To deploy all ONAP applications use this command::
> cd oom/kubernetes
- > helm deploy dev local/onap --namespace onap --set global.masterPassword=myAwesomePasswordThatINeedToChange -f onap/resources/overrides/onap-all.yaml -f onap/resources/overrides/environment.yaml -f onap/resources/overrides/openstack.yaml --timeout 900s
+ > helm deploy dev local/onap --namespace onap --create-namespace --set global.masterPassword=myAwesomePasswordThatINeedToChange -f onap/resources/overrides/onap-all.yaml -f onap/resources/overrides/environment.yaml -f onap/resources/overrides/openstack.yaml --timeout 900s
All override files may be customized (or replaced by other overrides) as per
needs.
The Helm search command reads through all of the repositories configured on the
system, and looks for matches::
- > helm search -l
+ > helm search repo local
NAME VERSION DESCRIPTION
local/appc 2.0.0 Application Controller
local/clamp 2.0.0 ONAP Clamp
six
sphinx_rtd_theme>=0.4.3
sphinxcontrib-blockdiag
-sphinxcontrib-needs>=0.2.3
+sphinxcontrib-needs<0.6.0
sphinxcontrib-nwdiag
sphinxcontrib-redoc
sphinxcontrib-seqdiag
--- /dev/null
+AAF
+AAI
+adaptor
+Adaptor
+adaptors
+Adaptors
+Alcatel
+Ansible
+API
+APIs
+APPC
+ASCII
+Avro
+BPMN
+Camunda
+Cask
+Cassandra
+CCSDK
+CD
+CDAP
+Ceilometer
+CentOS
+CI
+CLI
+Cloudify
+Codec
+committer
+committers
+CommonMark
+Contrail
+CPU
+CRM
+CSCF
+CSIT
+cyber
+DBaaS
+DCAE
+DevOps
+DHCP
+Django
+DMaaP
+DNS
+DNSaaS
+DPDK
+Ebook
+elasticsearch
+Elasticsearch
+Enablement
+enum
+Enum
+env
+Env
+ENV
+ethernet
+Facebook
+failover
+fallback
+Fcaps
+Financials
+geocoder
+Gerrit
+Github
+graphSON
+guestOS
+gui
+Hadoop
+hardcoded
+hashtag
+healthcheck
+healthCheck
+Healthcheck
+HealthCheck
+healthchecks
+heatbridge
+heatclient
+HeatStack
+hostname
+hostName
+Hostname
+hostnames
+hostOS
+htm
+html
+http
+Http
+httpclient
+httpcomponents
+httpdomain
+httpHeader
+httpPort
+httpreturncode
+https
+httpStatusCode
+Huawei
+hyperlink
+Hyperlink
+hypervisor
+Hypervisor
+hypervisors
+Hypervisors
+IaaS
+indices
+Indices
+inline
+internet
+interoperable
+interoperate
+Interoperate
+interoperation
+interwork
+Interworking
+IoT
+ip
+Ip
+IP
+ipAddress
+iPAddress
+IPAddress
+ipam
+Ipam
+ipVersion
+Jacoco
+java
+javalib
+javascript
+Javascript
+jboss
+JBoss
+Jenkins
+Jira
+jpath
+json
+Json
+jsonObject
+jsonObjectInstance
+jsonObjects
+jsonschema
+jtosca
+junit
+Junit
+JUnit
+Junits
+JUnits
+keypair
+Keypair
+keypairs
+keyserver
+keyservers
+keyspace
+Keyspace
+keyspaceName
+keyspaces
+keystore
+keytool
+keyValue
+Kibana
+Kibibytes
+Kubernetes
+LF
+lifecycle
+Lifecycle
+lifecycles
+locator
+logback
+Logback
+logfiles
+Logfiles
+logoffs
+Logoffs
+logon
+Logstash
+macAddress
+MacAddress
+macOS
+Malware
+metadata
+Metadata
+microservice
+Microservice
+microservices
+Microservices
+middleware
+msb
+MSB
+multicast
+multicloud
+Multicloud
+MultiCloud
+multipart
+Mysql
+NaaS
+nameserver
+nameservers
+namespace
+Namespace
+namespaced
+namespaces
+Namespaces
+Netconf
+nfv
+NFV
+nfvi
+nfvo
+nfvparser
+Nokia
+NSD
+OAM
+Ocata
+ODL
+Onap
+ONAP
+onboard
+Onboard
+onboarded
+Onboarded
+onboarding
+Onboarding
+online
+OOF
+OOM
+OpenDaylight
+openo
+OpenO
+Opensource
+Openstack
+OpenStack
+OSS
+Pandoc
+partitionKey
+Partitionkey
+passphrase
+PCRF
+pdf
+PGaaS
+Phishing
+PKI
+placemark
+Placemark
+placemarks
+plantUML
+playbook
+Playbook
+playbooks
+Playbooks
+plugin
+Plugin
+plugins
+Plugins
+PNF
+PoC
+Postgre
+Postgres
+Postgresql
+preload
+Preload
+proactively
+programmatically
+proxyhost
+pserver
+pServer
+pservers
+QoS
+quickstart
+Quickstart
+Rackspace
+readme
+readthedocs
+Readthedocs
+Redhat
+Redis
+refactored
+Refactored
+registrator
+Registrator
+repo
+Repo
+repos
+Restconf
+reStructuredText
+reusability
+Reusability
+RMM
+roadmap
+roadmaps
+RPT
+rst
+RST
+RVMI
+schemas
+screensaver
+sdc
+Sdc
+SDC
+sdk
+SDK
+SDN
+sdnc
+Sdnc
+SDNC
+Selenium
+servlet
+Servlet
+Skynet
+SLI
+SMP
+SNMP
+SPI
+SQL
+stateful
+subclassed
+subclassing
+subdomain
+subflows
+suboperation
+suboperations
+Suboperations
+subtending
+syslog
+sysLog
+Syslog
+syslogs
+Syslogs
+tablename
+taxonomical
+TBD
+Telco
+telecom
+Telecom
+templated
+templating
+timeframe
+timeslots
+timestamp
+Timestamp
+transcoding
+UDP
+UI
+uncheck
+undeploy
+Undeploy
+undeployed
+undeploying
+Undeployment
+uninstall
+uninstallation
+uninstalled
+unitless
+Unregistration
+updatable
+uploadable
+url
+Url
+urls
+usecase
+Usecase
+userid
+username
+Username
+usernames
+validator
+Validator
+vcpu
+vcpus
+vdns
+versioned
+Versioned
+versioning
+Versioning
+vertices
+Vertices
+vf
+vF
+vfc
+vFC
+VFC
+vfcadaptor
+vfirewall
+vFirewall
+vfmodule
+vfModule
+VfModule
+vfModules
+vfstatus
+vfStatus
+virtualization
+Virtualization
+virtualize
+virtualized
+Virtualized
+virtualizes
+virtualizing
+vlan
+Vld
+vm
+Vm
+VM
+vms
+VMs
+VMware
+vnf
+vNF
+Vnf
+VNF
+vnfapi
+vnfc
+VNFFG
+vnfm
+Vnfm
+VNFM
+VNFMs
+vnfs
+vNFs
+vnfsdk
+VPN
+vrouter
+vserver
+vServer
+Vserver
+vservers
+Vservers
+vswitch
+VVP
+Vyatta
+webapp
+webapps
+Webpage
+webserver
+WebServer
+Websocket
+Websockets
+whitebox
+whiteboxes
+whitepaper
+wiki
+Wiki
+Wikis
+Wildfly
+Windriver
+Wireline
+workflow
+Workflow
+workflows
+www
+xml
+Xmx
+Yaml
+yamls
+zabbix
+Zachman
+Zookeeper
+ZTE
+++ /dev/null
-[tox]
-minversion = 1.6
-envlist = docs,
-skipsdist = true
-
-[testenv:docs]
-basepython = python3
-deps = -r{toxinidir}/requirements-docs.txt
-commands =
- sphinx-build -b html -n -d {envtmpdir}/doctrees ./ {toxinidir}/_build/html
- echo "Generated docs available in {toxinidir}/_build/html"
-whitelist_externals =
- echo
- git
- sh
-
-[testenv:docs-linkcheck]
-basepython = python3
-#deps = -r{toxinidir}/requirements-docs.txt
-commands = echo "Link Checking not enforced"
-#commands = sphinx-build -b linkcheck -d {envtmpdir}/doctrees ./ {toxinidir}/_build/linkcheck
-whitelist_externals = echo
+++ /dev/null
-credential.cache.timeout.ms=180000
-transactionid.header.name=X-TransactionId
\ No newline at end of file
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<configuration>
-
- <property name="LOGS" value="./logs/AAF-FPS" />
- <property name="FILEPREFIX" value="application" />
-
- <appender name="Console"
- class="ch.qos.logback.core.ConsoleAppender">
- <layout class="ch.qos.logback.classic.PatternLayout">
- <Pattern>
- %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
- </Pattern>
- </layout>
- </appender>
-
- <appender name="RollingFile"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${LOGS}/${FILEPREFIX}.log</file>
- <encoder
- class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
- <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
- </encoder>
-
- <rollingPolicy
- class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <!-- rollover daily and when the file reaches 10 MegaBytes -->
- <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
- </fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>10MB</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- </rollingPolicy>
- </appender>
-
- <!-- LOG everything at INFO level -->
- <root level="info">
- <appender-ref ref="RollingFile" />
- <appender-ref ref="Console" />
- </root>
-
- <!-- LOG "com.baeldung*" at TRACE level -->
- <logger name="org.onap.aaf.fproxy" level="info" />
-
-</configuration>
\ No newline at end of file
+++ /dev/null
-Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file
+++ /dev/null
-[
- {
- "uri": "\/not\/allowed\/at\/all$",
- "permissions": [
- "test.auth.access.ifYouLikedItYouShouldHavePutAPermissionOnIt"
- ]
- },
- {
- "uri": "\/one\/auth\/required$",
- "permissions": [
- "test.auth.access.aSimpleSingleAuth"
- ]
- },
- {
- "uri": "\/multi\/auth\/required$",
- "permissions": [
- "test.auth.access.aMultipleAuth1",
- "test.auth.access.aMultipleAuth2",
- "test.auth.access.aMultipleAuth3"
- ]
- },
- {
- "uri": "\/one\/[^\/]+\/required$",
- "permissions": [
- "test.auth.access.aSimpleSingleAuth"
- ]
- },
- {
- "uri": "\/services\/getAAFRequest$",
- "permissions": [
- "test.auth.access|services|GET,PUT"
- ]
- },
- {
- "uri": "\/admin\/getAAFRequest$",
- "permissions": [
- "test.auth.access|admin|GET,PUT,POST"
- ]
- },
- {
- "uri": "\/service\/aai\/webapp\/index.html$",
- "permissions": [
- "test.auth.access|services|GET,PUT"
- ]
- },
- {
- "uri": "\/services\/aai\/webapp\/index.html$",
- "permissions": [
- "test.auth.access|services|GET,PUT"
- ]
- },
- {
- "uri": "\/$",
- "permissions": [
- "\\|services\\|GET",
- "test\\.auth\\.access\\|services\\|GET,PUT"
- ]
- },
- {
- "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions$",
- "permissions": [
- "test\\.auth\\.access\\|rest\\|read"
- ]
- },
- {
- "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+$*",
- "permissions": [
- "test.auth.access|clouds|read",
- "test.auth.access|tenants|read"
- ]
- },
- {
- "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+\/tenants/tenant/[^\/]+/vservers/vserver/[^\/]+$",
- "permissions": [
- "test.auth.access|clouds|read",
- "test.auth.access|tenants|read",
- "test.auth.access|vservers|read"
- ]
- },
- {
- "uri": "\/backend$",
- "permissions": [
- "test\\.auth\\.access\\|services\\|GET,PUT",
- "\\|services\\|GET"
- ]
- },
- {
- "uri": "\/services\/babel-service\/.*",
- "permissions": [
- "org\\.access\\|\\*\\|\\*"
- ]
- }
-]
+++ /dev/null
-{{/*
-# This is a normal Java Properties File
-# Comments are with Pound Signs at beginning of lines,
-# and multi-line expression of properties can be obtained by backslash at end of line
-
-#hostname is used for local testing where you may have to set your hostname to **.att.com or **.sbc.com. The example given below
-#will allow for an ATT cross domain cookie to be used for GLO. If you are running on Windows corp machine, your machine name
-#may be used automatically by cadi. However, if it is not, you will need to use hostname=mywebserver.att.com and add mywebserver.att.com
-#to your hosts file on your machine.
-#hostname=test.aic.cip.att.com
-*/}}
-
-cadi_loglevel=DEBUG
-cadi_keyfile=/opt/app/rproxy/config/security/keyfile
-
-cadi_truststore=/opt/app/rproxy/config/auth/tomcat_keystore
-cadi_truststore_password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
-
-# Configure AAF
-aaf_url=https://{{.Values.global.aaf.serverHostname}}:{{.Values.global.aaf.serverPort}}
-aaf_env=DEV
-
-aaf_id=demo@people.osaaf.org
-aaf_password=enc:92w4px0y_rrm265LXLpw58QnNPgDXykyA1YTrflbAKz
-
-# This is a colon separated list of client cert issuers
-cadi_x509_issuers=CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA
+++ /dev/null
-forward-proxy.protocol = https
-forward-proxy.host = localhost
-forward-proxy.port = 10680
-forward-proxy.cacheurl = /credential-cache
\ No newline at end of file
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<configuration>
-
- <property name="LOGS" value="./logs/reverse-proxy" />
- <property name="FILEPREFIX" value="application" />
-
- <appender name="Console"
- class="ch.qos.logback.core.ConsoleAppender">
- <layout class="ch.qos.logback.classic.PatternLayout">
- <Pattern>
- %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
- </Pattern>
- </layout>
- </appender>
-
- <appender name="RollingFile"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${LOGS}/${FILEPREFIX}.log</file>
- <encoder
- class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
- <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
- </encoder>
-
- <rollingPolicy
- class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <!-- rollover daily and when the file reaches 10 MegaBytes -->
- <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
- </fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>10MB</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- </rollingPolicy>
- </appender>
-
- <!-- LOG everything at INFO level -->
- <root level="info">
- <appender-ref ref="RollingFile" />
- <appender-ref ref="Console" />
- </root>
-
- <!-- LOG "com.baeldung*" at TRACE level -->
- <logger name="org.onap.aaf.rproxy" level="info" />
-
-</configuration>
+++ /dev/null
-primary-service.protocol = https
-primary-service.host = localhost
-primary-service.port = 9516
+++ /dev/null
-Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file
+++ /dev/null
-transactionid.header.name=X-TransactionId
\ No newline at end of file
+++ /dev/null
-bZNOXiGDJ2_eiKBKWYLIFx27URvb-SWfmOl2d-QKetcVKIupOrsG-ScS_VXOtKN3Yxfb2cR6t7oM
-1RNpDnhsKAxDLM6A62IkS_h_Rp3Q9c2JeyomVmyiuHR7a2ARbelaMrX8WDrxXI_t9ce4pIHDVE29
-xiQm3Bdp7d7IiKkgg-ipvOU7Y6NEzeQbvHlHvRTJ3ZZMSwHxBOA5M8DhKN-AF1sqwozEVaNAuJxK
-BVdh72A6KTW7ieb_GvVQQp8h32BuOz8oJhZV7KaGXsWTEvXg9ImboY0h7Sl9hufgn1ZtDK1jxzGm
-6O6LBg1qezzZaFGTXRmHvaeYmEeYSu0bGsU4x-JCU0RyhNTzFhkhjNoccaqPXBdcJymLf096mD99
-QLS8nyji_KtLQJL1fqr500c8p6SOURLPgG6Gzkn4ghgFYlfgve92xs1R3ggHKhNTLV4HJ4O6iSDm
-zCoHeRbsZR1JER9yxT-v8NtcHOMAZe1oDQeY6jVyxb-bhaonN6eZPI4nyF6MHJQtWKhGARC_kOs6
-x9E0ZdAEp5TrX7F7J5PwkXzbCOuSiTVftOBum43iUB4q9He8tn2tJ0X4LtLHT3bPl16wWnZm9RPf
-8wBtTJh4QP_cTStPq1ftSaLIAuqVFpbiC2DxGemXZn3QvykuYqa-rKeYPoIJ5dtWd5rNb_hhcSIz
-FakKTELb0HWYGji98TBF6PaStea2f2m-wGX_uQGD7_Dijl6AgnV9koKVs1bN1XljLtNMPbLdD8sz
-UCvc5lwvCFyyeunljI7os1fgwBmaMyckflq5VfZv9kFxom6jFLbcozylQ_uBg4j7oCP79IXVUI-r
-banZltOSmm8zHGc2R9UlUyxJWBi01yxwi1hUtn9g1H4RtncQpu3BY0Qvu5YLAmS5imivUnGVZWbv
-6wcqnJt5HwaVatE9NHONSLNTViQPsUOutWZBZxhJtAncdZuWOYZSh4TPzUJWvt6zT0E3YMBc_UuG
-yPmdLyqo7qGHR8YWRqq_vq6ISJqENMnVD6X9-BeI6KM4GPEAlDWyhgENXxQFjG45ufg3UpP8LBTB
-xDntlfkphRumsd13-8IlvwVtlpgnbuCMbwP_-lNVeNJcdA1InPt79oY-SEVZ-RVM1881ZASCnFeB
-lh3BTc_bGQ8YoC9s6iHtcCK_1SdbwzBfQBJUqqcYsa8hJLe-j8di7KCaFzI3a-UXWKuuWljpbKbq
-ibd48UFJt_34_GxkD6bmLxycuNH-og2Sd2VcYU0o5UarcrY4-2sgFPE7Mzxovrl98uayfgNF9DqE
-fJ4MwFGqLRtEHlm4zfuMxQ5Rh_giMUHDJApc1DYRkxdGbNUd4bC4aRBln2IhN-rNKbSVtiW_uT6v
-1KTMGmElvktjPWybJd2SvhT5qOLUM81-cmZzAsNa04jxZLBlQn_1fel3IroVos4Ohbdhar2NG6T5
-liten9RZ9P4Cg9RWhgeQonAD5kqLWXAHnCfffb5CVcAU5PHqkCgCbdThvD0-zIGETLO9AE0jKISc
-0o67CUZn3MzJ9pP_3gh-ALr2w-KAwqasqCf0igf1wmEDijv9wEDcgDm39ERIElTpGKgfyuVl4F8u
-PrpK5ZfpUYySUB6CZFQVVz0MvH6E7orQk4dCKFIimV_XwEtGijBttrTvyV6xYNScAEw_olt-0mdm
-8UEKSsuqSyDMxUWLjKJT19rNedahYJNtI87WR9Fhhjsrai9Or3a-srOYa56wcvSj2ZHbkevbO9Xv
-dQ2wzWCGEAMQSpSr83n0XEpR2pZT19Z19Svbhr08mnt2JNykCk60FLCeDTUOylJtYw6YOjqBizQZ
--85B51BCbSEaAKJkgT9-8n_-LGW5aPBrBB_9FT7UIYczNEt3B1Lqr2s4ipPI_36JecEfqaS2cNLn
-c0ObAtNGAONkhO5LYLneMR3fZPMFuOX1-rMObPgE0i9dYqWDZ_30w9rpRsmiWyxYi5lvWDxU5L1J
-uJxwREz3oa_VgpSC3Y2oxCufdQwzBk57iVLDOb1qs_Hwj1SWd1nukWyAo2-g5sR1folAEcao
\ No newline at end of file
{{/*
# Copyright © 2018 Amdocs, AT&T
# Modifications Copyright © 2018 Bell Canada
+# Modifications Copyright (c) 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
-
-{{ if .Values.global.installSidecarSecurity }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-fproxy-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/fproxy/config/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-fproxy-log-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/fproxy/config/logback-spring.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-log-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/logback-spring.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/auth/uri-authorization.json").AsConfig . | indent 2 }}
-{{ end }}
\ No newline at end of file
{{/*
# Copyright © 2018 Amdocs, AT&T
# Modifications Copyright © 2018 Bell Canada
-# Modifications Copyright © 2020 Orange
+# Modifications Copyright © 2020,2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- {{ if .Values.global.installSidecarSecurity }}
- hostAliases:
- - ip: {{ .Values.global.aaf.serverIp }}
- hostnames:
- - {{ .Values.global.aaf.serverHostname }}
-
- initContainers:
- - name: {{ .Values.global.tproxyConfig.name }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.tproxyConfig.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- securityContext:
- privileged: true
- {{ end }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- mountPath: /usr/share/filebeat/data
name: aai-filebeat
- {{ if .Values.global.installSidecarSecurity }}
- - name: {{ .Values.global.rproxy.name }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.rproxy.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: CONFIG_HOME
- value: "/opt/app/rproxy/config"
- - name: KEY_STORE_PASSWORD
- value: {{ .Values.config.keyStorePassword }}
- - name: spring_profiles_active
- value: {{ .Values.global.rproxy.activeSpringProfiles }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/forward-proxy.properties
- subPath: forward-proxy.properties
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/primary-service.properties
- subPath: primary-service.properties
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/reverse-proxy.properties
- subPath: reverse-proxy.properties
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/cadi.properties
- subPath: cadi.properties
- - name: {{ include "common.fullname" . }}-rproxy-log-config
- mountPath: /opt/app/rproxy/config/logback-spring.xml
- subPath: logback-spring.xml
- - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
- mountPath: /opt/app/rproxy/config/auth/uri-authorization.json
- subPath: uri-authorization.json
- - name: {{ include "common.fullname" . }}-rproxy-auth-config
- mountPath: /opt/app/rproxy/config/auth/tomcat_keystore
- subPath: tomcat_keystore
- - name: {{ include "common.fullname" . }}-rproxy-auth-config
- mountPath: /opt/app/rproxy/config/auth/client-cert.p12
- subPath: client-cert.p12
- - name: {{ include "common.fullname" . }}-rproxy-auth-config
- mountPath: /opt/app/rproxy/config/auth/aaf_truststore.jks
- subPath: aaf_truststore.jks
- - name: {{ include "common.fullname" . }}-rproxy-security-config
- mountPath: /opt/app/rproxy/config/security/keyfile
- subPath: keyfile
-
- ports:
- - containerPort: {{ .Values.global.rproxy.port }}
-
- - name: {{ .Values.global.fproxy.name }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.fproxy.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: CONFIG_HOME
- value: "/opt/app/fproxy/config"
- - name: KEY_STORE_PASSWORD
- value: {{ .Values.config.keyStorePassword }}
- - name: spring_profiles_active
- value: {{ .Values.global.fproxy.activeSpringProfiles }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-fproxy-config
- mountPath: /opt/app/fproxy/config/fproxy.properties
- subPath: fproxy.properties
- - name: {{ include "common.fullname" . }}-fproxy-log-config
- mountPath: /opt/app/fproxy/config/logback-spring.xml
- subPath: logback-spring.xml
- - name: {{ include "common.fullname" . }}-fproxy-auth-config
- mountPath: /opt/app/fproxy/config/auth/tomcat_keystore
- subPath: tomcat_keystore
- - name: {{ include "common.fullname" . }}-fproxy-auth-config
- mountPath: /opt/app/fproxy/config/auth/client-cert.p12
- subPath: client-cert.p12
- ports:
- - containerPort: {{ .Values.global.fproxy.port }}
- {{ end }}
-
volumes:
- name: localtime
hostPath:
emptyDir: {}
- name: aai-filebeat
emptyDir: {}
- {{ if .Values.global.installSidecarSecurity }}
- - name: {{ include "common.fullname" . }}-rproxy-config
- configMap:
- name: {{ include "common.fullname" . }}-rproxy-config
- - name: {{ include "common.fullname" . }}-rproxy-log-config
- configMap:
- name: {{ include "common.fullname" . }}-rproxy-log-config
- - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
- configMap:
- name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
- - name: {{ include "common.fullname" . }}-rproxy-auth-config
- secret:
- secretName: {{ include "common.fullname" . }}-rproxy-auth-config
- - name: {{ include "common.fullname" . }}-rproxy-security-config
- secret:
- secretName: {{ include "common.fullname" . }}-rproxy-security-config
- - name: {{ include "common.fullname" . }}-fproxy-config
- configMap:
- name: {{ include "common.fullname" . }}-fproxy-config
- - name: {{ include "common.fullname" . }}-fproxy-log-config
- configMap:
- name: {{ include "common.fullname" . }}-fproxy-log-config
- - name: {{ include "common.fullname" . }}-fproxy-auth-config
- secret:
- secretName: {{ include "common.fullname" . }}-fproxy-auth-config
- {{ end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
{{/*
# Copyright © 2018 Amdocs, AT&T
# Modifications Copyright © 2018 Bell Canada
+# Modifications Copyright (c) 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
data:
KEY_STORE_PASSWORD: {{ .Values.config.keyStorePassword | b64enc | quote }}
KEY_MANAGER_PASSWORD: {{ .Values.config.keyManagerPassword | b64enc | quote }}
-
-{{ if .Values.global.installSidecarSecurity }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-fproxy-auth-config
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/fproxy/config/auth/*").AsSecrets . | indent 2 }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-auth-config
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/auth/*").AsSecrets . | indent 2 }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-security-config
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/security/*").AsSecrets . | indent 2 }}
-{{ end }}
\ No newline at end of file
{{/*
# Copyright © 2018 Amdocs, AT&T
# Modifications Copyright © 2018 Bell Canada
+# Modifications Copyright (c) 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
spec:
type: {{ .Values.service.type }}
ports:
- {{ if .Values.global.installSidecarSecurity }}
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.global.rproxy.port }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.global.rproxy.port }}
- name: {{ .Values.service.portName }}
- {{- end}}
- {{ else }}
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- {{ end }}
+ {{- if eq .Values.service.type "NodePort" }}
+ - port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ {{- else }}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ {{- end }}
+
selector:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
# Copyright © 2018 Amdocs, AT&T
# Modifications Copyright © 2018 Bell Canada
-# Modifications Copyright © 2020 Orange
+# Modifications Copyright © 2020, 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#################################################################
# Global configuration defaults.
#################################################################
-global:
- installSidecarSecurity: false
+global: {}
#################################################################
# Application configuration defaults.
+++ /dev/null
-credential.cache.timeout.ms=180000
-transactionid.header.name=X-TransactionId
\ No newline at end of file
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<configuration>
-
- <property name="LOGS" value="./logs/AAF-FPS" />
- <property name="FILEPREFIX" value="application" />
-
- <appender name="Console"
- class="ch.qos.logback.core.ConsoleAppender">
- <layout class="ch.qos.logback.classic.PatternLayout">
- <Pattern>
- %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
- </Pattern>
- </layout>
- </appender>
-
- <appender name="RollingFile"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${LOGS}/${FILEPREFIX}.log</file>
- <encoder
- class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
- <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
- </encoder>
-
- <rollingPolicy
- class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <!-- rollover daily and when the file reaches 10 MegaBytes -->
- <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
- </fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>10MB</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- </rollingPolicy>
- </appender>
-
- <!-- LOG everything at INFO level -->
- <root level="info">
- <appender-ref ref="RollingFile" />
- <appender-ref ref="Console" />
- </root>
-
- <!-- LOG "com.baeldung*" at TRACE level -->
- <logger name="org.onap.aaf.fproxy" level="info" />
-
-</configuration>
\ No newline at end of file
+++ /dev/null
-Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file
+++ /dev/null
-[
- {
- "uri": "\/not\/allowed\/at\/all$",
- "permissions": [
- "test.auth.access.ifYouLikedItYouShouldHavePutAPermissionOnIt"
- ]
- },
- {
- "uri": "\/one\/auth\/required$",
- "permissions": [
- "test.auth.access.aSimpleSingleAuth"
- ]
- },
- {
- "uri": "\/multi\/auth\/required$",
- "permissions": [
- "test.auth.access.aMultipleAuth1",
- "test.auth.access.aMultipleAuth2",
- "test.auth.access.aMultipleAuth3"
- ]
- },
- {
- "uri": "\/one\/[^\/]+\/required$",
- "permissions": [
- "test.auth.access.aSimpleSingleAuth"
- ]
- },
- {
- "uri": "\/services\/getAAFRequest$",
- "permissions": [
- "test.auth.access|services|GET,PUT"
- ]
- },
- {
- "uri": "\/admin\/getAAFRequest$",
- "permissions": [
- "test.auth.access|admin|GET,PUT,POST"
- ]
- },
- {
- "uri": "\/service\/aai\/webapp\/index.html$",
- "permissions": [
- "test.auth.access|services|GET,PUT"
- ]
- },
- {
- "uri": "\/services\/aai\/webapp\/index.html$",
- "permissions": [
- "test.auth.access|services|GET,PUT"
- ]
- },
- {
- "uri": "\/$",
- "permissions": [
- "\\|services\\|GET",
- "test\\.auth\\.access\\|services\\|GET,PUT"
- ]
- },
- {
- "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions$",
- "permissions": [
- "test\\.auth\\.access\\|rest\\|read"
- ]
- },
- {
- "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+$*",
- "permissions": [
- "test.auth.access|clouds|read",
- "test.auth.access|tenants|read"
- ]
- },
- {
- "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+\/tenants/tenant/[^\/]+/vservers/vserver/[^\/]+$",
- "permissions": [
- "test.auth.access|clouds|read",
- "test.auth.access|tenants|read",
- "test.auth.access|vservers|read"
- ]
- },
- {
- "uri": "\/backend$",
- "permissions": [
- "test\\.auth\\.access\\|services\\|GET,PUT",
- "\\|services\\|GET"
- ]
- },
- {
- "uri": "\/aai\/.*",
- "permissions": [
- "org\\.onap\\.aai\\.resources\\|\\*\\|.*"
- ]
- },
- {
- "uri": "\/aai\/util\/echo",
- "permissions": [
- "org\\.onap\\.aai\\.resources\\|\\*\\|.*"
- ]
- }
-]
+++ /dev/null
-{{/*
-# This is a normal Java Properties File
-# Comments are with Pound Signs at beginning of lines,
-# and multi-line expression of properties can be obtained by backslash at end of line
-
-#hostname is used for local testing where you may have to set your hostname to **.att.com or **.sbc.com. The example given below
-#will allow for an ATT cross domain cookie to be used for GLO. If you are running on Windows corp machine, your machine name
-#may be used automatically by cadi. However, if it is not, you will need to use hostname=mywebserver.att.com and add mywebserver.att.com
-#to your hosts file on your machine.
-#hostname=test.aic.cip.att.com
-*/}}
-
-cadi_loglevel=DEBUG
-
-# OAuth2
-aaf_oauth2_token_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.token:2.1/token
-aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.introspect:2.1/introspect
-
-cadi_latitude=37.78187
-cadi_longitude=-122.26147
-
-# Locate URL (which AAF Env)
-aaf_locate_url=https://aaf-locate.{{.Release.Namespace}}:8095
-
-# AAF URL
-aaf_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1
-
-cadi_keyfile=/opt/app/rproxy/config/security/keyfile
-cadi_keystore=/opt/app/rproxy/config/auth/org.onap.aai.p12
-cadi_keystore_password=enc:383RDJRFA6yQz9AOxUxC1iIg3xTJXityw05MswnpnEtelRQy2D4r5INQjrea7GTV
-cadi_alias=aai@aai.onap.org
-cadi_truststore=/opt/app/rproxy/config/auth/tomcat_keystore
-cadi_truststore_password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
-
-aaf_env=DEV
-
-aaf_id=demo@people.osaaf.org
-aaf_password=enc:92w4px0y_rrm265LXLpw58QnNPgDXykyA1YTrflbAKz
-
-# This is a colon separated list of client cert issuers
-cadi_x509_issuers=CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA
+++ /dev/null
-forward-proxy.protocol = https
-forward-proxy.host = localhost
-forward-proxy.port = 10680
-forward-proxy.cacheurl = /credential-cache
\ No newline at end of file
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<configuration>
-
- <property name="LOGS" value="./logs/reverse-proxy" />
- <property name="FILEPREFIX" value="application" />
-
- <appender name="Console"
- class="ch.qos.logback.core.ConsoleAppender">
- <layout class="ch.qos.logback.classic.PatternLayout">
- <Pattern>
- %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
- </Pattern>
- </layout>
- </appender>
-
- <appender name="RollingFile"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${LOGS}/${FILEPREFIX}.log</file>
- <encoder
- class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
- <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
- </encoder>
-
- <rollingPolicy
- class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <!-- rollover daily and when the file reaches 10 MegaBytes -->
- <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
- </fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>10MB</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- </rollingPolicy>
- </appender>
-
- <!-- LOG everything at INFO level -->
- <root level="info">
- <appender-ref ref="RollingFile" />
- <appender-ref ref="Console" />
- </root>
-
- <!-- LOG "com.baeldung*" at TRACE level -->
- <logger name="org.onap.aaf.rproxy" level="info" />
-
-</configuration>
+++ /dev/null
-primary-service.protocol = https
-primary-service.host = localhost
-primary-service.port = 8447
+++ /dev/null
-Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file
+++ /dev/null
-transactionid.header.name=X-TransactionId
\ No newline at end of file
+++ /dev/null
-2otP92kNFHdexroZxvgYY7ffslFiwCD3CiVYMIfUF2edqZK7972NwkvE_mbaBo6jh8lByLIqrWAf
-jyzoiVsvQ_kCa0cS1xaRLpcxv3bx1b7o3hGPBqpd6vmSG4y2JLzNlCBZWuTJz827wr8p_fWrYuUm
-4L1WoaEe8W5PRnXjl4hDqbJBAlEoRIBXugUDt_7O5wgx2Rl3HVoOczZtf0RzONZ1F0BmKf3QlAUe
-moSbARitYRgIPt5sLbT7qPyoEpGDhQ1XBowR744-wsjBc-14yO62Ajp5xWKTp15uWn3_HHuw1SAf
-GWSBRGlSlEVkXQqi9Hw5jDttKVzHX1ckwR0SQOirbtHPHplxPX3WKjKhSdSeMzw6LOAHIQYRMKBT
-74oGnULAfPtV7TaGwOKriT3P49CoPdt9On89-LGyCZSxDWKH0K-rgB6I2_hPT2Uzr3jmXiMa-sfh
-iMvyQ7ABBVx0OFsUuNb5mcU2O6dWiQreL5RerrloV_X3ZtnNjxENXKjQ5KBR1A5ISPjFFK-kf4Rb
-p6FSII8LcsiqgdWuZ4GX_C6x8HX4A-vD0x3Uc9CfoXY-k23cNIy-R-W-oB-P2OgdWDNgZ7VaOLNt
-3L-NwWpNblfYvs93cNmkbVAwCZ3r0OP7RFeuON84TRaynK_Fh2S3rypRyJcUmM1pvpZqJ5_-umSW
-hUs1OqkdLv3xjlVzzK-3nMr0q3Zcyp4XdyLYtcX5I3Xqk9ZcsyAT7ghmHhV8KjUjue7OcfAWg0m7
-RJLGq6VC8HeK4HEMa4lF677Qh7DRufghIDEmQSIDfGA790WGSA8HqcOvAL4hURCHyCWiPa5i8ksX
-xX4HyqF8PCVCLJ_ZhzcuIlc0jStAexWbJU_vcyX7XgUaHCkF-M-zv1FP6Z3DHBMD2QqSWjmyNCCk
-8sIuwzs62P_j2o9jG33kssedCrUWOwZancU107-5H0Zw-UWvtCqUfmRZ7TsEbWY7lk_SKfLfAN5q
-ncOQgU_VxDXUFDST4LN_WVECRafK3UtwWomxWSji25Lbf6NVni3ok-yLMDZR-wrE-54jLPES9j0i
-5N0xrk9CfsvGUpUZ1_XQcgaxI6m27DtCCJXb5ywenPBiUIJCMCTq88CqNZxGpju2i4BJcUH2hUHe
-GKhO8pgslwhtEVot9EDwdzSrJkWFCfb6ud4zMxrqdi7-mLWMOydg6lhpEFEX5wu2BLIujGsZlEGE
-_K9jGfBypjXuJCKDZIuPfEnf_7idjKis_JcFB7x4Hx2HHDcBjlWWFZN_VIEnPkQSyZEC26RTFP3k
-zkY3GwUfA36a4XW2pu3gE9wz-W6fkONfzOZ6YiyCm_dRFUVuGSdJG02Hh5iXYlMOGJltPzWH2jVf
-S-QTOmXQTKSOheXoJO6O-9uQbsRf-kq-6w1pvIOp4ms35w4_0Xj0Xr2a9y-L9PdBZvrUsa-jxsZU
-LyA-YY4Ej6QwDBDTD2MGjF1E5_ekYgjoNlltM9rJjofruM4ym0n7LPHC7YXXQSEFOZYeTKi6wUDw
-hQ1DoWHgu4PQ2lexada8sxQdConbPe2iW16h-PrO5D12E4XbT00fqaMlBmjQwzdNRdCC2NRPIQ5W
-nwaO8dZ9yjxsjT7ZVHb9-DRblb3XDocponzxVXqUGtJAie4WXQnerX0ApTWGaHEr5y56JJVS_3LP
-bKrbXBXcs4jTUX4ECXRrOs8JQDQNysXhvTPCu0XUxNZpjx6KLxDs93k2OcESHjl5J6n6OKKJqqoN
-JEyFO5LGXpnmUJbn0-CaHHPRI1mHwEu4brY8wDZd9A0PD1KGXDoCHMfEk1lGblQdyOcVrXZ6uSBk
-Z6zHDnwSCHO1mPYqtelJQehZoFuPSv9PIgKLxs_qJOtZFnXII5YO1mGXgiIBWBjUFDR5HG4ENS6y
-J4MCF-JLMp-PVMAkOaCIQRRDpRnMm_fT1sc_P562Diu_pcdt-r55pMFQYGoGfjRmxQBKk0-SsdnP
-mlZIiis9DfQEN0q3QQdNRYBJD7tmhUwhAPZdLgXqJA8sZf8UyFQhhpsky79NT343YL9smUlF
\ No newline at end of file
{{/*
# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright (c) 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
{{ tpl (.Files.Glob "resources/config/aaf/permissions.properties").AsConfig . | indent 2 }}
{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.props").AsConfig . | indent 2 }}
{{ tpl (.Files.Glob "resources/config/aaf/cadi.properties").AsConfig . | indent 2 }}
-
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-aaf-keys
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.keyfile").AsSecrets . | indent 2 }}
-{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.p12").AsSecrets . | indent 2 }}
-{{ tpl (.Files.Glob "resources/config/aaf/bath_config.csv").AsSecrets . | indent 2 }}
-
-{{ if .Values.global.installSidecarSecurity }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-aai-policy-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/auth/aai_policy.json").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-fproxy-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/fproxy/config/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-fproxy-log-config
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/fproxy/config/logback-spring.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-fproxy-auth-config
- namespace: {{ include "common.namespace" . }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/fproxy/config/auth/*").AsSecrets . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-log-config
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/logback-spring.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/auth/uri-authorization.json").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-auth-config
- namespace: {{ include "common.namespace" . }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/auth/*").AsSecrets . | indent 2 }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-security-config
- namespace: {{ include "common.namespace" . }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/security/*").AsSecrets . | indent 2 }}
-{{ end }}
{{- end }}
spec:
hostname: aai-resources
- {{- if .Values.global.initContainers.enabled }}
- {{- if .Values.global.installSidecarSecurity }}
- hostAliases:
- - ip: {{ .Values.global.aaf.serverIp }}
- hostnames:
- - {{ .Values.global.aaf.serverHostname }}
- {{- end }}
initContainers:
- command:
{{- if .Values.global.jobs.migration.enabled }}
args:
- --job-name
- {{ include "common.release" . }}-aai-graphadmin-migration
- {{- else if .Values.global.jobs.createSchema.enabled }}
+ {{- else }}
+ {{- if .Values.global.jobs.createSchema.enabled }}
- /app/ready.py
args:
- --job-name
- {{ include "common.release" . }}-aai-graphadmin-create-db-schema
- {{- else }}
+ {{- else }}
- /app/ready.py
args:
- --container-name
- {{- if .Values.global.cassandra.localCluster }}
+ {{- if .Values.global.cassandra.localCluster }}
- aai-cassandra
- {{- else }}
+ {{- else }}
- cassandra
- {{- end }}
+ {{- end }}
- --container-name
- aai-schema-service
- {{- end }}
+ {{- end }}
env:
- name: NAMESPACE
valueFrom:
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
- {{- if .Values.global.installSidecarSecurity }}
- - name: {{ .Values.global.tproxyConfig.name }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.tproxyConfig.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- securityContext:
- privileged: true
{{- end }}
- {{- end }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- mountPath: /opt/app/aai-resources/resources/etc/auth/realm.properties
name: {{ include "common.fullname" . }}-config
subPath: realm.properties
- {{- if .Values.global.installSidecarSecurity }}
- - mountPath: /opt/app/aai-resources/resources/etc/auth/aai_policy.json
- name: {{ include "common.fullname" . }}-aai-policy
- subPath: aai_policy.json
- {{- end }}
- mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.keyfile
name: {{ include "common.fullname" . }}-aaf-certs
subPath: org.onap.aai.keyfile
- mountPath: /usr/share/filebeat/data
name: {{ include "common.fullname" . }}-filebeat
resources: {{ include "common.resources" . | nindent 12 }}
- {{- if .Values.global.installSidecarSecurity }}
- - name: {{ .Values.global.rproxy.name }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.rproxy.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: CONFIG_HOME
- value: "/opt/app/rproxy/config"
- - name: KEY_STORE_PASSWORD
- value: {{ .Values.sidecar.keyStorePassword }}
- - name: spring_profiles_active
- value: {{ .Values.global.rproxy.activeSpringProfiles }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/forward-proxy.properties
- subPath: forward-proxy.properties
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/primary-service.properties
- subPath: primary-service.properties
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/reverse-proxy.properties
- subPath: reverse-proxy.properties
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/cadi.properties
- subPath: cadi.properties
- - name: {{ include "common.fullname" . }}-rproxy-log-config
- mountPath: /opt/app/rproxy/config/logback-spring.xml
- subPath: logback-spring.xml
- - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
- mountPath: /opt/app/rproxy/config/auth/uri-authorization.json
- subPath: uri-authorization.json
- - name: {{ include "common.fullname" . }}-rproxy-auth-config
- mountPath: /opt/app/rproxy/config/auth/tomcat_keystore
- subPath: tomcat_keystore
- - name: {{ include "common.fullname" . }}-rproxy-auth-config
- mountPath: /opt/app/rproxy/config/auth/client-cert.p12
- subPath: client-cert.p12
- - name: {{ include "common.fullname" . }}-rproxy-auth-config
- mountPath: /opt/app/rproxy/config/auth/aaf_truststore.jks
- subPath: aaf_truststore.jks
- - name: {{ include "common.fullname" . }}-rproxy-security-config
- mountPath: /opt/app/rproxy/config/security/keyfile
- subPath: keyfile
- - name: {{ include "common.fullname" . }}-rproxy-auth-config
- mountPath: /opt/app/rproxy/config/auth/org.onap.aai.p12
- subPath: org.onap.aai.p12
- ports:
- - containerPort: {{ .Values.global.rproxy.port }}
- - name: {{ .Values.global.fproxy.name }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.fproxy.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: CONFIG_HOME
- value: "/opt/app/fproxy/config"
- - name: KEY_STORE_PASSWORD
- value: {{ .Values.sidecar.keyStorePassword }}
- - name: TRUST_STORE_PASSWORD
- value: {{ .Values.sidecar.trustStorePassword }}
- - name: spring_profiles_active
- value: {{ .Values.global.fproxy.activeSpringProfiles }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-fproxy-config
- mountPath: /opt/app/fproxy/config/fproxy.properties
- subPath: fproxy.properties
- - name: {{ include "common.fullname" . }}-fproxy-log-config
- mountPath: /opt/app/fproxy/config/logback-spring.xml
- subPath: logback-spring.xml
- - name: {{ include "common.fullname" . }}-fproxy-auth-config
- mountPath: /opt/app/fproxy/config/auth/fproxy_truststore
- subPath: fproxy_truststore
- - name: {{ include "common.fullname" . }}-fproxy-auth-config
- mountPath: /opt/app/fproxy/config/auth/tomcat_keystore
- subPath: tomcat_keystore
- - name: {{ include "common.fullname" . }}-fproxy-auth-config
- mountPath: /opt/app/fproxy/config/auth/client-cert.p12
- subPath: client-cert.p12
- ports:
- - containerPort: {{ .Values.global.fproxy.port }}
- {{- end }}
volumes:
- name: aai-common-aai-auth-mount
secret:
- key: {{ . }}
path: {{ . }}
{{- end }}
- {{- if .Values.global.installSidecarSecurity }}
- - name: {{ include "common.fullname" . }}-aai-policy
- configMap:
- name: {{ include "common.fullname" . }}-aai-policy-configmap
- - name: {{ include "common.fullname" . }}-rproxy-config
- configMap:
- name: {{ include "common.fullname" . }}-rproxy-config
- - name: {{ include "common.fullname" . }}-rproxy-log-config
- configMap:
- name: {{ include "common.fullname" . }}-rproxy-log-config
- - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
- configMap:
- name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
- - name: {{ include "common.fullname" . }}-rproxy-auth-config
- secret:
- secretName: {{ include "common.fullname" . }}-rproxy-auth-config
- - name: {{ include "common.fullname" . }}-rproxy-security-config
- secret:
- secretName: {{ include "common.fullname" . }}-rproxy-security-config
- - name: {{ include "common.fullname" . }}-fproxy-config
- configMap:
- name: {{ include "common.fullname" . }}-fproxy-config
- - name: {{ include "common.fullname" . }}-fproxy-log-config
- configMap:
- name: {{ include "common.fullname" . }}-fproxy-log-config
- - name: {{ include "common.fullname" . }}-fproxy-auth-config
- secret:
- secretName: {{ include "common.fullname" . }}-fproxy-auth-config
- {{- end }}
restartPolicy: {{ .Values.restartPolicy }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Copyright © 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
*/}}
apiVersion: v1
-kind: ConfigMap
+kind: Secret
metadata:
- name: {{ include "common.fullname" . }}
+ name: {{ include "common.fullname" . }}-aaf-keys
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
+type: Opaque
data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.keyfile").AsSecrets . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.p12").AsSecrets . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/aaf/bath_config.csv").AsSecrets . | indent 2 }}
\ No newline at end of file
spec:
type: {{ .Values.service.type }}
ports:
- {{if eq .Values.service.type "NodePort" -}}
+ {{ if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
name: {{ .Values.service.portName }}
name: {{ .Values.service.portName }}
- port: {{ .Values.service.internalPort2 }}
name: {{ .Values.service.portName2 }}
- {{- end}}
+ {{- end }}
selector:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
#Override it to aai-cassandra if localCluster is enabled.
serviceName: cassandra
- rproxy:
- name: reverse-proxy
-
initContainers:
enabled: true
+++ /dev/null
-credential.cache.timeout.ms=180000
-transactionid.header.name=X-TransactionId
\ No newline at end of file
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<configuration>
-
- <property name="LOGS" value="./logs/AAF-FPS" />
- <property name="FILEPREFIX" value="application" />
-
- <appender name="Console"
- class="ch.qos.logback.core.ConsoleAppender">
- <layout class="ch.qos.logback.classic.PatternLayout">
- <Pattern>
- %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
- </Pattern>
- </layout>
- </appender>
-
- <appender name="RollingFile"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${LOGS}/${FILEPREFIX}.log</file>
- <encoder
- class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
- <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
- </encoder>
-
- <rollingPolicy
- class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <!-- rollover daily and when the file reaches 10 MegaBytes -->
- <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
- </fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>10MB</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- </rollingPolicy>
- </appender>
-
- <!-- LOG everything at INFO level -->
- <root level="debug">
- <appender-ref ref="RollingFile" />
- <appender-ref ref="Console" />
- </root>
-
- <!-- LOG "com.baeldung*" at TRACE level -->
- <logger name="org.onap.aaf.fproxy" level="trace" additivity="false">
- <appender-ref ref="RollingFile" />
- <appender-ref ref="Console" />
- </logger>
-
-</configuration>
+++ /dev/null
-Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file
+++ /dev/null
-[
- {
- "uri": "\/services\/search-data-service\/.*",
- "method": "GET|PUT|POST|DELETE",
- "permissions": [
- "org\\.onap\\.aai\\.resources\\|\\*\\|.*"
- ]
- }
-
-
-]
+++ /dev/null
-{{/*
-# This is a normal Java Properties File
-# Comments are with Pound Signs at beginning of lines,
-# and multi-line expression of properties can be obtained by backslash at end of line
-
-#hostname is used for local testing where you may have to set your hostname to **.att.com or **.sbc.com. The example given below
-#will allow for an ATT cross domain cookie to be used for GLO. If you are running on Windows corp machine, your machine name
-#may be used automatically by cadi. However, if it is not, you will need to use hostname=mywebserver.att.com and add mywebserver.att.com
-#to your hosts file on your machine.
-#hostname=test.aic.cip.att.com
-*/}}
-
-cadi_loglevel=DEBUG
-
-# OAuth2
-aaf_oauth2_token_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.token:2.1/token
-aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.introspect:2.1/introspect
-
-cadi_latitude=37.78187
-cadi_longitude=-122.26147
-
-# Locate URL (which AAF Env)
-aaf_locate_url=https://aaf-locate.{{.Release.Namespace}}:8095
-
-# AAF URL
-aaf_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1
-
-cadi_keyfile=/opt/app/rproxy/config/security/keyfile
-cadi_keystore=/opt/app/rproxy/config/auth/org.onap.aai.p12
-cadi_keystore_password=enc:383RDJRFA6yQz9AOxUxC1iIg3xTJXityw05MswnpnEtelRQy2D4r5INQjrea7GTV
-cadi_alias=aai@aai.onap.org
-cadi_truststore=/opt/app/rproxy/config/auth/tomcat_keystore
-cadi_truststore_password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
-
-aaf_env=DEV
-
-aaf_id=demo@people.osaaf.org
-aaf_password=enc:92w4px0y_rrm265LXLpw58QnNPgDXykyA1YTrflbAKz
-
-# This is a colon separated list of client cert issuers
-cadi_x509_issuers=CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA
+++ /dev/null
-forward-proxy.protocol = https
-forward-proxy.host = localhost
-forward-proxy.port = 10680
-forward-proxy.cacheurl = /credential-cache
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<configuration>
-
- <property name="LOGS" value="./logs/reverse-proxy" />
- <property name="FILEPREFIX" value="application" />
-
- <appender name="Console"
- class="ch.qos.logback.core.ConsoleAppender">
- <layout class="ch.qos.logback.classic.PatternLayout">
- <Pattern>
- %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
- </Pattern>
- </layout>
- </appender>
-
- <appender name="RollingFile"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${LOGS}/${FILEPREFIX}.log</file>
- <encoder
- class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
- <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
- </encoder>
-
- <rollingPolicy
- class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <!-- rollover daily and when the file reaches 10 MegaBytes -->
- <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
- </fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>10MB</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- </rollingPolicy>
- </appender>
-
- <!-- LOG everything at INFO level -->
- <root level="debug">
- <appender-ref ref="RollingFile" />
- <appender-ref ref="Console" />
- </root>
-
- <!-- LOG "com.baeldung*" at TRACE level -->
- <logger name="org.onap.aaf.rproxy" level="trace" additivity="false">
- <appender-ref ref="RollingFile" />
- <appender-ref ref="Console" />
- </logger>
-
-</configuration>
+++ /dev/null
-primary-service.protocol = https
-primary-service.host = localhost
-primary-service.port = 9509
+++ /dev/null
-Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file
+++ /dev/null
-transactionid.header.name=X-TransactionId
\ No newline at end of file
{{/*
# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright (c) 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/log/logback.xml").AsConfig . | indent 2 }}
-
-{{ if .Values.global.installSidecarSecurity }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-fproxy-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/fproxy/config/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-fproxy-log-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/fproxy/config/logback-spring.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-log-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/logback-spring.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/auth/uri-authorization.json").AsConfig . | indent 2 }}
-{{ end }}
-
{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
-# Modifications Copyright © 2020 Orange
+# Modifications Copyright © 2020,2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
release: {{ include "common.release" . }}
name: {{ include "common.name" . }}
spec:
- {{ if .Values.global.installSidecarSecurity }}
- initContainers:
- - name: {{ .Values.global.tproxyConfig.name }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.tproxyConfig.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- securityContext:
- privileged: true
- {{ end }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
name: {{ include "common.fullname" . }}-service-logs
- mountPath: /usr/share/filebeat/data
name: {{ include "common.fullname" . }}-service-filebeat
-
- {{ if .Values.global.installSidecarSecurity }}
- - name: {{ .Values.global.rproxy.name }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.rproxy.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: CONFIG_HOME
- value: "/opt/app/rproxy/config"
- - name: KEY_STORE_PASSWORD
- value: {{ .Values.config.keyStorePassword }}
- - name: spring_profiles_active
- value: {{ .Values.global.rproxy.activeSpringProfiles }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/forward-proxy.properties
- subPath: forward-proxy.properties
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/primary-service.properties
- subPath: primary-service.properties
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/reverse-proxy.properties
- subPath: reverse-proxy.properties
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/cadi.properties
- subPath: cadi.properties
- - name: {{ include "common.fullname" . }}-rproxy-log-config
- mountPath: /opt/app/rproxy/config/logback-spring.xml
- subPath: logback-spring.xml
- - name: {{ include "common.fullname" . }}-rproxy-auth-certs
- mountPath: /opt/app/rproxy/config/auth/tomcat_keystore
- subPath: tomcat_keystore
- - name: {{ include "common.fullname" . }}-rproxy-auth-certs
- mountPath: /opt/app/rproxy/config/auth/client-cert.p12
- subPath: client-cert.p12
- - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
- mountPath: /opt/app/rproxy/config/auth/uri-authorization.json
- subPath: uri-authorization.json
- - name: {{ include "common.fullname" . }}-rproxy-auth-certs
- mountPath: /opt/app/rproxy/config/auth/org.onap.aai.p12
- subPath: org.onap.aai.p12
- - name: {{ include "common.fullname" . }}-rproxy-security-config
- mountPath: /opt/app/rproxy/config/security/keyfile
- subPath: keyfile
-
- ports:
- - containerPort: {{ .Values.global.rproxy.port }}
-
- - name: {{ .Values.global.fproxy.name }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.fproxy.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: CONFIG_HOME
- value: "/opt/app/fproxy/config"
- - name: KEY_STORE_PASSWORD
- value: {{ .Values.config.keyStorePassword }}
- - name: TRUST_STORE_PASSWORD
- value: {{ .Values.config.trustStorePassword }}
- - name: spring_profiles_active
- value: {{ .Values.global.fproxy.activeSpringProfiles }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-fproxy-config
- mountPath: /opt/app/fproxy/config/fproxy.properties
- subPath: fproxy.properties
- - name: {{ include "common.fullname" . }}-fproxy-log-config
- mountPath: /opt/app/fproxy/config/logback-spring.xml
- subPath: logback-spring.xml
- - name: {{ include "common.fullname" . }}-fproxy-auth-certs
- mountPath: /opt/app/fproxy/config/auth/fproxy_truststore
- subPath: fproxy_truststore
- - name: {{ include "common.fullname" . }}-fproxy-auth-certs
- mountPath: /opt/app/fproxy/config/auth/tomcat_keystore
- subPath: tomcat_keystore
- - name: {{ include "common.fullname" . }}-fproxy-auth-certs
- mountPath: /opt/app/fproxy/config/auth/client-cert.p12
- subPath: client-cert.p12
- ports:
- - containerPort: {{ .Values.global.fproxy.port }}
- {{ end }}
-
volumes:
- name: localtime
hostPath:
- name: {{ include "common.fullname" . }}-service-log-conf
configMap:
name: {{ include "common.fullname" . }}-service-log
- {{ if .Values.global.installSidecarSecurity }}
- - name: {{ include "common.fullname" . }}-rproxy-config
- configMap:
- name: {{ include "common.fullname" . }}-rproxy-config
- - name: {{ include "common.fullname" . }}-rproxy-log-config
- configMap:
- name: {{ include "common.fullname" . }}-rproxy-log-config
- - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
- configMap:
- name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
- - name: {{ include "common.fullname" . }}-rproxy-auth-config
- secret:
- secretName: {{ include "common.fullname" . }}-rproxy-auth-config
- - name: {{ include "common.fullname" . }}-rproxy-auth-certs
- secret:
- secretName: aai-rproxy-auth-certs
- - name: {{ include "common.fullname" . }}-rproxy-security-config
- secret:
- secretName: aai-rproxy-security-config
- - name: {{ include "common.fullname" . }}-fproxy-config
- configMap:
- name: {{ include "common.fullname" . }}-fproxy-config
- - name: {{ include "common.fullname" . }}-fproxy-log-config
- configMap:
- name: {{ include "common.fullname" . }}-fproxy-log-config
- - name: {{ include "common.fullname" . }}-fproxy-auth-certs
- secret:
- secretName: aai-fproxy-auth-certs
- {{ end }}
restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
{{/*
# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright (c) 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/auth/search_policy.json").AsSecrets . | indent 2 }}
-
-{{ if .Values.global.installSidecarSecurity }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-auth-config
- namespace: {{ include "common.namespace" . }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/auth/*").AsSecrets . | indent 2 }}
-{{ end }}
-
{{/*
# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright (c) 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
spec:
type: {{ .Values.service.type }}
ports:
-{{ if .Values.global.installSidecarSecurity }}
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- targetPort: {{ .Values.global.rproxy.port }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.global.rproxy.port }}
- name: {{ .Values.service.portName }}
- {{- end}}
- {{ else }}
-
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
-{{ end }}
+ {{- if eq .Values.service.type "NodePort" }}
+ - port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ {{- else }}
+ - port: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ {{- end }}
selector:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
service:
type: ClusterIP
portName: aai-search-data
- internalPort: 9509
+ internalPort: "9509"
ingress:
enabled: false
# Copyright (c) 2017 Amdocs, Bell Canada
# Modifications Copyright (c) 2018 AT&T
# Modifications Copyright (c) 2020 Nokia, Orange
+# Modifications Copyright (c) 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
restartPolicy: Always
- installSidecarSecurity: false
aafEnabled: true
-
- fproxy:
- name: forward-proxy
- activeSpringProfiles: noHostVerification,cadi
- image: onap/fproxy:2.1.13
- port: 10680
-
- rproxy:
- name: reverse-proxy
- activeSpringProfiles: noHostVerification,cadi
- image: onap/rproxy:2.1.13
- port: 10692
-
- tproxyConfig:
- name: init-tproxy-config
- image: onap/tproxy-config:2.1.13
-
- # AAF server details. Only needed if the AAF DNS does not resolve from the pod
- aaf:
- serverIp: 10.12.6.214
- serverHostname: aaf.osaaf.org
- serverPort: 30247
+ msbEnabled: true
cassandra:
#This will instantiate AAI cassandra cluster, default:shared cassandra.
+++ /dev/null
-components/
+++ /dev/null
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
-OUTPUT_DIR := $(ROOT_DIR)/../dist
-PACKAGE_DIR := $(OUTPUT_DIR)/packages
-SECRET_DIR := $(OUTPUT_DIR)/secrets
-
-EXCLUDES := dist resources templates charts docker
-HELM_BIN := helm
-HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
-HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
-
-.PHONY: $(EXCLUDES) $(HELM_CHARTS)
-
-all: $(HELM_CHARTS)
-
-$(HELM_CHARTS):
- @echo "\n[$@]"
- @make package-$@
-
-make-%:
- @if [ -f $*/Makefile ]; then make -C $*; fi
-
-dep-%: make-%
- @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
-
-lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
-
-package-%: lint-%
- @mkdir -p $(PACKAGE_DIR)
-ifeq "$(findstring v3,$(HELM_VER))" "v3"
- @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi
-else
- @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
-endif
- @$(HELM_BIN) repo index $(PACKAGE_DIR)
-
-clean:
- @rm -f */requirements.lock
- @rm -f *tgz */charts/*tgz
- @rm -rf $(PACKAGE_DIR)
-%:
- @:
+++ /dev/null
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
-OUTPUT_DIR := $(ROOT_DIR)/../../dist
-PACKAGE_DIR := $(OUTPUT_DIR)/packages
-SECRET_DIR := $(OUTPUT_DIR)/secrets
-
-EXCLUDES :=
-HELM_BIN := helm
-HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
-
-.PHONY: $(EXCLUDES) $(HELM_CHARTS)
-
-all: $(HELM_CHARTS)
-
-$(HELM_CHARTS):
- @echo "\n[$@]"
- @make package-$@
-
-make-%:
- @if [ -f $*/Makefile ]; then make -C $*; fi
-
-dep-%: make-%
- @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
-
-lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
-
-package-%: lint-%
- @mkdir -p $(PACKAGE_DIR)
- @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
- @$(HELM_BIN) repo index $(PACKAGE_DIR)
-
-clean:
- @rm -f */requirements.lock
- @rm -f *tgz */charts/*tgz
- @rm -rf $(PACKAGE_DIR)
-%:
- @:
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: ONAP Clamp Dashboard Elasticsearch
-name: clamp-dash-es
-version: 7.0.0
+++ /dev/null
----
-# Copyright © 2020 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ======================== Elasticsearch Configuration =========================
-#
-# NOTE: Elasticsearch comes with reasonable defaults for most settings.
-# Before you set out to tweak and tune the configuration, make sure you
-# understand what are you trying to accomplish and the consequences.
-#
-# The primary way of configuring a node is via this file. This template lists
-# the most important settings you may want to configure for a production cluster.
-#
-# Please consult the documentation for further information on configuration options:
-# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
-#
-# ---------------------------------- Cluster -----------------------------------
-#
-# Name of the Elasticsearch cluster.
-# A node can only join a cluster when it shares its cluster.name with all the other nodes in the cluster.
-# The default name is elasticsearch, but you should change it to an appropriate name which describes the
-# purpose of the cluster.
-#
-## Default Elasticsearch configuration from elasticsearch-docker.
-## from https://opendistro.github.io/for-elasticsearch-docs/docs/elasticsearch/configuration/
-#
-
-cluster.name: "clamp-dashboard"
-node.name: "cldash-es-node1"
-# ---------------------------------- Network -----------------------------------
-#
-# Set the bind address to a specific IP (IPv4 or IPv6):
-# In order to communicate and to form a cluster with nodes on other servers, your node will need to bind to a
-# non-loopback address.
-network.host: 0.0.0.0
-#
-# Set a custom port for HTTP: If required, default is 9200-9300
-#
-#http.port: $http.port
-#
-# For more information, consult the network module documentation.
-# ----------------------------------- Paths ------------------------------------
-#
-# The location of the data files of each index / shard allocated on the node. Can hold multiple locations separated by coma.
-# In production, we should not keep this default to "/elasticsearch/data", as on upgrading Elasticsearch, directory structure
-# may change & can deal to data loss.
-path.data: /usr/share/elasticsearch/data
-#
-# Elasticsearch's log files location. In production, we should not keep this default to "/elasticsearch/logs",
-# as on upgrading Elasticsearch, directory structure may change.
-path.logs: /usr/share/elasticsearch/logs
-#
-# ----------------------------------- Memory -----------------------------------
-#
-# It is vitally important to the health of your node that none of the JVM is ever swapped out to disk.
-# Lock the memory on startup.
-#
-bootstrap.memory_lock: false
-#
-# Make sure that the heap size is set to about half the memory available
-# on the system and that the owner of the process is allowed to use this
-# limit.
-#
-# Elasticsearch performs poorly when the system is swapping the memory.
-#
-# --------------------------------- Discovery ----------------------------------
-#
-# Pass an initial list of hosts to perform discovery when new node is started
-# To form a cluster with nodes on other servers, you have to provide a seed list of other nodes in the cluster
-# that are likely to be live and contactable.
-# By default, Elasticsearch will bind to the available loopback addresses and will scan ports 9300 to 9305 to try
-# to connect to other nodes running on the same server.
-# # minimum_master_nodes need to be explicitly set when bound on a public IP
-# # set to 1 to allow single node clusters
-# # Details: https://github.com/elastic/elasticsearch/pull/17288
-discovery.zen.minimum_master_nodes: 1
-discovery.seed_hosts: []
-# # Breaking change in 7.0
-# # https://www.elastic.co/guide/en/elasticsearch/reference/7.0/breaking-changes-7.0.html#breaking_70_discovery_changes
-cluster.initial_master_nodes:
- - cldash-es-node1
-# - docker-test-node-1
-# ---------------------------------- Various -----------------------------------
-#
-# Require explicit names when deleting indices:
-#
-#action.destructive_requires_name: true
-# Set a custom port for HTTP: If required, default is 9200-9300
-# This is used for REST APIs
-http.port: {{.Values.service.externalPort}}
-# Port to bind for communication between nodes. Accepts a single value or a range.
-# If a range is specified, the node will bind to the first available port in the range.
-# Defaults to 9300-9400.
-# More info:
-transport.tcp.port: {{.Values.service.externalPort2}}
-
-######## Start OpenDistro for Elasticsearch Security Demo Configuration ########
-# WARNING: revise all the lines below before you go into production
-{{- if .Values.global.aafEnabled }}
-opendistro_security.ssl.transport.pemcert_filepath: {{ .Values.certInitializer.clamp_pem }}
-opendistro_security.ssl.transport.pemkey_filepath: {{ .Values.certInitializer.clamp_key }}
-opendistro_security.ssl.transport.pemtrustedcas_filepath: {{ .Values.certInitializer.clamp_ca_certs_pem }}
-opendistro_security.ssl.http.pemcert_filepath: {{ .Values.certInitializer.clamp_pem }}
-opendistro_security.ssl.http.pemkey_filepath: {{ .Values.certInitializer.clamp_key }}
-opendistro_security.ssl.http.pemtrustedcas_filepath: {{ .Values.certInitializer.clamp_ca_certs_pem }}
-{{- else }}
-opendistro_security.ssl.transport.pemcert_filepath: esnode.pem
-opendistro_security.ssl.transport.pemkey_filepath: esnode-key.pem
-opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem
-opendistro_security.ssl.http.pemcert_filepath: esnode.pem
-opendistro_security.ssl.http.pemkey_filepath: esnode-key.pem
-opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem
-{{- end }}
-opendistro_security.ssl.transport.enforce_hostname_verification: false
-opendistro_security.ssl.http.enabled: {{.Values.security.ssl.enabled}}
-
-opendistro_security.allow_unsafe_democertificates: true
-opendistro_security.allow_default_init_securityindex: true
-opendistro_security.authcz.admin_dn:
- - CN=kirk,OU=client,O=client,L=test, C=de
-
-opendistro_security.audit.type: internal_elasticsearch
-opendistro_security.enable_snapshot_restore_privilege: true
-opendistro_security.check_snapshot_restore_write_privileges: true
-opendistro_security.restapi.roles_enabled: ["all_access", "security_rest_api_access"]
-cluster.routing.allocation.disk.threshold_enabled: false
-node.max_local_storage_nodes: 3
-######## End OpenDistro for Elasticsearch Security Demo Configuration ########
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - command:
- - /bin/sh
- - -c
- - |
- sysctl -w vm.max_map_count=262144
- mkdir -p /usr/share/elasticsearch/logs
- mkdir -p /usr/share/elasticsearch/data
- chmod -R 777 /usr/share/elasticsearch
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- securityContext:
- privileged: true
- image: {{ include "repositoryGenerator.image.busybox" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: init-sysctl
- volumeMounts:
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /usr/share/elasticsearch/logs/
- - name: {{ include "common.fullname" . }}-data
- mountPath: /usr/share/elasticsearch/data/
-{{ include "common.certInitializer.initContainer" . | indent 6 }}
- containers:
- - name: {{ include "common.name" . }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- {{- if .Values.global.aafEnabled }}
- command:
- - sh
- args:
- - -c
- - |
- cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_key }} /usr/share/elasticsearch/config/{{ .Values.certInitializer.clamp_key }}
- cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_pem }} /usr/share/elasticsearch/config/{{ .Values.certInitializer.clamp_pem }}
- cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }} /usr/share/elasticsearch/config/{{ .Values.certInitializer.clamp_ca_certs_pem }}
- /usr/local/bin/docker-entrypoint.sh
- {{- end }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- name: {{ include "common.servicename" . }}
- - containerPort: {{ .Values.service.internalPort2 }}
- name: {{ include "common.servicename" . }}2
-# disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort2 }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
- env:
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /usr/share/elasticsearch/config/elasticsearch.yml
- name: {{ include "common.fullname" . }}-config
- subPath: elasticsearch.yml
- - mountPath: /usr/share/elasticsearch/data/
- name: {{ include "common.fullname" . }}-data
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}-config
- configMap:
- name: {{ include "common.fullname" . }}-configmap
- items:
- - key: elasticsearch.yml
- path: elasticsearch.yml
- - name: {{ include "common.fullname" . }}-data
- persistentVolumeClaim:
- claimName: {{ include "common.fullname" . }}
- - name: {{ include "common.fullname" . }}-logs
- hostPath:
- path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPathLogs }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-{{- if eq "True" (include "common.needPV" .) -}}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}-data
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- name: {{ include "common.fullname" . }}
-spec:
- capacity:
- storage: {{ .Values.persistence.size}}
- accessModes:
- - {{ .Values.persistence.accessMode }}
- storageClassName: "{{ include "common.fullname" . }}-data"
- persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
- hostPath:
- path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }}
-{{- end -}}
-{{- end -}}
+++ /dev/null
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
-{{- if .Values.persistence.annotations }}
- annotations:
-{{ toYaml .Values.persistence.annotations | indent 4 }}
-{{- end }}
-spec:
- accessModes:
- - {{ .Values.persistence.accessMode }}
- storageClassName: {{ include "common.storageClass" . }}
- resources:
- requests:
- storage: {{ .Values.persistence.size }}
-{{- end -}}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.config.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.config.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
----
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}-tcp
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type2 }}
- ports:
- {{if eq .Values.service.type2 "NodePort" -}}
- - port: {{ .Values.service.externalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.config.portName2 }}
- {{- else -}}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.config.portName2 }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2020 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- persistence: {}
- centralizedLoggingEnabled: true
- #AAF service
- aafEnabled: true
-
-#################################################################
-# AAF part
-#################################################################
-certInitializer:
- permission_user: 1000
- permission_group: 999
- addconfig: true
- keystoreFile: "org.onap.clamp.p12"
- truststoreFile: "org.onap.clamp.trust.jks"
- keyFile: "org.onap.clamp.keyfile"
- truststoreFileONAP: "truststoreONAPall.jks"
- clamp_key: "org.onap.clamp.crt.key"
- clamp_pem: "org.onap.clamp.key.pem"
- clamp_ca_certs_pem: "clamp-ca-certs.pem"
- nameOverride: clamp-es-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: clamp
- fqi: clamp@clamp.onap.org
- public_fqdn: clamp.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- aaf_add_config: >
- /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop;
- export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0);
- cd {{ .Values.credsPath }};
- openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }};
- openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }};
- openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }};
- chmod a+rx *;
-
-flavor: small
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-image: onap/clamp-dashboard-elasticsearch:5.0.4
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-# Example:
-config: {}
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 180
- periodSeconds: 30
- timeoutSeconds: 5
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 180
- periodSeconds: 30
- timeoutSeconds: 5
-
-## Persist data to a persitent volume
-persistence:
- enabled: true
-
- ## A manually managed Persistent Volume and Claim
- ## Requires persistence.enabled: true
- ## If defined, PVC must be created manually before volume will be bound
- # existingClaim:
- volumeReclaimPolicy: Retain
-
- ## database data Persistent Volume Storage Class
- ## If defined, storageClassName: <storageClass>
- ## If set to "-", storageClassName: "", which disables dynamic provisioning
- ## If undefined (the default) or set to null, no storageClassName spec is
- ## set, choosing the default provisioner. (gp2 on AWS, standard on
- ## GKE, AWS & OpenStack)
- accessMode: ReadWriteOnce
- size: 4Gi
- mountPath: /dockerdata-nfs
- mountSubPath: clamp/dashboard-elasticsearch/data
- mountSubPathLogs: clamp
-
-security:
- ssl:
- enabled: true
-
-service:
- type: ClusterIP
- name: cdash-es
- portName: cdash-es-rest
- externalPort: 9200
- internalPort: 9200
- type2: ClusterIP
- portName2: cdash-es-tcp
- externalPort2: 9300
- internalPort2: 9300
-
-ingress:
- enabled: false
-
-#resources: {}
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- #
- # Example:
- # Configure resource requests and limits
- # ref: http://kubernetes.io/docs/user-guide/compute-resources/
- # Minimum memory for development is 2 CPU cores and 4GB memory
- # Minimum memory for production is 4 CPU cores and 8GB memory
-resources:
- small:
- limits:
- cpu: 1
- memory: 4Gi
- requests:
- cpu: 10m
- memory: 2.5Gi
- large:
- limits:
- cpu: 1
- memory: 4Gi
- requests:
- cpu: 10m
- memory: 2.5Gi
- unlimited: {}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: ONAP Clamp Dashboard Kibana
-name: clamp-dash-kibana
-version: 7.0.0
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: common
- version: ~7.x-0
- repository: '@local'
- - name: certInitializer
- version: ~7.x-0
- repository: '@local'
- - name: repositoryGenerator
- version: ~7.x-0
- repository: '@local'
\ No newline at end of file
+++ /dev/null
-{{/*
-# Copyright © 2020 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.# Default Kibana configuration from kibana-docker.
-*/}}
-
-server.name: "Clamp CL Dashboard"
-server.host: "0"
-# Kibana is served by a back end server. This setting specifies the port to use.
-server.port: {{.Values.service.externalPort}}
-
-server.ssl.enabled: {{.Values.config.sslEnabled}}
-{{- if .Values.global.aafEnabled }}
-server.ssl.certificate: {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_pem }}
-server.ssl.key: {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_key }}
-{{ else }}
-server.ssl.certificate: {{.Values.config.sslPemCertFilePath}}
-server.ssl.key: {{.Values.config.sslPemkeyFilePath}}
-{{- end }}
-# The URL of the Elasticsearch instance to use for all your queries.
-elasticsearch.hosts: ${elasticsearch_base_url}
-
-elasticsearch.ssl.verificationMode: none
-elasticsearch.username: {{.Values.config.elasticUSR}}
-elasticsearch.password: {{.Values.config.elasticPWD}}
-
-elasticsearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
-
-opendistro_security.multitenancy.enabled: true
-opendistro_security.multitenancy.tenants.preferred: ["Private", "Global"]
-opendistro_security.readonly_mode.roles: ["kibana_read_only"]
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-aaf-pem-keys
- namespace: {{ include "common.namespace" . }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - command:
- - /app/ready.py
- args:
- - --container-name
- - clamp-dash-es
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
-{{ include "common.certInitializer.initContainer" . | indent 6 }}
- containers:
- - name: {{ include "common.name" . }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- name: {{ include "common.servicename" . }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
-# disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- env:
- - name: elasticsearch_base_url
- value: "{{ternary "https" "http" .Values.security.ssl.enabled}}://{{.Values.config.elasticsearchServiceName}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.config.elasticsearchPort}}"
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /usr/share/kibana/config/kibana.yml
- name: {{ include "common.fullname" . }}
- subPath: kibana.yml
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}
- configMap:
- name: {{ include "common.fullname" . }}
- items:
- - key: kibana.yml
- path: kibana.yml
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.config.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.config.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- persistence: {}
- centralizedLoggingEnabled: true
- #AAF service
- aafEnabled: true
-
-#################################################################
-# AAF part
-#################################################################
-certInitializer:
- permission_user: 1000
- permission_group: 999
- addconfig: true
- keystoreFile: "org.onap.clamp.p12"
- truststoreFile: "org.onap.clamp.trust.jks"
- keyFile: "org.onap.clamp.keyfile"
- truststoreFileONAP: "truststoreONAPall.jks"
- clamp_key: "org.onap.clamp.crt.key"
- clamp_pem: "org.onap.clamp.key.pem"
- clamp_ca_certs_pem: "clamp-ca-certs.pem"
- nameOverride: clamp-kibana-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: clamp
- fqi: clamp@clamp.onap.org
- public_fqdn: clamp.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- aaf_add_config: >
- /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop;
- export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0);
- cd {{ .Values.credsPath }};
- openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }};
- openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }};
- openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }};
- chmod a+rx *;
-
-flavor: small
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-image: onap/clamp-dashboard-kibana:5.0.4
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-#the 'sslEnabled flag' here below is for the kibana UI connection (web browser connection to kibana)
-config:
- elasticsearchServiceName: cdash-es
- elasticsearchPort: 9200
- elasticUSR: kibanaserver
- elasticPWD: kibanaserver
- sslEnabled: true
- sslPemCertFilePath: /usr/share/kibana/config/keystore/org.onap.clamp.crt.pem
- sslPemkeyFilePath: /usr/share/kibana/config/keystore/org.onap.clamp.key.pem
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 360
- periodSeconds: 30
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 360
- periodSeconds: 30
-
-#internal ssl security scheme for elasticsearch connection mainly
-security:
- ssl:
- enabled: true
-
-service:
- #Example service definition with external, internal and node ports.
- #Services may use any combination of ports depending on the 'type' of
- #service being defined.
- type: NodePort
- name: cdash-kibana
- portName: cdash-kibana-http
- externalPort: 5601
- internalPort: 5601
- nodePort: 90
-ingress:
- enabled: false
- service:
- - baseaddr: "cdash-kibana"
- name: "cdash-kibana"
- port: 5601
- config:
- ssl: "redirect"
-
-#resources: {}
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- #
- # Example:
- # Configure resource requests and limits
- # ref: http://kubernetes.io/docs/user-guide/compute-resources/
- # Minimum memory for development is 2 CPU cores and 4GB memory
- # Minimum memory for production is 4 CPU cores and 8GB memory
-resources:
- small:
- limits:
- cpu: 1
- memory: 2Gi
- requests:
- cpu: 10m
- memory: 750Mi
- large:
- limits:
- cpu: 1
- memory: 2Gi
- requests:
- cpu: 10m
- memory: 750Mi
- unlimited: {}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: ONAP Clamp Dashboard Logstash
-name: clamp-dash-logstash
-version: 7.0.0
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: common
- version: ~7.x-0
- repository: '@local'
- - name: certInitializer
- version: ~7.x-0
- repository: '@local'
- - name: repositoryGenerator
- version: ~7.x-0
- repository: '@local'
\ No newline at end of file
+++ /dev/null
-{{/*
-# Copyright © 2020 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-http.host: "0.0.0.0"
-## Path where pipeline configurations reside
-path.config: /usr/share/logstash/pipeline
-
-## Type of queue : memeory based or file based
-#queue.type: persisted
-## Size of queue
-#queue.max_bytes: 1024mb
-## Setting true makes logstash check periodically for change in pipeline configurations
-config.reload.automatic: true
-
+++ /dev/null
-{{/*
-# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-input {
- http_poller {
- urls => {
- event_queue => {
- method => get
- url => "${dmaap_base_url}/events/${event_topic}/${dmaap_consumer_group}/${dmaap_consumer_id}?timeout=15000"
- headers => {
- Accept => "application/json"
- }
- topic => "${event_topic}"
- tags => [ "dmaap_source" ]
- }
- notification_queue => {
- method => get
- url => "${dmaap_base_url}/events/${notification_topic}/${dmaap_consumer_group}/${dmaap_consumer_id}?timeout=15000"
- headers => {
- Accept => "application/json"
- }
- topic => "${notification_topic}"
- tags => [ "dmaap_source" ]
- }
- request_queue => {
- method => get
- url => "${dmaap_base_url}/events/${request_topic}/${dmaap_consumer_group}/${dmaap_consumer_id}?timeout=15000"
- headers => {
- Accept => "application/json"
- }
- topic => "${request_topic}"
- tags => [ "dmaap_source" ]
- }
- }
- socket_timeout => 30
- request_timeout => 30
- schedule => { "every" => "1m" }
- codec => "plain"
-{{- if .Values.global.aafEnabled }}
- cacert => "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }}"
-{{- else }}
- cacert => "/certs.d/aafca.pem"
-{{- end }}
- }
-}
-
-
-filter {
- # avoid noise if no entry in the list
- if [message] == "[]" {
- drop { }
- }
-
- if [http_request_failure] or [@metadata][code] != 200 {
- mutate {
- add_tag => [ "error" ]
- }
- }
-
- if "dmaap_source" in [@metadata][request][tags] {
- #
- # Dmaap provides a json list, whose items are Strings containing the event
- # provided to Dmaap, which itself is an escaped json.
- #
- # We first need to parse the json as we have to use the plaintext as it cannot
- # work with list of events, then split that list into multiple string events,
- # that we then transform into json.
- #
- json {
- source => "[message]"
- target => "message"
- }
-
- split {
- field => "message"
- }
- json {
- source => "message"
- }
- mutate {
- remove_field => [ "message" ]
- }
- }
-
- #
- # Some timestamps are expressed as milliseconds, some are in microseconds
- #
- if [closedLoopAlarmStart] {
- ruby {
- code => "
- if event.get('closedLoopAlarmStart').to_s.to_i(10) > 9999999999999
- event.set('closedLoopAlarmStart', event.get('closedLoopAlarmStart').to_s.to_i(10) / 1000)
- else
- event.set('closedLoopAlarmStart', event.get('closedLoopAlarmStart').to_s.to_i(10))
- end
- "
- }
- date {
- match => [ "closedLoopAlarmStart", UNIX_MS ]
- target => "closedLoopAlarmStart"
- }
- }
-
- if [closedLoopAlarmEnd] {
- ruby {
- code => "
- if event.get('closedLoopAlarmEnd').to_s.to_i(10) > 9999999999999
- event.set('closedLoopAlarmEnd', event.get('closedLoopAlarmEnd').to_s.to_i(10) / 1000)
- else
- event.set('closedLoopAlarmEnd', event.get('closedLoopAlarmEnd').to_s.to_i(10))
- end
- "
- }
- date {
- match => [ "closedLoopAlarmEnd", UNIX_MS ]
- target => "closedLoopAlarmEnd"
- }
-
- }
-
-
- #
- # Notification time are expressed under the form "yyyy-MM-dd HH:mm:ss", which
- # is close to ISO8601, but lacks of T as spacer: "yyyy-MM-ddTHH:mm:ss"
- #
- if [notificationTime] {
- mutate {
- gsub => [
- "notificationTime", " ", "T"
- ]
- }
- date {
- match => [ "notificationTime", ISO8601 ]
- target => "notificationTime"
- }
- }
-
-
- #
- # Renaming some fields for readability
- #
- if [AAI][generic-vnf.vnf-name] {
- mutate {
- add_field => { "vnfName" => "%{[AAI][generic-vnf.vnf-name]}" }
- }
- }
- if [AAI][generic-vnf.vnf-type] {
- mutate {
- add_field => { "vnfType" => "%{[AAI][generic-vnf.vnf-type]}" }
- }
- }
- if [AAI][vserver.vserver-name] {
- mutate {
- add_field => { "vmName" => "%{[AAI][vserver.vserver-name]}" }
- }
- }
- if [AAI][complex.city] {
- mutate {
- add_field => { "locationCity" => "%{[AAI][complex.city]}" }
- }
- }
- if [AAI][complex.state] {
- mutate {
- add_field => { "locationState" => "%{[AAI][complex.state]}" }
- }
- }
-
-
- #
- # Adding some flags to ease aggregation
- #
- if [closedLoopEventStatus] =~ /(?i)ABATED/ {
- mutate {
- add_field => { "flagAbated" => "1" }
- }
- }
- if [notification] =~ /^.*?(?:\b|_)FINAL(?:\b|_).*?(?:\b|_)FAILURE(?:\b|_).*?$/ {
- mutate {
- add_field => { "flagFinalFailure" => "1" }
- }
- }
-
-
- if "error" not in [@metadata][request][tags]{
- #
- # Creating data for a secondary index
- #
- clone {
- clones => [ "event-cl-aggs" ]
- add_tag => [ "event-cl-aggs" ]
- }
-
- if "event-cl-aggs" in [@metadata][request][tags]{
- #
- # we only need a few fields for aggregations; remove all fields from clone except :
- # vmName,vnfName,vnfType,requestID,closedLoopAlarmStart, closedLoopControlName,closedLoopAlarmEnd,abated,nbrDmaapevents,finalFailure
- #
- prune {
- whitelist_names => ["^@.*$","^topic$","^type$","^tags$","^flagFinalFailure$","^flagAbated$","^locationState$","^locationCity$","^vmName$","^vnfName$","^vnfType$","^requestID$","^closedLoopAlarmStart$","^closedLoopControlName$","^closedLoopAlarmEnd$","^target$","^target_type$","^triggerSourceName$","^policyScope$","^policyName$","^policyVersion$"]
- }
-
- }
- }
-}
-
-
-output {
- stdout {
- codec => rubydebug
- }
-
- if "error" in [tags] {
- elasticsearch {
- ilm_enabled => false
- codec => "json"
-{{- if .Values.global.aafEnabled }}
- cacert => "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }}"
-{{- else }}
- cacert => "/clamp-cert/ca-certs.pem"
-{{- end }}
- ssl_certificate_verification => false
- hosts => ["${elasticsearch_base_url}"]
- user => ["${logstash_user}"]
- password => ["${logstash_pwd}"]
- index => "errors-%{+YYYY.MM.DD}"
- doc_as_upsert => true
- }
-
- } else if "event-cl-aggs" in [tags] {
- elasticsearch {
- ilm_enabled => false
- codec => "json"
- hosts => ["${elasticsearch_base_url}"]
-{{- if .Values.global.aafEnabled }}
- cacert => "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }}"
-{{- else }}
- cacert => "/clamp-cert/ca-certs.pem"
-{{- end }}
- ssl_certificate_verification => false
- user => ["${logstash_user}"]
- password => ["${logstash_pwd}"]
- document_id => "%{requestID}"
- index => "events-cl-%{+YYYY.MM.DD}" # creates daily indexes for control loop
- doc_as_upsert => true
- action => "update"
- }
-
- } else {
- elasticsearch {
- ilm_enabled => false
- codec => "json"
- hosts => ["${elasticsearch_base_url}"]
-{{- if .Values.global.aafEnabled }}
- cacert => "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }}"
-{{- else }}
- cacert => "/clamp-cert/ca-certs.pem"
-{{- end }}
- ssl_certificate_verification => false
- user => ["${logstash_user}"]
- password => ["${logstash_pwd}"]
- index => "events-%{+YYYY.MM.DD}" # creates daily indexes
- doc_as_upsert => true
- }
- }
-}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - command:
- - /app/ready.py
- args:
- - --container-name
- - clamp-dash-es
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
-{{ include "common.certInitializer.initContainer" . | indent 6 }}
- containers:
- - name: {{ include "common.name" . }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: dmaap_consumer_group
- value: "{{ .Values.config.dmaapConsumerGroup }}"
- - name: dmaap_consumer_id
- value: "{{ .Values.config.dmaapConsumerId }}"
- - name: event_topic
- value: "{{ .Values.config.eventTopic }}"
- - name: notification_topic
- value: "{{ .Values.config.notificationTopic }}"
- - name: request_topic
- value: "{{ .Values.config.requestTopic }}"
- - name: dmaap_base_url
- value: {{ ternary "https" "http" .Values.security.ssl.enabled }}://{{ .Values.config.dmaapHost }}.{{ include "common.namespace" . }}:{{ .Values.config.dmaapPort }}
- - name: logstash_user
- value: "{{ .Values.config.logstash_user }}"
- - name: logstash_pwd
- value: "{{ .Values.config.logstash_pwd }}"
- - name: elasticsearch_base_url
- value: "{{ ternary "https" "http" .Values.security.ssl.enabled }}://{{.Values.config.elasticsearchServiceName}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.config.elasticsearchPort}}"
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- name: {{ include "common.servicename" . }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
-# disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
- {{ end -}}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /usr/share/logstash/config/logstash.yml
- name: {{ include "common.fullname" . }}
- subPath: logstash.yml
- - mountPath: /usr/share/logstash/pipeline/logstash.conf
- name: {{ include "common.fullname" . }}
- subPath: pipeline.conf
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}
- configMap:
- name: {{ include "common.fullname" . }}
- items:
- - key: logstash.yml
- path: logstash.yml
- - key: pipeline.conf
- path: pipeline.conf
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.config.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.config.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- persistence: {}
- centralizedLoggingEnabled: true
- #AAF service
- aafEnabled: true
-
-#################################################################
-# AAF part
-#################################################################
-certInitializer:
- permission_user: 1000
- permission_group: 999
- addconfig: true
- keystoreFile: "org.onap.clamp.p12"
- truststoreFile: "org.onap.clamp.trust.jks"
- keyFile: "org.onap.clamp.keyfile"
- truststoreFileONAP: "truststoreONAPall.jks"
- clamp_key: "org.onap.clamp.crt.key"
- clamp_pem: "org.onap.clamp.key.pem"
- clamp_ca_certs_pem: "clamp-ca-certs.pem"
- nameOverride: clamp-logstash-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: clamp
- fqi: clamp@clamp.onap.org
- public_fqdn: clamp.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- aaf_add_config: >
- /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop;
- export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0);
- cd {{ .Values.credsPath }};
- openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }};
- openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }};
- openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }};
- chmod a+rx *;
-
-flavor: small
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-
-# application image
-image: onap/clamp-dashboard-logstash:5.0.4
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-config:
- elasticsearchServiceName: cdash-es
- elasticsearchPort: 9200
- dmaapHost: message-router
- dmaapSchemeSSL: https
- dmaapSchemeNoSSL: http
- dmaapPort: 3905
- dmaapConsumerGroup: "clampdashboard"
- dmaapConsumerId: "clampdashboard"
- eventTopic: "DCAE-CL-EVENT"
- notificationTopic: "POLICY-CL-MGT"
- requestTopic: "APPC-CL"
- logstash_user: "logstash"
- logstash_pwd: "logstash"
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 900
- periodSeconds: 20
- timeoutSeconds: 5
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 900
- periodSeconds: 20
- timeoutSeconds: 5
-
-security:
- ssl:
- enabled: true
-
-service:
- #Example service definition with external, internal and node ports.
- #Services may use any combination of ports depending on the 'type' of
- #service being defined.
- type: ClusterIP
- name: cdash-ls
- portName: cdash-ls-healthcheck
- externalPort: 9600
- internalPort: 9600
-ingress:
- enabled: false
-
-#resources: {}
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- #
- # Example:
- # Configure resource requests and limits
- # ref: http://kubernetes.io/docs/user-guide/compute-resources/
- # Minimum memory for development is 2 CPU cores and 4GB memory
- # Minimum memory for production is 4 CPU cores and 8GB memory
-resources:
- small:
- limits:
- cpu: 1
- memory: 1.3Gi
- requests:
- cpu: 10m
- memory: 750Mi
- large:
- limits:
- cpu: 1
- memory: 1.3Gi
- requests:
- cpu: 10m
- memory: 750Mi
- unlimited: {}
+++ /dev/null
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: common
- version: ~7.x-0
- repository: '@local'
- - name: repositoryGenerator
- version: ~7.x-0
- repository: '@local'
\ No newline at end of file
+++ /dev/null
-#!/bin/bash
-set -eo pipefail
-shopt -s nullglob
-
-# if command starts with an option, prepend mysqld
-if [ "${1:0:1}" = '-' ]; then
- set -- mysqld "$@"
-fi
-
-# skip setup if they want an option that stops mysqld
-wantHelp=
-for arg; do
- case "$arg" in
- -'?'|--help|--print-defaults|-V|--version)
- wantHelp=1
- break
- ;;
- esac
-done
-
-prepare_password()
-{
- echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g"
-}
-
-# usage: file_env VAR [DEFAULT]
-# ie: file_env 'XYZ_DB_PASSWORD' 'example'
-# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
-# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
-file_env() {
- local var="$1"
- local fileVar="${var}_FILE"
- local def="${2:-}"
- if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
- echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
- exit 1
- fi
- local val="$def"
- if [ "${!var:-}" ]; then
- val="${!var}"
- elif [ "${!fileVar:-}" ]; then
- val="$(< "${!fileVar}")"
- fi
- val=`prepare_password $val`
- export "$var"="$val"
- unset "$fileVar"
-}
-
-_check_config() {
- toRun=( "$@" --verbose --help --log-bin-index="$(mktemp -u)" )
- if ! errors="$("${toRun[@]}" 2>&1 >/dev/null)"; then
- cat >&2 <<-EOM
-
- ERROR: mysqld failed while attempting to check config
- command was: "${toRun[*]}"
-
- $errors
- EOM
- exit 1
- fi
-}
-
-# Fetch value from server config
-# We use mysqld --verbose --help instead of my_print_defaults because the
-# latter only show values present in config files, and not server defaults
-_get_config() {
- local conf="$1"; shift
- "$@" --verbose --help --log-bin-index="$(mktemp -u)" 2>/dev/null \
- | awk '$1 == "'"$conf"'" && /^[^ \t]/ { sub(/^[^ \t]+[ \t]+/, ""); print; exit }'
- # match "datadir /some/path with/spaces in/it here" but not "--xyz=abc\n datadir (xyz)"
-}
-
-# allow the container to be started with `--user`
-if [ "$1" = 'mysqld' -a -z "$wantHelp" -a "$(id -u)" = '0' ]; then
- _check_config "$@"
- DATADIR="$(_get_config 'datadir' "$@")"
- mkdir -p "$DATADIR"
- find "$DATADIR" \! -user mysql -exec chown mysql '{}' +
- exec gosu mysql "$BASH_SOURCE" "$@"
-fi
-
-if [ "$1" = 'mysqld' -a -z "$wantHelp" ]; then
- # still need to check config, container may have started with --user
- _check_config "$@"
- # Get config
- DATADIR="$(_get_config 'datadir' "$@")"
-
- if [ ! -d "$DATADIR/mysql" ]; then
- file_env 'MYSQL_ROOT_PASSWORD'
- if [ -z "$MYSQL_ROOT_PASSWORD" -a -z "$MYSQL_ALLOW_EMPTY_PASSWORD" -a -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
- echo >&2 'error: database is uninitialized and password option is not specified '
- echo >&2 ' You need to specify one of MYSQL_ROOT_PASSWORD, MYSQL_ALLOW_EMPTY_PASSWORD and MYSQL_RANDOM_ROOT_PASSWORD'
- exit 1
- fi
-
- mkdir -p "$DATADIR"
-
- echo 'Initializing database'
- # "Other options are passed to mysqld." (so we pass all "mysqld" arguments directly here)
- mysql_install_db --datadir="$DATADIR" --rpm "${@:2}"
- echo 'Database initialized'
-
- SOCKET="$(_get_config 'socket' "$@")"
- "$@" --skip-networking --socket="${SOCKET}" &
- pid="$!"
-
- mysql=( mysql --protocol=socket -uroot -hlocalhost --socket="${SOCKET}" )
-
- for i in {30..0}; do
- if echo 'SELECT 1' | "${mysql[@]}" &> /dev/null; then
- break
- fi
- echo 'MySQL init process in progress...'
- sleep 1
- done
- if [ "$i" = 0 ]; then
- echo >&2 'MySQL init process failed.'
- exit 1
- fi
-
- if [ -z "$MYSQL_INITDB_SKIP_TZINFO" ]; then
- # sed is for https://bugs.mysql.com/bug.php?id=20545
- mysql_tzinfo_to_sql /usr/share/zoneinfo | sed 's/Local time zone must be set--see zic manual page/FCTY/' | "${mysql[@]}" mysql
- fi
-
- if [ ! -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
- export MYSQL_ROOT_PASSWORD="$(pwgen -1 32)"
- echo "GENERATED ROOT PASSWORD: $MYSQL_ROOT_PASSWORD"
- fi
-
- rootCreate=
- # default root to listen for connections from anywhere
- file_env 'MYSQL_ROOT_HOST' '%'
- if [ ! -z "$MYSQL_ROOT_HOST" -a "$MYSQL_ROOT_HOST" != 'localhost' ]; then
- # no, we don't care if read finds a terminating character in this heredoc
- # https://unix.stackexchange.com/questions/265149/why-is-set-o-errexit-breaking-this-read-heredoc-expression/265151#265151
- read -r -d '' rootCreate <<-EOSQL || true
- CREATE USER 'root'@'${MYSQL_ROOT_HOST}' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' ;
- GRANT ALL ON *.* TO 'root'@'${MYSQL_ROOT_HOST}' WITH GRANT OPTION ;
- EOSQL
- fi
-
- "${mysql[@]}" <<-EOSQL
- -- What's done in this file shouldn't be replicated
- -- or products like mysql-fabric won't work
- SET @@SESSION.SQL_LOG_BIN=0;
-
- DELETE FROM mysql.user WHERE user NOT IN ('mysql.sys', 'mysqlxsys', 'root') OR host NOT IN ('localhost') ;
- SET PASSWORD FOR 'root'@'localhost'=PASSWORD('${MYSQL_ROOT_PASSWORD}') ;
- GRANT ALL ON *.* TO 'root'@'localhost' WITH GRANT OPTION ;
- ${rootCreate}
- DROP DATABASE IF EXISTS test ;
- FLUSH PRIVILEGES ;
- EOSQL
-
- if [ ! -z "$MYSQL_ROOT_PASSWORD" ]; then
- mysql+=( -p"${MYSQL_ROOT_PASSWORD}" )
- fi
-
- file_env 'MYSQL_DATABASE'
- if [ "$MYSQL_DATABASE" ]; then
- echo "CREATE DATABASE IF NOT EXISTS \`$MYSQL_DATABASE\` ;" | "${mysql[@]}"
- mysql+=( "$MYSQL_DATABASE" )
- fi
-
- file_env 'MYSQL_USER'
- file_env 'MYSQL_PASSWORD'
- if [ "$MYSQL_USER" -a "$MYSQL_PASSWORD" ]; then
- echo "CREATE USER '$MYSQL_USER'@'%' IDENTIFIED BY '$MYSQL_PASSWORD' ;" | "${mysql[@]}"
-
- if [ "$MYSQL_DATABASE" ]; then
- echo "GRANT ALL ON \`$MYSQL_DATABASE\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}"
- fi
- fi
-
- echo
- for f in /docker-entrypoint-initdb.d/*; do
- case "$f" in
- *.sh) echo "$0: running $f"; . "$f" ;;
- *.sql) echo "$0: running $f"; "${mysql[@]}" < "$f"; echo ;;
- *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${mysql[@]}"; echo ;;
- *) echo "$0: ignoring $f" ;;
- esac
- echo
- done
-
- if ! kill -s TERM "$pid" || ! wait "$pid"; then
- echo >&2 'MySQL init process failed.'
- exit 1
- fi
-
- echo
- echo 'MySQL init process done. Ready for start up.'
- echo
- fi
-fi
-
-exec "$@"
+++ /dev/null
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# Example MySQL config file for medium systems.
-#
-# This is for a system with memory 8G where MySQL plays
-# an important part, or systems up to 128M where MySQL is used together with
-# other programs (such as a web server)
-#
-# In this file, you can use all long options that a program supports.
-# If you want to know which options a program supports, run the program
-# with the "--help" option.
-*/}}
-
-# The following options will be passed to all MySQL clients
-##[client]
-##user = root
-##port = 3306
-##socket = //opt/app/mysql/mysql.sock
-
-# Here follows entries for some specific programs
-
-# The MySQL server
-[mysqld]
-##performance_schema
-
-slow_query_log =ON
-long_query_time =2
-slow_query_log_file =//var/lib/mysql/slow_query.log
-##basedir = //opt/app/mysql/product/mariadb-10.1.11-linux-x86_64
-##datadir = //opt/app/mysql/data
-##port = 3306
-##socket = //opt/app/mysql/mysql.sock
-skip-external-locking
-explicit_defaults_for_timestamp = true
-skip-symbolic-links
-local-infile = 0
-#ignore_db_dir=lost+found
-key_buffer_size = 16M
-max_allowed_packet = 4M
-table_open_cache = 100
-sort_buffer_size = 512K
-net_buffer_length = 8K
-read_buffer_size = 256K
-read_rnd_buffer_size = 512K
-myisam_sort_buffer_size = 8M
-max_connections = 500
-lower_case_table_names = 1
-thread_stack = 256K
-thread_cache_size = 25
-query_cache_size = 8M
-query_cache_type = 0
-query_prealloc_size = 512K
-query_cache_limit = 1M
-
-# Password validation
-##plugin-load-add=simple_password_check.so
-##simple_password_check_other_characters=0
-
-# Audit Log settings
-plugin-load-add=server_audit.so
-server_audit=FORCE_PLUS_PERMANENT
-server_audit_file_path=//var/lib/mysql/audit.log
-server_audit_file_rotate_size=50M
-server_audit_events=CONNECT,QUERY,TABLE
-server_audit_logging=on
-
-# Don't listen on a TCP/IP port at all. This can be a security enhancement,
-# if all processes that need to connect to mysqld run on the same host.
-# All interaction with mysqld must be made via Unix sockets or named pipes.
-# Note that using this option without enabling named pipes on Windows
-# (via the "enable-named-pipe" option) will render mysqld useless!
-#
-#skip-networking
-
-# Replication Master Server (default)
-# binary logging is required for replication
-##log-bin=//var/lib/mysql/mysql-bin
-
-# binary logging format - mixed recommended
-binlog_format=row
-
-# required unique id between 1 and 2^32 - 1
-# defaults to 1 if master-host is not set
-# but will not function as a master if omitted
-
-# Replication Slave (comment out master section to use this)
-#
-# To configure this host as a replication slave, you can choose between
-# two methods :
-#
-# 1) Use the CHANGE MASTER TO command (fully described in our manual) -
-# the syntax is:
-#
-# CHANGE MASTER TO MASTER_HOST=<host>, MASTER_PORT=<port>,
-# MASTER_USER=<user>, MASTER_PASSWORD=<password> ;
-#
-# where you replace <host>, <user>, <password> by quoted strings and
-# <port> by the master's port number (3306 by default).
-#
-# Example:
-#
-# CHANGE MASTER TO MASTER_HOST='125.564.12.1', MASTER_PORT=3306,
-# MASTER_USER='joe', MASTER_PASSWORD='secret';
-#
-# OR
-#
-# 2) Set the variables below. However, in case you choose this method, then
-# start replication for the first time (even unsuccessfully, for example
-# if you mistyped the password in master-password and the slave fails to
-# connect), the slave will create a master.info file, and any later
-# change in this file to the variables' values below will be ignored and
-# overridden by the content of the master.info file, unless you shutdown
-# the slave server, delete master.info and restart the slaver server.
-# For that reason, you may want to leave the lines below untouched
-# (commented) and instead use CHANGE MASTER TO (see above)
-#
-# required unique id between 2 and 2^32 - 1
-# (and different from the master)
-# defaults to 2 if master-host is set
-# but will not function as a slave if omitted
-#server-id = 2
-#
-# The replication master for this slave - required
-#master-host = <hostname>
-#
-# The username the slave will use for authentication when connecting
-# to the master - required
-#master-user = <username>
-#
-# The password the slave will authenticate with when connecting to
-# the master - required
-#master-password = <password>
-#
-# The port the master is listening on.
-# optional - defaults to 3306
-#master-port = <port>
-#
-# binary logging - not required for slaves, but recommended
-#log-bin=mysql-bin
-
-# Uncomment the following if you are using InnoDB tables
-##innodb_data_home_dir = //opt/app/mysql/data
-##innodb_data_file_path = ibdata1:20M:autoextend:max:32G
-##innodb_log_group_home_dir = //opt/app/mysql/iblogs
-# You can set .._buffer_pool_size up to 50 - 80 %
-# of RAM but beware of setting memory usage too high
-innodb_buffer_pool_size = 128M
-#innodb_additional_mem_pool_size = 2M
-# Set .._log_file_size to 25 % of buffer pool size
-innodb_log_file_size = 10M
-innodb_log_files_in_group = 3
-innodb_log_buffer_size = 8M
-#innodb_flush_log_at_trx_commit = 1
-innodb_lock_wait_timeout = 50
-innodb_autoextend_increment = 100
-expire_logs_days = 8
-open_files_limit = 2000
-transaction-isolation=READ-COMMITTED
-####### Galera parameters #######
-## Galera Provider configuration
-wsrep_provider=/usr/lib/galera/libgalera_smm.so
-wsrep_provider_options="gcache.size=128M; gcache.page_size=10M"
-## Galera Cluster configuration
-wsrep_cluster_name="MSO-automated-tests-cluster"
-wsrep_cluster_address="gcomm://"
-#wsrep_cluster_address="gcomm://mariadb1,mariadb2,mariadb3"
-##wsrep_cluster_address="gcomm://192.169.3.184,192.169.3.185,192.169.3.186"
-## Galera Synchronization configuration
-wsrep_sst_method=rsync
-#wsrep_sst_method=xtrabackup-v2
-#wsrep_sst_auth="sstuser:Mon#2o!6"
-## Galera Node configuration
-wsrep_node_name="mariadb1"
-##wsrep_node_address="192.169.3.184"
-wsrep_on=OFF
-## Status notification
-#wsrep_notify_cmd=/opt/app/mysql/bin/wsrep_notify
-#######
-
-
-[mysqldump]
-quick
-max_allowed_packet = 16M
-
-[mysql]
-no-auto-rehash
-# Remove the next comment character if you are not familiar with SQL
-#safe-updates
-
-[myisamchk]
-key_buffer_size = 20971520
-
-##[mysqlhotcopy]
-##interactive-timeout
-##[mysqld_safe]
-##malloc-lib=//opt/app/mysql/local/lib/libjemalloc.so.1
-##log-error=//opt/app/mysql/log/mysqld.log
+++ /dev/null
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-#{{ if not .Values.disableClampClampMariadb }}
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: clamp-entrypoint-bulkload-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/mariadb/docker-entrypoint-initdb.d/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: clamp-mariadb-conf-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/mariadb/conf.d/conf1/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/init/*").AsConfig . | indent 2 }}
-#{{ end }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- containers:
- - name: {{ include "common.name" . }}
- image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: MYSQL_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
- - name: MYSQL_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
- - name: MYSQL_ROOT_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 12 }}
- - name: MYSQL_DATABASE
- value: {{ tpl .Values.db.databaseName .}}
- volumeMounts:
- - mountPath: /docker-entrypoint.sh
- subPath: docker-entrypoint.sh
- name: init-script
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /docker-entrypoint-initdb.d/
- name: docker-entrypoint-bulkload
- - mountPath: /etc/mysql/conf.d/conf1/
- name: clamp-mariadb-conf
- - mountPath: /var/lib/mysql
- name: clamp-mariadb-data
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- {{- if .Values.persistence.enabled }}
- - name: clamp-mariadb-data
- persistentVolumeClaim:
- claimName: {{ include "common.fullname" . }}
- {{- else }}
- emptyDir: {}
- {{- end }}
- - name: docker-entrypoint-bulkload
- configMap:
- name: clamp-entrypoint-bulkload-configmap
- - name: clamp-mariadb-conf
- configMap:
- name: clamp-mariadb-conf-configmap
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: init-script
- configMap:
- name: {{ include "common.fullname" . }}
- defaultMode: 0755
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-{{- if eq "True" (include "common.needPV" .) -}}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}-data
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- name: {{ include "common.fullname" . }}
-spec:
- capacity:
- storage: {{ .Values.persistence.size}}
- accessModes:
- - {{ .Values.persistence.accessMode }}
- storageClassName: "{{ include "common.fullname" . }}-data"
- persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
- hostPath:
- path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }}
-{{- end -}}
-{{- end -}}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
-{{- if .Values.persistence.annotations }}
- annotations:
-{{ toYaml .Values.persistence.annotations | indent 4 }}
-{{- end }}
-spec:
- accessModes:
- - {{ .Values.persistence.accessMode }}
- resources:
- requests:
- storage: {{ .Values.persistence.size }}
- storageClassName: {{ include "common.storageClass" . }}
-{{- end -}}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018-2019 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global: # global defaults
- nodePortPrefix: 302
-
- persistence: {}
-# application image
-image: mariadb:10.5.4
-pullPolicy: Always
-flavor: small
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: db-root-pass
- type: password
- externalSecret: '{{ tpl (default "" .Values.db.rootCredsExternalSecret) . }}'
- password: '{{ .Values.db.rootPass }}'
- - uid: db-secret
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
- login: '{{ .Values.db.user }}'
- password: '{{ .Values.db.password }}'
-
-# Application configuration
-# dummy value db user pasword to pass lint!!!
-db:
- user: dummy-clds
- password: dummy-sidnnd83K
- databaseName: dummy-cldsdb4
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 30
- periodSeconds: 10
- timeoutSeconds: 3
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 30
- periodSeconds: 10
- timeoutSeconds: 3
-
-## Persist data to a persitent volume
-persistence:
- enabled: true
-
- ## A manually managed Persistent Volume and Claim
- ## Requires persistence.enabled: true
- ## If defined, PVC must be created manually before volume will be bound
- # existingClaim:
- volumeReclaimPolicy: Retain
-
- ## database data Persistent Volume Storage Class
- ## If defined, storageClassName: <storageClass>
- ## If set to "-", storageClassName: "", which disables dynamic provisioning
- ## If undefined (the default) or set to null, no storageClassName spec is
- ## set, choosing the default provisioner. (gp2 on AWS, standard on
- ## GKE, AWS & OpenStack)
- ##
- # storageClass: "-"
- accessMode: ReadWriteOnce
- size: 2Gi
- mountPath: /dockerdata-nfs
- mountSubPath: clamp/mariadb/data
-
-service:
- type: ClusterIP
- name: clampdb
- portName: clampdb
- internalPort: 3306
- externalPort: 3306
-
-
-ingress:
- enabled: false
-
-
-#resources: {}
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- #
- # Example:
- # Configure resource requests and limits
- # ref: http://kubernetes.io/docs/user-guide/compute-resources/
- # Minimum memory for development is 2 CPU cores and 4GB memory
- # Minimum memory for production is 4 CPU cores and 8GB memory
-resources:
- small:
- limits:
- cpu: 1
- memory: 500Mi
- requests:
- cpu: 10m
- memory: 200Mi
- large:
- limits:
- cpu: 1
- memory: 500Mi
- requests:
- cpu: 10m
- memory: 200Mi
- unlimited: {}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: certInitializer
- version: ~7.x-0
- repository: '@local'
- - name: repositoryGenerator
- version: ~7.x-0
- repository: '@local'
- - name: clamp-mariadb
- version: ~7.x-0
- repository: 'file://components/clamp-mariadb'
- - name: clamp-backend
- version: ~7.x-0
- repository: 'file://components/clamp-backend'
- - name: clamp-dash-es
- version: ~7.x-0
- repository: 'file://components/clamp-dash-es'
- - name: clamp-dash-logstash
- version: ~7.x-0
- repository: 'file://components/clamp-dash-logstash'
- - name: clamp-dash-kibana
- version: ~7.x-0
- repository: 'file://components/clamp-dash-kibana'
\ No newline at end of file
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
-
-{{ include "common.log.configMap" . }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Values.service.name }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
----
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Values.service.name2 }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type2 }}
- ports:
- {{if eq .Values.service.type2 "NodePort" -}}
- - port: {{ .Values.service.internalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.config.portName2 }}
- {{- else -}}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.config.portName2 }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
\ No newline at end of file
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Copyright © 2021 Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
apiVersion: v1
-description: ONAP Clamp
-name: clamp-backend
+name: certManagerCertificate
+description: A Helm chart for Cert-Manager Certificate CRD template
version: 7.0.0
-{{/* # Copyright © 2020 Samsung, Orange
+# Copyright © 2021 Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-*/}}
-{{ include "common.ingress" . }}
+dependencies:
+ - name: common
+ version: ~7.x-0
+ repository: 'file://../common'
--- /dev/null
+{{/*#
+# Copyright © 2020-2021, Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.*/}}
+
+{{/*
+# This is a template for requesting a certificate from the cert-manager (https://cert-manager.io).
+#
+# To request a certificate following steps are to be done:
+# - create an object 'certificates' in the values.yaml
+# - create a file templates/certificates.yaml and invoke the function "certManagerCertificate.certificate".
+#
+# Here is an example of the certificate request for a component:
+#
+# Directory structure:
+# component
+# templates
+# certifictes.yaml
+# values.yaml
+#
+# To be added in the file certificates.yamll
+#
+# To be added in the file values.yaml
+# 1. Minimal version (certificates only in PEM format)
+# certificates:
+# - commonName: component.onap.org
+#
+# 2. Extended version (with defined own issuer and additional certificate format):
+# certificates:
+# - name: onap-component-certificate
+# secretName: onap-component-certificate
+# commonName: component.onap.org
+# dnsNames:
+# - component.onap.org
+# issuer:
+# group: certmanager.onap.org
+# kind: CMPv2Issuer
+# name: cmpv2-issuer-for-the-component
+# keystore:
+# outputType:
+# - p12
+# - jks
+# passwordSecretRef:
+# name: secret-name
+# key: secret-key
+#
+# Fields 'name', 'secretName' and 'commonName' are mandatory and required to be defined.
+# Other mandatory fields for the certificate definition do not have to be defined directly,
+# in that case they will be taken from default values.
+#
+# Default values are defined in file onap/values.yaml (see-> global.certificate.default)
+# and can be overriden during onap installation process.
+#
+*/}}
+
+{{- define "certManagerCertificate.certificate" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.certManagerCertificate .initRoot -}}
+
+{{- $certificates := $dot.Values.certificates -}}
+{{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global }}
+
+{{ range $i, $certificate := $certificates }}
+{{/*# General certifiacate attributes #*/}}
+{{- $name := include "common.fullname" $dot -}}
+{{- $certName := default (printf "%s-cert-%d" $name $i) $certificate.name -}}
+{{- $secretName := default (printf "%s-secret-%d" $name $i) $certificate.secretName -}}
+{{- $commonName := (required "'commonName' for Certificate is required." $certificate.commonName) -}}
+{{- $renewBefore := default $subchartGlobal.certificate.default.renewBefore $certificate.renewBefore -}}
+{{- $duration := default $subchartGlobal.certificate.default.duration $certificate.duration -}}
+{{- $namespace := $dot.Release.Namespace -}}
+{{/*# SAN's #*/}}
+{{- $dnsNames := $certificate.dnsNames -}}
+{{- $ipAddresses := $certificate.ipAddresses -}}
+{{- $uris := $certificate.uris -}}
+{{- $emailAddresses := $certificate.emailAddresses -}}
+{{/*# Subject #*/}}
+{{- $subject := $subchartGlobal.certificate.default.subject -}}
+{{- if $certificate.subject -}}
+{{- $subject = $certificate.subject -}}
+{{- end -}}
+{{/*# Issuer #*/}}
+{{- $issuer := $subchartGlobal.certificate.default.issuer -}}
+{{- if $certificate.issuer -}}
+{{- $issuer = $certificate.issuer -}}
+{{- end -}}
+---
+{{- if $certificate.keystore }}
+ {{- $passwordSecretRef := $certificate.keystore.passwordSecretRef -}}
+ {{- $password := include "common.createPassword" (dict "dot" $dot "uid" $certName) | quote }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ $passwordSecretRef.name }}
+ namespace: {{ $namespace }}
+type: Opaque
+stringData:
+ {{ $passwordSecretRef.key }}: {{ $password }}
+{{- end }}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+ name: {{ $certName }}
+ namespace: {{ $namespace }}
+spec:
+ secretName: {{ $secretName }}
+ commonName: {{ $commonName }}
+ renewBefore: {{ $renewBefore }}
+ {{- if $duration }}
+ duration: {{ $duration }}
+ {{- end }}
+ subject:
+ organizations:
+ - {{ $subject.organization }}
+ countries:
+ - {{ $subject.country }}
+ localities:
+ - {{ $subject.locality }}
+ provinces:
+ - {{ $subject.province }}
+ organizationalUnits:
+ - {{ $subject.organizationalUnit }}
+ {{- if $dnsNames }}
+ dnsNames:
+ {{- range $dnsName := $dnsNames }}
+ - {{ $dnsName }}
+ {{- end }}
+ {{- end }}
+ {{- if $ipAddresses }}
+ ipAddresses:
+ {{- range $ipAddress := $ipAddresses }}
+ - {{ $ipAddress }}
+ {{- end }}
+ {{- end }}
+ {{- if $uris }}
+ uris:
+ {{- range $uri := $uris }}
+ - {{ $uri }}
+ {{- end }}
+ {{- end }}
+ {{- if $emailAddresses }}
+ emailAddresses:
+ {{- range $emailAddress := $emailAddresses }}
+ - {{ $emailAddress }}
+ {{- end }}
+ {{- end }}
+ issuerRef:
+ group: {{ $issuer.group }}
+ kind: {{ $issuer.kind }}
+ name: {{ $issuer.name }}
+ {{- if $certificate.keystore }}
+ keystores:
+ {{- range $outputType := $certificate.keystore.outputType }}
+ {{- if eq $outputType "p12" }}
+ {{- $outputType = "pkcs12" }}
+ {{- end }}
+ {{ $outputType }}:
+ create: true
+ passwordSecretRef:
+ name: {{ $certificate.keystore.passwordSecretRef.name }}
+ key: {{ $certificate.keystore.passwordSecretRef.key }}
+ {{- end }}
+ {{- end }}
+{{ end }}
+{{- end -}}
+
+{{- define "common.certManager.volumeMounts" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.certManagerCertificate .initRoot -}}
+{{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global -}}
+ {{- range $i, $certificate := $dot.Values.certificates -}}
+ {{- $mountPath := $certificate.mountPath -}}
+- mountPath: {{ $mountPath }}
+ name: certmanager-certs-volume-{{ $i }}
+ {{- end -}}
+{{- end -}}
+
+{{- define "common.certManager.volumes" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.certManagerCertificate .initRoot -}}
+{{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global -}}
+{{- $certificates := $dot.Values.certificates -}}
+ {{- range $i, $certificate := $certificates -}}
+ {{- $name := include "common.fullname" $dot -}}
+ {{- $certificatesSecretName := default (printf "%s-secret-%d" $name $i) $certificate.secretName -}}
+- name: certmanager-certs-volume-{{ $i }}
+ projected:
+ sources:
+ - secret:
+ name: {{ $certificatesSecretName }}
+ {{- if $certificate.keystore }}
+ items:
+ {{- range $outputType := $certificate.keystore.outputType }}
+ - key: keystore.{{ $outputType }}
+ path: keystore.{{ $outputType }}
+ - key: truststore.{{ $outputType }}
+ path: truststore.{{ $outputType }}
+ {{- end }}
+ - secret:
+ name: {{ $certificate.keystore.passwordSecretRef.name }}
+ items:
+ - key: {{ $certificate.keystore.passwordSecretRef.key }}
+ path: keystore.pass
+ - key: {{ $certificate.keystore.passwordSecretRef.key }}
+ path: truststore.pass
+ {{- end }}
+ {{- end -}}
+{{- end -}}
--- /dev/null
+# Copyright © 2021 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+global:
+# default values for certificates
+ certificate:
+ default:
+ renewBefore: 720h #30 days
+ duration: 8760h #365 days
+ subject:
+ organization: "Linux-Foundation"
+ country: "US"
+ locality: "San-Francisco"
+ province: "California"
+ organizationalUnit: "ONAP"
+ issuer:
+ group: certmanager.onap.org
+ kind: CMPv2Issuer
+ name: cmpv2-issuer-onap
+++ /dev/null
-{{/*#
-# Copyright © 2020, Nokia
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.*/}}
-
-{{/*
-# This is a template for requesting a certificate from the cert-manager (https://cert-manager.io).
-#
-# To request a certificate following steps are to be done:
-# - create an object 'certificates' in the values.yaml
-# - create a file templates/certificates.yaml and invoke the function "commom.certificate".
-#
-# Here is an example of the certificate request for a component:
-#
-# Directory structure:
-# component
-# templates
-# certifictes.yaml
-# values.yaml
-#
-# To be added in the file certificates.yamll
-#
-# To be added in the file values.yaml
-# 1. Minimal version (certificates only in PEM format)
-# certificates:
-# - commonName: component.onap.org
-#
-# 2. Extended version (with defined own issuer and additional certificate format):
-# certificates:
-# - name: onap-component-certificate
-# secretName: onap-component-certificate
-# commonName: component.onap.org
-# dnsNames:
-# - component.onap.org
-# issuer:
-# group: certmanager.onap.org
-# kind: CMPv2Issuer
-# name: cmpv2-issuer-for-the-component
-# p12Keystore:
-# create: true
-# passwordSecretRef:
-# name: secret-name
-# key: secret-key
-# jksKeystore:
-# create: true
-# passwordSecretRef:
-# name: secret-name
-# key: secret-key
-#
-# Fields 'name', 'secretName' and 'commonName' are mandatory and required to be defined.
-# Other mandatory fields for the certificate definition do not have to be defined directly,
-# in that case they will be taken from default values.
-#
-# Default values are defined in file onap/values.yaml (see-> global.certificate.default)
-# and can be overriden during onap installation process.
-#
-*/}}
-
-{{- define "common.certificate" -}}
-{{- $dot := default . .dot -}}
-{{- $certificates := $dot.Values.certificates -}}
-
-{{ range $i, $certificate := $certificates }}
-{{/*# General certifiacate attributes #*/}}
-{{- $name := include "common.fullname" $dot -}}
-{{- $certName := default (printf "%s-cert-%d" $name $i) $certificate.name -}}
-{{- $secretName := default (printf "%s-secret-%d" $name $i) $certificate.secretName -}}
-{{- $commonName := default $dot.Values.global.certificate.default.commonName $certificate.commonName -}}
-{{- $renewBefore := default $dot.Values.global.certificate.default.renewBefore $certificate.renewBefore -}}
-{{- $duration := $certificate.duration -}}
-{{- $namespace := default $dot.Release.Namespace $dot.Values.global.certificate.default.namespace -}}
-{{- if $certificate.namespace -}}
-{{- $namespace = default $namespace $certificate.namespace -}}
-{{- end -}}
-{{/*# SAN's #*/}}
-{{- $dnsNames := default $dot.Values.global.certificate.default.dnsNames $certificate.dnsNames -}}
-{{- $ipAddresses := default $dot.Values.global.certificate.default.ipAddresses $certificate.ipAddresses -}}
-{{- $uris := default $dot.Values.global.certificate.default.uris $certificate.uris -}}
-{{- $emailAddresses := default $dot.Values.global.certificate.default.emailAddresses $certificate.emailAddresses -}}
-{{/*# Subject #*/}}
-{{- $subject := $dot.Values.global.certificate.default.subject -}}
-{{- if $certificate.subject -}}
-{{- $subject = mergeOverwrite $subject $certificate.subject -}}
-{{- end -}}
-{{/*# Issuer #*/}}
-{{- $issuer := $dot.Values.global.certificate.default.issuer -}}
-{{- if $certificate.issuer -}}
-{{- $issuer = mergeOverwrite $issuer $certificate.issuer -}}
-{{- end -}}
-{{/*# Keystores #*/}}
-{{- $createJksKeystore := $dot.Values.global.certificate.default.jksKeystore.create -}}
-{{- $jksKeystorePasswordSecretName := $dot.Values.global.certificate.default.jksKeystore.passwordSecretRef.name -}}
-{{- $jksKeystorePasswordSecreKey := $dot.Values.global.certificate.default.jksKeystore.passwordSecretRef.key -}}
-{{- $createP12Keystore := $dot.Values.global.certificate.default.p12Keystore.create -}}
-{{- $p12KeystorePasswordSecretName := $dot.Values.global.certificate.default.p12Keystore.passwordSecretRef.name -}}
-{{- $p12KeystorePasswordSecreKey := $dot.Values.global.certificate.default.p12Keystore.passwordSecretRef.key -}}
-{{- if $certificate.jksKeystore -}}
-{{- $createJksKeystore = default $createJksKeystore $certificate.jksKeystore.create -}}
-{{- if $certificate.jksKeystore.passwordSecretRef -}}
-{{- $jksKeystorePasswordSecretName = default $jksKeystorePasswordSecretName $certificate.jksKeystore.passwordSecretRef.name -}}
-{{- $jksKeystorePasswordSecreKey = default $jksKeystorePasswordSecreKey $certificate.jksKeystore.passwordSecretRef.key -}}
-{{- end -}}
-{{- end -}}
-{{- if $certificate.p12Keystore -}}
-{{- $createP12Keystore = default $createP12Keystore $certificate.p12Keystore.create -}}
-{{- if $certificate.p12Keystore.passwordSecretRef -}}
-{{- $p12KeystorePasswordSecretName = default $p12KeystorePasswordSecretName $certificate.p12Keystore.passwordSecretRef.name -}}
-{{- $p12KeystorePasswordSecreKey = default $p12KeystorePasswordSecreKey $certificate.p12Keystore.passwordSecretRef.key -}}
-{{- end -}}
-{{- end -}}
----
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
- name: {{ $certName }}
- namespace: {{ $namespace }}
-spec:
- secretName: {{ $secretName }}
- commonName: {{ $commonName }}
- renewBefore: {{ $renewBefore }}
- {{- if $duration }}
- duration: {{ $duration }}
- {{- end }}
- subject:
- organizations:
- - {{ $subject.organization }}
- countries:
- - {{ $subject.country }}
- localities:
- - {{ $subject.locality }}
- provinces:
- - {{ $subject.province }}
- organizationalUnits:
- - {{ $subject.organizationalUnit }}
- {{- if $dnsNames }}
- dnsNames:
- {{- range $dnsName := $dnsNames }}
- - {{ $dnsName }}
- {{- end }}
- {{- end }}
- {{- if $ipAddresses }}
- ipAddresses:
- {{- range $ipAddress := $ipAddresses }}
- - {{ $ipAddress }}
- {{- end }}
- {{- end }}
- {{- if $uris }}
- uris:
- {{- range $uri := $uris }}
- - {{ $uri }}
- {{- end }}
- {{- end }}
- {{- if $emailAddresses }}
- emailAddresses:
- {{- range $emailAddress := $emailAddresses }}
- - {{ $emailAddress }}
- {{- end }}
- {{- end }}
- issuerRef:
- group: {{ $issuer.group }}
- kind: {{ $issuer.kind }}
- name: {{ $issuer.name }}
- {{- if or $createJksKeystore $createP12Keystore }}
- keystores:
- {{- if $createJksKeystore }}
- jks:
- create: {{ $createJksKeystore }}
- passwordSecretRef:
- name: {{ $jksKeystorePasswordSecretName }}
- key: {{ $jksKeystorePasswordSecreKey }}
- {{- end }}
- {{- if $createP12Keystore }}
- pkcs12:
- create: {{ $createP12Keystore }}
- passwordSecretRef:
- name: {{ $p12KeystorePasswordSecretName }}
- key: {{ $p12KeystorePasswordSecreKey }}
- {{- end }}
- {{- end }}
-{{ end }}
-
-{{- end -}}
version: ~7.x-0
repository: '@local'
condition: cds.enabled
- - name: clamp
- version: ~7.x-0
- repository: '@local'
- condition: clamp.enabled
- name: cli
version: ~7.x-0
repository: '@local'
# default values for certificates
certificate:
default:
- renewBefore: 8h
+ renewBefore: 720h #30 days
+ duration: 8760h #365 days
subject:
organization: "Linux-Foundation"
country: "US"
group: certmanager.onap.org
kind: CMPv2Issuer
name: cmpv2-issuer-onap
- p12Keystore:
- create: false
- passwordSecretRef:
- name: ""
- key: ""
- jksKeystore:
- create: false
- passwordSecretRef:
- name: ""
- key: ""
# Enabling CMPv2
cmpv2Enabled: true
# limitations under the License.
apiVersion: v1
-description: MariaDB Service
-name: clamp-mariadb
+description: ONAP Policy Clamp Backend
+name: policy-clamp-be
version: 7.0.0
#clds datasource connection details
spring.datasource.username=${MYSQL_USER}
spring.datasource.password=${MYSQL_PASSWORD}
-spring.datasource.url=jdbc:mariadb:sequential://clampdb.{{ include "common.namespace" . }}:3306/${MYSQL_DATABASE}?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3
+spring.datasource.url=jdbc:mariadb:sequential://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/policyclamp?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3
spring.profiles.active=clamp-default,clamp-aaf-authentication,clamp-sdc-controller,clamp-ssl-config,clamp-policy-controller,default-dictionary-elements
#The log folder that will be used in logback.xml file
-clamp.config.files.sdcController=file:/opt/clamp/sdc-controllers-config.json
+clamp.config.files.sdcController=file:/opt/policy/clamp/sdc-controllers-config.json
#
# Configuration Settings for Policy Engine Components
+#!/bin/sh
{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Copyright © 2017 Amdocs, Bell Canada, AT&T
+# Modifications Copyright © 2018, 2020-2021 AT&T Intellectual Property
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
*/}}
-{{ include "common.secretFast" . }}
+mysql -h"${MYSQL_HOST}" -P"${MYSQL_PORT}" -u"${MYSQL_USER}" -p"${MYSQL_PASSWORD}" policyclamp < /dbcmd-config/policy-clamp-create-tables.sql
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+
+{{ include "common.log.configMap" . }}
- command:
- /app/ready.py
args:
- - --container-name
- - clamp-mariadb
+ - --job-name
+ - {{ include "common.release" . }}-policy-clamp-galera-config
env:
- name: NAMESPACE
valueFrom:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- sh
- workingDir: "/opt/clamp/"
+ workingDir: "/opt/policy/clamp/"
args:
- -c
- |
{{- if .Values.global.aafEnabled }}
export $(grep '^cadi_' {{ .Values.certInitializer.credsPath }}/org.onap.clamp.cred.props | xargs -0)
{{- end }}
- java -Djava.security.egd=file:/dev/./urandom ${JAVA_RAM_CONFIGURATION} -jar ./app.jar
+ java -Djava.security.egd=file:/dev/./urandom ${JAVA_RAM_CONFIGURATION} -jar ./policy-clamp-backend.jar
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- name: logs
mountPath: {{ .Values.log.path }}
- - mountPath: /opt/clamp/sdc-controllers-config.json
+ - mountPath: /opt/policy/clamp/sdc-controllers-config.json
name: {{ include "common.fullname" . }}-config
subPath: sdc-controllers-config.json
- - mountPath: /opt/clamp/application.properties
+ - mountPath: /opt/policy/clamp/application.properties
name: {{ include "common.fullname" . }}-config
subPath: application.properties
env:
- name: MYSQL_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 12 }}
- name: MYSQL_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
- - name: MYSQL_DATABASE
- value: {{ tpl .Values.db.databaseName .}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "password") | indent 12 }}
{{- if ne "unlimited" (include "common.flavor" .) }}
- name: JAVA_RAM_CONFIGURATION
value: -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=75
volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: {{ include "common.fullname" . }}-config
configMap:
- name: {{ include "common.fullname" . }}
+ name: {{ include "common.fullname" . }}-configmap
items:
- key: sdc-controllers-config.json
path: sdc-controllers-config.json
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs, Bell Canada
+# Modifications Copyright © 2020-2021 AT&T Intellectual Property
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ include "common.release" . }}-policy-clamp-galera-config
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}-policy-clamp-job
+ release: {{ include "common.release" . }}
+spec:
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}-policy-clamp-job
+ release: {{ include "common.release" . }}
+ spec:
+ initContainers:
+#This container checks that all galera instances are up before initializing it.
+ - name: {{ include "common.name" . }}-readiness
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /app/ready.py
+ - --job-name
+ - {{ include "common.release" . }}-policy-galera-config
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ containers:
+ - name: {{ include "common.release" . }}-policy-clamp-galera-config
+ image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.db.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /dbcmd-config/create-db-tables.sh
+ name: {{ include "common.fullname" . }}-config
+ subPath: create-db-tables.sh
+ - mountPath: /dbcmd-config/policy-clamp-create-tables.sql
+ name: {{ include "common.fullname" . }}-config
+ subPath: policy-clamp-create-tables.sql
+ command:
+ - /bin/sh
+ args:
+ - -x
+ - /dbcmd-config/create-db-tables.sh
+ env:
+ - name: MYSQL_HOST
+ value: "{{ .Values.db.service.name }}"
+ - name: MYSQL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 10 }}
+ - name: MYSQL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "password") | indent 10 }}
+ - name: MYSQL_PORT
+ value: "{{ .Values.db.service.internalPort }}"
+ resources:
+{{ include "common.resources" . }}
+ restartPolicy: Never
+ volumes:
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}-configmap
+ items:
+ - key: create-db-tables.sh
+ path: create-db-tables.sh
+ - key: policy-clamp-create-tables.sql
+ path: policy-clamp-create-tables.sql
chmod a+rx *;
secrets:
- - uid: db-secret
+ - uid: db-creds
type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
login: '{{ .Values.db.user }}'
password: '{{ .Values.db.password }}'
passwordPolicy: required
flavor: small
# application image
-image: onap/clamp-backend:5.1.5
+image: onap/policy-clamp-backend:6.0.0
pullPolicy: Always
# flag to enable debugging - application support required
#####dummy values for db user and password to pass lint!!!#######
db:
- user: dummyclds
- password: dummysidnnd83K
- databaseName: dummycldsdb4
+ user: policy_user
+ password: policy_user
+ image: mariadb:10.5.8
+ service:
+ name: policy-mariadb
+ internalPort: 3306
config:
log:
service:
type: ClusterIP
- name: clamp-backend
- portName: clamp-backend
+ name: policy-clamp-be
+ portName: policy-clamp-be
internalPort: 8443
- externalPort: 443
+ externalPort: 8443
ingress:
enabled: false
# limitations under the License.
apiVersion: v1
-description: ONAP Clamp
-name: clamp
+description: ONAP Policy Clamp Frontend
+name: policy-clamp-fe
version: 7.0.0
# limitations under the License.
dependencies:
- - name: common
- version: ~7.x-0
- repository: '@local'
- name: certInitializer
version: ~7.x-0
repository: '@local'
ssl_verify_client optional_no_ca;
location /restservices/clds/ {
- proxy_pass https://clamp-backend:443;
+ proxy_pass https://policy-clamp-be:8443;
proxy_set_header X-SSL-Cert $ssl_client_escaped_cert;
}
- /app/ready.py
args:
- --container-name
- - clamp-backend
+ - policy-clamp-be
env:
- name: NAMESPACE
valueFrom:
apiVersion: v1
kind: Service
metadata:
- name: {{ include "common.servicename" . }}
+ name: {{ .Values.service.name }}
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
{{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
{{- else -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
- {{- end}}
name: {{ .Values.service.portName }}
+ {{- end}}
selector:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
+---
openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }};
chmod a+rx *;
-secrets:
- - uid: db-root-pass
- name: &dbRootPass '{{ include "common.release" . }}-clamp-db-root-pass'
- type: password
- password: '{{ .Values.db.rootPass }}'
- - uid: db-secret
- name: &dbUserPass '{{ include "common.release" . }}-clamp-db-user-pass'
- type: basicAuth
- login: '{{ .Values.db.user }}'
- password: '{{ .Values.db.password }}'
-
-db:
- user: clds
-# password: sidnnd83K
- databaseName: &dbName cldsdb4
-# rootPass: emrys user: testos
-
-clamp-backend:
- db:
- userCredsExternalSecret: *dbUserPass
- databaseName: *dbName
-clamp-mariadb:
- db:
- rootCredsExternalSecret: *dbRootPass
- userCredsExternalSecret: *dbUserPass
- databaseName: *dbName
-
subChartsOnly:
enabled: true
flavor: small
# application image
-image: onap/clamp-frontend:5.1.5
+image: onap/policy-clamp-frontend:6.0.0
pullPolicy: Always
# flag to enable debugging - application support required
service:
type: NodePort
- name: clamp-external
- portName: clamp-external
+ name: policy-clamp-fe
+ portName: policy-clamp-fe
internalPort: 2443
nodePort: 58
# as of 20180904 port 58 is reserved for clamp from log/logdemonode
# see https://wiki.onap.org/display/DW/OOM+NodePort+List
- type2: ClusterIP
- name2: clamp
- portName2: clamp-internal
- internalPort2: 2443
- externalPort2: 8443
-
ingress:
enabled: false
service:
version: ~7.x-0
repository: 'file://components/policy-distribution'
condition: policy-distribution.enabled
+ - name: policy-clamp-be
+ version: ~7.x-0
+ repository: 'file://components/policy-clamp-be'
+ condition: policy-clamp-be.enabled
+ - name: policy-clamp-fe
+ version: ~7.x-0
+ repository: 'file://components/policy-clamp-fe'
+ condition: policy-clamp-fe.enabled
- name: repositoryGenerator
version: ~7.x-0
repository: '@local'
mysql() { /usr/bin/mysql -h ${MYSQL_HOST} -P ${MYSQL_USER} "$@"; };
-for db in support onap_sdk log migration operationshistory10 pooling policyadmin operationshistory
+for db in support onap_sdk log migration operationshistory10 pooling policyadmin policyclamp operationshistory
do
mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "CREATE DATABASE IF NOT EXISTS ${db};"
mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "GRANT ALL PRIVILEGES ON \`${db}\`.* TO '${MYSQL_USER}'@'%' ;"
policy-distribution:
enabled: true
db: *dbSecretsHook
+policy-clamp-be:
+ enabled: true
+ db: *dbSecretsHook
+policy-clamp-fe:
+ enabled: true
policy-nexus:
enabled: false
GLOBAL_INJECTED_APPC_CDT_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "appc-cdt") }}'
GLOBAL_INJECTED_ARTIFACTS_VERSION = '{{.Values.demoArtifactsVersion}}'
GLOBAL_INJECTED_ARTIFACTS_REPO_URL = "{{ .Values.demoArtifactsRepoUrl }}"
-GLOBAL_INJECTED_CLAMP_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "clamp") }}'
+GLOBAL_INJECTED_CLAMP_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "policy-clamp-fe") }}'
GLOBAL_INJECTED_CLI_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "cli") }}'
GLOBAL_INJECTED_CLOUD_ENV = 'openstack'
GLOBAL_INJECTED_DCAE_COLLECTOR_IP = "{{ .Values.dcaeCollectorIp }}"
GLOBAL_SDC_AUTHENTICATION = [GLOBAL_SDC_USERNAME, GLOBAL_SDC_PASSWORD]
# clamp info - everything is from the private oam network (also called onap private network)
GLOBAL_CLAMP_SERVER_PROTOCOL = "https"
-GLOBAL_CLAMP_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "clamp" "port" 8443) }}'
+GLOBAL_CLAMP_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "policy-clamp-fe" "port" 2443) }}'
# nbi info - everything is from the private oam network (also called onap private network)
GLOBAL_NBI_SERVER_PROTOCOL = "https"
GLOBAL_NBI_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "nbi" "port" 8443) }}'
- name: cmpv2Certificate
version: ~7.x-0
repository: '@local'
+ - name: certManagerCertificate
+ version: ~7.x-0
+ repository: '@local'
- name: logConfiguration
version: ~7.x-0
repository: '@local'
{{/*
-# Copyright © 2020 Nokia
+# Copyright © 2020-2021 Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
*/}}
-{{ if .Values.global.CMPv2CertManagerIntegration }}
-{{ include "common.certificate" . }}
+{{ if and .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration }}
+{{ include "certManagerCertificate.certificate" . }}
{{ end }}
volumeMounts:
{{ include "common.certInitializer.volumeMount" . | indent 10 }}
{{ include "common.certServiceClient.volumeMounts" . | indent 10 }}
+{{- if and .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration }}
+{{ include "common.certManager.volumeMounts" . | indent 10 }}
+{{- end }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
{{ else }}
{{ include "common.certInitializer.volumes" . | nindent 8 }}
{{ include "common.certServiceClient.volumes" . | nindent 8 }}
+{{- if and .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration }}
+{{ include "common.certManager.volumes" . | nindent 8 }}
+{{- end }}
volumeClaimTemplates:
- metadata:
name: {{ include "common.fullname" . }}-data
login: '{{ .Values.config.scaleoutUser }}'
password: '{{ .Values.config.scaleoutPassword }}'
passwordPolicy: required
- - uid: keystore-password
- type: password
- password: secret
- passwordPolicy: required
#################################################################
# Certificates
#################################################################
commonName: sdnc.simpledemo.onap.org
dnsNames:
- sdnc.simpledemo.onap.org
- p12Keystore:
- create: true
- passwordSecretRef:
- name: keystore-password
- key: password
- jksKeystore:
- create: true
+ keystore:
+ outputType:
+ - jks
passwordSecretRef:
- name: keystore-password
+ name: sdnc-cmpv2-keystore-password
key: password
+ issuer:
+ group: certmanager.onap.org
+ kind: CMPv2Issuer
+ name: cmpv2-issuer-onap
#################################################################
# Application configuration defaults.
#################################################################
[testenv:docs]
deps = -rdocs/requirements-docs.txt
commands =
- sphinx-build -W -b html -n -W -d {envtmpdir}/doctrees ./docs/ {toxinidir}/docs/_build/html
+ sphinx-build -W -b html -n -d {envtmpdir}/doctrees ./docs/ {toxinidir}/docs/_build/html
[testenv:docs-linkcheck]
deps = -rdocs/requirements-docs.txt
commands = sphinx-build -W -b linkcheck -d {envtmpdir}/doctrees ./docs/ {toxinidir}/docs/_build/linkcheck
+[testenv:spelling]
+#basepython = python3
+whitelist_externals = wget
+deps =
+ -rdocs/requirements-docs.txt
+ sphinxcontrib-spelling
+ PyEnchant
+changedir={toxinidir}/docs
+commands =
+ wget -nv https://git.onap.org/doc/plain/docs/spelling_wordlist.txt -O spelling_wordlist.txt
+ sphinx-build -b spelling -d {envtmpdir}/doctrees . _build/spelling
+
[testenv:gitlint]
basepython = python3
deps =