--- /dev/null
+Project,ONAP Certificate,Own Certificate,MSB Certificate,Path
+AAF,No,Yes,No,aaf/charts/aaf-cert-service/resources/
+AAF,Yes,No,No,aaf/components/aaf-sms/resources/certs/intermediate_root_ca.pem
+AAI,Yes,No,No,aai/oom/resources/config/haproxy/aai.pem
+AAI,Yes,No,No,aai/oom/resources/config/aai/aai_keystore
+AAI/SEARCH-DATA,Yes,No,No,aai/oom/components/aai-search-data/resources/config/auth/tomcat_keystore
+AAI/SPARKY-BE,Yes,No,No,aai/oom/components/aai-spary-be/resources/config/auth/org.onap.aai.p12
+AAI/BABEL,No,Yes,No,aai/oom/components/aai-babel/resources/config/auth/tomcat_keystore
+AAI/MODEL-LOADER,Yes,Yes,No,aai/oom/components/aai-model-loaderresources/config/auth/tomcat_keystore
+APPC,Yes,No,No,kubernetes/appc/resources/config/certs/org.onap.appc.keyfile
+APPC,Yes,No,No,kubernetes/appc/resources/config/certs/org.onap.appc.p12
+certInitializer,Yes,No,No,kubernetes/common/certInitializer/resources
+MSB,Yes,No?,Yes,kubernetes/msb/resources/config/certificates
+MUSIC,Yes,No?,No?,kubernetes/common/music/charts/music/resources/keys/
+SDC,Yes,No?,No?,kubernetes/sdc/resources/cert
+SO,Yes,No?,Yes,kubernetes/so/resources/config/certificates
+SO/BPMN,Yes,No?,Yes,kubernetes/so/resources/config/certificates
+SO/Catalog,Yes,No?,Yes,kubernetes/so/resources/config/certificates
+SO/Monitoring,Yes,No?,Yes,kubernetes/so/resources/config/certificates
+SO/OpenStack,Yes,No?,Yes,kubernetes/so/resources/config/certificates
+SO/RequestDb,Yes,No?,Yes,kubernetes/so/resources/config/certificates
+SO/SDC,Yes,No?,Yes,kubernetes/so/resources/config/certificates
+SO/SDNC,Yes,No?,Yes,kubernetes/so/resources/config/certificates
+SO/VE/VNFM,Yes,No?,Yes,kubernetes/so/resources/config/certificates
+SO/VFC,Yes,No?,Yes,kubernetes/so/resources/config/certificates
+SO/VNFM,Yes,No?,Yes,kubernetes/so/resources/config/certificates
+SO/VNFM,No,Yes?,Yes,kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jks
+VID,No,Yes,No,kubernetes/vid/resources/cert
+OOF/OOF-CMSO,Yes,No,No,kubernetes/oof/charts/oof-cmso/resources/certs
+OOF/OOF-HAS,Yes,No,No,kubernetes/oof/charts/oof-has/resources/config
+OOF/OOF-OSDF,Yes,No,No,kubernetes/oof/resources/config
+CLI,No,Yes,No,kubernetes/cli/resources/certificates
-.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. This work is licensed under a Creative Commons Attribution 4.0
+.. International License.
.. http://creativecommons.org/licenses/by/4.0
-.. Copyright 2018 Amdocs, Bell Canada
+.. Copyright 2018-2020 Amdocs, Bell Canada, Orange, Samsung
.. _master_index:
.. This work is licensed under a Creative Commons Attribution 4.0
.. International License.
.. http://creativecommons.org/licenses/by/4.0
-.. Copyright 2019 Amdocs, Bell Canada
+.. Copyright 2019-2020 Amdocs, Bell Canada, Orange, Samsung
.. _oom_cloud_setup_guide:
.. Links
.. - IBM, and
.. - `Openstack`_.
..
-.. #. Alternatively, OOM can be deployed on a private set of physical hosts or VMs
-.. (or even a combination of the two). The following guides describe how to
-.. create a Kubernetes cluster with popular tools:
+.. #. Alternatively, OOM can be deployed on a private set of physical hosts or
+.. VMs (or even a combination of the two). The following guides describe how
+.. to create a Kubernetes cluster with popular tools:
..
.. - `Setting up Kubernetes with Rancher`_ (recommended)
.. - `Setting up Kubernetes with Kubeadm`_
combination of the two). The following guide describe the recommended method to
setup a Kubernetes cluster: :ref:`onap-on-kubernetes-with-rancher`.
-There are alternative deployment methods described on the `Cloud Native Deployment Wiki`_
+There are alternative deployment methods described on the
+`Cloud Native Deployment Wiki`_
-.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. This work is licensed under a Creative Commons Attribution 4.0
+.. International License.
.. http://creativecommons.org/licenses/by/4.0
-.. Copyright 2018 Amdocs, Bell Canada
+.. Copyright 2018-2020 Amdocs, Bell Canada, Orange, Samsung
.. Links
.. _Helm: https://docs.helm.sh/
You can use either `charts` or `components` folder for your subcomponents.
`charts` folder means that the subcomponent will always been deployed.
-`components` folders means we can choose if we want to deploy the sub component.
+`components` folders means we can choose if we want to deploy the
+subcomponent.
This choice is done in root `values.yaml`:
app.kubernetes.io/instance: my-deployment-name-of-my-component
type: NodePort
-In the deployment or statefulSet file, you needs to set the good labels in order
-for the service to match the pods.
+In the deployment or statefulSet file, you needs to set the good labels in
+order for the service to match the pods.
-here's an example to be sure it matchs (for a statefulSet):
+here's an example to be sure it matches (for a statefulSet):
.. code-block:: yaml
integration will be done:
A registrator to push the service endpoint info to MSB service
-discovery.Â
+discovery.
- The needed service endpoint info is put into the kubernetes yaml file
as annotation, including service name, Protocol,version, visual
-.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. This work is licensed under a Creative Commons Attribution 4.0
+.. International License.
.. http://creativecommons.org/licenses/by/4.0
.. Copyright 2018 Amdocs, Bell Canada, 2020 Nokia Solutions and Networks
.. Links
-.. _hardcoded-certiticates-label:
+.. _hardcoded-certificates-label:
ONAP Hardcoded certificates
###########################
ONAP current installation have hardcoded certificates.
Here's the list of these certificates:
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | Project | ONAP Certificate | Own Certificate | MSB Certificate | Path |
- +==================+==================+==================+=================+==========================================================================+
- | AAF | No | Yes | No | aaf/charts/aaf-cert-service/resources/ |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | AAF | Yes | No | No | aaf/components/aaf-sms/resources/certs/intermediate_root_ca.pem |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | AAI | Yes | No | No | aai/oom/resources/config/haproxy/aai.pem |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | AAI | Yes | No | No | aai/oom/resources/config/aai/aai_keystore |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | AAI/SEARCH-DATA | Yes | No | No | aai/oom/components/aai-search-data/resources/config/auth/tomcat_keystore |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | AAI/SPARKY-BE | Yes | No | No | aai/oom/components/aai-spary-be/resources/config/auth/org.onap.aai.p12 |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | AAI/BABEL | No | Yes | No | aai/oom/components/aai-babel/resources/config/auth/tomcat_keystore |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | AAI/MODEL-LOADER | Yes | Yes | No | aai/oom/components/aai-model-loaderresources/config/auth/tomcat_keystore |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | APPC | Yes | No | No | kubernetes/appc/resources/config/certs/org.onap.appc.keyfile |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | APPC | Yes | No | No | kubernetes/appc/resources/config/certs/org.onap.appc.p12 |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | certInitializer | Yes | No | No | kubernetes/common/certInitializer/resources |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | MSB | Yes | No? | Yes | kubernetes/msb/resources/config/certificates |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | MUSIC | Yes | No? | No? | kubernetes/common/music/charts/music/resources/keys/ |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | SDC | Yes | No? | No? | kubernetes/sdc/resources/cert |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | SO | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | SO/BPMN | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | SO/Catalog | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | SO/Monitoring | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | SO/OpenStack | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | SO/RequestDb | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | SO/SDC | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | SO/SDNC | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | SO/VE/VNFM | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | SO/VFC | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | SO/VNFM | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | SO/VNFM | No | Yes? | Yes | kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jks |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | VID | No | Yes | No | kubernetes/vid/resources/cert |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | OOF/OOF-CMSO | Yes | No | No | kubernetes/oof/charts/oof-cmso/resources/certs |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | OOF/OOF-HAS | Yes | No | No | kubernetes/oof/charts/oof-has/resources/config |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | OOF/OOF-OSDF | Yes | No | No | kubernetes/oof/resources/config |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | CLI | No | Yes | No | kubernetes/cli/resources/certificates |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
+.. csv-table::
+ :file: hardcoded_certificates.csv
-.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. This work is licensed under a Creative Commons Attribution 4.0
+.. International License.
.. http://creativecommons.org/licenses/by/4.0
-.. Copyright 2018 Amdocs, Bell Canada
+.. Copyright 2018-2020 Amdocs, Bell Canada, Orange, Samsung
.. _oom_project_description:
ONAP Operations Manager Project
- **Deploy** - with built-in component dependency management
- **Configure** - unified configuration across all ONAP components
-- **Monitor** - real-time health monitoring feeding to a Consul UI and Kubernetes
+- **Monitor** - real-time health monitoring feeding to a Consul UI and
+ Kubernetes
- **Heal**- failed ONAP containers are recreated automatically
- **Scale** - cluster ONAP services to enable seamless scaling
-- **Upgrade** - change-out containers or configuration with little or no service impact
+- **Upgrade** - change-out containers or configuration with little or no
+ service impact
- **Delete** - cleanup individual containers or entire deployments
OOM supports a wide variety of Kubernetes private clouds - built with Rancher,
-Kubeadm or Cloudify - and public cloud infrastructures such as: Microsoft Azure,
-Amazon AWS, Google GCD, VMware VIO, and Openstack.
+Kubeadm or Cloudify - and public cloud infrastructures such as: Microsoft
+Azure, Amazon AWS, Google GCD, VMware VIO, and OpenStack.
-The OOM documentation is broken into four different areas each targeted at a different user:
+The OOM documentation is broken into four different areas each targeted at a
+different user:
- :ref:`quick-start-label` - deploy ONAP on an existing cloud
- :ref:`user-guide-label` - a guide for operators of an ONAP instance
- :ref:`developer-guide-label` - a guide for developers of OOM and ONAP
-- :ref:`cloud-setup-guide-label` - a guide for those setting up cloud environments that ONAP will use
-- :ref:`hardcoded-certiticates-label` - the list of all hardcoded certificates sets in ONAP installation
+- :ref:`cloud-setup-guide-label` - a guide for those setting up cloud
+ environments that ONAP will use
+- :ref:`hardcoded-certificates-label` - the list of all hardcoded certificates
+ set in ONAP installation
The :ref:`release_notes` for OOM describe the incremental features per release.
.. This work is licensed under a
.. Creative Commons Attribution 4.0 International License.
.. http://creativecommons.org/licenses/by/4.0
-.. Copyright 2019 Amdocs, Bell Canada
+.. Copyright 2019-2020 Amdocs, Bell Canada, Orange, Samsung
.. _oom_quickstart_guide:
.. _quick-start-label:
.. figure:: oomLogoV2-medium.png
:align: right
-Once a kubernetes environment is available (follow the instructions in
+Once a Kubernetes environment is available (follow the instructions in
:ref:`cloud-setup-guide-label` if you don't have a cloud environment
available), follow the following instructions to deploy ONAP.
> git clone -b <BRANCH> http://gerrit.onap.org/r/oom --recurse-submodules
> cd oom/kubernetes
-where <BRANCH> can be an offical release tag, such as
+where <BRANCH> can be an official release tag, such as
* 4.0.0-ONAP for Dublin
* 5.0.1-ONAP for El Alto
> sudo cp -R ~/oom/kubernetes/helm/plugins/ ~/.helm
-**Step 3.** Customize the helm charts like `oom/kubernetes/onap/values.yaml` or an override
-file like `onap-all.yaml`, `onap-vfw.yaml` or `openstack.yaml` file to suit your deployment
-with items like the OpenStack tenant information.
+**Step 3.** Customize the Helm charts like `oom/kubernetes/onap/values.yaml` or
+an override file like `onap-all.yaml`, `onap-vfw.yaml` or `openstack.yaml` file
+to suit your deployment with items like the OpenStack tenant information.
.. note::
Standard and example override files (e.g. `onap-all.yaml`, `openstack.yaml`) can be found in
the ``enabled: true/false`` flags.
- b. Encrypt the OpenStack password using the shell tool for robot and put it in
- the robot helm charts or robot section of `openstack.yaml`
+ b. Encrypt the OpenStack password using the shell tool for Robot and put it in
+ the Robot Helm charts or Robot section of `openstack.yaml`
- c. Encrypt the OpenStack password using the java based script for SO helm charts
+ c. Encrypt the OpenStack password using the java based script for SO Helm charts
or SO section of `openstack.yaml`.
- d. Update the OpenStack parameters that will be used by robot, SO and APPC helm
+ d. Update the OpenStack parameters that will be used by Robot, SO and APPC Helm
charts or use an override file to replace them.
e. Add in the command line a value for the global master password (global.masterPassword).
b. Generating ROBOT Encrypted Password:
-The ROBOT encrypted Password uses the same encryption.key as SO but an
+The Robot encrypted Password uses the same encryption.key as SO but an
openssl algorithm that works with the python based Robot Framework.
.. note::
- To generate ROBOT ``openStackEncryptedPasswordHere``::
+ To generate Robot ``openStackEncryptedPasswordHere``::
cd so/resources/config/mso/
/oom/kubernetes/so/resources/config/mso# echo -n "<openstack tenant password>" | openssl aes-128-ecb -e -K `cat encryption.key` -nosalt | xxd -c 256 -p``
c. Generating SO Encrypted Password:
The SO Encrypted Password uses a java based encryption utility since the
Java encryption library is not easy to integrate with openssl/python that
-ROBOT uses in Dublin and upper versions.
+Robot uses in Dublin and upper versions.
.. note::
To generate SO ``openStackEncryptedPasswordHere`` and ``openStackSoEncryptedPassword``
d. Update the OpenStack parameters:
-There are assumptions in the demonstration VNF heat templates about the networking
-available in the environment. To get the most value out of these templates and the
-automation that can help confirm the setup is correct, please observe the following
-constraints.
+There are assumptions in the demonstration VNF Heat templates about the
+networking available in the environment. To get the most value out of these
+templates and the automation that can help confirm the setup is correct, please
+observe the following constraints.
``openStackPublicNetId:``
- This network should allow heat templates to add interfaces.
- This need not be an external network, floating IPs can be assigned to the ports on
- the VMs that are created by the heat template but its important that neutron allow
- ports to be created on them.
+ This network should allow Heat templates to add interfaces.
+ This need not be an external network, floating IPs can be assigned to the
+ ports on the VMs that are created by the heat template but its important that
+ neutron allow ports to be created on them.
``openStackPrivateNetCidr: "10.0.0.0/16"``
- This ip address block is used to assign OA&M addresses on VNFs to allow ONAP connectivity.
- The demonstration heat templates assume that 10.0 prefix can be used by the VNFs and the
- demonstration ip addressing plan embodied in the preload template prevent conflicts when
- instantiating the various VNFs. If you need to change this, you will need to modify the preload
- data in the robot helm chart like integration_preload_parametes.py and the demo/heat/preload_data
- in the robot container. The size of the CIDR should be sufficient for ONAP and the VMs you expect
- to create.
+ This ip address block is used to assign OA&M addresses on VNFs to allow ONAP
+ connectivity. The demonstration Heat templates assume that 10.0 prefix can be
+ used by the VNFs and the demonstration ip addressing plan embodied in the
+ preload template prevent conflicts when instantiating the various VNFs. If
+ you need to change this, you will need to modify the preload data in the
+ Robot Helm chart like integration_preload_parameters.py and the
+ demo/heat/preload_data in the Robot container. The size of the CIDR should
+ be sufficient for ONAP and the VMs you expect to create.
``openStackOamNetworkCidrPrefix: "10.0"``
- This ip prefix mush match the openStackPrivateNetCidr and is a helper variable to some of the
- robot scripts for demonstration. A production deployment need not worry about this
- setting but for the demonstration VNFs the ip asssignment strategy assumes 10.0 ip prefix.
-
+ This ip prefix mush match the openStackPrivateNetCidr and is a helper
+ variable to some of the Robot scripts for demonstration. A production
+ deployment need not worry about this setting but for the demonstration VNFs
+ the ip asssignment strategy assumes 10.0 ip prefix.
Example Keystone v2.0
.. literalinclude:: helm-search.txt
.. note::
- The setup of the Helm repository is a one time activity. If you make changes to your deployment charts or values be sure to use ``make`` to update your local Helm repository.
+ The setup of the Helm repository is a one time activity. If you make changes
+ to your deployment charts or values be sure to use ``make`` to update your
+ local Helm repository.
**Step 8.** Once the repo is setup, installation of ONAP can be done with a
single command
> cd oom/kubernetes
> helm deploy dev local/onap --namespace onap --set global.masterPassword=myAwesomePasswordThatINeedToChange -f onap/resources/overrides/onap-all.yaml -f onap/resources/overrides/environment.yaml -f onap/resources/overrides/openstack.yaml --timeout 900
-All override files may be customized (or replaced by other overrides) as per needs.
+All override files may be customized (or replaced by other overrides) as per
+needs.
`onap-all.yaml`
- Enables the modules in the ONAP deployment. As ONAP is very modular, it is possible to customize ONAP and disable some components through this configuration file.
+ Enables the modules in the ONAP deployment. As ONAP is very modular, it is
+ possible to customize ONAP and disable some components through this
+ configuration file.
`onap-all-ingress-nginx-vhost.yaml`
- Alternative version of the `onap-all.yaml` but with global ingress controller enabled. It requires the cluster configured with the nginx ingress controller and load balancer.
- Please use this file instad `onap-all.yaml` if you want to use experimental ingress controller feature.
+ Alternative version of the `onap-all.yaml` but with global ingress controller
+ enabled. It requires the cluster configured with the nginx ingress controller
+ and load balancer. Please use this file instead `onap-all.yaml` if you want
+ to use experimental ingress controller feature.
`environment.yaml`
Includes configuration values specific to the deployment environment.
- Example: adapt readiness and liveness timers to the level of performance of your infrastructure
+ Example: adapt readiness and liveness timers to the level of performance of
+ your infrastructure
`openstack.yaml`
- Includes all the Openstack related information for the default target tenant you want to use to deploy VNFs from ONAP and/or additional parameters for the embedded tests.
+ Includes all the OpenStack related information for the default target tenant
+ you want to use to deploy VNFs from ONAP and/or additional parameters for the
+ embedded tests.
**Step 9.** Verify ONAP installation
-Use the following to monitor your deployment and determine when ONAP is ready for use::
+Use the following to monitor your deployment and determine when ONAP is ready
+for use::
> kubectl get pods -n onap -o=wide
> ~/oom/kubernetes/robot/ete-k8s.sh onap health
-**Step 10.** Undeploy ONAP::
+**Step 10.** Undeploy ONAP
+::
> helm undeploy dev --purge
-.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. This work is licensed under a Creative Commons Attribution 4.0
+.. International License.
.. http://creativecommons.org/licenses/by/4.0
.. Copyright 2020, Samsung Electronics
Ingress controller setup on HA Kubernetes Cluster
#################################################
-This guide provides instruction how to setup experimental ingress controller feature.
-For this, we are hosting our cluster on OpenStack VMs and using the Rancher Kubernetes Engine (RKE)
-to deploy and manage our Kubernetes Cluster and ingress controller
+This guide provides instruction how to setup experimental ingress controller
+feature. For this, we are hosting our cluster on OpenStack VMs and using the
+Rancher Kubernetes Engine (RKE) to deploy and manage our Kubernetes Cluster and
+ingress controller
.. contents::
:depth: 1
#. Customization of the cluster.yaml file for ingress controller support
-#. Installation and configuration test DNS server for ingress host resolution on testing machines
+#. Installation and configuration test DNS server for ingress host resolution
+ on testing machines
-#. Instalation and configuration MLB (Metal Load Balancer) required for exposing ingress service
+#. Installation and configuration MLB (Metal Load Balancer) required for
+ exposing ingress service
-#. Instalation and configuration NGINX ingress controller
+#. Installation and configuration NGINX ingress controller
-#. Additional info howto deploy onap with services exposed via Ingress controller
+#. Additional info how to deploy ONAP with services exposed via Ingress
+ controller
Customize cluster.yml file
-===========================
-Before setup cluster for ingress purposes DNS cluster IP and ingress provider should be configured and follwing:
+==========================
+Before setup cluster for ingress purposes DNS cluster IP and ingress provider
+should be configured and following:
.. code-block:: yaml
- <...>
- restore:
- restore: false
- snapshot_name: ""
- ingress:
- provider: none
- dns:
- provider: coredns
- upstreamnameservers:
- - <custer_dns_ip>:31555
-
-Where the <cluster_dns_ip> should be set to the same IP as the CONTROLPANE node.
-
-For external load balacer purposes minimum one of the worker node should be configured with external IP
-address accessible outside the cluster. It can be done using the following example node configuration:
+
+ ---
+ <...>
+ restore:
+ restore: false
+ snapshot_name: ""
+ ingress:
+ provider: none
+ dns:
+ provider: coredns
+ upstreamnameservers:
+ - <custer_dns_ip>:31555
+
+Where the <cluster_dns_ip> should be set to the same IP as the CONTROLPANE
+node.
+
+For external load balancer purposes, minimum one of the worker node should be
+configured with external IP address accessible outside the cluster. It can be
+done using the following example node configuration:
.. code-block:: yaml
- <...>
- - address: <external_ip>
- internal_address: <internal_ip>
- port: "22"
- role:
- - worker
- hostname_override: "onap-worker-0"
- user: ubuntu
- ssh_key_path: "~/.ssh/id_rsa"
- <...>
-Where the <external_ip> is external worker node IP address, and <internal_ip> is internal node IP address if it is required
+ ---
+ <...>
+ - address: <external_ip>
+ internal_address: <internal_ip>
+ port: "22"
+ role:
+ - worker
+ hostname_override: "onap-worker-0"
+ user: ubuntu
+ ssh_key_path: "~/.ssh/id_rsa"
+ <...>
+Where the <external_ip> is external worker node IP address, and <internal_ip>
+is internal node IP address if it is required.
-DNS server configuration and instalation
-========================
-DNS server deployed on the Kubernetes cluster makes it easy to use services exposed through ingress controller because it
-resolves all subdomain related to the onap cluster to the load balancer IP.
-Testing ONAP cluster requires a lot of entries on the target machines in the /etc/hosts.
-Adding many entries into the configuration files on testing machines is quite problematic and error prone.
-The better wait is to create central DNS server with entries for all virtual host pointed to simpledemo.onap.org and add custom DNS server as a target DNS server for testing machines and/or as external DNS for kubernetes cluster.
+DNS server configuration and installation
+=========================================
+DNS server deployed on the Kubernetes cluster makes it easy to use services
+exposed through ingress controller because it resolves all subdomain related to
+the ONAP cluster to the load balancer IP. Testing ONAP cluster requires a lot
+of entries on the target machines in the /etc/hosts. Adding many entries into
+the configuration files on testing machines is quite problematic and error
+prone. The better wait is to create central DNS server with entries for all
+virtual host pointed to simpledemo.onap.org and add custom DNS server as a
+target DNS server for testing machines and/or as external DNS for Kubernetes
+cluster.
-DNS server has automatic instalation and configuration script, so instalation is quite easy::
+DNS server has automatic installation and configuration script, so installation
+is quite easy::
- > cd kubernetes/contrib/dns-server-for-vhost-ingress-testing
+ > cd kubernetes/contrib/dns-server-for-vhost-ingress-testing
- > ./deploy\_dns.sh
+ > ./deploy\_dns.sh
After DNS deploy you need to setup DNS entry on the target testing machine.
Because DNS listen on non standard port configuration require iptables rules
-on the target machine. Please follow the configuation proposed by the deploy scripts
+on the target machine. Please follow the configuration proposed by the deploy
+scripts.
Example output depends on the IP address and example output looks like bellow::
-
- DNS server already deployed:
- 1. You can add the DNS server to the target machine using following commands:
- sudo iptables -t nat -A OUTPUT -p tcp -d 192.168.211.211 --dport 53 -j DNAT --to-destination 10.10.13.14:31555
- sudo iptables -t nat -A OUTPUT -p udp -d 192.168.211.211 --dport 53 -j DNAT --to-destination 10.10.13.14:31555
- sudo sysctl -w net.ipv4.conf.all.route_localnet=1
- sudo sysctl -w net.ipv4.ip_forward=1
- 2. Update /etc/resolv.conf file with nameserver 192.168.211.211 entry on your target machine
+ DNS server already deployed:
+ 1. You can add the DNS server to the target machine using following commands:
+ sudo iptables -t nat -A OUTPUT -p tcp -d 192.168.211.211 --dport 53 -j DNAT --to-destination 10.10.13.14:31555
+ sudo iptables -t nat -A OUTPUT -p udp -d 192.168.211.211 --dport 53 -j DNAT --to-destination 10.10.13.14:31555
+ sudo sysctl -w net.ipv4.conf.all.route_localnet=1
+ sudo sysctl -w net.ipv4.ip_forward=1
+ 2. Update /etc/resolv.conf file with nameserver 192.168.211.211 entry on your target machine
-MetalLB Load Balancer instalation and configuration
+MetalLB Load Balancer installation and configuration
====================================================
-By default pure Kubernetes cluster requires external load balancer if we want to expose
-external port using LoadBalancer settings. For this purpose MetalLB can be used.
-Before installing the MetalLB you need to ensure that at least one worker has assigned IP acessible outside the cluster.
+By default pure Kubernetes cluster requires external load balancer if we want
+to expose external port using LoadBalancer settings. For this purpose MetalLB
+can be used. Before installing the MetalLB you need to ensure that at least one
+worker has assigned IP accessible outside the cluster.
-MetalLB Load balanancer can be easily installed using automatic install script::
+MetalLB Load balancer can be easily installed using automatic install script::
- > cd kubernetes/contrib/metallb-loadbalancer-inst
+ > cd kubernetes/contrib/metallb-loadbalancer-inst
- > ./install-metallb-on-cluster.sh
+ > ./install-metallb-on-cluster.sh
-Configuration NGINX ingress controller
+Configuration Ngninx ingress controller
=======================================
-After installation DNS server and ingress controller we can install and configure ingress controller.
+After installation DNS server and ingress controller we can install and
+configure ingress controller.
It can be done using the following commands::
- > cd kubernetes/contrib/ingress-nginx-post-inst
+ > cd kubernetes/contrib/ingress-nginx-post-inst
- > kubectl apply -f nginx_ingress_cluster_config.yaml
+ > kubectl apply -f nginx_ingress_cluster_config.yaml
- > kubectl apply -f nginx_ingress_enable_optional_load_balacer_service.yaml
+ > kubectl apply -f nginx_ingress_enable_optional_load_balacer_service.yaml
-After deploy NGINX ingress controller you can ensure that the ingress port is exposed as load balancer service
-with external IP address::
+After deploy NGINX ingress controller you can ensure that the ingress port is
+exposed as load balancer service with external IP address::
- > kubectl get svc -n ingress-nginx
- NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
- default-http-backend ClusterIP 10.10.10.10 <none> 80/TCP 25h
- ingress-nginx LoadBalancer 10.10.10.11 10.12.13.14 80:31308/TCP,443:30314/TCP 24h
+ > kubectl get svc -n ingress-nginx
+ NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
+ default-http-backend ClusterIP 10.10.10.10 <none> 80/TCP 25h
+ ingress-nginx LoadBalancer 10.10.10.11 10.12.13.14 80:31308/TCP,443:30314/TCP 24h
ONAP with ingress exposed services
-=====================================
-If you want to deploy onap with services exposed through ingress controller you can use full onap deploy script::
- > onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml
+==================================
+If you want to deploy onap with services exposed through ingress controller you
+can use full onap deploy script::
+
+ > onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml
Ingress also can be enabled on any onap setup override using following code:
.. code-block:: yaml
- <...>
- #ingress virtualhost based configuration
- global:
- <...>
- ingress:
- enabled: true
+
+ ---
+ <...>
+ #ingress virtualhost based configuration
+ global:
+ <...>
+ ingress:
+ enabled: true
-.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. This work is licensed under a Creative Commons Attribution 4.0
+.. International License.
.. http://creativecommons.org/licenses/by/4.0
-.. Copyright 2018 Amdocs, Bell Canada
+.. Copyright 2018-2020 Amdocs, Bell Canada, Orange, Samsung
.. Links
.. _HELM Best Practices Guide: https://docs.helm.sh/chart_best_practices/#requirements
ONAP on HA Kubernetes Cluster
#############################
-This guide provides instructions on how to setup a Highly-Available Kubernetes Cluster.
-For this, we are hosting our cluster on OpenStack VMs and using the Rancher Kubernetes Engine (RKE)
-to deploy and manage our Kubernetes Cluster.
+This guide provides instructions on how to setup a Highly-Available Kubernetes
+Cluster. For this, we are hosting our cluster on OpenStack VMs and using the
+Rancher Kubernetes Engine (RKE) to deploy and manage our Kubernetes Cluster.
.. contents::
:depth: 1
#. Installation and configuration of kubectl
-#. Installation and configuration of helm
+#. Installation and configuration of Helm
#. Creation of an NFS Server to be used by ONAP as shared persistance
-There are many ways one can execute the above steps. Including automation through the use of HEAT to setup the OpenStack VMs.
-To better illustrate the steps involved, we have captured the manual creation of such an environment using the ONAP Wind River Open Lab.
+There are many ways one can execute the above steps. Including automation
+through the use of HEAT to setup the OpenStack VMs. To better illustrate the
+steps involved, we have captured the manual creation of such an environment
+using the ONAP Wind River Open Lab.
Create Key Pair
===============
.. image:: images/keys/key_pair_1.png
.. Note::
- If you're creating a new Key Pair, ensure to create a local copy of the Private Key through the use of "Copy Private Key to Clipboard".
+ If you're creating a new Key Pair, ensure to create a local copy of the
+ Private Key through the use of "Copy Private Key to Clipboard".
For the purpose of this guide, we will assume a new local key called "onap-key"
-has been downloaded and is copied into **~/.ssh/**, from which it can be referenced.
+has been downloaded and is copied into **~/.ssh/**, from which it can be
+referenced.
Example::
Create Kubernetes Worker VMs
============================
The following instructions describe how to create OpenStack VMs to host the
-Highly-Available Kubernetes Workers. ONAP workloads will only be scheduled on these nodes.
+Highly-Available Kubernetes Workers. ONAP workloads will only be scheduled on
+these nodes.
Launch new VM instances
-----------------------
-The number and size of Worker VMs is depenedent on the size of the ONAP deployment.
-By default, all ONAP applications are deployed. It's possible to customize the deployment
-and enable a subset of the ONAP applications. For the purpose of this guide, however,
-we will deploy 12 Kubernetes Workers that have been sized to handle the entire ONAP
-application workload.
+The number and size of Worker VMs is dependent on the size of the ONAP
+deployment. By default, all ONAP applications are deployed. It's possible to
+customize the deployment and enable a subset of the ONAP applications. For the
+purpose of this guide, however, we will deploy 12 Kubernetes Workers that have
+been sized to handle the entire ONAP application workload.
.. image:: images/wk_vms/worker_1.png
Apply customization script for Kubernetes VM(s)
-----------------------------------------------
-Click :download:`openstack-k8s-workernode.sh <openstack-k8s-workernode.sh>` to download the
-script.
+Click :download:`openstack-k8s-workernode.sh <openstack-k8s-workernode.sh>` to
+download the script.
.. literalinclude:: openstack-k8s-workernode.sh
:language: bash
https://storage.googleapis.com/kubernetes-release/release/v1.15.11/bin/linux/amd64/kubectl
https://storage.googleapis.com/kubernetes-release/release/v1.15.11/bin/darwin/amd64/kubectl
-You only need to install kubectl where you'll launch kubernetes command. This
-can be any machines of the kubernetes cluster or a machine that has IP access
+You only need to install kubectl where you'll launch Kubernetes command. This
+can be any machines of the Kubernetes cluster or a machine that has IP access
to the APIs.
Usually, we use the first controller as it has also access to internal
Kubernetes services, which can be convenient.
Apply customization script for NFS Server VM
--------------------------------------------
-Click :download:`openstack-nfs-server.sh <openstack-nfs-server.sh>` to download the
-script.
+Click :download:`openstack-nfs-server.sh <openstack-nfs-server.sh>` to download
+the script.
.. literalinclude:: openstack-nfs-server.sh
:language: bash
ONAP Deployment via OOM
=======================
-Now that kubernetes and Helm are installed and configured you can prepare to
+Now that Kubernetes and Helm are installed and configured you can prepare to
deploy ONAP. Follow the instructions in the README.md_ or look at the official
documentation to get started:
-.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. This work is licensed under a Creative Commons Attribution 4.0
+.. International License.
.. http://creativecommons.org/licenses/by/4.0
-.. Copyright 2018 Amdocs, Bell Canada
+.. Copyright 2018-2020 Amdocs, Bell Canada, Orange, Samsung
.. _oom_user_guide:
.. Links
- Monitor_ - real-time health monitoring feeding to a Consul UI and Kubernetes
- Heal_- failed ONAP containers are recreated automatically
- Scale_ - cluster ONAP services to enable seamless scaling
-- Upgrade_ - change-out containers or configuration with little or no service impact
+- Upgrade_ - change-out containers or configuration with little or no service
+ impact
- Delete_ - cleanup individual containers or entire deployments
.. figure:: oomLogoV2-Deploy.png
------------------------------------------------------------
The ONAP deployment created by OOM operates in a private IP network that isn't
-publicly accessible (i.e. Openstack VMs with private internal network) which
+publicly accessible (i.e. OpenStack VMs with private internal network) which
blocks access to the ONAP Portal. To enable direct access to this Portal from a
user's own environment (a laptop etc.) the portal application's port 8989 is
exposed through a `Kubernetes LoadBalancer`_ object.
Typically, to be able to access the Kubernetes nodes publicly a public address
-is assigned. In Openstack this is a floating IP address.
+is assigned. In OpenStack this is a floating IP address.
When the `portal-app` chart is deployed a Kubernetes service is created that
instantiates a load balancer. The LB chooses the private interface of one of
the nodes as in the example below (10.0.0.4 is private to the K8s cluster only).
Then to be able to access the portal on port 8989 from outside the K8s &
-Openstack environment, the user needs to assign/get the floating IP address that
+OpenStack environment, the user needs to assign/get the floating IP address that
corresponds to the private IP as follows::
> kubectl -n onap get services|grep "portal-app"
In this example, use the 10.0.0.4 private address as a key find the
corresponding public address which in this example is 10.12.6.155. If you're
-using OpenStack you'll do the lookup with the horizon GUI or the Openstack CLI
+using OpenStack you'll do the lookup with the horizon GUI or the OpenStack CLI
for your tenant (openstack server list). That IP is then used in your
`/etc/hosts` to map the fixed DNS aliases required by the ONAP Portal as shown
below::
All highly available systems include at least one facility to monitor the
health of components within the system. Such health monitors are often used as
-inputs to distributed coordination systems (such as etcd, zookeeper, or consul)
-and monitoring systems (such as nagios or zabbix). OOM provides two mechanisms
+inputs to distributed coordination systems (such as etcd, Zookeeper, or Consul)
+and monitoring systems (such as Nagios or Zabbix). OOM provides two mechanisms
to monitor the real-time health of an ONAP deployment:
- a Consul GUI for a human operator or downstream monitoring systems and
To upgrade a component to a new version with a new configuration file enter::
- > helm deploy onbap onap/so --version 2.0.2 -f environments/demo.yaml
+ > helm deploy onap onap/so --version 2.0.2 -f environments/demo.yaml
To fetch release history enter::
**Platform Resiliency**
* Documenation of a Highly-Available Kubernetes Cluster Deployment
-* Availability of a Default Storage Class Provisioner for improved Persistent Storage resiliency
+* Availability of a Default Storage Class Provisioner for improved Persistent
+ Storage resiliency
* Availability of a CNI reference integration for Multi-site support
- * applications can take advantage of multi-site by using POD and/or Node (anti)affinity, taints/tolerations, labels per application
+ * applications can take advantage of multi-site by using POD and/or Node
+ (anti)affinity, taints/tolerations, labels per application
**Footprint Optimization**
Summary
-------
-The focus of this release was on maintanence and as such no new features were delivered.
+The focus of this release was on maintanence and as such no new features were
+delivered.
A list of issues resolved in this release can be found here: https://jira.onap.org/projects/OOM/versions/10726
**New Features**
version 2.2.2 in global part of override file if the new check is needed.
- `OOM-2421 <https://jira.onap.org/browse/OOM-2421>`_ Workaround is to
undeploy/redeploy NBI.
-- `OOM-2422 <https://jira.onap.org/browse/OOM-2421>`_ Workaround is to create
+- `OOM-2422 <https://jira.onap.org/browse/OOM-2422>`_ Workaround is to create
first portal app service with service type Cluster IP then changing it to
NodePort or LoadBalancer so all the port are available.
-Subproject commit f1e329c458c48530da36dd1c6b38b7548116bd65
+Subproject commit bdbb69908135f5cee7c27fab7fbbcdde17ff5d57
persistence: {}
# application image
-repository: nexus3.onap.org:10001
+repository: docker.io
image: mariadb:10.3.12
pullPolicy: Always
flavor: small
-#!/usr/bin/python
+#!/usr/bin/env python
import getopt
import logging
import os
from kubernetes import config
from kubernetes.client import Configuration
-from kubernetes.client.apis import core_v1_api
+from kubernetes.client.api import core_v1_api
from kubernetes.client.rest import ApiException
from kubernetes.stream import stream
-#!/bin/bash
+#!/bin/sh
# Initialize variables
ss_dir=""
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
+{{- $global := . }}
{{- if .Values.backup.enabled }}
apiVersion: batch/v1beta1
kind: CronJob
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /bin/bash
+ - /bin/sh
- -c
- |
clearSnapshot(){
{{- range $i := until (int .Values.replicaCount)}}
- name: data-dir-{{ $i }}
persistentVolumeClaim:
- claimName: {{ include "common.fullname" . }}-data-{{ $i }}
+ claimName: {{ include "common.fullname" $global }}-data-{{ include "common.fullname" $global }}-{{ $i }}
{{- end }}
- name: backup-dir
persistentVolumeClaim:
--- /dev/null
+#!/bin/bash
+
+# Copyright © 2020 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+CERTS_DIR=${CERTS_DIR:-/certs}
+WORK_DIR=${WORK_DIR:-/updatedTruststore}
+ONAP_TRUSTSTORE=${ONAP_TRUSTSTORE:-truststoreONAPall.jks}
+JRE_TRUSTSTORE=${JRE_TRUSTSTORE:-$JAVA_HOME/lib/security/cacerts}
+TRUSTSTORE_OUTPUT_FILENAME=${TRUSTSTORE_OUTPUT_FILENAME:-truststore.jks}
+
+mkdir -p $WORK_DIR
+
+# Decrypt and move relevant files to WORK_DIR
+for f in $CERTS_DIR/*; do
+ if [[ $AAF_ENABLED == false ]] && [[ $f == *$ONAP_TRUSTSTORE* ]]; then
+ # Dont use onap truststore when aaf is disabled
+ continue
+ fi
+ if [[ $f == *.sh ]]; then
+ continue
+ fi
+ if [[ $f == *.b64 ]]
+ then
+ base64 -d $f > $WORK_DIR/`basename $f .b64`
+ else
+ cp $f $WORK_DIR/.
+ fi
+done
+
+# Prepare truststore output file
+if [[ $AAF_ENABLED == true ]]
+ then
+ mv $WORK_DIR/$ONAP_TRUSTSTORE $WORK_DIR/$TRUSTSTORE_OUTPUT_FILENAME
+ else
+ echo "AAF is disabled, using JRE truststore"
+ cp $JRE_TRUSTSTORE $WORK_DIR/$TRUSTSTORE_OUTPUT_FILENAME
+fi
+
+# Import Custom Certificates
+for f in $WORK_DIR/*; do
+ if [[ $f == *.pem ]]; then
+ echo "importing certificate: $f"
+ keytool -import -file $f -alias `basename $f` -keystore $WORK_DIR/$TRUSTSTORE_OUTPUT_FILENAME -storepass $TRUSTSTORE_PASSWORD -noprompt
+ if [[ $? != 0 ]]; then
+ echo "failed importing certificate: $f"
+ exit 1
+ fi
+ fi
+done
{{/*
-# Copyright © 2020 Samsung Electronics
+# Copyright © 2020 Bell Canada, Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
value: "{{ $initRoot.public_fqdn | default "" }}"
{{- end -}}
+{{/*
+ This init container will import custom .pem certificates to truststoreONAPall.jks
+ Custom certificates must be placed in common/certInitializer/resources directory.
+
+ The feature is enabled by setting Values.global.importCustomCertsEnabled = true
+ It can be used independently of aafEnabled, however it requires the same includes
+ as describe above for _initContainer.
+
+ When AAF is enabled the truststoreONAPAll.jks (which contains AAF CA) will be used
+ to import custom certificates, otherwise the default java keystore will be used.
+
+ The updated truststore file will be placed in /updatedTruststore and can be mounted per component
+ to a specific path by defining Values.certInitializer.truststoreMountpath (see _trustStoreVolumeMount)
+ The truststore file will be available to mount even if no custom certificates were imported.
+*/}}
+{{- define "common.certInitializer._initImportCustomCertsContainer" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.certInitializer .initRoot -}}
+{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
+- name: {{ include "common.name" $dot }}-import-custom-certs
+ image: {{ $subchartDot.Values.global.jreImage }}
+ imagePullPolicy: {{ $subchartDot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }}
+ securityContext:
+ runAsUser: 0
+ command:
+ - /bin/bash
+ - -c
+ - /root/import-custom-certs.sh
+ env:
+ - name: AAF_ENABLED
+ value: "{{ $subchartDot.Values.global.aafEnabled }}"
+ - name: TRUSTSTORE_OUTPUT_FILENAME
+ value: "{{ $initRoot.truststoreOutputFileName }}"
+ - name: TRUSTSTORE_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" $subchartDot "uid" "truststore-creds" "key" "password") | indent 6 }}
+ volumeMounts:
+ - mountPath: /certs
+ name: aaf-agent-certs
+ - mountPath: /root/import-custom-certs.sh
+ name: aaf-agent-certs
+ subPath: import-custom-certs.sh
+ - mountPath: /updatedTruststore
+ name: updated-truststore
+{{- end -}}
+
{{- define "common.certInitializer._volumeMount" -}}
{{- $dot := default . .dot -}}
{{- $initRoot := default $dot.Values.certInitializer .initRoot -}}
name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }}
{{- end -}}
+{{/*
+ This is used together with _initImportCustomCertsContainer
+ It mounts the updated truststore (with imported custom certificates) to the
+ truststoreMountpath defined in the values file for the component.
+*/}}
+{{- define "common.certInitializer._trustStoreVolumeMount" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.certInitializer .initRoot -}}
+{{- if gt (len $initRoot.truststoreMountpath) 0 }}
+- mountPath: {{ $initRoot.truststoreMountpath }}/{{ $initRoot.truststoreOutputFileName }}
+ name: updated-truststore
+ subPath: {{ $initRoot.truststoreOutputFileName }}
+{{- end -}}
+{{- end -}}
+
{{- define "common.certInitializer._volumes" -}}
{{- $dot := default . .dot -}}
{{- $initRoot := default $dot.Values.certInitializer .initRoot -}}
name: {{ include "common.fullname" $subchartDot }}-add-config
defaultMode: 0700
{{- end -}}
+{{- if $dot.Values.global.importCustomCertsEnabled }}
+- name: updated-truststore
+ emptyDir: {}
+{{- end -}}
{{- end -}}
{{- define "common.certInitializer.initContainer" -}}
{{- $dot := default . .dot -}}
+ {{- if $dot.Values.global.importCustomCertsEnabled }}
+ {{ include "common.certInitializer._initImportCustomCertsContainer" . }}
+ {{- end -}}
{{- if $dot.Values.global.aafEnabled }}
{{ include "common.certInitializer._initContainer" . }}
{{- end -}}
{{- if $dot.Values.global.aafEnabled }}
{{- include "common.certInitializer._volumeMount" . }}
{{- end -}}
+ {{- if $dot.Values.global.importCustomCertsEnabled }}
+ {{- include "common.certInitializer._trustStoreVolumeMount" . }}
+ {{- end -}}
{{- end -}}
{{- define "common.certInitializer.volumes" -}}
{{- $dot := default . .dot -}}
- {{- if $dot.Values.global.aafEnabled }}
+ {{- if or ($dot.Values.global.aafEnabled ) ($dot.Values.global.importCustomCertsEnabled) }}
{{- include "common.certInitializer._volumes" . }}
{{- end -}}
{{- end -}}
-# Copyright © 2020 Samsung Electronics
+# Copyright © 2020 Bell Canada, Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
repository: nexus3.onap.org:10001
aafAgentImage: onap/aaf/aaf_agent:2.1.20
aafEnabled: true
+ jreImage: registry.gitlab.com/onap-integration/docker/onap-java
pullPolicy: Always
login: '{{ .Values.aafDeployFqi }}'
password: '{{ .Values.aafDeployPass }}'
passwordPolicy: required
+ - uid: truststore-creds
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.truststoreCredsExternalSecret) . }}'
+ password: '{{ .Values.truststorePassword }}'
+ passwordPolicy: required
readinessCheck:
wait_for:
cadi_longitude: "-72.0"
aaf_add_config: ""
mountPath: "/opt/app/osaaf"
+importCustomCertsEnabled: false
+truststoreMountpath: ""
+truststoreOutputFileName: truststore.jks
+truststorePassword: changeit
{{- end }}
{{- end }}
containers:
- - name: {{ include "common.name" . }}-elasticsearch
+ - name: {{ include "common.name" . }}-data
image: {{ printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
{{- if .Values.securityContext.enabled }}
{{- end }}
{{- end }}
containers:
- - name: {{ include "common.name" . }}-elasticsearch
+ - name: {{ include "common.name" . }}-master
image: {{ printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
{{- if .Values.securityContext.enabled }}
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
apiVersion: v1
-description: ONAP Policy BRMS GW
-name: brmsgw
+description: Template used to create same STDOUT log configuration
+name: logConfiguration
version: 6.0.0
-# Copyright © 2017 Amdocs, AT&T, Bell Canada
+# Copyright © 2018 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
dependencies:
- name: common
version: ~6.x-0
- repository: '@local'
+ repository: 'file://../common'
--- /dev/null
+{{/*
+# Copyright © 2020 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{/*
+ Resolve the level of the logs.
+ The value for .Values.logLevel is used by default,
+ unless either override mechanism is used.
+
+ - .Values.global.logLevel : override default log level for all components
+ - .Values.logLevelOverride : override global and default log level on a per
+ component basis
+
+ The function can takes below arguments (inside a dictionary):
+ - .dot : environment (.)
+ - .initRoot : the root dictionary of logConfiguration submodule
+ (default to .Values.logConfiguration)
+*/}}
+{{- define "common.log.level" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.logConfiguration .initRoot -}}
+{{/* Our version of helm doesn't support deepCopy so we need this nasty trick */}}
+{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
+ {{- if $subchartDot.Values.logLevelOverride }}
+ {{- printf "%s" $subchartDot.Values.logLevelOverride -}}
+ {{- else }}
+ {{- default $subchartDot.Values.logLevel $subchartDot.Values.global.logLevel -}}
+ {{- end }}
+{{- end -}}
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+logLevel: INFO
volumeMounts:
- name: backup-dir
mountPath: /backup
+ - name: db-data
+ mountPath: /var/lib/mysql
containers:
- name: mariadb-backup-validate
image: "{{ include "common.repository" . }}/{{ .Values.backupImage }}"
- name: backup-dir
persistentVolumeClaim:
claimName: {{ include "common.fullname" . }}-backup-data
+ - name: db-data
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}-data-{{ include "common.fullname" . }}-{{ sub .Values.replicaCount 1 }}
{{- end }}
+++ /dev/null
-{
- "service": {
- "name": "Health Check: SDNC Portal",
- "checks": [
- {
- "id": "sdnc-portal",
- "name": "SDNC Portal Health Check",
- "http": "http://sdnc-portal:8843/login",
- "method": "HEAD",
- "header": {
- "Cache-Control": ["no-cache"],
- "Content-Type": ["application/json"],
- "Accept": ["application/json"]
- },
- "tls_skip_verify": true,
- "interval": "15s",
- "timeout": "1s"
- }
- ]
- }
-}
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-make-dcaegen2: make-dcae-bootstrap make-dcae-cloudify-manager make-dcae-config-binding-service make-dcae-healthcheck make-dcae-redis make-dcae-servicechange-handler make-dcae-inventory-api make-dcae-deployment-handler make-dcae-policy-handler make-dcae-dashboard
+make-dcaegen2: make-dcae-bootstrap make-dcae-cloudify-manager make-dcae-config-binding-service make-dcae-healthcheck make-dcae-servicechange-handler make-dcae-inventory-api make-dcae-deployment-handler make-dcae-policy-handler make-dcae-dashboard
make-dcae-bootstrap:
cd components && helm dep up dcae-bootstrap && helm lint dcae-bootstrap
make-dcae-healthcheck:
cd components && helm dep up dcae-healthcheck && helm lint dcae-healthcheck
-make-dcae-redis:
- cd components && helm dep up dcae-redis && helm lint dcae-redis
-
make-dcae-servicechange-handler:
cd components && helm dep up dcae-servicechange-handler && helm lint dcae-servicechange-handler
+++ /dev/null
-#============LICENSE_START========================================================
-#=================================================================================
-# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright © 2018 Amdocs, Bell Canada
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-{{ if .Values.componentImages.tca }}
-tag_version: {{ include "common.repository" . }}/{{ .Values.componentImages.tca }}
-{{ end }}
-dmaap_host: {{ .Values.config.address.message_router }}.{{include "common.namespace" . }}
-consul_host: {{ .Values.config.address.consul.host }}.{{include "common.namespace" . }}
-cbs_host: config-binding-service
-enableRedisCaching: {{ .Values.config.redisCaching }}
-{{ if .Values.config.redisHosts }}
-redisHosts: {{ .Values.config.redisHosts }}
-{{ end }}
#============LICENSE_START========================================================
#=================================================================================
-# Copyright (c) 2018-2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2018 Amdocs, Bell Canada
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
ves:
port: 30235
portSecure: 30417
- # redisCaching is a string not a boolean!
- redisCaching: "false"
# postgres values--overriding defaults in the postgres subchart
postgres:
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:2.0.2
+image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:2.0.4
default_k8s_location: central
# DCAE component images to be deployed via Cloudify Manager
componentImages:
holmes_rules: onap/holmes/rule-management:1.2.7
holmes_engine: onap/holmes/engine-management:1.2.6
- tca: onap/org.onap.dcaegen2.deployments.tca-cdap-container:1.2.2
- tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.0.1
- ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.7.1
+ tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.2.0
+ ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.7.3
snmptrap: onap/org.onap.dcaegen2.collectors.snmptrap:1.4.0
prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.2
hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.4.0
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.cm-container:3.0.0
+image: onap/org.onap.dcaegen2.deployments.cm-container:3.1.0
pullPolicy: Always
# name of shared ConfigMap with kubeconfig for multiple clusters
--- /dev/null
+{
+ "appenders": {
+ "out": {"type": "stdout"},
+ "audit": {
+ "type": "file",
+ "filename": "log/audit.log",
+ "maxLogSize": 10240000,
+ "backups": 10,
+ "layout": {
+ "type": "messagePassThrough"
+ }
+ },
+ "metrics": {
+ "type": "file",
+ "filename": "log/metrics.log",
+ "maxLogSize": 10240000,
+ "backups": 10,
+ "layout": {
+ "type": "messagePassThrough"
+ }
+ },
+ "error": {"type": "stdout"},
+ "debug": {"type": "stdout"}
+ },
+ "categories": {
+ "default": {"appenders": ["out"], "level": "debug"},
+ "audit": {"appenders": ["audit"], "level": "info"},
+ "metrics": {"appenders": ["metrics"], "level": "info"},
+ "error": {"appenders": ["error"], "level": "error"},
+ "debug": {"appenders": ["debug"], "level": "debug"}
+ }
+}
\ No newline at end of file
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2019 AT&T
+# Modifications Copyright © 2020 Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
name: {{include "common.fullname" . }}-filebeat-configmap
namespace: {{include "common.namespace" . }}
data:
-{{ tpl (.Files.Glob "resources/log/*").AsConfig . | indent 2 }}
\ No newline at end of file
+{{ tpl (.Files.Glob "resources/log/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{include "common.fullname" . }}-log4js-configmap
+ namespace: {{include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/log4js/*").AsConfig . | indent 2 }}
#============LICENSE_START========================================================
# ================================================================================
# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
+# Modifications Copyright © 2020 Nokia
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
name: component-log
- mountPath: /opt/app/dh/etc/cert/
name: tls-info
+ - mountPath: /opt/app/dh/etc/
+ name: log4js-conf
env:
- name: CONSUL_HOST
value: consul-server.{{ include "common.namespace" . }}
defaultMode: 422
name: {{ include "common.fullname" . }}-configmap
name: dh-config
+ - configMap:
+ defaultMode: 420
+ name: {{include "common.fullname" . }}-log4js-configmap
+ name: log4js-conf
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
#=================================================================================
# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2018 Amdocs, Bell Canada
+# Modifications Copyright © 2020 Nokia
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
periodSeconds: 10
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.0.0
+image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.1.0
# Resource Limit flavor -By Default using small
flavor: small
- --container-name
- consul-server
- --container-name
- - pdp
+ - policy-xacml-pdp
- "-t"
- "45"
env:
+++ /dev/null
-# Copyright © 2017 Amdocs, AT&T, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: ONAP DCAE Redis
-name: dcae-redis
-version: 6.0.0
+++ /dev/null
-#!/bin/bash
-# ================================================================================
-# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright © 2018 Amdocs, Bell Canada
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-(if [[ "$HOSTNAME" == *{{.Chart.Name}}-0 ]]; then
- echo "delay by 10 seconds for redis server starting"
- sleep 10
-
- NODES=""
- echo "====> wait for all {{.Values.replicaCount}} redis pods up"
- while [ "$(echo $NODES | wc -w)" -lt {{.Values.replicaCount}} ]
- do
- echo "======> $(echo $NODES |wc -w) / {{.Values.replicaCount}} pods up"
- sleep 5
- RESP=$(wget -vO- --ca-certificate /var/run/secrets/kubernetes.io/serviceaccount/ca.crt --header "Authorization: Bearer $(</var/run/secrets/kubernetes.io/serviceaccount/token)" https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_PORT_443_TCP_PORT/api/v1/namespaces/{{.Release.Namespace}}/pods?labelSelector=app={{.Chart.Name}})
-
- IPS=$(echo $RESP | jq -r '.items[].status.podIP')
- IPS2=$(echo $IPS | sed -e 's/[a-zA-Z]*//g')
- echo "======> IPs: ["$IPS2"]"
- NODES=""
- for I in $IPS2; do NODES="$NODES $I:{{.Values.service.externalPort}}"; done
- echo "======> nodes: ["$NODES"]"
- done
- echo "====> all {{.Values.replicaCount}} redis cluster pods are up. wait 10 seconds before the next step"; echo
- sleep 10
-
- echo "====> Configure the cluster"
-
- # $NODES w/o quotes
- echo "======> nodes: [$(echo $NODES |paste -s)]"
- redis-trib create --replicas 1 $(echo $NODES |paste -s)
-fi ) &
-
-redis-server /conf/redis.conf
-
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, AT&T, Bell Canada
-# #
-# # Licensed under the Apache License, Version 2.0 (the "License");
-# # you may not use this file except in compliance with the License.
-# # You may obtain a copy of the License at
-# #
-# # http://www.apache.org/licenses/LICENSE-2.0
-# #
-# # Unless required by applicable law or agreed to in writing, software
-# # distributed under the License is distributed on an "AS IS" BASIS,
-# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# # See the License for the specific language governing permissions and
-# # limitations under the License.
-*/}}
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-# Copyright © 2017 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
-data:
- redis.conf: |+
- cluster-enabled yes
- cluster-require-full-coverage no
- cluster-node-timeout 15000
- cluster-config-file /data/nodes.conf
- cluster-migration-barrier 1
- appendonly yes
- protected-mode no
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-scripts
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/redis/scripts/*").AsConfig . | indent 2 }}
+++ /dev/null
-{{ include "common.ingress" . }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, AT&T, Bell Canada
-# #
-# # Licensed under the Apache License, Version 2.0 (the "License");
-# # you may not use this file except in compliance with the License.
-# # You may obtain a copy of the License at
-# #
-# # http://www.apache.org/licenses/LICENSE-2.0
-# #
-# # Unless required by applicable law or agreed to in writing, software
-# # distributed under the License is distributed on an "AS IS" BASIS,
-# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# # See the License for the specific language governing permissions and
-# # limitations under the License.
-*/}}
-{{- $global := . }}
-{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }}
-{{- if eq "True" (include "common.needPV" .) }}
-{{- range $i := until (int $global.Values.replicaCount)}}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" $global }}-data-{{$i}}
- namespace: {{ include "common.namespace" $global }}
- labels:
- app: {{ include "common.fullname" $global }}
- chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" $global }}"
- heritage: "{{ $global.Release.Service }}"
- name: {{ include "common.fullname" $global }}
-spec:
- capacity:
- storage: {{ $global.Values.persistence.size}}
- accessModes:
- - {{ $global.Values.persistence.accessMode }}
- persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }}
- storageClassName: "{{ include "common.fullname" $global }}-data"
- hostPath:
- path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.mountSubPath }}-{{$i}}
-{{if ne $i (int $global.Values.replicaCount) }}
----
-{{- end -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
+++ /dev/null
-# Copyright © 2017 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- #Example internal target port if required
- #targetPort: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- - port: {{ .Values.service.externalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.portName2 }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName2 }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, AT&T, Bell Canada
-# #
-# # Licensed under the Apache License, Version 2.0 (the "License");
-# # you may not use this file except in compliance with the License.
-# # You may obtain a copy of the License at
-# #
-# # http://www.apache.org/licenses/LICENSE-2.0
-# #
-# # Unless required by applicable law or agreed to in writing, software
-# # distributed under the License is distributed on an "AS IS" BASIS,
-# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# # See the License for the specific language governing permissions and
-# # limitations under the License.
-*/}}
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- serviceName: {{ .Values.service.name }}
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /bin/sh
- - -c
- - |
- /opt/scripts/redis-cluster-config.sh
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.name }}
- - containerPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.name2 }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- exec:
- command:
- - sh
- - -c
- - "redis-cli -h $(hostname) ping"
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
- {{end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /conf
- name: {{ include "common.fullname" . }}-config
- - mountPath: /data
- name: {{ include "common.fullname" . }}-data
- - mountPath: /opt/scripts
- name: {{ include "common.fullname" . }}-scripts
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: {{ include "common.fullname" . }}-config
- configMap:
- name: {{ include "common.fullname" . }}
- items:
- - key: redis.conf
- path: redis.conf
- - name: {{ include "common.fullname" . }}-scripts
- configMap:
- name: {{ include "common.fullname" . }}-scripts
- defaultMode: 0755
- - name: localtime
- hostPath:
- path: /etc/localtime
- {{- if not .Values.persistence.enabled }}
- - name: {{ include "common.fullname" . }}-data
- emptyDir: {}
- {{- end }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
- {{- if .Values.persistence.enabled }}
- volumeClaimTemplates:
- - metadata:
- name: {{ include "common.fullname" . }}-data
- labels:
- name: {{ include "common.fullname" . }}
- spec:
- accessModes:
- - {{ .Values.persistence.accessMode | quote }}
- storageClassName: {{ include "common.storageClass" . }}
- resources:
- requests:
- storage: {{ .Values.persistence.size | quote}}
- {{- end }}
+++ /dev/null
-# Copyright © 2017 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- persistence: {}
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.redis-cluster-container:1.0.0
-pullPolicy: Always
-
-# application configuration
-# Example:
-config: {}
-
-# default number of instances
-replicaCount: 3
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 60
- periodSeconds: 10
- timeoutSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 15
- periodSeconds: 10
-
-service:
- #Example service definition with external, internal and node ports.
- #Services may use any combination of ports depending on the 'type' of
- #service being defined.
- type: ClusterIP
- name: dcae-redis
- portName: client
- externalPort: 6379
- internalPort: 6379
- portName2: gossip
- externalPort2: 16379
- internalPort2: 16379
-
-## Persist data to a persitent volume
-persistence:
- enabled: true
-
- ## A manually managed Persistent Volume and Claim
- ## Requires persistence.enabled: true
- ## If defined, PVC must be created manually before volume will be bound
- # existingClaim:
- volumeReclaimPolicy: Retain
-
- ## database data Persistent Volume Storage Class
- ## If defined, storageClassName: <storageClass>
- ## If set to "-", storageClassName: "", which disables dynamic provisioning
- ## If undefined (the default) or set to null, no storageClassName spec is
- ## set, choosing the default provisioner. (gp2 on AWS, standard on
- ## GKE, AWS & OpenStack)
- accessMode: ReadWriteOnce
- size: 10Mi
- mountPath: /dockerdata-nfs
- mountSubPath: redis/data
-
-ingress:
- enabled: false
- service:
- - baseaddr: "dcaeredis"
- name: "dcae-redis"
- port: 6379
- - baseaddr: "dcaeredisgossip"
- name: "dcae-redis"
- port: 16379
- config:
- ssl: "none"
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 2
- memory: 2Gi
- requests:
- cpu: 1
- memory: 1Gi
- large:
- limits:
- cpu: 4
- memory: 4Gi
- requests:
- cpu: 2
- memory: 2Gi
- unlimited: {}
#============LICENSE_START========================================================
# ================================================================================
-# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.servicechange-handler:1.3.2
+image: onap/org.onap.dcaegen2.platform.servicechange-handler:1.4.0
pullPolicy: Always
unlimited: {}
# Kubernetes namespace for components deployed via Cloudify manager
# If empty, use the common namespace
-# dcae_ns: "dcae"
+# dcae_ns: "dcae"
\ No newline at end of file
version: ~6.x-0
repository: 'file://components/dcae-healthcheck'
condition: dcae-healthcheck.enabled
- - name: dcae-redis
- version: ~6.x-0
- repository: 'file://components/dcae-redis'
- condition: dcae-redis.enabled
- name: dcae-servicechange-handler
version: ~6.x-0
repository: 'file://components/dcae-servicechange-handler'
[
{{- $ctx := . }}
-{{- $components := tuple "dcae-cloudify-manager" "dcae-config-binding-service" "dcae-dashboard" "dcae-deployment-handler" "dcae-inventory-api" "dcae-policy-handler" "dcae-redis" "dcae-servicechange-handler" }}
+{{- $components := tuple "dcae-cloudify-manager" "dcae-config-binding-service" "dcae-dashboard" "dcae-deployment-handler" "dcae-inventory-api" "dcae-policy-handler" "dcae-servicechange-handler" }}
{{- range $i, $v := $components }}
{{- if index $ctx.Values . "enabled" }}
{{- if $i }},{{ end }}
{{ $v | quote | indent 2 }}
{{- end -}}
{{- end }}
-]
\ No newline at end of file
+]
consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
busyboxRepository: docker.io
busyboxImage: library/busybox:1.30
-redis:
- replicaCount: 6
-# Enable all DCAE components except redis by default
+# Enable all DCAE components by default
dcae-bootstrap:
enabled: true
dcae-cloudify-manager:
enabled: true
dcae-policy-handler:
enabled: true
-dcae-redis:
- enabled: false
dcae-servicechange-handler:
- enabled: true
\ No newline at end of file
+ enabled: true
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.mod.genprocessor-job:1.0.1
-httpImage: onap/org.onap.dcaegen2.platform.mod.genprocessor-http:1.0.1
+image: onap/org.onap.dcaegen2.platform.mod.genprocessor-job:1.0.2
+httpImage: onap/org.onap.dcaegen2.platform.mod.genprocessor-http:1.0.2
service:
type: ClusterIP
cpu: 2
memory: 2Gi
unlimited: {}
+
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.mod.onboardingapi:2.12.1
+image: onap/org.onap.dcaegen2.platform.mod.onboardingapi:2.12.2
# Resource Limit flavor -By Default using small
flavor: small
cpu: 2
memory: 2Gi
unlimited: {}
+
value: {{ .Values.config.importK8S }}
- name: ONAP_IMPORT_POLICYPLUGIN
value: {{ .Values.config.importPolicy }}
- - name: ONAP_INPORT_POSTGRESPLUGIN
+ - name: ONAP_IMPORT_POSTGRESPLUGIN
value: {{ .Values.config.importPostgres }}
- name: ONAP_IMPORT_CLAMPPLUGIN
value: {{ .Values.config.importClamp }}
- name: ONAP_IMPORT_DMAAPPLUGIN
value: {{ .Values.config.importDMaaP }}
+ - name: ONAP_USEDMAAPPLUGIN
+ value: {{ .Values.config.useDmaapPlugin | quote }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
+
#dashboardPassword: doesntmatter
mrTopicURL: http://message-router:3904/events
importCloudify: https://www.getcloudify.org/spec/cloudify/4.5.5/types.yaml
- importK8S: https://nexus.onap.org/service/local/repositories/raw/content/org.onap.dcaegen2.platform.plugins/R6/k8splugin/1.7.2/k8splugin_types.yaml
- importPolicy: https://nexus.onap.org/service/local/repositories/raw/content/org.onap.dcaegen2.platform.plugins/R6/dcaepolicyplugin/2.4.0/dcaepolicyplugin_types.yaml
- importPostgres: https://nexus.onap.org/service/local/repositories/raw/content/org.onap.ccsdk.platform.plugins/type_files/pgaas/1.1.0/pgaas_types.yaml
- importClamp: https://nexus.onap.org/service/local/repositories/raw/content/org.onap.dcaegen2.platform.plugins/R6/clamppolicyplugin/1.1.0/clamppolicyplugin_types.yaml
- importDMaaP: https://nexus.onap.org/content/repositories/raw/org.onap.ccsdk.platform.plugins/type_files/dmaap/dmaap.yaml
+ importK8S: plugin:k8splugin?version=3.3.0
+ importPostgres: plugin:pgaas?version=1.3.0
+ importClamp: plugin:clamppolicyplugin?version=1.1.0
+ importDMaaP: plugin:dmaap?version=1.5.0
+ useDmaapPlugin: false
secrets:
- uid: "dashsecret"
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.0.3
+image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.0.6
# Resource Limit flavor -By Default using small
flavor: small
cpu: 2
memory: 2Gi
unlimited: {}
+
namespace: {{ include "common.namespace" . }}
labels: {{- include "common.labels" . | nindent 4 }}
spec:
- backoffLimit: 5
+ backoffLimit: 20
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
"HEAT_VOL",
"OTHER",
"VF_MODULES_METADATA",
- "CLOUD_TECHNOLOGY_SPECIFIC_ARTIFACT"
+ "CLOUD_TECHNOLOGY_SPECIFIC_ARTIFACT",
+ "HELM"
],
"consumerGroup": "multicloud-k8s-group",
"environmentName": "AUTO",
# Copyright © 2018 Orange
# Modifications Copyright © 2018 Amdocs, Bell Canada
+# Modifications Copyright © 2020 Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.fullname" . }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
replicas: {{ .Values.replicaCount }}
template:
metadata:
sdnc-ansible-server:
readiness:
initialDelaySeconds: 120
- sdnc-portal:
- readiness:
- initialDelaySeconds: 120
ueb-listener:
liveness:
initialDelaySeconds: 60
sdnc-ansible-server:
readiness:
initialDelaySeconds: 120
- sdnc-portal:
- readiness:
- initialDelaySeconds: 120
ueb-listener:
liveness:
initialDelaySeconds: 60
# flag to enable debugging - application support required
debugEnabled: false
+ # configuration to set log level to all components (the one that are using
+ # "common.log.level" to set this)
+ # can be overrided per components by setting logConfiguration.logLevelOverride
+ # to the desired value
+ # logLevel: DEBUG
+
#Global ingress configuration
ingress:
enabled: false
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2018, 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
apiVersion: v1
-description: ONAP Policy Administration Point
+description: ONAP Policy
name: policy
version: 6.0.0
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts docker
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+ @helm repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#! /bin/bash
-
-PROPS_BUILD="${POLICY_HOME}/etc/build.info"
-
-PROPS_RUNTIME="${POLICY_HOME}/servers/brmsgw/config.properties"
-PROPS_INSTALL="${POLICY_HOME}/install/servers/brmsgw/config.properties"
-
-
-if [ ! -f "${PROPS_BUILD}" ]; then
- echo "error: version information does not exist: ${PROPS_BUILD}"
- exit 1
-fi
-
-source "${POLICY_HOME}/etc/build.info"
-
-if [ -z "${version}" ]; then
- echo "error: no version information present"
- exit 1
-fi
-
-for CONFIG in ${PROPS_RUNTIME} ${PROPS_INSTALL}; do
- if [ ! -f "${CONFIG}" ]; then
- echo "warning: configuration does not exist: ${CONFIG}"
- else
- sed -i -e "s/brms.dependency.version=.*/brms.dependency.version=${version}/g" "${CONFIG}"
- fi
-done
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# BRMSpep component installation configuration parameters
-BRMSGW_JMX_PORT=9989
-
-COMPONENT_X_MX_MB=1024
-COMPONENT_X_MS_MB=1024
-
-REST_PAP_URL=https://{{ .Values.global.pap.nameOverride }}:{{.Values.config.papPort}}/pap/
-REST_PDP_ID=https://{{ .Values.global.pdp.nameOverride }}:{{.Values.config.pdpPort}}/pdp/
-
-PDP_HTTP_USER_ID=${PDP_HTTP_USER_ID}
-PDP_HTTP_PASSWORD=${PDP_HTTP_PASSWORD}
-PDP_PAP_PDP_HTTP_USER_ID=${PDP_PAP_PDP_HTTP_USER_ID}
-PDP_PAP_PDP_HTTP_PASSWORD=${PDP_PAP_PDP_HTTP_PASSWORD}
-
-M2_HOME=/usr/share/java/maven-3
-snapshotRepositoryID=policy-nexus-snapshots
-snapshotRepositoryName=Snapshots
-snapshotRepositoryURL=http://{{ .Values.global.nexus.nameOverride }}:{{.Values.config.nexusPort}}/nexus/content/repositories/snapshots
-releaseRepositoryID=policy-nexus-releases
-releaseRepositoryName=Releases
-releaseRepositoryURL=http://{{ .Values.global.nexus.nameOverride }}:{{.Values.config.nexusPort}}/nexus/content/repositories/releases
-repositoryUsername=${REPOSITORY_USERNAME}
-repositoryPassword=${REPOSITORY_PASSWORD}
-UEB_URL=message-router
-UEB_TOPIC=PDPD-CONFIGURATION
-UEB_API_KEY=
-UEB_API_SECRET=
-
-groupID=org.onap.policy-engine
-artifactID=drlPDPGroup
-AMSTERDAM_GROUP_ID=org.onap.policy-engine.drools.amsterdam
-AMSTERDAM_ARTIFACT_ID=policy-amsterdam-rules
-
-# the java property is RESOURCE_NAME (uppercase), but the conf parameter is lowercase
-resource_name=brmsgw_1
-node_type=brms_gateway
-
-#Environment should be Set either DEV, TEST or PROD
-ENVIRONMENT=TEST
-
-#Notification Properties... type can be either websocket, ueb, or dmaap
-BRMS_NOTIFICATION_TYPE=websocket
-BRMS_UEB_URL=message-router
-BRMS_UEB_TOPIC=PDPD-CONFIGURATION
-BRMS_UEB_DELAY=
-BRMS_CLIENT_ID=python
-BRMS_CLIENT_KEY=dGVzdA==
-BRMS_UEB_API_KEY=
-BRMS_UEB_API_SECRET=
-
-#Dependency.json file version
-BRMS_DEPENDENCY_VERSION=1.6.4
-BRMS_MODELS_DEPENDENCY_VERSION=2.2.6
+++ /dev/null
-# Copyright 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-pe-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/pe/*").AsConfig . | indent 2 }}
-
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - command:
- - sh
- args:
- - -c
- - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; chmod 0755 /config/${PFILE}; done"
- env:
- - name: JDBC_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- - name: JDBC_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
- - name: PDP_HTTP_USER_ID
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "login") | indent 10 }}
- - name: PDP_HTTP_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "password") | indent 10 }}
- - name: PDP_PAP_PDP_HTTP_USER_ID
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "login") | indent 10 }}
- - name: PDP_PAP_PDP_HTTP_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "password") | indent 10 }}
- - name: REPOSITORY_USERNAME
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "login") | indent 10 }}
- - name: REPOSITORY_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "password") | indent 10 }}
- volumeMounts:
- - mountPath: /config-input/pe
- name: pe-input
- - mountPath: /config-input/pe-brmsgw
- name: pe-brmsgw-input
- - mountPath: /config/pe
- name: pe
- - mountPath: /config/pe-brmsgw
- name: pe-brmsgw
- image: "{{ .Values.global.envsubstImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-update-config
- - command:
- - /root/ready.py
- args:
- - --container-name
- - {{ .Values.global.pap.nameOverride }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- containers:
- - command:
- - /bin/bash
- - ./do-start.sh
- - brmsgw
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: JDBC_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- - name: JDBC_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
- - name: PDP_HTTP_USER_ID
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "login") | indent 10 }}
- - name: PDP_HTTP_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "password") | indent 10 }}
- - name: PDP_PAP_PDP_HTTP_USER_ID
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "login") | indent 10 }}
- - name: PDP_PAP_PDP_HTTP_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "password") | indent 10 }}
- - name: REPOSITORY_USERNAME
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "login") | indent 10 }}
- - name: REPOSITORY_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "password") | indent 10 }}
- ports:
- - containerPort: {{ .Values.service.externalPort }}
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.externalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{- end }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.externalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /tmp/policy-install/config/brmsgw-tweaks.sh
- name: pe-brmsgw
- subPath: brmsgw-tweaks.sh
- - mountPath: /tmp/policy-install/config/brmsgw.conf
- name: pe-brmsgw
- subPath: brmsgw.conf
- - mountPath: /tmp/policy-install/config/base.conf
- name: pe
- subPath: base.conf
- - mountPath: /tmp/policy-install/do-start.sh
- name: pe-scripts
- subPath: do-start.sh
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: pe-input
- configMap:
- name: {{ include "common.release" . }}-pe-configmap
- defaultMode: 0755
- - name: pe-scripts
- configMap:
- name: {{ include "common.release" . }}-pe-scripts-configmap
- defaultMode: 0777
- - name: pe-brmsgw-input
- configMap:
- name: {{ include "common.fullname" . }}-pe-configmap
- defaultMode: 0755
- - name: pe
- emptyDir:
- medium: Memory
- - name: pe-brmsgw
- emptyDir:
- medium: Memory
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018-2020 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- envsubstImage: dibi/envsubst
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: db-secret
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
- login: '{{ .Values.db.user }}'
- password: '{{ .Values.db.password }}'
- passwordPolicy: required
- - uid: pdp-http-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.pdp.pdpCredsExternalSecret) . }}'
- login: '{{ .Values.pdp.pdphttpuserid }}'
- password: '{{ .Values.pdp.pdphttppassword }}'
- passwordPolicy: required
- - uid: pap-http-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.pap.papCredsExternalSecret) . }}'
- login: '{{ .Values.pap.pdppappdphttpuserid }}'
- password: '{{ .Values.pap.pdppappdphttppassword }}'
- passwordPolicy: required
- - uid: nexus-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.nexus.nexusCredsExternalSecret) . }}'
- login: '{{ .Values.nexus.repositoryUsername }}'
- password: '{{ .Values.nexus.repositoryPassword }}'
- passwordPolicy: required
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/policy-pe:1.6.4
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-config:
- papPort: 9091
- pdpPort: 8081
- nexusPort: 8081
-
-db:
- user: policy_user
- password: policy_user
-pdp:
- pdphttpuserid: testpdp
- pdphttppassword: alpha123
-pap:
- pdppappdphttpuserid: testpap
- pdppappdphttppassword: alpha123
-nexus:
- repositoryUsername: admin
- repositoryPassword: admin123
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: false
-
-readiness:
- initialDelaySeconds: 30
- periodSeconds: 10
-
-service:
- type: ClusterIP
- name: brmsgw
- portName: brmsgw
- externalPort: 9989
- internalPort: 9989
- nodePort: 16
-
-
-ingress:
- enabled: false
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1
- memory: 2Gi
- requests:
- cpu: 10m
- memory: 0.5Gi
- large:
- limits:
- cpu: 2
- memory: 4Gi
- requests:
- cpu: 20m
- memory: 1Gi
- unlimited: {}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: common
- version: ~6.x-0
- # local reference to common chart, as it is
- # a part of this chart's package and will not
- # be published independently to a repo (at this point)
- repository: '@local'
+++ /dev/null
-# Copyright 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: common
- version: ~6.x-0
- # local reference to common chart, as it is
- # a part of this chart's package and will not
- # be published independently to a repo (at this point)
- repository: '@local'
+++ /dev/null
-###
-# ============LICENSE_START=======================================================
-# feature-healthcheck
-# ================================================================================
-# Copyright (C) 2020 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-###
-
-http.server.services=HEALTHCHECK
-http.server.services.HEALTHCHECK.host=0.0.0.0
-http.server.services.HEALTHCHECK.port=6969
-http.server.services.HEALTHCHECK.restClasses=org.onap.policy.drools.healthcheck.RestHealthCheck
-http.server.services.HEALTHCHECK.managed=false
-http.server.services.HEALTHCHECK.swagger=true
-http.server.services.HEALTHCHECK.userName=${envd:HEALTHCHECK_USER}
-http.server.services.HEALTHCHECK.password=${envd:HEALTHCHECK_PASSWORD}
-http.server.services.HEALTHCHECK.https=true
-http.server.services.HEALTHCHECK.aaf=${envd:AAF:false}
-http.server.services.HEALTHCHECK.serialization.provider=org.onap.policy.common.gson.JacksonHandler,org.onap.policy.common.endpoints.http.server.YamlJacksonHandler
-
-http.client.services=PAP
-
-http.client.services.PAP.host={{ .Values.global.pap.nameOverride }}
-http.client.services.PAP.port=9091
-http.client.services.PAP.contextUriPath=pap/test
-http.client.services.PAP.https=true
-http.client.services.PAP.userName=${envd:PAP_LEGACY_USERNAME}
-http.client.services.PAP.password=${envd:PAP_LEGACY_PASSWORD}
-
-http.client.services.PDP.host={{ .Values.global.pdp.nameOverride }}
-http.client.services.PDP.port=8081
-http.client.services.PDP.contextUriPath=pdp/test
-http.client.services.PDP.https=true
-http.client.services.PDP.userName=${envd:PDP_LEGACY_USERNAME}
-http.client.services.PDP.password=${envd:PDP_LEGACY_PASSWORD}
+++ /dev/null
-# ============LICENSE_START=======================================================
-# Copyright (C) 2019 Nordix Foundation.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: ONAP Policy PDP
-name: pdp
-version: 6.0.0
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: common
- version: ~6.x-0
- # local reference to common chart, as it is
- # a part of this chart's package and will not
- # be published independently to a repo (at this point)
- repository: '@local'
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
--->
-
-<configuration scan="true" scanPeriod="3 seconds" debug="true">
- <!--<jmxConfigurator /> -->
- <!-- specify the base path of the log directory -->
- <property name="logDir" value="/var/log/onap" />
- <!-- specify the component name -->
- <property name="componentName" value="policy" />
- <!-- specify the sub component name -->
- <property name="subComponentName" value="xacml-pdp-rest" />
- <!-- The directories where logs are written -->
- <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
- <property name="pattern" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" />
- <!-- log file names -->
- <property name="errorLogName" value="error" />
- <property name="metricsLogName" value="metrics" />
- <property name="auditLogName" value="audit" />
- <property name="debugLogName" value="debug" />
- <property name="queueSize" value="256" />
- <property name="maxFileSize" value="50MB" />
- <property name="maxHistory" value="30" />
- <property name="totalSizeCap" value="10GB" />
- <!-- Example evaluator filter applied against console appender -->
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <!-- ============================================================================ -->
- <!-- EELF Appenders -->
- <!-- ============================================================================ -->
- <!-- The EELFAppender is used to record events to the general application
- log -->
- <!-- EELF Audit Appender. This appender is used to record audit engine
- related logging events. The audit logger and appender are specializations
- of the EELF application root logger and appender. This can be used to segregate
- Policy engine events from other components, or it can be eliminated to record
- these events as part of the application root log. -->
- <appender name="EELFAudit" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/${auditLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="EELFAudit" />
- </appender>
- <appender name="EELFMetrics" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/${metricsLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} -
- %msg%n"</pattern> -->
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="EELFMetrics" />
- </appender>
- <appender name="EELFError" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/${errorLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${errorLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- <level>INFO</level>
- </filter>
- </appender>
- <appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="EELFError" />
- </appender>
- <appender name="EELFDebug" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/${debugLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="EELFDebug" />
- <includeCallerData>true</includeCallerData>
- </appender>
- <!-- ============================================================================ -->
- <!-- EELF loggers -->
- <!-- ============================================================================ -->
- <logger name="com.att.eelf.audit" level="info" additivity="false">
- <appender-ref ref="asyncEELFAudit" />
- </logger>
- <logger name="com.att.eelf.metrics" level="info" additivity="false">
- <appender-ref ref="asyncEELFMetrics" />
- </logger>
- <logger name="com.att.eelf.error" level="info" additivity="false">
- <appender-ref ref="asyncEELFError" />
- </logger>
- <logger name="com.att.eelf.debug" level="debug" additivity="false">
- <appender-ref ref="asyncEELFDebug" />
- </logger>
- <root level="INFO">
- <appender-ref ref="asyncEELFDebug" />
- </root>
-</configuration>
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#! /bin/bash
-
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# pdp component installation configuration parameters
-
-# tomcat specific parameters
-
-TOMCAT_JMX_PORT=9991
-TOMCAT_SHUTDOWN_PORT=8087
-SSL_HTTP_CONNECTOR_PORT=8081
-SSL_AJP_CONNECTOR_PORT=8381
-SSL_AJP_CONNECTOR_REDIRECT_PORT=8443
-
-TOMCAT_X_MS_MB=1024
-TOMCAT_X_MX_MB=1024
-
-# pdp properties
-
-UEB_CLUSTER=message-router
-
-REST_PAP_URL=https://{{ .Values.global.pap.nameOverride }}:{{.Values.config.papPort}}/pap/
-REST_PDP_ID=https://${{"{{"}}FQDN{{"}}"}}:{{.Values.service.externalPort}}/pdp/
-REST_PDP_CONFIG=/opt/app/policy/servers/pdp/bin/config
-REST_PDP_WEBAPPS=/opt/app/policy/servers/pdp/webapps
-REST_PDP_REGISTER=true
-REST_PDP_REGISTER_SLEEP=15
-REST_PDP_REGISTER_RETRIES=-1
-REST_PDP_MAXCONTENT=999999999
-
-# PDP related properties
-PDP_HTTP_USER_ID=${PDP_HTTP_USER_ID}
-PDP_HTTP_PASSWORD=${PDP_HTTP_PASSWORD}
-PDP_PAP_PDP_HTTP_USER_ID=${PDP_PAP_PDP_HTTP_USER_ID}
-PDP_PAP_PDP_HTTP_PASSWORD=${PDP_PAP_PDP_HTTP_PASSWORD}
-
-node_type=pdp_xacml
-resource_name=pdp_1
-dependency_groups=brmsgw_1
-test_via_jmx=true
-
-#
-# Notification Properties
-# Notification type: websocket, ueb or dmaap... if left blank websocket is the default
-PDP_NOTIFICATION_TYPE=websocket
-PDP_UEB_CLUSTER=
-PDP_UEB_TOPIC=
-PDP_UEB_DELAY=
-PDP_UEB_API_KEY=
-PDP_UEB_API_SECRET=
-PDP_DMAAP_AAF_LOGIN=
-PDP_DMAAP_AAF_PASSWORD=
-
-#AAF Policy Name space
-#Required only, when we use AAF
-POLICY_AAF_NAMESPACE=
-POLICY_AAF_RESOURCE=
-
-# Indeterminate resolution
-DECISION_INDETERMINATE_RESPONSE=PERMIT
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# JVM specific parameters
-LOGPARSER_JMX_PORT=9997
-LOGPARSER_X_MS_MB=1024
-LOGPARSER_X_MX_MB=1024
-
-SERVER=https://{{ include "common.servicename" . }}:{{.Values.service.externalPort}}/pdp/
-LOGPATH=/var/log/onap/policy/pdpx/pdp-rest.log
-PARSERLOGPATH=/opt/app/policy/servers/pdplp/bin/IntegrityMonitor.log
-
-node_type=logparser
-# the java property is RESOURCE_NAME (uppercase), but the conf parameter is lowercase
-resource_name=pdplp_1
+++ /dev/null
-
-# Copyright 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-log-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/log/xacml-pdp-rest/logback.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-pe-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/pe/*").AsConfig . | indent 2 }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "{{ include "common.servicename" . }}",
- "version": "v1",
- "url": "/pdp",
- "protocol": "REST",
- "port": "{{ .Values.service.externalPort }}",
- "visualRange":"1"
- },
- ]'
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- sessionAffinity: None
- clusterIP: None
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- serviceName: {{ include "common.servicename" . }}
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - command:
- - sh
- args:
- - -c
- - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; chmod 0755 /config/${PFILE}; done"
- env:
- - name: JDBC_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- - name: JDBC_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
- - name: PDP_HTTP_USER_ID
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "login") | indent 10 }}
- - name: PDP_HTTP_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "password") | indent 10 }}
- - name: PDP_PAP_PDP_HTTP_USER_ID
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "login") | indent 10 }}
- - name: PDP_PAP_PDP_HTTP_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "password") | indent 10 }}
- volumeMounts:
- - mountPath: /config-input/pe
- name: pe-input
- - mountPath: /config-input/pe-pdp
- name: pe-pdp-input
- - mountPath: /config/pe
- name: pe
- - mountPath: /config/pe-pdp
- name: pe-pdp
- image: "{{ .Values.global.envsubstImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-update-config
- - command:
- - /root/ready.py
- args:
- - --container-name
- - {{ .Values.global.pap.nameOverride }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- containers:
- - command:
- - /bin/bash
- - ./do-start.sh
- - pdp
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: JDBC_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- - name: JDBC_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
- resources:
-{{ include "common.resources" . | indent 12 }}
- ports:
- - containerPort: {{ .Values.service.externalPort }}
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.externalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{- end }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.externalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /tmp/policy-install/config/base.conf
- name: pe
- subPath: base.conf
- - mountPath: /tmp/policy-install/config/pdp-tweaks.sh
- name: pe-pdp-input
- subPath: pdp-tweaks.sh
- - mountPath: /tmp/policy-install/config/pdplp.conf
- name: pe-pdp
- subPath: pdplp.conf
- - mountPath: /tmp/policy-install/config/pdp.conf
- name: pe-pdp
- subPath: pdp.conf
- - mountPath: /tmp/policy-install/do-start.sh
- name: pe-scripts
- subPath: do-start.sh
- - mountPath: /var/log/onap
- name: policy-logs
- - mountPath: /tmp/logback.xml
- name: policy-logback
- subPath: logback.xml
- lifecycle:
- postStart:
- exec:
- command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/opt/app/policy/servers/pdp/webapps/pdp/WEB-INF/classes/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"]
- - image: {{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: filebeat-onap
- volumeMounts:
- - mountPath: /usr/share/filebeat/filebeat.yml
- name: filebeat-conf
- subPath: filebeat.yml
- - mountPath: /var/log/onap
- name: policy-logs
- - mountPath: /usr/share/filebeat/data
- name: policy-data-filebeat
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: filebeat-conf
- configMap:
- name: {{ include "common.release" . }}-filebeat-configmap
- - name: policy-logs
- emptyDir: {}
- - name: policy-data-filebeat
- emptyDir: {}
- - name: policy-logback
- configMap:
- name: {{ include "common.fullname" . }}-log-configmap
- - name: pe-input
- configMap:
- name: {{ include "common.release" . }}-pe-configmap
- defaultMode: 0755
- - name: pe-scripts
- configMap:
- name: {{ include "common.release" . }}-pe-scripts-configmap
- defaultMode: 0777
- - name: pe-pdp-input
- configMap:
- name: {{ include "common.fullname" . }}-pe-configmap
- defaultMode: 0755
- - name: pe
- emptyDir:
- medium: Memory
- - name: pe-pdp
- emptyDir:
- medium: Memory
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018,2019 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: db-secret
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
- login: '{{ .Values.db.user }}'
- password: '{{ .Values.db.password }}'
- passwordPolicy: required
- - uid: pdp-http-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.pdp.pdpCredsExternalSecret) . }}'
- login: '{{ .Values.pdp.pdphttpuserid }}'
- password: '{{ .Values.pdp.pdphttppassword }}'
- passwordPolicy: required
- - uid: pap-http-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.pap.papCredsExternalSecret) . }}'
- login: '{{ .Values.pap.pdppappdphttpuserid }}'
- password: '{{ .Values.pap.pdppappdphttppassword }}'
- passwordPolicy: required
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/policy-pe:1.6.4
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-
-db:
- user: policy_user
- password: policy_user
-pdp:
- pdphttpuserid: testpdp
- pdphttppassword: alpha123
-pap:
- pdppappdphttpuserid: testpap
- pdppappdphttppassword: alpha123
-
-config:
- papPort: 9091
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-service:
- type: ClusterIP
- name: pdp
- portName: pdp
- internalPort: 8081
- externalPort: 8081
-
-ingress:
- enabled: false
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1
- memory: 4Gi
- requests:
- cpu: 10m
- memory: 1Gi
- large:
- limits:
- cpu: 2
- memory: 8Gi
- requests:
- cpu: 20m
- memory: 2Gi
- unlimited: {}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: ONAP Policy Common
-name: policy-common
-version: 6.0.0
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: common
- version: ~6.x-0
- # local reference to common chart, as it is
- # a part of this chart's package and will not
- # be published independently to a repo (at this point)
- repository: '@local'
+++ /dev/null
-# Copyright 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-filebeat.prospectors:
-#it is mandatory, in our case it's log
-- input_type: log
- #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory.
- paths:
- - /var/log/onap/*/*/*/*.log
- - /var/log/onap/*/*/*.log
- - /var/log/onap/*/*.log
- #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive
- ignore_older: 48h
- # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit
- clean_inactive: 96h
-
-
-# Name of the registry file. If a relative path is used, it is considered relative to the
-# data path. Else full qualified file name.
-#filebeat.registry_file: ${path.data}/registry
-
-
-output.logstash:
- #List of logstash server ip addresses with port number.
- #But, in our case, this will be the loadbalancer IP address.
- #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately.
- hosts: ["{{.Values.config.logstashServiceName}}.{{.Release.Namespace}}:{{.Values.config.logstashPort}}"]
- #If enable will do load balancing among availabe Logstash, automatically.
- loadbalance: true
-
- #The list of root certificates for server verifications.
- #If certificate_authorities is empty or not set, the trusted
- #certificate authorities of the host system are used.
- #ssl.certificate_authorities: $ssl.certificate_authorities
-
- #The path to the certificate for SSL client authentication. If the certificate is not specified,
- #client authentication is not available.
- #ssl.certificate: $ssl.certificate
-
- #The client certificate key used for client authentication.
- #ssl.key: $ssl.key
-
- #The passphrase used to decrypt an encrypted key stored in the configured key file
- #ssl.key_passphrase: $ssl.key_passphrase
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-JAVA_HOME=/usr/local/openjdk-11
-POLICY_HOME=/opt/app/policy
-POLICY_LOGS=/var/log/onap
-KEYSTORE_PASSWD=Pol1cy_0nap
-TRUSTSTORE_PASSWD=Pol1cy_0nap
-
-JDBC_DRIVER=org.mariadb.jdbc.Driver
-JDBC_URL=jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/onap_sdk?connectTimeout=30000&socketTimeout=60000&log=true&sessionVariables=max_statement_time=30
-JDBC_LOG_URL=jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/log?connectTimeout=30000&socketTimeout=60000&log=true&sessionVariables=max_statement_time=30
-
-JDBC_USER=${JDBC_USER}
-JDBC_PASSWORD=${JDBC_PASSWORD}
-
-site_name=site_1
-fp_monitor_interval=30
-failed_counter_threshold=3
-test_trans_interval=20
-write_fpc_interval=5
-max_fpc_update_interval=60
-test_via_jmx=false
-jmx_fqdn=
-
-AAF_NAMESPACE=org.onap.policy
-AAF_HOST=aaf-locate.{{.Release.Namespace}}
-
-ENVIRONMENT=TEST
-
-#Micro Service Model Properties
-policy_msOnapName=
-policy_msPolicyName=
+++ /dev/null
-#!/bin/bash
-
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-# Modifications Copyright © 2020 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-
-# Script to configure and start the Policy components that are to run in the designated container,
-# It is intended to be used as the entrypoint in the Dockerfile, so the last statement of the
-# script just goes into a long sleep so that the script does not exit (which would cause the
-# container to be torn down).
-
-container=$1
-
-case $container in
-pap)
- comps="base pap paplp console mysql elk"
- ;;
-pdp)
- comps="base pdp pdplp"
- ;;
-brmsgw)
- comps="base brmsgw"
- ;;
-*)
- echo "Usage: do-start.sh pap|pdp|brmsgw" >&2
- exit 1
-esac
-
-
-# skip installation if build.info file is present (restarting an existing container)
-if [[ -f /opt/app/policy/etc/build.info ]]; then
- echo "Found existing installation, will not reinstall"
- . /opt/app/policy/etc/profile.d/env.sh
-
-else
- if [[ -d config ]]; then
- cp config/*.conf .
- fi
-
- for comp in $comps; do
- echo "Installing component: $comp"
- ./docker-install.sh --install $comp
- done
- for comp in $comps; do
- echo "Configuring component: $comp"
- ./docker-install.sh --configure $comp
- done
-
- . /opt/app/policy/etc/profile.d/env.sh
-
- # install keystore
- # override the policy keystore and truststore if present
- if [[ -f config/policy-keystore ]]; then
- cp config/policy-keystore $POLICY_HOME/etc/ssl
- fi
-
- if [[ -f config/policy-truststore ]]; then
- cp -f config/policy-truststore $POLICY_HOME/etc/ssl
- fi
-
- if [[ -f config/$container-tweaks.sh ]] ; then
- # file may not be executable; running it as an
- # argument to bash avoids needing execute perms.
- bash config/$container-tweaks.sh
- fi
-
- if [[ $container == pap ]]; then
- # wait for DB up
- # now that DB is up, invoke database upgrade
- # (which does nothing if the db is already up-to-date)
- if [[ -v JDBC_USER ]]; then
- dbuser=${JDBC_USER};
- else
- dbuser=$(echo $(grep '^JDBC_USER=' base.conf | cut -f2 -d=))
- fi
-
- if [[ -v JDBC_PASSWORD ]]; then
- dbpw=${JDBC_PASSWORD}
- else
- dbpw=$(echo $(grep '^JDBC_PASSWORD=' base.conf | cut -f2 -d=))
- fi
- db_upgrade_remote.sh $dbuser $dbpw {{.Values.global.mariadb.service.name}}
- fi
-
-fi
-
-policy.sh start
-sleep 1000d
+++ /dev/null
-# Copyright 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.release" . }}-pe-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/pe/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.release" . }}-pe-scripts-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/scripts/do-start.sh").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.release" . }}-filebeat-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/log/filebeat/filebeat.yml").AsConfig . | indent 2 }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-config:
- logstashServiceName: log-ls
- logstashPort: 5044
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-service:
- type: NodePort
- name: <onap-app>
- externalPort: <8080>
- #Example internal target port if required
- #internalPort: <80>
- nodePort: <replace with unused node port suffix eg. 23>
-
-ingress:
- enabled: false
-
-resources: {}
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- #
- # Example:
- # Configure resource requests and limits
- # ref: http://kubernetes.io/docs/user-guide/compute-resources/
- # Minimum memory for development is 2 CPU cores and 4GB memory
- # Minimum memory for production is 4 CPU cores and 8GB memory
-#resources:
-# limits:
-# cpu: 2
-# memory: 4Gi
-# requests:
-# cpu: 2
-# memory: 4Gi
+++ /dev/null
-# ============LICENSE_START=======================================================
-# Copyright (C) 2018 Ericsson. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.secretFast" . }}
+++ /dev/null
-# ============LICENSE_START=======================================================
-# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-
-dependencies:
- - name: common
- version: ~6.x-0
- repository: '@local'
+++ /dev/null
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.secretFast" . }}
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES :=
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+ @helm repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
# ============LICENSE_START=======================================================
# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modifications Copyright © 2020 AT&T. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- name: common
version: ~6.x-0
repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
-<!--\r
- ============LICENSE_START=======================================================\r
- Copyright (C) 2020 Bell Canada. All rights reserved.\r
- ================================================================================\r
- Licensed under the Apache License, Version 2.0 (the "License");\r
- you may not use this file except in compliance with the License.\r
- You may obtain a copy of the License at\r
- http://www.apache.org/licenses/LICENSE-2.0\r
- Unless required by applicable law or agreed to in writing, software\r
- distributed under the License is distributed on an "AS IS" BASIS,\r
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- See the License for the specific language governing permissions and\r
- limitations under the License.\r
- SPDX-License-Identifier: Apache-2.0\r
- ============LICENSE_END=========================================================\r
--->\r
-\r
-<configuration scan="true" scanPeriod="30 seconds" debug="false">\r
-\r
- <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/apex-pdp/error.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/apex-pdp/error.%d{yyyy-MM-dd}.%i.log.zip\r
- </fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">\r
- <level>WARN</level>\r
- </filter>\r
- <encoder>\r
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="ErrorOut" />\r
- </appender>\r
-\r
- <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/apex-pdp/debug.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/apex-pdp/debug.%d{yyyy-MM-dd}.%i.log.zip\r
- </fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="DebugOut" />\r
- </appender>\r
-\r
- <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/apex-pdp/network.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/apex-pdp/network.%d{yyyy-MM-dd}.%i.log.zip\r
- </fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="NetworkOut" />\r
- </appender>\r
-\r
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">\r
- <encoder>\r
- <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="STDOUT" />\r
- </appender>\r
-\r
- <logger name="network" level="INFO" additivity="false">\r
- <appender-ref ref="AsyncNetworkOut" />\r
- <appender-ref ref="AsyncStdOut" />\r
- </logger>\r
-\r
- <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">\r
- <appender-ref ref="AsyncNetworkOut" />\r
- <appender-ref ref="AsyncStdOut" />\r
- </logger>\r
-\r
- <root level="INFO">\r
- <appender-ref ref="AsyncDebugOut" />\r
- <appender-ref ref="AsyncErrorOut" />\r
- <appender-ref ref="AsyncStdOut" />\r
- </root>\r
-\r
+<!--
+ ============LICENSE_START=======================================================
+ Copyright (C) 2020 Bell Canada. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ SPDX-License-Identifier: Apache-2.0
+ ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+ <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/apex-pdp/error.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/apex-pdp/error.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="ErrorOut" />
+ </appender>
+
+ <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/apex-pdp/debug.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/apex-pdp/debug.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="DebugOut" />
+ </appender>
+
+ <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/apex-pdp/network.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/apex-pdp/network.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="NetworkOut" />
+ </appender>
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="STDOUT" />
+ </appender>
+
+ <logger name="network" level="INFO" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <root level="INFO">
+ <appender-ref ref="AsyncDebugOut" />
+ <appender-ref ref="AsyncErrorOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </root>
+
</configuration>
\ No newline at end of file
# ============LICENSE_START=======================================================
# Copyright (C) 2018 Ericsson. All rights reserved.
# Modifications Copyright (C) 2020 Nordix Foundation.
+# Modifications Copyright (C) 2020 AT&T Intellectual Property.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
metadata:
name: {{ include "common.fullname" . }}-configmap
namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
{{- with .Files.Glob "resources/config/*store" }}
binaryData:
{{- range $path, $bytes := . }}
# ============LICENSE_START=======================================================
# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modifications Copyright (C) 2020 AT&T Intellectual Property.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
env:
- name: TRUSTSTORE_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-pass" "key" "password") | indent 10 }}
+ - name: KEYSTORE_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-pass" "key" "password") | indent 10 }}
- name: RESTSERVER_USER
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }}
- name: RESTSERVER_PASSWORD
image: "{{ .Values.global.envsubstImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- command:
- - /opt/app/policy/apex-pdp/bin/apexOnapPf.sh
- - -c
- - /home/apexuser/config/OnapPfConfig.json
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command: ["bash","-c"]
+ args: ["if [ -f {{ .Values.certInitializer.credsPath }}/.ci ]; then \
+ source {{ .Values.certInitializer.credsPath }}/.ci; fi;\
+ /opt/app/policy/apex-pdp/bin/apexOnapPf.sh -c /home/apexuser/config/OnapPfConfig.json"]
ports:
- containerPort: {{ .Values.service.externalPort }}
{{- if eq .Values.liveness.enabled true }}
env:
- name: REPLICAS
value: "{{ .Values.replicaCount }}"
+{{- if not .Values.global.aafEnabled }}
+ - name: KEYSTORE_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-pass" "key" "password") | indent 12 }}
+ - name: TRUSTSTORE_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-pass" "key" "password") | indent 12 }}
+{{- end }}
volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
- mountPath: /home/apexuser/config
name: apexconfig
resources:
-{{ include "common.resources" . | indent 12 }}
+{{ include "common.resources" . }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
volumes:
+{{ include "common.certInitializer.volumes" . | indent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
#################################################################
global:
nodePortPrefix: 302
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
+ envsubstImage: dibi/envsubst
+ aafEnabled: true
persistence: {}
#################################################################
password: '{{ .Values.restServer.password }}'
- uid: truststore-pass
type: password
- externalSecret: '{{ tpl (default "" .Values.truststore.passwordExternalSecret) . }}'
- password: '{{ .Values.truststore.password }}'
- policy: required
+ externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.trustStorePassword }}'
+ passwordPolicy: required
+ - uid: keystore-pass
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.keyStorePassword }}'
+ passwordPolicy: required
#################################################################
# Application configuration defaults.
password: zb!XztG34
truststore:
password: Pol1cy_0nap
+certStores:
+ keyStorePassword: Pol1cy_0nap
+ trustStorePassword: Pol1cy_0nap
+
+certInitializer:
+ nameOverride: policy-apex-pdp-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: policy
+ fqi: policy@policy.onap.org
+ public_fqdn: policy.onap.org
+ cadi_latitude: "0.0"
+ cadi_longitude: "0.0"
+ credsPath: /opt/app/osaaf/local
+ app_ns: org.osaaf.aaf
+ uid: 101
+ gid: 102
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh;
+ export $(/opt/app/aaf_config/bin/agent.sh local showpass
+ {{ .Values.fqi }} {{ .Values.fqdn }} | grep "^cadi_keystore_password_p12");
+ echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" >> {{ .Values.credsPath }}/.ci;
+ echo "export KEYSTORE_PASSWORD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
+ chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
# default number of instances
replicaCount: 1
enabled: false
# Resource Limit flavor -By Default using small
-flavor: small
# Segregation for Different environment (Small and Large)
+flavor: small
resources:
small:
limits:
# ============LICENSE_START=======================================================
-# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# ============LICENSE_START=======================================================
-# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- name: common
version: ~6.x-0
repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
"name": "PolicyProviderParameterGroup",
"implementation": "org.onap.policy.models.provider.impl.DatabasePolicyModelsProviderImpl",
"databaseDriver": "org.mariadb.jdbc.Driver",
- "databaseUrl": "jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/policyadmin",
+ "databaseUrl": "jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/policyadmin",
"databaseUser": "${SQL_USER}",
"databasePassword": "${SQL_PASSWORD_BASE64}",
"persistenceUnit": "PolicyMariaDb"
-<!--\r
- ============LICENSE_START=======================================================\r
- Copyright (C) 2020 Bell Canada. All rights reserved.\r
- ================================================================================\r
- Licensed under the Apache License, Version 2.0 (the "License");\r
- you may not use this file except in compliance with the License.\r
- You may obtain a copy of the License at\r
- http://www.apache.org/licenses/LICENSE-2.0\r
- Unless required by applicable law or agreed to in writing, software\r
- distributed under the License is distributed on an "AS IS" BASIS,\r
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- See the License for the specific language governing permissions and\r
- limitations under the License.\r
- SPDX-License-Identifier: Apache-2.0\r
- ============LICENSE_END=========================================================\r
--->\r
-\r
-<configuration scan="true" scanPeriod="30 seconds" debug="false">\r
-\r
- <appender name="ErrorOut"\r
- class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/api/error.log</file>\r
- <rollingPolicy\r
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/api/error.%d{yyyy-MM-dd}.%i.log.zip\r
- </fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">\r
- <level>WARN</level>\r
- </filter>\r
- <encoder>\r
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncErrorOut"\r
- class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="ErrorOut" />\r
- </appender>\r
-\r
- <appender name="DebugOut"\r
- class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/api/debug.log</file>\r
- <rollingPolicy\r
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/api/debug.%d{yyyy-MM-dd}.%i.log.zip\r
- </fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncDebugOut"\r
- class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="DebugOut" />\r
- </appender>\r
-\r
- <appender name="NetworkOut"\r
- class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/api/network.log</file>\r
- <rollingPolicy\r
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/api/network.%d{yyyy-MM-dd}.%i.log.zip\r
- </fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncNetworkOut"\r
- class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="NetworkOut" />\r
- </appender>\r
-\r
- <appender name="MetricOut"\r
- class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/api/metric.log</file>\r
- <rollingPolicy\r
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/api/metric.%d{yyyy-MM-dd}.%i.log.zip\r
- </fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}|%X{AlertSeverity}|%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncMetricOut"\r
- class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="MetricOut" />\r
- </appender>\r
-\r
- <appender name="TransactionOut"\r
- class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/api/audit.log</file>\r
- <rollingPolicy\r
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/api/audit.%d{yyyy-MM-dd}.%i.log.zip\r
- </fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}|%X{AlertSeverity}|%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncTransactionOut"\r
- class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="TransactionOut" />\r
- </appender>\r
-\r
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">\r
- <encoder>\r
- <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="STDOUT" />\r
- </appender>\r
-\r
- <logger name="network" level="INFO" additivity="false">\r
- <appender-ref ref="AsyncNetworkOut" />\r
- <appender-ref ref="AsyncStdOut" />\r
- </logger>\r
-\r
- <logger name="org.eclipse.jetty.server.RequestLog" level="info"\r
- additivity="false">\r
- <appender-ref ref="AsyncNetworkOut" />\r
- <appender-ref ref="AsyncStdOut" />\r
- </logger>\r
-\r
- <logger name="org.eclipse.jetty" level="ERROR" />\r
-\r
- <root level="INFO">\r
- <appender-ref ref="AsyncDebugOut" />\r
- <appender-ref ref="AsyncErrorOut" />\r
- <appender-ref ref="AsyncMetricOut" />\r
- <appender-ref ref="AsyncTransactionOut" />\r
- <appender-ref ref="AsyncStdOut" />\r
- </root>\r
-\r
-</configuration>\r
+<!--
+ ============LICENSE_START=======================================================
+ Copyright (C) 2020 Bell Canada. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ SPDX-License-Identifier: Apache-2.0
+ ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+ <appender name="ErrorOut"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/api/error.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/api/error.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncErrorOut"
+ class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="ErrorOut" />
+ </appender>
+
+ <appender name="DebugOut"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/api/debug.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/api/debug.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncDebugOut"
+ class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="DebugOut" />
+ </appender>
+
+ <appender name="NetworkOut"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/api/network.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/api/network.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncNetworkOut"
+ class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="NetworkOut" />
+ </appender>
+
+ <appender name="MetricOut"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/api/metric.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/api/metric.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}|%X{AlertSeverity}|%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncMetricOut"
+ class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="MetricOut" />
+ </appender>
+
+ <appender name="TransactionOut"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/api/audit.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/api/audit.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}|%X{AlertSeverity}|%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncTransactionOut"
+ class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="TransactionOut" />
+ </appender>
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="STDOUT" />
+ </appender>
+
+ <logger name="network" level="INFO" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <logger name="org.eclipse.jetty.server.RequestLog" level="info"
+ additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <logger name="org.eclipse.jetty" level="ERROR" />
+
+ <root level="INFO">
+ <appender-ref ref="AsyncDebugOut" />
+ <appender-ref ref="AsyncErrorOut" />
+ <appender-ref ref="AsyncMetricOut" />
+ <appender-ref ref="AsyncTransactionOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </root>
+
+</configuration>
# ============LICENSE_START=======================================================
-# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (C) 2018 Ericsson. All rights reserved.
# Modifications Copyright (C) 2020 Nordix Foundation.
+# Modified Copyright (C) 2020 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
metadata:
name: {{ include "common.fullname" . }}-configmap
namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
{{- with .Files.Glob "resources/config/*store" }}
binaryData:
{{- range $path, $bytes := . }}
spec:
initContainers:
- command:
- - /root/ready.py
+ - /root/job_complete.py
args:
- - --container-name
- - {{ include "common.release" . }}-galera-config
+ - --job-name
+ - {{ include "common.release" . }}-policy-galera-config
env:
- name: NAMESPACE
valueFrom:
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
-
- command:
- sh
args:
image: "{{ .Values.global.envsubstImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
-
+{{ include "common.certInitializer.initContainer" . | indent 8 }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+{{- if .Values.global.aafEnabled }}
+ command: ["bash","-c"]
+ args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
+ cp {{ .Values.certInitializer.credsPath }}/org.onap.policy.p12 ${POLICY_HOME}/etc/ssl/policy-keystore;\
+ /opt/app/policy/api/bin/policy-api.sh /opt/app/policy/api/etc/mounted/config.json"]
+{{- else }}
command: ["/opt/app/policy/api/bin/policy-api.sh"]
args: ["/opt/app/policy/api/etc/mounted/config.json"]
+ env:
+ - name: KEYSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
+ - name: TRUSTSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
+{{- end }}
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
- mountPath: /opt/app/policy/api/etc/mounted
name: apiconfig-processed
resources:
-{{ include "common.resources" . | indent 12 }}
+{{ include "common.resources" . }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
volumes:
+{{ include "common.certInitializer.volumes" . | indent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
nodePortPrefix: 304
persistence: {}
envsubstImage: dibi/envsubst
+ aafEnabled: true
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
#################################################################
# Secrets metaconfig
login: '{{ .Values.restServer.user }}'
password: '{{ .Values.restServer.password }}'
passwordPolicy: required
+ - uid: keystore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.keyStorePassword }}'
+ passwordPolicy: required
+ - uid: truststore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.trustStorePassword }}'
+ passwordPolicy: required
+
+certStores:
+ keyStorePassword: Pol1cy_0nap
+ trustStorePassword: Pol1cy_0nap
+
+certInitializer:
+ nameOverride: policy-api-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: policy
+ fqi: policy@policy.onap.org
+ public_fqdn: policy.onap.org
+ cadi_latitude: "0.0"
+ cadi_longitude: "0.0"
+ credsPath: /opt/app/osaaf/local
+ app_ns: org.osaaf.aaf
+ uid: 100
+ gid: 101
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh;
+ export $(/opt/app/aaf_config/bin/agent.sh local showpass
+ {{ .Values.fqi }} {{ .Values.fqdn }} | grep "^cadi_keystore_password_p12");
+ echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
+ echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
+ chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
+
#################################################################
# Application configuration defaults.
db:
user: policy_user
password: policy_user
+ service:
+ name: policy-mariadb
+ internalPort: 3306
+
restServer:
user: healthcheck
password: zb!XztG34
ingress:
enabled: false
-resources: {}
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 100m
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 8Gi
+ requests:
+ cpu: 200m
+ memory: 2Gi
+ unlimited: {}
+
# ============LICENSE_START=======================================================
# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modifications Copyright (C) 2020 AT&T. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- name: common
version: ~6.x-0
repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
-<!--\r
- ============LICENSE_START=======================================================\r
- Copyright (C) 2020 Bell Canada. All rights reserved.\r
- ================================================================================\r
- Licensed under the Apache License, Version 2.0 (the "License");\r
- you may not use this file except in compliance with the License.\r
- You may obtain a copy of the License at\r
- http://www.apache.org/licenses/LICENSE-2.0\r
- Unless required by applicable law or agreed to in writing, software\r
- distributed under the License is distributed on an "AS IS" BASIS,\r
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- See the License for the specific language governing permissions and\r
- limitations under the License.\r
- SPDX-License-Identifier: Apache-2.0\r
- ============LICENSE_END=========================================================\r
--->\r
-\r
-<configuration scan="true" scanPeriod="30 seconds" debug="false">\r
-\r
- <appender name="ErrorOut"\r
- class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/distribution/error.log</file>\r
- <rollingPolicy\r
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/distribution/error.%d{yyyy-MM-dd}.%i.log.zip\r
- </fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">\r
- <level>WARN</level>\r
- </filter>\r
- <encoder>\r
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncErrorOut"\r
- class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="ErrorOut" />\r
- </appender>\r
-\r
- <appender name="DebugOut"\r
- class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/distribution/debug.log</file>\r
- <rollingPolicy\r
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/distribution/debug.%d{yyyy-MM-dd}.%i.log.zip\r
- </fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncDebugOut"\r
- class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="DebugOut" />\r
- </appender>\r
-\r
- <appender name="NetworkOut"\r
- class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/distribution/network.log</file>\r
- <rollingPolicy\r
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/distribution/network.%d{yyyy-MM-dd}.%i.log.zip\r
- </fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncNetworkOut"\r
- class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="NetworkOut" />\r
- </appender>\r
-\r
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">\r
- <encoder>\r
- <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="STDOUT" />\r
- </appender>\r
-\r
- <logger name="network" level="INFO" additivity="false">\r
- <appender-ref ref="AsyncNetworkOut" />\r
- <appender-ref ref="AsyncStdOut" />\r
- </logger>\r
-\r
- <logger name="org.eclipse.jetty.server.RequestLog" level="info"\r
- additivity="false">\r
- <appender-ref ref="AsyncNetworkOut" />\r
- <appender-ref ref="AsyncStdOut" />\r
- </logger>\r
-\r
- <root level="INFO">\r
- <appender-ref ref="AsyncDebugOut" />\r
- <appender-ref ref="AsyncErrorOut" />\r
- <appender-ref ref="AsyncStdOut" />\r
- </root>\r
-\r
+<!--
+ ============LICENSE_START=======================================================
+ Copyright (C) 2020 Bell Canada. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ SPDX-License-Identifier: Apache-2.0
+ ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+ <appender name="ErrorOut"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/distribution/error.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/distribution/error.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncErrorOut"
+ class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="ErrorOut" />
+ </appender>
+
+ <appender name="DebugOut"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/distribution/debug.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/distribution/debug.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncDebugOut"
+ class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="DebugOut" />
+ </appender>
+
+ <appender name="NetworkOut"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/distribution/network.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/distribution/network.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncNetworkOut"
+ class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="NetworkOut" />
+ </appender>
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="STDOUT" />
+ </appender>
+
+ <logger name="network" level="INFO" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <logger name="org.eclipse.jetty.server.RequestLog" level="info"
+ additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <root level="INFO">
+ <appender-ref ref="AsyncDebugOut" />
+ <appender-ref ref="AsyncErrorOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </root>
+
</configuration>
\ No newline at end of file
# ============LICENSE_START=======================================================
# Copyright (C) 2018 Ericsson. All rights reserved.
# Modifications Copyright (C) 2020 Nordix Foundation.
+# Modifications Copyright (C) 2020 AT&T Intellectual Property.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
metadata:
name: {{ include "common.fullname" . }}-configmap
namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
{{- with .Files.Glob "resources/config/*store" }}
binaryData:
{{- range $path, $bytes := . }}
+# ============LICENSE_START=======================================================
+# Copyright (C) 2020 AT&T Intellectual Property.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
apiVersion: apps/v1
kind: Deployment
metadata:
image: "{{ .Values.global.envsubstImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+{{- if .Values.global.aafEnabled }}
+ command: ["bash","-c"]
+ args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
+ cp {{ .Values.certInitializer.credsPath }}/org.onap.policy.p12 ${POLICY_HOME}/etc/ssl/policy-keystore;\
+ /opt/app/policy/distribution/bin/policy-dist.sh /opt/app/policy/distribution/etc/mounted/config.json"]
+{{- else }}
command: ["/opt/app/policy/distribution/bin/policy-dist.sh"]
args: ["/opt/app/policy/distribution/etc/mounted/config.json"]
+ env:
+ - name: KEYSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
+ - name: TRUSTSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
+{{- end }}
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
- mountPath: /opt/app/policy/distribution/etc/mounted
name: distributionconfig
resources:
-{{ include "common.resources" . | indent 12 }}
+{{ include "common.resources" . }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
volumes:
+{{ include "common.certInitializer.volumes" . | indent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
login: '{{ .Values.sdcBe.user }}'
password: '{{ .Values.sdcBe.password }}'
passwordPolicy: required
+ - uid: keystore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.keyStorePassword }}'
+ passwordPolicy: required
+ - uid: truststore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.trustStorePassword }}'
+ passwordPolicy: required
#################################################################
# Global configuration defaults.
global:
persistence: {}
envsubstImage: dibi/envsubst
+ aafEnabled: true
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
#################################################################
# Application configuration defaults.
sdcBe:
user: policy
password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+certStores:
+ keyStorePassword: Pol1cy_0nap
+ trustStorePassword: Pol1cy_0nap
+
+certInitializer:
+ nameOverride: policy-distribution-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: policy
+ fqi: policy@policy.onap.org
+ public_fqdn: policy.onap.org
+ cadi_latitude: "0.0"
+ cadi_longitude: "0.0"
+ credsPath: /opt/app/osaaf/local
+ app_ns: org.osaaf.aaf
+ uid: 100
+ gid: 101
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh;
+ export $(/opt/app/aaf_config/bin/agent.sh local showpass
+ {{ .Values.fqi }} {{ .Values.fqdn }} | grep "^cadi_keystore_password_p12");
+ echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" >> {{ .Values.credsPath }}/.ci;
+ echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
+ chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
# default number of instances
replicaCount: 1
ingress:
enabled: false
-resources: {}
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 100m
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 8Gi
+ requests:
+ cpu: 200m
+ memory: 2Gi
+ unlimited: {}
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2018, 2020 AT&T Intellectual Property
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
apiVersion: v1
-description: ONAP Drools Policy Engine
-name: drools
+description: ONAP Drools Policy Engine (PDP-D)
+name: policy-drools-pdp
version: 6.0.0
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018, 2020 AT&T Intellectual Property
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
# nexus repository
SNAPSHOT_REPOSITORY_ID=policy-nexus-snapshots
-SNAPSHOT_REPOSITORY_URL=http://{{.Values.global.nexus.nameOverride}}:{{.Values.nexus.port}}/nexus/content/repositories/snapshots/
+SNAPSHOT_REPOSITORY_URL=http://{{.Values.nexus.name}}:{{.Values.nexus.port}}/nexus/content/repositories/snapshots/
RELEASE_REPOSITORY_ID=policy-nexus-releases
-RELEASE_REPOSITORY_URL=http://{{.Values.global.nexus.nameOverride}}:{{.Values.nexus.port}}/nexus/content/repositories/releases/
+RELEASE_REPOSITORY_URL=http://{{.Values.nexus.name}}:{{.Values.nexus.port}}/nexus/content/repositories/releases/
REPOSITORY_OFFLINE={{.Values.nexus.offline}}
# Relational (SQL) DB access
-SQL_HOST={{ .Values.global.mariadb.service.name }}
+SQL_HOST={{ .Values.db.name }}
# AAF
-<!--\r
- ============LICENSE_START=======================================================\r
- Copyright (C) 2020 Bell Canada. All rights reserved.\r
- ================================================================================\r
- Licensed under the Apache License, Version 2.0 (the "License");\r
- you may not use this file except in compliance with the License.\r
- You may obtain a copy of the License at\r
- http://www.apache.org/licenses/LICENSE-2.0\r
- Unless required by applicable law or agreed to in writing, software\r
- distributed under the License is distributed on an "AS IS" BASIS,\r
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- See the License for the specific language governing permissions and\r
- limitations under the License.\r
- SPDX-License-Identifier: Apache-2.0\r
- ============LICENSE_END=========================================================\r
--->\r
-\r
-<configuration scan="true" scanPeriod="30 seconds" debug="false">\r
-\r
- <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/pdpd/error.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/pdpd/error.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">\r
- <level>WARN</level>\r
- </filter>\r
- <encoder>\r
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="ErrorOut" />\r
- </appender>\r
-\r
- <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/pdpd/debug.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/pdpd/debug.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="DebugOut" />\r
- </appender>\r
-\r
- <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/pdpd/network.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/pdpd/network.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="NetworkOut" />\r
- </appender>\r
-\r
- <appender name="MetricOut" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/pdpd/metric.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/pdpd/metric.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$MetricLoggerMarkerFilter" />\r
- <encoder>\r
- <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncMetricOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="MetricOut" />\r
- </appender>\r
-\r
- <appender name="TransactionOut" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/pdpd/audit.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/pdpd/audit.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$TransactionLoggerMarkerFilter" />\r
- <encoder>\r
- <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncTransactionOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="TransactionOut" />\r
- </appender>\r
-\r
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">\r
- <encoder>\r
- <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="STDOUT" />\r
- </appender>\r
-\r
- <appender name="MetricStdOut" class="ch.qos.logback.core.ConsoleAppender">\r
- <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$MetricLoggerMarkerFilter" />\r
- <encoder>\r
- <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncMetricStdOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="MetricStdOut" />\r
- </appender>\r
-\r
- <appender name="TransactionStdOut" class="ch.qos.logback.core.ConsoleAppender">\r
- <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$TransactionLoggerMarkerFilter" />\r
- <encoder>\r
- <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncTransactionStdOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="TransactionStdOut" />\r
- </appender>\r
-\r
- <logger name="network" level="INFO" additivity="false">\r
- <appender-ref ref="AsyncNetworkOut" />\r
- <appender-ref ref="AsyncStdOut" />\r
- </logger>\r
-\r
- <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">\r
- <appender-ref ref="AsyncNetworkOut" />\r
- <appender-ref ref="AsyncStdOut" />\r
- </logger>\r
-\r
- <root level="INFO">\r
- <appender-ref ref="AsyncDebugOut" />\r
- <appender-ref ref="AsyncErrorOut" />\r
- <appender-ref ref="AsyncMetricOut" />\r
- <appender-ref ref="AsyncTransactionOut" />\r
- <appender-ref ref="AsyncStdOut" />\r
- <appender-ref ref="AsyncMetricStdOut" />\r
- <appender-ref ref="AsyncTransactionStdOut" />\r
- </root>\r
-\r
+<!--
+ ============LICENSE_START=======================================================
+ Copyright (C) 2020 Bell Canada. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ SPDX-License-Identifier: Apache-2.0
+ ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+ <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pdpd/error.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/pdpd/error.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="ErrorOut" />
+ </appender>
+
+ <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pdpd/debug.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/pdpd/debug.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="DebugOut" />
+ </appender>
+
+ <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pdpd/network.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/pdpd/network.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="NetworkOut" />
+ </appender>
+
+ <appender name="MetricOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pdpd/metric.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/pdpd/metric.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$MetricLoggerMarkerFilter" />
+ <encoder>
+ <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncMetricOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="MetricOut" />
+ </appender>
+
+ <appender name="TransactionOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pdpd/audit.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/pdpd/audit.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$TransactionLoggerMarkerFilter" />
+ <encoder>
+ <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncTransactionOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="TransactionOut" />
+ </appender>
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="STDOUT" />
+ </appender>
+
+ <appender name="MetricStdOut" class="ch.qos.logback.core.ConsoleAppender">
+ <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$MetricLoggerMarkerFilter" />
+ <encoder>
+ <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncMetricStdOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="MetricStdOut" />
+ </appender>
+
+ <appender name="TransactionStdOut" class="ch.qos.logback.core.ConsoleAppender">
+ <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$TransactionLoggerMarkerFilter" />
+ <encoder>
+ <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncTransactionStdOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="TransactionStdOut" />
+ </appender>
+
+ <logger name="network" level="INFO" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <root level="INFO">
+ <appender-ref ref="AsyncDebugOut" />
+ <appender-ref ref="AsyncErrorOut" />
+ <appender-ref ref="AsyncMetricOut" />
+ <appender-ref ref="AsyncTransactionOut" />
+ <appender-ref ref="AsyncStdOut" />
+ <appender-ref ref="AsyncMetricStdOut" />
+ <appender-ref ref="AsyncTransactionStdOut" />
+ </root>
+
</configuration>
\ No newline at end of file
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018-2019 AT&T
+# Modifications Copyright © 2018-2020 AT&T Intellectual Property
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
metadata:
name: {{ include "common.fullname" . }}-configmap
namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
{{- with .Files.Glob "resources/configmaps/*{.zip,store}" }}
binaryData:
{{- range $path, $bytes := . }}
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018-2019 AT&T
+# Modifications Copyright © 2018-2020 AT&T Intellectual Property
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
release: {{ include "common.release" . }}
spec:
initContainers:
+ - command:
+ - /root/job_complete.py
+ args:
+ - --job-name
+ - {{ include "common.release" . }}-policy-galera-config
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-db-readiness
+{{- if not .Values.nexus.offline }}
- command:
- /root/ready.py
args:
- --container-name
- - {{ include "common.release" . }}-galera-config
- - --container-name
- - {{ .Values.global.nexus.nameOverride }}
+ - {{ .Values.nexus.name }}
env:
- name: NAMESPACE
valueFrom:
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+{{- end }}
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command: ["bash","-c"]
+ args: ["if [ -f {{ .Values.certInitializer.credsPath }}/.ci ]; then \
+ source {{ .Values.certInitializer.credsPath }}/.ci; fi;\
+ /opt/app/policy/bin/pdpd-cl-entrypoint.sh boot"]
ports:
- containerPort: {{ .Values.service.externalPort }}
- containerPort: {{ .Values.service.externalPort2 }}
- name: SQL_PASSWORD
{{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
name: drools-config
subPath: {{ base $path }}
{{- end }}
- - mountPath: /var/log/onap
- name: policy-logs
resources:
-{{ include "common.resources" . | indent 12 }}
+{{ include "common.resources" . }}
{{- if .Values.nodeSelector }}
- - image: "{{ .Values.global.loggingRepository | default .Values.loggingRepository }}/{{ .Values.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: filebeat-onap
- volumeMounts:
- - mountPath: /usr/share/filebeat/filebeat.yml
- name: filebeat-conf
- subPath: filebeat.yml
- - mountPath: /var/log/onap
- name: policy-logs
- - mountPath: /usr/share/filebeat/data
- name: policy-data-filebeat
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
{{- end -}}
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
volumes:
+{{ include "common.certInitializer.volumes" . | indent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
- - name: filebeat-conf
- configMap:
- name: {{ include "common.release" . }}-filebeat-configmap
- - name: policy-logs
- emptyDir: {}
- - name: policy-data-filebeat
- emptyDir: {}
- name: drools-config
configMap:
name: {{ include "common.fullname" . }}-configmap
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018-2020 AT&T
+# Modifications Copyright © 2018-2020 AT&T Intellectual Property
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
nodePortPrefix: 302
readinessRepository: oomk8s
readinessImage: readiness-check:2.0.2
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- ubuntuImage: ubuntu:16.04
+ envsubstImage: dibi/envsubst
+ aafEnabled: true
#################################################################
# Secrets metaconfig
service:
type: ClusterIP
- name: drools
- portName: drools
+ name: policy-drools-pdp
+ portName: policy-drools-pdp
internalPort: 6969
externalPort: 6969
nodePort: 17
# Default installation values to be overridden
+certInitializer:
+ nameOverride: policy-drools-pdp-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: policy
+ fqi: policy@policy.onap.org
+ public_fqdn: policy.onap.org
+ cadi_latitude: "0.0"
+ cadi_longitude: "0.0"
+ credsPath: /opt/app/osaaf/local
+ app_ns: org.osaaf.aaf
+ uid: 1000
+ gid: 1000
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh;
+ export $(/opt/app/aaf_config/bin/agent.sh local showpass
+ {{ .Values.fqi }} {{ .Values.fqdn }} | grep "^cadi_keystore_password_p12");
+ echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" >> {{ .Values.credsPath }}/.ci;
+ echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
+ chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
+
server:
jvmOpts: -server -XshowSettings:vm
password: demo123456!
nexus:
+ name: policy-nexus
+ port: 8081
user: admin
password: admin123
- port: 8081
offline: true
db:
+ name: policy-mariadb
user: policy_user
password: policy_user
svcPort: 9111
# Resource Limit flavor -By Default using small
+# Segregation for Different environment (small, large, or unlimited)
flavor: small
-# Segregation for Different environment (Small and Large)
resources:
small:
limits:
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2018-2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: v1
description: ONAP Policy Nexus
-name: nexus
+name: policy-nexus
version: 6.0.0
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2018-2020 AT&T Intellectual Property
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- mountPath: /sonatype-work
name: nexus-data
resources:
-{{ include "common.resources" . | indent 12 }}
+{{- if eq .Values.resources.flavor "large" }}
+{{ toYaml .Values.resources.large | indent 12 }}
+{{- else }}
+{{ toYaml .Values.resources.small | indent 12 }}
+{{- end -}}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018-2019 AT&T
+# Modifications Copyright © 2018-2020 AT&T Intellectual Property
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
service:
type: ClusterIP
- name: nexus
- portName: nexus
+ name: policy-nexus
+ portName: policy-nexus
externalPort: 8081
internalPort: 8081
nodePort: 36
accessMode: ReadWriteOnce
size: 2Gi
mountPath: /dockerdata-nfs
- mountSubPath: nexus/data
+ mountSubPath: policy/nexus/data
-# Resource Limit flavor -By Default using small
-flavor: small
# Segregation for Different environment (Small and Large)
+# Resource Limit flavor - By Default using small
resources:
+ flavor: small
small:
limits:
cpu: 1
# ============LICENSE_START=======================================================
# Copyright (C) 2019 Nordix Foundation.
+# Modified Copyright (C) 2020 AT&T Intellectual Property.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: v1
description: ONAP Policy Administration (PAP)
-name: pap
+name: policy-pap
version: 6.0.0
# ============LICENSE_START=======================================================
# Copyright (C) 2019 Nordix Foundation.
+# Modified Copyright (C) 2020 AT&T Intellectual Property.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- name: common
version: ~6.x-0
repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
"name": "PolicyProviderParameterGroup",
"implementation": "org.onap.policy.models.provider.impl.DatabasePolicyModelsProviderImpl",
"databaseDriver": "org.mariadb.jdbc.Driver",
- "databaseUrl": "jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/{{ .Values.global.mariadb.config.mysqlDatabase }}",
+ "databaseUrl": "jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/policyadmin",
"databaseUser": "${SQL_USER}",
"databasePassword": "${SQL_PASSWORD_BASE64}",
"persistenceUnit": "PolicyMariaDb"
-<!--\r
- ============LICENSE_START=======================================================\r
- Copyright (C) 2020 Bell Canada. All rights reserved.\r
- ================================================================================\r
- Licensed under the Apache License, Version 2.0 (the "License");\r
- you may not use this file except in compliance with the License.\r
- You may obtain a copy of the License at\r
- http://www.apache.org/licenses/LICENSE-2.0\r
- Unless required by applicable law or agreed to in writing, software\r
- distributed under the License is distributed on an "AS IS" BASIS,\r
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- See the License for the specific language governing permissions and\r
- limitations under the License.\r
- SPDX-License-Identifier: Apache-2.0\r
- ============LICENSE_END=========================================================\r
--->\r
-\r
-<configuration scan="true" scanPeriod="30 seconds" debug="false">\r
-\r
- <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/pap/error.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/pap/error.%d{yyyy-MM-dd}.%i.log.zip\r
- </fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">\r
- <level>WARN</level>\r
- </filter>\r
- <encoder>\r
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="ErrorOut" />\r
- </appender>\r
-\r
- <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/pap/debug.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/pap/debug.%d{yyyy-MM-dd}.%i.log.zip\r
- </fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="DebugOut" />\r
- </appender>\r
-\r
- <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/pap/network.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/pap/network.%d{yyyy-MM-dd}.%i.log.zip\r
- </fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="NetworkOut" />\r
- </appender>\r
-\r
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">\r
- <encoder>\r
- <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="STDOUT" />\r
- </appender>\r
-\r
- <logger name="network" level="INFO" additivity="false">\r
- <appender-ref ref="AsyncNetworkOut" />\r
- <appender-ref ref="AsyncStdOut" />\r
- </logger>\r
-\r
- <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">\r
- <appender-ref ref="AsyncNetworkOut" />\r
- <appender-ref ref="AsyncStdOut" />\r
- </logger>\r
-\r
- <root level="INFO">\r
- <appender-ref ref="AsyncDebugOut" />\r
- <appender-ref ref="AsyncErrorOut" />\r
- <appender-ref ref="AsyncStdOut" />\r
- </root>\r
-\r
-</configuration>\r
+<!--
+ ============LICENSE_START=======================================================
+ Copyright (C) 2020 Bell Canada. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ SPDX-License-Identifier: Apache-2.0
+ ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+ <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pap/error.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/pap/error.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="ErrorOut" />
+ </appender>
+
+ <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pap/debug.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/pap/debug.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="DebugOut" />
+ </appender>
+
+ <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pap/network.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/pap/network.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="NetworkOut" />
+ </appender>
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="STDOUT" />
+ </appender>
+
+ <logger name="network" level="INFO" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <root level="INFO">
+ <appender-ref ref="AsyncDebugOut" />
+ <appender-ref ref="AsyncErrorOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </root>
+
+</configuration>
# ============LICENSE_START=======================================================
# Copyright (C) 2019-2020 Nordix Foundation. All rights reserved.
+# Modifications Copyright (C) 2020 AT&T Intellectual Property.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
metadata:
name: {{ include "common.fullname" . }}-configmap
namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
{{- with .Files.Glob "resources/config/*store" }}
binaryData:
{{- range $path, $bytes := . }}
+# ============LICENSE_START=======================================================
+# Copyright (C) 2020 AT&T Intellectual Property.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
apiVersion: apps/v1
kind: Deployment
metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
initContainers:
- command:
- - /root/ready.py
+ - /root/job_complete.py
args:
- - --container-name
- - {{ .Values.global.mariadb.service.name }}
+ - --job-name
+ - {{ include "common.release" . }}-policy-galera-config
env:
- name: NAMESPACE
valueFrom:
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
-
- command:
- sh
args:
image: "{{ .Values.global.envsubstImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+{{- if .Values.global.aafEnabled }}
+ command: ["bash","-c"]
+ args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
+ cp {{ .Values.certInitializer.credsPath }}/org.onap.policy.p12 ${POLICY_HOME}/etc/ssl/policy-keystore;\
+ /opt/app/policy/pap/bin/policy-pap.sh /opt/app/policy/pap/etc/mounted/config.json"]
+{{- else }}
command: ["/opt/app/policy/pap/bin/policy-pap.sh"]
args: ["/opt/app/policy/pap/etc/mounted/config.json"]
+ env:
+ - name: KEYSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
+ - name: TRUSTSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
+{{- end }}
ports: {{ include "common.containerPorts" . | nindent 12 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
- mountPath: /opt/app/policy/pap/etc/mounted
name: papconfig-processed
resources:
-{{ include "common.resources" . | indent 12 }}
+{{ include "common.resources" . }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
volumes:
+{{ include "common.certInitializer.volumes" . | indent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
nodePortPrefixExt: 304
persistence: {}
envsubstImage: dibi/envsubst
+ aafEnabled: true
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
#################################################################
# Secrets metaconfig
login: '{{ .Values.healthCheckRestClient.distribution.user }}'
password: '{{ .Values.healthCheckRestClient.distribution.password }}'
passwordPolicy: required
+ - uid: keystore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.keyStorePassword }}'
+ passwordPolicy: required
+ - uid: truststore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.trustStorePassword }}'
+ passwordPolicy: required
+
+certStores:
+ keyStorePassword: Pol1cy_0nap
+ trustStorePassword: Pol1cy_0nap
+
+certInitializer:
+ nameOverride: policy-pap-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: policy
+ fqi: policy@policy.onap.org
+ public_fqdn: policy.onap.org
+ cadi_latitude: "0.0"
+ cadi_longitude: "0.0"
+ credsPath: /opt/app/osaaf/local
+ app_ns: org.osaaf.aaf
+ uid: 100
+ gid: 101
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh;
+ export $(/opt/app/aaf_config/bin/agent.sh local showpass
+ {{ .Values.fqi }} {{ .Values.fqdn }} | grep "^cadi_keystore_password_p12");
+ echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
+ echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
+ chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
+
#################################################################
# Application configuration defaults.
db:
user: policy_user
password: policy_user
+ service:
+ name: policy-mariadb
+ internalPort: 3306
+
restServer:
user: healthcheck
password: zb!XztG34
+
healthCheckRestClient:
api:
user: healthcheck
ingress:
enabled: false
-resources: {}
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 100m
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 8Gi
+ requests:
+ cpu: 200m
+ memory: 2Gi
+ unlimited: {}
+
# ============LICENSE_START=======================================================
-# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# ============LICENSE_END=========================================================
apiVersion: v1
-description: ONAP Policy XACML PDP
+description: ONAP Policy XACML PDP (PDP-X)
name: policy-xacml-pdp
version: 6.0.0
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
-<!--\r
- ============LICENSE_START=======================================================\r
- Copyright (C) 2020 Bell Canada. All rights reserved.\r
- ================================================================================\r
- Licensed under the Apache License, Version 2.0 (the "License");\r
- you may not use this file except in compliance with the License.\r
- You may obtain a copy of the License at\r
- http://www.apache.org/licenses/LICENSE-2.0\r
- Unless required by applicable law or agreed to in writing, software\r
- distributed under the License is distributed on an "AS IS" BASIS,\r
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- See the License for the specific language governing permissions and\r
- limitations under the License.\r
- SPDX-License-Identifier: Apache-2.0\r
- ============LICENSE_END=========================================================\r
--->\r
-\r
-<configuration scan="true" scanPeriod="30 seconds" debug="false">\r
-\r
- <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/pdpx/error.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/pdpx/error.%d{yyyy-MM-dd}.%i.log.zip\r
- </fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">\r
- <level>WARN</level>\r
- </filter>\r
- <encoder>\r
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="ErrorOut" />\r
- </appender>\r
-\r
- <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/pdpx/debug.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/pdpx/debug.%d{yyyy-MM-dd}.%i.log.zip\r
- </fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="DebugOut" />\r
- </appender>\r
-\r
- <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/pdpx/network.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/pdpx/network.%d{yyyy-MM-dd}.%i.log.zip\r
- </fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="NetworkOut" />\r
- </appender>\r
-\r
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">\r
- <encoder>\r
- <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="STDOUT" />\r
- </appender>\r
-\r
- <logger name="network" level="INFO" additivity="false">\r
- <appender-ref ref="AsyncNetworkOut" />\r
- <appender-ref ref="AsyncStdOut" />\r
- </logger>\r
-\r
- <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">\r
- <appender-ref ref="AsyncNetworkOut" />\r
- <appender-ref ref="AsyncStdOut" />\r
- </logger>\r
-\r
- <root level="INFO">\r
- <appender-ref ref="AsyncDebugOut" />\r
- <appender-ref ref="AsyncErrorOut" />\r
- <appender-ref ref="AsyncStdOut" />\r
- </root>\r
-\r
+<!--
+ ============LICENSE_START=======================================================
+ Copyright (C) 2020 Bell Canada. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ SPDX-License-Identifier: Apache-2.0
+ ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+ <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pdpx/error.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/pdpx/error.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="ErrorOut" />
+ </appender>
+
+ <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pdpx/debug.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/pdpx/debug.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="DebugOut" />
+ </appender>
+
+ <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pdpx/network.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/pdpx/network.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="NetworkOut" />
+ </appender>
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="STDOUT" />
+ </appender>
+
+ <logger name="network" level="INFO" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <root level="INFO">
+ <appender-ref ref="AsyncDebugOut" />
+ <appender-ref ref="AsyncErrorOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </root>
+
</configuration>
\ No newline at end of file
# JPA Properties
#
javax.persistence.jdbc.driver=org.mariadb.jdbc.Driver
-javax.persistence.jdbc.url=jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/operationshistory
+javax.persistence.jdbc.url=jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/operationshistory
javax.persistence.jdbc.user=${SQL_USER}
javax.persistence.jdbc.password=${SQL_PASSWORD_BASE64}
# ============LICENSE_START=======================================================
-# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright (C) 2020 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
metadata:
name: {{ include "common.fullname" . }}-configmap
namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
{{- with .Files.Glob "resources/config/*store" }}
binaryData:
{{- range $path, $bytes := . }}
+# ============LICENSE_START=======================================================
+# Copyright (C) 2020 AT&T Intellectual Property.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
apiVersion: apps/v1
kind: Deployment
metadata:
spec:
initContainers:
- command:
- - /root/ready.py
+ - /root/job_complete.py
args:
- - --container-name
- - {{ include "common.release" . }}-galera-config
+ - --job-name
+ - {{ include "common.release" . }}-policy-galera-config
env:
- name: NAMESPACE
valueFrom:
image: "{{ .Values.global.envsubstImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+{{- if .Values.global.aafEnabled }}
+ command: ["bash","-c"]
+ args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
+ cp {{ .Values.certInitializer.credsPath }}/org.onap.policy.p12 ${POLICY_HOME}/etc/ssl/policy-keystore;\
+ /opt/app/policy/pdpx/bin/policy-pdpx.sh /opt/app/policy/pdpx/etc/mounted/config.json"]
+{{- else }}
command: ["/opt/app/policy/pdpx/bin/policy-pdpx.sh"]
args: ["/opt/app/policy/pdpx/etc/mounted/config.json"]
+ env:
+ - name: KEYSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
+ - name: TRUSTSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
+{{- end }}
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
emptyDir:
medium: Memory
resources:
-{{ include "common.resources" . | indent 12 }}
+{{ include "common.resources" . }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
volumes:
+{{ include "common.certInitializer.volumes" . | indent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
# ============LICENSE_START=======================================================
-# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
global:
persistence: {}
envsubstImage: dibi/envsubst
+ aafEnabled: true
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
#################################################################
# Secrets metaconfig
login: '{{ .Values.apiServer.user }}'
password: '{{ .Values.apiServer.password }}'
passwordPolicy: required
+ - uid: keystore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.keyStorePassword }}'
+ passwordPolicy: required
+ - uid: truststore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.trustStorePassword }}'
+ passwordPolicy: required
+
+certStores:
+ keyStorePassword: Pol1cy_0nap
+ trustStorePassword: Pol1cy_0nap
+
+certInitializer:
+ nameOverride: policy-xacml-pdp-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: policy
+ fqi: policy@policy.onap.org
+ public_fqdn: policy.onap.org
+ cadi_latitude: "0.0"
+ cadi_longitude: "0.0"
+ credsPath: /opt/app/osaaf/local
+ app_ns: org.osaaf.aaf
+ uid: 100
+ gid: 101
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh;
+ export $(/opt/app/aaf_config/bin/agent.sh local showpass
+ {{ .Values.fqi }} {{ .Values.fqdn }} | grep "^cadi_keystore_password_p12");
+ echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
+ echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
+ chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
+
#################################################################
# Application configuration defaults.
db:
user: policy_user
password: policy_user
+ service:
+ name: policy-mariadb
+ internalPort: 3306
+
restServer:
user: healthcheck
password: zb!XztG34
+
apiServer:
user: healthcheck
password: zb!XztG34
ingress:
enabled: false
-resources: {}
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 100m
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 8Gi
+ requests:
+ cpu: 200m
+ memory: 2Gi
+ unlimited: {}
+
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2018, 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
dependencies:
- name: common
version: ~6.x-0
- # local reference to common chart, as it is
- # a part of this chart's package and will not
- # be published independently to a repo (at this point)
repository: '@local'
- name: mariadb-galera
version: ~6.x-0
repository: '@local'
+ - name: policy-nexus
+ version: ~6.x-0
+ repository: 'file://components/policy-nexus'
+ condition: policy-nexus.enabled
+ - name: policy-api
+ version: ~6.x-0
+ repository: 'file://components/policy-api'
+ condition: policy-api.enabled
+ - name: policy-pap
+ version: ~6.x-0
+ repository: 'file://components/policy-pap'
+ condition: policy-pap.enabled
+ - name: policy-xacml-pdp
+ version: ~6.x-0
+ repository: 'file://components/policy-xacml-pdp'
+ condition: policy-xacml-pdp.enabled
+ - name: policy-apex-pdp
+ version: ~6.x-0
+ repository: 'file://components/policy-apex-pdp'
+ condition: policy-apex-pdp.enabled
+ - name: policy-drools-pdp
+ version: ~6.x-0
+ repository: 'file://components/policy-drools-pdp'
+ condition: policy-drools-pdp.enabled
+ - name: policy-distribution
+ version: ~6.x-0
+ repository: 'file://components/policy-distribution'
+ condition: policy-distribution.enabled
+#!/bin/bash -x
# Copyright © 2017 Amdocs, Bell Canada, AT&T
-# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2018, 2020 AT&T Intellectual Property
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-#!/bin/bash -xv
mysql() { /usr/bin/mysql -h ${MYSQL_HOST} -P ${MYSQL_USER} "$@"; };
+
for db in support onap_sdk log migration operationshistory10 pooling policyadmin operationshistory
do
mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "CREATE DATABASE IF NOT EXISTS ${db};"
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
--->
-<configuration debug="true" scan="true" scanPeriod="3 seconds">
- <!--
- Logback files for the ECOMP SDK Application "ecomp_app"
- are created in directory ${catalina.base}/logs/ecomp_app;
- e.g., apache-tomcat-8.0.35/logs/ecomp_app/application.log
- -->
- <!--<jmxConfigurator /> -->
- <!-- specify the base path of the log directory -->
- <property name="logDir" value="/var/log/onap" />
- <!-- specify the component name -->
- <property name="componentName" value="policy" />
- <!-- specify the sub component name -->
- <property name="subComponentName" value="ep_sdk_app" />
- <!-- The directories where logs are written -->
- <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
- <property name="pattern" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" />
- <!-- log file names -->
- <property name="generalLogName" value="application" />
- <property name="errorLogName" value="error" />
- <property name="metricsLogName" value="metrics" />
- <property name="auditLogName" value="audit" />
- <property name="debugLogName" value="debug" />
- <property name="queueSize" value="256" />
- <property name="maxFileSize" value="50MB" />
- <property name="maxHistory" value="30" />
- <property name="totalSizeCap" value="10GB" />
- <!--
- These loggers are not used in code (yet).
- <property name="securityLogName" value="security" />
- <property name="policyLogName" value="policy" />
- <property name="performanceLogName" value="performance" />
- <property name="serverLogName" value="server" />
- -->
- <!-- Example evaluator filter applied against console appender -->
- <appender class="ch.qos.logback.core.ConsoleAppender" name="STDOUT">
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <!-- ============================================================================ -->
- <!-- EELF Appenders -->
- <!-- ============================================================================ -->
- <!-- The EELFAppender is used to record events to the general application
- log -->
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELF">
- <file>${logDirectory}/${generalLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <!-- daily rollover -->
- <fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- <filter class="org.openecomp.portalapp.util.CustomLoggingFilter" />
- </appender>
- <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELF">
- <queueSize>${queueSize}</queueSize>
- <!-- Class name is part of caller data -->
- <includeCallerData>true</includeCallerData>
- <appender-ref ref="EELF" />
- </appender>
- <!-- EELF Audit Appender. This appender is used to record audit engine
- related logging events. The audit logger and appender are specializations
- of the EELF application root logger and appender. This can be used to segregate
- Policy engine events from other components, or it can be eliminated to record
- these events as part of the application root log. -->
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFAudit">
- <file>${logDirectory}/${auditLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <!-- daily rollover -->
- <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFAudit">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="EELFAudit" />
- </appender>
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFMetrics">
- <file>${logDirectory}/${metricsLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <!-- daily rollover -->
- <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFMetrics">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="EELFMetrics" />
- </appender>
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFError">
- <file>${logDirectory}/${errorLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <!-- daily rollover -->
- <fileNamePattern>${logDirectory}/${errorLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- <level>INFO</level>
- </filter>
- </appender>
- <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFError">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="EELFError" />
- </appender>
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFDebug">
- <file>${logDirectory}/${debugLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <!-- daily rollover -->
- <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFDebug">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="EELFDebug" />
- <includeCallerData>true</includeCallerData>
- </appender>
- <!-- ============================================================================ -->
- <!-- EELF loggers -->
- <!-- ============================================================================ -->
- <logger additivity="false" level="info" name="com.att.eelf.audit">
- <appender-ref ref="asyncEELFAudit" />
- </logger>
- <logger additivity="false" level="info" name="com.att.eelf.metrics">
- <appender-ref ref="asyncEELFMetrics" />
- </logger>
- <logger additivity="false" level="info" name="com.att.eelf.error">
- <appender-ref ref="asyncEELFError" />
- </logger>
- <logger additivity="false" level="debug" name="com.att.eelf.debug">
- <appender-ref ref="asyncEELFDebug" />
- </logger>
- <root level="INFO">
- <appender-ref ref="asyncEELFDebug" />
- </root>
-</configuration>
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
--->
-
-<configuration debug="true" scan="true" scanPeriod="3 seconds">
- <!--<jmxConfigurator /> -->
- <!-- specify the base path of the log directory -->
- <property name="logDir" value="/var/log/onap" />
- <!-- specify the component name -->
- <property name="componentName" value="policy" />
- <!-- specify the sub component name -->
- <property name="subComponentName" value="xacml-pap-rest" />
- <!-- The directories where logs are written -->
- <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
- <property name="pattern" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" />
- <!-- log file names -->
- <property name="errorLogName" value="error" />
- <property name="metricsLogName" value="metrics" />
- <property name="auditLogName" value="audit" />
- <property name="debugLogName" value="debug" />
- <property name="queueSize" value="256" />
- <property name="maxFileSize" value="50MB" />
- <property name="maxHistory" value="30" />
- <property name="totalSizeCap" value="10GB" />
- <!-- Example evaluator filter applied against console appender -->
- <appender class="ch.qos.logback.core.ConsoleAppender" name="STDOUT">
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <!-- ============================================================================ -->
- <!-- EELF Appenders -->
- <!-- ============================================================================ -->
- <!-- The EELFAppender is used to record events to the general application
- log -->
- <!-- EELF Audit Appender. This appender is used to record audit engine
- related logging events. The audit logger and appender are specializations
- of the EELF application root logger and appender. This can be used to segregate
- Policy engine events from other components, or it can be eliminated to record
- these events as part of the application root log. -->
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFAudit">
- <file>${logDirectory}/${auditLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFAudit">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="EELFAudit" />
- </appender>
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFMetrics">
- <file>${logDirectory}/${metricsLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} -
- %msg%n"</pattern> -->
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFMetrics">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="EELFMetrics" />
- </appender>
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFError">
- <file>${logDirectory}/${errorLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${errorLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- <level>INFO</level>
- </filter>
- </appender>
- <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFError">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="EELFError" />
- </appender>
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFDebug">
- <file>${logDirectory}/${debugLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFDebug">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="EELFDebug" />
- <includeCallerData>true</includeCallerData>
- </appender>
- <!-- ============================================================================ -->
- <!-- EELF loggers -->
- <!-- ============================================================================ -->
- <logger additivity="false" level="info" name="com.att.eelf.audit">
- <appender-ref ref="asyncEELFAudit" />
- </logger>
- <logger additivity="false" level="info" name="com.att.eelf.metrics">
- <appender-ref ref="asyncEELFMetrics" />
- </logger>
- <logger additivity="false" level="info" name="com.att.eelf.error">
- <appender-ref ref="asyncEELFError" />
- </logger>
- <logger additivity="false" level="debug" name="com.att.eelf.debug">
- <appender-ref ref="asyncEELFDebug" />
- </logger>
- <root level="INFO">
- <appender-ref ref="asyncEELFDebug" />
- </root>
-</configuration>
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# configs component installation configuration parameters
-
-# tomcat specific parameters
-
-TOMCAT_JMX_PORT=9993
-TOMCAT_SHUTDOWN_PORT=8090
-SSL_HTTP_CONNECTOR_PORT=8443
-SSL_HTTP_CONNECTOR_REDIRECT_PORT=8443
-SSL_AJP_CONNECTOR_PORT=8383
-SSL_AJP_CONNECTOR_REDIRECT_PORT=8443
-
-TOMCAT_X_MS_MB=2048
-TOMCAT_X_MX_MB=2048
-
-# ------------------ console properties ---------------------------
-
-#
-# Authorization Policy
-
-ROOT_POLICIES=admin
-ADMIN_FILE=Policy-Admin.xml
-
-
-# Set your domain here:
-
-REST_ADMIN_DOMAIN=com
-
-#
-# Location where the GIT repository is located
-#
-REST_ADMIN_REPOSITORY=repository
-
-#
-# Location where all the user workspaces are located.
-#
-REST_ADMIN_WORKSPACE=/opt/app/policy/servers/console/bin/workspace
-
-#
-# These can be set so the Admin Console knows who is logged on. Ideally, you can run the console in a J2EE
-# container and setup authentication as you please. Setting HttpSession attribute values will override these
-# values set in the properties files.
-#
-# ((HttpServletRequest) request).getSession().setAttribute("xacml.rest.admin.user.name", "Homer");
-#
-# The default policy: Policy-Admin.xml is extremely simple.
-#
-# You can test authorization within the Admin Console by changing the user id.
-# There are 3 supported user ids:
-# guest - Read only access
-# editor - Read/Write access
-# admin - Read/Write/Admin access
-#
-# An empty or null value for xacml.rest.admin.user.id results in no access to the application at all.
-#
-# This is for development/demonstration purposes only. A production environment should provide authentication which is
-# outside the scope of this application. This application can be used to develop a XACML policy for user authorization
-# within this application.
-#
-
-REST_ADMIN_USER_NAME=Administrator
-REST_ADMIN_USER_ID=super-admin
-
-#
-#
-# Property to declare the max time frame for logs.
-#
-LOG_TIMEFRAME=30
-
-# Property to declare the number of visible rows for users in MicroService Policy
-COLUMN_COUNT=3
-
-# Dashboard refresh rate in miliseconds
-REFRESH_RATE=40000
-
-#
-# URL location for the PAP servlet.
-#
-
-
-REST_PAP_URL=https://{{.Values.global.pap.nameOverride}}:{{.Values.service.externalPort2}}/pap/
-
-#
-# Config/Action Properties location.
-#
-
-REST_CONFIG_HOME=/opt/app/policy/servers/pap/webapps/Config/
-REST_ACTION_HOME=/opt/app/policy/servers/pap/webapps/Action/
-REST_CONFIG_URL=https://{{.Values.global.pap.nameOverride}}:{{.Values.service.externalPort2}}/
-REST_CONFIG_WEBAPPS=/opt/app/policy/servers/pap/webapps/
-
-# PAP account information
-CONSOLE_PAP_HTTP_USER_ID=testpap
-CONSOLE_PAP_HTTP_PASSWORD=alpha123
-
-
-node_type=pap_admin
-resource_name=console_1
-
-# The (optional) period of time in seconds between executions of the integrity audit.
-# Value < 0 : Audit does not run (default value if property is not present = -1)
-# Value = 0 : Audit runs continuously
-# Value > 0 : The period of time in seconds between execution of the audit on a particular node
-integrity_audit_period_seconds=-1
-
-#Automatic Policy Distribution
-automatic_push=false
-
-#Diff of policies for Firewall feature
-FW_GETURL=
-FW_AUTHOURL=
-FW_PROXY=
-FW_PORT=
-
-#SMTP Server Details for Java Mail
-onap_smtp_host=
-onap_smtp_port=25
-onap_smtp_userName=
-onap_smtp_password=
-onap_smtp_emailExtension=
-onap_application_name=
-
-#-----------------------ONAP-PORTAL-Properties----------------------
-
-ONAP_REDIRECT_URL=https://portal.api.simpledemo.onap.org:30225/ONAPPORTAL/login.htm
-ONAP_REST_URL=https://portal-app:8443/ONAPPORTAL/auxapi
-ONAP_UEB_URL_LIST=
-ONAP_PORTAL_INBOX_NAME=
-ONAP_UEB_APP_KEY=ueb_key_5
-ONAP_UEB_APP_SECRET=ueb_key_5
-ONAP_UEB_APP_MAILBOX_NAME=
-APP_DISPLAY_NAME=ONAP Policy
-ONAP_SHARED_CONTEXT_REST_URL=http://portal-app.{{.Release.Namespace}}:8989/ONAPPORTAL/context
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# elasticsearch
-
-ELK_JMX_PORT=9995
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# mysql scripts component installation configuration parameters
-
-# Path to mysql bin
-MYSQL_BIN=/usr/local/mysql/bin
-
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#! /bin/bash
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# pap component installation configuration parameters
-
-# tomcat specific parameters
-
-TOMCAT_JMX_PORT=9990
-TOMCAT_SHUTDOWN_PORT=9405
-SSL_HTTP_CONNECTOR_PORT=9091
-SSL_AJP_CONNECTOR_PORT=8380
-SSL_AJP_CONNECTOR_REDIRECT_PORT=8443
-
-TOMCAT_X_MS_MB=1024
-TOMCAT_X_MX_MB=1024
-
-# pap properties
-
-PAP_PDPS=/opt/app/policy/servers/pap/bin/pdps
-PAP_URL=https://{{ include "common.servicename" . }}:{{.Values.service.externalPort2}}/pap/
-
-PAP_INITIATE_PDP=true
-PAP_HEARTBEAT_INTERVAL=10000
-PAP_HEARTBEAT_TIMEOUT=10000
-
-REST_ADMIN_DOMAIN=com
-REST_ADMIN_REPOSITORY=repository
-REST_ADMIN_WORKSPACE=workspace
-
-# PDP related properties
-PAP_PDP_URL=https://{{ include "common.release" . }}-{{ .Values.global.pdp.nameOverride }}-0.{{ .Values.global.pdp.nameOverride }}.{{ include "common.namespace" . }}.svc.cluster.local:{{ .Values.config.pdpPort }}/pdp/,testpdp,alpha123;https://{{ include "common.release" . }}-{{ .Values.global.pdp.nameOverride }}-1.{{ .Values.global.pdp.nameOverride }}.{{ include "common.namespace" . }}.svc.cluster.local:{{ .Values.config.pdpPort }}/pdp/,testpdp,alpha123;https://{{ include "common.release" . }}-{{ .Values.global.pdp.nameOverride }}-2.{{ .Values.global.pdp.nameOverride }}.{{ include "common.namespace" . }}.svc.cluster.local:{{ .Values.config.pdpPort }}/pdp/,testpdp,alpha123;https://{{ include "common.release" . }}-{{ .Values.global.pdp.nameOverride }}-3.{{ .Values.global.pdp.nameOverride }}.{{ include "common.namespace" . }}.svc.cluster.local:{{ .Values.config.pdpPort }}/pdp/
-PAP_PDP_HTTP_USER_ID=testpdp
-PAP_PDP_HTTP_PASSWORD=alpha123
-
-PAP_HTTP_USER_ID=testpap
-PAP_HTTP_PASSWORD=alpha123
-
-#new values added 10-21-2015
-PROP_PAP_TRANS_WAIT=500000
-PROP_PAP_TRANS_TIMEOUT=5000
-PROP_PAP_AUDIT_TIMEOUT=300000
-PROP_PAP_RUN_AUDIT_FLAG=true
-PROP_PAP_AUDIT_FLAG=true
-
-PROP_PAP_INCOMINGNOTIFICATION_TRIES=4
-
-
-node_type=pap
-resource_name=pap_1
-dependency_groups=paplp_1
-test_via_jmx=true
-
-# The (optional) period of time in seconds between executions of the integrity audit.
-# Value < 0 : Audit does not run (default value if property is not present = -1)
-# Value = 0 : Audit runs continuously
-# Value > 0 : The period of time in seconds between execution of the audit on a particular node
-integrity_audit_period_seconds=-1
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# JVM specific parameters
-LOGPARSER_JMX_PORT=9996
-LOGPARSER_X_MS_MB=1024
-LOGPARSER_X_MX_MB=1024
-
-SERVER=https://{{ include "common.servicename" . }}:{{.Values.service.externalPort2}}/pap/
-LOGPATH=/var/log/onap/policy/pap/pap-rest.log
-PARSERLOGPATH=/opt/app/policy/servers/paplp/bin/IntegrityMonitor.log
-
-node_type=logparser
-# the java property is RESOURCE_NAME (uppercase), but the conf parameter is lowercase
-resource_name=paplp_1
+++ /dev/null
-# Copyright 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2018, 2020 AT&T Intellectual Property
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-log-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/log/xacml-pap-rest/logback.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-sdk-log-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/log/ep_sdk_app/logback.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-pe-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/pe/*").AsConfig . | indent 2 }}
----
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-db-configmap
namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/db.sh").AsConfig . | indent 2 }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - command:
- - sh
- args:
- - -c
- - "cd /config-input && for PFILE in `ls -1 *.conf`; do envsubst <${PFILE} >/config/${PFILE}; done"
- env:
- - name: JDBC_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- - name: JDBC_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
- volumeMounts:
- - mountPath: /config-input
- name: pe
- - mountPath: /config
- name: pe-processed
- image: "{{ .Values.global.envsubstImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-update-config
- - command:
- - /root/ready.py
- args:
- - --container-name
- - {{ include "common.release" . }}-galera-config
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- containers:
- - command:
- - /bin/bash
- - ./do-start.sh
- - pap
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- resources:
-{{ include "common.resources" . | indent 12 }}
- ports:
- - containerPort: {{ .Values.service.externalPort }}
- - containerPort: {{ .Values.service.externalPort2 }}
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.externalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.externalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: PRELOAD_POLICIES
- value: "{{ .Values.config.preloadPolicies }}"
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /tmp/policy-install/config/pap-tweaks.sh
- name: pe-pap
- subPath: pap-tweaks.sh
- - mountPath: /tmp/policy-install/config/paplp.conf
- name: pe-pap
- subPath: paplp.conf
- - mountPath: /tmp/policy-install/config/pap.conf
- name: pe-pap
- subPath: pap.conf
- - mountPath: /tmp/policy-install/config/mysql.conf
- name: pe-pap
- subPath: mysql.conf
- - mountPath: /tmp/policy-install/config/elk.conf
- name: pe-pap
- subPath: elk.conf
- - mountPath: /tmp/policy-install/config/console.conf
- name: pe-pap
- subPath: console.conf
- - mountPath: /tmp/policy-install/config/base.conf
- name: pe-processed
- subPath: base.conf
- - mountPath: /tmp/policy-install/do-start.sh
- name: pe-scripts
- subPath: do-start.sh
- - mountPath: /var/log/onap
- name: policy-logs
- - mountPath: /tmp/policy-install/logback.xml
- name: policy-sdk-logback
- subPath: logback.xml
- - mountPath: /tmp/logback.xml
- name: policy-logback
- subPath: logback.xml
- lifecycle:
- postStart:
- exec:
- command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/opt/app/policy/servers/pap/webapps/pap/WEB-INF/classes/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; export SRC=/tmp/policy-install/logback.xml; export DST=/opt/app/policy/servers/console/webapps/onap/WEB-INF/classes/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"]
- - image: "{{ .Values.global.loggingRepository | default .Values.loggingRepository }}/{{ .Values.global.loggingImage | default .Values.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: filebeat-onap
- volumeMounts:
- - mountPath: /usr/share/filebeat/filebeat.yml
- name: filebeat-conf
- subPath: filebeat.yml
- - mountPath: /var/log/onap
- name: policy-logs
- - mountPath: /usr/share/filebeat/data
- name: policy-data-filebeat
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: filebeat-conf
- configMap:
- name: {{ include "common.release" . }}-filebeat-configmap
- - name: policy-logs
- emptyDir: {}
- - name: policy-data-filebeat
- emptyDir: {}
- - name: policy-logback
- configMap:
- name: {{ include "common.fullname" . }}-log-configmap
- - name: policy-sdk-logback
- configMap:
- name: {{ include "common.fullname" . }}-sdk-log-configmap
- - name: pe
- configMap:
- name: {{ include "common.release" . }}-pe-configmap
- defaultMode: 0755
- - name: pe-scripts
- configMap:
- name: {{ include "common.release" . }}-pe-scripts-configmap
- defaultMode: 0777
- - name: pe-pap
- configMap:
- name: {{ include "common.fullname" . }}-pe-configmap
- defaultMode: 0755
- - name: pe-processed
- emptyDir:
- medium: Memory
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
# Copyright © 2018 Amdocs, Bell Canada
+# Modifications Copyright © 2020 AT&T Intellectual Property
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: batch/v1
kind: Job
metadata:
- name: {{ include "common.release" . }}-galera-config
+ name: {{ include "common.release" . }}-policy-galera-config
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}-job
apiVersion: v1
fieldPath: metadata.namespace
containers:
- - name: {{ include "common.release" . }}-galera-config
+ - name: {{ include "common.release" . }}-policy-galera-config
image: {{ .Values.mariadb_image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018-2019 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}-{{ .Values.service.externalPort }}
- - port: {{ .Values.service.externalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.portName }}-{{ .Values.service.externalPort2 }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}-{{ .Values.service.externalPort }}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName }}-{{ .Values.service.externalPort2 }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018-2020 AT&T
+# Modifications Copyright © 2018-2020 AT&T Intellectual Property
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# Global configuration defaults.
#################################################################
global:
- nodePortPrefix: 302
readinessRepository: oomk8s
readinessImage: readiness-check:2.0.2
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- envsubstImage: dibi/envsubst
- ubuntuImage: ubuntu:16.04
- pdp:
- nameOverride: pdp
- pap:
- nameOverride: pap
- drools:
- nameOverride: drools
- brmwgw:
- nameOverride: brmsgw
- nexus:
- nameOverride: nexus
+ aafEnabled: true
mariadb:
# '&mariadbConfig' means we "store" the values for later use in the file
# with '*mariadbConfig' pointer.
password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}'
passwordPolicy: generate
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/policy-pe:1.6.4
-mariadb_image: library/mariadb:10
-pullPolicy: Always
-
-subChartsOnly:
- enabled: true
-
db: &dbSecretsHook
credsExternalSecret: *dbSecretName
-pap:
- nameOverride: pap
+policy-api:
+ enabled: true
db: *dbSecretsHook
-pdp:
- nameOverride: pdp
+policy-pap:
+ enabled: true
db: *dbSecretsHook
-drools:
- nameOverride: drools
+policy-xacml-pdp:
+ enabled: true
db: *dbSecretsHook
-brmsgw:
- nameOverride: brmsgw
+policy-apex-pdp:
+ enabled: true
db: *dbSecretsHook
-policy-api:
+policy-drools-pdp:
+ enabled: true
db: *dbSecretsHook
-policy-xacml-pdp:
+policy-distribution:
+ enabled: true
db: *dbSecretsHook
+policy-nexus:
+ enabled: true
+
+#################################################################
+# DB configuration defaults.
+#################################################################
+
+repository: nexus3.onap.org:10001
+mariadb_image: library/mariadb:10
+pullPolicy: Always
-nexus:
- nameOverride: nexus
+subChartsOnly:
+ enabled: true
# flag to enable debugging - application support required
debugEnabled: false
-# application configuration
-config:
- preloadPolicies: false
- pdpPort: 8081
-
# default number of instances
replicaCount: 1
initialDelaySeconds: 10
periodSeconds: 10
-service:
- type: NodePort
- name: pap
- portName: pap
- internalPort: 8443
- externalPort: 8443
- nodePort: 19
- internalPort2: 9091
- externalPort2: 9091
- nodePort2: 18
-
-ingress:
- enabled: false
- service:
- - baseaddr: "policy.api"
- name: "pap"
- port: 8443
- config:
- ssl: "redirect"
-
mariadb-galera:
# mariadb-galera.config and global.mariadb.config must be equals
config:
[mysqld]
lower_case_table_names = 1
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1
- memory: 4Gi
- requests:
- cpu: 10m
- memory: 1Gi
- large:
- limits:
- cpu: 2
- memory: 8Gi
- requests:
- cpu: 20m
- memory: 2Gi
- unlimited: {}
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
+ initContainers:
+ - name: volume-permissions
+ image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
+ command: ['sh', '-c', 'chmod -R 777 /var/lib/mysql']
+ volumeMounts:
+ - mountPath: /var/lib/mysql
+ name: mariadb-data
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
persistence: {}
readinessRepository: oomk8s
readinessImage: readiness-check:2.0.0
-
+ busyBoxImage: busybox:1.30
+ busyBoxRepository: docker.io
# application image
repository: nexus3.onap.org:10001
-Subproject commit ad58ed92bd7c5cc7d51c09b405a99fd360ff5268
+Subproject commit b093c77b4faa2c4f0bfc67e481f724b6d67c7229
.project
.idea/
*.tmproj
+# avoid 1MB limit
+components/
+++ /dev/null
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
+++ /dev/null
-{
- "MainMenu": "gamma",
- "dbConnLimit": "100",
- "home": "/opt/admportal",
- "sslEnabled": "true",
- "nonSslPort": "8543",
- "ConexusNetworkPort": "{{.Values.service.internalPort}}",
- "AppNetworkPort": "8543",
- "clusterPort": "8443",
- "serviceHomingServiceType": "SDN-ETHERNET-INTERNET",
- "passwordKey": "QtfJMKggVk",
- "preloadImportDirectory": "C:/data/csv",
- "clusterPrefixURL": "/jolokia/read/org.opendaylight.controller:Category=Shards,name=member-",
- "clusterMidURL": "-shard-",
- "clusterSuffixURL": "-config,type=DistributedConfigDatastore",
- "shards": [
- "default",
- "inventory",
- "topology"
- ],
- "dbFabric": "false",
- "ip-addresses": {
- "lo": "127.0.0.1",
- "eth0": "127.0.0.1",
- "docker0": "172.17.0.1",
- "virbr0": "192.168.122.1"
- },
- "svclogicPropertiesDb01": "{{.Values.config.configDir}}/svclogic.properties.sdnctldb01",
- "databases": [
- "{{include "common.mariadbService" $}}|sdnc-sdnctldb01.{{.Release.Namespace}}"
- ],
- "dbFabricServer": "localhost",
- "dbFabricPort": "32275",
- "dbFabricGroupId": "hagroup1",
- "dbFabricUser": "${DB_FABRIC_USER}",
- "dbFabricPassword": "${DB_FABRIC_PASSWORD",
- "dbFabricDB": "{{.Values.config.dbFabricDB}}",
- "dbUser": "${SDNC_DB_USER}",
- "dbPassword": "${SDNC_DB_PASSWORD}",
- "dbName": "{{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}",
- "odlProtocol": "http",
- "odlHost": "sdnc.{{.Release.Namespace}}",
- "odlConexusHost": "sdnc.{{.Release.Namespace}}",
- "odlPort": "8181",
- "odlConexusPort": "8181",
- "odlUser": "${ODL_USER}",
- "odlPasswd": "${ODL_PASSWORD}",
- "ConexusNetwork_sslCert": "{{.Values.config.storesDir}}/org.onap.sdnc.p12",
- "ConexusNetwork_sslKey": "${KEYSTORE_PASSWORD}",
- "AppNetwork_sslCert": "",
- "AppNetwork_sslKey": "",
- "hostnameList": [
- {
- "hname": "localhost"
- }
- ],
- "shard_list": [
- {
- "shard_name": "default"
- },
- {
- "shard_name": "inventory"
- },
- {
- "shard_name": "topology"
- }
- ]
-}
+++ /dev/null
-###
-# ============LICENSE_START=======================================================
-# Copyright (C) 2018 ONAP Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-###
-org.onap.ccsdk.sli.dbtype=jdbc
-org.onap.ccsdk.sli.jdbc.hosts=sdnctldb01
-org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{include "common.mariadbService" $}}:{{include "common.mariadbPort" $}}/{{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
-org.onap.ccsdk.sli.jdbc.driver=org.mariadb.jdbc.Driver
-org.onap.ccsdk.sli.jdbc.database={{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
-org.onap.ccsdk.sli.jdbc.user=${SDNC_DB_USER}
-org.onap.ccsdk.sli.jdbc.password=${SDNC_DB_PASSWORD}
-org.onap.ccsdk.sli.jdbc.connection.name=sdnctldb01
-org.onap.ccsdk.sli.jdbc.connection.timeout=50
-org.onap.ccsdk.sli.jdbc.request.timeout=100
-org.onap.ccsdk.sli.jdbc.limit.init=10
-org.onap.ccsdk.sli.jdbc.limit.min=10
-org.onap.ccsdk.sli.jdbc.limit.max=20
-org.onap.dblib.connection.recovery=false
+++ /dev/null
-org.openecomp.sdnctl.sli.dbtype = jdbc
-org.openecomp.sdnctl.sli.jdbc.url = jdbc:mysql://sdnc-sdnctldb01:3306/{{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
-org.openecomp.sdnctl.sli.jdbc.database = {{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
-org.openecomp.sdnctl.sli.jdbc.user = ${SDNC_DB_USER}
-org.openecomp.sdnctl.sli.jdbc.password = ${SDNC_DB_PASSWORD}
+++ /dev/null
-org.openecomp.sdnctl.sli.dbtype = jdbc
-org.openecomp.sdnctl.sli.jdbc.url = jdbc:mysql://sdnc-sdnctldb02:3306/{{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
-org.openecomp.sdnctl.sli.jdbc.database = {{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
-org.openecomp.sdnctl.sli.jdbc.user = ${SDNC_DB_USER}
-org.openecomp.sdnctl.sli.jdbc.password = ${SDNC_DB_PASSWORD}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - command:
- - sh
- args:
- - -c
- - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
- env:
- - name: SDNC_DB_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- - name: SDNC_DB_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
- - name: DB_FABRIC_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "fabric-db-creds" "key" "login") | indent 10 }}
- - name: DB_FABRIC_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "fabric-db-creds" "key" "password") | indent 10 }}
- - name: ODL_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "login") | indent 10 }}
- - name: ODL_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "password") | indent 10 }}
- - name: KEYSTORE_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 10 }}
- volumeMounts:
- - mountPath: /config-input
- name: config-input
- - mountPath: /config
- name: properties
- image: "{{ .Values.global.envsubstImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-update-config
-
- - command:
- - /root/ready.py
- args:
- - --container-name
- - {{ include "common.mariadbService" . }}
- - --container-name
- - {{ .Values.config.sdncChartName }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- containers:
- - name: {{ include "common.name" . }}
- command: ["/bin/bash"]
- args: ["-c", "cd /opt/onap/sdnc/admportal/shell && ./start_portal.sh"]
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{ if .Values.liveness.enabled }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: MYSQL_ROOT_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-password" "key" "password") | indent 14 }}
- - name: SDNC_CONFIG_DIR
- value: "{{ .Values.config.configDir }}"
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: {{ .Values.config.configDir }}/admportal.json
- name: properties
- subPath: admportal.json
- - mountPath: {{ .Values.config.configDir }}/dblib.properties
- name: properties
- subPath: dblib.properties
- - mountPath: {{ .Values.config.configDir }}/svclogic.properties
- name: properties
- subPath: svclogic.properties
- - mountPath: {{ .Values.config.configDir }}/svclogic.properties.sdnctldb01
- name: properties
- subPath: svclogic.properties
- - mountPath: {{ .Values.config.configDir }}/svclogic.properties.sdnctldb02
- name: properties
- subPath: svclogic.properties.sdnctldb02
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: config-input
- configMap:
- name: {{ include "common.fullname" . }}
- defaultMode: 0644
- - name: properties
- emptyDir:
- medium: Memory
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2020 Samsung, Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.ingress" . }}
+++ /dev/null
-{{/*
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{ include "common.secretFast" . }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "sdnc-portal",
- "version": "v1",
- "url": "/",
- "protocol": "UI",
- "port": "{{ .Values.service.externalPort }}",
- "visualRange":"0|1"
- }
- ]'
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- # envsusbt
- envsubstImage: dibi/envsubst
-
- mariadbGalera:
- #This flag allows SO to instantiate its own mariadb-galera cluster
- #If shared instance is used, this chart assumes that DB already exists
- localCluster: false
- service: mariadb-galera
- internalPort: 3306
- nameOverride: mariadb-galera
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: db-root-password
- type: password
- externalSecret: '{{ .Values.global.mariadbGalera.localCluster | ternary (default (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (index .Values "mariadb-galera" "nameOverride"))) (index .Values "mariadb-galera" "config" "mariadbRootPasswordExternalSecret")) (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) }}'
- password: '{{ index .Values "mariadb-galera" "config" "mariadbRootPassword" }}'
- passwordPolicy: required
- - uid: db-secret
- name: &dbSecretName '{{ include "common.release" . }}-sdnc-portal-db-secret'
- type: basicAuth
- # This is a nasty trick that allows you override this secret using external one
- # with the same field that is used to pass this to subchart
- externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "sdnc-portal-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}'
- login: '{{ index .Values "mariadb-galera" "config" "userName" }}'
- password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}'
- passwordPolicy: required
- - uid: odl-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.config.odlCredsExternalSecret) . }}'
- login: '{{ .Values.config.odlUser }}'
- password: '{{ .Values.config.odlPassword }}'
- passwordPolicy: required
- - uid: fabric-db-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.config.odlCredsExternalSecret) . }}'
- login: '{{ .Values.config.dbFabricUser }}'
- password: '{{ .Values.config.dbFabricPassword }}'
- passwordPolicy: required
- - uid: keystore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.config.KeyStorePwdExternalSecret) . }}'
- password: '{{ .Values.config.keystorePwd }}'
- passwordPolicy: required
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/admportal-sdnc-image:1.8.4
-config:
- dbFabricDB: mysql
- dbFabricUser: admin
- dbFabricPassword: admin
- # dbFabricDBCredsExternalSecret: some secret
- sdncChartName: sdnc
- configDir: /opt/onap/sdnc/data/properties
- storesDir: /opt/onap/sdnc/data/stores
- odlUser: admin
- odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
- # odlCredsExternalSecret: some secret
- keystorePwd: ff^G9D]yf&r}Ktum@BJ0YB?N
- # keystorePwdExternalSecret: some secret
-
-mariadb-galera:
- config:
- userCredentialsExternalSecret: *dbSecretName
- userName: sdnctl
- userPassword: gamma
- mysqlDatabase: sdnctl
- nameOverride: sdnc-portal-galera
- service:
- name: sdnc-portal-galera
- portName: sdnc-portal-galera
- internalPort: 3306
- replicaCount: 1
- persistence:
- enabled: true
- mountSubPath: sdnc-portal/maria/data
-
-# default number of instances
-replicaCount: 0
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 180
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 60
- periodSeconds: 10
-
-service:
- type: NodePort
- name: sdnc-portal
- portName: sdnc-portal
- internalPort: 8443
- externalPort: 8443
- nodePort: "01"
-
-ingress:
- enabled: false
- service:
- - baseaddr: "sdnc-portal.api"
- name: "sdnc-portal"
- port: 8443
- config:
- ssl: "redirect"
-
-#Resource limit flavor -By default using small
-flavor: small
-#segregation for different environment (small and large)
-
-resources:
- small:
- limits:
- cpu: 1
- memory: 1Gi
- requests:
- cpu: 0.5
- memory: 500Mi
- large:
- limits:
- cpu: 2
- memory: 2Gi
- requests:
- cpu: 1
- memory: 1Gi
- unlimited: {}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
selector:
matchLabels:
app: {{ include "common.name" . }}
replicas: {{ .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- command:
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
selector:
matchLabels:
app: {{ include "common.name" . }}
replicas: {{ .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- command:
targetPort: {{ .Values.service.internalPort }}
name: {{ .Values.service.name }}
selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ app.kubernetes.io/name: {{ include "common.name" . }}
+ app.kubernetes.io/instance: {{ include "common.release" . }}
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
selector:
matchLabels:
app: {{ include "common.name" . }}
replicas: 1
+ selector: {{- include "common.selectors" . | nindent 4 }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- command:
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2020 highstreet technologies GmbH
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
apiVersion: v1
-description: SDN-C Admin Portal
-name: sdnc-portal
-version: 6.0.0
\ No newline at end of file
+description: SDN-C Web Server
+name: sdnc-web
+version: 6.0.0
+# Copyright © 2020 highstreet technologies GmbH
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
dependencies:
- name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: certInitializer
version: ~6.x-0
repository: '@local'
\ No newline at end of file
--- /dev/null
+# Copyright © 2020 highstreet technologies GmbH
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ serviceName: "sdnc-web"
+ replicas: {{ .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ initContainers: {{ include "common.certInitializer.initContainer" . | indent 6 }}
+ - name: {{ include "common.name" . }}-readiness
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /root/ready.py
+ args:
+ - --container-name
+ - {{ .Values.config.sdncChartName }}
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports: {{- include "common.containerPorts" . | indent 10 }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{ if .Values.liveness.enabled }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ - name: WEBPROTOCOL
+ value: {{ .Values.config.webProtocol }}
+ - name: WEBPORT
+ value: {{ .Values.config.webPort | quote }}
+ - name: SDNRPROTOCOL
+ value: {{ .Values.config.sdnrProtocol }}
+ - name: SDNRHOST
+ value: {{ .Values.config.sdnrHost }}.{{ include "common.namespace" . }}
+ - name: SDNRPORT
+ value: {{ .Values.config.sdnrPort | quote }}
+ - name: SSL_CERT_DIR
+ value: {{ .Values.config.sslCertDir }}
+ - name: SSL_CERTIFICATE
+ value: {{ .Values.config.sslCertiticate }}
+ - name: SSL_CERTIFICATE_KEY
+ value: {{ .Values.config.sslCertKey }}
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+
+ resources: {{ include "common.resources" . | nindent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/* # Copyright © 2020 highstreet technologies GmbH
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{- include "common.service" . -}}
+
--- /dev/null
+# Copyright © 2020 highstreet technologies GmbH
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ aafEnabled: true
+ nodePortPrefix: 322
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.2
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+ k8scluster: svc.cluster.local
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: nexus3.onap.org:10001
+image: "onap/sdnc-web-image:1.8.3"
+pullPolicy: Always
+
+config:
+ sdncChartName: sdnc
+ webProtocol: HTTPS
+ webPort: 8443
+ #sdnrProtocol: HTTPS
+ sdnrProtocol: HTTPS
+ #sdnrHost: "sdnc.onap"
+ sdnrHost: "sdnc"
+ sdnrPort: "8443"
+ sslCertDir: "/opt/app/osaaf/local/certs"
+ sslCertiticate: "cert.pem"
+ sslCertKey: "key.pem"
+
+
+#################################################################
+# aaf configuration defaults.
+#################################################################
+certInitializer:
+ nameOverride: sdnc-web-cert-initializer
+ fqdn: "sdnc"
+ app_ns: "org.osaaf.aaf"
+ fqi: "sdnc@sdnc.onap.org"
+ fqi_namespace: "org.onap.sdnc"
+ public_fqdn: "sdnc.onap.org"
+ aafDeployFqi: "deployer@people.osaaf.org"
+ aafDeployPass: demo123456!
+ cadi_latitude: "38.0"
+ cadi_longitude: "-72.0"
+ credsPath: /opt/app/osaaf/local
+ aaf_add_config: >
+ cd /opt/app/osaaf/local;
+ mkdir -p certs;
+ export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0);
+ keytool -exportcert -rfc -file certs/cacert.pem -keystore {{ .Values.fqi_namespace }}.trust.jks -alias ca_local_0 -storepass $cadi_truststore_password;
+ openssl pkcs12 -in {{ .Values.fqi_namespace }}.p12 -out certs/cert.pem -passin pass:$cadi_keystore_password_p12 -passout pass:$cadi_keystore_password_p12;
+ cp {{ .Values.fqi_namespace }}.key certs/key.pem;
+ chmod -R 755 certs;
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 180
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 60
+ periodSeconds: 10
+
+service:
+ name: sdnc-web
+ suffix: service
+ type: NodePort
+ sessionAffinity: ClientIP
+ # for liveness and readiness probe only
+ # internalPort:
+ internalPort: 8443
+ ports:
+ - name: "sdnc-web"
+ port: "8443"
+ nodePort: "05"
+
+#ingress:
+# enabled: false
+
+#Resource limit flavor -By default using small
+flavor: small
+#segregation for different environment (small and large)
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 1Gi
+ requests:
+ cpu: 0.5
+ memory: 500Mi
+ large:
+ limits:
+ cpu: 2
+ memory: 2Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ unlimited: {}
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
selector:
matchLabels:
app: {{ include "common.name" . }}
replicas: {{ .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- command:
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2017 Amdocs, Bell Canada,
+# Copyright © 2020 highstreet technologies GmbH
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- name: certInitializer
version: ~6.x-0
repository: '@local'
+ - name: logConfiguration
+ version: ~6.x-0
+ repository: '@local'
- name: network-name-gen
version: ~6.x-0
repository: '@local'
+ condition: network-name-gen.enabled
- name: dgbuilder
version: ~6.x-0
repository: '@local'
+ condition: dgbuilder.enabled
- name: sdnc-prom
version: ~6.x-0
repository: '@local'
- name: elasticsearch
version: ~6.x-0
repository: '@local'
+ condition: config.sdnr.enabled
+ # conditions for sdnc-subcharts
+ - name: dmaap-listener
+ version: ~6.x-0
+ repository: 'file://components/dmaap-listener/'
+ condition: sdnc.dmaap-listener.enabled,dmaap-listener.enabled
+ - name: ueb-listener
+ version: ~6.x-0
+ repository: 'file://components/ueb-listener/'
+ condition: sdnc.ueb-listener.enabled,ueb-listener.enabled
+ - name: sdnc-ansible-server
+ version: ~6.x-0
+ repository: 'file://components/sdnc-ansible-server/'
+ condition: sdnc.sdnc-ansible-server.enabled,sdnc-ansible-server.enabled
+ - name: sdnc-web
+ version: ~6.x-0
+ repository: 'file://components/sdnc-web/'
+ condition: sdnc.sdnc-web.enabled,sdnc-web.enabled
+
+
+
--- /dev/null
+[general]
+dmaapEnabled={{.Values.config.sdnr.mountpointRegistrarEnabled | default "false"}}
+{{ if .Values.global.aafEnabled }}
+baseUrl=https://localhost:{{.Values.service.internalPort4}}
+{{- else }}
+baseUrl=http://localhost:{{.Values.service.internalPort}}
+{{- end }}
+sdnrUser=${ODL_ADMIN_USERNAME}
+sdnrPasswd=${ODL_ADMIN_PASSWORD}
+
+[fault]
+faultConsumerClass=org.onap.ccsdk.features.sdnr.wt.mountpointregistrar.impl.DMaaPFaultVESMsgConsumer
+TransportType=HTTPNOAUTH
+host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort | default "3904"}}
+topic=unauthenticated.SEC_FAULT_OUTPUT
+contenttype=application/json
+group=myG
+id=C1
+timeout=50000
+limit=10000
+
+[pnfRegistration]
+pnfRegConsumerClass=org.onap.ccsdk.features.sdnr.wt.mountpointregistrar.impl.DMaaPPNFRegVESMsgConsumer
+TransportType=HTTPNOAUTH
+host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort | default "3904"}}
+topic=unauthenticated.VES_PNFREG_OUTPUT
+contenttype=application/json
+group=myG
+id=C1
+timeout=50000
+limit=10000
--- /dev/null
+[general]
+dmaapEnabled={{.Values.config.sdnr.mountpointStateProviderEnabled | default "false"}}
+TransportType=HTTPNOAUTH
+host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort | default "3904"}}
+topic=unauthenticated.SDNR_MOUNTPOINT_STATE_INFO
+contenttype=application/json
+timeout=20000
+limit=10000
+maxBatchSize=100
+maxAgeMs=250
+MessageSentThreadOccurance=50
log4j2.rootLogger.appenderRef.DebugFile.ref = DebugFile
log4j2.rootLogger.appenderRef.ErrorFile.ref = ErrorFile
log4j2.rootLogger.appenderRef.Console.filter.threshold.type = ThresholdFilter
-log4j2.rootLogger.appenderRef.Console.filter.threshold.level = ${karaf.log.console:-OFF}
+log4j2.rootLogger.appenderRef.Console.filter.threshold.level = ${env:KARAF_CONSOLE_LOG_LEVEL\:-OFF}
log4j2.bundle.info = %X{bundle.id} - %.50X{bundle.name} - %X{bundle.version}
# Veracode: Address Improper Output Neutralization for Logs CWE ID 117 flaw
log4j2.appender.error.strategy.fileIndex = min
log4j2.appender.error.filter.threshold.type = ThresholdFilter
log4j2.appender.error.filter.threshold.level = WARN
-log4j2.appender.error.filter.threshold.match = ACCEPT
log4j2.appender.metric.type = RollingRandomAccessFile
log4j2.appender.metric.name = MetricFile
log4j2.appender.rr.strategy.fileIndex = min
log4j2.appender.security.type = RollingRandomAccessFile
-log4j2.appender.security.name = securityRollingFile
+log4j2.appender.security.name = SecurityFile
log4j2.appender.security.fileName = ${logDirectory}/${securityLogName}.log
log4j2.appender.security.filePattern = ${logDirectory}/${securityLogName}.log.%i
log4j2.appender.security.append = true
log4j2.logger.security.name = org.apache.karaf.jaas.modules.audit
log4j2.logger.security.level = INFO
log4j2.logger.security.additivity = false
-log4j2.logger.security.appenderRef.AuditRollingFile.ref = AuditRollingFile
+log4j2.logger.security.appenderRef.SecurityFile.ref = SecurityFile
log4j2.logger.audit.name = org.onap.logging.filter.base.AbstractAuditLogFilter
log4j2.logger.audit.level = INFO
image: onap/sdnc-ansible-server-image:1.7.0
dmaap-listener:
image: onap/sdnc-dmaap-listener-image:1.7.0
- sdnc-portal:
- image: onap/admportal-sdnc-image:1.7.0
ueb-listener:
image: onap/sdnc-ueb-listener-image:1.7.0
cds:
+{{- if .Values.dgbuilder.enabled -}}
{{/*
# Copyright © 2017 Amdocs, Bell Canada, AT&T
#
restartPolicy: Never
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
+{{- end -}}
--- /dev/null
+# Copyright © 2020 highstreet technologies GmbH
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{ if .Values.config.sdnr.enabled -}}
+apiVersion: batch/v1
+kind: Job
+metadata: {{- include "common.resourceMetadata" (dict "suffix" "sdnrdb-init-job" "dot" . ) | nindent 2 }}
+spec:
+ backoffLimit: 20
+ template:
+ metadata: {{ include "common.templateMetadata" . | indent 6}}
+ spec:
+ initContainers:
+ {{ include "common.certInitializer.initContainer" . | indent 6 }}
+ {{ if .Values.global.aafEnabled }}
+ - name: {{ include "common.name" . }}-chown
+ image: "busybox"
+ command: ["sh", "-c", "chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.certInitializer.credsPath }}"]
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
+ {{ end }}
+ - name: {{ include "common.name" . }}-readiness
+ command:
+ - /root/ready.py
+ args:
+ - --container-name
+ - {{.Values.elasticsearch.nameOverride}}-elasticsearch
+ - --container-name
+ - {{.Values.elasticsearch.nameOverride}}-nginx
+ - --container-name
+ - {{.Values.elasticsearch.nameOverride}}-master
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ containers:
+ - name: {{ include "common.name" . }}-sdnrdb-init-job
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command: ["/bin/bash"]
+ args: ["-c", "{{ .Values.config.binDir }}/startODL.oom.sh"]
+ env:
+ - name: SDNC_AAF_ENABLED
+ value: "{{ .Values.global.aafEnabled}}"
+ - name: SDNC_HOME
+ value: "{{.Values.config.sdncHome}}"
+ - name: ETC_DIR
+ value: "{{.Values.config.etcDir}}"
+ - name: BIN_DIR
+ value: "{{.Values.config.binDir}}"
+ ## start sdnrdb parameter
+ - name: SDNRINIT
+ value: "true"
+ - name: SDNRDBURL
+ {{ if .Values.global.aafEnabled -}}
+ value: "https://{{ .Values.elasticsearch.service.name | default "sdnrdb"}}.{{.Release.Namespace}}:{{.Values.elasticsearch.service.port | default "9200"}}"
+ {{- else -}}
+ value: "http://{{ .Values.elasticsearch.service.name | default "sdnrdb"}}.{{.Release.Namespace}}:{{.Values.elasticsearch.service.port | default "9200"}}"
+ {{- end }}
+ - name: SDNRDBPARAMETER
+ value: "-k"
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity: {{ toYaml .Values.affinity | nindent 10 }}
+ {{- end }}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: docker-entrypoint-initdb-d
+ emptyDir: {}
+ - name: bin
+ configMap:
+ name: {{ include "common.fullname" . }}-bin
+ defaultMode: 0755
+ - name: properties
+ configMap:
+ name: {{ include "common.fullname" . }}-properties
+ defaultMode: 0644
+{{ include "common.certInitializer.volumes" . | nindent 6 }}
+ restartPolicy: Never
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
+
+{{ end -}}
\ No newline at end of file
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-
{{ include "common.secretFast" . }}
{{/*
# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2020 highstreet technologies GmbH
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
targetPort: {{ .Values.service.internalPort4 }}
{{ end }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort4 }}
+ {{ if .Values.config.sdnr.enabled }}
+ Session Affinity: ClientIP
+ {{ end }}
selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ app.kubernetes.io/name: {{ include "common.name" . }}
+ app.kubernetes.io/instance: {{ include "common.release" . }}
---
apiVersion: v1
kind: Service
port: {{ .Values.service.externalPort2 }}
targetPort: {{ .Values.service.internalPort2 }}
selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ app.kubernetes.io/name: {{ include "common.name" . }}
+ app.kubernetes.io/instance: {{ include "common.release" . }}
---
apiVersion: v1
kind: Service
port: {{ .Values.service.clusterPort }}
clusterIP: None
selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ app.kubernetes.io/name: {{ include "common.name" . }}
+ app.kubernetes.io/instance: {{ include "common.release" . }}
sessionAffinity: None
type: ClusterIP
{{/*
-# Copyright © 2020 Samsung Electronics
+# Copyright © 2020 Samsung Electronics, highstreet technologies GmbH
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
apiVersion: apps/v1
kind: StatefulSet
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
selector:
matchLabels:
app: {{ include "common.name" . }}
serviceName: {{ include "common.servicename" . }}-cluster
replicas: {{ .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
podManagementPolicy: Parallel
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- command:
image: "{{ .Values.global.envsubstImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
-
+ {{ if .Values.dgbuilder.enabled -}}
- command:
- /root/ready.py
args:
+ {{ if or .Values.dgbuilder.enabled .Values.config.sdnr.enabled -}}
- --container-name
- {{ include "common.mariadbService" . }}
+ {{ end -}}
+ {{ if .Values.config.sdnr.enabled -}}
+ - --container-name
+ - {{ include "common.name" . }}-sdnrdb-init-job
+ {{ end -}}
env:
- name: NAMESPACE
valueFrom:
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
-
+ {{ end -}}
{{ include "common.certInitializer.initContainer" . | indent 6 }}
- name: {{ include "common.name" . }}-chown
image: "busybox"
- command: ["sh", "-c", "chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.persistence.mdsalPath }} ; chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.certInitializer.credsPath }}"]
+ command:
+ - sh
+ args:
+ - -c
+ - chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.persistence.mdsalPath }}
+{{- if .Values.global.aafEnabled }}
+ - chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.certInitializer.credsPath }}
+{{- end }}
volumeMounts:
{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: {{ .Values.persistence.mdsalPath }}
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- if not .Values.config.sdnr.enabled }}
command: ["/bin/bash"]
args: ["-c", "/opt/onap/sdnc/bin/startODL.sh"]
+ {{ else }}
+ command: ["/bin/bash"]
+ args: ["-c", "{{ .Values.config.binDir }}/startODL.oom.sh"]
+ {{ end }}
ports:
- containerPort: {{ .Values.service.internalPort }}
- containerPort: {{ .Values.service.internalPort2 }}
value: {{ include "common.mariadbService" . }}
- name: JAVA_HOME
value: "{{ .Values.config.javaHome}}"
+ - name: KARAF_CONSOLE_LOG_LEVEL
+ value: "{{ include "common.log.level" . }}"
+ - name: SDNRWT
+ value: "{{ .Values.config.sdnr.enabled | default "false"}}"
+ {{- if eq .Values.config.sdnr.mode "web" }}
+ - name: SDNRDM
+ value: "true"
+ {{- end }}
+ - name: SDNRONLY
+ value: "{{ .Values.config.sdnr.sdnronly | default "false" }}"
+ - name: SDNRDBURL
+ {{- $prefix := ternary "https" "http" .Values.global.aafEnabled}}
+ value: "{{$prefix}}://{{ .Values.elasticsearch.service.name | default "sdnrdb"}}.{{.Release.Namespace}}:{{.Values.elasticsearch.service.port | default "9200"}}"
+ {{- if .Values.config.sdnr.sdnrdbTrustAllCerts }}
+ - name: SDNRDBTRUSTALLCERTS
+ value: "true"
+ {{ end }}
+
volumeMounts:
{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
- mountPath: {{ .Values.config.odl.binDir }}/setenv
name: properties
subPath: setenv
+ - mountPath: {{ .Values.config.odl.etcDir }}/mountpoint-registrar.properties
+ name: properties
+ subPath: mountpoint-registrar.properties
+ - mountPath: {{ .Values.config.odl.etcDir }}/mountpoint-state-provider.properties
+ name: properties
+ subPath: mountpoint-state-provider.properties
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
-# Copyright © 2020 Samsung Electronics
+# Copyright © 2020 Samsung Electronics, highstreet technologies GmbH
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
login: '{{ .Values.config.scaleoutUser }}'
password: '{{ .Values.config.scaleoutPassword }}'
passwordPolicy: required
-
#################################################################
# Application configuration defaults.
#################################################################
etcDir: /opt/opendaylight/etc
binDir: /opt/opendaylight/bin
salConfigDir: /opt/opendaylight/system/org/opendaylight/controller/sal-clustering-config
- salConfigVersion: 1.8.2
+ salConfigVersion: 1.9.1
akka:
seedNodeTimeout: 15s
circuitBreaker:
maxGCPauseMillis: 100
parallelGCThreads : 3
numberGGLogFiles: 10
+ # enables sdnr functionality
+ sdnr:
+ enabled: true
+ # mode: web - SDNC contains device manager only plus dedicated webserver service for ODLUX (default),
+ # mode: dm - SDNC contains sdnr device manager + ODLUX components
+ mode: dm
+ # sdnronly: true starts sdnc container with odl and sdnrwt features only
+ sdnronly: false
+ sdnrdbTrustAllCerts: true
+ mountpointRegistrarEnabled: false
+ mountpointStateProviderEnabled: false
+
+
# dependency / sub-chart configuration
certInitializer:
nameOverride: sdnc-cert-initializer
+ truststoreMountpath: /opt/onap/sdnc/data/stores
fqdn: "sdnc"
app_ns: "org.osaaf.aaf"
fqi: "sdnc@sdnc.onap.org"
cd /opt/app/osaaf/local;
/opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} | grep cadi_keystore_password= | cut -d= -f 2 > {{ .Values.credsPath }}/.pass 2>&1
+# dependency / sub-chart configuration
+network-name-gen:
+ enabled: true
mariadb-galera: &mariadbGalera
nameOverride: sdnc-db
config: &mariadbGaleraConfig
enabled: false
dmaap-listener:
+ enabled: true
nameOverride: sdnc-dmaap-listener
mariadb-galera:
<<: *mariadbGalera
odlCredsExternalSecret: *odlCredsSecretName
ueb-listener:
+ enabled: true
mariadb-galera:
<<: *mariadbGalera
config:
configDir: /opt/onap/sdnc/data/properties
odlCredsExternalSecret: *odlCredsSecretName
-sdnc-portal:
- mariadb-galera:
- <<: *mariadbGalera
- config:
- <<: *mariadbGaleraConfig
- mysqlDatabase: *sdncDbName
- config:
- sdncChartName: sdnc
- configDir: /opt/onap/sdnc/data/properties
- odlCredsExternalSecret: *odlCredsSecretName
-
sdnc-ansible-server:
+ enabled: true
config:
restCredsExternalSecret: *ansibleSecretName
mariadb-galera:
internalPort: 8000
dgbuilder:
+ enabled: true
nameOverride: sdnc-dgbuilder
config:
db:
- baseaddr: "sdnc-dgbuilder"
name: "sdnc-dgbuilder"
port: 3000
+ - baseaddr: "sdnc-web-service"
+ name: "sdnc-web-service"
+ port: 8443
config:
ssl: "redirect"
+
+
# local elasticsearch cluster
localElasticCluster: true
elasticsearch:
fqi: "sdnc@sdnc.onap.org"
service:
name: sdnrdb
-
master:
replicaCount: 3
# dedicatednode: "yes"
# handles master and data node functionality
dedicatednode: "no"
nameOverride: sdnrdb
-
- curator:
- enabled: true
- nameOverride: sdnrdb
- data:
- enabled: true
- replicaCount: 1
- nameOverride: sdnrdb
-
-
+# enable
+sdnc-web:
+ enabled: false
# default number of instances
replicaCount: 1
-#!/bin/bash
+#!/bin/sh
# ============LICENSE_START=======================================================
-# ONAP
-# ================================================================================
-# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (C) 2020 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
# ============LICENSE_END=========================================================
-policy status
+echo "Creating nfvo database . . ." 1>/tmp/mariadb-nfvodb.log 2>&1
+
+prepare_password()
+{
+ echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g"
+}
+
+NFVO_DB_PASSWORD=`prepare_password $NFVO_DB_PASSWORD`
+
+mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1
+CREATE DATABASE /*!32312 IF NOT EXISTS*/ nfvo /*!40100 DEFAULT CHARACTER SET latin1 */;
+DROP USER IF EXISTS '${NFVO_DB_USER}';
+CREATE USER '${NFVO_DB_USER}';
+GRANT ALL on nfvo.* to '${NFVO_DB_USER}' identified by '${NFVO_DB_PASSWORD}' with GRANT OPTION;
+FLUSH PRIVILEGES;
+EOF
+
+echo "Created nfvo database . . ." 1>>/tmp/mariadb-nfvodb.log 2>&1
GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON requestdb.* TO '${DB_USER}'@'%';
GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON catalogdb.* TO '${DB_USER}'@'%';
GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON camundabpmn.* TO '${DB_USER}'@'%';
+GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON nfvo.* TO '${DB_USER}'@'%';
FLUSH PRIVILEGES;
EOF
GRANT ALL PRIVILEGES ON camundabpmn.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION;
GRANT ALL PRIVILEGES ON requestdb.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION;
GRANT ALL PRIVILEGES ON catalogdb.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION;
+GRANT ALL PRIVILEGES ON nfvo.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION;
FLUSH PRIVILEGES;
EOF
command:
- /bin/bash
- -c
- - mysqldump -vv --user=${DB_USER} --password=${DB_PASS} --host=${DB_HOST} --port=${DB_PORT} --databases --single-transaction --quick --lock-tables=false catalogdb requestdb > /var/data/mariadb/backup-`date +%s`.sql
+ - mysqldump -vv --user=${DB_USER} --password=${DB_PASS} --host=${DB_HOST} --port=${DB_PORT} --databases --single-transaction --quick --lock-tables=false catalogdb requestdb nfvo > /var/data/mariadb/backup-`date +%s`.sql
volumeMounts:
- mountPath: /etc/localtime
name: localtime
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "catalog-db-creds" "key" "login") | indent 10 }}
- name: CATALOG_DB_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "catalog-db-creds" "key" "password") | indent 10 }}
+ - name: NFVO_DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nfvo-db-creds" "key" "login") | indent 10 }}
+ - name: NFVO_DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nfvo-db-creds" "key" "password") | indent 10 }}
volumeMounts:
- mountPath: /etc/localtime
name: localtime
externalSecret: '{{ tpl (default "" .Values.db.catalog.dbCredsExternalSecret) . }}'
login: '{{ .Values.db.catalog.userName }}'
password: '{{ .Values.db.catalog.password }}'
-
-
+ - uid: nfvo-db-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.nfvo.dbCredsExternalSecret) . }}'
+ login: '{{ .Values.db.nfvo.userName }}'
+ password: '{{ .Values.db.nfvo.password }}'
#################################################################
# Application configuration defaults.
userName: cataloguser
password: catalog123
# dbCredsExternalSecret: some secret
+ nfvo:
+ userName: nfvouser
+ # dbCredsExternalSecret: some secret
# application configuration
config:
value: "{{ .Values.global.config.mariadb_admin }}"
- name: MYSQL_ROOT_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}}
- - name: REDIS_ADDR
- value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
+ - name: REDIS_HOST
+ value: "{{ .Values.global.config.redisServiceName }}"
+ - name: REDIS_PORT
+ value: "{{ .Values.global.config.redisPort }}"
- name: REG_TO_MSB_WHEN_START
value: "{{ .Values.global.config.reg_to_msb_when_start }}"
volumeMounts:
# limitations under the License.
apiVersion: v1
-description: ONAP VFC - DB
+description: ONAP VFC - REDIS
name: vfc-redis
version: 6.0.0
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
- containerPort: {{ .Values.service.internalPort }}
- - containerPort: {{ .Values.service.internalPort2 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{ if .Values.liveness.enabled }}
targetPort: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
name: {{ .Values.service.portName }}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}2
-
{{- else -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
name: {{ .Values.service.portName }}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName }}2
-
{{- end}}
selector:
app: {{ include "common.name" . }}
type: ClusterIP
name: vfc-redis
portName: vfc-redis
- externalPort: 3306
- internalPort: 3306
- externalPort2: 6379
- internalPort2: 6379
+ externalPort: 6379
+ internalPort: 6379
ingress:
enabled: false
value: "{{ .Values.global.config.mariadb_admin }}"
- name: MYSQL_ROOT_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}}
- - name: REDIS_ADDR
- value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
+ - name: REDIS_HOST
+ value: "{{ .Values.global.config.redisServiceName }}"
+ - name: REDIS_PORT
+ value: "{{ .Values.global.config.redisPort }}"
- name: REG_TO_MSB_WHEN_START
value: "{{ .Values.global.config.reg_to_msb_when_start }}"
volumeMounts:
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: MYSQL_ADDR
value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
- - name: REDIS_ADDR
- value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
+ - name: REDIS_HOST
+ value: "{{ .Values.global.config.redisServiceName }}"
+ - name: REDIS_PORT
+ value: "{{ .Values.global.config.redisPort }}"
- name: MYSQL_ROOT_USER
value: "{{ .Values.global.config.mariadb_admin }}"
- name: MYSQL_ROOT_PASSWORD
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: MYSQL_ADDR
value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
- - name: REDIS_ADDR
- value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
+ - name: REDIS_HOST
+ value: "{{ .Values.global.config.redisServiceName }}"
+ - name: REDIS_PORT
+ value: "{{ .Values.global.config.redisPort }}"
- name: MYSQL_ROOT_USER
value: "{{ .Values.global.config.mariadb_admin }}"
- name: MYSQL_ROOT_PASSWORD
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.fullname" . }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
replicas: {{ .Values.replicaCount }}
template:
metadata: