- name: repositoryGenerator
version: ~12.x-0
repository: '@local'
- - name: certInitializer
+ - name: readinessCheck
version: ~12.x-0
repository: '@local'
- name: serviceAccount
port: 9102
servlet:
context-path: /api/holmes-engine-mgmt/v1
- ssl:
- key-store: /opt/onap/conf/holmes.keystore
- key-store-password: holmes
- #PKCS12
- key-store-type: JKS
logging:
config: classpath:logback-spring.xml
applicationContextPath: /
adminContextPath: /admin
connector:
- type: https
+ type: http
port: 9102
- keyStorePath: /opt/onap/conf/holmes.keystore
- keyStorePassword: holmes
validateCerts: false
validatePeers: false
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- initContainers: {{- include "common.certInitializer.initContainer" . | nindent 6 }}
+ initContainers:
+ {{- if not .Values.global.postgres.localCluster }}
+ {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
+ {{- end }}
- name: {{ include "common.name" . }}-env-config
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
resources: {{ include "common.resources" . | nindent 10 }}
ports: {{ include "common.containerPorts" . | nindent 10 }}
- volumeMounts: {{- include "common.certInitializer.volumeMount" . | nindent 8 }}
+ volumeMounts:
- name: {{ include "common.fullname" . }}-env-config
mountPath: /opt/hemconfig
- name: {{ include "common.fullname" . }}-config
- name: DB_PORT
value: "{{ .Values.config.pgConfig.dbPort }}"
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
+ volumes:
- name: {{ include "common.fullname" . }}-config
configMap:
defaultMode: 422
#################################################################
global:
nodePortPrefixExt: 302
- msbProtocol: https
+ msbProtocol: http
msbServiceName: msb-iag
- msbPort: 443
+ msbPort: 80
+ postgres:
+ localCluster: false
#################################################################
# Application configuration defaults.
image: onap/holmes/engine-management:11.0.0
consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
-#################################################################
-# AAF part
-#################################################################
-certInitializer:
- nameOverride: holmes-engine-mgmt-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: holmes-engine-mgmt
- fqi: holmes-engine-mgmt@holmes-engine-mgmt.onap.org
- fqi_namespace: org.onap.holmes-engine-mgmt
- public_fqdn: holmes-engine-mgmt.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- aaf_add_config: |
- echo "*** changing them into shell safe ones"
- export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- export TRUSTSORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- cd {{ .Values.credsPath }}
- keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \
- -storepass "${cadi_keystore_password_p12}" \
- -keystore {{ .Values.fqi_namespace }}.p12
- keytool -storepasswd -new "${TRUSTSORE_PASSWORD}" \
- -storepass "${cadi_truststore_password}" \
- -keystore {{ .Values.fqi_namespace }}.trust.jks
- echo "*** save the generated passwords"
- echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop
- echo "TRUSTSORE_PASSWORD=${TRUSTSORE_PASSWORD}" >> mycreds.prop
- echo "*** change ownership of certificates to targeted user"
- chown -R 1000 .
-
#################################################################
# Secrets metaconfig
#################################################################
type: ClusterIP
name: holmes-engine-mgmt
ports:
- - name: https-rest
+ - name: http-rest
port: &svc_port 9102
# probe configuration parameters
initialDelaySeconds: 10
periodSeconds: 10
path: /api/holmes-engine-mgmt/v1/healthcheck
- scheme: HTTPS
+ scheme: HTTP
port: *svc_port
enabled: true
initialDelaySeconds: 30
periodSeconds: 30
path: /api/holmes-engine-mgmt/v1/healthcheck
- scheme: HTTPS
+ scheme: HTTP
port: *svc_port
# Segregation for Different environment (Small and Large)
memory: 1Gi
unlimited: {}
+readinessCheck:
+ wait_for:
+ jobs:
+ - '{{ include "common.release" . }}-holmes-postgres-init-config-job'
+
#Pods Service Account
serviceAccount:
nameOverride: holmes-engine-mgmt
- name: repositoryGenerator
version: ~12.x-0
repository: '@local'
- - name: certInitializer
+ - name: readinessCheck
version: ~12.x-0
repository: '@local'
- name: serviceAccount
port: 9101
servlet:
context-path: /api/holmes-rule-mgmt/v1
- ssl:
- key-store: /opt/onap/conf/holmes.keystore
- key-store-password: holmes
- #PKCS12
- key-store-type: JKS
logging:
config: classpath:logback-spring.xml
applicationContextPath: /
adminContextPath: /admin
connector:
- type: https
+ type: http
port: 9101
- keyStorePath: /opt/onap/conf/holmes.keystore
- keyStorePassword: holmes
validateCerts: false
validatePeers: false
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- initContainers: {{- include "common.certInitializer.initContainer" . | nindent 6 }}
+ initContainers:
+ {{- if not .Values.global.postgres.localCluster }}
+ {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
+ {{- end }}
- name: {{ include "common.name" . }}-env-config
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports: {{ include "common.containerPorts" . | nindent 8 }}
- volumeMounts: {{- include "common.certInitializer.volumeMount" . | nindent 8 }}
+ volumeMounts:
- name: {{ include "common.fullname" . }}-env-config
mountPath: /opt/hrmconfig
- name: {{ include "common.fullname" . }}-rule-config
- name: DB_PORT
value: "{{ .Values.config.pgConfig.dbPort }}"
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
+ volumes:
- name: {{ include "common.fullname" . }}-general-config
configMap:
defaultMode: 422
#################################################################
global:
nodePortPrefixExt: 302
- msbProtocol: https
+ msbProtocol: http
msbServiceName: msb-iag
- msbPort: 443
+ msbPort: 80
+ postgres:
+ localCluster: false
#################################################################
# Application configuration defaults.
image: onap/holmes/rule-management:11.0.0
consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
-#################################################################
-# AAF part
-#################################################################
-certInitializer:
- nameOverride: holmes-rule-mgmt-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: holmes-rule-mgmt
- fqi: holmes-rule-mgmt@holmes-rule-mgmt.onap.org
- fqi_namespace: org.onap.holmes-rule-mgmt
- public_fqdn: holmes-rule-mgmt.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- aaf_add_config: |
- echo "*** changing them into shell safe ones"
- export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- export TRUSTSORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- cd {{ .Values.credsPath }}
- keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \
- -storepass "${cadi_keystore_password_p12}" \
- -keystore {{ .Values.fqi_namespace }}.p12
- keytool -storepasswd -new "${TRUSTSORE_PASSWORD}" \
- -storepass "${cadi_truststore_password}" \
- -keystore {{ .Values.fqi_namespace }}.trust.jks
- echo "*** save the generated passwords"
- echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop
- echo "TRUSTSORE_PASSWORD=${TRUSTSORE_PASSWORD}" >> mycreds.prop
- echo "*** change ownership of certificates to targeted user"
- chown -R 1000 .
-
#################################################################
# Secrets metaconfig
#################################################################
type: NodePort
name: holmes-rule-mgmt
ports:
- - name: https-rest
+ - name: http-rest
port: &svc_port 9101
nodePort: 92
- - name: https-ui
+ - name: http-ui
port: 9104
nodePort: 93
periodSeconds: 10
path: /api/holmes-rule-mgmt/v1/healthcheck
enabled: true
- scheme: HTTPS
+ scheme: HTTP
readiness:
initialDelaySeconds: 30
port: *svc_port
periodSeconds: 30
path: /api/holmes-rule-mgmt/v1/healthcheck
- scheme: HTTPS
+ scheme: HTTP
# Segregation for Different environment (Small and Large)
resources:
memory: 512Mi
unlimited: {}
+readinessCheck:
+ wait_for:
+ jobs:
+ - '{{ include "common.release" . }}-holmes-postgres-init-config-job'
+
#Pods Service Account
serviceAccount:
nameOverride: holmes-rule-mgmt
Code Review / oom.git / commitdiff