id: 'djtimoney'
company: 'ATT'
timezone: 'America/New_York'
+ - name: 'Andreas Geissler'
+ email: 'andreas-geissler@telekom.de'
+ id: 'andreasgeissler'
+ company: 'Deutsche Telekom'
+ timezone: 'Europe/Berlin'
tsc:
approval: 'https://lists.onap.org/pipermail/onap-tsc'
changes:
name: 'Dan Timoney'
# yamllint disable-line rule:line-length
link: 'https://wiki.onap.org/display/DW/Committer+Promotion+Request+for+%5BOOM%5D+-+Dan+Timoney'
+ - type: 'Addition'
+ name: 'Andreas Geissler'
+ # yamllint disable-line rule:line-length
+ link: 'https://wiki.onap.org/display/DW/Committer+Promotion+Request+for+%5BOOM%5D+%3A+Andreas+Geissler'
oom_setup_paas.rst
oom_developer_guide.rst
oom_cloud_setup_guide.rst
- release-notes.rst
+ release_notes/release-notes.rst
oom_setup_kubernetes_rancher.rst
oom_setup_ingress_controller.rst
.. _Cloud Native Deployment Wiki: https://wiki.onap.org/display/DW/Cloud+Native+Deployment
.. _ONAP Development - 110 pod limit Wiki: https://wiki.onap.org/display/DW/ONAP+Development#ONAPDevelopment-Changemax-podsfromdefault110podlimit
-.. figure:: oomLogoV2-medium.png
+.. figure:: images/oom_logo/oomLogoV2-medium.png
:align: right
.. _cloud-setup-guide-label:
guilin 1.15.11 2.16.10 1.15.11 18.09.x
honolulu 1.19.9 3.5.2 1.19.9 19.03.x 1.2.0
Istanbul 1.19.11 3.6.3 1.19.11 19.03.x 1.5.4
+ Jakarta 1.22.4 3.6.3 1.22.4 20.10.x 1.5.4
============== =========== ======= ======== ======== ============
Minimum Hardware Configuration
OOM Developer Guide
###################
-.. figure:: oomLogoV2-medium.png
+.. figure:: images/oom_logo/oomLogoV2-medium.png
:align: right
ONAP consists of a large number of components, each of which are substantial
.. database PV
.. @enduml
-.. figure:: kubernetes_objects.png
+.. figure:: images/k8s/kubernetes_objects.png
OOM uses these Kubernetes objects as described in the following sections.
------------------------
A preliminary view of the OOM-MSB integration is as follows:
-.. figure:: MSB-OOM-Diagram.png
+.. figure:: images/msb/MSB-OOM-Diagram.png
A message sequence chart of the registration process:
Here's the list of these certificates:
.. csv-table::
- :file: hardcoded_certificates.csv
+ :file: certs/hardcoded_certificates.csv
ensures that ONAP is easily deployable and maintainable throughout its life
cycle while using hardware resources efficiently.
-.. figure:: oomLogoV2-medium.png
+.. figure:: images/oom_logo/oomLogoV2-medium.png
:align: right
In summary OOM provides the following capabilities:
OOM Quick Start Guide
#####################
-.. figure:: oomLogoV2-medium.png
+.. figure:: images/oom_logo/oomLogoV2-medium.png
:align: right
Once a Kubernetes environment is available (follow the instructions in
Example Keystone v2.0
-.. literalinclude:: example-integration-override.yaml
+.. literalinclude:: yaml/example-integration-override.yaml
:language: yaml
Example Keystone v3 (required for Rocky and later releases)
-.. literalinclude:: example-integration-override-v3.yaml
+.. literalinclude:: yaml/example-integration-override-v3.yaml
:language: yaml
> helm repo update
> helm search repo onap
-.. literalinclude:: helm-search.txt
+.. literalinclude:: helm/helm-search.txt
.. note::
The setup of the Helm repository is a one time activity. If you make changes
.. _Onboarding and Distributing a Vendor Software Product: https://wiki.onap.org/pages/viewpage.action?pageId=1018474
.. _README.md: https://gerrit.onap.org/r/gitweb?p=oom.git;a=blob;f=kubernetes/README.md
-.. figure:: oomLogoV2-medium.png
+.. figure:: images/oom_logo/oomLogoV2-medium.png
:align: right
.. _oom_setup_ingress_controller:
.. _Onboarding and Distributing a Vendor Software Product: https://wiki.onap.org/pages/viewpage.action?pageId=1018474
.. _README.md: https://gerrit.onap.org/r/gitweb?p=oom.git;a=blob;f=kubernetes/README.md
-.. figure:: oomLogoV2-medium.png
+.. figure:: images/oom_logo/oomLogoV2-medium.png
:align: right
.. _onap-on-kubernetes-with-rancher:
Apply customization script for Control Plane VMs
------------------------------------------------
-Click :download:`openstack-k8s-controlnode.sh <openstack-k8s-controlnode.sh>`
+Click :download:`openstack-k8s-controlnode.sh <shell/openstack-k8s-controlnode.sh>`
to download the script.
-.. literalinclude:: openstack-k8s-controlnode.sh
+.. literalinclude:: shell/openstack-k8s-controlnode.sh
:language: bash
This customization script will:
Apply customization script for Kubernetes VM(s)
-----------------------------------------------
-Click :download:`openstack-k8s-workernode.sh <openstack-k8s-workernode.sh>` to
+Click :download:`openstack-k8s-workernode.sh <shell/openstack-k8s-workernode.sh>` to
download the script.
-.. literalinclude:: openstack-k8s-workernode.sh
+.. literalinclude:: shell/openstack-k8s-workernode.sh
:language: bash
This customization script will:
describes a Kubernetes cluster that will be mapped onto the OpenStack VMs
created earlier in this guide.
-Click :download:`cluster.yml <cluster.yml>` to download the
+Click :download:`cluster.yml <yaml/cluster.yml>` to download the
configuration file.
-.. literalinclude:: cluster.yml
+.. literalinclude:: yaml/cluster.yml
:language: yaml
Prepare cluster.yml
Apply customization script for NFS Server VM
--------------------------------------------
-Click :download:`openstack-nfs-server.sh <openstack-nfs-server.sh>` to download
+Click :download:`openstack-nfs-server.sh <shell/openstack-nfs-server.sh>` to download
the script.
-.. literalinclude:: openstack-nfs-server.sh
+.. literalinclude:: shell/openstack-nfs-server.sh
:language: bash
This customization script will:
To properly set up an NFS share on Master and Slave nodes, the user can run the
scripts below.
-Click :download:`master_nfs_node.sh <master_nfs_node.sh>` to download the
+Click :download:`master_nfs_node.sh <shell/master_nfs_node.sh>` to download the
script.
-.. literalinclude:: master_nfs_node.sh
+.. literalinclude:: shell/master_nfs_node.sh
:language: bash
-Click :download:`slave_nfs_node.sh <slave_nfs_node.sh>` to download the script.
+Click :download:`slave_nfs_node.sh <shell/slave_nfs_node.sh>` to download the script.
-.. literalinclude:: slave_nfs_node.sh
+.. literalinclude:: shell/slave_nfs_node.sh
:language: bash
The master_nfs_node.sh script runs in the NFS Master node and needs the list of
complete description of these commands please refer to the `Helm
Documentation`_.
-.. figure:: oomLogoV2-medium.png
+.. figure:: images/oom_logo/oomLogoV2-medium.png
:align: right
The following sections describe the life-cycle operations:
impact
- Delete_ - cleanup individual containers or entire deployments
-.. figure:: oomLogoV2-Deploy.png
+.. figure:: images/oom_logo/oomLogoV2-Deploy.png
:align: right
Deploy
where the pod identifier refers to the auto-generated pod identifier.
-.. figure:: oomLogoV2-Configure.png
+.. figure:: images/oom_logo/oomLogoV2-Configure.png
:align: right
Configure
> helm deploy local/onap -n onap -f onap/resources/environments/onap-production.yaml --set global.masterPassword=password
-.. include:: environments_onap_demo.yaml
+.. include:: yaml/environments_onap_demo.yaml
:code: yaml
When deploying all of ONAP, the dependencies section of the Chart.yaml file
you can grab this public IP directly (as compared to trying to find the
floating IP first) and map this IP in /etc/hosts.
-.. figure:: oomLogoV2-Monitor.png
+.. figure:: images/oom_logo/oomLogoV2-Monitor.png
:align: right
Monitor
view the current health status of all of the ONAP components for which agents
have been created - a sample from the ONAP Integration labs follows:
-.. figure:: consulHealth.png
+.. figure:: images/consul/consulHealth.png
:align: center
To see the real-time health of a deployment go to: ``http://<kubernetes IP>:30270/ui/``
If Consul GUI is not accessible, you can refer this
`kubectl port-forward <https://kubernetes.io/docs/tasks/access-application-cluster/port-forward-access-application-cluster/>`_ method to access an application
-.. figure:: oomLogoV2-Heal.png
+.. figure:: images/oom_logo/oomLogoV2-Heal.png
:align: right
Heal
> kubectl get pods --all-namespaces -o=wide
-.. figure:: oomLogoV2-Scale.png
+.. figure:: images/oom_logo/oomLogoV2-Scale.png
:align: right
Scale
of how these capabilities can be used is described in the Running Consul on
Kubernetes tutorial.
-.. figure:: oomLogoV2-Upgrade.png
+.. figure:: images/oom_logo/oomLogoV2-Upgrade.png
:align: right
Upgrade
The previous so pod will be terminated and a new so pod with an updated so
container will be created.
-.. figure:: oomLogoV2-Delete.png
+.. figure:: images/oom_logo/oomLogoV2-Delete.png
:align: right
Delete
OOM provides `Helm charts <https://git.onap.org/oom/>`_ that needs to be
"compiled" into Helm package. see step 6 in
-:doc:`quickstart guide <oom_quickstart_guide>`.
+:doc:`quickstart guide <../oom_quickstart_guide>`.
Documentation Deliverables
~~~~~~~~~~~~~~~~~~~~~~~~~~
-- :doc:`Project Description <oom_project_description>`
-- :doc:`Cloud Setup Guide <oom_cloud_setup_guide>`
-- :doc:`Quick Start Guide <oom_quickstart_guide>`
-- :doc:`Setup Ingress Controller <oom_setup_ingress_controller>`
-- :doc:`Developer Guide <oom_developer_guide>`
-- :doc:`Hardcoded Certificates <oom_hardcoded_certificates>`
+- :doc:`Project Description <../oom_project_description>`
+- :doc:`Cloud Setup Guide <../oom_cloud_setup_guide>`
+- :doc:`Quick Start Guide <../oom_quickstart_guide>`
+- :doc:`Setup Ingress Controller <../oom_setup_ingress_controller>`
+- :doc:`Developer Guide <../oom_developer_guide>`
+- :doc:`Hardcoded Certificates <../oom_hardcoded_certificates>`
Known Limitations, Issues and Workarounds
=========================================
- Hard coded password used for all OOM deployments
[`OJSI-188 <https://jira.onap.org/browse/OJSI-188>`_]
-- :doc:`Hard coded certificates <oom_hardcoded_certificates>` in Helm packages
+- :doc:`Hard coded certificates <../oom_hardcoded_certificates>` in Helm packages
Workarounds
-----------
OOM provides `Helm charts <https://git.onap.org/oom/>`_ that needs to be
"compiled" into Helm package. see step 6 in
-:doc:`quickstart guide <oom_quickstart_guide>`.
+:doc:`quickstart guide <../oom_quickstart_guide>`.
Documentation Deliverables
~~~~~~~~~~~~~~~~~~~~~~~~~~
-- :doc:`Project Description <oom_project_description>`
-- :doc:`Cloud Setup Guide <oom_cloud_setup_guide>`
-- :doc:`Quick Start Guide <oom_quickstart_guide>`
-- :doc:`Setup Ingress Controller <oom_setup_ingress_controller>`
-- :doc:`Developer Guide <oom_developer_guide>`
-- :doc:`Hardcoded Certificates <oom_hardcoded_certificates>`
+- :doc:`Project Description <../oom_project_description>`
+- :doc:`Cloud Setup Guide <../oom_cloud_setup_guide>`
+- :doc:`Quick Start Guide <../oom_quickstart_guide>`
+- :doc:`Setup Ingress Controller <../oom_setup_ingress_controller>`
+- :doc:`Developer Guide <../oom_developer_guide>`
+- :doc:`Hardcoded Certificates <../oom_hardcoded_certificates>`
Known Limitations, Issues and Workarounds
=========================================
- Hard coded password used for all OOM deployments
[`OJSI-188 <https://jira.onap.org/browse/OJSI-188>`_]
-- :doc:`Hard coded certificates <oom_hardcoded_certificates>` in Helm packages
+- :doc:`Hard coded certificates <../oom_hardcoded_certificates>` in Helm packages
Workarounds
-----------
OOM provides `Helm charts <https://git.onap.org/oom/>`_ that needs to be
"compiled" into Helm package. see step 6 in
-:doc:`quickstart guide <oom_quickstart_guide>`.
+:doc:`quickstart guide <../oom_quickstart_guide>`.
Documentation Deliverables
~~~~~~~~~~~~~~~~~~~~~~~~~~
-- :doc:`Project Description <oom_project_description>`
-- :doc:`Cloud Setup Guide <oom_cloud_setup_guide>`
-- :doc:`Quick Start Guide <oom_quickstart_guide>`
-- :doc:`Setup Ingress Controller <oom_setup_ingress_controller>`
-- :doc:`Developer Guide <oom_developer_guide>`
-- :doc:`Hardcoded Certificates <oom_hardcoded_certificates>`
+- :doc:`Project Description <../oom_project_description>`
+- :doc:`Cloud Setup Guide <../oom_cloud_setup_guide>`
+- :doc:`Quick Start Guide <../oom_quickstart_guide>`
+- :doc:`Setup Ingress Controller <../oom_setup_ingress_controller>`
+- :doc:`Developer Guide <../oom_developer_guide>`
+- :doc:`Hardcoded Certificates <../oom_hardcoded_certificates>`
Known Limitations, Issues and Workarounds
=========================================
- Hard coded password used for all OOM deployments
[`OJSI-188 <https://jira.onap.org/browse/OJSI-188>`_]
-- :doc:`Hard coded certificates <oom_hardcoded_certificates>` in Helm packages
+- :doc:`Hard coded certificates <../oom_hardcoded_certificates>` in Helm packages
Workarounds
-----------
International License.
.. http://creativecommons.org/licenses/by/4.0
.. (c) ONAP Project and its contributors
-.. _release_notes:
+.. _release_notes_istanbul:
+
+:orphan:
*************************************
ONAP Operations Manager Release Notes
OOM provides `Helm charts <https://git.onap.org/oom/>`_ that needs to be
"compiled" into Helm package. see step 6 in
-:doc:`quickstart guide <oom_quickstart_guide>`.
+:doc:`quickstart guide <../oom_quickstart_guide>`.
Documentation Deliverables
~~~~~~~~~~~~~~~~~~~~~~~~~~
-- :doc:`Project Description <oom_project_description>`
-- :doc:`Cloud Setup Guide <oom_cloud_setup_guide>`
-- :doc:`Quick Start Guide <oom_quickstart_guide>`
-- :doc:`Setup Ingress Controller <oom_setup_ingress_controller>`
-- :doc:`Developer Guide <oom_developer_guide>`
-- :doc:`Hardcoded Certificates <oom_hardcoded_certificates>`
+- :doc:`Project Description <../oom_project_description>`
+- :doc:`Cloud Setup Guide <../oom_cloud_setup_guide>`
+- :doc:`Quick Start Guide <../oom_quickstart_guide>`
+- :doc:`Setup Ingress Controller <../oom_setup_ingress_controller>`
+- :doc:`Developer Guide <../oom_developer_guide>`
+- :doc:`Hardcoded Certificates <../oom_hardcoded_certificates>`
Known Limitations, Issues and Workarounds
=========================================
--- /dev/null
+.. This work is licensed under a Creative Commons Attribution 4.0
+ International License.
+.. http://creativecommons.org/licenses/by/4.0
+.. (c) ONAP Project and its contributors
+.. _release_notes:
+
+*************************************
+ONAP Operations Manager Release Notes
+*************************************
+
+Previous Release Notes
+======================
+
+- :ref:`Istanbul <release_notes_istanbul>`
+- :ref:`Honolulu <release_notes_honolulu>`
+- :ref:`Guilin <release_notes_guilin>`
+- :ref:`Frankfurt <release_notes_frankfurt>`
+- :ref:`El Alto <release_notes_elalto>`
+- :ref:`Dublin <release_notes_dublin>`
+- :ref:`Casablanca <release_notes_casablanca>`
+- :ref:`Beijing <release_notes_beijing>`
+- :ref:`Amsterdam <release_notes_amsterdam>`
+
+Abstract
+========
+
+This document provides the release notes for the Jakarta release.
+
+Summary
+=======
+
+
+
+Release Data
+============
+
++--------------------------------------+--------------------------------------+
+| **Project** | OOM |
+| | |
++--------------------------------------+--------------------------------------+
+| **Docker images** | N/A |
+| | |
++--------------------------------------+--------------------------------------+
+| **Release designation** | Jakarta |
+| | |
++--------------------------------------+--------------------------------------+
+| **Release date** | |
+| | |
++--------------------------------------+--------------------------------------+
+
+New features
+------------
+
+
+**Bug fixes**
+
+A list of issues resolved in this release can be found here:
+
+
+
+**Known Issues**
+
+
+Deliverables
+------------
+
+Software Deliverables
+~~~~~~~~~~~~~~~~~~~~~
+
+OOM provides `Helm charts <https://git.onap.org/oom/>`_ that needs to be
+"compiled" into Helm package. see step 6 in
+:doc:`quickstart guide <../oom_quickstart_guide>`.
+
+Documentation Deliverables
+~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- :doc:`Project Description <../oom_project_description>`
+- :doc:`Cloud Setup Guide <../oom_cloud_setup_guide>`
+- :doc:`Quick Start Guide <../oom_quickstart_guide>`
+- :doc:`Setup Ingress Controller <../oom_setup_ingress_controller>`
+- :doc:`Developer Guide <../oom_developer_guide>`
+- :doc:`Hardcoded Certificates <../oom_hardcoded_certificates>`
+
+Known Limitations, Issues and Workarounds
+=========================================
+
+Known Vulnerabilities
+---------------------
+
+
+Workarounds
+-----------
+
+- `OOM-2754 <https://jira.onap.org/browse/OOM-2754>`_
+ Because of *updateEndpoint* property added to *cmpv2issuer* CRD
+ it is impossible to upgrade platform component from Istanbul to Jakarta
+ release without manual steps. Actions that should be performed:
+
+ #. Update the CRD definition::
+
+ > kubectl -n onap apply -f oom/kubernetes/platform/components/cmpv2-cert-provider/crds/cmpv2issuer.yaml
+ #. Upgrade the component::
+
+ > helm -n onap upgrade dev-platform oom/kubernetes/platform
+ #. Make sure that *cmpv2issuer* contains correct value for
+ *spec.updateEndpoint*. The value should be: *v1/certificate-update*.
+ If it's not, edit the resource::
+
+ > kubectl -n onap edit cmpv2issuer cmpv2-issuer-onap
+
+
+Security Notes
+--------------
+
+**Fixed Security Issues**
+
+References
+==========
+
+For more information on the ONAP Istanbul release, please see:
+
+#. `ONAP Home Page`_
+#. `ONAP Documentation`_
+#. `ONAP Release Downloads`_
+#. `ONAP Wiki Page`_
+
+
+.. _`ONAP Home Page`: https://www.onap.org
+.. _`ONAP Wiki Page`: https://wiki.onap.org
+.. _`ONAP Documentation`: https://docs.onap.org
+.. _`ONAP Release Downloads`: https://git.onap.org
+++ /dev/null
-AAF
-AAI
-ACL
-adaptor
-Adaptor
-adaptors
-Adaptors
-Alcatel
-Ansible
-API
-APIs
-APPC
-ASCII
-Avro
-BPMN
-Camunda
-Cask
-Cassandra
-CCSDK
-CD
-CDAP
-Ceilometer
-CentOS
-CI
-CLI
-Cloudify
-Codec
-committer
-committers
-CommonMark
-Contrail
-CPU
-CRM
-CSCF
-CSIT
-cyber
-DBaaS
-DCAE
-DevOps
-DHCP
-Django
-DMaaP
-DNS
-DNSaaS
-DPDK
-Ebook
-elasticsearch
-Elasticsearch
-Enablement
-enum
-Enum
-env
-Env
-ENV
-ethernet
-Facebook
-failover
-fallback
-Fcaps
-Financials
-geocoder
-Gerrit
-Git
-Github
-graphSON
-guestOS
-gui
-Hadoop
-hardcoded
-hashtag
-healthcheck
-healthCheck
-Healthcheck
-HealthCheck
-healthchecks
-heatbridge
-heatclient
-HeatStack
-hostname
-hostName
-Hostname
-hostnames
-hostOS
-htm
-html
-http
-Http
-httpclient
-httpcomponents
-httpdomain
-httpHeader
-httpPort
-httpreturncode
-https
-httpStatusCode
-Huawei
-hyperlink
-Hyperlink
-hypervisor
-Hypervisor
-hypervisors
-Hypervisors
-IaaS
-indices
-Indices
-inline
-internet
-interoperable
-interoperate
-Interoperate
-interoperation
-interwork
-Interworking
-IoT
-ip
-Ip
-IP
-ipAddress
-iPAddress
-IPAddress
-ipam
-Ipam
-ipVersion
-Jacoco
-java
-javalib
-javascript
-Javascript
-jboss
-JBoss
-Jenkins
-Jira
-jpath
-json
-Json
-jsonObject
-jsonObjectInstance
-jsonObjects
-jsonschema
-jtosca
-junit
-Junit
-JUnit
-Junits
-JUnits
-Karaf
-keypair
-Keypair
-keypairs
-keyserver
-keyservers
-keyspace
-Keyspace
-keyspaceName
-keyspaces
-keystore
-keytool
-keyValue
-Kibana
-Kibibytes
-kubectl
-Kubernetes
-LF
-lifecycle
-Lifecycle
-lifecycles
-locator
-logback
-Logback
-logfiles
-Logfiles
-logoffs
-Logoffs
-logon
-Logstash
-macAddress
-MacAddress
-macOS
-Malware
-MariaDB
-metadata
-Metadata
-microservice
-Microservice
-microservices
-Microservices
-middleware
-msb
-MSB
-multicast
-multicloud
-Multicloud
-MultiCloud
-multipart
-Mysql
-NaaS
-nameserver
-nameservers
-namespace
-Namespace
-namespaced
-namespaces
-Namespaces
-Netconf
-nfv
-NFV
-nfvi
-nfvo
-nfvparser
-Nokia
-NSD
-OAM
-Ocata
-ODL
-Onap
-ONAP
-onboard
-Onboard
-onboarded
-Onboarded
-onboarding
-Onboarding
-online
-OOF
-oom
-OOM
-OpenDaylight
-OpenFlow
-openo
-OpenO
-Opensource
-Openstack
-OpenStack
-OSS
-ovs
-ovsdb
-Pandoc
-partitionKey
-Partitionkey
-passphrase
-PCRF
-pdf
-PGaaS
-Phishing
-PKI
-placemark
-Placemark
-placemarks
-plantUML
-playbook
-Playbook
-playbooks
-Playbooks
-plugin
-Plugin
-plugins
-Plugins
-PNF
-PoC
-Postgre
-Postgres
-Postgresql
-preload
-Preload
-proactively
-programmatically
-proxyhost
-pserver
-pServer
-pservers
-QoS
-quickstart
-Quickstart
-Rackspace
-readme
-readthedocs
-Readthedocs
-Redhat
-Redis
-refactored
-Refactored
-registrator
-Registrator
-releng
-repo
-Repo
-repos
-Restconf
-reStructuredText
-reusability
-Reusability
-RMM
-roadmap
-roadmaps
-RPT
-rst
-RST
-RVMI
-schemas
-screensaver
-sdc
-Sdc
-SDC
-sdk
-SDK
-SDN
-sdnc
-Sdnc
-SDNC
-Selenium
-servlet
-Servlet
-Skynet
-SLI
-SMP
-SNMP
-SPI
-SQL
-stateful
-subclassed
-subclassing
-subdomain
-subflows
-suboperation
-suboperations
-Suboperations
-subtending
-syslog
-sysLog
-Syslog
-syslogs
-Syslogs
-tablename
-taxonomical
-TBD
-Telco
-telecom
-Telecom
-templated
-templating
-timeframe
-timeslots
-timestamp
-Timestamp
-transcoding
-UDP
-UI
-uncheck
-undeploy
-Undeploy
-undeployed
-undeploying
-Undeployment
-uninstall
-uninstallation
-uninstalled
-unitless
-Unregistration
-updatable
-uploadable
-url
-Url
-urls
-usecase
-Usecase
-userid
-username
-Username
-usernames
-validator
-Validator
-vcpu
-vcpus
-vdns
-versioned
-Versioned
-versioning
-Versioning
-vertices
-Vertices
-vf
-vF
-vfc
-vFC
-VFC
-vfcadaptor
-vfirewall
-vFirewall
-vfmodule
-vfModule
-VfModule
-vfModules
-vfstatus
-vfStatus
-virtualization
-Virtualization
-virtualize
-virtualized
-Virtualized
-virtualizes
-virtualizing
-vlan
-Vld
-vm
-Vm
-VM
-vms
-VMs
-VMware
-vnf
-vNF
-Vnf
-VNF
-vnfapi
-vnfc
-VNFFG
-vnfm
-Vnfm
-VNFM
-VNFMs
-vnfs
-vNFs
-vnfsdk
-VPN
-vrouter
-vserver
-vServer
-Vserver
-vservers
-Vservers
-vswitch
-VVP
-Vyatta
-webapp
-webapps
-Webpage
-webserver
-WebServer
-Websocket
-Websockets
-whitebox
-whiteboxes
-whitepaper
-wiki
-Wiki
-Wikis
-Wildfly
-Windriver
-Wireline
-workflow
-Workflow
-workflows
-www
-xml
-Xmx
-Yaml
-yamls
-zabbix
-Zachman
-Zookeeper
-ZTE
+++ /dev/null
-{{/*
-# Copyright © 2021 Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-{{/*
- Generate comma separated list of kafka or zookeper nodes to reuse in message router charts.
- How to use:
-
- zookeeper servers list: {{ include "common.kafkaNodes" (dict "dot" . "replicaCount" (index .Values "message-router-zookeeper" "replicaCount") "componentName" .Values.zookeeper.name "port" .Values.zookeeper.port ) }}
- kafka servers list: {{ include "common.kafkaNodes" (dict "dot" . "replicaCount" (index .Values "message-router-kafka" "replicaCount") "componentName" .Values.kafka.name "port" .Values.kafka.port ) }}
-
-*/}}
-{{- define "common.kafkaNodes" -}}
-{{- $dot := .dot -}}
-{{- $replicaCount := .replicaCount -}}
-{{- $componentName := .componentName -}}
-{{- $port := .port -}}
-{{- $kafkaNodes := list -}}
-{{- range $i, $e := until (int $replicaCount) -}}
-{{- $kafkaNodes = print (include "common.release" $dot) "-" $componentName "-" $i "." $componentName "." (include "common.namespace" $dot) ".svc.cluster.local:" $port | append $kafkaNodes -}}
-{{- end -}}
-{{- $kafkaNodes | join "," -}}
-{{- end -}}
{{- range $envName, $envValue := .Values.applicationEnv }}
{{- if kindIs "string" $envValue }}
- name: {{ $envName }}
- value: {{ $envValue | quote }}
+ value: {{ tpl $envValue $global | quote }}
{{- else }}
{{ if or (not $envValue.secretUid) (not $envValue.key) }}
{{ fail (printf "Env %s definition is not a string and does not contain secretUid or key fields" $envName) }}
--- /dev/null
+{{/*
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaUser
+metadata:
+ name: {{ include "common.release" . }}-{{ .Values.hvVesKafkaUser }}
+ labels:
+ strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+ authentication:
+ type: scram-sha-512
+ authorization:
+ type: simple
+ acls:
+ - resource:
+ type: topic
+ name: {{ index .Values "applicationConfig" "streams_publishes" "ves-3gpp-fault-supervision" "kafka_info" "topic_name" }}
+ operation: Write
+ - resource:
+ type: topic
+ name: {{ index .Values "applicationConfig" "streams_publishes" "ves-3gpp-provisioning" "kafka_info" "topic_name" }}
+ operation: Write
+ - resource:
+ type: topic
+ name: {{ index .Values "applicationConfig" "streams_publishes" "ves-3gpp-heartbeat" "kafka_info" "topic_name" }}
+ operation: Write
+ - resource:
+ type: topic
+ name: {{ index .Values "applicationConfig" "streams_publishes" "ves-3gpp-performance-assurance" "kafka_info" "topic_name" }}
+ operation: Write
+ - resource:
+ type: topic
+ name: {{ .Values.applicationConfig.streams_publishes.perf3gpp.kafka_info.topic_name }}
+ operation: Write
--- /dev/null
+{{/*
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaTopic
+metadata:
+ name: ves-3gpp-fault-supervision
+ labels:
+ strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+ topicName: {{ index .Values "applicationConfig" "streams_publishes" "ves-3gpp-fault-supervision" "kafka_info" "topic_name" }}
+ partitions: 10
+ config:
+ retention.ms: 7200000
+ segment.bytes: 1073741824
+---
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaTopic
+metadata:
+ name: ves-3gpp-provisioning
+ labels:
+ strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+ topicName: {{ index .Values "applicationConfig" "streams_publishes" "ves-3gpp-provisioning" "kafka_info" "topic_name" }}
+ partitions: 10
+ config:
+ retention.ms: 7200000
+ segment.bytes: 1073741824
+---
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaTopic
+metadata:
+ name: ves-3gpp-heartbeat
+ labels:
+ strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+ topicName: {{ index .Values "applicationConfig" "streams_publishes" "ves-3gpp-heartbeat" "kafka_info" "topic_name" }}
+ partitions: 10
+ config:
+ retention.ms: 7200000
+ segment.bytes: 1073741824
+---
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaTopic
+metadata:
+ name: ves-3gpp-performance-assurance
+ labels:
+ strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+ topicName: {{ index .Values "applicationConfig" "streams_publishes" "ves-3gpp-performance-assurance" "kafka_info" "topic_name" }}
+ partitions: 10
+ config:
+ retention.ms: 7200000
+ segment.bytes: 1073741824
+---
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaTopic
+metadata:
+ name: perf3gpp
+ labels:
+ strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+ topicName: {{ .Values.applicationConfig.streams_publishes.perf3gpp.kafka_info.topic_name }}
+ partitions: 10
+ config:
+ retention.ms: 7200000
+ segment.bytes: 1073741824
# ================================================================================
# Copyright (c) 2021-2022 J. F. Lucas. All rights reserved.
# Copyright (c) 2021-2022 Nokia. All rights reserved.
+# Copyright © 2022 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
tlsServer: true
secrets:
- - uid: &aafCredsUID aafcreds
- type: basicAuth
- login: '{{ .Values.aafCreds.user }}'
- password: '{{ .Values.aafCreds.password }}'
- passwordPolicy: required
+ - uid: hv-ves-kafka-secret
+ externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
+ type: genericKV
+ envs:
+ - name: sasl.jaas.config
+ value: '{{ .Values.config.someConfig }}'
+ policy: generate
+config:
+ someConfig: blah
# CMPv2 certificate
# It is used only when:
port_protocol: http
nodePort: 22
-aafCreds:
- user: admin
- password: admin_secret
-
-credentials:
-- name: AAF_USER
- uid: *aafCredsUID
- key: login
-- name: AAF_PASSWORD
- uid: *aafCredsUID
- key: password
+#strimzi kafka config
+hvVesKafkaUser: dcae-hv-ves-kafka-user
# initial application configuration
applicationConfig:
streams_publishes:
ves-3gpp-fault-supervision:
type: kafka
- aaf_credentials:
- username: ${AAF_USER}
- password: ${AAF_PASSWORD}
kafka_info:
- bootstrap_servers: message-router-kafka:9092
+ bootstrap_servers: ${KAFKA_BOOTSTRAP_SERVERS}
topic_name: SEC_3GPP_FAULTSUPERVISION_OUTPUT
ves-3gpp-provisioning:
type: kafka
- aaf_credentials:
- username: ${AAF_USER}
- password: ${AAF_PASSWORD}
kafka_info:
- bootstrap_servers: message-router-kafka:9092
+ bootstrap_servers: ${KAFKA_BOOTSTRAP_SERVERS}
topic_name: SEC_3GPP_PROVISIONING_OUTPUT
ves-3gpp-heartbeat:
type: kafka
- aaf_credentials:
- username: ${AAF_USER}
- password: ${AAF_PASSWORD}
kafka_info:
- bootstrap_servers: message-router-kafka:9092
+ bootstrap_servers: ${KAFKA_BOOTSTRAP_SERVERS}
topic_name: SEC_3GPP_HEARTBEAT_OUTPUT
ves-3gpp-performance-assurance:
type: kafka
- aaf_credentials:
- username: ${AAF_USER}
- password: ${AAF_PASSWORD}
kafka_info:
- bootstrap_servers: message-router-kafka:9092
+ bootstrap_servers: ${KAFKA_BOOTSTRAP_SERVERS}
topic_name: SEC_3GPP_PERFORMANCEASSURANCE_OUTPUT
perf3gpp:
type: kafka
- aaf_credentials:
- username: ${AAF_USER}
- password: ${AAF_PASSWORD}
kafka_info:
- bootstrap_servers: message-router-kafka:9092
+ bootstrap_servers: ${KAFKA_BOOTSTRAP_SERVERS}
topic_name: HV_VES_PERF3GPP
applicationEnv:
JAVA_OPTS: '-Dlogback.configurationFile=/etc/ONAP/dcae-hv-ves-collector/logback.xml'
CBS_CLIENT_CONFIG_PATH: '/app-config-input/application_config.yaml'
+ KAFKA_BOOTSTRAP_SERVERS: '{{ include "common.release" . }}-strimzi-kafka-bootstrap:9092'
+ USE_SCRAM: 'true'
+ JAAS_CONFIG:
+ secretUid: hv-ves-kafka-secret
+ key: sasl.jaas.config
# Resource Limit flavor -By Default using small
flavor: small
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.services.components.slice-analysis-ms:1.1.1
+image: onap/org.onap.dcaegen2.services.components.slice-analysis-ms:1.1.2
# Log directory where logging sidecar should look for log files
# if path is set to null sidecar won't be deployed in spite of
global:
centralizedLoggingEnabled: true
+ hvVesKafkaUser: dcae-hv-ves-kafka-user
#################################################################
# Filebeat Configuration Defaults.
dcae-hv-ves-collector:
enabled: true
logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services'
+ config:
+ jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.hvVesKafkaUser }}'
dcae-kpi-ms:
enabled: false
logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services'
# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2018 Amdocs,Bell Canada
# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2021-2022 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- name: common
version: ~10.x-0
repository: '@local'
+ - name: dmaap-strimzi
+ version: ~10.x-0
+ repository: 'file://components/dmaap-strimzi'
+ condition: dmaap-strimzi.enabled
- name: message-router
version: ~10.x-0
repository: 'file://components/message-router'
.project
.idea/
*.tmproj
+Chart.lock
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
+# Copyright © 2022 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
apiVersion: v2
-description: ONAP Dmaap Message Router Zookeeper Service
-name: message-router-zookeeper
+description: ONAP Dmaap Strimzi Kafka Bridge
+name: dmaap-strimzi
version: 10.0.0
dependencies:
# limitations under the License.
ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
-OUTPUT_DIR := $(ROOT_DIR)/../../dist
+OUTPUT_DIR := $(ROOT_DIR)/../dist
PACKAGE_DIR := $(OUTPUT_DIR)/packages
SECRET_DIR := $(OUTPUT_DIR)/secrets
-EXCLUDES :=
+EXCLUDES := dist resources templates charts docker
HELM_BIN := helm
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
{{/*
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Copyright © 2022 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-
-apiVersion: v1
-kind: Service
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaBridge
metadata:
- name: {{ .Values.service.name }}
+ name: {{ include "common.fullname" . }}
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
spec:
- type: {{ .Values.service.type }}
- ports:
- - port: {{ .Values.service.clientPort }}
- name: {{ .Values.service.clientPortName }}
- - port: {{ .Values.service.serverPort }}
- name: {{ .Values.service.serverPortName }}
- - port: {{ .Values.service.leaderElectionPort }}
- name: {{ .Values.service.leaderElectionPortName }}
- clusterIP: None
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ replicas: {{ .Values.kafkaBridgeReplicaCount }}
+ enableMetrics: false
+ bootstrapServers: {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}:{{ .Values.global.kafkaInternalPort }}
+ authentication:
+ type: {{ .Values.global.saslMechanism }}
+ username: {{ .Values.global.kafkaStrimziAdminUser }}
+ passwordSecret:
+ secretName: {{ .Values.global.kafkaStrimziAdminUser }}
+ password: password
+ http:
+ port: {{ .Values.kafkaBridgePort }}
--- /dev/null
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ kafkaBootstrap: strimzi-kafka-bootstrap
+ kafkaStrimziAdminUser: strimzi-kafka-admin
+ kafkaInternalPort: 9092
+ saslMechanism: scram-sha-512
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+kafkaBridgeReplicaCount: 1
+kafkaBridgePort: 8080
+
+ingress:
+ enabled: false
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dmaap-strimzi
+ roles:
+ - read
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2022 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- name: repositoryGenerator
version: ~10.x-0
repository: '@local'
- - name: message-router-kafka
- version: ~10.x-0
- repository: 'file://components/message-router-kafka'
- - name: message-router-zookeeper
- version: ~10.x-0
- repository: 'file://components/message-router-zookeeper'
- name: serviceAccount
version: ~10.x-0
repository: '@local'
+++ /dev/null
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v2
-description: ONAP Message Router Kafka Service
-name: message-router-kafka
-version: 10.0.0
-
-dependencies:
- - name: common
- version: ~10.x-0
- # local reference to common chart, as it is
- # a part of this chart's package and will not
- # be published independently to a repo (at this point)
- repository: '@local'
- - name: certInitializer
- version: ~10.x-0
- repository: '@local'
- - name: repositoryGenerator
- version: ~10.x-0
- repository: '@local'
- - name: serviceAccount
- version: ~10.x-0
- repository: '@local'
+++ /dev/null
-jmxUrl: service:jmx:rmi:///jndi/rmi://localhost:{{ .Values.jmx.port }}/jmxrmi
-lowercaseOutputName: true
-lowercaseOutputLabelNames: true
-ssl: false
-rules:
-- pattern : kafka.server<type=ReplicaManager, name=(.+)><>(Value|OneMinuteRate)
- name: "cp_kafka_server_replicamanager_$1"
-- pattern : kafka.controller<type=KafkaController, name=(.+)><>Value
- name: "cp_kafka_controller_kafkacontroller_$1"
-- pattern : kafka.server<type=BrokerTopicMetrics, name=(.+)><>OneMinuteRate
- name: "cp_kafka_server_brokertopicmetrics_$1"
-- pattern : kafka.network<type=RequestMetrics, name=RequestsPerSec, request=(.+)><>OneMinuteRate
- name: "cp_kafka_network_requestmetrics_requestspersec_$1"
-- pattern : kafka.network<type=SocketServer, name=NetworkProcessorAvgIdlePercent><>Value
- name: "cp_kafka_network_socketserver_networkprocessoravgidlepercent"
-- pattern : kafka.server<type=ReplicaFetcherManager, name=MaxLag, clientId=(.+)><>Value
- name: "cp_kafka_server_replicafetchermanager_maxlag_$1"
-- pattern : kafka.server<type=KafkaRequestHandlerPool, name=RequestHandlerAvgIdlePercent><>OneMinuteRate
- name: "cp_kafka_kafkarequesthandlerpool_requesthandleravgidlepercent"
-- pattern : kafka.controller<type=ControllerStats, name=(.+)><>OneMinuteRate
- name: "cp_kafka_controller_controllerstats_$1"
-- pattern : kafka.server<type=SessionExpireListener, name=(.+)><>OneMinuteRate
- name: "cp_kafka_server_sessionexpirelistener_$1"
+++ /dev/null
-KafkaServer {
- org.onap.dmaap.kafkaAuthorize.PlainLoginModule1 required
- username="${KAFKA_ADMIN}"
- password="${KAFKA_PSWD}"
- user_${KAFKA_ADMIN}="${KAFKA_PSWD}";
-};
-Client {
- org.apache.zookeeper.server.auth.DigestLoginModule required
- username="${ZK_ADMIN}"
- password="${ZK_PSWD}";
- };
+++ /dev/null
-Client {
- org.apache.zookeeper.server.auth.DigestLoginModule required
- username="${ZK_ADMIN}"
- password="${ZK_PSWD}";
- };
\ No newline at end of file
+++ /dev/null
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright © 2018 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-{{/*
-# Copyright © 2019 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if .Values.global.aafEnabled }}
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-jaas-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/jaas/kafka_server_jaas.conf").AsConfig . | indent 2 }}
----
-{{- else }}
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-jaas-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/jaas/zk_client_jaas.conf").AsConfig . | indent 2 }}
----
-{{- end }}
-{{- if .Values.prometheus.jmx.enabled }}
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-prometheus-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/jmx-kafka-prometheus.yml").AsConfig . | indent 2 }}
----
-{{- end }}
+++ /dev/null
-{{/*
-# Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: policy/v1beta1
-kind: PodDisruptionBudget
-metadata:
- name: {{ include "common.fullname" . }}-pdb
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- maxUnavailable: 1
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- $global := . -}}
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-{{- if eq "True" (include "common.needPV" .) -}}
-{{ range $i, $e := until (int $global.Values.replicaCount) }}
----
-apiVersion: v1
-kind: PersistentVolume
-metadata:
- name: {{ include "common.release" $global }}-{{ $global.Values.service.name }}-{{ $i }}
- namespace: {{ include "common.namespace" $global }}
- labels:
- app: {{ $global.Values.service.name }}
- chart: {{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" $global }}
- heritage: {{ $global.Release.Service }}
-spec:
- capacity:
- storage: {{ $global.Values.persistence.size }}
- accessModes:
- - {{ $global.Values.persistence.accessMode }}
- storageClassName: "{{ include "common.fullname" $global }}-data"
- hostPath:
- path: {{ $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.mountSubPath }}-{{ $i }}
- persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }}
-{{ end }}
-{{ end }}
-{{ end }}
+++ /dev/null
-{{/*
-# Copyright © 2020 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{ include "common.secretFast" . }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Values.service.name }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- ports:
- - port: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- clusterIP: None
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
-
+++ /dev/null
-{{/*
-# Copyright © 2019 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- $root := . -}}
-{{ range $i, $e := until (int $root.Values.replicaCount) }}
----
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ $root.Values.service.name }}-{{ $i }}
- namespace: {{ include "common.namespace" $root }}
- labels:
- app: {{ $root.Values.service.name }}
- chart: {{ $root.Chart.Name }}-{{ $root.Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" $root }}
- heritage: {{ $root.Release.Service }}
-
-spec:
- type: {{ $root.Values.service.type }}
- externalTrafficPolicy: Local
- selector:
- statefulset.kubernetes.io/pod-name: {{ include "common.release" $root }}-{{ $root.Values.service.name }}-{{ $i }}
- ports:
- - port: {{ $root.Values.service.externalPort }}
- targetPort: {{ $root.Values.service.externalPort }}
- nodePort: {{ $root.Values.service.baseNodePort | add $i }}
- name: {{ $root.Values.service.name }}-{{ $i }}
-{{ end }}
+++ /dev/null
-{{/*
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- serviceName: {{ .Values.service.name }}
- replicas: {{ .Values.replicaCount }}
- podManagementPolicy: Parallel
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- {{- if .Values.prometheus.jmx.enabled }}
- annotations:
- prometheus.io/scrape: "true"
- prometheus.io/port: {{ .Values.prometheus.jmx.port | quote }}
- {{- end }}
- spec:
- {{- if .Values.nodeAffinity }}
- nodeAffinity:
- {{ toYaml .Values.nodeAffinity | indent 10 }}
- {{- end }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
- initContainers:
- - command:
- - /app/ready.py
- args:
- - --container-name
- - {{ .Values.zookeeper.name }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- - command:
- - sh
- - -exec
- - |
- rm -rf '/var/lib/kafka/data/lost+found';
- chown -R 1000:0 /var/lib/kafka/data;
- image: {{ include "repositoryGenerator.image.busybox" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /var/lib/kafka/data
- name: kafka-data
- name: {{ include "common.name" . }}-permission-fixer
- - command:
- - sh
- args:
- - -c
- - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/etc/kafka/secrets/jaas/${PFILE}; done"
- env:
- - name: ZK_ADMIN
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "zk-client" "key" "login") | indent 10 }}
- - name: ZK_PSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "zk-client" "key" "password") | indent 10 }}
- - name: KAFKA_ADMIN
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "kafka-admin" "key" "login") | indent 10 }}
- - name: KAFKA_PSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "kafka-admin" "key" "password") | indent 10 }}
- volumeMounts:
- - mountPath: /etc/kafka/secrets/jaas
- name: jaas-config
- - mountPath: /config-input
- name: jaas
- image: {{ include "repositoryGenerator.image.envsubst" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-update-config
- {{ include "common.certInitializer.initContainer" . | indent 6 | trim }}
- containers:
- {{- if .Values.prometheus.jmx.enabled }}
- - name: prometheus-jmx-exporter
- image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.prometheus.jmx.image }}:{{ .Values.prometheus.jmx.imageTag }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - java
- - -XX:+UnlockExperimentalVMOptions
- - -XX:+UseCGroupMemoryLimitForHeap
- - -XX:MaxRAMFraction=1
- - -XshowSettings:vm
- - -jar
- - jmx_prometheus_httpserver.jar
- - {{ .Values.prometheus.jmx.port | quote }}
- - /etc/jmx-kafka/jmx-kafka-prometheus.yml
- ports:
- - containerPort: {{ .Values.prometheus.jmx.port }}
- resources:
-{{ toYaml .Values.prometheus.jmx.resources | indent 10 }}
- volumeMounts:
- - name: jmx-config
- mountPath: /etc/jmx-kafka
- {{- end }}
- - name: {{ include "common.name" . }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - sh
- - -exc
- - |
- export KAFKA_BROKER_ID=${HOSTNAME##*-} && \
- {{- if .Values.global.aafEnabled }}
- cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.final_cadi_files }} /etc/kafka/data/{{ .Values.certInitializer.final_cadi_files }} && \
- export KAFKA_ADVERTISED_LISTENERS=EXTERNAL_SASL_PLAINTEXT://$(HOST_IP):$(( $KAFKA_BROKER_ID + {{ .Values.service.baseNodePort }} )),INTERNAL_SASL_PLAINTEXT://:{{ .Values.service.internalPort }} && \
- {{ else }}
- export KAFKA_ADVERTISED_LISTENERS=EXTERNAL_PLAINTEXT://$(HOST_IP):$(( $KAFKA_BROKER_ID + {{ .Values.service.baseNodePort }} )),INTERNAL_PLAINTEXT://:{{ .Values.service.internalPort }} && \
- {{- end }}
- exec /etc/confluent/docker/run
- resources:
-{{ include "common.resources" . | indent 12 }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- - containerPort: {{ .Values.service.externalPort }}
- {{- if .Values.prometheus.jmx.enabled }}
- - containerPort: {{ .Values.jmx.port }}
- name: jmx
- {{- end }}
- {{ if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
- {{ end }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
- env:
- - name: HOST_IP
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: status.hostIP
- - name: KAFKA_ZOOKEEPER_CONNECT
- value: "{{ include "common.kafkaNodes" (dict "dot" . "replicaCount" .Values.zookeeper.replicaCount "componentName" .Values.zookeeper.name "port" .Values.zookeeper.port ) }}"
- - name: KAFKA_CONFLUENT_SUPPORT_METRICS_ENABLE
- value: "{{ .Values.kafka.enableSupport }}"
- - name: KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR
- value: "{{ .Values.config.offsets_topic_replication_factor | default .Values.replicaCount }}"
- - name: KAFKA_NUM_PARTITIONS
- value: "{{ .Values.config.num_partition | default .Values.replicaCount }}"
- - name: KAFKA_DEFAULT_REPLICATION_FACTOR
- value: "{{ .Values.config.default_replication_factor | default .Values.replicaCount }}"
- {{- if .Values.global.aafEnabled }}
- - name: KAFKA_OPTS
- value: "{{ .Values.kafka.jaasOptionsAaf }}"
- - name: aaf_locate_url
- value: https://aaf-locate.{{ include "common.namespace" . }}:8095
- - name: KAFKA_LISTENER_SECURITY_PROTOCOL_MAP
- value: "{{ .Values.kafka.protocolMapAaf }}"
- - name: KAFKA_LISTENERS
- value: "{{ .Values.kafka.listenersAaf }}"
- - name: KAFKA_SASL_ENABLED_MECHANISMS
- value: "{{ .Values.kafka.saslMech }}"
- - name: KAFKA_INTER_BROKER_LISTENER_NAME
- value: "{{ .Values.kafka.interBrokerListernerAaf }}"
- - name: KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL
- value: "{{ .Values.kafka.saslInterBrokerProtocol }}"
- - name: KAFKA_AUTHORIZER_CLASS_NAME
- value: "{{ .Values.kafka.authorizer }}"
- {{ else }}
- - name: KAFKA_OPTS
- value: "{{ .Values.kafka.jaasOptions }}"
- - name: KAFKA_LISTENER_SECURITY_PROTOCOL_MAP
- value: "{{ .Values.kafka.protocolMap }}"
- - name: KAFKA_LISTENERS
- value: "{{ .Values.kafka.listeners }}"
- - name: KAFKA_INTER_BROKER_LISTENER_NAME
- value: "{{ .Values.kafka.interBrokerListerner }}"
- {{- end }}
- {{- range $key, $value := .Values.configurationOverrides }}
- - name: {{ printf "KAFKA_%s" $key | replace "." "_" | upper | quote }}
- value: {{ $value | quote }}
- {{- end }}
- {{- if .Values.jmx.port }}
- - name: KAFKA_JMX_PORT
- value: "{{ .Values.jmx.port }}"
- {{- end }}
- - name: enableCadi
- value: "{{ .Values.global.aafEnabled }}"
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /var/run/docker.sock
- name: docker-socket
- - name: jaas-config
- mountPath: /etc/kafka/secrets/jaas
- - mountPath: /var/lib/kafka/data
- name: kafka-data
- {{- if .Values.tolerations }}
- tolerations:
- {{ toYaml .Values.tolerations | indent 10 }}
- {{- end }}
- serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: jaas-config
- emptyDir:
- medium: Memory
- - name: docker-socket
- hostPath:
- path: /var/run/docker.sock
- - name: jaas
- configMap:
- name: {{ include "common.fullname" . }}-jaas-configmap
- {{- if .Values.prometheus.jmx.enabled }}
- - name: jmx-config
- configMap:
- name: {{ include "common.fullname" . }}-prometheus-configmap
- {{- end }}
-{{ if not .Values.persistence.enabled }}
- - name: kafka-data
- emptyDir: {}
-{{ else }}
- volumeClaimTemplates:
- - metadata:
- name: kafka-data
- labels:
- app: {{ include "common.fullname" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- spec:
- accessModes:
- - {{ .Values.persistence.accessMode | quote }}
- storageClassName: {{ include "common.storageClass" . }}
- resources:
- requests:
- storage: {{ .Values.persistence.size | quote }}
-{{ end }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- persistence: {}
-
-
-#################################################################
-# AAF part
-#################################################################
-certInitializer:
- nameOverride: dmaap-mr-kafka-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: dmaap-mr
- fqi: dmaapmr@mr.dmaap.onap.org
- public_fqdn: mr.dmaap.onap.org
- cadi_longitude: "-122.26147"
- cadi_latitude: "37.78187"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- fqi_namespace: org.onap.dmaap.mr
- final_cadi_files: cadi.properties
- aaf_add_config: |
- echo "*** concat the three prop files"
- cd {{ .Values.credsPath }}
- cat {{ .Values.fqi_namespace }}.props > {{ .Values.final_cadi_files }}
- cat {{ .Values.fqi_namespace }}.cred.props >> {{ .Values.final_cadi_files }}
- cat {{ .Values.fqi_namespace }}.location.props >> {{ .Values.final_cadi_files }}
- echo "*** configuration result:"
- cat {{ .Values.final_cadi_files }}
- chown -R 1000 .
-
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-image: onap/dmaap/kafka111:1.1.1
-pullPolicy: Always
-
-
-zookeeper:
- name: message-router-zookeeper
- port: 2181
- replicaCount: 1
-
-kafka:
- heapOptions: -Xmx5G -Xms1G
- jaasOptions: -Djava.security.auth.login.config=/etc/kafka/secrets/jaas/zk_client_jaas.conf
- jaasOptionsAaf: -Djava.security.auth.login.config=/etc/kafka/secrets/jaas/kafka_server_jaas.conf
- enableSupport: false
- protocolMapAaf: INTERNAL_SASL_PLAINTEXT:SASL_PLAINTEXT,EXTERNAL_SASL_PLAINTEXT:SASL_PLAINTEXT
- protocolMap: INTERNAL_PLAINTEXT:PLAINTEXT,EXTERNAL_PLAINTEXT:PLAINTEXT
- listenersAaf: EXTERNAL_SASL_PLAINTEXT://0.0.0.0:9091,INTERNAL_SASL_PLAINTEXT://0.0.0.0:9092
- listeners: EXTERNAL_PLAINTEXT://0.0.0.0:9091,INTERNAL_PLAINTEXT://0.0.0.0:9092
- authorizer: org.onap.dmaap.kafkaAuthorize.KafkaCustomAuthorizer
- saslInterBrokerProtocol: PLAIN
- saslMech: PLAIN
- interBrokerListernerAaf: INTERNAL_SASL_PLAINTEXT
- interBrokerListerner: INTERNAL_PLAINTEXT
-
-config: {}
- # offsets_topic_replication_factor:
- # num_partition:
- # default_replication_factor:
-
-configurationOverrides:
- "log.dirs": "/var/lib/kafka/data"
- "log.retention.hours": "168"
- "transaction.state.log.replication.factor": "1"
- "transaction.state.log.min.isr": "1"
- "num.recovery.threads.per.data.dir": "5"
- "zookeeper.connection.timeout.ms": "6000"
- "zookeeper.set.acl": "true"
-
-jmx:
- port: 5555
-
-prometheus:
- jmx:
- enabled: false
- image: solsson/kafka-prometheus-jmx-exporter@sha256
- imageTag: 6f82e2b0464f50da8104acd7363fb9b995001ddff77d248379f8788e78946143
- port: 5556
-
-jaas:
- config:
- zkClient: kafka
- zkClientPassword: kafka_secret
- kafkaAdminUser: admin
- kafkaAdminPassword: admin_secret
- #kafkaAdminUserExternal: some secret
- #zkClientPasswordExternal: some secret
-
-
-secrets:
- - uid: zk-client
- type: basicAuth
- externalSecret: '{{ .Values.jaas.config.zkClientPasswordExternal}}'
- login: '{{ .Values.jaas.config.zkClient }}'
- password: '{{ .Values.jaas.config.zkClientPassword }}'
- passwordPolicy: required
- - uid: kafka-admin
- type: basicAuth
- externalSecret: '{{ .Values.jaas.config.kafkaAdminUserExternal}}'
- login: '{{ .Values.jaas.config.kafkaAdminUser }}'
- password: '{{ .Values.jaas.config.kafkaAdminPassword }}'
- passwordPolicy: required
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# default number of instances
-replicaCount: 1
-
-
-# To access Kafka outside cluster, this value must be set to hard and the number of nodes in K8S cluster must be equal or greater then replica count
-podAntiAffinityType: soft
-
-# defult partitions
-defaultpartitions: 3
-
-nodeSelector: {}
-
-nodeAffinity: {}
-
-affinity: {}
-
-tolerations: {}
-
-
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 90
- periodSeconds: 20
- timeoutSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 90
- periodSeconds: 20
- timeoutSeconds: 100
-
-## Persist data to a persitent volume
-persistence:
- enabled: true
-
- ## A manually managed Persistent Volume and Claim
- ## Requires persistence.enabled: true
- ## If defined, PVC must be created manually before volume will be bound
- # existingClaim:
- volumeReclaimPolicy: Retain
-
- ## database data Persistent Volume Storage Class
- ## If defined, storageClassName: <storageClass>
- ## If set to "-", storageClassName: "", which disables dynamic provisioning
- ## If undefined (the default) or set to null, no storageClassName spec is
- ## set, choosing the default provisioner. (gp2 on AWS, standard on
- ## GKE, AWS & OpenStack)
- ##
- # storageClass: "-"
- accessMode: ReadWriteOnce
- size: 2Gi
- mountPath: /dockerdata-nfs
- mountSubPath: message-router/data-kafka
-
-service:
- type: NodePort
- name: message-router-kafka
- portName: tcp-message-router-kafka
- internalPort: 9092
- internalSSLPort: 9093
- externalPort: 9091
- baseNodePort: 30490
-
-
-
-ingress:
- enabled: false
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 2000m
- memory: 4Gi
- requests:
- cpu: 500m
- memory: 1Gi
- large:
- limits:
- cpu: 4000m
- memory: 8Gi
- requests:
- cpu: 1000m
- memory: 2Gi
- unlimited: {}
-
-#Pods Service Account
-serviceAccount:
- nameOverride: message-router-kafka
- roles:
- - read
+++ /dev/null
-jmxUrl: service:jmx:rmi:///jndi/rmi://localhost:{{ .Values.jmx.port }}/jmxrmi
-lowercaseOutputName: true
-lowercaseOutputLabelNames: true
-ssl: false
-rules:
-- pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+)><>(\\w+)"
- name: "message-router-zookeeper_$2"
-- pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+), name1=replica.(\\d+)><>(\\w+)"
- name: "message-router-zookeeper_$3"
- labels:
- replicaId: "$2"
-- pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+), name1=replica.(\\d+), name2=(\\w+)><>(\\w+)"
- name: "message-router-zookeeper_$4"
- labels:
- replicaId: "$2"
- memberType: "$3"
-- pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+), name1=replica.(\\d+), name2=(\\w+), name3=(\\w+)><>(\\w+)"
- name: "message-router-zookeeper_$4_$5"
- labels:
- replicaId: "$2"
- memberType: "$3"
+++ /dev/null
-Server {
- org.apache.zookeeper.server.auth.DigestLoginModule required
- user_${ZK_ADMIN}="${ZK_PSWD}";
-};
\ No newline at end of file
+++ /dev/null
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright © 2018 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-{{/*
-# Copyright © 2019 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- /*
- Calculate the maximum number of zk server down in order to guarantee ZK quorum.
- For guaranteeing ZK quorum we need half of the server + 1 up.
-
- div in go template cast return an int64
- so we need to know if it is an even number or an odd.
- For this we are doing (n/2)*2=n?
- if true it is even else it is even
-*/ -}}
-{{- define "zk.maxUnavailable" -}}
-{{- $halfReplica := div .Values.replicaCount 2 -}}
- {{/* divide by 2 and multiply by 2 in order to know if it is an even number*/}}
- {{if eq (mul $halfReplica 2) (int .Values.replicaCount) }}
- {{- toYaml (sub $halfReplica 1) -}}
- {{else}}
- {{- toYaml $halfReplica -}}
- {{end}}
-{{- end -}}
+++ /dev/null
-{{/*
-Create a server list string based on fullname, namespace, # of zookeeperServers
-in a format like "zkhost1:port:port;zkhost2:port:port"
-*/}}
-{{- define "zookeeper.serverlist" -}}
-{{- $namespace := include "common.namespace" . }}
-{{- $fullname := include "common.fullname" . -}}
-{{- $name := include "common.name" . -}}
-{{- $serverPort := .Values.service.serverPort -}}
-{{- $leaderElectionPort := .Values.service.leaderElectionPort -}}
-{{- $zk := dict "zookeeperServers" (list) -}}
-{{- range $idx, $v := until (int .Values.zookeeperServers) }}
-{{- $noop := printf "%s-%d.%s.%s.svc.cluster.local:%d:%d" $fullname $idx $name $namespace (int $serverPort) (int $leaderElectionPort) | append $zk.zookeeperServers | set $zk "zookeeperServers" -}}
-{{- end }}
-{{- printf "%s" (join ";" $zk.zookeeperServers) | quote -}}
-{{- end -}}
\ No newline at end of file
+++ /dev/null
-{{/*
-# Copyright © 2020 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if .Values.prometheus.jmx.enabled }}
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-prometheus-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/jmx-zookeeper-prometheus.yml").AsConfig . | indent 2 }}
----
-{{ end }}
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-jaas-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ (.Files.Glob "resources/config/zk_server_jaas.conf").AsConfig | indent 2 }}
+++ /dev/null
-{{/*
-# Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: policy/v1beta1
-kind: PodDisruptionBudget
-metadata:
- name: {{ include "common.fullname" . }}-pdb
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- maxUnavailable: {{ include "zk.maxUnavailable" . }}
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- $global := . -}}
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-{{- if eq "True" (include "common.needPV" .) -}}
-{{ range $i, $e := until (int $global.Values.replicaCount) }}
----
-apiVersion: v1
-kind: PersistentVolume
-metadata:
- name: {{ include "common.release" $global }}-{{ $global.Values.service.name }}-{{ $i }}
- namespace: {{ include "common.namespace" $global }}
- labels:
- app: {{ $global.Values.service.name }}
- chart: {{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" $global }}
- heritage: {{ $global.Release.Service }}
-spec:
- capacity:
- storage: {{ $global.Values.persistence.size }}
- accessModes:
- - {{ $global.Values.persistence.accessMode }}
- storageClassName: "{{ include "common.fullname" $global }}-data"
- hostPath:
- path: {{ $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.mountSubPath }}-{{ $i }}
- persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }}
-{{ end }}
-{{ end }}
-{{ end }}
+++ /dev/null
-{{/*
-# Copyright © 2020 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{ include "common.secretFast" . }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- serviceName: {{ .Values.service.name }}
- replicas: {{ .Values.replicaCount }}
- updateStrategy:
- type: RollingUpdate
- rollingUpdate:
- maxUnavailable: {{ .Values.maxUnavailable }}
- podManagementPolicy: Parallel
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- {{- if .Values.prometheus.jmx.enabled }}
- annotations:
- prometheus.io/scrape: "true"
- prometheus.io/port: {{ .Values.prometheus.jmx.port | quote }}
- {{- end }}
- spec:
- {{- if .Values.nodeAffinity }}
- nodeAffinity:
- {{ toYaml .Values.nodeAffinity | indent 10 }}
- {{- end }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
- initContainers:
- - name: {{ include "common.name" . }}-permission-fixer
- command:
- - sh
- - -exec
- - >
- chown -R 1000:0 /tmp/zookeeper/apikeys;
- image: {{ include "repositoryGenerator.image.busybox" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /tmp/zookeeper/apikeys
- name: zookeeper-data
- - command:
- - sh
- args:
- - -c
- - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/etc/zookeeper/secrets/jaas/${PFILE}; done"
- env:
- - name: ZK_ADMIN
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "zk-admin" "key" "login") | indent 10 }}
- - name: ZK_PSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "zk-admin" "key" "password") | indent 10 }}
- volumeMounts:
- - mountPath: /etc/zookeeper/secrets/jaas
- name: jaas-config
- - mountPath: /config-input
- name: jaas
- image: {{ include "repositoryGenerator.image.envsubst" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-update-config
- containers:
- {{- if .Values.prometheus.jmx.enabled }}
- - name: prometheus-jmx-exporter
- image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.prometheus.jmx.image }}:{{ .Values.prometheus.jmx.imageTag }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - java
- - -XX:+UnlockExperimentalVMOptions
- - -XX:+UseCGroupMemoryLimitForHeap
- - -XX:MaxRAMFraction=1
- - -XshowSettings:vm
- - -jar
- - jmx_prometheus_httpserver.jar
- - {{ .Values.prometheus.jmx.port | quote }}
- - /etc/jmx-zookeeper/jmx-zookeeper-prometheus.yml
- ports:
- - containerPort: {{ .Values.prometheus.jmx.port }}
- resources:
-{{ toYaml .Values.prometheus.jmx.resources | indent 10 }}
- volumeMounts:
- - name: jmx-config
- mountPath: /etc/jmx-zookeeper
- {{- end }}
- - name: {{ include "common.name" . }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- resources:
-{{ include "common.resources" . | indent 12 }}
- ports:
- - containerPort: {{ .Values.service.clientPort }}
- name: {{ .Values.service.clientPortName }}
- - containerPort: {{ .Values.service.serverPort }}
- name: {{ .Values.service.serverPortName }}
- - containerPort: {{ .Values.service.leaderElectionPort }}
- name: {{ .Values.service.leaderElectionPortName }}
- {{- if .Values.prometheus.jmx.enabled }}
- - containerPort: {{ .Values.jmx.port }}
- name: jmx
- {{- end }}
- {{ if eq .Values.liveness.enabled true }}
- livenessProbe:
- exec:
- command: ['/bin/bash', '-c', 'echo "ruok" | nc -w 2 localhost 2181 | grep imok']
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
- {{ end }}
- readinessProbe:
- exec:
- command: ['/bin/bash', '-c', 'echo "ruok" | nc -w 2 localhost 2181 | grep imok']
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
- resources:
-{{ include "common.resources" . | indent 10 }}
- env:
- - name : KAFKA_HEAP_OPTS
- value: "{{ .Values.zkConfig.heapOptions }}"
- {{- if .Values.jmx.port }}
- - name : KAFKA_JMX_PORT
- value: "{{ .Values.jmx.port }}"
- {{- end }}
- - name : ZOOKEEPER_REPLICAS
- value: "{{ .Values.replicaCount }}"
- - name : ZOOKEEPER_TICK_TIME
- value: "{{ .Values.zkConfig.tickTime }}"
- - name : ZOOKEEPER_SYNC_LIMIT
- value: "{{ .Values.zkConfig.syncLimit }}"
- - name : ZOOKEEPER_INIT_LIMIT
- value: "{{ .Values.zkConfig.initLimit }}"
- - name : ZOOKEEPER_MAX_CLIENT_CNXNS
- value: "{{ .Values.zkConfig.maxClientCnxns }}"
- - name : ZOOKEEPER_AUTOPURGE_SNAP_RETAIN_COUNT
- value: "{{ .Values.zkConfig.autoPurgeSnapRetainCount}}"
- - name : ZOOKEEPER_AUTOPURGE_PURGE_INTERVAL
- value: "{{ .Values.zkConfig.autoPurgePurgeInterval}}"
- - name: ZOOKEEPER_CLIENT_PORT
- value: "{{ .Values.zkConfig.clientPort }}"
- - name: KAFKA_OPTS
- value: "{{ .Values.zkConfig.kafkaOpts }}"
- - name: ZOOKEEPER_QUORUM_LISTEN_ON_ALL_IPS
- value: "true"
- - name: ZOOKEEPER_SERVERS
- value: {{ template "zookeeper.serverlist" . }}
- - name: ZOOKEEPER_SERVER_ID
- valueFrom:
- fieldRef:
- fieldPath: metadata.name
- command:
- - "bash"
- - "-c"
- - |
- ZOOKEEPER_SERVER_ID=$((${HOSTNAME##*-}+1)) \
- /etc/confluent/docker/run
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /var/lib/zookeeper/data
- name: zookeeper-data
- - name: jaas-config
- mountPath: /etc/zookeeper/secrets/jaas
- {{- if .Values.tolerations }}
- tolerations:
- {{ toYaml .Values.tolerations | indent 10 }}
- {{- end }}
- serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: jaas-config
- emptyDir:
- medium: Memory
- - name: docker-socket
- hostPath:
- path: /var/run/docker.sock
- - name: jaas
- configMap:
- name: {{ include "common.fullname" . }}-jaas-configmap
- {{- if .Values.prometheus.jmx.enabled }}
- - name: jmx-config
- configMap:
- name: {{ include "common.fullname" . }}-prometheus-configmap
- {{- end }}
-{{ if not .Values.persistence.enabled }}
- - name: zookeeper-data
- emptyDir: {}
-{{ else }}
- volumeClaimTemplates:
- - metadata:
- name: zookeeper-data
- labels:
- app: {{ include "common.fullname" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- spec:
- accessModes:
- - {{ .Values.persistence.accessMode | quote }}
- storageClassName: {{ include "common.storageClass" . }}
- resources:
- requests:
- storage: {{ .Values.persistence.size | quote }}
-{{ end }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- persistence: {}
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-image: onap/dmaap/zookeeper:6.1.0
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-
-# default number of instances
-replicaCount: 1
-
-zookeeperServers: 1
-
-nodeSelector: {}
-
-nodeAffinity: {}
-
-affinity: {}
-
-tolerations: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 60
- periodSeconds: 20
- timeoutSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 60
- periodSeconds: 20
- timeoutSeconds: 10
-
-#Zookeeper properties
-zkConfig:
- tickTime: 2000
- syncLimit: 5
- initLimit: 20
- maxClientCnxns: 200
- autoPurgeSnapRetainCount: 3
- autoPurgePurgeInterval: 24
- heapOptions: -Xmx2G -Xms2G
- kafkaOpts: -Djava.security.auth.login.config=/etc/zookeeper/secrets/jaas/zk_server_jaas.conf -Dzookeeper.kerberos.removeHostFromPrincipal=true -Dzookeeper.kerberos.removeRealmFromPrincipal=true -Dzookeeper.authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider -Dzookeeper.requireClientAuthScheme=sasl -Dzookeeper.4lw.commands.whitelist=*
- clientPort: 2181
-
-jmx:
- port: 5555
-
-prometheus:
- jmx:
- enabled: false
- image: solsson/kafka-prometheus-jmx-exporter@sha256
- imageTag: 6f82e2b0464f50da8104acd7363fb9b995001ddff77d248379f8788e78946143
- port: 5556
-
-jaas:
- config:
- zkAdminUser: kafka
- zkAdminPassword: kafka_secret
- #zkAdminPasswordExternal= some password
-
-secrets:
- - uid: zk-admin
- type: basicAuth
- externalSecret: '{{ .Values.jaas.config.zkAdminPasswordExternal}}'
- login: '{{ .Values.jaas.config.zkAdminUser }}'
- password: '{{ .Values.jaas.config.zkAdminPassword }}'
- passwordPolicy: required
-
-## Persist data to a persitent volume
-persistence:
- enabled: true
-
- ## A manually managed Persistent Volume and Claim
- ## Requires persistence.enabled: true
- ## If defined, PVC must be created manually before volume will be bound
- # existingClaim:
- volumeReclaimPolicy: Retain
-
- ## database data Persistent Volume Storage Class
- ## If defined, storageClassName: <storageClass>
- ## If set to "-", storageClassName: "", which disables dynamic provisioning
- ## If undefined (the default) or set to null, no storageClassName spec is
- ## set, choosing the default provisioner. (gp2 on AWS, standard on
- ## GKE, AWS & OpenStack)
- ##
- # storageClass: "-"
- accessMode: ReadWriteOnce
- size: 2Gi
- mountPath: /dockerdata-nfs
- mountSubPath: message-router/data-zookeeper
-
-
-rollingUpdate:
- maxUnavailable: 1
-service:
- type: ClusterIP
- name: message-router-zookeeper
- portName: message-router-zookeeper
- clientPortName: tcp-client
- clientPort: 2181
- serverPortName: tcp-server
- serverPort: 2888
- leaderElectionPortName: tcp-leader
- leaderElectionPort: 3888
-
-ingress:
- enabled: false
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 2000m
- memory: 4Gi
- requests:
- cpu: 500m
- memory: 1Gi
- large:
- limits:
- cpu: 4000m
- memory: 8Gi
- requests:
- cpu: 1000m
- memory: 2Gi
- unlimited: {}
-
-#Pods Service Account
-serviceAccount:
- nameOverride: message-router-zookeeper
- roles:
- - read
# org.onap.dmaap
# ================================================================================
# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# Modifications Copyright © 2021-2022 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#
###############################################################################
###############################################################################
-##
-## Cambria API Server config
-##
-## Default values are shown as commented settings.
-##
-###############################################################################
-##
-## HTTP service
-##
-## 3904 is standard as of 7/29/14.
-#
-## Zookeeper Connection
-##
-## Both Cambria and Kafka make use of Zookeeper.
-##
-#config.zk.servers=172.18.1.1
-#config.zk.servers={{.Values.zookeeper.name}}:{{.Values.zookeeper.port}}
*/}}
-config.zk.servers={{ include "common.kafkaNodes" (dict "dot" . "replicaCount" (index .Values "message-router-zookeeper" "replicaCount") "componentName" .Values.zookeeper.name "port" .Values.zookeeper.port ) }}
-#config.zk.root=/fe3c/cambria/config
-
-
-###############################################################################
##
## Kafka Connection
##
## Items below are passed through to Kafka's producer and consumer
## configurations (after removing "kafka.")
## if you want to change request.required.acks it can take this one value
-#kafka.metadata.broker.list=localhost:9092,localhost:9093
-#kafka.metadata.broker.list={{.Values.kafka.name}}:{{.Values.kafka.port}}
-kafka.metadata.broker.list={{ include "common.kafkaNodes" (dict "dot" . "replicaCount" (index .Values "message-router-kafka" "replicaCount") "componentName" .Values.kafka.name "port" .Values.kafka.port ) }}
-
-##kafka.request.required.acks=-1
-#kafka.client.zookeeper=${config.zk.servers}
+kafka.metadata.broker.list={{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}:{{ .Values.global.kafkaInternalPort }}
+config.zk.servers=127.0.0.1:{{ .Values.global.zkTunnelService.internalPort }}
+#kafka.request.required.acks=-1
consumer.timeout.ms=100
zookeeper.connection.timeout.ms=6000
zookeeper.session.timeout.ms=20000
cambria.consumer.cache.zkBasePath=/fe3c/cambria/consumerCache
consumer.timeout=17
default.partitions=3
-default.replicas={{ index .Values "message-router-kafka" "replicaCount" }}
+default.replicas=3
##############################################################################
#100mb
maxcontentlength=10000
<!--
============LICENSE_START=======================================================
Copyright © 2019 AT&T Intellectual Property. All rights reserved.
+ Modifications Copyright © 2021-2022 Nordix Foundation
================================================================================
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
============LICENSE_END=========================================================
-->
-<configuration scan="true" scanPeriod="3 seconds" debug="false">
+<configuration scan="true" scanPeriod="3 seconds" debug="true">
<contextName>${module.ajsc.namespace.name}</contextName>
<jmxConfigurator />
<property name="logDirectory" value="${AJSC_HOME}/log" />
</encoder>
</appender>
- <appender name="ERROR" class="ch.qos.logback.core.ConsoleAppender"> class="ch.qos.logback.core.ConsoleAppender">
+ <appender name="ERROR" class="ch.qos.logback.core.ConsoleAppender">
<filter class="ch.qos.logback.classic.filter.LevelFilter">
<level>ERROR</level>
<onMatch>ACCEPT</onMatch>
<!-- Msgrtr related loggers -->
- <logger name="org.onap.dmaap.dmf.mr.service" level="INFO" />
- <logger name="org.onap.dmaap.dmf.mr.service.impl" level="INFO" />
+ <logger name="org.onap.dmaap.dmf.mr.service" level="TRACE" />
+ <logger name="org.onap.dmaap.dmf.mr.service.impl" level="TRACE" />
- <logger name="org.onap.dmaap.dmf.mr.resources" level="INFO" />
- <logger name="org.onap.dmaap.dmf.mr.resources.streamReaders" level="INFO" />
+ <logger name="org.onap.dmaap.dmf.mr.resources" level="TRACE" />
+ <logger name="org.onap.dmaap.dmf.mr.resources.streamReaders" level="TRACE" />
- <logger name="org.onap.dmaap.dmf.mr.backends" level="INFO" />
- <logger name="org.onap.dmaap.dmf.mr.backends.kafka" level="INFO" />
- <logger name="org.onap.dmaap.dmf.mr.backends.memory" level="INFO" />
+ <logger name="org.onap.dmaap.dmf.mr.backends" level="TRACE" />
+ <logger name="org.onap.dmaap.dmf.mr.backends.kafka" level="TRACE" />
+ <logger name="org.onap.dmaap.dmf.mr.backends.memory" level="TRACE" />
- <logger name="org.onap.dmaap.dmf.mr.beans" level="INFO" />
+ <logger name="org.onap.dmaap.dmf.mr.beans" level="TRACE" />
- <logger name="org.onap.dmaap.dmf.mr.constants" level="INFO" />
+ <logger name="org.onap.dmaap.dmf.mr.constants" level="TRACE" />
- <logger name="org.onap.dmaap.dmf.mr.exception" level="INFO" />
+ <logger name="org.onap.dmaap.dmf.mr.exception" level="TRACE" />
- <logger name="org.onap.dmaap.dmf.mr.listener" level="INFO" />
+ <logger name="org.onap.dmaap.dmf.mr.listener" level="TRACE" />
- <logger name="org.onap.dmaap.dmf.mr.metabroker" level="INFO" />
+ <logger name="org.onap.dmaap.dmf.mr.metabroker" level="TRACE" />
- <logger name="org.onap.dmaap.dmf.mr.metrics.publisher" level="INFO" />
- <logger name="org.onap.dmaap.dmf.mr.metrics.publisher.impl" level="INFO" />
+ <logger name="org.onap.dmaap.dmf.mr.metrics.publisher" level="TRACE" />
+ <logger name="org.onap.dmaap.dmf.mr.metrics.publisher.impl" level="TRACE" />
- <logger name="org.onap.dmaap.dmf.mr.security" level="INFO" />
- <logger name="org.onap.dmaap.dmf.mr.security.impl" level="INFO" />
+ <logger name="org.onap.dmaap.dmf.mr.security" level="TRACE" />
+ <logger name="org.onap.dmaap.dmf.mr.security.impl" level="TRACE" />
- <logger name="org.onap.dmaap.dmf.mr.transaction" level="INFO" />
- <logger name="com.att.dmf.mr.transaction.impl" level="INFO" />
+ <logger name="org.onap.dmaap.dmf.mr.transaction" level="TRACE" />
+ <logger name="com.att.dmf.mr.transaction.impl" level="TRACE" />
- <logger name="org.onap.dmaap.dmf.mr.metabroker" level="INFO" />
- <logger name="org.onap.dmaap.dmf.mr.metabroker" level="INFO" />
+ <logger name="org.onap.dmaap.dmf.mr.metabroker" level="TRACE" />
+ <logger name="org.onap.dmaap.dmf.mr.metabroker" level="TRACE" />
- <logger name="org.onap.dmaap.dmf.mr.utils" level="INFO" />
- <logger name="org.onap.dmaap.mr.filter" level="INFO" />
+ <logger name="org.onap.dmaap.dmf.mr.utils" level="TRACE" />
+ <logger name="org.onap.dmaap.mr.filter" level="TRACE" />
- <!--<logger name="com.att.nsa.cambria.*" level="INFO" />-->
+ <!--<logger name="com.att.nsa.cambria.*" level="TRACE" />-->
<!-- Msgrtr loggers in ajsc -->
- <logger name="org.onap.dmaap.service" level="INFO" />
- <logger name="org.onap.dmaap" level="INFO" />
+ <logger name="org.onap.dmaap.service" level="TRACE" />
+ <logger name="org.onap.dmaap" level="TRACE" />
<!-- Spring related loggers -->
- <logger name="org.springframework" level="WARN" additivity="false"/>
- <logger name="org.springframework.beans" level="WARN" additivity="false"/>
- <logger name="org.springframework.web" level="WARN" additivity="false" />
- <logger name="com.blog.spring.jms" level="WARN" additivity="false" />
+ <logger name="org.springframework" level="TRACE" additivity="false"/>
+ <logger name="org.springframework.beans" level="TRACE" additivity="false"/>
+ <logger name="org.springframework.web" level="TRACE" additivity="false" />
+ <logger name="com.blog.spring.jms" level="TRACE" additivity="false" />
<!-- AJSC Services (bootstrap services) -->
- <logger name="ajsc" level="WARN" additivity="false"/>
- <logger name="ajsc.RouteMgmtService" level="INFO" additivity="false"/>
- <logger name="ajsc.ComputeService" level="INFO" additivity="false" />
- <logger name="ajsc.VandelayService" level="WARN" additivity="false"/>
- <logger name="ajsc.FilePersistenceService" level="WARN" additivity="false"/>
- <logger name="ajsc.UserDefinedJarService" level="WARN" additivity="false" />
- <logger name="ajsc.UserDefinedBeansDefService" level="WARN" additivity="false" />
- <logger name="ajsc.LoggingConfigurationService" level="WARN" additivity="false" />
+ <logger name="ajsc" level="TRACE" additivity="false"/>
+ <logger name="ajsc.RouteMgmtService" level="TRACE" additivity="false"/>
+ <logger name="ajsc.ComputeService" level="TRACE" additivity="false" />
+ <logger name="ajsc.VandelayService" level="TRACE" additivity="false"/>
+ <logger name="ajsc.FilePersistenceService" level="TRACE" additivity="false"/>
+ <logger name="ajsc.UserDefinedJarService" level="TRACE" additivity="false" />
+ <logger name="ajsc.UserDefinedBeansDefService" level="TRACE" additivity="false" />
+ <logger name="ajsc.LoggingConfigurationService" level="TRACE" additivity="false" />
<!-- AJSC related loggers (DME2 Registration, csi logging, restlet, servlet
logging) -->
- <logger name="ajsc.utils" level="WARN" additivity="false"/>
- <logger name="ajsc.utils.DME2Helper" level="INFO" additivity="false" />
- <logger name="ajsc.filters" level="DEBUG" additivity="false" />
- <logger name="ajsc.beans.interceptors" level="DEBUG" additivity="false" />
- <logger name="ajsc.restlet" level="DEBUG" additivity="false" />
- <logger name="ajsc.servlet" level="DEBUG" additivity="false" />
- <logger name="com.att" level="WARN" additivity="false" />
- <logger name="com.att.ajsc.csi.logging" level="WARN" additivity="false" />
- <logger name="com.att.ajsc.filemonitor" level="WARN" additivity="false"/>
+ <logger name="ajsc.utils" level="TRACE" additivity="false"/>
+ <logger name="ajsc.utils.DME2Helper" level="TRACE" additivity="false" />
+ <logger name="ajsc.filters" level="TRACE" additivity="false" />
+ <logger name="ajsc.beans.interceptors" level="TRACE" additivity="false" />
+ <logger name="ajsc.restlet" level="TRACE" additivity="false" />
+ <logger name="ajsc.servlet" level="TRACE" additivity="false" />
+ <logger name="com.att" level="TRACE" additivity="false" />
+ <logger name="com.att.ajsc.csi.logging" level="TRACE" additivity="false" />
+ <logger name="com.att.ajsc.filemonitor" level="TRACE" additivity="false"/>
- <logger name="com.att.nsa.dmaap.util" level="INFO" additivity="false"/>
- <logger name="com.att.cadi.filter" level="INFO" additivity="false" />
+ <logger name="com.att.nsa.dmaap.util" level="TRACE" additivity="false"/>
+ <logger name="com.att.cadi.filter" level="TRACE" additivity="false" />
<!-- Other Loggers that may help troubleshoot -->
- <logger name="net.sf" level="WARN" additivity="false" />
- <logger name="org.apache.commons.httpclient" level="WARN" additivity="false"/>
- <logger name="org.apache.commons" level="WARN" additivity="false" />
- <logger name="org.apache.coyote" level="WARN" additivity="false"/>
- <logger name="org.apache.jasper" level="WARN" additivity="false"/>
+ <logger name="net.sf" level="TRACE" additivity="false" />
+ <logger name="org.apache.commons.httpclient" level="TRACE" additivity="false"/>
+ <logger name="org.apache.commons" level="TRACE" additivity="false" />
+ <logger name="org.apache.coyote" level="TRACE" additivity="false"/>
+ <logger name="org.apache.jasper" level="TRACE" additivity="false"/>
<!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging.
May aid in troubleshooting) -->
- <logger name="org.apache.camel" level="WARN" additivity="false" />
- <logger name="org.apache.cxf" level="WARN" additivity="false" />
- <logger name="org.apache.camel.processor.interceptor" level="WARN" additivity="false"/>
- <logger name="org.apache.cxf.jaxrs.interceptor" level="WARN" additivity="false" />
- <logger name="org.apache.cxf.service" level="WARN" additivity="false" />
- <logger name="org.restlet" level="DEBUG" additivity="false" />
- <logger name="org.apache.camel.component.restlet" level="DEBUG" additivity="false" />
- <logger name="org.apache.kafka" level="DEBUG" additivity="false" />
- <logger name="org.apache.zookeeper" level="INFO" additivity="false" />
- <logger name="org.I0Itec.zkclient" level="DEBUG" additivity="false" />
+ <logger name="org.apache.camel" level="TRACE" additivity="false" />
+ <logger name="org.apache.cxf" level="TRACE" additivity="false" />
+ <logger name="org.apache.camel.processor.interceptor" level="TRACE" additivity="false"/>
+ <logger name="org.apache.cxf.jaxrs.interceptor" level="TRACE" additivity="false" />
+ <logger name="org.apache.cxf.service" level="TRACE" additivity="false" />
+ <logger name="org.restlet" level="TRACE" additivity="false" />
+ <logger name="org.apache.camel.component.restlet" level="TRACE" additivity="false" />
+ <logger name="org.apache.kafka" level="TRACE" additivity="false" />
+ <logger name="org.apache.zookeeper" level="TRACE" additivity="false" />
+ <logger name="org.I0Itec.zkclient" level="TRACE" additivity="false" />
<!-- logback internals logging -->
- <logger name="ch.qos.logback.classic" level="INFO" additivity="false"/>
- <logger name="ch.qos.logback.core" level="INFO" additivity="false" />
+ <logger name="ch.qos.logback.classic" level="TRACE" additivity="false"/>
+ <logger name="ch.qos.logback.core" level="TRACE" additivity="false" />
<!-- logback jms appenders & loggers definition starts here -->
<!-- logback jms appenders & loggers definition starts here -->
<appender-ref ref="Audit-Record-Queue" />
</appender>
- <logger name="AuditRecord" level="INFO" additivity="FALSE">
+ <logger name="AuditRecord" level="TRACE" additivity="FALSE">
<appender-ref ref="STDOUT" />
</logger>
- <logger name="AuditRecord_DirectCall" level="INFO" additivity="FALSE">
+ <logger name="AuditRecord_DirectCall" level="TRACE" additivity="FALSE">
<appender-ref ref="STDOUT" />
</logger>
<appender name="ASYNC-perf" class="ch.qos.logback.classic.AsyncAppender">
<discardingThreshold>0</discardingThreshold>
<appender-ref ref="Performance-Tracker-Queue" />
</appender>
- <logger name="PerfTrackerRecord" level="INFO" additivity="FALSE">
+ <logger name="PerfTrackerRecord" level="TRACE" additivity="FALSE">
<appender-ref ref="ASYNC-perf" />
<appender-ref ref="perfLogs" />
</logger>
<!-- logback jms appenders & loggers definition ends here -->
- <root level="DEBUG">
+ <root level="TRACE">
<appender-ref ref="DEBUG" />
<appender-ref ref="ERROR" />
<appender-ref ref="INFO" />
+++ /dev/null
-_sNOLphPzrU7L0L3oWv0pYwgV_ddGF1XoBsQEIAp34jfP-fGJFPfFYaMpDEZ3gwH59rNw6qyMZHk
-k-4irklvVcWk36lC3twNvc0DueRCVrws1bkuhOLCXdxHJx-YG-1xM8EJfRmzh79WPlPkbAdyPmFF
-Ah44V0GjAnInPOFZA6MHP9rNx9B9qECHRfmvzU13vJCcgTsrmOr-CEiWfRsnzPjsICxpq9OaVT_D
-zn6rNaroGm1OiZNCrCgvRkCUHPOOCw3j9G1GeaImoZNYtozbz9u4sj13PU-MxIIAa64b1bMMMjpz
-Upc8lVPI4FnJKg6axMmEGn5zJ6JUq9mtOVyPj__2GEuDgpx5H4AwodXXVjFsVgR8UJwI_BvS2JVp
-JoQk0J1RqXmAXVamlsMAfzmmbARXgmrBfnuhveZnh9ymFVU-YZeujdANniXAwBGI7c6hG_BXkH7i
-Eyf4Fn41_SV78PskP6qgqJahr9r3bqdjNbKBztIKCOEVrE_w3IM5r02l-iStk_NBRkj6cq_7VCpG
-afxZ2CtZMwuZMiypO_wOgbdpCSKNzsL-NH2b4b08OlKiWb263gz634KJmV5WEfCl-6eH-JUFbWOS
-JwQfActLNT2ZQPl2MyZQNBzJEWoJRgS6k7tPRO-zqeUtYYHGHVMCxMuMHGQcoilNNHEFeBCG_fBh
-yAKb9g9F86Cbx9voMLiyTX2T3rwVHiSJFOzfNxGmfN5JWOthIun_c5hEY1tLQ15BomzkDwk7BAj7
-VbRCrVD45B6xrmSTMBSWYmLyr6mnQxQqeh9cMbD-0ZAncE3roxRnRvPKjFFa208ykYUp2V83r_PJ
-fV5I9ZPKSjk9DwFyrjkcQQEYDhdK6IFqcd6nEthjYVkmunu2fsX0bIOm9GGdIbKGqBnpdgBO5hyT
-rBr9HSlZrHcGdti1R823ckDF0Ekcl6kioDr5NLIpLtg9zUEDRm3QrbX2mv5Zs8W0pYnOqglxy3lz
-bJZTN7oR7VasHUtjmp0RT9nLZkUs5TZ6MHhlIq3ZsQ6w_Q9Rv1-ofxfwfCC4EBrWKbWAGCf6By4K
-Ew8321-2YnodhmsK5BrT4zQ1DZlmUvK8BmYjZe7wTljKjgYcsLTBfX4eMhJ7MIW1kpnl8AbiBfXh
-QzN56Mki51Q8PSQWHm0W9tnQ0z6wKdck6zBJ8JyNzewZahFKueDTn-9DOqIDfr3YHvQLLzeXyJ8e
-h4AgjW-hvlLzRGtkCknjLIgXVa3rMTycseAwbW-mgdCqqkw3SdEG8feAcyntmvE8j2jbtSDStQMB
-9JdvyNLuQdNG4pxpusgvVso0-8NQF0YVa9VFwg9U6IPSx5p8FcW68OAHt_fEgT4ZtiH7o9aur4o9
-oYqUh2lALCY-__9QLq1KkNjMKs33Jz9E8LbRerG9PLclkTrxCjYAeUWBjCwSI7OB7xkuaYDSjkjj
-a46NLpdBN1GNcsFFcZ79GFAK0_DsyxGLX8Tq6q0Bvhs8whD8wlSxpTGxYkyqNX-vcb7SDN_0WkCE
-XSdZWkqTHXcYbOvoCOb_e6SFAztuMenuHWY0utX0gBfx_X5lPDFyoYXErxFQHiA7t27keshXNa6R
-ukQRRS8kMjre1U74sc-fRNXkXpl57rG4rgxaEX0eBeowa53KAsVvUAoSac2aC_nfzXrDvoyf9Xi3
-JpEZNhUDLpFCEycV4I7jGQ9wo9qNaosvlsr6kbLDNdb_1xrGVgjT3xEvRNJNPqslSAu-yD-UFhC3
-AmCdYUnugw_eEFqXCHTARcRkdPPvl2XsmEKY2IqEeO5tz4DyXQFaL-5hEVh6lYEU1EOWHk3UGIXe
-Vc5_Ttp82qNLmlJPbZvgmNTJzYTHDQ_27KBcp7IVVZgPDjVKdWqQvZ18KhxvfF3Idgy82LBZniFV
-IbtxllXiPRxoPQriSXMnXjh3XkvSDI2pFxXfEvLRn1tvcFOwPNCz3QfPIzYg8uYXN5bRt3ZOrR_g
-ZhIlrc7HO0VbNbeqEVPKMZ-cjkqGj4VAuDKoQc0eQ6X_wCoAGO78nPpLeIvZPx1X3z5YoqNA
\ No newline at end of file
{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2021-2022 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
---
apiVersion: v1
kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-dbc-mrclusters
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/mr_clusters/*.json").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-dbc-topics
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/topics/*.json").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-sys-props
namespace: {{ include "common.namespace" . }}
{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2021-2022 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
data:
{{ (.Files.Glob "resources/config/dmaap/mykey").AsSecrets | indent 2 }}
type: Opaque
+---
+{{ include "common.secretFast" . }}
{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2021-2022 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- - command:
- - /app/ready.py
- args:
- - --container-name
- - {{ .Values.kafka.name }}
- - --container-name
- - {{ .Values.zookeeper.name }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
{{ include "common.certInitializer.initContainer" . | indent 6 | trim }}
{{- if .Values.global.aafEnabled }}
- name: {{ include "common.name" . }}-update-config
- name: jmx-config
mountPath: /etc/jmx-kafka
{{- end }}
+ - name: srimzi-zk-entrance
+ image: 'docker.io/scholzj/zoo-entrance:latest'
+ command:
+ - /opt/stunnel/stunnel_run.sh
+ ports:
+ - containerPort: {{ .Values.global.zkTunnelService.internalPort }}
+ name: zoo
+ protocol: TCP
+ env:
+ - name: LOG_LEVEL
+ value: debug
+ - name: STRIMZI_ZOOKEEPER_CONNECT
+ value: '{{ include "common.release" . }}-strimzi-zookeeper-client:{{ .Values.global.zkTunnelService.internalPort }}'
+ imagePullPolicy: Always
+ livenessProbe:
+ exec:
+ command:
+ - /opt/stunnel/stunnel_healthcheck.sh
+ - '{{ .Values.global.zkTunnelService.internalPort }}'
+ failureThreshold: 3
+ initialDelaySeconds: 15
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 5
+ readinessProbe:
+ exec:
+ command:
+ - /opt/stunnel/stunnel_healthcheck.sh
+ - '{{ .Values.global.zkTunnelService.internalPort }}'
+ failureThreshold: 3
+ initialDelaySeconds: 15
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 5
+ volumeMounts:
+ - mountPath: /etc/cluster-operator-certs/
+ name: cluster-operator-certs
+ - mountPath: /etc/cluster-ca-certs/
+ name: cluster-ca-certs
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
successThreshold: {{ .Values.startup.successThreshold }}
failureThreshold: {{ .Values.startup.failureThreshold }}
env:
+ - name: JAASLOGIN
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "mr-kafka-admin-secret" "key" "sasl.jaas.config") | indent 12 }}
+ - name: SASLMECH
+ value: {{ .Values.global.saslMechanism }}
- name: enableCadi
value: "{{ .Values.global.aafEnabled }}"
volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- mountPath: /appl/dmaapMR1/bundleconfig/etc/logback.xml
subPath: logback.xml
name: logback
- - mountPath: /appl/dmaapMR1/etc/keyfile
- subPath: mykey
- name: mykey
{{- if .Values.global.aafEnabled }}
- mountPath: /appl/dmaapMR1/etc/runner-web.xml
subPath: runner-web.xml
configMap:
name: {{ include "common.fullname" . }}-prometheus-configmap
{{- end }}
- - name: mykey
- secret:
- secretName: {{ include "common.fullname" . }}-secret
- name: sys-props
configMap:
name: {{ include "common.fullname" . }}-sys-props
- name: jetty
emptyDir: {}
+ - name: cluster-operator-certs
+ secret:
+ defaultMode: 288
+ secretName: {{ include "common.release" . }}-strimzi-cluster-operator-certs
+ - name: cluster-ca-certs
+ secret:
+ defaultMode: 288
+ secretName: {{ include "common.release" . }}-strimzi-cluster-ca-cert
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: {{ include "common.fullname" . }}-zk-network-policy
+ namespace: {{ include "common.namespace" . }}
+spec:
+ podSelector:
+ matchLabels:
+ strimzi.io/name: {{ include "common.release" . }}-strimzi-zookeeper
+ ingress:
+ - from:
+ - podSelector:
+ matchLabels:
+ app.kubernetes.io/name: {{ include "common.name" . }}
+ ports:
+ - port: {{ .Values.global.zkTunnelService.internalPort }}
+ protocol: TCP
+ policyTypes:
+ - Ingress
\ No newline at end of file
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2021-2022 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#################################################################
global:
nodePortPrefix: 302
-
+ kafkaBootstrap: strimzi-kafka-bootstrap
+ saslMechanism: scram-sha-512
+ kafkaInternalPort: 9092
+ zkTunnelService:
+ type: ClusterIP
+ name: zk-tunnel-svc
+ portName: tcp-zk-tunnel
+ internalPort: 2181
#################################################################
# AAF part
image: onap/dmaap/dmaap-mr:1.3.2
pullPolicy: Always
-kafka:
- name: message-router-kafka
- port: 9092
-zookeeper:
- name: message-router-zookeeper
- port: 2181
+secrets:
+ - uid: mr-kafka-admin-secret
+ externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
+ type: genericKV
+ envs:
+ - name: sasl.jaas.config
+ value: '{{ .Values.config.someConfig }}'
+ policy: generate
# flag to enable debugging - application support required
debugEnabled: false
# application configuration
-config: {}
+config:
+ someConfig: blah
# default number of instances
replicaCount: 1
# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2018 Amdocs,Bell Canada
+# Modifications Copyright © 2021-2022 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
aafAppNs: org.osaaf.aaf
aafLocatorContainer: oom
+ #Strimzi config
+ kafkaBootstrap: strimzi-kafka-bootstrap
+ kafkaStrimziAdminUser: strimzi-kafka-admin
+ kafkaInternalPort: 9092
+ saslMechanism: scram-sha-512
+
#Component overrides
message-router:
enabled: true
+ config:
+ jaasConfExternalSecret: '{{ .Values.global.kafkaStrimziAdminUser }}'
dmaap-bc:
enabled: true
dmaap-dr-node:
enabled: true
dmaap-dr-prov:
enabled: true
+dmaap-strimzi:
+ enabled: true
#Pods Service Account
serviceAccount:
check_for_dep() {
try=0
retries=60
- until (kubectl get deployment -n $HELM_NAMESPACE | grep -P "\b$1\b") &>/dev/null; do
- (( ++try > retries )) && exit 1
+ until (kubectl get deployment -n $HELM_NAMESPACE | grep -P "\b$1\b") >/dev/null 2>&1; do
+ try=$(($try + 1))
+ [ $try -gt $retries ] && exit 1
echo "$1 not found. Retry $try/$retries"
sleep 10
done
# Application configuration defaults.
#################################################################
# application image
-image: onap/holmes/engine-management:10.0.4
+image: onap/holmes/engine-management:10.0.5
consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/holmes/rule-management:10.0.4
+image: onap/holmes/rule-management:10.0.5
consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-apex-pdp:2.7.2
+image: onap/policy-apex-pdp:2.7.3
pullPolicy: Always
# flag to enable debugging - application support required
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-api:2.6.2
+image: onap/policy-api:2.6.3
pullPolicy: Always
# flag to enable debugging - application support required
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-ac-http-ppnt:6.2.2
+image: onap/policy-clamp-ac-http-ppnt:6.2.3
pullPolicy: Always
# application configuration
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-ac-k8s-ppnt:6.2.2
+image: onap/policy-clamp-ac-k8s-ppnt:6.2.3
pullPolicy: Always
# flag to enable debugging - application support required
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-ac-pf-ppnt:6.2.2
+image: onap/policy-clamp-ac-pf-ppnt:6.2.3
pullPolicy: Always
# flag to enable debugging - application support required
flavor: small
# application image
-image: onap/policy-clamp-backend:6.2.2
+image: onap/policy-clamp-backend:6.2.3
pullPolicy: Always
# flag to enable debugging - application support required
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-runtime-acm:6.2.2
+image: onap/policy-clamp-runtime-acm:6.2.3
pullPolicy: Always
# flag to enable debugging - application support required
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-distribution:2.7.2
+image: onap/policy-distribution:2.7.3
pullPolicy: Always
# flag to enable debugging - application support required
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-pdpd-cl:1.10.2
+image: onap/policy-pdpd-cl:1.10.3
pullPolicy: Always
# flag to enable debugging - application support required
flavor: small
# application image
-image: onap/policy-gui:2.2.2
+image: onap/policy-gui:2.2.3
pullPolicy: Always
# flag to enable debugging - application support required
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-pap:2.6.2
+image: onap/policy-pap:2.6.3
pullPolicy: Always
# flag to enable debugging - application support required
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-xacml-pdp:2.6.2
+image: onap/policy-xacml-pdp:2.6.3
pullPolicy: Always
# flag to enable debugging - application support required
image: mariadb:10.5.8
dbmigrator:
- image: onap/policy-db-migrator:2.4.2
+ image: onap/policy-db-migrator:2.4.3
schema: policyadmin
policy_home: "/opt/app/policy"
GLOBAL_DMAAP_KAFKA_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "message-router-kafka" "port" 9092) }}'
GLOBAL_DMAAP_KAFKA_JAAS_USERNAME = '{{ .Values.kafkaJaasUsername }}'
GLOBAL_DMAAP_KAFKA_JAAS_PASSWORD = '{{ .Values.kafkaJaasPassword }}'
+# strimzi kafka
+GLOBAL_KAFKA_BOOTSTRAP_SERVICE = '{{ include "common.release" . }}-strimzi-kafka-bootstrap:9092'
+GLOBAL_KAFKA_USER = '{{ .Values.strimziKafkaJaasUsername }}'
# DROOL server port and credentials
GLOBAL_DROOLS_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "policy-drools-pdp" "port" 9696) }}'
GLOBAL_DROOLS_USERNAME = '{{ .Values.droolsUsername }}'
# DMAAP BC
bcUsername: "dmaap-bc@dmaap-bc.onap.org"
bcPassword: "demo123456!"
+
# DMAAP KAFKA JAAS
kafkaJaasUsername: "admin"
kafkaJaasPassword: "admin_secret"
+# STRIMZI KAFKA JAAS
+strimziKafkaJaasUsername: "strimzi-kafka-admin"
+
#OOF
oofUsername: "oof@oof.onap.org"
oofPassword: "demo123456!"