiQqxMqlqng46gksNJbi1ktXr6Du18qW7gziUd84ve8KcecjZru1Sk1e\r
-UJ/6WEQVE17CHKcnzQZsMDakgP+61VgKbk5NlkeF/Qh4L6/3jY7g+xoXqaId5RT9\r
-BetmH/cMsj33lxQTs0fcXTbAQd6BX5ug854OJ1mU4ngJnNBdmn9Ow1bB71ohf5Xv\r
-OEYX8+khjgjlmM0u1hBRL4qViv3y2Gzhpm1M8cETMDj4g0zIJytzIYMxO8XvDPCF\r
-YmVZHXJDLsCogSOmmh0=\r
------END CERTIFICATE-----
\ No newline at end of file
+++ /dev/null
------BEGIN ENCRYPTED PRIVATE KEY-----\r
-MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIvxjZPeQVkRACAggA\r
-MBQGCCqGSIb3DQMHBAhWqwQCjZFCrASCBMjWG5wsC1WFJISJ5odMHzYOWOKLpaDP\r
-7a/dxnBrV6gId/DTmzoqtiBCmQRqhnUuYok98DNUFGjR9JqztNNOf5eslzqCugsh\r
-zVwCvsJYKvxxJ4Q8tow3DKx28I6EmOvwudMsL9c30OxpEWdlWmyFimu5JDdDvWUH\r
-S0fWKebQETZ7lptiRX2IXhC3Ye6Wu/DowDYc5L4Z/Q8nwncMB3n2ntMX10pBrura\r
-15/R18AvG5cDwcasTXz5WKIB/K2onvJfW0so2M8jApu2DF4MpEIN9Z973uTNFXcL\r
-dgHKWtIl2WO38coedaXUILgsxLSSU27TG4F+7QMGjiKXUSWjN9+TD+8zWye/9OIW\r
-qfVtoh+n7lWtzC3Axo1OmPInCkFb+I7QaDsJgsUn+ZWap7FVJFrYiz20UTzYYgAK\r
-OukCgKiJTHOhTT1k0km34ROPmqOk6mH7IkioUSTmoP362RpIVTbKv2e5GKzhYfkk\r
-27W3RRG/qoZLUTU2AaAyoGZlzXDkBFw2g4vxnhcfHeXX6jyJyQWOOOeRJ5B6uc+Y\r
-4XmKKJvq5pFlxUDmVCZLRzjwpvYPTQwTQQ9t7kEZFI8B7TMkDqv62YlXyoWNDwPq\r
-yLvDwPDicx33AZor8N/eDgIOE+TXQ0vEyphf0c9OcgneeJmEtn7IskEahv32ruMQ\r
-uFAAuIUmQfXPNMXu3MYIUItvZDm3RUk3YJDj9c8YtvxDlzLytHu5QYJ3v7rvo+mG\r
-XKwmnZouaNRLw5Y7Mff07BuTPuttyNadacuJtUjvv8qVOIeuxQ7nku6yqKKLTeJr\r
-8E4/tYyZ15FIo3hWi16h3zyZ9LiHhhe7d2XYSVMuzuD4jkIdHbdgiKsCJn9mI5PF\r
-VpDF34w1Fjwv7Gu32MRMpJijAW10ENaP1O2izr9l8jwo+CLgi5qa6a2YTYAZooqt\r
-UjTLfEIQKbwFbq5L9Eb1uRw1lRR9SxcxdNQdY+mtx0x2BSmXVUEcyi6OG/8Lzf/1\r
-9VoE5UPfhSE7ogfbL8eraFlQmKL8f3h3Jx/XDvvKC8YXxgooEhV0BsofXmLdF0BK\r
-bhXR1/JptLz8CJjtlBWQkmqj+ONOHFA9/4YHMNn5T1PBLNzQCZSjQXrDKxowLDsI\r
-ozUyZ080c2LrJCf6zj6+fB3LDvHYfJ6LnYASCHJlNS0NVmRPiYB/dmoqF/iyAEjp\r
-cKUUrbhs6U95aPMo0pPSCuhLKiibCo3Vz/9dvGb7pr6aj/ehOjrtKtGlYukBqNkS\r
-RQK2kkL8IO+iPWs3aCnEhfeS+wNBMAtI/TEw6As2zseyb3/SylHjek4s1gs9MPdw\r
-c3o2ArwMzmP0sfFIjYz+AyQm+5i/LSnkNjG0OU9ekGXy7Z4HAcko2Dv8/SmOVapP\r
-cf8c55RUDlYJh9Ltn0W5fuNA6dykV7f9s8BIrZcnzTN+lifNhNlEYYcmyZwlCcX4\r
-NBLoH+ENW+Q7+nuhGcf52j/XgTaPZ0Eec8ZJdK7FzVDN4DWKM4KHD7DgpkOR7TZl\r
-IKGNtdvb3SaGG83YlJhRkkr0C2KvB0Mz2dkAhOKX3NkBr5fY62IvuMdqD7VDjGAw\r
-h/GBn0k5+gpVP0Uh6yWEla3CjM9GnUuMVcwIUAYSeW2rFu4iapK0gBwguR91cM1N\r
-MA8=\r
------END ENCRYPTED PRIVATE KEY-----\r
+++ /dev/null
------BEGIN CERTIFICATE-----\r
-MIIEVDCCAjygAwIBAgIBATANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB\r
-RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMwHhcNMTgwNDA1MTQxNTQwWhcN\r
-MTgwNjA0MTQxNTQwWjBHMQswCQYDVQQGEwJVUzENMAsGA1UECgwET05BUDEOMAwG\r
-A1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVkaWF0ZUNBXzEwggEiMA0GCSqG\r
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCY3YPA/YQdz4kaZQzdRzWNjmn33WYAWZ8+\r
-EIz3PhkEzk7M1q9N7Icx2LvozMj4VH0yGz/HYlliHhw26ZRsjYMSR8zATsXl4oW9\r
-w9BrjuyvM3w8Ptxe8WbUFF9LJDGyXPeVvcXVo0iyh3QYPWC/AWmomN19MvBFN5vH\r
-AvEG/7qtonViNfISW9Gr9LpXB0foCmUDBu/lV+SwRGajoCPqdZhZ6/L6/yqDvha2\r
-wsML/UZXlGhXAedt/xOKmT/dSXx/I0vWBVp6Tq4zu87yCvd+I6Tpa5HjttA2I5EV\r
-zdHX+JYBPBBcVCyO9YQOYjJuoVDE4D5etY6dEipKG/KZF/rqAoqZAgMBAAGjZjBk\r
-MB0GA1UdDgQWBBQd5lldG54KOKRipsGF8/PP1vGX6jAfBgNVHSMEGDAWgBRTVTPy\r
-S+vQUbHBeJrBKDF77+rtSTASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQE\r
-AwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAmgeiitBDi/YEqFh2Cqp0VIEqw8hiuV87\r
-rADQWMK4hv5WXl3KJTjFAnWsYFUKrm6s1jNH16FyGExUQgwggob0Vt+MHiUs36jU\r
-kyret/uE5qrjz+/J+i2XG6s1oKcDRVD/jU4qBygZWFBMuwl7sz8IEvaYXGM43s96\r
-Du3UF9E+V3aMppqkGWz6MnrTmANnWAlDAMeifcoexjrpxiKbp8f49HX1UzwFoeEg\r
-RnVwNqgDWT66yGV6mbNl6FpE/U81RpCRY1ZJDeVTxbqIaG/UPV4hpQ+BEVBDF+cb\r
-rGsvsNYYpWx5srIQ7WtGKIlaDFbfWPwnHDHegzr8ypAS3KNWULE+QXCbHWtB+b0Y\r
-WhP/2F6Jjb+ByvJqQoE+nHEYBeUOZUUZC4IuQFNJ5Wy5P0CNXdheiWhdrBmG02Gy\r
-KMi0FJx6BEoWM2xcdl6bn5j9mhF4TX7zgepNWlgTra4Z8Oz8iqbQk33/s2OKM4ic\r
-6ZezUYhNp+MuUt4Se+ufNcGV65jnUKeROtWzNLwP+xwglEFlG8aNiAORthd7QJuT\r
-Ey2cX7H7f38ENQ5YCriUk1nVLO9F66l/rNRzYZgQzRI3IvDW8vyM2TLW2mcZNsaf\r
-qjFMcCDweV2FRb8eTbmWzzB2/xTVpGzVJqzwgE+U7UtJx5CZS3wPkvXuEgvcg1tY\r
-m1r4NGYFvLM=\r
------END CERTIFICATE-----
\ No newline at end of file
#
# is_aaf_enabled. (boolean value)
-is_aaf_enabled = {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+is_aaf_enabled = false
# aaf_cache_expiry_hrs. (integer value)
aaf_cache_expiry_hrs = 3
# aaf_url. (string value)
-aaf_url = http{{ if (include "common.needTLS" .) }}s{{ end }}://{{.Values.config.aaf.serviceName}}:{{.Values.config.aaf.port}}/authz/perms/user/
+aaf_url =
# aaf_cert_file. (string value)
#aaf_cert_file = <None>
# aaf_ca_bundle_file. (string value)
#aaf_ca_bundle_file =
-aaf_ca_bundle_file = {{ if (include "common.needTLS" .) }}/usr/local/bin/AAF_RootCA.cer{{ end }}
+aaf_ca_bundle_file =
# aaf_retries. (integer value)
#aaf_retries = 3
#
# is_enabled. (boolean value)
-is_enabled = {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+is_enabled = false
# Base URL for SMS, up to and not including the version, and without a trailing
# slash. (string value)
-aaf_sms_url = http{{ if (include "common.needTLS" .) }}s{{ end }}://{{.Values.config.sms.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.sms.port}}
+aaf_sms_url =
# Timeout for SMS API Call (integer value)
# Base URL for A&AI, up to and not including the version, and without a
# trailing slash. (string value)
-#server_url = https://{{.Values.config.aai.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.aai.port}}/aai
-server_url = http{{ if (include "common.needTLS" .) }}s{{ end }}://{{.Values.config.aai.serviceName}}.{{ include "common.namespace" . }}:{{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.aai.port .Values.config.aai.plainPort }}/aai
+server_url = http://{{.Values.config.aai.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.aai.port}}/aai
# Timeout for A&AI Rest Call (string value)
#aai_rest_timeout = 30
# Certificate Authority Bundle file in pem format. Must contain the appropriate
# trust chain for the Certificate file. (string value)
#certificate_authority_bundle_file = certificate_authority_bundle.pem
-certificate_authority_bundle_file = {{ if (include "common.needTLS" .) }}/usr/local/bin/AAF_RootCA.cer{{ end }}
+certificate_authority_bundle_file =
# Username for AAI. (string value)
username = OOF
password =
-[music_api]
-
-#
-# From conductor
-#
-
-# Base URL for Music REST API without a trailing slash. (string value)
-#server_url = http://oof-has-music:8080/MUSIC/rest/v2
-server_url = https://{{.Values.config.music.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.music.port}}/MUSIC/rest/v2
-version = v2
-
-# DEPRECATED: List of hostnames (round-robin access) (list value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Use server_url instead
-#hostnames = <None>
-
-# DEPRECATED: Port (integer value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Use server_url instead
-#port = <None>
-
-# DEPRECATED: Path (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Use server_url instead
-#path = <None>
-
-# Socket connection timeout (floating point value)
-#connect_timeout = 3.05
-
-# Socket read timeout (floating point value)
-#read_timeout = 12.05
-
-# Lock timeout (integer value)
-#lock_timeout = 10
-
-# Replication factor (integer value)
-#replication_factor = 1
-replication_factor = 1
-
-# Use mock API (boolean value)
-#mock = false
-
-# (string value)
-#music_topology = SimpleStrategy
-
-# Name of the first data center (string value)
-#first_datacenter_name = <None>
-
-# Number of replicas in first data center (integer value)
-#first_datacenter_replicas = <None>
-
-# Name of the second data center (string value)
-#second_datacenter_name = <None>
-
-# Number of replicas in second data center (integer value)
-#second_datacenter_replicas = <None>
-
-# Name of the third data center (string value)
-#third_datacenter_name = <None>
-
-# Number of replicas in third data center (integer value)
-#third_datacenter_replicas = <None>
-
-# new or old version (boolean value)
-#music_new_version = <None>
-music_new_version = True
-
-# for version (string value)
-#music_version = <None>
-music_version = "3.2.40"
-
-# username value that used for creating basic authorization header (string
-# value)
-#aafuser = <None>
-aafuser = conductor
-
-# password value that used for creating basic authorization header (string
-# value)
-#aafpass = <None>
-aafpass = c0nduct0r
-
-# AAF namespace field used in MUSIC request header (string value)
-#aafns = <None>
-aafns = conductor
-
-# Enabling HTTPs mode (boolean value)
-enable_https_mode = True
-
-# Certificate Authority Bundle file in pem format. Must contain the appropriate
-# trust chain for the Certificate file. (string value)
-certificate_authority_bundle_file = /usr/local/bin/AAF_RootCA.cer
-
-
[prometheus]
#
# Base URL for SDC, up to and not including the version, and without a
# trailing slash. (string value)
#server_url = https://controller:8443/sdc
-#server_url = https://{{.Values.config.sdc.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.sdc.port}}/sdc
-server_url = http{{ if (include "common.needTLS" .) }}s{{ end }}://{{.Values.config.sdc.serviceName}}.{{ include "common.namespace" . }}:{{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.sdc.port .Values.config.sdc.plainPort }}/sdc
+server_url = http://{{.Values.config.sdc.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.sdc.port}}/sdc
# Timeout for SDC Rest Call (string value)
#sdc_rest_timeout = 30
# Certificate Authority Bundle file in pem format. Must contain the appropriate
# trust chain for the Certificate file. (string value)
#certificate_authority_bundle_file = certificate_authority_bundle.pem
-certificate_authority_bundle_file = {{ if (include "common.needTLS" .) }}/usr/local/bin/AAF_RootCA.cer{{ end }}
+certificate_authority_bundle_file =
# Username for SDC. (string value)
#username =
# Certificate Authority Bundle file in pem format. Must contain the appropriate
# trust chain for the Certificate file. (string value)
#certificate_authority_bundle_file = certificate_authority_bundle.pem
-certificate_authority_bundle_file = {{ if (include "common.needTLS" .) }}/usr/local/bin/AAF_RootCA.cer{{ end }}
+certificate_authority_bundle_file =
# Username for CPS. (string value)
#username =
# Base URL for DCAE, up to and not including the version, and without a
# trailing slash. (string value)
-server_url = http://{{.Values.config.dcae.service}}.{{ include "common.namespace" . }}:{{.Values.config.dcae.port}}
+server_url = http://{{.Values.config.dcae.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.dcae.port}}
# Timeout for DCAE Rest Call (string value)
#dcae_rest_timeout = 30
# Certificate Authority Bundle file in pem format. Must contain the appropriate
# trust chain for the Certificate file. (string value)
#certificate_authority_bundle_file = certificate_authority_bundle.pem
-certificate_authority_bundle_file = {{ if (include "common.needTLS" .) }}/usr/local/bin/AAF_RootCA.cer{{ end }}
+certificate_authority_bundle_file =
# Username for DCAE. (string value)
#username =
server {
-{{ if (include "common.needTLS" .) }}
- listen 8091 ssl;
- server_name oof;
- ssl_certificate /opt/bitnami/nginx/org.onap.oof.crt;
- ssl_certificate_key /opt/bitnami/nginx/ssl/local/org.onap.oof.key;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
- ssl_ciphers HIGH:!aNULL:!MD5;
-{{ else }}
listen 8091;
server_name oof;
-{{ end }}
location / {
include /opt/bitnami/nginx/conf/uwsgi_params;
# Secrets metaconfig
#################################################################
secrets:
- - uid: oof-onap-certs
- name: &oof-certs '{{ include "common.release" . }}-oof-onap-certs'
- externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
- type: generic
- filePaths: '{{ .Values.secretsFilePaths }}'
- uid: oof-has-etcd-root-password
name: &root-password '{{ include "common.release" . }}-has-etcd-root-password'
type: password
dataRootDir: /dockerdata-nfs
config:
dbBackend: etcd
- aaf:
- serviceName: aaf-service
- port: 8100
aai:
serviceName: aai
- port: 8443
- plainPort: 80
+ port: 80
msb:
serviceName: msb-iag
port: 80
- music:
- serviceName: music
- port: 8443
- sms:
- serviceName: aaf-sms
- port: 10443
sdc:
serviceName: sdc-be
- port: 8443
- plainPort: 8080
+ port: 8080
cps:
- service: cps-tbdmt
+ serviceName: cps-tbdmt
port: 8080
dcae:
- service: dcae-slice-analysis-ms
+ serviceName: dcae-slice-analysis-ms
port: 8080
etcd:
serviceName: &etcd-service oof-has-etcd
#component overrides
oof-has-api: &has-config
enabled: true
- certSecret: *oof-certs
config:
etcd:
userCredentialsExternalSecret: *user-creds
oof-has-data: *has-config
oof-has-reservation: *has-config
oof-has-solver: *has-config
-music:
- enabled: false
#etcd subchart configurations
etcd:
+++ /dev/null
-{{- define "oof.certificate.volume" -}}
-- name: {{ include "common.fullname" . }}-onap-certs
- secret:
- secretName: {{ include "common.secret.getSecretNameFast" (dict "global" . "uid" "oof-onap-certs") }}
- items:
- - key: aaf_root_ca.cer
- path: aaf_root_ca.cer
- - key: intermediate_root_ca.pem
- path: intermediate_root_ca.pem
-{{- end -}}
-
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV
-BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx
-NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK
-DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
-ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7
-XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn
-H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM
-pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7
-NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg
-2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY
-wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd
-ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM
-P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6
-aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY
-PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G
-A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ
-UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN
-BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz
-L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9
-7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx
-c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf
-jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2
-RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h
-PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF
-CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+
-Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A
-cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR
-ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX
-dYY=
------END CERTIFICATE-----
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIIEdTCCAl2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB
-RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMwHhcNMTgwODE3MTg1MTM3WhcN
-MjMwODE3MTg1MTM3WjBHMQswCQYDVQQGEwJVUzENMAsGA1UECgwET05BUDEOMAwG
-A1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVkaWF0ZUNBXzkwggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv0HHUkba3uNtNI3jPKimUcd6RNwmhSCJL
-neMWpnjqp5/A+HCKyNsEaT4y177hNLmCm/aMm1u2JIfikc+8wEqLCSBBPz+P0h+d
-o+sZ7U+4oeQizdYYpEdzHJ2SieHHa8vtu80rU3nO2NEIkuYC20HcKSEtl8fFKsk3
-nqlhY+tGfYJPTXcDOQAO40BTcgat3C3uIJHkWJJ4RivunE4LEuRv9QyKgAw7rkJV
-v+f7guqpZlXy6dzAkuU7XULWcgo55MkZlssoiErMvEZJad5aWKvRY3g7qUjaQ6wO
-15wOAUoRBW96eeZZbytgn8kybcBy++Ue49gPtgm1MF/KlAsp0MD5AgMBAAGjgYYw
-gYMwHQYDVR0OBBYEFIH3mVsQuciM3vNSXupOaaBDPqzdMB8GA1UdIwQYMBaAFFNV
-M/JL69BRscF4msEoMXvv6u1JMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/
-BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B
-AQsFAAOCAgEADxNymiCNr2e37iLReoaxKmZvwox0cTiNAaj7iafRzmwIoY3VXO8Q
-ix5IYcp4FaQ7fV1jyp/AmaSnyHf6Osl0sx8PxsQkO7ALttxKUrjfbvNSVUA2C/vl
-u5m7UVJLIUtFDZBWanzUSmkTsYLHpiANFQKd2c/cU1qXcyzgJVFEFVyyHNkF7Is+
-+pjG9M1hwQHOoTnEuU013P7X1mHek+RXEfhJWwe7UsZnBKZaZKbQZu7hEtqKWYp/
-QsHgnjoLYXsh0WD5rz/mBxdTdDLGpFqWDzDqb8rsYnqBzoowvsasV8X8OSkov0Ht
-8Yka0ckFH9yf8j1Cwmbl6ttuonOhky3N/gwLEozuhy7TPcZGVyzevF70kXy7g1CX
-kpFGJyEHXoprlNi8FR4I+NFzbDe6a2cFow1JN19AJ9Z5Rk5m7M0mQPaQ4RcikjB3
-aoLsASCJTm1OpOFHfxEKiBW4Lsp3Uc5/Rb9ZNbfLrwqWZRM7buW1e3ekLqntgbky
-uKKISHqVJuw/vXHl1jNibEo9+JuQ88VNuAcm7WpGUogeCa2iAlPTckPZei+MwZ8w
-tpvxTyYlZEC8DWzY1VC29+W2N5cvh01e2E3Ql08W1zL63dqrgdEZ3VWjzooYi4ep
-BmMXTvouW+Flyvcw/0oTcfN0biDIt0mCkZ5CQVjfGL9DTOYteR5hw+k=
------END CERTIFICATE-----
-
internal: 8699 # inside the Docker container, the app listens to this port
external: 8698 # clients use this port on DockerHost
osdf_ip_default: 0.0.0.0
-# # Important Note: At deployment time, we need to ensure the port mapping is done
- ssl_context: {{ if (include "common.needTLS" .) }}['/opt/osdf/org.onap.oof.crt', '/opt/osdf/osaaf/local/org.onap.oof.key']{{ end }}
osdf_temp: # special configuration required for "workarounds" or testing
local_policies:
placementDefaultPatchVersion: {{ .Values.config.placementDefaultPatchVersion }}
# Credentials for Conductor
-conductorUrl: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.conductorUrl.https .Values.config.conductorUrl.http }}
+conductorUrl: {{ .Values.config.conductorUrl.http }}
conductorPingWaitTime: {{ .Values.config.conductorPingWaitTime }}
conductorMaxRetries: {{ .Values.config.conductorMaxRetries }}
# versions to be set in HTTP header
conductorMinorVersion: {{ .Values.config.conductorMinorVersion }}
# Policy Platform -- requires ClientAuth, Authorization, and Environment
-policyPlatformUrl: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.policyPlatformUrl.https .Values.config.policyPlatformUrl.http }}
+policyPlatformUrl: {{ .Values.config.policyPlatformUrl.http }}
policyPlatformEnv: {{ .Values.config.policyPlatformEnv }}
# Credentials for DMaaP
sdcUrl: {{ .Values.config.sdcUrl }}
sdcONAPInstanceID: {{ .Values.config.sdcONAPInstanceID }}
-is_aaf_enabled: {{ .Values.config.is_aaf_enabled }}
-aaf_cache_expiry_mins: {{ .Values.config.aaf_cache_expiry_mins }}
-aaf_url: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.aaf_url.https .Values.config.aaf_url.http }}
+is_aaf_enabled: False
+aaf_cache_expiry_mins: 5
+aaf_url:
aaf_user_roles:
- {{- range .Values.config.aaf_user_roles }}
- - {{ . }}
- {{- end }}
# Secret Management Service from AAF
-aaf_sms_url: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.aaf_sms_url.https .Values.config.aaf_sms_url.http }}.{{ include "common.namespace" . }}:{{ .Values.config.aaf_sms_port }}
-aaf_sms_timeout: {{ .Values.config.aaf_sms_timeout }}
-secret_domain: {{ .Values.config.secret_domain }}
-aaf_ca_certs: {{ .Values.config.aaf_ca_certs }}
+aaf_sms_url:
+aaf_sms_timeout: 30
+secret_domain: ''
+aaf_ca_certs: ''
configClientType: {{ .Values.config.configClientType }}
cpsNbrListUrl: {{ .Values.config.cps.nbrListUrl }}
# AAI api
-aaiUrl: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.aaiUrl.https .Values.config.aaiUrl.http }}
+aaiUrl: {{ .Values.config.aaiUrl.http }}
aaiGetLinksUrl: {{ .Values.config.aaiGetLinksUrl }}
aaiServiceInstanceUrl : {{ .Values.config.aaiServiceInstanceUrl }}
aaiGetControllersUrl: {{ .Values.config.aaiGetControllersUrl }}
dslQueryPath: /aai/v23/dsl?format=
#DES api
-desUrl: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.desUrl.https .Values.config.desUrl.http }}
+desUrl: {{ .Values.config.desUrl.http }}
desApiPath: {{ .Values.config.desApiPath }}
desHeaders:
Accept: application/json
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- - command:
- - /app/ready.py
- args:
- - --container-name
- - policy-xacml-pdp
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- {{- if (include "common.needTLS" .) }}
- - command:
- - sh
- - -c
- - resp="FAILURE";
- until [ $resp = "200" ]; do
- resp=$(curl -s -o /dev/null -k --write-out %{http_code} http{{ if (include "common.needTLS" .) }}s{{ end }}://aaf-sms.{{ include "common.namespace" . }}:10443/v1/sms/domain/osdf/secret);
- echo $resp;
- sleep 2;
- done
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.curl" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-osdf-sms-readiness
- {{- end }}
-{{ include "common.certInitializer.initContainer" . | indent 6 }}
+ {{ include "common.readinessCheck.waitFor" . | nindent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
args:
- "-c"
- |
- {{- if (include "common.needTLS" .) }}
- grep -v '^$' /opt/osdf/osaaf/local/org.onap.oof.crt > /tmp/oof.crt
- cat /tmp/oof.crt /opt/app/ssl_cert/intermediate_root_ca.pem /opt/app/ssl_cert/aaf_root_ca.cer >> /opt/osdf/org.onap.oof.crt
- {{ end }}
python osdfapp.py
ports:
- containerPort: {{ .Values.service.internalPort }}
+ name: http
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{- if .Values.liveness.enabled }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
volumeMounts:
-{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
- mountPath: /opt/osdf/config/osdf_config.yaml
name: {{ include "common.fullname" . }}-config
subPath: osdf_config.yaml
- {{- if (include "common.needTLS" .) }}
- - mountPath: /opt/app/ssl_cert/aaf_root_ca.cer
- name: {{ include "common.fullname" . }}-onap-certs
- subPath: aaf_root_ca.cer
- - mountPath: /opt/app/ssl_cert/intermediate_root_ca.pem
- name: {{ include "common.fullname" . }}-onap-certs
- subPath: intermediate_root_ca.pem
- {{- end }}
- mountPath: /opt/osdf/config/common_config.yaml
name: {{ include "common.fullname" . }}-config
subPath: common_config.yaml
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
path: log.yml
- key: slicing_config.yaml
path: slicing_config.yaml
-{{ include "oof.certificate.volume" . | indent 8 }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T,VMware
+# Modifications Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
{{ include "common.ingress" . }}
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.name }}{{ if (include "common.needTLS" .) }}s{{ end }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.name }}{{ if (include "common.needTLS" .) }}s{{ end }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }}
\ No newline at end of file
nodePortPrefix: 302
persistence: {}
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: oof-onap-certs
- name: &oof-certs '{{ include "common.release" . }}-oof-onap-certs'
- externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
- type: generic
- filePaths:
- - resources/config/certs/intermediate_root_ca.pem
- - resources/config/certs/aaf_root_ca.cer
-
#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/optf-osdf:3.0.7
+image: onap/optf-osdf:3.0.8
pullPolicy: Always
# flag to enable debugging - application support required
# Url and credentials for Conductor.
conductorUrl:
- https: https://oof-has-api:8091/v1/plans/
http: http://oof-has-api:8091/v1/plans/
conductorPingWaitTime: 10
conductorMaxRetries: 30
conductorMinorVersion: 0
# Url and credentials for the Policy Platform
policyPlatformUrl:
- https: https://policy-xacml-pdp:6969/policy/pdpx/v1/decision # Policy Dev platform URL
http: http://policy-xacml-pdp:8080/policy/pdpx/v1/decision
policyPlatformEnv: TEST # Environment for policy platform
# Credentials for the message reader - A placeholder.
# Credentials for the SDC interface - A placeholder.
sdcUrl: NA
sdcONAPInstanceID: NA
- #AAF Authentication
- is_aaf_enabled: False
- aaf_cache_expiry_mins: 5
- aaf_url:
- https: https://aaf-service:8100
- http: http://aaf-service:8080
- aaf_user_roles:
- - '/placement:org.onap.oof.access|*|read ALL'
- - '/pci:org.onap.oof.access|*|read ALL'
- # Secret Management Service from AAF
- aaf_sms_url:
- https: https://aaf-sms
- http: http://aaf-sms
- aaf_sms_port: 10443
- aaf_sms_timeout: 30
- secret_domain: osdf
- aaf_ca_certs: /opt/app/ssl_cert/aaf_root_ca.cer
+
configClientType: cps
+
# config db api
configDbUrl: http://configdb:8080
configDbGetCellListUrl: 'api/sdnc-config-db/v3/getCellList'
configDbGetNbrListUrl: 'api/sdnc-config-db/v3/getNbrList'
+
# cps api
cps:
url: cps-tbdmt:8080/execute
#aai api
aaiUrl:
- https: https://aai:8443
- http: http://aai:8080
+ http: http://aai:80
aaiGetLinksUrl: /aai/v16/network/logical-links
aaiServiceInstanceUrl : /aai/v20/nodes/service-instances/service-instance/
aaiGetControllersUrl: /aai/v19/external-system/esr-thirdparty-sdnc-list
aaiGetInterDomainLinksUrl: /aai/v19/network/logical-links?link-type=inter-domain&operational-status=up
#des api
desUrl:
- https: https://des.url:9000
http: http://des.url:8080
desApiPath: /datalake/v1/exposure/
desUsername: ''
fqi: "oof@oof.onap.org"
fqi_namespace: org.onap.oof
public_fqdn: "oof.onap.org"
- aafDeployFqi: "deployer@people.osaaf.org"
- aafDeployPass: demo123456!
cadi_latitude: "0.0"
cadi_longitude: "0.0"
credsPath: /opt/app/osaaf/local
appMountPath: /opt/osdf/osaaf
- aaf_add_config: >
- chmod 444 {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key;
# Segregation for Different environment (Small and Large)
resources:
service:
type: NodePort
name: oof-osdf
- externalPort: 8698
internalPort: 8699
- nodePort: 48
+ ports:
+ - name: http
+ port: 8698
+ nodePort: '48'
ingress:
enabled: false
service:
oof-has:
enabled: true
- certSecret: *oof-certs
+
+readinessCheck:
+ wait_for:
+ - policy-xacml-pdp
#Pods Service Account
serviceAccount:
Code Review / oom.git / commitdiff