Ingress, Services, ...) or part of Kubernetes resources (names, labels,
resources requests and limits, ...).
+a full list and simple description is done in
+`kubernetes/common/common/documentation.rst`.
+
Service template
----------------
-Subproject commit ac0ea8aa12226ac95683838e92d22928eb221630
+Subproject commit 4f4d14ab45a2225953961136220041189d566015
service:
http:
- type: NodePort
+ type: ClusterIP
portName: blueprints-processor-http
internalPort: 8080
externalPort: 8080
- nodePort: 99
grpc:
type: ClusterIP
portName: blueprints-processor-grpc
listenerservice:
config:
- asdcAddress: sdc-be:8443 #SDC-BE
- messageBusAddress: message-router #Message-Router
- user: vid #SDC-username
+ asdcAddress: sdc-be.{{include "common.namespace" .}}:8443 #SDC-BE
+ messageBusAddress: message-router.{{include "common.namespace" .}} #Message-Router
+ user: cds #SDC-username
password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U #SDC-password
pollingInterval: 15
pollingTimeout: 60
--- /dev/null
+.. This work is licensed under a Creative Commons Attribution 4.0 International
+.. License.
+.. http://creativecommons.org/licenses/by/4.0
+.. Copyright 2020 Orange. All rights reserved.
+
+.. _developer-guide-label:
+
+
+Current given templating functions
+==================================
+
+
+In order to have a consistent deployments of ONAP components, several templating
+functions are proposed in `kubernets/common/common/templates` folder.
+This file list them and gives examples for the most used.
+All these templating functions have a description in their own file, here we
+only give an overview.
+
+* conditional functions
+
+ +----------------------------------------------------+-----------------------+
+ | Function | File |
+ +----------------------------------------------------+-----------------------+
+ | `common.needPV` | `_storage.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.onServiceMesh` | `_serviceMesh.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.common.needTLS` | `_service.tpl` |
+ +----------------------------------------------------+-----------------------+
+
+* template generation functions
+
+ +----------------------------------------------------+-----------------------+
+ | Function | File |
+ +----------------------------------------------------+-----------------------+
+ | `common.masterPassword` | `_createPassword.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.createPassword` | `_createPassword.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.secret.genName` | `_secret.yaml` |
+ +----------------------------------------------------+-----------------------+
+ | `common.secret.getSecretName` | `_secret.yaml` |
+ +----------------------------------------------------+-----------------------+
+ | `common.secret.envFromSecret` | `_secret.yaml` |
+ +----------------------------------------------------+-----------------------+
+ | `common.secret` | `_secret.yaml` |
+ +----------------------------------------------------+-----------------------+
+ | `ingress.config.port` | `_ingress.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `ingress.config.annotations.ssl` | `_ingress.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `ingress.config.annotations` | `_ingress.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.ingress` | `_ingress.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.labels` | `_labels.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.matchLabels` | `_labels.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.resourceMetadata` | `_labels.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.templateMetadata` | `_labels.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.selectors` | `_labels.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.name` | `_name.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.fullname` | `_name.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.fullnameExplicit` | `_name.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.release` | `_name.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.chart` | `_name.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.namespace` | `_namespace.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.repository` | `_repository.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.repository.secret` | `_repository.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.flavor` | `_resources.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.resources` | `_resources.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.storageClass` | `_storage.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.replicaPV` | `_storage.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.servicename` | `_service.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.serviceMetadata` | `_service.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.servicePorts` | `_service.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.genericService` | `_service.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.service` | `_service.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.headlessService` | `_service.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.mariadb.secret.rootPassUID` | `_mariadb.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.mariadb.secret.rootPassSecretName` | `_mariadb.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.mariadb.secret.userCredentialsUID` | `_mariadb.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.mariadb.secret.userCredentialsSecretName` | `_mariadb.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.mariadbService` | `_mariadb.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.mariadbPort` | `_mariadb.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.mariadbSecret` | `_mariadb.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.mariadbSecretParam` | `_mariadb.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.postgres.secret.rootPassUID` | `_postgres.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.postgres.secret.rootPassSecretName` | `_postgres.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.postgres.secret.userCredentialsUID` | `_postgres.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.postgres.secret.userCredentialsSecretName` | `_postgres.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.postgres.secret.primaryPasswordUID` | `_postgres.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.postgres.secret.primaryPasswordSecretName` | `_postgres.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.tplValue` | `_tplValue.tpl` |
+ +----------------------------------------------------+-----------------------+
+
+
+Passwords
+---------
+
+These functions are defined in
+`kubernetes/common/common/templates/_createPassword.tpl`.
+
+* `common.masterPassword`: Resolve the master password to be used to derive
+ other passwords.
+* `common.createPassword`: Generate a new password based on masterPassword.
+
+Secrets
+-------
+
+These functions are defined in
+`kubernetes/common/common/templates/_secret.yaml`.
+
+* `common.secret.genName`: Generate a secret name based on provided name or UID.
+* `common.secret.getSecretName`: Get the real secret name by UID or name, based
+ on the configuration provided by user.
+* `common.secret.envFromSecret`: Convenience template which can be used to
+ easily set the value of environment variable to the value of a key in a
+ secret.
+* `common.secret`: Define secrets to be used by chart.
+
+The most widely use templates is the last (`common.secret`).
+It should be the only (except license part) line of your secret file:
+
+.. code-block:: yaml
+
+ {{ include "common.secret" . }}
+
+In order to have the right values set, you need to create the right
+configuration in `values.yaml` (example taken from mariadb configuration):
+
+.. code-block:: yaml
+
+ secrets:
+ - uid: 'db-root-password'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}'
+ password: '{{ .Values.config.dbRootPassword }}'
+ - uid: 'db-user-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.db.userName }}'
+ password: '{{ .Values.config.dbSdnctlPassword }}'
+
+Ingress
+-------
+
+These functions are defined in
+`kubernetes/common/common/templates/_ingress.tpl`.
+
+* `ingress.config.port`: generate the port path on an Ingress resource.
+* `ingress.config.annotations.ssl`: generate the ssl annotations of an Ingress
+ resource.
+* `ingress.config.annotations`: generate the annotations of an Ingress resource.
+* `common.ingress`: generate an Ingress resource (if needed).
+
+The most widely use templates is the last (`common.ingress`) .
+
+It should be the only (except license part) line of your ingress file:
+
+.. code-block:: yaml
+
+ {{ include "common.ingress" . }}
+
+In order to have the right values set, you need to create the right
+configuration in `values.yaml` (example taken from clamp configuration):
+
+.. code-block:: yaml
+
+ ingress:
+ enabled: false
+ service:
+ - baseaddr: "clamp"
+ name: "clamp"
+ port: 443
+ config:
+ ssl: "redirect"
+
+Labels
+------
+
+These functions are defined in `kubernetes/common/common/templates/_labels.tpl`.
+
+The goal of these functions is to always create the right labels for all the
+resource in a consistent way.
+
+* `common.labels`: generate the common labels for a resource
+* `common.matchLabels`: generate the labels to match (to be used in conjunction
+ with `common.labels` or `common.resourceMetadata`)
+* `common.resourceMetadata`: generate the "top" metadatas for a resource
+ (Deployment, StatefulSet, Service, ConfigMap, ...)
+* `common.templateMetadata`: generate the metadata put in the template part
+ (for example `spec.template.metadata` for a Deployment)
+* `common.selectors`: generate the right selectors for Service / Deployment /
+ StatefulSet, ... (to be used in conjunction with `common.labels` or
+ `common.resourceMetadata`)
+
+
+Here's an example of use of these functions in a Deployment template (example
+taken on nbi):
+
+.. code-block:: yaml
+
+ apiVersion: apps/v1
+ kind: Deployment
+ metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+ spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ ...
+
+Name
+----
+
+These functions are defined in `kubernetes/common/common/templates/_name.tpl`.
+
+The goal of these functions is to always name the resource the same way.
+
+* `common.name`: Generate the name for a chart.
+* `common.fullname`: Create a default fully qualified application name.
+* `common.fullnameExplicit`: The same as common.full name but based on passed
+ dictionary instead of trying to figure out chart name on its own.
+* `common.release`: Retrieve the "original" release from the component release.
+* `common.chart`: Generate the chart name
+
+Here's an example of use of these functions in a Deployment template (example
+taken on mariadb-galera):
+
+.. code-block:: yaml
+
+ apiVersion: apps/v1beta1
+ kind: StatefulSet
+ ...
+ spec:
+ serviceName: {{ .Values.service.name }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ ...
+ spec:
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+ {{ toYaml .Values.nodeSelector | indent 8 }}
+ {{- end }}
+ volumes:
+ {{- if .Values.externalConfig }}
+ - name: config
+ configMap:
+ name: {{ include "common.fullname" . }}-external-config
+ {{- end}}
+ ...
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ ...
+
+Namespace
+---------
+
+These functions are defined in
+`kubernetes/common/common/templates/_namespace.tpl`.
+
+The goal of these functions is to always retrieve the namespace the same way.
+
+* `common.namespace`: Generate the namespace for a chart. Shouldn't be used
+ directly but use `common.resourceMetadata` (which uses it).
+
+
+Repository
+----------
+
+These functions are defined in
+`kubernetes/common/common/templates/_repository.tpl`.
+
+The goal of these functions is to generate image name the same way.
+
+* `common.repository`: Resolve the name of the common image repository.
+* `common.repository.secret`: Resolve the image repository secret token.
+
+
+Resources
+---------
+
+These functions are defined in
+`kubernetes/common/common/templates/_resources.tpl`.
+
+The goal of these functions is to generate resources for pods the same way.
+
+* `common.flavor`: Resolve the name of the common resource limit/request flavor.
+ Shouldn't be used alone.
+* `common.resources`: Resolve the resource limit/request flavor using the
+ desired flavor value.
+
+
+Storage
+-------
+
+These functions are defined in
+`kubernetes/common/common/templates/_storage.tpl`.
+
+The goal of these functions is to generate storage part of Deployment /
+Statefulset and storage resource (PV, PVC, ...) in a consistent way.
+
+* `common.storageClass`: Expand the name of the storage class.
+* `common.needPV`: Calculate if we need a PV. If a storageClass is provided,
+ then we don't need.
+* `common.replicaPV`: Generate N PV for a statefulset
+
+
+Pod
+---
+
+These functions are defined in `kubernetes/common/common/templates/_pod.tpl`.
+
+* `common.containerPorts`: generate the port list for containers. See Service
+ part to know how to declare the port list.
+
+Here's an example of use of these functions in a Deployment template (example
+taken on nbi):
+
+.. code-block:: yaml
+
+ apiVersion: apps/v1
+ kind: Deployment
+ ...
+ spec:
+ ...
+ template:
+ ...
+ spec:
+ containers:
+ - name: {{ include "common.name" . }}
+ ports: {{- include "common.containerPorts" . | nindent 8 }
+
+
+Service
+-------
+
+These functions are defined in
+`kubernetes/common/common/templates/_service.tpl`.
+
+The goal of these functions is to generate services in a consistent way.
+
+* `common.servicename`: Expand the service name for a chart.
+* `common.serviceMetadata`: Define the metadata of Service. Shouldn't be used
+ directly but used through `common.service` or `common.headlessService`.
+* `common.servicePorts`: Define the ports of Service. Shouldn't be used directly
+ but used through `common.service` or `common.headlessService`.
+* `common.genericService`: Template for creating any Service. Shouldn't be used
+ directly but used through `common.service` or `common.headlessService`. May be
+ used if you want to create a Service with some specificities (on the ports for
+ example).
+* `common.needTLS`: Calculate if we need to use TLS ports on services
+* `common.service`: Create service template.
+* `common.headlessService`: Create headless service template
+
+
+The most widely used templates are the two last (`common.service` and
+`common.headlessService`).
+It should use with only one (except license part) line of your service (or
+service-headless) file:
+
+.. code-block:: yaml
+
+ {{ include "common.service" . }}
+
+In order to have the right values set, you need to create the right
+configuration in `values.yaml` (example taken from nbi configuration + other
+part):
+
+.. code-block:: yaml
+
+ service:
+ type: NodePort
+ name: nbi
+ annotations:
+ my: super-annotation
+ ports:
+ - name: api
+ port: 8443
+ plain_port: 8080
+ port_protocol: http
+ nodePort: 74
+ - name: tcp-raw
+ port: 8459
+ nodePort: 89
+
+
+would generate:
+
+.. code-block:: yaml
+
+ apiVersion: v1
+ kind: Service
+ metadata:
+ annotations:
+ my: super-annotation
+ name: nbi
+ namespace: default
+ labels:
+ app.kubernetes.io/name: nbi
+ helm.sh/chart: nbi-5.0.0
+ app.kubernetes.io/instance: release
+ app.kubernetes.io/managed-by: Tiller
+ spec:
+ ports:
+ - port: 8443
+ targetPort: api
+ name: https-api
+ nodePort: 30274
+ - port: 8459
+ targetPort: tcp-raw
+ name: tcp-raw
+ nodePort: 30289
+ type: NodePort
+ selector:
+ app.kubernetes.io/name: nbi
+ app.kubernetes.io/instance: release
+
+
+`plain_port` is used only if we mandate to use http (see ServiceMesh part).
+Today a port can be http or https but not both.
+headless configuration is equivalent (example taken from cassandra):
+
+.. code-block:: yaml
+
+ service:
+ name: cassandra
+ headless:
+ suffix: ""
+ annotations:
+ service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
+ publishNotReadyAddresses: true
+ headlessPorts:
+ - name: tcp-intra
+ port: 7000
+ - name: tls
+ port: 7001
+ - name: tcp-jmx
+ port: 7199
+ - name: tcp-cql
+ port: 9042
+ - name: tcp-thrift
+ port: 9160
+ - name: tcp-agent
+ port: 61621
+
+
+ServiceMesh
+-----------
+
+These functions are defined in
+`kubernetes/common/common/templates/_serviceMesh.tpl`.
+
+The goal of these functions is to handle onboarding of ONAP on service mesh.
+
+* `common.onServiceMesh`: Calculate if we if we are on service mesh
+
+
+
+MariaDB
+-------
+
+These functions are defined in
+`kubernetes/common/common/templates/_mariadb.tpl`.
+
+The goal of these functions is to simplify use of mariadb and its different
+values.
+
+* `common.mariadb.secret.rootPassUID`: UID of mariadb root password
+* `common.mariadb.secret.rootPassSecretName`: Name of mariadb root password
+ secret
+* `common.mariadb.secret.userCredentialsUID`: UID of mariadb user credentials
+* `common.mariadb.secret.userCredentialsSecretName`: Name of mariadb user
+ credentials secret
+* `common.mariadbService`: Choose the name of the mariadb service to use
+* `common.mariadbPort`: Choose the value of mariadb port to use
+* `common.mariadbSecret`: Choose the value of secret to retrieve user value
+* `common.mariadbSecretParam`: Choose the value of secret param to retrieve user
+ value
+
+PostgreSQL
+----------
+
+These functions are defined in
+`kubernetes/common/common/templates/_postgres.tpl`.
+
+The goal of these functions is to simplify use of postgres and its different
+values.
+
+* `common.postgres.secret.rootPassUID`: UID of postgres root password
+* `common.postgres.secret.rootPassSecretName`: Name of postgres root password
+ secret
+* `common.postgres.secret.userCredentialsUID`: UID of postgres user credentials
+* `common.postgres.secret.userCredentialsSecretName`: Name of postgres user
+ credentials secret
+* `common.postgres.secret.primaryPasswordUID`: UID of postgres primary password
+* `common.postgres.secret.primaryPasswordSecretName`: Name of postgres primary
+ credentials secret
+
+
+Utilities
+---------
+
+These functions are defined in
+`kubernetes/common/common/templates/_tplValue.tpl`.
+
+The goal of these functions is provide utility function, usually used in other
+templating functions.
+
+* `common.tplValue`: Renders a value that contains template.
Will use first ".Values.service.ports" list.
Will append ports from ".Values.service.headlessPorts" only if port number is
not already in port list.
+ Will add tls port AND plain port if both_tls_and_plain is set to true
*/}}
{{- define "common.containerPorts" -}}
{{- $ports := default (list) .Values.service.ports }}
{{- $portsNumber := list }}
+{{- $both_tls_and_plain:= default false .Values.service.both_tls_and_plain }}
{{- range $index, $port := $ports }}
{{- $portsNumber = append $portsNumber $port.port }}
{{- end }}
{{- $ports = append $ports $port }}
{{- end }}
{{- end }}
+{{- $global := . }}
{{- range $index, $port := $ports }}
+{{- if (include "common.needTLS" $global) }}
- containerPort: {{ $port.port }}
+{{- else }}
+- containerPort: {{ default $port.port $port.plain_port }}
+{{- end }}
name: {{ $port.name }}
+{{- if (and $port.plain_port (and (include "common.needTLS" $global) $both_tls_and_plain)) }}
+- containerPort: {{ $port.plain_port }}
+ name: {{ $port.name }}-plain
+{{- end }}
{{- end }}
{{- end -}}
The template takes two arguments:
- .global: environment (.)
- .name: name of the secret
+ - .annotations: annotations which should be used
Example call:
{{ include "common.secret._header" (dict "global" . "name" "myFancyName") }}
chart: {{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}
release: {{ include "common.release" $global }}
heritage: {{ $global.Release.Service }}
+{{- if .annotations }}
+ annotations: {{- include "common.tplValue" (dict "value" .annotations "context" $global) | nindent 4 }}
+{{- end }}
type: Opaque
{{- end -}}
- name:
Overrides default secret name generation and allows to set immutable
and globaly unique name
+ - annotations:
+ List of annotations to be used while defining a secret
To allow sharing a secret between the components and allow to pre-deploy secrets
before ONAP deployment it is possible to use already existing secret instead of
{{- range $secret := .Values.secrets }}
{{- $uid := tpl (default "" $secret.uid) $global }}
{{- $name := include "common.secret.genName" (dict "global" $global "uid" $uid "name" $secret.name) }}
+ {{- $annotations := default "" $secret.annotations }}
{{- $type := default "generic" $secret.type }}
{{- $externalSecret := tpl (default "" $secret.externalSecret) $global }}
{{- if not $externalSecret }}
---
- {{ include "common.secret._header" (dict "global" $global "name" $name) }}
+ {{ include "common.secret._header" (dict "global" $global "name" $name "annotations" $annotations) }}
{{- if eq $type "generic" }}
data:
- .dot : environment (.)
- .suffix : a string which will be added at the end of the name (with a '-').
- .annotations: the annotations to add
+ - .msb_informations: msb information in order to create msb annotation
Usage example:
{{ include "common.serviceMetadata" ( dict "suffix" "myService" "dot" .) }}
{{ include "common.serviceMetadata" ( dict "annotations" .Values.service.annotation "dot" .) }}
{{- $dot := default . .dot -}}
{{- $suffix := default "" .suffix -}}
{{- $annotations := default "" .annotations -}}
-{{- if $annotations -}}
-annotations: {{- include "common.tplValue" (dict "value" $annotations "context" $dot) | nindent 2 }}
+ {{- $msb_informations := default "" .msb_informations -}}
+{{- if or $annotations $msb_informations -}}
+annotations:
+{{- if $annotations }}
+{{ include "common.tplValue" (dict "value" $annotations "context" $dot) | indent 2 }}
+{{- end }}
+{{- if $msb_informations }}
+ msb.onap.org/service-info: '[
+ {
+ "serviceName": "{{ include "common.servicename" $dot }}",
+ "version": "{{ default "v1" $msb_informations.version }}",
+ "url": "{{ default "/" $msb_informations.url }}",
+ "protocol": "{{ default "REST" $msb_informations.protocol }}",
+ "port": "{{ $msb_informations.port }}",
+ "visualRange":"{{ default "1" $msb_informations.visualRange }}"
+ }
+ ]'
+{{- end}}
{{- end }}
name: {{ include "common.servicename" $dot }}{{ if $suffix }}{{ print "-" $suffix }}{{ end }}
namespace: {{ include "common.namespace" $dot }}
The function takes three arguments (inside a dictionary):
- .dot : environment (.)
- .ports : an array of ports
- - .portType: the type of the service
- - .prefix: NodePort prefix to be used
-
+ - .serviceType: the type of the service
+ - .add_plain_port: add tls port AND plain port
*/}}
{{- define "common.servicePorts" -}}
-{{- $portType := .portType -}}
-{{- $dot := .dot -}}
-{{- range $index, $port := .ports }}
-{{- $portPrefix := default "nodePortPrefix" $port.prefix }}
+{{- $serviceType := .serviceType }}
+{{- $dot := .dot }}
+{{- $add_plain_port := default false .add_plain_port }}
+{{- range $index, $port := .ports }}
+{{- if (include "common.needTLS" $dot) }}
- port: {{ $port.port }}
targetPort: {{ $port.name }}
- {{- if (eq $portType "NodePort") }}
- nodePort: {{ index $dot.Values "global" $portPrefix | default (index $dot.Values $portPrefix) }}{{ $port.nodePort }}
- {{- end }}
+{{- if $port.port_protocol }}
+ name: {{ printf "%ss-%s" $port.port_protocol $port.name }}
+{{- else }}
name: {{ $port.name }}
-{{- end -}}
+{{- end }}
+{{- if (eq $serviceType "NodePort") }}
+ nodePort: {{ $dot.Values.global.nodePortPrefix | default $dot.Values.nodePortPrefix }}{{ $port.nodePort }}
+{{- end }}
+{{- else }}
+- port: {{ default $port.port $port.plain_port }}
+ targetPort: {{ $port.name }}
+{{- if $port.port_protocol }}
+ name: {{ printf "%s-%s" $port.port_protocol $port.name }}
+{{- else }}
+ name: {{ $port.name }}
+{{- end }}
+{{- end }}
+{{- if (and (and (include "common.needTLS" $dot) $add_plain_port) $port.plain_port) }}
+{{- if (eq $serviceType "ClusterIP") }}
+- port: {{ $port.plain_port }}
+ targetPort: {{ $port.name }}-plain
+{{- if $port.port_protocol }}
+ name: {{ printf "%s-%s" $port.port_protocol $port.name }}
+{{- else }}
+ name: {{ $port.name }}-plain
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
{{- end -}}
{{/* Create generic service template
The function takes several arguments (inside a dictionary):
- .dot : environment (.)
- .ports : an array of ports
- - .portType: the type of the service
+ - .serviceType: the type of the service
- .suffix : a string which will be added at the end of the name (with a '-')
- .annotations: the annotations to add
+ - .msb_informations: msb information in order to create msb annotation
- .publishNotReadyAddresses: if we publish not ready address
- .headless: if the service is headless
+ - .add_plain_port: add tls port AND plain port
*/}}
{{- define "common.genericService" -}}
{{- $dot := default . .dot -}}
{{- $suffix := default "" .suffix -}}
{{- $annotations := default "" .annotations -}}
+{{- $msb_informations := default "" .msb_informations -}}
{{- $publishNotReadyAddresses := default false .publishNotReadyAddresses -}}
-{{- $portType := .portType -}}
+{{- $serviceType := .serviceType -}}
{{- $ports := .ports -}}
{{- $headless := default false .headless -}}
+{{- $add_plain_port := default false .add_plain_port }}
apiVersion: v1
kind: Service
-metadata: {{ include "common.serviceMetadata" (dict "suffix" $suffix "annotations" $annotations "dot" $dot ) | nindent 2 }}
+metadata: {{ include "common.serviceMetadata" (dict "suffix" $suffix "annotations" $annotations "msb_informations" $msb_informations "dot" $dot) | nindent 2 }}
spec:
{{- if $headless }}
clusterIP: None
{{- end }}
- ports: {{- include "common.servicePorts" (dict "portType" $portType "ports" $ports "dot" $dot) | nindent 4 }}
+ ports: {{- include "common.servicePorts" (dict "serviceType" $serviceType "ports" $ports "dot" $dot "add_plain_port" $add_plain_port) | nindent 4 }}
{{- if $publishNotReadyAddresses }}
publishNotReadyAddresses: true
{{- end }}
- type: {{ $portType }}
+ type: {{ $serviceType }}
selector: {{- include "common.matchLabels" $dot | nindent 4 }}
{{- end -}}
-{{/* Create service template */}}
+{{/*
+ Create service template
+ Will create one or two service templates according to this table:
+
+ | serviceType | both_tls_and_plain | result |
+ |---------------|--------------------|--------------|
+ | ClusterIP | any | one Service |
+ | Not ClusterIP | not present | one Service |
+ | Not ClusterIP | false | one Service |
+ | Not ClusterIP | true | two Services |
+
+ If two services are created, one is ClusterIP with both crypted and plain
+ ports and the other one is NodePort (or LoadBalancer) with crypted port only.
+*/}}
{{- define "common.service" -}}
-{{- $suffix := default "" .Values.service.suffix -}}
-{{- $annotations := default "" .Values.service.annotations -}}
-{{- $publishNotReadyAddresses := default false .Values.service.publishNotReadyAddresses -}}
-{{- $portType := .Values.service.type -}}
-{{- $ports := .Values.service.ports -}}
-{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "portType" $portType) }}
+{{- $suffix := default "" .Values.service.suffix -}}
+{{- $annotations := default "" .Values.service.annotations -}}
+{{- $publishNotReadyAddresses := default false .Values.service.publishNotReadyAddresses -}}
+{{- $msb_informations := default "" .Values.service.msb -}}
+{{- $serviceType := .Values.service.type -}}
+{{- $ports := .Values.service.ports -}}
+{{- $both_tls_and_plain:= default false .Values.service.both_tls_and_plain }}
+{{- if (and (include "common.needTLS" .) $both_tls_and_plain) }}
+{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "msb_informations" $msb_informations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" "ClusterIP" "add_plain_port" true) }}
+{{- if (ne $serviceType "ClusterIP") }}
+---
+{{- if $suffix }}
+{{- $suffix = printf "%s-external" $suffix }}
+{{- else }}
+{{- $suffix = "external" }}
+{{- end }}
+{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" $serviceType) }}
+{{- end }}
+{{- else }}
+{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" $serviceType) }}
+{{- end }}
{{- end -}}
{{/* Create headless service template */}}
{{- $annotations := default "" .Values.service.headless.annotations -}}
{{- $publishNotReadyAddresses := default false .Values.service.headless.publishNotReadyAddresses -}}
{{- $ports := .Values.service.headlessPorts -}}
-{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "portType" "ClusterIP" "headless" true ) }}
+{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" "ClusterIP" "headless" true ) }}
{{- end -}}
{{/*
{{- print "headless" }}
{{- end }}
{{- end -}}
+
+{{/*
+ Calculate if we need to use TLS ports.
+ We use TLS by default unless we're on service mesh with TLS.
+ We can also override this behavior with override toggles:
+ - .Values.global.tlsEnabled : override default TLS behavior for all charts
+ - .Values.tlsOverride : override global and default TLS on a per chart basis
+
+ this will give these combinations:
+ | tlsOverride | global.tlsEnabled | global.serviceMesh.enabled | global.serviceMesh.tls | result |
+ |-------------|-------------------|----------------------------|------------------------|--------|
+ | not present | not present | not present | any | true |
+ | not present | not present | false | any | true |
+ | not present | not present | true | false | true |
+ | not present | not present | true | true | false |
+ | not present | true | any | any | true |
+ | not present | false | any | any | false |
+ | true | any | any | any | true |
+ | false | any | any | any | false |
+
+*/}}
+{{- define "common.needTLS" -}}
+{{- if hasKey .Values "tlsOverride" }}
+{{- if .Values.tlsOverride -}}
+true
+{{- end }}
+{{- else }}
+{{- if hasKey .Values.global "tlsEnabled" }}
+{{- if .Values.global.tlsEnabled }}
+true
+{{- end }}
+{{- else }}
+{{- if not (include "common.onServiceMesh" .) -}}
+true
+{{- else }}
+{{- if not (default false .Values.global.serviceMesh.tls) -}}
+true
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end -}}
--- /dev/null
+{/*
+# Copyright © 2020 Amdocs, Bell Canada, Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+
+{/*
+ Calculate if we are on service mesh.
+*/}}
+{{- define "common.onServiceMesh" -}}
+{{- if .Values.global.serviceMesh -}}
+{{- if (default false .Values.global.serviceMesh.enabled) -}}
+true
+{{- end -}}
+{{- end -}}
+{{- end -}}
# limitations under the License.
*/}}
+{{/*
+ Give the root folder for ONAP when using host pathes
+*/}}
+{{- define "common.persistencePath" -}}
+{{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }}
+{{- end -}}
+
{{/*
Expand the name of the storage class.
The value "common.fullname"-data is used by default,
{{- end -}}
{{- end -}}
+{{/*
+ Generate a PV
+*/}}
+{{- define "common.PV" -}}
+{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
+{{- if (include "common.needPV" .) -}}
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+ name: {{ include "common.fullname" . }}-data
+ namespace: {{ include "common.namespace" . }}
+ labels: {{- include "common.labels" . | nindent 4 }}
+spec:
+ capacity:
+ storage: {{ .Values.persistence.size }}
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ storageClassName: "{{ include "common.fullname" . }}-data"
+ persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
+ hostPath:
+ path: {{ include "common.persistencePath" . }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
{{/*
Generate N PV for a statefulset
*/}}
persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }}
storageClassName: "{{ include "common.fullname" $global }}-data"
hostPath:
- path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.mountSubPath }}-{{$i}}
+ path: {{ include "common.persistencePath" $global }}-{{$i}}
+{{- end -}}
+{{- end -}}
{{- end -}}
{{- end -}}
+
+{{/*
+ Generate a PVC
+*/}}
+{{- define "common.PVC" -}}
+{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+{{- if .Values.persistence.annotations }}
+ annotations:
+{{ toYaml .Values.persistence.annotations | indent 4 }}
+{{- end }}
+spec:
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ storageClassName: {{ include "common.storageClass" . }}
+ resources:
+ requests:
+ storage: {{ .Values.persistence.size }}
{{- end -}}
{{- end -}}
#============LICENSE_START========================================================
#=================================================================================
-# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2018 Amdocs, Bell Canada
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
{
"cert_path": "/opt/app/osaaf",
"image": "{{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}",
+ "component_cert_dir": "/opt/dcae/cacert",
"component_ca_cert_path": "/opt/dcae/cacert/cacert.pem",
"ca_cert_configmap": "{{ include "common.fullname" . }}-dcae-cacert"
}
- dcae-config-binding-service\r
- --container-name\r
- dcae-db\r
+ - --container-name\r
+ - dcae-inventory-api\r
- "-t"\r
- "15"\r
+\r
env:\r
- name: NAMESPACE\r
valueFrom:\r
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.10.0
+image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.12.0
default_k8s_location: central
# DCAE component images to be deployed via Cloudify Manager
holmes_rules: onap/holmes/rule-management:1.2.7
holmes_engine: onap/holmes/engine-management:1.2.6
tca: onap/org.onap.dcaegen2.deployments.tca-cdap-container:1.2.2
- #placeholder until tca-gen2 release image is available
- #tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.0.0
+ tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.0.0
ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.5.3
snmptrap: onap/org.onap.dcaegen2.collectors.snmptrap:1.4.0
prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.0
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.cm-container:2.0.2
+image: onap/org.onap.dcaegen2.deployments.cm-container:2.1.0
pullPolicy: Always
# name of shared ConfigMap with kubeconfig for multiple clusters
#============LICENSE_START========================================================
# ================================================================================
-# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.ccsdk.dashboard.ccsdk-app-os:1.3.0
+image: onap/org.onap.ccsdk.dashboard.ccsdk-app-os:1.3.1
pullPolicy: Always
# probe configuration parameters
fieldPath: metadata.namespace
- name: init-tls
env:
+ - name: aaf_locator_fqdn
+ value: dcae
- name: POD_IP
valueFrom:
fieldRef:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
resources: {}
volumeMounts:
- - mountPath: /opt/tls/shared
+ - mountPath: /opt/app/osaaf
name: tls-info
containers:
- name: {{ include "common.name" . }}
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
tlsRepository: nexus3.onap.org:10001
- tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:1.0.3
+ tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
repositoryCred:
user: docker
password: docker
global:
nodePortPrefix: 302
tlsRepository: nexus3.onap.org:10001
-# Have to use locally-define tlsImage until inventory API can use 2.x.y
-# tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
+ tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
consulLoaderRepository: nexus3.onap.org:10001
consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
redis:
# Application configuration defaults.
#################################################################
# application image
-image: onap/dmaap/datarouter-node:2.1.4
+image: onap/dmaap/datarouter-node:2.1.5
pullPolicy: Always
# flag to enable debugging - application support required
#AAF local config
aafConfig:
- aafDeployFqi: dmaap-dr@dmaap-dr.onap.org
+ aafDeployFqi: deployer@people.osaaf.org
aafDeployPass: demo123456!
fqdn: dmaap-dr-node
fqi: dmaap-dr-node@dmaap-dr.onap.org
# Application configuration defaults.
#################################################################
# application image
-image: onap/dmaap/datarouter-prov:2.1.4
+image: onap/dmaap/datarouter-prov:2.1.5
pullPolicy: Always
# flag to enable debugging - application support required
#AAF local config
aafConfig:
- aafDeployFqi: dmaap-dr@dmaap-dr.onap.org
+ aafDeployFqi: deployer@people.osaaf.org
aafDeployPass: demo123456!
fqdn: dmaap-dr-prov
fqi: dmaap-dr-prov@dmaap-dr.onap.org
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
-
+
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
- ============LICENSE_END=========================================================
+ ============LICENSE_END=========================================================
-->
<configuration scan="true" scanPeriod="3 seconds" debug="false">
- <contextName>${module.ajsc.namespace.name}</contextName>
- <jmxConfigurator />
- <property name="logDirectory" value="${AJSC_HOME}/log" />
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
- <filter class="ch.qos.logback.classic.filter.LevelFilter">
- <level>ERROR</level>
- <onMatch>ACCEPT</onMatch>
- <onMismatch>DENY</onMismatch>
- </filter>
- <encoder>
- <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n
- </pattern>
- </encoder>
- </appender>
-
- <appender name="INFO"
- class="ch.qos.logback.core.ConsoleAppender">
- <filter class="ch.qos.logback.classic.filter.LevelFilter">
- <level>INFO</level>
- <onMatch>ACCEPT</onMatch>
- <onMismatch>DENY</onMismatch>
- </filter>
- </appender>
-
- <appender name="DEBUG" class="ch.qos.logback.core.ConsoleAppender">
-
- <encoder>
- <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
- </encoder>
- </appender>
-
- <appender name="ERROR" class="ch.qos.logback.core.ConsoleAppender">
- class="ch.qos.logback.core.ConsoleAppender">
- <filter class="ch.qos.logback.classic.filter.LevelFilter">
- <level>ERROR</level>
- <onMatch>ACCEPT</onMatch>
- <onMismatch>DENY</onMismatch>
- </filter>
- <encoder>
- <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
- </encoder>
- </appender>
-
-
- <!-- Msgrtr related loggers -->
- <logger name="org.onap.dmaap.dmf.mr.service" level="INFO" />
- <logger name="org.onap.dmaap.dmf.mr.service.impl" level="INFO" />
-
- <logger name="org.onap.dmaap.dmf.mr.resources" level="INFO" />
- <logger name="org.onap.dmaap.dmf.mr.resources.streamReaders" level="INFO" />
-
- <logger name="org.onap.dmaap.dmf.mr.backends" level="INFO" />
- <logger name="org.onap.dmaap.dmf.mr.backends.kafka" level="INFO" />
- <logger name="org.onap.dmaap.dmf.mr.backends.memory" level="INFO" />
-
- <logger name="org.onap.dmaap.dmf.mr.beans" level="INFO" />
-
- <logger name="org.onap.dmaap.dmf.mr.constants" level="INFO" />
-
- <logger name="org.onap.dmaap.dmf.mr.exception" level="INFO" />
-
- <logger name="org.onap.dmaap.dmf.mr.listener" level="INFO" />
-
- <logger name="org.onap.dmaap.dmf.mr.metabroker" level="INFO" />
-
- <logger name="org.onap.dmaap.dmf.mr.metrics.publisher" level="INFO" />
- <logger name="org.onap.dmaap.dmf.mr.metrics.publisher.impl" level="INFO" />
-
-
-
- <logger name="org.onap.dmaap.dmf.mr.security" level="INFO" />
- <logger name="org.onap.dmaap.dmf.mr.security.impl" level="INFO" />
-
- <logger name="org.onap.dmaap.dmf.mr.transaction" level="INFO" />
- <logger name="com.att.dmf.mr.transaction.impl" level="INFO" />
-
- <logger name="org.onap.dmaap.dmf.mr.metabroker" level="INFO" />
- <logger name="org.onap.dmaap.dmf.mr.metabroker" level="INFO" />
-
- <logger name="org.onap.dmaap.dmf.mr.utils" level="INFO" />
- <logger name="org.onap.dmaap.mr.filter" level="INFO" />
-
- <!--<logger name="com.att.nsa.cambria.*" level="INFO" />-->
-
- <!-- Msgrtr loggers in ajsc -->
- <logger name="org.onap.dmaap.service" level="INFO" />
- <logger name="org.onap.dmaap" level="INFO" />
-
-
- <!-- Spring related loggers -->
- <logger name="org.springframework" level="WARN" additivity="false"/>
- <logger name="org.springframework.beans" level="WARN" additivity="false"/>
- <logger name="org.springframework.web" level="WARN" additivity="false" />
- <logger name="com.blog.spring.jms" level="WARN" additivity="false" />
-
- <!-- AJSC Services (bootstrap services) -->
- <logger name="ajsc" level="WARN" additivity="false"/>
- <logger name="ajsc.RouteMgmtService" level="INFO" additivity="false"/>
- <logger name="ajsc.ComputeService" level="INFO" additivity="false" />
- <logger name="ajsc.VandelayService" level="WARN" additivity="false"/>
- <logger name="ajsc.FilePersistenceService" level="WARN" additivity="false"/>
- <logger name="ajsc.UserDefinedJarService" level="WARN" additivity="false" />
- <logger name="ajsc.UserDefinedBeansDefService" level="WARN" additivity="false" />
- <logger name="ajsc.LoggingConfigurationService" level="WARN" additivity="false" />
-
- <!-- AJSC related loggers (DME2 Registration, csi logging, restlet, servlet
- logging) -->
- <logger name="ajsc.utils" level="WARN" additivity="false"/>
- <logger name="ajsc.utils.DME2Helper" level="INFO" additivity="false" />
- <logger name="ajsc.filters" level="DEBUG" additivity="false" />
- <logger name="ajsc.beans.interceptors" level="DEBUG" additivity="false" />
- <logger name="ajsc.restlet" level="DEBUG" additivity="false" />
- <logger name="ajsc.servlet" level="DEBUG" additivity="false" />
- <logger name="com.att" level="WARN" additivity="false" />
- <logger name="com.att.ajsc.csi.logging" level="WARN" additivity="false" />
- <logger name="com.att.ajsc.filemonitor" level="WARN" additivity="false"/>
-
- <logger name="com.att.nsa.dmaap.util" level="INFO" additivity="false"/>
- <logger name="com.att.cadi.filter" level="INFO" additivity="false" />
-
-
- <!-- Other Loggers that may help troubleshoot -->
- <logger name="net.sf" level="WARN" additivity="false" />
- <logger name="org.apache.commons.httpclient" level="WARN" additivity="false"/>
- <logger name="org.apache.commons" level="WARN" additivity="false" />
- <logger name="org.apache.coyote" level="WARN" additivity="false"/>
- <logger name="org.apache.jasper" level="WARN" additivity="false"/>
-
- <!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging.
- May aid in troubleshooting) -->
- <logger name="org.apache.camel" level="WARN" additivity="false" />
- <logger name="org.apache.cxf" level="WARN" additivity="false" />
- <logger name="org.apache.camel.processor.interceptor" level="WARN" additivity="false"/>
- <logger name="org.apache.cxf.jaxrs.interceptor" level="WARN" additivity="false" />
- <logger name="org.apache.cxf.service" level="WARN" additivity="false" />
- <logger name="org.restlet" level="DEBUG" additivity="false" />
- <logger name="org.apache.camel.component.restlet" level="DEBUG" additivity="false" />
- <logger name="org.apache.kafka" level="DEBUG" additivity="false" />
- <logger name="org.apache.zookeeper" level="INFO" additivity="false" />
- <logger name="org.I0Itec.zkclient" level="DEBUG" additivity="false" />
-
- <!-- logback internals logging -->
- <logger name="ch.qos.logback.classic" level="INFO" additivity="false"/>
- <logger name="ch.qos.logback.core" level="INFO" additivity="false" />
-
- <!-- logback jms appenders & loggers definition starts here -->
- <!-- logback jms appenders & loggers definition starts here -->
- <appender name="auditLogs"
- class="ch.qos.logback.core.ConsoleAppender">
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- </filter>
- <encoder>
- <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
- </encoder>
- </appender>
- <appender name="perfLogs"
- class="ch.qos.logback.core.ConsoleAppender">
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- </filter>
- <encoder>
- <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
- </encoder>
- </appender>
- <appender name="ASYNC-audit" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>1000</queueSize>
- <discardingThreshold>0</discardingThreshold>
- <appender-ref ref="Audit-Record-Queue" />
- </appender>
-
- <logger name="AuditRecord" level="INFO" additivity="FALSE">
- <appender-ref ref="STDOUT" />
- </logger>
- <logger name="AuditRecord_DirectCall" level="INFO" additivity="FALSE">
- <appender-ref ref="STDOUT" />
- </logger>
- <appender name="ASYNC-perf" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>1000</queueSize>
- <discardingThreshold>0</discardingThreshold>
- <appender-ref ref="Performance-Tracker-Queue" />
- </appender>
- <logger name="PerfTrackerRecord" level="INFO" additivity="FALSE">
- <appender-ref ref="ASYNC-perf" />
- <appender-ref ref="perfLogs" />
- </logger>
- <!-- logback jms appenders & loggers definition ends here -->
-
- <root level="DEBUG">
- <appender-ref ref="DEBUG" />
- <appender-ref ref="ERROR" />
- <appender-ref ref="INFO" />
- <appender-ref ref="STDOUT" />
- </root>
-
-</configuration>
\ No newline at end of file
+ <contextName>${module.ajsc.namespace.name}</contextName>
+ <jmxConfigurator />
+ <property name="logDirectory" value="${AJSC_HOME}/log" />
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>ERROR</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ <encoder>
+ <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n
+ </pattern>
+ </encoder>
+ </appender>
+
+ <appender name="INFO" class="ch.qos.logback.core.ConsoleAppender">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>INFO</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ </appender>
+
+ <appender name="DEBUG" class="ch.qos.logback.core.ConsoleAppender">
+
+ <encoder>
+ <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="ERROR" class="ch.qos.logback.core.ConsoleAppender"> class="ch.qos.logback.core.ConsoleAppender">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>ERROR</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ <encoder>
+ <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
+ </encoder>
+ </appender>
+
+
+ <!-- Msgrtr related loggers -->
+ <logger name="org.onap.dmaap.dmf.mr.service" level="INFO" />
+ <logger name="org.onap.dmaap.dmf.mr.service.impl" level="INFO" />
+
+ <logger name="org.onap.dmaap.dmf.mr.resources" level="INFO" />
+ <logger name="org.onap.dmaap.dmf.mr.resources.streamReaders" level="INFO" />
+
+ <logger name="org.onap.dmaap.dmf.mr.backends" level="INFO" />
+ <logger name="org.onap.dmaap.dmf.mr.backends.kafka" level="INFO" />
+ <logger name="org.onap.dmaap.dmf.mr.backends.memory" level="INFO" />
+
+ <logger name="org.onap.dmaap.dmf.mr.beans" level="INFO" />
+
+ <logger name="org.onap.dmaap.dmf.mr.constants" level="INFO" />
+
+ <logger name="org.onap.dmaap.dmf.mr.exception" level="INFO" />
+
+ <logger name="org.onap.dmaap.dmf.mr.listener" level="INFO" />
+
+ <logger name="org.onap.dmaap.dmf.mr.metabroker" level="INFO" />
+
+ <logger name="org.onap.dmaap.dmf.mr.metrics.publisher" level="INFO" />
+ <logger name="org.onap.dmaap.dmf.mr.metrics.publisher.impl" level="INFO" />
+
+
+
+ <logger name="org.onap.dmaap.dmf.mr.security" level="INFO" />
+ <logger name="org.onap.dmaap.dmf.mr.security.impl" level="INFO" />
+
+ <logger name="org.onap.dmaap.dmf.mr.transaction" level="INFO" />
+ <logger name="com.att.dmf.mr.transaction.impl" level="INFO" />
+
+ <logger name="org.onap.dmaap.dmf.mr.metabroker" level="INFO" />
+ <logger name="org.onap.dmaap.dmf.mr.metabroker" level="INFO" />
+
+ <logger name="org.onap.dmaap.dmf.mr.utils" level="INFO" />
+ <logger name="org.onap.dmaap.mr.filter" level="INFO" />
+
+ <!--<logger name="com.att.nsa.cambria.*" level="INFO" />-->
+
+ <!-- Msgrtr loggers in ajsc -->
+ <logger name="org.onap.dmaap.service" level="INFO" />
+ <logger name="org.onap.dmaap" level="INFO" />
+
+
+ <!-- Spring related loggers -->
+ <logger name="org.springframework" level="WARN" additivity="false"/>
+ <logger name="org.springframework.beans" level="WARN" additivity="false"/>
+ <logger name="org.springframework.web" level="WARN" additivity="false" />
+ <logger name="com.blog.spring.jms" level="WARN" additivity="false" />
+
+ <!-- AJSC Services (bootstrap services) -->
+ <logger name="ajsc" level="WARN" additivity="false"/>
+ <logger name="ajsc.RouteMgmtService" level="INFO" additivity="false"/>
+ <logger name="ajsc.ComputeService" level="INFO" additivity="false" />
+ <logger name="ajsc.VandelayService" level="WARN" additivity="false"/>
+ <logger name="ajsc.FilePersistenceService" level="WARN" additivity="false"/>
+ <logger name="ajsc.UserDefinedJarService" level="WARN" additivity="false" />
+ <logger name="ajsc.UserDefinedBeansDefService" level="WARN" additivity="false" />
+ <logger name="ajsc.LoggingConfigurationService" level="WARN" additivity="false" />
+
+ <!-- AJSC related loggers (DME2 Registration, csi logging, restlet, servlet
+ logging) -->
+ <logger name="ajsc.utils" level="WARN" additivity="false"/>
+ <logger name="ajsc.utils.DME2Helper" level="INFO" additivity="false" />
+ <logger name="ajsc.filters" level="DEBUG" additivity="false" />
+ <logger name="ajsc.beans.interceptors" level="DEBUG" additivity="false" />
+ <logger name="ajsc.restlet" level="DEBUG" additivity="false" />
+ <logger name="ajsc.servlet" level="DEBUG" additivity="false" />
+ <logger name="com.att" level="WARN" additivity="false" />
+ <logger name="com.att.ajsc.csi.logging" level="WARN" additivity="false" />
+ <logger name="com.att.ajsc.filemonitor" level="WARN" additivity="false"/>
+
+ <logger name="com.att.nsa.dmaap.util" level="INFO" additivity="false"/>
+ <logger name="com.att.cadi.filter" level="INFO" additivity="false" />
+
+
+ <!-- Other Loggers that may help troubleshoot -->
+ <logger name="net.sf" level="WARN" additivity="false" />
+ <logger name="org.apache.commons.httpclient" level="WARN" additivity="false"/>
+ <logger name="org.apache.commons" level="WARN" additivity="false" />
+ <logger name="org.apache.coyote" level="WARN" additivity="false"/>
+ <logger name="org.apache.jasper" level="WARN" additivity="false"/>
+
+ <!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging.
+ May aid in troubleshooting) -->
+ <logger name="org.apache.camel" level="WARN" additivity="false" />
+ <logger name="org.apache.cxf" level="WARN" additivity="false" />
+ <logger name="org.apache.camel.processor.interceptor" level="WARN" additivity="false"/>
+ <logger name="org.apache.cxf.jaxrs.interceptor" level="WARN" additivity="false" />
+ <logger name="org.apache.cxf.service" level="WARN" additivity="false" />
+ <logger name="org.restlet" level="DEBUG" additivity="false" />
+ <logger name="org.apache.camel.component.restlet" level="DEBUG" additivity="false" />
+ <logger name="org.apache.kafka" level="DEBUG" additivity="false" />
+ <logger name="org.apache.zookeeper" level="INFO" additivity="false" />
+ <logger name="org.I0Itec.zkclient" level="DEBUG" additivity="false" />
+
+ <!-- logback internals logging -->
+ <logger name="ch.qos.logback.classic" level="INFO" additivity="false"/>
+ <logger name="ch.qos.logback.core" level="INFO" additivity="false" />
+
+ <!-- logback jms appenders & loggers definition starts here -->
+ <!-- logback jms appenders & loggers definition starts here -->
+ <appender name="auditLogs" class="ch.qos.logback.core.ConsoleAppender">
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ </filter>
+ <encoder>
+ <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
+ </encoder>
+ </appender>
+ <appender name="perfLogs" class="ch.qos.logback.core.ConsoleAppender">
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ </filter>
+ <encoder>
+ <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
+ </encoder>
+ </appender>
+ <appender name="ASYNC-audit" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>1000</queueSize>
+ <discardingThreshold>0</discardingThreshold>
+ <appender-ref ref="Audit-Record-Queue" />
+ </appender>
+
+ <logger name="AuditRecord" level="INFO" additivity="FALSE">
+ <appender-ref ref="STDOUT" />
+ </logger>
+ <logger name="AuditRecord_DirectCall" level="INFO" additivity="FALSE">
+ <appender-ref ref="STDOUT" />
+ </logger>
+ <appender name="ASYNC-perf" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>1000</queueSize>
+ <discardingThreshold>0</discardingThreshold>
+ <appender-ref ref="Performance-Tracker-Queue" />
+ </appender>
+ <logger name="PerfTrackerRecord" level="INFO" additivity="FALSE">
+ <appender-ref ref="ASYNC-perf" />
+ <appender-ref ref="perfLogs" />
+ </logger>
+ <!-- logback jms appenders & loggers definition ends here -->
+
+ <root level="DEBUG">
+ <appender-ref ref="DEBUG" />
+ <appender-ref ref="ERROR" />
+ <appender-ref ref="INFO" />
+ <appender-ref ref="STDOUT" />
+ </root>
+
+</configuration>
{
"topicName": "mirrormakeragent",
"topicDescription": "the topic used to provision the MM agent whitelist",
- "replicationCase": "REPLICATION_NONE",
+ "replicationCase": "REPLICATION_NONE",
"owner": "dmaap",
"txenabled": false,
"partitionCount": "1",
"dcaeLocationName": "san-francisco",
"clientIdentity": "dmaap-bc-mm-prov@dmaap-bc-mm-prov.onap.org",
"action": [
- "pub",
+ "pub",
"sub",
- "view"
+ "view"
]
-
},
- {
+ {
"dcaeLocationName": "san-francisco",
"clientIdentity": "dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org",
"action": [
- "pub",
+ "pub",
"sub",
- "view"
+ "view"
]
-
},
- {
+ {
"dcaeLocationName": "san-francisco",
"clientIdentity": "demo@people.osaaf.org",
"action": [
- "pub",
+ "pub",
"sub",
- "view"
+ "view"
]
-
}
-
]
-}
-
+}
\ No newline at end of file
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "{{ include "common.servicename" . }}",
- "version": "v1",
- "url": "/",
- "protocol": "REST",
- "port": "{{.Values.service.internalPort}}",
- "visualRange":"1"
- }
- ]'
-
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- {{- if .Values.global.allow_http }}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}-{{ .Values.service.externalPort }}
- {{- end}}
- - port: {{ .Values.service.externalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.portName }}-{{ .Values.service.externalPort2 }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }}
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: apps/v1beta1
+
+apiVersion: apps/v1
kind: StatefulSet
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ serviceName: {{ include "common.servicename" . }}
replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- command:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.externalPort }}
- - containerPort: {{ .Values.service.externalPort2 }}
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
- port: {{ .Values.service.externalPort }}
+ port: {{ .Values.liveness.port }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
{{ end -}}
readinessProbe:
tcpSocket:
- port: {{ .Values.service.externalPort }}
+ port: {{ .Values.readiness.port }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
- mountPath: /appl/dmaapMR1/etc/keyfile
subPath: mykey
name: mykey
- resources:
-{{ include "common.resources" . }}
+ resources: {{ include "common.resources" . | nindent 12 }}
volumes:
- name: localtime
hostPath:
timeoutSeconds: 1
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
+ port: api
enabled: true
readiness:
initialDelaySeconds: 70
periodSeconds: 10
timeoutSeconds: 1
+ port: api
service:
type: NodePort
name: message-router
- portName: message-router
- externalPort: 3904
- nodePort: 27
- externalPort2: 3905
- nodePort2: 26
+ both_tls_and_plain: true
+ msb:
+ port: api
+ url: "/"
+ version: "v1"
+ protocol: "REST"
+ visualRange: "1"
+ ports:
+ - name: api
+ port: 3905
+ plain_port: 3904
+ port_protocol: http
+ nodePort: 26
ingress:
enabled: false
busyBoxRepository: docker.io
#Global DMaaP app config
- allow_http: true
+ allow_http: false
#Logstash config
logstashServiceName: log-ls
# application image
repository: nexus3.onap.org:10001
-image: onap/aai/esr-server:1.5.1
+image: onap/aai/esr-server:1.5.2
pullPolicy: Always
msbaddr: msb-iag.{{ include "common.namespace" . }}:443
--- /dev/null
+# Copyright © 2019 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration overrides.
+#
+# These overrides will affect all helm charts (ie. applications)
+# that are listed below and are 'enabled'.
+#################################################################
+global:
+ # Change to an unused port prefix range to prevent port conflicts
+ # with other instances running within the same k8s cluster
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+
+ # ONAP Repository
+ # Uncomment the following to enable the use of a single docker
+ # repository but ONLY if your repository mirrors all ONAP
+ # docker images. This includes all images from dockerhub and
+ # any other repository that hosts images for ONAP components.
+ #repository: nexus3.onap.org:10001
+ repositoryCred:
+ user: docker
+ password: docker
+
+ # readiness check - temporary repo until images migrated to nexus3
+ readinessRepository: oomk8s
+ # logging agent - temporary repo until images migrated to nexus3
+ loggingRepository: docker.elastic.co
+
+ # image pull policy
+ pullPolicy: IfNotPresent
+
+ # default mount path root directory referenced
+ # by persistent volumes and log files
+ persistence:
+ mountPath: /dockerdata-nfs
+ enableDefaultStorageclass: false
+ parameters: {}
+ storageclassProvisioner: kubernetes.io/no-provisioner
+ volumeReclaimPolicy: Retain
+
+ # override default resource limit flavor for all charts
+ flavor: small
+
+ # flag to enable debugging - application support required
+ debugEnabled: false
+
+ #Global ingress configuration
+ ingress:
+ enabled: false
+ virtualhost:
+ enabled: true
+ baseurl: "simpledemo.onap.org"
+#################################################################
+# Enable/disable and configure helm charts (ie. applications)
+# to customize the ONAP deployment.
+#################################################################
+aaf:
+ enabled: true
+aai:
+ enabled: true
+appc:
+ enabled: false
+ config:
+ openStackType: OpenStackProvider
+ openStackName: OpenStack
+ openStackKeyStoneUrl: http://localhost:8181/apidoc/explorer/index.html
+ openStackServiceTenantName: default
+ openStackDomain: default
+ openStackUserName: admin
+ openStackEncryptedPassword: admin
+cassandra:
+ enabled: true
+cds:
+ enabled: true
+clamp:
+ enabled: false
+cli:
+ enabled: false
+consul:
+ enabled: false
+contrib:
+ enabled: false
+dcaegen2:
+ enabled: false
+pnda:
+ enabled: false
+dmaap:
+ enabled: true
+esr:
+ enabled: true
+log:
+ enabled: true
+sniro-emulator:
+ enabled: false
+oof:
+ enabled: true
+mariadb-galera:
+ enabled: true
+msb:
+ enabled: true
+multicloud:
+ enabled: false
+nbi:
+ enabled: false
+ config:
+ # openstack configuration
+ openStackRegion: "Yolo"
+ openStackVNFTenantId: "1234"
+policy:
+ enabled: true
+pomba:
+ enabled: false
+portal:
+ enabled: true
+robot:
+ enabled: false
+ config:
+ # openStackEncryptedPasswordHere should match the encrypted string used in SO and APPC and overridden per environment
+ openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e"
+sdc:
+ enabled: true
+sdnc:
+ enabled: false
+
+ replicaCount: 1
+
+ mysql:
+ replicaCount: 1
+so:
+ enabled: true
+
+ replicaCount: 1
+
+ liveness:
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: false
+
+ # so server configuration
+ config:
+ # message router configuration
+ dmaapTopic: "AUTO"
+ # openstack configuration
+ openStackUserName: "vnf_user"
+ openStackRegion: "RegionOne"
+ openStackKeyStoneUrl: "http://1.2.3.4:5000"
+ openStackServiceTenantName: "service"
+ openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e"
+
+uui:
+ enabled: true
+vfc:
+ enabled: false
+vid:
+ enabled: false
+vnfsdk:
+ enabled: false
+modeling:
+ enabled: false
virtualhost:
enabled: true
baseurl: "simpledemo.onap.org"
+
+ # Global Service Mesh configuration
+ # POC Mode, don't use it in production
+ serviceMesh:
+ enabled: false
+ tls: true
+
+ # Disabling AAF
+ # POC Mode, don't use it in production
+ aafEnabled: true
+
+ # TLS
+ # Set to false if you want to disable TLS for NodePorts. Be aware that this
+ # will loosen your security.
+ # if set this element will force or not tls even if serviceMesh.tls is set.
+ # tlsEnabled: false
+
+
+# Example of specific for the components where you want to disable TLS only for
+# it:
+# if set this element will force or not tls even if global.serviceMesh.tls and
+# global.tlsEnabled is set otherwise.
+# robot:
+# tlsOverride: false
+
+ # Global storage configuration
+ # Set to "-" for default, or with the name of the storage class
+ # Please note that if you use AAF, CDS, SDC, Netbox or Robot, you need a
+ # storageclass with RWX capabilities (or set specific configuration for these
+ # components).
+ # persistence:
+ # storageClass: "-"
+
+# Example of specific for the components which requires RWX:
+# aaf:
+# persistence:
+# storageClassOverride: "My_RWX_Storage_Class"
+# contrib:
+# netbox:
+# netbox-app:
+# persistence:
+# storageClassOverride: "My_RWX_Storage_Class"
+# cds:
+# cds-blueprints-processor:
+# persistence:
+# storageClassOverride: "My_RWX_Storage_Class"
+# sdc:
+# sdc-onboarding-be:
+# persistence:
+# storageClassOverride: "My_RWX_Storage_Class"
+
#################################################################
# Enable/disable and configure helm charts (ie. applications)
# to customize the ONAP deployment.
#cookie domain
cookie_domain = onap.org
+
+{{- if .Values.global.aafEnabled }}
+# External Access System Basic Auth Credentials & Rest endpoint(These credentials doesn't work as these are place holders for now)
+ext_central_access_user_name = aaf_admin@people.osaaf.org
+ext_central_access_password = thiswillbereplacedatruntime
+ext_central_access_url = {{ .Values.aafURL }}/authz/
+ext_central_access_user_domain = @people.osaaf.org
+
+# External Central Auth system access
+remote_centralized_system_access = true
+{{- end }}
\ No newline at end of file
--- /dev/null
+<?xml version='1.0' encoding='utf-8'?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+ Modifications to this file for use in ONAP are also subject to the Apache-2.0 license.
+-->
+<!-- Note: A "Server" is not itself a "Container", so you may not
+ define subcomponents such as "Valves" at this level.
+ Documentation at /docs/config/server.html
+ -->
+<Server port="8005" shutdown="SHUTDOWN">
+ <Listener className="org.apache.catalina.startup.VersionLoggerListener" logArgs="false"/>
+ <!-- Security listener. Documentation at /docs/config/listeners.html
+ <Listener className="org.apache.catalina.security.SecurityListener" />
+ -->
+ <!--APR library loader. Documentation at /docs/apr.html -->
+ <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
+ <!-- Prevent memory leaks due to use of particular java/javax APIs-->
+ <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
+ <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
+ <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
+
+ <!-- Global JNDI resources
+ Documentation at /docs/jndi-resources-howto.html
+ -->
+ <GlobalNamingResources>
+ <!-- Editable user database that can also be used by
+ UserDatabaseRealm to authenticate users
+ -->
+ <Resource name="UserDatabase" auth="Container"
+ type="org.apache.catalina.UserDatabase"
+ description="User database that can be updated and saved"
+ factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
+ pathname="conf/tomcat-users.xml" />
+ </GlobalNamingResources>
+
+ <!-- A "Service" is a collection of one or more "Connectors" that share
+ a single "Container" Note: A "Service" is not itself a "Container",
+ so you may not define subcomponents such as "Valves" at this level.
+ Documentation at /docs/config/service.html
+ -->
+ <Service name="Catalina">
+
+ <!--The connectors can use a shared executor, you can define one or more named thread pools-->
+ <!--
+ <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
+ maxThreads="150" minSpareThreads="4"/>
+ -->
+
+
+ <!-- A "Connector" represents an endpoint by which requests are received
+ and responses are returned. Documentation at :
+ Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
+ Java AJP Connector: /docs/config/ajp.html
+ APR (HTTP/AJP) Connector: /docs/apr.html
+ Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
+ -->
+ <Connector port="8080" protocol="HTTP/1.1"
+ connectionTimeout="20000"
+ {{ if .Values.global.aafEnabled }}
+ redirectPort="8443"
+ {{ end }}
+ />
+ <!-- A "Connector" using the shared thread pool-->
+ <!--
+ <Connector executor="tomcatThreadPool"
+ port="8080" protocol="HTTP/1.1"
+ connectionTimeout="20000"
+ redirectPort="8443" />
+ -->
+ <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443
+ This connector uses the NIO implementation that requires the JSSE
+ style configuration. When using the APR/native implementation, the
+ OpenSSL style configuration is required as described in the APR/native
+ documentation -->
+ <!--
+ <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
+ maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
+ clientAuth="false" sslProtocol="TLS" />
+ -->
+ {{ if .Values.global.aafEnabled }}
+ <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
+ maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
+ keystoreFile="{{.Values.persistence.aafCredsPath}}/{{.Values.aafConfig.keystoreFile}}"
+ keystorePass="${javax.net.ssl.keyStorePassword}"
+ clientAuth="false" sslProtocol="TLS" />
+ {{ end }}
+ <!-- Define an AJP 1.3 Connector on port 8009 -->
+ <Connector port="8009" protocol="AJP/1.3"
+ {{ if .Values.global.aafEnabled }}
+ redirectPort="8443"
+ {{ end }}
+ />
+
+
+ <!-- An Engine represents the entry point (within Catalina) that processes
+ every request. The Engine implementation for Tomcat stand alone
+ analyzes the HTTP headers included with the request, and passes them
+ on to the appropriate Host (virtual host).
+ Documentation at /docs/config/engine.html -->
+
+ <!-- You should set jvmRoute to support load-balancing via AJP ie :
+ <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
+ -->
+ <Engine name="Catalina" defaultHost="localhost">
+
+ <!--For clustering, please take a look at documentation at:
+ /docs/cluster-howto.html (simple how to)
+ /docs/config/cluster.html (reference documentation) -->
+ <!--
+ <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
+ -->
+
+ <!-- Use the LockOutRealm to prevent attempts to guess user passwords
+ via a brute-force attack -->
+ <Realm className="org.apache.catalina.realm.LockOutRealm">
+ <!-- This Realm uses the UserDatabase configured in the global JNDI
+ resources under the key "UserDatabase". Any edits
+ that are performed against this UserDatabase are immediately
+ available for use by the Realm. -->
+ <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
+ resourceName="UserDatabase"/>
+ </Realm>
+
+ <Host name="localhost" appBase="webapps"
+ unpackWARs="true" autoDeploy="true">
+
+ <!-- SingleSignOn valve, share authentication between web applications
+ Documentation at: /docs/config/valve.html -->
+ <!--
+ <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
+ -->
+ <!-- Access log processes all example.
+ Documentation at: /docs/config/valve.html
+ Note: The pattern used is equivalent to using pattern="common" -->
+ <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
+ prefix="localhost_access_log" suffix=".txt"
+ pattern="%h %l %u %t "%r" %s %b" />
+ </Host>
+ </Engine>
+ </Service>
+</Server>
\ No newline at end of file
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/deliveries/properties/ONAPPORTALSDK/*").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/server/*").AsConfig . | indent 2 }}
\ No newline at end of file
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2018,2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ {{- if .Values.global.aafEnabled }}
+ - name: {{ include "common.name" . }}-aaf-readiness
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /root/ready.py
+ args:
+ - --container-name
+ - aaf-locate
+ - --container-name
+ - aaf-cm
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ - name: {{ include "common.name" . }}-aaf-config
+ image: "{{ include "common.repository" . }}/{{ .Values.global.aafAgentImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command: ["bash","-c"]
+ args: ["/opt/app/aaf_config/bin/agent.sh;/opt/app/aaf_config/bin/agent.sh local showpass \
+ {{.Values.aafConfig.fqi}} {{ .Values.aafConfig.fqdn }} > {{ .Values.persistence.aafCredsPath }}/mycreds.prop"]
+ volumeMounts:
+ - mountPath: {{ .Values.persistence.aafCredsPath }}
+ name: {{ include "common.fullname" . }}-aaf-config-vol
+ env:
+ - name: APP_FQI
+ value: "{{ .Values.aafConfig.fqi }}"
+ - name: aaf_locate_url
+ value: "https://aaf-locate.{{ .Release.Namespace }}:8095"
+ - name: aaf_locator_container
+ value: "{{ .Values.global.aafLocatorContainer }}"
+ - name: aaf_locator_container_ns
+ value: "{{ .Release.Namespace }}"
+ - name: aaf_locator_fqdn
+ value: "{{ .Values.aafConfig.fqdn }}"
+ - name: aaf_locator_public_fqdn
+ value: "{{.Values.aafConfig.publicFqdn}}"
+ - name: aaf_locator_app_ns
+ value: "{{ .Values.global.aafAppNs }}"
+ - name: DEPLOY_FQI
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aaf-deploy-creds" "key" "login") | indent 12 }}
+ - name: DEPLOY_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aaf-deploy-creds" "key" "password") | indent 12 }}
+ - name: cadi_longitude
+ value: "{{ .Values.aafConfig.cadiLongitude }}"
+ - name: cadi_latitude
+ value: "{{ .Values.aafConfig.cadiLatitude }}"
+ {{ end }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /start-apache-tomcat.sh
- - -b
- - "{{ .Values.global.env.tomcatDir }}"
+ command: ["bash","-c"]
+ {{- if .Values.global.aafEnabled }}
+ args: ["export $(grep '^c' {{ .Values.persistence.aafCredsPath }}/mycreds.prop | xargs -0);\
+ export _JAVA_OPTIONS=\"-Djavax.net.ssl.trustStorePassword=$cadi_truststore_password \
+ -Djavax.net.ssl.keyStorePassword=$cadi_keystore_password_p12\";\
+ cat /dev/null > {{ .Values.persistence.aafCredsPath }}/mycreds.prop;\
+ /start-apache-tomcat.sh -b {{ .Values.global.env.tomcatDir }}"]
+ env:
+ - name: _CATALINA_OPTS
+ value: >
+ -Djavax.net.ssl.keyStore="{{ .Values.persistence.aafCredsPath }}/{{ .Values.aafConfig.keystoreFile }}"
+ -Djavax.net.ssl.trustStore="{{ .Values.persistence.aafCredsPath }}/{{ .Values.aafConfig.truststoreFile }}"
+ {{- else }}
+ args: ["/start-apache-tomcat.sh -b {{ .Values.global.env.tomcatDir }}"]
+ {{- end }}
ports:
- containerPort: {{ .Values.service.internalPort }}
{{- if eq .Values.liveness.enabled true }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
+ {{- if .Values.global.aafEnabled }}
+ - mountPath: {{ .Values.persistence.aafCredsPath }}
+ name: {{ include "common.fullname" . }}-aaf-config-vol
+ {{- end }}
+ - name: properties-onapportalsdk
+ mountPath: "{{ .Values.global.env.tomcatDir }}/conf/server.xml"
+ subPath: server.xml
- mountPath: /etc/localtime
name: localtime
readOnly: true
emptyDir: {}
- name: portal-tomcat-logs
emptyDir: {}
+ {{- if .Values.global.aafEnabled }}
+ - name: {{ include "common.fullname" . }}-aaf-config-vol
+ emptyDir:
+ medium: Memory
+ {{- end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secret" . }}
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2018, 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
readinessImage: readiness-check:2.0.0
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
-
+ persistence: {}
+ #AAF global config overrides
+ aafEnabled: true
+ aafAgentImage: onap/aaf/aaf_agent:2.1.15
+ aafAppNs: org.osaaf.aaf
+ aafLocatorContainer: oom
#################################################################
# Application configuration defaults.
#################################################################
+secrets:
+ - uid: aaf-deploy-creds
+ type: basicAuth
+ externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDiabled" .Values.global.aafEnabled }}'
+ login: '{{ .Values.aafConfig.aafDeployFqi }}'
+ password: '{{ .Values.aafConfig.aafDeployPass }}'
+ passwordPolicy: required
+
+## Persist cert data to a memory volume
+persistence:
+ aafCredsPath: /opt/app/osaaf/local
+
# application image
repository: nexus3.onap.org:10001
image: onap/portal-sdk:2.6.0
pullPolicy: Always
+#AAF service
+aafURL: https://aaf-service:8100/
+aafLocateUrl: https://aaf-locate:8095
+
+#AAF local config
+aafConfig:
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: portal
+ fqi: portal@portal.onap.org
+ publicFqdn: portal.onap.org
+ cadiLatitude: 0.0
+ cadiLongitude: 0.0
+ keystoreFile: "org.onap.portal.p12"
+ truststoreFile: "org.onap.portal.trust.jks"
+
# flag to enable debugging - application support required
debugEnabled: false
type: NodePort
name: portal-sdk
portName: portal-sdk
- internalPort: 8080
- externalPort: 8080
+ internalPort: 8443
+ externalPort: 8443
nodePort: 12
mariadb:
service:
- baseaddr: portalsdk
name: "portal-sdk"
- port: 8080
+ port: 8443
config:
ssl: "none"
-Subproject commit 591bfdea4f1d833abee3c7e60f084da546d9082a
+Subproject commit c854b484ebbd5e0c1be1e6a032a79beeb4cab6ff
passwordPolicy: required
- uid: ueb-creds
type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.config.odlCredsExternalSecret) . }}'
+ externalSecret: '{{ tpl (default "" .Values.config.uebCredsExternalSecret) . }}'
login: '{{ .Values.config.uebUser }}'
password: '{{ .Values.config.uebPassword }}'
passwordPolicy: required
- name: mariadb-galera
version: ~5.x-0
repository: '@local'
- condition: config.localDBCluster
-
+ condition: .global.mariadbGalera.localCluster
ETC_DIR=${ETC_DIR:-${SDNC_HOME}/data}
BIN_DIR=${BIN_DIR-${SDNC_HOME}/bin}
MYSQL_HOST=${MYSQL_HOST:-dbhost}
-MYSQL_PASSWORD=${MYSQL_PASSWORD:-openECOMP1.0}
+MYSQL_PASSWORD=${MYSQL_ROOT_PASSWORD}
-SDNC_DB_USER=${SDNC_DB_USER:-sdnctl}
-SDNC_DB_PASSWORD=${SDNC_DB_PASSWORD:-gamma}
-SDNC_DB_DATABASE=${SDN_DB_DATABASE:-sdnctl}
+SDNC_DB_USER=${SDNC_DB_USER}
+SDNC_DB_PASSWORD=${SDNC_DB_PASSWORD}
+SDNC_DB_DATABASE=${SDNC_DB_DATABASE}
# Create tablespace and user account
# load schema
if [ -f ${ETC_DIR}/sdnctl.dump ]
then
- mysql -h ${MYSQL_HOST} -u root -p${MYSQL_PASSWORD} sdnctl < ${ETC_DIR}/sdnctl.dump
+ mysql -h ${MYSQL_HOST} -u root -p${MYSQL_PASSWORD} ${SDNC_DB_DATABASE} < ${ETC_DIR}/sdnctl.dump
fi
for datafile in ${ETC_DIR}/*.data.dump
do
- mysql -h ${MYSQL_HOST} -u root -p${MYSQL_PASSWORD} sdnctl < $datafile
+ mysql -h ${MYSQL_HOST} -u root -p${MYSQL_PASSWORD} ${SDNC_DB_DATABASE} < $datafile
done
# Create VNIs 100-199
addToFeatureBoot odl-jolokia
#${ODL_HOME}/bin/client feature:install odl-mdsal-clustering
#${ODL_HOME}/bin/client feature:install odl-jolokia
-
+
echo "Update cluster information statically"
hm=$(hostname)
# Install SDN-C platform components if not already installed and start container
ODL_HOME=${ODL_HOME:-/opt/opendaylight/current}
-ODL_ADMIN_USERNAME=${ODL_ADMIN_USERNAME:-admin}
-ODL_ADMIN_PASSWORD=${ODL_ADMIN_PASSWORD:-Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U}
+ODL_ADMIN_USERNAME=${ODL_ADMIN_USERNAME}
+ODL_ADMIN_PASSWORD=${ODL_ADMIN_PASSWORD}
SDNC_HOME=${SDNC_HOME:-/opt/onap/sdnc}
SDNC_BIN=${SDNC_BIN:-/opt/onap/sdnc/bin}
CCSDK_HOME=${CCSDK_HOME:-/opt/onap/ccsdk}
exec ${ODL_HOME}/bin/karaf server
-
# ============LICENSE_START=======================================================
# openECOMP : SDN-C
# ================================================================================
-# Copyright (C) 2018 ONAP Intellectual Property. All rights
-# reserved.
+# Copyright (C) 2018 ONAP Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
org.onap.ccsdk.sli.adaptors.aai.ssl.trust.psswd=changeit
org.onap.ccsdk.sli.adaptors.aai.host.certificate.ignore=true
-org.onap.ccsdk.sli.adaptors.aai.client.name=sdnc@sdnc.onap.org
-org.onap.ccsdk.sli.adaptors.aai.client.psswd=demo123456!
+org.onap.ccsdk.sli.adaptors.aai.client.name=${AAI_CLIENT_NAME}
+org.onap.ccsdk.sli.adaptors.aai.client.psswd=${AAI_CLIENT_PASSWORD}
org.onap.ccsdk.sli.adaptors.aai.application=openECOMP
#
org.onap.ccsdk.features.blueprints.adaptors.modelservice.type=generic
org.onap.ccsdk.features.blueprints.adaptors.modelservice.enable=true
org.onap.ccsdk.features.blueprints.adaptors.modelservice.url=http://controller-blueprints:8080/api/v1/
-org.onap.ccsdk.features.blueprints.adaptors.modelservice.user=ccsdkapps
-org.onap.ccsdk.features.blueprints.adaptors.modelservice.passwd=ccsdkapps
+org.onap.ccsdk.features.blueprints.adaptors.modelservice.user=${MODELSERVICE_USER}
+org.onap.ccsdk.features.blueprints.adaptors.modelservice.passwd=${MODELSERVICE_PASSWORD}
# Generic RESTCONF Adaptor
org.onap.ccsdk.features.blueprints.adaptors.restconf.type=generic
org.onap.ccsdk.features.blueprints.adaptors.restconf.enable=true
-org.onap.ccsdk.features.blueprints.adaptors.restconf.user=admin
-org.onap.ccsdk.features.blueprints.adaptors.restconf.passwd={{ .Values.config.odlPassword}}
+org.onap.ccsdk.features.blueprints.adaptors.restconf.user=${RESTCONF_USER}
+org.onap.ccsdk.features.blueprints.adaptors.restconf.passwd=${RESTCONF_PASSWORD}
org.onap.ccsdk.features.blueprints.adaptors.restconf.url=http://sdnc:8282/restconf/
###
# ============LICENSE_START=======================================================
-# Copyright (C) 2018 AT&T Intellectual Property. All rights
-# reserved.
+# Copyright (C) 2018 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
###
org.onap.ccsdk.sli.dbtype=jdbc
org.onap.ccsdk.sli.jdbc.hosts=sdnctldb01
-org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.mariadbGalera.serviceName}}.{{.Release.Namespace}}:{{.Values.config.mariadbGalera.internalPort}}/sdnctl
+org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{include "common.mariadbService" $}}:{{include "common.mariadbPort" $}}/{{$.Values.config.dbSdnctlDatabase}}
org.onap.ccsdk.sli.jdbc.driver=org.mariadb.jdbc.Driver
-org.onap.ccsdk.sli.jdbc.database=sdnctl
-org.onap.ccsdk.sli.jdbc.user=sdnctl
-org.onap.ccsdk.sli.jdbc.password={{.Values.config.dbSdnctlPassword}}
+org.onap.ccsdk.sli.jdbc.database={{$.Values.config.dbSdnctlDatabase}}
+org.onap.ccsdk.sli.jdbc.user=${SDNC_DB_USER}
+org.onap.ccsdk.sli.jdbc.password=${SDNC_DB_PASSWORD}
org.onap.ccsdk.sli.jdbc.connection.name=sdnctldb01
org.onap.ccsdk.sli.jdbc.connection.timeout=50
org.onap.ccsdk.sli.jdbc.request.timeout=100
#ANSIBLE
ansible.agenturl=http://{{.Values.config.ansibleServiceName}}:{{.Values.config.ansiblePort}}/Dispatch
-ansible.user=sdnc
-ansible.password=sdnc
+ansible.user=${ANSIBLE_USER}
+ansible.password=${ANSIBLE_PASSWORD}
ansible.lcm.localparameters=
ansible.nodelist=
ansible.timeout=60
lcm.restconf.configscaleout.templatefile=lcm-restconf-configscaleout.json
lcm.restconf.configscaleout.urlpath=/restconf/config/vlb-business-vnf-onap-plugin:vlb-business-vnf-onap-plugin/vdns-instances/vdns-instance/
lcm.restconf.configscaleout.geturlpath=/restconf/operational/health-vnf-onap-plugin:health-vnf-onap-plugin-state/health-check
-lcm.restconf.configscaleout.user=admin
-lcm.restconf.configscaleout.password=admin
-lcm.restconf.user=admin
-lcm.restconf.password=admin
+lcm.restconf.configscaleout.user=${SCALEOUT_USER}
+lcm.restconf.configscaleout.password=${SCALEOUT_PASSWORD}
+lcm.restconf.user=${RESTCONF_USER}
+lcm.restconf.password=${RESTCONF_PASSWORD}
lcm.restconf.port=8183
#DMAAP
# Configuration file for Netbox client
org.onap.ccsdk.sli.adaptors.netbox.url=http://netbox-app.{{.Release.Namespace}}:8001
-org.onap.ccsdk.sli.adaptors.netbox.apikey=onceuponatimeiplayedwithnetbox20180814
\ No newline at end of file
+org.onap.ccsdk.sli.adaptors.netbox.apikey=${NETBOX_API_KEY}
\ No newline at end of file
# ============LICENSE_START=======================================================
# openECOMP : SDN-C
# ================================================================================
-# Copyright (C) 2017 AT&T Intellectual Property. All rights
-# reserved.
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
###
org.onap.ccsdk.sli.dbtype = jdbc
-org.onap.ccsdk.sli.jdbc.url = jdbc:mysql://{{.Values.config.mariadbGalera.serviceName}}.{{.Release.Namespace}}:{{.Values.config.mariadbGalera.internalPort}}/sdnctl
-org.onap.ccsdk.sli.jdbc.database = sdnctl
-org.onap.ccsdk.sli.jdbc.user = sdnctl
-org.onap.ccsdk.sli.jdbc.password = {{.Values.config.dbSdnctlPassword}}
-
+org.onap.ccsdk.sli.jdbc.url = jdbc:mysql://{{include "common.mariadbService" $}}:{{include "common.mariadbPort" $}}/{{$.Values.config.dbSdnctlDatabase}}
+org.onap.ccsdk.sli.jdbc.database = {{$.Values.config.dbSdnctlDatabase}}
+org.onap.ccsdk.sli.jdbc.user = ${SDNC_DB_USER}
+org.onap.ccsdk.sli.jdbc.password = ${SDNC_DB_PASSWORD}
name: {{ include "common.name" . }}
spec:
initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: AAI_CLIENT_NAME
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aai-user-creds" "key" "login") | indent 10 }}
+ - name: AAI_CLIENT_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aai-user-creds" "key" "password") | indent 10 }}
+ - name: MODELSERVICE_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "modeling-user-creds" "key" "login") | indent 10 }}
+ - name: MODELSERVICE_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "modeling-user-creds" "key" "password") | indent 10 }}
+ - name: RESTCONF_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "restconf-creds" "key" "login") | indent 10 }}
+ - name: RESTCONF_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "restconf-creds" "key" "password") | indent 10 }}
+ - name: ANSIBLE_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "ansible-creds" "key" "login") | indent 10 }}
+ - name: ANSIBLE_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "ansible-creds" "key" "password") | indent 10 }}
+ - name: SCALEOUT_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "scaleout-creds" "key" "login") | indent 10 }}
+ - name: SCALEOUT_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "scaleout-creds" "key" "password") | indent 10 }}
+ - name: NETBOX_APIKEY
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "netbox-apikey" "key" "password") | indent 10 }}
+ - name: SDNC_DB_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ - name: SDNC_DB_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: config-input
+ - mountPath: /config
+ name: properties
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+
- name: {{ include "common.name" . }}-readiness
command:
- /root/ready.py
args:
- --container-name
- - {{ .Values.config.mariadbGalera.chartName }}
+ - {{ include "common.mariadbService" . }}
env:
- name: NAMESPACE
valueFrom:
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
- - name: MYSQL_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}
- key: db-root-password
+ - name: MYSQL_ROOT_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-password" "key" "password") | indent 12 }}
+ - name: ODL_ADMIN_USERNAME
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "login") | indent 12 }}
- name: ODL_ADMIN_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}-odl
- key: odl-password
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "password") | indent 12 }}
+ - name: SDNC_DB_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
- name: SDNC_DB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}-sdnctl
- key: db-sdnctl-password
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
- name: MYSQL_HOST
- value: "{{.Values.config.mariadbGalera.serviceName}}.{{.Release.Namespace}}"
+ value: {{ include "common.mariadbService" . }}
- name: SDNC_HOME
value: "{{.Values.config.sdncHome}}"
- name: ETC_DIR
value: "{{.Values.config.etcDir}}"
- name: BIN_DIR
value: "{{.Values.config.binDir}}"
- - name: SDNC_DB_USER
- value: "{{.Values.config.dbSdnctlUser}}"
- name: SDNC_DB_DATABASE
value: "{{.Values.config.dbSdnctlDatabase}}"
volumeMounts:
configMap:
name: {{ include "common.fullname" . }}-bin
defaultMode: 0755
- - name: properties
+ - name: config-input
configMap:
name: {{ include "common.fullname" . }}-properties
defaultMode: 0644
+ - name: properties
+ emptyDir:
+ medium: Memory
restartPolicy: Never
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
-
+++ /dev/null
-{{ if .Values.global.aafEnabled }}
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-aaf
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ .Release.Name }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
- aaf-password: {{ .Values.aaf_init.deploy_pass | b64enc | quote }}
-{{ end }}
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
- db-root-password: {{ .Values.config.dbRootPassword | b64enc | quote }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-odl
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
- odl-password: {{ .Values.config.odlPassword | b64enc | quote }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-sdnctl
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
- db-sdnctl-password: {{ .Values.config.dbSdnctlPassword | b64enc | quote }}
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secret" . }}
release: {{ include "common.release" . }}
spec:
initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: AAI_CLIENT_NAME
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aai-user-creds" "key" "login") | indent 10 }}
+ - name: AAI_CLIENT_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aai-user-creds" "key" "password") | indent 10 }}
+ - name: MODELSERVICE_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "modeling-user-creds" "key" "login") | indent 10 }}
+ - name: MODELSERVICE_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "modeling-user-creds" "key" "password") | indent 10 }}
+ - name: RESTCONF_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "restconf-creds" "key" "login") | indent 10 }}
+ - name: RESTCONF_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "restconf-creds" "key" "password") | indent 10 }}
+ - name: ANSIBLE_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "ansible-creds" "key" "login") | indent 10 }}
+ - name: ANSIBLE_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "ansible-creds" "key" "password") | indent 10 }}
+ - name: SCALEOUT_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "scaleout-creds" "key" "login") | indent 10 }}
+ - name: SCALEOUT_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "scaleout-creds" "key" "password") | indent 10 }}
+ - name: NETBOX_APIKEY
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "netbox-apikey" "key" "password") | indent 10 }}
+ - name: SDNC_DB_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ - name: SDNC_DB_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: config-input
+ - mountPath: /config
+ name: properties
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+
- command:
- /root/ready.py
args:
- --container-name
- - {{ .Values.config.mariadbGalera.chartName }}
+ - {{ include "common.mariadbService" . }}
env:
- name: NAMESPACE
valueFrom:
- name: aaf_locator_app_ns
value: "{{ .Values.aaf_init.app_ns }}"
- name: DEPLOY_FQI
- value: "{{ .Values.aaf_init.deploy_fqi }}"
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aaf-creds" "key" "login") | indent 12 }}
- name: DEPLOY_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" .}}-aaf
- key: aaf-password
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aaf-creds" "key" "password") | indent 12 }}
- name: cadi_longitude
value: "{{ .Values.aaf_init.cadi_longitude }}"
- name: cadi_latitude
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- - name: MYSQL_ROOT_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}
- key: db-root-password
- - name: ODL_ADMIN_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}-odl
- key: odl-password
- - name: SDNC_DB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}-sdnctl
- key: db-sdnctl-password
- - name: SDNC_CONFIG_DIR
- value: "{{ .Values.config.configDir }}"
- - name: ENABLE_ODL_CLUSTER
- value: "{{ .Values.config.enableClustering }}"
- - name: MY_ODL_CLUSTER
- value: "{{ .Values.config.myODLCluster }}"
- - name: PEER_ODL_CLUSTER
- value: "{{ .Values.config.peerODLCluster }}"
- - name: IS_PRIMARY_CLUSTER
- value: "{{ .Values.config.isPrimaryCluster }}"
- - name: GEO_ENABLED
- value: "{{ .Values.config.geoEnabled}}"
- - name: SDNC_AAF_ENABLED
- value: "{{ .Values.global.aafEnabled}}"
- - name: SDNC_REPLICAS
- value: "{{ .Values.replicaCount }}"
- - name: MYSQL_HOST
- value: "{{.Values.config.mariadbGalera.serviceName}}.{{.Release.Namespace}}"
- - name: JAVA_HOME
- value: "{{ .Values.config.javaHome}}"
+ - name: MYSQL_ROOT_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-password" "key" "password") | indent 12 }}
+ - name: ODL_ADMIN_USERNAME
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "login") | indent 12 }}
+ - name: ODL_ADMIN_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "password") | indent 12 }}
+ - name: SDNC_DB_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
+ - name: SDNC_DB_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
+ - name: SDNC_CONFIG_DIR
+ value: "{{ .Values.config.configDir }}"
+ - name: ENABLE_ODL_CLUSTER
+ value: "{{ .Values.config.enableClustering }}"
+ - name: MY_ODL_CLUSTER
+ value: "{{ .Values.config.myODLCluster }}"
+ - name: PEER_ODL_CLUSTER
+ value: "{{ .Values.config.peerODLCluster }}"
+ - name: IS_PRIMARY_CLUSTER
+ value: "{{ .Values.config.isPrimaryCluster }}"
+ - name: GEO_ENABLED
+ value: "{{ .Values.config.geoEnabled}}"
+ - name: SDNC_AAF_ENABLED
+ value: "{{ .Values.global.aafEnabled}}"
+ - name: SDNC_REPLICAS
+ value: "{{ .Values.replicaCount }}"
+ - name: MYSQL_HOST
+ value: {{ include "common.mariadbService" . }}
+ - name: JAVA_HOME
+ value: "{{ .Values.config.javaHome}}"
volumeMounts:
- mountPath: /etc/localtime
name: localtime
configMap:
name: {{ include "common.fullname" . }}-bin
defaultMode: 0755
- - name: properties
+ - name: config-input
configMap:
name: {{ include "common.fullname" . }}-properties
defaultMode: 0644
+ - name: properties
+ emptyDir:
+ medium: Memory
- name: {{ include "common.fullname" . }}-certs
{{ if .Values.certpersistence.enabled }}
persistentVolumeClaim:
persistence:
mountPath: /dockerdata-nfs
aafEnabled: true
+ # envsusbt
+ envsubstImage: dibi/envsubst
+ mariadbGalera:
+ #This flag allows SO to instantiate its own mariadb-galera cluster
+ #If shared instance is used, this chart assumes that DB already exists
+ localCluster: false
+ service: mariadb-galera
+ internalPort: 3306
+ nameOverride: mariadb-galera
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-root-password
+ name: '{{ include "common.release" . }}-sdnc-db-root-password'
+ type: password
+ externalSecret: '{{ .Values.global.mariadbGalera.localCluster | ternary (default (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (index .Values "mariadb-galera" "nameOverride"))) (index .Values "mariadb-galera" "config" "mariadbRootPasswordExternalSecret")) (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) }}'
+ password: '{{ (index .Values "mariadb-galera" "config" "mariadbRootPassword" }}'
+ - uid: db-secret
+ name: &dbSecretName '{{ include "common.release" . }}-sdnc-db-secret'
+ type: basicAuth
+ # This is a nasty trick that allows you override this secret using external one
+ # with the same field that is used to pass this to subchart
+ externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "sdnc-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}'
+ login: '{{ index .Values "mariadb-galera" "config" "userName" }}'
+ password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}'
+ - uid: odl-creds
+ name: &odlCredsSecretName '{{ include "common.release" . }}-sdnc-odl-creds'
+ type: basicAuth
+ externalSecret: '{{ .Values.config.odlCredsExternalSecret }}'
+ login: '{{ .Values.config.odlUser }}'
+ password: '{{ .Values.config.odlPassword }}'
+ # For now this is left hardcoded but should be revisited in a future
+ passwordPolicy: required
+ - uid: aaf-creds
+ type: basicAuth
+ externalSecret: '{{ ternary (tpl (default "" .Values.aaf_init.aafDeployCredsExternalSecret) .) "aafIsDiabled" .Values.global.aafEnabled }}'
+ login: '{{ .Values.aaf_init.deploy_fqi }}'
+ password: '{{ .Values.aaf_init.deploy_pass }}'
+ passwordPolicy: required
+ - uid: netbox-apikey
+ type: password
+ externalSecret: '{{ .Values.config.netboxApikeyExternalSecret }}'
+ password: '{{ .Values.config.netboxApikey }}'
+ passwordPolicy: required
+ - uid: aai-user-creds
+ type: basicAuth
+ externalSecret: '{{ .Values.config.aaiCredsExternalSecret}}'
+ login: '{{ .Values.config.aaiUser }}'
+ password: '{{ .Values.config.aaiPassword }}'
+ passwordPolicy: required
+ - uid: modeling-user-creds
+ type: basicAuth
+ externalSecret: '{{ .Values.config.modelingCredsExternalSecret}}'
+ login: '{{ .Values.config.modelingUser }}'
+ password: '{{ .Values.config.modelingPassword }}'
+ passwordPolicy: required
+ - uid: restconf-creds
+ type: basicAuth
+ externalSecret: '{{ .Values.config.restconfCredsExternalSecret}}'
+ login: '{{ .Values.config.restconfUser }}'
+ password: '{{ .Values.config.restconfPassword }}'
+ passwordPolicy: required
+ - uid: ansible-creds
+ name: &ansibleSecretName '{{ include "common.release" . }}-sdnc-ansible-creds'
+ type: basicAuth
+ externalSecret: '{{ .Values.config.ansibleCredsExternalSecret}}'
+ login: '{{ .Values.config.ansibleUser }}'
+ password: '{{ .Values.config.ansiblePassword }}'
+ passwordPolicy: required
+ - uid: scaleout-creds
+ type: basicAuth
+ externalSecret: '{{ .Values.config.scaleoutCredsExternalSecret}}'
+ login: '{{ .Values.config.scaleoutUser }}'
+ password: '{{ .Values.config.scaleoutPassword }}'
+ passwordPolicy: required
#################################################################
# Application configuration defaults.
config:
odlUid: 100
odlGid: 101
+ odlUser: admin
odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
- dbRootPassword: secretpassword
- dbSdnctlUser: sdnctl
- dbSdnctlDatabase: sdnctl
- dbSdnctlPassword: gamma
+ # odlCredsExternalSecret: some secret
+ netboxApikey: onceuponatimeiplayedwithnetbox20180814
+ # netboxApikeyExternalSecret: some secret
+ aaiUser: sdnc@sdnc.onap.org
+ aaiPassword: demo123456!
+ # aaiCredsExternalSecret: some secret
+ modelingUser: ccsdkapps
+ modelingPassword: ccsdkapps
+ # modelingCredsExternalSecret: some secret
+ restconfUser: admin
+ restconfPassword: admin
+ # restconfCredsExternalSecret: some secret
+ scaleoutUser: admin
+ scaleoutPassword: admin
+ # scaleoutExternalSecret: some secret
+ ansibleUser: sdnc
+ ansiblePassword: sdnc
+ # ansibleCredsExternalSecret: some secret
+ dbSdnctlDatabase: &sdncDbName sdnctl
enableClustering: true
sdncHome: /opt/onap/sdnc
binDir: /opt/onap/sdnc/bin
parallelGCThreads : 3
numberGGLogFiles: 10
-
-
- #local Mariadb-galera cluster
- localDBCluster: false
-
- #Shared mariadb-galera details
- mariadbGalera:
- chartName: mariadb-galera
- serviceName: mariadb-galera
- internalPort: 3306
-
# dependency / sub-chart configuration
aaf_init:
agentImage: onap/aaf/aaf_agent:2.1.15
cadi_latitude: "38.0"
cadi_longitude: "-72.0"
+mariadb-galera: &mariadbGalera
+ nameOverride: sdnc-db
+ config:
+ rootPasswordExternalSecret: '{{ ternary (include "common.release" .)-sdnc-db-root-password "" .Values.global.mariadbGalera.localCluster }}'
+ userName: sdnctl
+ userCredentialsExternalSecret: *dbSecretName
+ service:
+ name: sdnc-dbhost
+ internalPort: 3306
+ sdnctlPrefix: sdnc
+ persistence:
+ mountSubPath: sdnc/mariadb-galera
+ enabled: true
+ replicaCount: 1
+
cds:
enabled: false
dmaap-listener:
nameOverride: sdnc-dmaap-listener
+ mariadb-galera:
+ << : *mariadbGalera
+ config:
+ mysqlDatabase: *sdncDbName
config:
sdncChartName: sdnc
- mysqlChartName: mariadb-galera
dmaapPort: 3904
sdncPort: 8282
configDir: /opt/onap/sdnc/data/properties
- odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+ odlCredsExternalSecret: *odlCredsSecretName
ueb-listener:
+ mariadb-galera:
+ << : *mariadbGalera
+ config:
+ mysqlDatabase: *sdncDbName
nameOverride: sdnc-ueb-listener
config:
sdncPort: 8282
sdncChartName: sdnc
- mysqlChartName: mariadb-galera
configDir: /opt/onap/sdnc/data/properties
- odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+ odlCredsExternalSecret: *odlCredsSecretName
sdnc-portal:
+ mariadb-galera:
+ << : *mariadbGalera
+ config:
+ mysqlDatabase: *sdncDbName
config:
sdncChartName: sdnc
- mysqlChartName: mariadb-galera
configDir: /opt/onap/sdnc/data/properties
- dbRootPassword: secretpassword
- dbSdnctlPassword: gamma
- odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+ odlCredsExternalSecret: *odlCredsSecretName
sdnc-ansible-server:
+ config:
+ restCredsExternalSecret: *ansibleSecretName
+ mariadb-galera:
+ << : *mariadbGalera
+ config:
+ mysqlDatabase: ansible
service:
name: sdnc-ansible-server
internalPort: 8000
- config:
- mysqlServiceName: mariadb-galera
-
-mariadb-galera:
- nameOverride: sdnc-db
- service:
- name: sdnc-dbhost
- internalPort: 3306
- sdnctlPrefix: sdnc
- persistence:
- mountSubPath: sdnc/mariadb-galera
- enabled: true
- replicaCount: 1
dgbuilder:
nameOverride: sdnc-dgbuilder
config:
+ db:
+ dbName: *sdncDbName
+ rootPasswordExternalSecret: '{{ ternary (printf "%s-sdnc-db-root-password" (include "common.release" .)) (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" "mariadb-galera")) .Values.global.mariadbGalera.localCluster }}'
+ userCredentialsExternalSecret: *dbSecretName
dbPodName: mariadb-galera
dbServiceName: mariadb-galera
- dbRootPassword: secretpassword
- dbSdnctlPassword: gamma
+ # This should be revisited and changed to plain text
dgUserPassword: cc03e747a6afbbcbf8be7668acfebee5
+ mariadb-galera:
service:
name: sdnc-dgbuilder
nodePort: "03"
si:
svc:
types: PORT-MIRROR,PPROBE
+ dmaap:
+ host: http://message-router.{{ include "common.namespace" . }}:3904
+ timeout: 30000
+ lcm:
+ path: '/restconf/operations/LCM:'
+ actionTimeout: 300000
+ dmapp:
+ readTopic: SDNC-LCM-WRITE
+ writeTopic: SDNC-LCM-READ
appc:
client:
topic:
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-log
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
+
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.readwrite.port
- name: DB_USERNAME
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.rolename
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- name: DB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.password
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
- name: DB_ADMIN_USERNAME
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.rolename
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- name: DB_ADMIN_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.password
- {{- if eq .Values.global.security.aaf.enabled true }}
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
+ {{- if eq .Values.global.security.aaf.enabled true }}
- name: TRUSTSTORE
value: /app/org.onap.so.trust.jks
- name: TRUSTSTORE_PASSWORD
- name: config
mountPath: /app/config
readOnly: true
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
{{ include "helpers.livenessProbe" .| indent 8 }}
ports:
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
protocol: TCP
+ # Filebeat sidecar container
+ - name: {{ include "common.name" . }}-filebeat-onap
+ image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ mountPath: /usr/share/filebeat/data
+ - name: logs
+ mountPath: /var/log/onap/so
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
volumes:
- name: logs
emptyDir: {}
- name: config
configMap:
name: {{ include "common.fullname" . }}-app-configmap
+ - name: {{ include "common.fullname" . }}-log-conf
+ configMap:
+ name: {{ include "common.fullname" . }}-log
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ configMap:
+ name: {{ .Release.Name }}-so-filebeat-configmap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secret" . }}
persistence:
mountPath: /dockerdata-nfs
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-user-creds
+ name: '{{ include "common.release" . }}-so-bpmn-infra-db-user-creds'
+ type: basicAuth
+ externalSecret: '{{ .Values.db.userCredsExternalSecret }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ passwordPolicy: required
+ - uid: db-admin-creds
+ name: '{{ include "common.release" . }}-so-bpmn-infra-db-admin-creds'
+ type: basicAuth
+ externalSecret: '{{ .Values.db.adminCredsExternalSecret }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ passwordPolicy: required
+
+
#################################################################
# Application configuration defaults.
#################################################################
image: onap/so/bpmn-infra:1.5.3
pullPolicy: Always
+db:
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
replicaCount: 1
minReadySeconds: 10
containerPort: 8081
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.readwrite.port
- name: DB_USERNAME
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.rolename
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- name: DB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.password
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
- name: DB_ADMIN_USERNAME
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.rolename
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- name: DB_ADMIN_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.password
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
{{- if eq .Values.global.security.aaf.enabled true }}
- name: TRUSTSTORE
value: /app/org.onap.so.trust.jks
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secret" . }}
persistence:
mountPath: /dockerdata-nfs
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-user-creds
+ name: '{{ include "common.release" . }}-so-catalog-db-adapter-db-user-creds'
+ type: basicAuth
+ externalSecret: '{{ .Values.db.userCredsExternalSecret }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ passwordPolicy: required
+ - uid: db-admin-creds
+ name: '{{ include "common.release" . }}-so-catalog-db-adapter-db-admin-creds'
+ type: basicAuth
+ externalSecret: '{{ .Values.db.adminCredsExternalSecret }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ passwordPolicy: required
+
#################################################################
# Application configuration defaults.
#################################################################
image: onap/so/catalog-db-adapter:1.5.3
pullPolicy: Always
+db:
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
+
replicaCount: 1
minReadySeconds: 10
containerPort: 8082
auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.encrypted "value2" .Values.mso.auth )}}
logPath: ./logs/openstack
msb-ip: msb-iag.{{ include "common.namespace" . }}
- msb-port: 80
+ msb-port: 443
+ msb-scheme: https
workflow:
endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/sobpmnengine
msoKey: {{ .Values.mso.msoKey }}
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-log
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
\ No newline at end of file
- name: config
mountPath: /app/config
readOnly: true
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
{{ include "helpers.livenessProbe" .| indent 8 }}
ports:
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
protocol: TCP
+ # Filebeat sidecar container
+ - name: {{ include "common.name" . }}-filebeat-onap
+ image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ mountPath: /usr/share/filebeat/data
+ - name: logs
+ mountPath: /var/log/onap/so
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
volumes:
- name: logs
emptyDir: {}
- name: config
configMap:
name: {{ include "common.fullname" . }}-app-configmap
+ - name: {{ include "common.fullname" . }}-log-conf
+ configMap:
+ name: {{ include "common.fullname" . }}-log
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ configMap:
+ name: {{ .Release.Name }}-so-filebeat-configmap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-log
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
- name: config
mountPath: /app/config
readOnly: true
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
{{ include "helpers.livenessProbe" .| indent 8 }}
ports:
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
protocol: TCP
+ # Filebeat sidecar container
+ - name: {{ include "common.name" . }}-filebeat-onap
+ image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ mountPath: /usr/share/filebeat/data
+ - name: logs
+ mountPath: /var/log/onap/so
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
volumes:
- name: logs
emptyDir: {}
- name: config
configMap:
name: {{ include "common.fullname" . }}-app-configmap
+ - name: {{ include "common.fullname" . }}-log-conf
+ configMap:
+ name: {{ include "common.fullname" . }}-log
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ configMap:
+ name: {{ .Release.Name }}-so-filebeat-configmap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
sdncurl7: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/L3UCPE-API:'
sdncurl8: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/NBNC-API:'
sdncurl9: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/NORTHBOUND-API:service-topology-operation'
+ sdncurl20: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/LCM:'
service:
infra:
service-topology-infra-activate-operation: POST|90000|sdncurl9|sdnc-request-header|com:att:sdnctl:northbound-api:v1
vfmodule:
'':
query: GET|60000|sdncurl12|
+ lcm:
+ download-n-e-sw: POST|1800000|sdncurl20|common-header|org:onap:ccsdk:sli:northbound:lcm
+ activate-n-e-sw: POST|300000|sdncurl20|common-header|org:onap:ccsdk:sli:northbound:lcm
+ upgrade-pre-check: POST|180000|sdncurl20|common-header|org:onap:ccsdk:sli:northbound:lcm
+ upgrade-post-check: POST|180000|sdncurl20|common-header|org:onap:ccsdk:sli:northbound:lcm
+ default: POST|180000|sdncurl20|common-header|org:onap:ccsdk:sli:northbound:lcm
network:
encryptionKey: {{ index .Values.org.onap.so.adapters.sdnc.network.encryptionKey }}
spring:
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-log
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
- name: config
mountPath: /app/config
readOnly: true
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
{{ include "helpers.livenessProbe" .| indent 8 }}
ports:
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
protocol: TCP
+ # Filebeat sidecar container
+ - name: {{ include "common.name" . }}-filebeat-onap
+ image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ mountPath: /usr/share/filebeat/data
+ - name: logs
+ mountPath: /var/log/onap/so
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
volumes:
- name: logs
emptyDir: {}
- name: config
configMap:
name: {{ include "common.fullname" . }}-app-configmap
+ - name: {{ include "common.fullname" . }}-log-conf
+ configMap:
+ name: {{ include "common.fullname" . }}-log
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ configMap:
+ name: {{ .Release.Name }}-so-filebeat-configmap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-log
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/log/filebeat/filebeat.yml").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ .Release.Name }}-so-filebeat-configmap
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/log/filebeat/filebeat.yml").AsConfig . | indent 2 }}
- name: config
mountPath: /app/config
readOnly: true
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
{{ include "helpers.livenessProbe" .| indent 8 }}
ports:
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
protocol: TCP
+ # Filebeat sidecar container
+ - name: {{ include "common.name" . }}-filebeat-onap
+ image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ mountPath: /usr/share/filebeat/data
+ - name: logs
+ mountPath: /var/log/onap/so
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
volumes:
- name: logs
emptyDir: {}
- name: config
configMap:
name: {{ include "common.fullname" . }}-app-configmap
+ - name: {{ include "common.fullname" . }}-log-conf
+ configMap:
+ name: {{ include "common.fullname" . }}-log
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ configMap:
+ name: {{ .Release.Name }}-so-filebeat-configmap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
repository: nexus3.onap.org:10001
readinessRepository: oomk8s
readinessImage: readiness-check:2.0.2
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
mariadbGalera:
nameOverride: mariadb-galera
serviceName: mariadb-galera
nodeSelector: {}
affinity: {}
+# application configuration
+config:
+ logstashServiceName: log-ls
+ logstashPort: 5044
+
+
#Used only if localCluster is enabled. Instantiates SO's own cassandra cluster
#helm deploy demo local/onap --namespace onap --verbose --set so.enabled=true \
# --set so.global.mariadbGalera.localCluster=true \
resources:
small:
limits:
- cpu: 250m
- memory: 500Mi
+ cpu: 1.5
+ memory: 350Mi
requests:
- cpu: 250m
- memory: 500Mi
+ cpu: 1
+ memory: 245Mi
large:
limits:
- cpu: 500m
+ cpu: 2
memory: 500Mi
requests:
- cpu: 500m
+ cpu: 1
memory: 500Mi
unlimited: {}
- /root/ready.py
args:
- --container-name
- - vfc-mariadb
+ - {{ .Values.config.mariadbService }}
env:
- name: NAMESPACE
valueFrom:
name: {{ include "common.name" . }}-readiness
containers:
- name: {{ include "common.name" . }}
+ command:
+ - sh
+ args:
+ - -c
+ - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh'
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
- name: MSB_ADDR
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: MYSQL_ADDR
- value: "{{ .Values.global.config.dbServiceName }}:{{ .Values.global.config.dbPort }}"
- - name: MYSQL_AUTH
- value: "{{ .Values.global.config.dbUser }}:{{ .Values.global.config.mariadbRootPassword }}"
+ value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
+ - name: MYSQL_ROOT_USER
+ value: "{{ .Values.global.config.mariadb_admin }}"
+ - name: MYSQL_ROOT_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}}
- name: REDIS_ADDR
value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
volumeMounts:
--- /dev/null
+# Copyright (c) 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secret" . }}
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: "db-root-pass"
+ externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}'
+ type: password
+ password: '{{ .Values.config.mariadbRootPassword }}'
+ policy: required
+
#################################################################
# Application configuration defaults.
#################################################################
debugEnabled: false
# application configuration
-config: {}
+config:
+ mariadbService: vfc-mariadb
+ mariadbPort: 3306
+ # mariadbRootPassword: secretpassword
+ # mariadbRootPasswordExternalSecret: some secret
# default number of instances
replicaCount: 1
requests:
cpu: 200m
memory: 500Mi
- unlimited: {}
\ No newline at end of file
+ unlimited: {}
- /root/ready.py
args:
- --container-name
- - vfc-mariadb
+ - {{ .Values.config.mariadbService }}
env:
- name: NAMESPACE
valueFrom:
name: {{ include "common.name" . }}-readiness
containers:
- name: {{ include "common.name" . }}
+ command:
+ - sh
+ args:
+ - -c
+ - 'MYSQL_AUTH=${MYSQL_ROOT_USER}:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh'
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
- name: MSB_ADDR
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: MYSQL_ADDR
- value: "{{ .Values.global.config.dbServiceName }}:{{ .Values.global.config.dbPort }}"
- - name: MYSQL_AUTH
- value: "{{ .Values.global.config.dbUser }}:{{ .Values.global.config.mariadbRootPassword }}"
+ value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
+ - name: MYSQL_ROOT_USER
+ value: "{{ .Values.global.config.mariadb_admin }}"
+ - name: MYSQL_ROOT_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}}
- name: REDIS_ADDR
value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
- name: REG_TO_MSB_WHEN_START
--- /dev/null
+# Copyright (c) 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secret" . }}
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: "db-root-pass"
+ externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}'
+ type: password
+ password: '{{ .Values.config.mariadbRootPassword }}'
+ policy: required
+
#################################################################
# Application configuration defaults.
#################################################################
debugEnabled: false
# application configuration
-config: {}
+config:
+ mariadbService: vfc-mariadb
+ mariadbPort: 3306
+ # mariadbRootPassword: secretpassword
+ # mariadbRootPasswordExternalSecret: some secret
+
# default number of instances
replicaCount: 1
requests:
cpu: 200m
memory: 500Mi
- unlimited: {}
\ No newline at end of file
+ unlimited: {}
- /root/ready.py
args:
- --container-name
- - vfc-mariadb
+ - {{ .Values.config.mariadbService }}
env:
- name: NAMESPACE
valueFrom:
name: {{ include "common.name" . }}-readiness
containers:
- name: {{ include "common.name" . }}
+ command:
+ - sh
+ args:
+ - -c
+ - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh'
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
- name: MSB_ADDR
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: MYSQL_ADDR
- value: "{{ .Values.global.config.dbServiceName }}:{{ .Values.global.config.dbPort }}"
- - name: MYSQL_AUTH
- value: "{{ .Values.global.config.dbUser }}:{{ .Values.global.config.mariadbRootPassword }}"
+ value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
+ - name: MYSQL_ROOT_USER
+ value: "{{ .Values.global.config.mariadb_admin }}"
+ - name: MYSQL_ROOT_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}}
- name: REDIS_ADDR
value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
volumeMounts:
--- /dev/null
+# Copyright (c) 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secret" . }}
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: "db-root-pass"
+ externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}'
+ type: password
+ password: '{{ .Values.config.mariadbRootPassword }}'
+ policy: required
+
#################################################################
# Application configuration defaults.
#################################################################
debugEnabled: false
# application configuration
-config: {}
+config:
+ mariadbService: vfc-mariadb
+ mariadbPort: 3306
+ # mariadbRootPassword: secretpassword
+ # mariadbRootPasswordExternalSecret: some secret
+
# default number of instances
replicaCount: 1
requests:
cpu: 200m
memory: 500Mi
- unlimited: {}
\ No newline at end of file
+ unlimited: {}
- /root/ready.py
args:
- --container-name
- - vfc-mariadb
+ - {{ .Values.config.mariadbService }}
env:
- name: NAMESPACE
valueFrom:
name: {{ include "common.name" . }}-readiness
containers:
- name: {{ include "common.name" . }}
+ command:
+ - sh
+ args:
+ - -c
+ - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh'
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
- name: MSB_ADDR
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: MYSQL_ADDR
- value: "{{ .Values.global.config.dbServiceName }}:{{ .Values.global.config.dbPort }}"
+ value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
- name: REDIS_ADDR
value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
- - name: MYSQL_AUTH
- value: "{{ .Values.global.config.dbUser }}:{{ .Values.global.config.mariadbRootPassword }}"
+ - name: MYSQL_ROOT_USER
+ value: "{{ .Values.global.config.mariadb_admin }}"
+ - name: MYSQL_ROOT_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}}
volumeMounts:
- name: {{ include "common.fullname" . }}-localtime
--- /dev/null
+# Copyright (c) 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secret" . }}
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: "db-root-pass"
+ externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}'
+ type: password
+ password: '{{ .Values.config.mariadbRootPassword }}'
+ policy: required
+
#################################################################
# Application configuration defaults.
#################################################################
debugEnabled: false
# application configuration
-config: {}
+config:
+ mariadbService: vfc-mariadb
+ mariadbPort: 3306
+ # mariadbRootPassword: secretpassword
+ # mariadbRootPasswordExternalSecret: some secret
# default number of instances
replicaCount: 1
requests:
cpu: 200m
memory: 500Mi
- unlimited: {}
\ No newline at end of file
+ unlimited: {}
- /root/ready.py
args:
- --container-name
- - vfc-mariadb
+ - {{ .Values.config.mariadbService }}
env:
- name: NAMESPACE
valueFrom:
name: {{ include "common.name" . }}-readiness
containers:
- name: {{ include "common.name" . }}
+ command:
+ - sh
+ args:
+ - -c
+ - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh'
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
- name: MSB_ADDR
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: MYSQL_ADDR
- value: "{{ .Values.global.config.dbServiceName }}:{{ .Values.global.config.dbPort }}"
+ value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
- name: REDIS_ADDR
value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
- - name: MYSQL_AUTH
- value: "{{ .Values.global.config.dbUser }}:{{ .Values.global.config.mariadbRootPassword }}"
+ - name: MYSQL_ROOT_USER
+ value: "{{ .Values.global.config.mariadb_admin }}"
+ - name: MYSQL_ROOT_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}}
+
volumeMounts:
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
--- /dev/null
+# Copyright (c) 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secret" . }}
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: "db-root-pass"
+ externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}'
+ type: password
+ password: '{{ .Values.config.mariadbRootPassword }}'
+ policy: required
+
#################################################################
# Application configuration defaults.
#################################################################
debugEnabled: false
# application configuration
-config: {}
+config:
+ mariadbService: vfc-mariadb
+ mariadbPort: 3306
+ # mariadbRootPassword: secretpassword
+ # mariadbRootPasswordExternalSecret: some secret
+
# default number of instances
replicaCount: 1
requests:
cpu: 200m
memory: 500Mi
- unlimited: {}
\ No newline at end of file
+ unlimited: {}
--- /dev/null
+# Copyright (c) 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secret" . }}
msbprotocol: https
msbServiceName: msb-iag
msbPort: 443
- dbServiceName: vfc-db
- dbPort: 3306
- dbUser: root
- mariadbRootPassword: secretpassword
redisServiceName: vfc-redis
redisPort: 6379
reg_to_msb_when_start: False
+ mariadb_admin: root
persistence:
mountPath: /dockerdata-nfs
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: "db-root-pass"
+ name: &dbRootPassSecret '{{ include "common.release" . }}-vfc-db-root-pass'
+ type: password
+ password: '{{ .Values.config.mariadbRootPassword }}'
+
# application configuration
config:
logstashServiceName: log-ls
logstashPort: 5044
mariadb-galera:
+ config:
+ mariadbRootPasswordExternalSecret: *dbRootPassSecret
nameOverride: vfc-mariadb
service:
- name: vfc-db
- portName: vfc-db
+ name: vfc-mariadb
+ portName: vfc-mariadb
nfsprovisionerPrefix: vfc
persistence:
mountSubPath: vfc/data
enabled: true
disableNfsProvisioner: true
-catalog:
+db: &dbConfig
+ mariadbService: vfc-mariadb
+ mariadbPort: 3306
+ mariadbRootPasswordExternalSecret: *dbRootPassSecret
+
+vfc-catalog:
config:
- dbPodName: vfc-db
- dbServiceName: vfc-db
-nslcm:
+ << : *dbConfig
+
+vfc-nslcm:
+ config:
+ << : *dbConfig
+
+vfc-vnflcm:
config:
- dbPodName: vfc-db
- dbServiceName: vfc-db
+ << : *dbConfig
+
+vfc-vnfmgr:
+ config:
+ << : *dbConfig
+
+vfc-vnfres:
+ config:
+ << : *dbConfig
+
# sub-chart configuration
vfc-workflow:
service: