ml.babel.KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}
ml.babel.TRUSTSTORE_FILE=aaf/local/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
ml.babel.TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}
+{{ else }}
+ml.babel.KEYSTORE_FILE=
+ml.babel.KEYSTORE_PASSWORD=
+ml.babel.TRUSTSTORE_FILE=
+ml.babel.TRUSTSTORE_PASSWORD=
{{ end }}
#uncomment and use header X-OverrideLimit with the value to override the bulk api limit
aai.bulkconsumer.payloadoverride={{ .Values.config.bulk.override }}
+
+#
+# AAI Graph DB checker task
+#
+
+# Indicator to enable or disable scheduled task (true/false)
+aai.graph.checker.task.enabled=true
+
+# Delay, in seconds, before the scheduled task is started, if enabled
+aai.graph.checker.task.delay=5
+
+# Period, in seconds, between two consecutive executions of the scheduled task, if enabled
+aai.graph.checker.task.period=10
\ No newline at end of file
schema.service.ssl.key-store-password=${KEYSTORE_PASSWORD}
schema.service.ssl.trust-store-password=${TRUSTSTORE_PASSWORD}
{{ end }}
+
+#to expose the Prometheus scraping endpoint
+management.metrics.distribution.percentiles-histogram[http.server.requests]=true
+management.metrics.distribution.sla[http.server.requests]=20ms, 30ms, 40ms, 50ms, 60ms, 70ms, 80ms, 90ms, 100ms, 500ms, 1000ms, 5000ms, 7000ms
\ No newline at end of file
*/}}\r
<configuration>\r
<property name="AJSC_HOME" value="${AJSC_HOME:-.}" />\r
- <appender name="ACCESS"\r
- class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <fileNamePattern>${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log.%d{yyyy-MM-dd}\r
- </fileNamePattern>\r
- </rollingPolicy>\r
+\r
+ <property name="logToFileEnabled" value='{{.Values.accessLogback.logToFileEnabled}}'/>\r
+ <property name="maxHistory" value='{{.Values.accessLogback.maxHistory}}' />\r
+ <property name="totalSizeCap" value='{{.Values.accessLogback.totalSizeCap}}' />\r
+\r
+ <if condition='property("logToFileEnabled").contains("true")'>\r
+ <then>\r
+ <appender name="ACCESS"\r
+ class="ch.qos.logback.core.rolling.RollingFileAppender">\r
+ <file>${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log</file>\r
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
+ <fileNamePattern>${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log.%d{yyyy-MM-dd}.zip\r
+ </fileNamePattern>\r
+ <maxHistory>${maxHistory}</maxHistory>\r
+ <totalSizeCap>${totalSizeCap}</totalSizeCap>\r
+ </rollingPolicy>\r
+ <encoder class="org.onap.aai.logging.CustomLogPatternLayoutEncoder">\r
+ <Pattern>%a %u %z [%t] "%m %U%q" %s %b %y %i{X-TransactionId} %i{X-FromAppId} %i{X-Forwarded-For} %i{X-AAI-SSL-Client-CN} %i{X-AAI-SSL-Client-OU} %i{X-AAI-SSL-Client-O} %i{X-AAI-SSL-Client-L} %i{X-AAI-SSL-Client-ST} %i{X-AAI-SSL-Client-C} %i{X-AAI-SSL-Client-NotBefore} %i{X-AAI-SSL-Client-NotAfter} %i{X-AAI-SSL-Client-DN} %D</Pattern>\r
+ </encoder>\r
+ </appender>\r
+ <appender-ref ref="ACCESS"/>\r
+ </then>\r
+ </if>\r
+\r
+ <appender name="STDOUTACCESS" class="ch.qos.logback.core.ConsoleAppender">\r
<encoder class="org.onap.aai.logging.CustomLogPatternLayoutEncoder">\r
- <Pattern>%a %u %z [%t] "%m %U%q" %s %b %y %i{X-TransactionId} %i{X-FromAppId} %i{X-Forwarded-For} %i{X-AAI-SSL-Client-CN} %i{X-AAI-SSL-Client-OU} %i{X-AAI-SSL-Client-O} %i{X-AAI-SSL-Client-L} %i{X-AAI-SSL-Client-ST} %i{X-AAI-SSL-Client-C} %i{X-AAI-SSL-Client-NotBefore} %i{X-AAI-SSL-Client-NotAfter} %i{X-AAI-SSL-Client-DN} %D</Pattern>\r
+ <Pattern>%a %u %z [%t] "%m %U%q" %s %b %y %i{X-TransactionId} %i{X-FromAppId} %i{X-Forwarded-For} %i{X-AAI-SSL-Client-CN} %i{X-AAI-SSL-Client-OU} %i{X-AAI-SSL-Client-O} %i{X-AAI-SSL-Client-L} %i{X-AAI-SSL-Client-ST} %i{X-AAI-SSL-Client-C} %i{X-AAI-SSL-Client-NotBefore} %i{X-AAI-SSL-Client-NotAfter} %i{X-AAI-SSL-Client-DN} %D - "logType": "access"</Pattern>\r
</encoder>\r
</appender>\r
- <appender-ref ref="ACCESS" />\r
+\r
+ <appender-ref ref="STDOUTACCESS" />\r
+\r
</configuration>\r
{{/*\r
<!--\r
<property resource="application.properties" />
+ <property name="maxHistory" value='{{.Values.logback.maxHistory}}' />
+ <property name="totalSizeCap" value='{{.Values.logback.totalSizeCap}}' />
+ <property name="queueSize" value='{{.Values.logback.queueSize}}'/>
+
+ <property name="logToFileEnabled" value='{{.Values.logback.logToFileEnabled}}'/>
+
<property name="namespace" value="aai-resources"/>
<property name="AJSC_HOME" value="${AJSC_HOME:-.}" />
<property name="metricPattern" value="%X{InvokeTimestamp}|%X{LogTimestamp}|%X{RequestID}|%X{ServiceInstanceID}|%thread||%replace(%X{ServiceName}){'\\|', '!'}|%X{PartnerName}|%X{TargetEntity}|%replace(%X{TargetServiceName}){'\\|', '!'}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}||||%X{TargetVirtualEntity}|${p_mak}|${p_mdc}|||%msg%n" />
<property name="transLogPattern" value="%X{LogTimestamp}|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{RequestID}|%X{ServiceInstanceID}|%-10t|%X{ServerFQDN}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%replace(%replace(%X{ResponseDesc}){'\\|', '!'}){'\r|\n', '^'}|%X{InstanceUUID}|%level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{clientIpAddress}||%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{PartnerName}:%m%n"/>
<conversionRule conversionWord="clr" converterClass="org.springframework.boot.logging.logback.ColorConverter" />
- <conversionRule conversionWord="wex" converterClass="org.springframework.boot.logging.logback.WhitespaceThrowableProxyConverter" />
- <conversionRule conversionWord="wEx" converterClass="org.springframework.boot.logging.logback.ExtendedWhitespaceThrowableProxyConverter" />
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
- <encoder>
- <pattern>
- %clr(%d{yyyy-MM-dd HH:mm:ss.SSS}){faint} %clr(${LOG_LEVEL_PATTERN:-%5p}) %clr(${PID:- }){magenta} %clr(---){faint} %clr([%15.15t]){faint} %clr(%-40.40logger{39}){cyan} %clr(:){faint} %m%n${LOG_EXCEPTION_CONVERSION_WORD:-%wEx}
- </pattern>
- </encoder>
- </appender>
+ <conversionRule conversionWord="wex" converterClass="org.springframework.boot.logging.logback.WhitespaceThrowableProxyConverter" />
+ <conversionRule conversionWord="wEx" converterClass="org.springframework.boot.logging.logback.ExtendedWhitespaceThrowableProxyConverter" />
- <appender name="SANE" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/rest/sane.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/rest/sane.log.%d{yyyy-MM-dd}</fileNamePattern>
- </rollingPolicy>
- <encoder>
- <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n
- </pattern>
- </encoder>
- </appender>
+ <if condition='property("logToFileEnabled").contains("true")'>
+ <then>
+ <appender name="SANE" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/rest/sane.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/rest/sane.log.%d{yyyy-MM-dd}.zip</fileNamePattern>
+ <maxHistory>${maxHistory}</maxHistory>
+ <totalSizeCap>${totalSizeCap}</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n
+ </pattern>
+ </encoder>
+ </appender>
- <appender name="asyncSANE" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>1000</queueSize>
- <includeCallerData>true</includeCallerData>
- <appender-ref ref="SANE" />
- </appender>
- <appender name="METRIC" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/rest/metrics.log</file>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/rest/metrics.log.%d{yyyy-MM-dd}</fileNamePattern>
- </rollingPolicy>
- <encoder>
- <pattern>${metricPattern}</pattern>
- </encoder>
- </appender>
+ <appender name="asyncSANE" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>${queueSize}</queueSize>
+ <includeCallerData>true</includeCallerData>
+ <appender-ref ref="SANE"/>
+ </appender>
+ <appender name="METRIC" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/rest/metrics.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/rest/metrics.log.%d{yyyy-MM-dd}.zip</fileNamePattern>
+ <maxHistory>${maxHistory}</maxHistory>
+ <totalSizeCap>${totalSizeCap}</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${metricPattern}</pattern>
+ </encoder>
+ </appender>
- <appender name="asyncMETRIC" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>1000</queueSize>
- <includeCallerData>true</includeCallerData>
- <appender-ref ref="METRIC"/>
- </appender>
+
<appender name="asyncMETRIC" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>${queueSize}</queueSize>
+ <includeCallerData>true</includeCallerData>
+
<appender-ref ref="METRIC"/>
+ </appender>
- <appender name="DEBUG"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <filter class="ch.qos.logback.classic.filter.LevelFilter">
- <level>DEBUG</level>
- <onMatch>ACCEPT</onMatch>
- <onMismatch>DENY</onMismatch>
- </filter>
- <file>${logDirectory}/rest/debug.log</file>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/rest/debug.log.%d{yyyy-MM-dd}</fileNamePattern>
- </rollingPolicy>
- <encoder>
- <pattern>${debugPattern}</pattern>
- </encoder>
- </appender>
+ <appender name="DEBUG"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>DEBUG</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ <file>${logDirectory}/rest/debug.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/rest/debug.log.%d{yyyy-MM-dd}.zip</fileNamePattern>
+ <maxHistory>${maxHistory}</maxHistory>
+ <totalSizeCap>${totalSizeCap}</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${debugPattern}</pattern>
+ </encoder>
+ </appender>
- <appender name="asyncDEBUG" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>1000</queueSize>
- <appender-ref ref="DEBUG" />
- <includeCallerData>true</includeCallerData>
- </appender>
- <appender name="ERROR"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/rest/error.log</file>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/rest/error.log.%d{yyyy-MM-dd}</fileNamePattern>
- </rollingPolicy>
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- <level>WARN</level>
- </filter>
- <encoder>
- <pattern>${errorPattern}</pattern>
- </encoder>
- </appender>
+ <appender name="asyncDEBUG" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>${queueSize}</queueSize>
+ <appender-ref ref="DEBUG"/>
+ <includeCallerData>true</includeCallerData>
+ </appender>
+ <appender name="ERROR"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/rest/error.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/rest/error.log.%d{yyyy-MM-dd}.zip</fileNamePattern>
+ <maxHistory>${maxHistory}</maxHistory>
+ <totalSizeCap>${totalSizeCap}</totalSizeCap>
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <encoder>
+ <pattern>${errorPattern}</pattern>
+ </encoder>
+ </appender>
- <appender name="asyncERROR" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>1000</queueSize>
- <appender-ref ref="ERROR"/>
- </appender>
+
<appender name="asyncERROR" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>${queueSize}</queueSize>
+
<appender-ref ref="ERROR"/>
+ </appender>
- <appender name="AUDIT"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/rest/audit.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/rest/audit.log.%d{yyyy-MM-dd}
- </fileNamePattern>
- </rollingPolicy>
- <encoder>
- <pattern>${auditPattern}</pattern>
- </encoder>
- </appender>
+ <appender name="AUDIT"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/rest/audit.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/rest/audit.log.%d{yyyy-MM-dd}.zip
+ </fileNamePattern>
+ <maxHistory>${maxHistory}</maxHistory>
+ <totalSizeCap>${totalSizeCap}</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${auditPattern}</pattern>
+ </encoder>
+ </appender>
- <appender name="asyncAUDIT" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>1000</queueSize>
- <includeCallerData>true</includeCallerData>
- <appender-ref ref="AUDIT" />
- </appender>
+
<appender name="asyncAUDIT" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>${queueSize}</queueSize>
+ <includeCallerData>true</includeCallerData>
+ <appender-ref ref="AUDIT"/>
+ </appender>
- <appender name="translog"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <filter class="ch.qos.logback.classic.filter.LevelFilter">
- <level>DEBUG</level>
- <onMatch>ACCEPT</onMatch>
- <onMismatch>DENY</onMismatch>
- </filter>
- <file>${logDirectory}/rest/translog.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/rest/translog.log.%d{yyyy-MM-dd}
- </fileNamePattern>
- </rollingPolicy>
- <encoder>
- <pattern>${transLogPattern}</pattern>
- </encoder>
- </appender>
+ <appender name="translog"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>DEBUG</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ <file>${logDirectory}/rest/translog.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/rest/translog.log.%d{yyyy-MM-dd}.zip
+ </fileNamePattern>
+ <maxHistory>${maxHistory}</maxHistory>
+ <totalSizeCap>${totalSizeCap}</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${transLogPattern}</pattern>
+ </encoder>
+ </appender>
- <appender name="asynctranslog" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>1000</queueSize>
- <includeCallerData>true</includeCallerData>
- <appender-ref ref="translog" />
- </appender>
+
<appender name="asynctranslog" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>${queueSize}</queueSize>
+ <includeCallerData>true</includeCallerData>
+ <appender-ref ref="translog"/>
+ </appender>
- <appender name="dmaapAAIEventConsumer"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- <level>WARN</level>
- </filter>
- <File>${logDirectory}/dmaapAAIEventConsumer/error.log</File>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/error.log.%d{yyyy-MM-dd}
- </fileNamePattern>
- </rollingPolicy>
- <encoder>
- <pattern>${errorPattern}</pattern>
- </encoder>
+ <appender name="dmaapAAIEventConsumer"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <File>${logDirectory}/dmaapAAIEventConsumer/error.log</File>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/error.log.%d{yyyy-MM-dd}.zip
+ </fileNamePattern>
+ <maxHistory>${maxHistory}</maxHistory>
+ <totalSizeCap>${totalSizeCap}</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${errorPattern}</pattern>
+ </encoder>
- </appender>
+ </appender>
- <appender name="dmaapAAIEventConsumerDebug"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <filter class="ch.qos.logback.classic.filter.LevelFilter">
- <level>DEBUG</level>
- <onMatch>ACCEPT</onMatch>
- <onMismatch>DENY</onMismatch>
- </filter>
- <File>${logDirectory}/dmaapAAIEventConsumer/debug.log</File>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/debug.log.%d{yyyy-MM-dd}
- </fileNamePattern>
- </rollingPolicy>
- <encoder>
- <pattern>${debugPattern}</pattern>
- </encoder>
- </appender>
- <appender name="dmaapAAIEventConsumerInfo"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <filter class="ch.qos.logback.classic.filter.LevelFilter">
- <level>INFO</level>
- <onMatch>ACCEPT</onMatch>
- <onMismatch>DENY</onMismatch>
- </filter>
- <File>${logDirectory}/dmaapAAIEventConsumer/dmaap-transaction.log</File>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/dmaap-transaction.log.%d{yyyy-MM-dd}
- </fileNamePattern>
- </rollingPolicy>
- <encoder>
- <pattern>${auditPattern}</pattern>
- </encoder>
- </appender>
- <appender name="dmaapAAIEventConsumerMetric"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <filter class="ch.qos.logback.classic.filter.LevelFilter">
- <level>INFO</level>
- <onMatch>ACCEPT</onMatch>
- <onMismatch>DENY</onMismatch>
- </filter>
- <File>${logDirectory}/dmaapAAIEventConsumer/metrics.log</File>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/metrics.log.%d{yyyy-MM-dd}
- </fileNamePattern>
- </rollingPolicy>
- <encoder>
- <pattern>${metricPattern}</pattern>
- </encoder>
- </appender>
- <appender name="external"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- <level>WARN</level>
- </filter>
- <file>${logDirectory}/external/external.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/external/external.log.%d{yyyy-MM-dd}
- </fileNamePattern>
- </rollingPolicy>
- <encoder>
- <pattern>${debugPattern}</pattern>
- </encoder>
- </appender>
- <appender name="auth"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- <level>DEBUG</level>
- </filter>
- <file>${logDirectory}/auth/auth.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/auth/auth.log.%d{yyyy-MM-dd}
- </fileNamePattern>
- </rollingPolicy>
- <encoder>
- <pattern>%d{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}[%thread] %-5level %logger{1024} - %msg%n</pattern>
+ <appender name="dmaapAAIEventConsumerDebug"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>DEBUG</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ <File>${logDirectory}/dmaapAAIEventConsumer/debug.log</File>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/debug.log.%d{yyyy-MM-dd}.zip
+ </fileNamePattern>
+ <maxHistory>${maxHistory}</maxHistory>
+ <totalSizeCap>${totalSizeCap}</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${debugPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="dmaapAAIEventConsumerInfo"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>INFO</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ <File>${logDirectory}/dmaapAAIEventConsumer/dmaap-transaction.log</File>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/dmaap-transaction.log.%d{yyyy-MM-dd}.zip
+ </fileNamePattern>
+ <maxHistory>${maxHistory}</maxHistory>
+ <totalSizeCap>${totalSizeCap}</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${auditPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="dmaapAAIEventConsumerMetric"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>INFO</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ <File>${logDirectory}/dmaapAAIEventConsumer/metrics.log</File>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/metrics.log.%d{yyyy-MM-dd}.zip
+ </fileNamePattern>
+ <maxHistory>${maxHistory}</maxHistory>
+ <totalSizeCap>${totalSizeCap}</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${metricPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="external"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <file>${logDirectory}/external/external.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/external/external.log.%d{yyyy-MM-dd}.zip
+ </fileNamePattern>
+ <maxHistory>${maxHistory}</maxHistory>
+ <totalSizeCap>${totalSizeCap}</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${debugPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="auth"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>DEBUG</level>
+ </filter>
+ <file>${logDirectory}/auth/auth.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/auth/auth.log.%d{yyyy-MM-dd}.zip
+ </fileNamePattern>
+ <maxHistory>${maxHistory}</maxHistory>
+ <totalSizeCap>${totalSizeCap}</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>%d{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}[%thread] %-5level %logger{1024} - %msg%n</pattern>
+ </encoder>
+ </appender>
+ <appender name="asyncAUTH" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>${queueSize}</queueSize>
+ <includeCallerData>true</includeCallerData>
+ <appender-ref ref="auth"/>
+ </appender>
+ </then>
+ </if>
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder class="net.logstash.logback.encoder.LoggingEventCompositeJsonEncoder">
+ <providers>
+ <timestamp><fieldName>timestamp</fieldName></timestamp>
+ <message/>
+ <mdc>
+ <fieldName>context</fieldName>
+ <excludeMdcKeyName>ServerIPAddress</excludeMdcKeyName>
+ <excludeMdcKeyName>EntryTimestamp</excludeMdcKeyName>
+ <excludeMdcKeyName>InvokeTimestamp</excludeMdcKeyName>
+ <excludeMdcKeyName>ErrorCode</excludeMdcKeyName>
+ <excludeMdcKeyName>ErrorDesc</excludeMdcKeyName>
+ </mdc>
+ <stackTrace>
+ <fieldName>exception</fieldName>
+ <throwableConverter class="net.logstash.logback.stacktrace.ShortenedThrowableConverter">
+ <exclude>^sun\.reflect\..*\.invoke</exclude>
+ <exclude>^net\.sf\.cglib\.proxy\.MethodProxy\.invoke</exclude>
+ <rootCauseFirst>true</rootCauseFirst>
+ </throwableConverter>
+ </stackTrace>
+ <threadName><fieldName>thread</fieldName></threadName>
+ <loggerName>
+ <fieldName>logger</fieldName>
+ <shortenedLoggerNameLength>36</shortenedLoggerNameLength>
+ </loggerName>
+ <logLevel/>
+ <pattern>
+ <pattern>{"logType":"app"}</pattern>
+ </pattern>
+ </providers>
</encoder>
</appender>
- <appender name="asyncAUTH" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>1000</queueSize>
- <includeCallerData>true</includeCallerData>
- <appender-ref ref="auth" />
- </appender>
+
<!-- logback internals logging -->
<logger name="ch.qos.logback.classic" level="WARN" />
<logger name="org.onap.aai" level="DEBUG" additivity="false">
- <appender-ref ref="asyncDEBUG" />
- <appender-ref ref="asyncSANE" />
- <appender-ref ref="STDOUT" />
+ <if condition='property("logToFileEnabled").contains("true")'>
+ <then>
+ <appender-ref ref="asyncDEBUG"/>
+ <appender-ref ref="asyncSANE"/>
+ </then>
+ </if>
+ <appender-ref ref="STDOUT"/>
</logger>
<logger name="org.onap.aai.aaf.auth" level="DEBUG" additivity="false">
- <appender-ref ref="asyncAUTH" />
- <appender-ref ref="STDOUT" />
- </logger>
- <logger name="org.onap.aai.aailog.logs.AaiScheduledTaskAuditLog" level="INFO">
- <appender-ref ref="asyncAUDIT"/>
- </logger>
- <logger name="org.onap.logging.filter.base.AbstractAuditLogFilter" level="INFO">
- <appender-ref ref="asyncAUDIT"/>
- </logger>
- <logger name="org.onap.aai.aailog.logs.AaiDBMetricLog" level="INFO">
- <appender-ref ref="asyncMETRIC"/>
- </logger>
- <logger name="org.onap.aai.aailog.logs.AaiDmaapMetricLog" level="INFO">
- <appender-ref ref="dmaapAAIEventConsumerMetric"/>
- </logger>
- <logger name="org.onap.aai.logging.ErrorLogHelper" level="WARN">
- <appender-ref ref="asyncERROR"/>
+ <if condition='property("logToFileEnabled").contains("true")'>
+ <then>
+ <appender-ref ref="asyncAUTH"/>
+ </then>
+ </if>
+ <appender-ref ref="STDOUT"/>
</logger>
+
+ <if condition='property("logToFileEnabled").contains("true")'>
+ <then>
+ <!-- These loggers are not additive and will be redirected to the parent logger.
+ Sending events to log is handled by parent loggers-->
+ <logger name="org.onap.aai.aailog.logs.AaiScheduledTaskAuditLog" level="INFO">
+ <appender-ref ref="asyncAUDIT"/>
+ </logger>
+ <logger name="org.onap.logging.filter.base.AbstractAuditLogFilter" level="INFO">
+ <appender-ref ref="asyncAUDIT"/>
+ </logger>
+ <logger name="org.onap.aai.aailog.logs.AaiDBMetricLog" level="INFO">
+ <appender-ref ref="asyncMETRIC"/>
+ </logger>
+ <logger name="org.onap.aai.aailog.logs.AaiDmaapMetricLog" level="INFO">
+ <appender-ref ref="dmaapAAIEventConsumerMetric"/>
+ </logger>
+ <logger name="org.onap.aai.logging.ErrorLogHelper" level="WARN">
+ <appender-ref ref="asyncERROR"/>
+ </logger>
+ <logger name="com.att.nsa.mr" level="INFO">
+ <appender-ref ref="dmaapAAIEventConsumerInfo"/>
+ </logger>
+ </then>
+ </if>
+
<logger name="org.onap.aai.interceptors.post" level="DEBUG" additivity="false">
- <appender-ref ref="asynctranslog" />
- <appender-ref ref="STDOUT" />
+ <if condition='property("logToFileEnabled").contains("true")'>
+ <then>
+ <appender-ref ref="asynctranslog"/>
+ </then>
+ </if>
+ <appender-ref ref="STDOUT"/>
</logger>
<logger name="org.onap.aai.dmaap" level="DEBUG" additivity="false">
- <appender-ref ref="dmaapAAIEventConsumer" />
- <appender-ref ref="dmaapAAIEventConsumerDebug" />
- </logger>
-
- <logger name="com.att.nsa.mr" level="INFO" >
- <appender-ref ref="dmaapAAIEventConsumerInfo" />
+ <if condition='property("logToFileEnabled").contains("true")'>
+ <then>
+ <appender-ref ref="dmaapAAIEventConsumer"/>
+ <appender-ref ref="dmaapAAIEventConsumerDebug"/>
+ </then>
+ </if>
+ <appender-ref ref="STDOUT"/>
</logger>
<root level="DEBUG">
- <appender-ref ref="external" />
- <appender-ref ref="STDOUT" />
+ <if condition='property("logToFileEnabled").contains("true")'>
+ <then>
+ <appender-ref ref="external"/>
+ </then>
+ </if>
+ <appender-ref ref="STDOUT"/>
</root>
-</configuration>
+</configuration>
\ No newline at end of file
# so K8s doesn't restart unresponsive container
{{- if .Values.liveness.enabled }}
livenessProbe:
- tcpSocket:
+ httpGet:
+ path: /aai/util/echo?action=checkDB
port: {{ .Values.service.internalPort }}
+ scheme: HTTP{{ (eq "true" (include "common.needTLS" .)) | ternary "S" "" }}
+ httpHeaders:
+ - name: X-FromAppId
+ value: LivenessCheck
+ - name: X-TransactionId
+ value: LiveCheck_TID
+ - name: Accept
+ value: application/json
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{- end }}
readinessProbe:
- tcpSocket:
+ httpGet:
+ path: /aai/util/echo?action=checkDB
port: {{ .Values.service.internalPort }}
+ scheme: HTTP{{ (eq "true" (include "common.needTLS" .)) | ternary "S" "" }}
+ httpHeaders:
+ - name: X-FromAppId
+ value: ReadinessCheck
+ - name: X-TransactionId
+ value: ReadinessCheck_TID
+ - name: Accept
+ value: application/json
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
resources: {{ include "common.resources" . | nindent 12 }}
chown -R 1000 {{ .Values.credsPath }}
# application image
-image: onap/aai-resources:1.9.6
+image: onap/aai-resources:1.9.7
pullPolicy: Always
restartPolicy: Always
flavor: small
log:
path: /var/log/onap
logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
+
+# To make logback capping values configurable
+logback:
+ logToFileEnabled: true
+ maxHistory: 7
+ totalSizeCap: 1GB
+ queueSize: 1000
+
+accessLogback:
+ logToFileEnabled: true
+ maxHistory: 7
+ totalSizeCap: 1GB
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-blueprintsprocessor:1.3.0
+image: onap/ccsdk-blueprintsprocessor:1.4.0
pullPolicy: Always
# flag to enable debugging - application support required
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-commandexecutor:1.3.0
+image: onap/ccsdk-commandexecutor:1.4.0
pullPolicy: Always
# application configuration
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-py-executor:1.3.0
+image: onap/ccsdk-py-executor:1.4.0
pullPolicy: Always
# default number of instances
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-sdclistener:1.3.0
+image: onap/ccsdk-sdclistener:1.4.0
name: sdc-listener
pullPolicy: Always
truststorePasswordSecretName: oom-cert-service-truststore-password
truststorePasswordSecretKey: password
certPostProcessor:
- image: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.5.0
+ image: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.6.0
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-dgbuilder-image:1.3.4
+image: onap/ccsdk-dgbuilder-image:1.4.1
pullPolicy: Always
# flag to enable debugging - application support required
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-apps-ms-neng:1.3.0
+image: onap/ccsdk-apps-ms-neng:1.4.0
pullPolicy: IfNotPresent
# application configuration
postgresImage: crunchydata/crunchy-postgres:centos8-13.2-4.6.1
readinessImage: onap/oom/readiness:3.0.1
dcaePolicySyncImage: onap/org.onap.dcaegen2.deployments.dcae-services-policy-sync:1.0.1
- dbcClientImage: onap/dmaap/dbc-client:2.0.9
+ dbcClientImage: onap/dmaap/dbc-client:2.0.10
quitQuitImage: onap/oom/readiness:4.1.0
# Default credentials
org:
springframework: {{ .Values.logging.level }}
-dmi:
- auth:
- username: ${DMI_USERNAME}
- password: ${DMI_PASSWORD}
+ncmp:
+ dmi:
+ auth:
+ username: ${DMI_USERNAME}
+ password: ${DMI_PASSWORD}
{{- if .Values.config.useStrimziKafka }}
spring.kafka.bootstrap-servers: {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
env:
- name: SPRING_PROFILES_ACTIVE
value: {{ .Values.config.spring.profile }}
+ - name: DB_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 12 }}
+ - name: DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 12 }}
+ - name: LIQUIBASE_LABELS
+ value: {{ .Values.config.liquibaseLabels }}
+ - name: CPS_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "login") | indent 12 }}
+ - name: CPS_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "password") | indent 12 }}
+ - name: DMI_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmi-plugin-user-creds" "key" "login") | indent 12 }}
+ - name: DMI_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmi-plugin-user-creds" "key" "password") | indent 12 }}
+ {{- if .Values.config.useStrimziKafka }}
+ - name: JAASLOGIN
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-kafka-user" "key" "sasl.jaas.config") | indent 12 }}
+ {{- end }}
resources: {{ include "common.resources" . | nindent 10 }}
{{- if .Values.nodeSelector }}
nodeSelector: {{ toYaml .Values.nodeSelector | nindent 12 }}
container:
name: postgres
-image: onap/cps-and-ncmp:3.0.1
+image: onap/cps-and-ncmp:3.1.4
containerPort: &svc_port 8080
managementPort: &mgt_port 8081
notification.data-updated.filters.enabled-dataspaces: ""
notification.async.enabled: false
notification.async.executor.core-pool-size: 2
- notification.async.executor.max-pool-size: 1
+ notification.async.executor.max-pool-size: 10
notification.async.executor.queue-capacity: 500
notification.async.executor.wait-for-tasks-to-complete-on-shutdown: true
notification.async.executor.thread-name-prefix: Async-
value: '{{ .Values.config.someConfig }}'
policy: generate
-image: onap/cps-temporal:1.1.0
+image: onap/cps-temporal:1.2.0
containerPort: &svc_port 8080
managementPort: &mgt_port 8081
virtualhost:
baseurl: "simpledemo.onap.org"
-image: onap/ncmp-dmi-plugin:1.1.0
+image: onap/ncmp-dmi-plugin:1.2.1
containerPort: &svc_port 8080
managementPort: &mgt_port 8081
config:
retention.ms: {{ .Values.config.dataUpdatedTopic.retentionMs }}
segment.bytes: {{ .Values.config.dataUpdatedTopic.segmentBytes }}
+---
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaTopic
+metadata:
+ name: {{ .Values.config.ncmpEventsTopic.name }}
+ labels:
+ strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+ config:
+ retention.ms: {{ .Values.config.ncmpEventsTopic.retentionMs }}
+---
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaTopic
+metadata:
+ name: {{ .Values.config.ncmpAsyncM2MTopic.name }}
+ labels:
+ strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+ config:
+ retention.ms: {{ .Values.config.ncmpAsyncM2MTopic.retentionMs }}
{{- end }}
\ No newline at end of file
type: topic
name: {{ .Values.config.dataUpdatedTopic.name }}
operation: Write
+ - resource:
+ type: group
+ name: {{ .Values.config.ncmpEventsTopic.consumer.groupId }}
+ operation: All
+ - resource:
+ type: topic
+ name: {{ .Values.config.ncmpEventsTopic.name }}
+ operation: All
+ - resource:
+ type: group
+ name: {{ .Values.config.ncmpAsyncM2MTopic.consumer.groupId }}
+ operation: All
+ - resource:
+ type: topic
+ name: {{ .Values.config.ncmpAsyncM2MTopic.name }}
+ operation: All
{{- end }}
\ No newline at end of file
segmentBytes: 1073741824
consumer:
groupId: cps-temporal-group
+ ncmpEventsTopic:
+ name: ncmp-events
+ retentionMs: 7200000
+ consumer:
+ groupId: ncmp-group
+ ncmpAsyncM2MTopic:
+ name: ncmp-async-m2m
+ retentionMs: 600000
+ consumer:
+ groupId: ncmp-group
# Enable all CPS components by default
cps-core:
depends on the content of .Values.
The Deployment always includes a single Pod, with a container that uses
-the DCAE microservice image.
+the DCAE microservice image. The image name and tag are specified by
+.Values.image. By default, the image comes from the ONAP repository
+(registry) set up by the common repositoryGenerator template. A different
+repository for the microservice image can be set using
+.Values.imageRepositoryOverride. Note that this repository must not
+require authentication, because there is no way to specify credentials for
+the override repository. imageRepositoryOverride is intended primarily
+for testing purposes.
The Deployment Pod may also include a logging sidecar container.
The sidecar is included if .Values.log.path is set. The
{{- end }}
{{ include "dcaegen2-services-common._certPostProcessor" . | nindent 4 }}
containers:
- - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ - image: {{ default ( include "repositoryGenerator.repository" . ) .Values.imageRepositoryOverride }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}
env:
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.collectors.datafile.datafile-app-server:1.8.0
+image: onap/org.onap.dcaegen2.collectors.datafile.datafile-app-server:1.9.0
pullPolicy: Always
# Log directory where logging sidecar should look for log files
# Application configuration defaults.
#################################################################
# application image
-image: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.10.0
+image: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.11.0
pullPolicy: Always
# log directory where logging sidecar should look for log files
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.services.pm-mapper:1.8.0
+image: onap/org.onap.dcaegen2.services.pm-mapper:1.9.0
pullPolicy: Always
# Log directory where logging sidecar should look for log files
# Application configuration defaults.
#################################################################
# application image
-image: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.8.0
+image: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.8.1
pullPolicy: Always
# log directory where logging sidecar should look for log files
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.collectors.restconfcollector:1.3.2
+image: onap/org.onap.dcaegen2.collectors.restconfcollector:1.3.4
pullPolicy: Always
# Log directory where logging sidecar should look for log files
dmaap_info:
topic_url: http://message-router:3904/events/unauthenticated.DCAE_RCC_OUTPUT
type: message_router
- #rcc_policy: '[{"controller_name":"AccessM&C","controller_restapiUrl":"${CONTROLLER_IP}:{CONTROLLER_PORT}","controller_restapiUser":"${CONTROLLER_USERNAME}","controller_restapiPassword":"${CONTROLLER_PASSWORD}","controller_accessTokenUrl":"/rest/plat/smapp/v1/oauth/token","controller_accessTokenFile":"./etc/access-token.json","controller_accessTokenMethod":"put","controller_subsMethod":"post","controller_subscriptionUrl":"/restconf/v1/operations/huawei-nce-notification-action:establish-subscription","controller_disableSsl":"true","event_details":[{"event_name":"ONT_registration","event_description":"ONTregistartionevent","event_sseventUrlEmbed":"true","event_sseventsField":"output.url","event_sseventsUrl":"null","event_subscriptionTemplate":"./etc/ont_registartion_subscription_template.json","event_unSubscriptionTemplate":"./etc/ont_registartion_unsubscription_template.json","event_ruleId":"12345678","modifyData":"true","modifyMethod": "modifyOntEvent","userData": "remote_id=AC9.0234.0337;svlan=100;cvlan=10;"}]}]'
- # Workaround while DCAEGEN2-3234 is being resolved--hardcording the ${CONTROLLER_USERNAME} and ${CONTROLLER_PASSWORD} until the restconf-collector uses the latest CBS client SDK that can handle multiple substitutions in a string.
- # The line immediately below this one should be used once DCAEGEN-3234 is resolved.
- #rcc_policy: '[{"controller_name":"AccessM&C","controller_restapiUrl":"172.30.0.55:26335","controller_restapiUser":"${CONTROLLER_USERNAME}","controller_restapiPassword":"${CONTROLLER_PASSWORD}","controller_accessTokenUrl":"/rest/plat/smapp/v1/oauth/token","controller_accessTokenFile":"./etc/access-token.json","controller_accessTokenMethod":"put","controller_subsMethod":"post","controller_subscriptionUrl":"/restconf/v1/operations/huawei-nce-notification-action:establish-subscription","controller_disableSsl":"true","event_details":[{"event_name":"ONT_registration","event_description":"ONTregistartionevent","event_sseventUrlEmbed":"true","event_sseventsField":"output.url","event_sseventsUrl":"null","event_subscriptionTemplate":"./etc/ont_registartion_subscription_template.json","event_unSubscriptionTemplate":"./etc/ont_registartion_unsubscription_template.json","event_ruleId":"12345678","modifyData":"true","modifyMethod": "modifyOntEvent","userData": "remote_id=AC9.0234.0337;svlan=100;cvlan=10;"}]}]'
- rcc_policy: '[{"controller_name":"AccessM&C","controller_restapiUrl":"172.30.0.55:26335","controller_restapiUser":"access","controller_restapiPassword":"Huawei@123","controller_accessTokenUrl":"/rest/plat/smapp/v1/oauth/token","controller_accessTokenFile":"./etc/access-token.json","controller_accessTokenMethod":"put","controller_subsMethod":"post","controller_subscriptionUrl":"/restconf/v1/operations/huawei-nce-notification-action:establish-subscription","controller_disableSsl":"true","event_details":[{"event_name":"ONT_registration","event_description":"ONTregistartionevent","event_sseventUrlEmbed":"true","event_sseventsField":"output.url","event_sseventsUrl":"null","event_subscriptionTemplate":"./etc/ont_registartion_subscription_template.json","event_unSubscriptionTemplate":"./etc/ont_registartion_unsubscription_template.json","event_ruleId":"12345678","modifyData":"true","modifyMethod": "modifyOntEvent","userData": "remote_id=AC9.0234.0337;svlan=100;cvlan=10;"}]}]'
+ rcc_policy: '[{"controller_name":"AccessM&C","controller_restapiUrl":"172.30.0.55:26335","controller_restapiUser":"${CONTROLLER_USERNAME}","controller_restapiPassword":"${CONTROLLER_PASSWORD}","controller_accessTokenUrl":"/rest/plat/smapp/v1/oauth/token","controller_accessTokenFile":"./etc/access-token.json","controller_accessTokenMethod":"put","controller_subsMethod":"post","controller_subscriptionUrl":"/restconf/v1/operations/huawei-nce-notification-action:establish-subscription","controller_disableSsl":"true","event_details":[{"event_name":"ONT_registration","event_description":"ONTregistartionevent","event_sseventUrlEmbed":"true","event_sseventsField":"output.url","event_sseventsUrl":"null","event_subscriptionTemplate":"./etc/ont_registartion_subscription_template.json","event_unSubscriptionTemplate":"./etc/ont_registartion_unsubscription_template.json","event_ruleId":"12345678","modifyData":"true","modifyMethod": "modifyOntEvent","userData": "remote_id=AC9.0234.0337;svlan=100;cvlan=10;"}]}]'
#applicationEnv:
# CONTROLLER_IP: "172.30.0.55"
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.collectors.snmptrap:2.0.6
+image: onap/org.onap.dcaegen2.collectors.snmptrap:2.0.7
pullPolicy: Always
# Log directory where logging sidecar should look for log files
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.services.son-handler:2.1.7
+image: onap/org.onap.dcaegen2.services.son-handler:2.1.10
pullPolicy: Always
# Log directory where logging sidecar should look for log files
# Application configuration defaults.
#################################################################
# application image
-image: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.3.2
+image: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.3.4
pullPolicy: Always
# log directory where logging sidecar should look for log files
tca.aai.password: ${AAI_PASSWORD}
tca.aai.url: https://aai:8443
tca.aai.username: ${AAI_USERNAME}
- tca.policy: '{"domain":"measurementsForVfScaling","metricsPerEventName":[{"eventName":"vFirewallBroadcastPackets","controlLoopSchemaType":"VM","policyScope":"DCAE","policyName":"DCAE.Config_tca-hi-lo","policyVersion":"v0.0.1","thresholds":[{"closedLoopControlName":"ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a","version":"1.0.2","fieldPath":"$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedTotalPacketsDelta","thresholdValue":300,"direction":"LESS_OR_EQUAL","severity":"MAJOR","closedLoopEventStatus":"ONSET"},{"closedLoopControlName":"ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a","version":"1.0.2","fieldPath":"$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedTotalPacketsDelta","thresholdValue":700,"direction":"GREATER_OR_EQUAL","severity":"CRITICAL","closedLoopEventStatus":"ONSET"}]},{"eventName":"vLoadBalancer","controlLoopSchemaType":"VM","policyScope":"DCAE","policyName":"DCAE.Config_tca-hi-lo","policyVersion":"v0.0.1","thresholds":[{"closedLoopControlName":"ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3","version":"1.0.2","fieldPath":"$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedTotalPacketsDelta","thresholdValue":300,"direction":"GREATER_OR_EQUAL","severity":"CRITICAL","closedLoopEventStatus":"ONSET"}]},{"eventName":"Measurement_vGMUX","controlLoopSchemaType":"VNF","policyScope":"DCAE","policyName":"DCAE.Config_tca-hi-lo","policyVersion":"v0.0.1","thresholds":[{"closedLoopControlName":"ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e","version":"1.0.2","fieldPath":"$.event.measurementsForVfScalingFields.additionalMeasurements[*].arrayOfFields[0].value","thresholdValue":0,"direction":"EQUAL","severity":"MAJOR","closedLoopEventStatus":"ABATED"},{"closedLoopControlName":"ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e","version":"1.0.2","fieldPath":"$.event.measurementsForVfScalingFields.additionalMeasurements[*].arrayOfFields[0].value","thresholdValue":0,"direction":"GREATER","severity":"CRITICAL","closedLoopEventStatus":"ONSET"}]}]}'
+ tca.policy: "[{\"domain\":\"measurementsForVfScaling\",\"violatedMetricsPerEventName\":[{\"eventName\":\"Mfvs_eNodeB_RANKPI\",\"controlLoopSchemaType\":\"VNF\",\"policyScope\":\"resource=vFirewall;type=configuration\",\"policyName\":\"configuration.dcae.microservice.tca.xml\",\"policyVersion\":\"v0.0.1\",\"thresholds\":[{\"closedLoopControlName\":\"CL-FRWL-LOW-TRAFFIC-SIG-d925ed73-8231-4d02-9545-db4e101f88f8\",\"closedLoopEventStatus\":\"ONSET\",\"version\":\"1.0.2\",\"fieldPath\":\"$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedBroadcastPacketsAccumulated\",\"thresholdValue\":4000,\"direction\":\"LESS_OR_EQUAL\",\"severity\":\"MAJOR\"},{\"closedLoopControlName\":\"CL-FRWL-HIGH-TRAFFIC-SIG-EA36FE84-9342-5E13-A656-EC5F21309A09\",\"closedLoopEventStatus\":\"ONSET\",\"version\":\"1.0.2\",\"fieldPath\":\"$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedBroadcastPacketsAccumulated\",\"thresholdValue\":20000,\"direction\":\"GREATER_OR_EQUAL\",\"severity\":\"CRITICAL\"}]},{\"eventName\":\"vLoadBalancer\",\"controlLoopSchemaType\":\"VNF\",\"policyScope\":\"resource=vLoadBalancer;type=configuration\",\"policyName\":\"configuration.dcae.microservice.tca.xml\",\"policyVersion\":\"v0.0.1\",\"thresholds\":[{\"closedLoopControlName\":\"CL-LBAL-LOW-TRAFFIC-SIG-FB480F95-A453-6F24-B767-FD703241AB1A\",\"closedLoopEventStatus\":\"ONSET\",\"version\":\"1.0.2\",\"fieldPath\":\"$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedBroadcastPacketsAccumulated\",\"thresholdValue\":500,\"direction\":\"LESS_OR_EQUAL\",\"severity\":\"MAJOR\"},{\"closedLoopControlName\":\"CL-LBAL-LOW-TRAFFIC-SIG-0C5920A6-B564-8035-C878-0E814352BC2B\",\"closedLoopEventStatus\":\"ONSET\",\"version\":\"1.0.2\",\"fieldPath\":\"$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedBroadcastPacketsAccumulated\",\"thresholdValue\":5000,\"direction\":\"GREATER_OR_EQUAL\",\"severity\":\"CRITICAL\"}]}]},{\"domain\":\"measurement\",\"metricsPerEventName\":[{\"eventName\":\"vFirewallBroadcastPackets\",\"controlLoopSchemaType\":\"VM\",\"policyScope\":\"DCAE\",\"policyName\":\"DCAE.Config_tca-hi-lo\",\"policyVersion\":\"v0.0.1\",\"thresholds\":[{\"closedLoopControlName\":\"ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a\",\"version\":\"1.0.2\",\"fieldPath\":\"$.event.measurementFields.nicPerformanceArray[*].receivedTotalPacketsDelta\",\"thresholdValue\":300,\"direction\":\"LESS_OR_EQUAL\",\"severity\":\"MAJOR\",\"closedLoopEventStatus\":\"ABATED\"},{\"closedLoopControlName\":\"ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a\",\"version\":\"1.0.2\",\"fieldPath\":\"$.event.measurementFields.nicPerformanceArray[*].receivedTotalPacketsDelta\",\"thresholdValue\":700,\"direction\":\"GREATER_OR_EQUAL\",\"severity\":\"CRITICAL\",\"closedLoopEventStatus\":\"ONSET\"}]},{\"eventName\":\"vLoadBalancer\",\"controlLoopSchemaType\":\"VM\",\"policyScope\":\"DCAE\",\"policyName\":\"DCAE.Config_tca-hi-lo\",\"policyVersion\":\"v0.0.1\",\"thresholds\":[{\"closedLoopControlName\":\"ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3\",\"version\":\"1.0.2\",\"fieldPath\":\"$.event.measurementFields.nicPerformanceArray[*].receivedTotalPacketsDelta\",\"thresholdValue\":300,\"direction\":\"GREATER_OR_EQUAL\",\"severity\":\"CRITICAL\",\"closedLoopEventStatus\":\"ONSET\"}]},{\"eventName\":\"Measurement_vGMUX\",\"controlLoopSchemaType\":\"VNF\",\"policyScope\":\"DCAE\",\"policyName\":\"DCAE.Config_tca-hi-lo\",\"policyVersion\":\"v0.0.1\",\"thresholds\":[{\"closedLoopControlName\":\"ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e\",\"version\":\"1.0.2\",\"fieldPath\":\"$.event.measurementFields.additionalMeasurements[*].arrayOfFields[0].value\",\"thresholdValue\":0,\"direction\":\"EQUAL\",\"severity\":\"MAJOR\",\"closedLoopEventStatus\":\"ABATED\"},{\"closedLoopControlName\":\"ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e\",\"version\":\"1.0.2\",\"fieldPath\":\"$.event.measurementFields.additionalMeasurements[*].arrayOfFields[0].value\",\"thresholdValue\":0,\"direction\":\"GREATER\",\"severity\":\"CRITICAL\",\"closedLoopEventStatus\":\"ONSET\"}]}]}]"
tca.processing_batch_size: 10000
tca.enable_abatement: true
tca.enable_ecomp_logging: true
# Application configuration defaults.
#################################################################
# application image
-image: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.11.0
+image: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.11.1
pullPolicy: Always
# log directory where logging sidecar should look for log files
# Global values
global:
pullPolicy: Always
-image: onap/org.onap.dcaegen2.platform.ves-openapi-manager:1.1.0
+image: onap/org.onap.dcaegen2.platform.ves-openapi-manager:1.2.0
containerPort: &svc_port 8080
service:
onboardingAPIURL: http://dcaemod-onboarding-api:8080/onboarding
# application image
-image: onap/org.onap.dcaegen2.platform.mod.distributorapi:1.1.0
+image: onap/org.onap.dcaegen2.platform.mod.distributorapi:1.1.1
service:
type: ClusterIP
pullPolicy: Always
# application images
-image: onap/dmaap/dmaap-bc:2.0.8
+image: onap/dmaap/dmaap-bc:2.0.10
# application configuration
# Application configuration defaults.
#################################################################
# application image
-image: onap/dmaap/datarouter-node:2.1.10
+image: onap/dmaap/datarouter-node:2.1.11
pullPolicy: Always
# flag to enable debugging - application support required
# Application configuration defaults.
#################################################################
# application image
-image: onap/dmaap/datarouter-prov:2.1.10
+image: onap/dmaap/datarouter-prov:2.1.11
pullPolicy: Always
# flag to enable debugging - application support required
msgRtr.topicfactory.aaf=org.onap.dmaap.mr.topicFactory|:org.onap.dmaap.mr.topic:
enforced.topic.name.AAF=org.onap.dmaap.mr
forceAAF=false
+useCustomAcls=false
transidUEBtopicreqd=false
defaultNSforUEB=org.onap.dmaap.mr
##############################################################################
{{- end }}
- name: srimzi-zk-entrance
image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.zookeeper.entrance.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- /opt/stunnel/stunnel_run.sh
ports:
value: debug
- name: STRIMZI_ZOOKEEPER_CONNECT
value: '{{ include "common.release" . }}-strimzi-zookeeper-client:{{ .Values.global.zkTunnelService.internalPort }}'
- imagePullPolicy: Always
livenessProbe:
exec:
command:
value: {{ .Values.global.saslMechanism }}
- name: enableCadi
value: "{{ .Values.global.aafEnabled }}"
+ - name: useZkTopicStore
+ value: "false"
volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- mountPath: /etc/localtime
name: localtime
# Application configuration defaults.
#################################################################
# application image
-image: onap/dmaap/dmaap-mr:1.3.2
+image: onap/dmaap/dmaap-mr:1.4.3
pullPolicy: Always
zookeeper:
global:
nodePortPrefix: 302
nodePortPrefixExt: 304
- readinessImage: onap/oom/readiness:3.0.1
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- clientImage: onap/dmaap/dbc-client:1.0.9
- repository: nexus3.onap.org:10001
- busyBoxImage: busybox:1.30
- busyBoxRepository: docker.io
+ clientImage: onap/dmaap/dbc-client:2.0.10
#Global DMaaP app config
allow_http: false
#AAF global config overrides
aafEnabled: true
- aafAgentImage: onap/aaf/aaf_agent:2.1.20
- aafAppNs: org.osaaf.aaf
- aafLocatorContainer: oom
#Strimzi config
kafkaBootstrap: strimzi-kafka-bootstrap
--- /dev/null
+server:
+ port: 9102
+ servlet:
+ context-path: /api/holmes-engine-mgmt/v1
+ ssl:
+ key-store: /opt/onap/conf/holmes.keystore
+ key-store-password: holmes
+ #PKCS12
+ key-store-type: JKS
+
+logging:
+ config: classpath:logback-spring.xml
+
+spring:
+ application:
+ name: Holmes Engine Management
+ datasource:
+ dirver-class-name: org.postgresql.Driver
+ url: jdbc:postgresql://${URL_JDBC}:${DB_PORT}/${DB_NAME}
+ username: ${JDBC_USERNAME}
+ password: ${JDBC_PASSWORD}
+ mvc:
+ throw-exception-if-no-handler-found: true
\ No newline at end of file
# Application configuration defaults.
#################################################################
# application image
-image: onap/holmes/engine-management:10.0.5
+image: onap/holmes/engine-management:11.0.0
consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
#################################################################
--- /dev/null
+server:
+ port: 9101
+ servlet:
+ context-path: /api/holmes-rule-mgmt/v1
+ ssl:
+ key-store: /opt/onap/conf/holmes.keystore
+ key-store-password: holmes
+ #PKCS12
+ key-store-type: JKS
+
+logging:
+ config: classpath:logback-spring.xml
+
+spring:
+ application:
+ name: Holmes Rule Management
+ datasource:
+ dirver-class-name: org.postgresql.Driver
+ url: jdbc:postgresql://${URL_JDBC}:${DB_PORT}/${DB_NAME}
+ username: ${JDBC_USERNAME}
+ password: ${JDBC_PASSWORD}
+ mvc:
+ throw-exception-if-no-handler-found: true
\ No newline at end of file
import org.onap.holmes.common.api.stat.VesAlarm;
import org.onap.holmes.common.aai.CorrelationUtil;
import org.onap.holmes.common.dmaap.entity.PolicyMsg;
-import org.onap.holmes.common.dropwizard.ioc.utils.ServiceLocatorHolder;
+import org.onap.holmes.common.utils.SpringContextUtil;
import org.onap.holmes.common.utils.DroolsLog;
rule "Relation_analysis_Rule"
$child : VesAlarm( eventId != $eventId, parentId == null,
CorrelationUtil.getInstance().isTopologicallyRelated(sourceId, $sourceId, $sourceName),
eventName in ("Fault_MME_eNodeB out of service alarm"),
- startEpochMicrosec < $startEpochMicrosec + 60000 && startEpochMicrosec > $startEpochMicrosec - 60000 )
+ startEpochMicrosec < $startEpochMicrosec + 60000 && startEpochMicrosec > $startEpochMicrosec - 60000)
then
DroolsLog.printInfo("===========================================================");
DroolsLog.printInfo("Relation_analysis_Rule: rootId=" + $root.getEventId() + ", childId=" + $child.getEventId());
then
DroolsLog.printInfo("===========================================================");
DroolsLog.printInfo("root_has_child_handle_Rule: rootId=" + $root.getEventId() + ", childId=" + $child.getEventId());
- DmaapService dmaapService = ServiceLocatorHolder.getLocator().getService(DmaapService.class);
+ DmaapService dmaapService = SpringContextUtil.getBean(DmaapService.class);
PolicyMsg policyMsg = dmaapService.getPolicyMsg($root, $child, "org.onap.holmes.droolsRule");
dmaapService.publishPolicyMsg(policyMsg, "dcae_cl_out");
$root.setRootFlag(1);
then
DroolsLog.printInfo("===========================================================");
DroolsLog.printInfo("root_no_child_handle_Rule: rootId=" + $root.getEventId());
- DmaapService dmaapService = ServiceLocatorHolder.getLocator().getService(DmaapService.class);
+ DmaapService dmaapService = SpringContextUtil.getBean(DmaapService.class);
PolicyMsg policyMsg = dmaapService.getPolicyMsg($root, null, "org.onap.holmes.droolsRule");
dmaapService.publishPolicyMsg(policyMsg, "dcae_cl_out");
$root.setRootFlag(1);
then
DroolsLog.printInfo("===========================================================");
DroolsLog.printInfo("root_cleared_handle_Rule: rootId=" + $root.getEventId());
- DmaapService dmaapService = ServiceLocatorHolder.getLocator().getService(DmaapService.class);
+ DmaapService dmaapService = SpringContextUtil.getBean(DmaapService.class);
PolicyMsg policyMsg = dmaapService.getPolicyMsg($root, null, "org.onap.holmes.droolsRule");
dmaapService.publishPolicyMsg(policyMsg, "dcae_cl_out");
retract($root);
DroolsLog.printInfo("===========================================================");
DroolsLog.printInfo("child_handle_Rule: childId=" + $child.getEventId());
retract($child);
-end
+end
\ No newline at end of file
# Application configuration defaults.
#################################################################
# application image
-image: onap/holmes/rule-management:10.0.5
+image: onap/holmes/rule-management:11.0.0
consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
#################################################################
*/}}
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- annotations:
- sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
{{ include "common.certInitializer.initContainer" . | indent 6 | trim }}
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.name }}
- - containerPort: {{ .Values.service.internalPortHttps }}
- name: {{ .Values.service.name }}-https
+ ports: {{- include "common.containerPorts" . | indent 10 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
- port: {{ .Values.service.internalPort }}
+ port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end -}}
readinessProbe:
tcpSocket:
- port: {{ .Values.service.internalPort }}
+ port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
readOnly: true
- mountPath: /usr/local/apiroute-works/logs
name: {{ include "common.fullname" . }}-logs
+ {{- if (include "common.needTLS" .) }}
- mountPath: /usr/local/openresty/nginx/msb-enabled/msbhttps.conf
name: {{ include "common.fullname" . }}-nginx-conf
subPath: msbhttps.conf
+ {{- end }}
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
- name: {{ include "common.fullname" . }}-log-conf
configMap:
name: {{ include "common.fullname" . }}-log
+ {{- if (include "common.needTLS" .) }}
- name: {{ include "common.fullname" . }}-nginx-conf
configMap:
name: {{ include "common.fullname" . }}-nginx
+ {{- end }}
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix . )) | nindent 8 }}
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Values.service.name }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPortHttps }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePortHttps }}
- name: https-{{ .Values.service.name }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: http-{{ .Values.service.name }}
- - port: {{ .Values.service.externalPortHttps }}
- targetPort: {{ .Values.service.internalPortHttps }}
- name: https-{{ .Values.service.name }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }}
\ No newline at end of file
service:
type: NodePort
name: msb-eag
- externalPort: 80
- internalPort: 80
- externalPortHttps: 443
- internalPortHttps: 443
- nodePortHttps: 84
+ both_tls_and_plain: true
+ # for liveness and readiness probe only
+ # internalPort:
+ internalPort: 443
+ internalPlainPort: 80
+ ports:
+ - name: msb-eag
+ port: 443
+ plain_port: 80
+ port_protocol: http
+ nodePort: '84'
ingress:
enabled: false
*/}}
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- annotations:
- sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
{{ include "common.certInitializer.initContainer" . | indent 6 | trim }}
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.name }}
- - containerPort: {{ .Values.service.internalPortHttps }}
- name: {{ .Values.service.name }}-https
+ ports: {{- include "common.containerPorts" . | indent 10 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
- port: {{ .Values.service.internalPort }}
+ port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end -}}
readinessProbe:
tcpSocket:
- port: {{ .Values.service.internalPort }}
+ port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
readOnly: true
- mountPath: /usr/local/apiroute-works/logs
name: {{ include "common.fullname" . }}-logs
+ {{- if (include "common.needTLS" .) }}
- mountPath: /usr/local/openresty/nginx/msb-enabled/msbhttps.conf
name: {{ include "common.fullname" . }}-nginx-conf
subPath: msbhttps.conf
+ {{- end }}
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
- name: {{ include "common.fullname" . }}-log-conf
configMap:
name: {{ include "common.fullname" . }}-log
+ {{- if (include "common.needTLS" .) }}
- name: {{ include "common.fullname" . }}-nginx-conf
configMap:
name: {{ include "common.fullname" . }}-nginx
+ {{- end }}
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix . )) | nindent 8 }}
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Values.service.name }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPortHttps }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePortHttps }}
- name: https-{{ .Values.service.name }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: http-{{ .Values.service.name }}
- - port: {{ .Values.service.externalPortHttps }}
- targetPort: {{ .Values.service.internalPortHttps }}
- name: https-{{ .Values.service.name }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }}
\ No newline at end of file
service:
type: NodePort
name: msb-iag
- externalPort: 80
- internalPort: 80
- nodePort: 80
- externalPortHttps: 443
- internalPortHttps: 443
- nodePortHttps: 83
+ both_tls_and_plain: true
+ # for liveness and readiness probe only
+ # internalPort:
+ internalPort: 443
+ internalPlainPort: 80
+ ports:
+ - name: msb-iag
+ port: 443
+ plain_port: 80
+ port_protocol: http
+ nodePort: '83'
ingress:
enabled: false
containers:
- env:
- name: MSB_PROTO
- value: {{ .Values.config.msbprotocol }}
+ value: "{{ if (include "common.needTLS" .) }}https{{ else }}http{{ end }}"
- name: MSB_ADDR
value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}"
- name: MSB_PORT
- value: "{{ .Values.config.msbPort }}"
+ value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.msbPort }}{{ else }}{{ .Values.config.msbPlainPort }}{{ end }}"
- name: AAI_ADDR
- value: aai.{{ include "common.namespace" . }}
+ value: "aai.{{ include "common.namespace" . }}"
- name: AAI_PORT
- value: "{{ .Values.config.aai.port }}"
+ value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.aai.aaiPort }}{{ else }}{{ .Values.config.aai.aaiPlainPort }}{{ end }}"
- name: AAI_SCHEMA_VERSION
value: "{{ .Values.config.aai.schemaVersion }}"
- name: AAI_USERNAME
- name: AAI_PASSWORD
value: "{{ .Values.config.aai.password }}"
- name: SSL_ENABLED
- value: "{{ .Values.config.ssl_enabled }}"
+ value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.ssl_enabled }}{{ else }}false{{ end }}"
name: {{ include "common.name" . }}
volumeMounts:
- mountPath: "{{ .Values.log.path }}"
httpGet:
path: /api/multicloud-fcaps/v1/healthcheck
port: {{ .Values.service.internalPort }}
- scheme: HTTPS
+ scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
"url": "/api/multicloud-fcaps/v0",
"protocol": "REST",
"port": "{{ .Values.service.externalPort }}",
- "enable_ssl": {{ .Values.config.ssl_enabled }},
+ "enable_ssl": {{ if (include "common.needTLS" .) }}{{ .Values.config.ssl_enabled }}{{ else }}false{{ end }},
"visualRange": "1"
},
{
"url": "/api/multicloud-fcaps/v1",
"protocol": "REST",
"port": "{{ .Values.service.externalPort }}",
- "enable_ssl": {{ .Values.config.ssl_enabled }},
+ "enable_ssl": {{ if (include "common.needTLS" .) }}{{ .Values.config.ssl_enabled }}{{ else }}false{{ end }},
"visualRange": "1"
}
]'
pullPolicy: Always
#Istio sidecar injection policy
-istioSidecar: false
+istioSidecar: true
# application configuration
config:
ssl_enabled: true
- msbprotocol: https
msbgateway: msb-iag
msbPort: 443
+ msbPlainPort: 80
aai:
- port: 8443
+ aaiPort: 8443
+ aaiPlainPort: 8080
schemaVersion: v13
username: AAI
password: AAI
service:
type: ClusterIP
name: multicloud-fcaps
- portName: multicloud-fcaps
+ portName: http
externalPort: 9011
internalPort: 9011
nodePort: 87
"port":9014,
"userName":"healthcheck",
"password":"zb!XztG34",
- "https":true
+ "https":{{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
},
"receptionHandlerParameters":{
"SDCReceptionHandler":{
"sdcConfiguration":{
"parameterClassName":"org.onap.policy.distribution.reception.handling.sdc.SdcReceptionHandlerConfigurationParameterGroup",
"parameters":{
- "asdcAddress": "sdc-be.{{ include "common.namespace" . }}:8443",
+ "asdcAddress": "sdc-be.{{ include "common.namespace" . }}:{{ (eq "true" (include "common.needTLS" .)) | ternary 8443 8080 }}",
"messageBusAddress": [
"message-router.{{ include "common.namespace" . }}"
],
"keystorePassword": "null",
"activeserverTlsAuth": false,
"isFilterinEmptyResources": true,
- "isUseHttpsWithDmaap": false
+ "isUseHttpsWithDmaap": false,
+ "isUseHttpsWithSDC": {{ (eq "true" (include "common.needTLS" .)) | ternary true false }},
+ "httpsproxyHost": "null",
+ "httpproxyHost": "null",
+ "httpsproxyPort": 8181,
+ "httpproxyPort": 8080
}
}
},
"k8sConfiguration":{
"parameterClassName":"org.onap.policy.distribution.forwarding.k8s.K8sArtifactForwarderParameterGroup",
"parameters":{
- "useHttps": true,
+ "useHttps": {{ (eq "true" (include "common.needTLS" .)) | ternary true false }},
"hostname": "pdp",
"port": 8081,
"userName": "testpdp",
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.artifactImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: framework-artifactbroker
command: ["/opt/app/distribution/bin/artifact-dist.sh"]
args: ["/opt/app/distribution/etc/mounted/config.json"]
global:
nodePortPrefixExt: 304
persistence: {}
- artifactImage: onap/multicloud/framework-artifactbroker:1.7.3
+ artifactImage: onap/multicloud/framework-artifactbroker:1.8.1
#################################################################
# Application configuration defaults.
service:
type: ClusterIP
name: multicloud-k8s
- portName: multicloud-k8s
+ portName: http
internalPort: 9015
externalPort: 9015
nodePort: 98
containers:
- env:
- name: MSB_PROTO
- value: {{ .Values.config.msbprotocol }}
+ value: "{{ if (include "common.needTLS" .) }}https{{ else }}http{{ end }}"
- name: MSB_ADDR
value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}"
- name: MSB_PORT
- value: "{{ .Values.config.msbPort }}"
+ value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.msbPort }}{{ else }}{{ .Values.config.msbPlainPort }}{{ end }}"
- name: AAI_ADDR
- value: aai.{{ include "common.namespace" . }}
+ value: "aai.{{ include "common.namespace" . }}"
- name: AAI_PORT
- value: "{{ .Values.config.aai.port }}"
+ value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.aai.aaiPort }}{{ else }}{{ .Values.config.aai.aaiPlainPort }}{{ end }}"
- name: AAI_SCHEMA_VERSION
value: "{{ .Values.config.aai.schemaVersion }}"
- name: AAI_USERNAME
- name: AAI_PASSWORD
value: "{{ .Values.config.aai.password }}"
- name: SSL_ENABLED
- value: "{{ .Values.config.ssl_enabled }}"
+ value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.ssl_enabled }}{{ else }}false{{ end }}"
name: {{ include "common.name" . }}
volumeMounts:
- mountPath: "{{ .Values.log.path }}"
# application configuration
config:
ssl_enabled: false
- msbprotocol: https
msbgateway: msb-iag
msbPort: 443
+ msbPlainPort: 80
aai:
- port: 8443
+ aaiPort: 8443
+ aaiPlainPort: 8080
schemaVersion: v13
username: AAI
password: AAI
service:
type: ClusterIP
name: multicloud-pike
- portName: multicloud-pike
+ portName: http
externalPort: 9007
internalPort: 9007
nodePort: 96
service:
type: ClusterIP
name: multicloud-prometheus
- portName: multicloud-prometheus
+ portName: http
internalPort: 9090
externalPort: 9090
"port":9014,
"userName":"healthcheck",
"password":"zb!XztG34",
- "https":true
+ "https":{{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
},
"receptionHandlerParameters":{
"SDCReceptionHandler":{
"sdcConfiguration":{
"parameterClassName":"org.onap.policy.distribution.reception.handling.sdc.SdcReceptionHandlerConfigurationParameterGroup",
"parameters":{
- "asdcAddress": "sdc-be.{{ include "common.namespace" . }}:8443",
+ "asdcAddress": "sdc-be.{{ include "common.namespace" . }}:{{ (eq "true" (include "common.needTLS" .)) | ternary 8443 8080 }}",
"messageBusAddress": [
"message-router.{{ include "common.namespace" . }}"
],
"keystorePassword": "null",
"activeserverTlsAuth": false,
"isFilterinEmptyResources": true,
- "isUseHttpsWithDmaap": false
+ "isUseHttpsWithDmaap": false,
+ "isUseHttpsWithSDC": {{ (eq "true" (include "common.needTLS" .)) | ternary true false }},
+ "httpsproxyHost": "null",
+ "httpproxyHost": "null",
+ "httpsproxyPort": 8181,
+ "httpproxyPort": 8080
}
}
},
containers:
- env:
- name: MSB_PROTO
- value: {{ .Values.config.msbprotocol }}
+ value: "{{ if (include "common.needTLS" .) }}https{{ else }}http{{ end }}"
- name: MSB_ADDR
value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}"
- name: MSB_PORT
- value: "{{ .Values.config.msbPort }}"
+ value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.msbPort }}{{ else }}{{ .Values.config.msbPlainPort }}{{ end }}"
- name: AAI_ADDR
- value: aai.{{ include "common.namespace" . }}
+ value: "aai.{{ include "common.namespace" . }}"
- name: AAI_PORT
- value: "{{ .Values.config.aai.port }}"
+ value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.aai.aaiPort }}{{ else }}{{ .Values.config.aai.aaiPlainPort }}{{ end }}"
- name: AAI_SCHEMA_VERSION
value: "{{ .Values.config.aai.schemaVersion }}"
- name: AAI_USERNAME
- name: AAI_PASSWORD
value: "{{ .Values.config.aai.password }}"
- name: SSL_ENABLED
- value: "{{ .Values.config.ssl_enabled }}"
+ value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.ssl_enabled }}{{ else }}false{{ end }}"
name: {{ include "common.name" . }}
volumeMounts:
- mountPath: "{{ .Values.log.path }}"
httpGet:
path: /api/multicloud-starlingx/v0/swagger.json
port: {{ .Values.service.internalPort }}
- scheme: HTTPS
+ scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
"url": "/api/multicloud-starlingx/v0",
"protocol": "REST",
"port": "{{ .Values.service.externalPort }}",
- "enable_ssl": {{ .Values.config.ssl_enabled }},
+ "enable_ssl": {{ if (include "common.needTLS" .) }}{{ .Values.config.ssl_enabled }}{{ else }}false{{ end }},
"visualRange": "1"
},
{
"url": "/api/multicloud-starlingx/v1",
"protocol": "REST",
"port": "{{ .Values.service.externalPort }}",
- "enable_ssl": {{ .Values.config.ssl_enabled }},
+ "enable_ssl": {{ if (include "common.needTLS" .) }}{{ .Values.config.ssl_enabled }}{{ else }}false{{ end }},
"visualRange": "1"
}
]'
#################################################################
global:
nodePortPrefixExt: 304
- artifactImage: onap/multicloud/framework-artifactbroker:1.7.3
+ artifactImage: onap/multicloud/framework-artifactbroker:1.8.1
#################################################################
# Application configuration defaults.
# application configuration
config:
ssl_enabled: true
- msbprotocol: https
msbgateway: msb-iag
msbPort: 443
+ msbPlainPort: 80
aai:
- port: 8443
+ aaiPort: 8443
+ aaiPlainPort: 8080
schemaVersion: v13
username: AAI
password: AAI
spec:
containers:
- env:
+ - name: MSB_PROTO
+ value: "{{ if (include "common.needTLS" .) }}https{{ else }}http{{ end }}"
- name: MSB_ADDR
- value: "{{ .Values.config.msbgateway }}"
+ value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}"
- name: MSB_PORT
- value: "{{ .Values.config.msbPort }}.{{ include "common.namespace" . }}"
+ value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.msbPort }}{{ else }}{{ .Values.config.msbPlainPort }}{{ end }}"
- name: AAI_ADDR
- value: aai.{{ include "common.namespace" . }}
+ value: "aai.{{ include "common.namespace" . }}"
- name: AAI_PORT
- value: "{{ .Values.config.aai.port }}"
+ value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.aai.aaiPort }}{{ else }}{{ .Values.config.aai.aaiPlainPort }}{{ end }}"
- name: AAI_SCHEMA_VERSION
value: "{{ .Values.config.aai.schemaVersion }}"
- name: AAI_USERNAME
# Application configuration defaults.
#################################################################
# application image
-image: onap/multicloud/vio:1.4.1
+image: onap/multicloud/vio:1.4.2
pullPolicy: Always
#Istio sidecar injection policy
# application configuration
config:
msbgateway: msb-iag
- msbPort: 80
+ msbPort: 443
+ msbPlainPort: 80
aai:
- port: 8443
+ aaiPort: 8443
+ aaiPlainPort: 8080
schemaVersion: v13
username: AAI
password: AAI
service:
type: ClusterIP
name: multicloud-vio
- portName: multicloud-vio
+ portName: http
externalPort: 9004
internalPort: 9004
nodePort: 92
"port":9014,
"userName":"healthcheck",
"password":"zb!XztG34",
- "https":true
+ "https":{{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
},
"receptionHandlerParameters":{
"SDCReceptionHandler":{
"sdcConfiguration":{
"parameterClassName":"org.onap.policy.distribution.reception.handling.sdc.SdcReceptionHandlerConfigurationParameterGroup",
"parameters":{
- "asdcAddress": "sdc-be.{{ include "common.namespace" . }}:8443",
+ "asdcAddress": "sdc-be.{{ include "common.namespace" . }}:{{ (eq "true" (include "common.needTLS" .)) | ternary 8443 8080 }}",
"messageBusAddress": [
"message-router.{{ include "common.namespace" . }}"
],
"keystorePassword": "null",
"activeserverTlsAuth": false,
"isFilterinEmptyResources": true,
- "isUseHttpsWithDmaap": false
+ "isUseHttpsWithDmaap": false,
+ "isUseHttpsWithSDC": {{ (eq "true" (include "common.needTLS" .)) | ternary true false }},
+ "httpsproxyHost": "null",
+ "httpproxyHost": "null",
+ "httpsproxyPort": 8181,
+ "httpproxyPort": 8080
}
}
},
containers:
- env:
- name: MSB_PROTO
- value: {{ .Values.config.msbprotocol }}
+ value: "{{ if (include "common.needTLS" .) }}https{{ else }}http{{ end }}"
- name: MSB_ADDR
value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}"
- name: MSB_PORT
- value: "{{ .Values.config.msbPort }}"
+ value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.msbPort }}{{ else }}{{ .Values.config.msbPlainPort }}{{ end }}"
- name: AAI_ADDR
- value: aai.{{ include "common.namespace" . }}
+ value: "aai.{{ include "common.namespace" . }}"
- name: AAI_PORT
- value: "{{ .Values.config.aai.port }}"
+ value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.aai.aaiPort }}{{ else }}{{ .Values.config.aai.aaiPlainPort }}{{ end }}"
- name: AAI_SCHEMA_VERSION
value: "{{ .Values.config.aai.schemaVersion }}"
- name: AAI_USERNAME
- name: AAI_PASSWORD
value: "{{ .Values.config.aai.password }}"
- name: SSL_ENABLED
- value: "{{ .Values.config.ssl_enabled }}"
+ value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.ssl_enabled }}{{ else }}false{{ end }}"
name: {{ include "common.name" . }}
volumeMounts:
- mountPath: "{{ .Values.log.path }}"
httpGet:
path: /api/multicloud-titaniumcloud/v1/swagger.json
port: {{ .Values.service.internalPort }}
- scheme: HTTPS
+ scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
"url": "/api/multicloud-titanium_cloud/v0",
"protocol": "REST",
"port": "{{ .Values.service.externalPort }}",
- "enable_ssl": {{ .Values.config.ssl_enabled }},
+ "enable_ssl": {{ if (include "common.needTLS" .) }}{{ .Values.config.ssl_enabled }}{{ else }}false{{ end }},
"visualRange": "1"
},
{
"url": "/api/multicloud-titaniumcloud/v0",
"protocol": "REST",
"port": "{{ .Values.service.externalPort }}",
- "enable_ssl": {{ .Values.config.ssl_enabled }},
+ "enable_ssl": {{ if (include "common.needTLS" .) }}{{ .Values.config.ssl_enabled }}{{ else }}false{{ end }},
"visualRange": "1"
},
{
"url": "/api/multicloud-titaniumcloud/v1",
"protocol": "REST",
"port": "{{ .Values.service.externalPort }}",
- "enable_ssl": {{ .Values.config.ssl_enabled }},
+ "enable_ssl": {{ if (include "common.needTLS" .) }}{{ .Values.config.ssl_enabled }}{{ else }}false{{ end }},
"visualRange": "1"
}
]'
#################################################################
global:
nodePortPrefix: 302
- artifactImage: onap/multicloud/framework-artifactbroker:1.7.3
+ artifactImage: onap/multicloud/framework-artifactbroker:1.8.1
persistence: {}
#################################################################
# application configuration
config:
ssl_enabled: true
- msbprotocol: https
msbgateway: msb-iag
msbPort: 443
+ msbPlainPort: 80
aai:
- port: 8443
+ aaiPort: 8443
+ aaiPlainPort: 8080
schemaVersion: v13
username: AAI
password: AAI
containers:
- env:
- name: MSB_PROTO
- value: {{ .Values.config.msbprotocol }}
+ value: "{{ if (include "common.needTLS" .) }}https{{ else }}http{{ end }}"
- name: MSB_ADDR
- value: {{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}
+ value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}"
- name: MSB_PORT
- value: "{{ .Values.config.msbPort }}"
+ value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.msbPort }}{{ else }}{{ .Values.config.msbPlainPort }}{{ end }}"
- name: AAI_ADDR
value: "aai.{{ include "common.namespace" . }}"
- name: AAI_PORT
- value: "{{ .Values.config.aai.port }}"
+ value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.aai.aaiPort }}{{ else }}{{ .Values.config.aai.aaiPlainPort }}{{ end }}"
- name: AAI_SCHEMA_VERSION
value: "{{ .Values.config.aai.schemaVersion }}"
- name: AAI_USERNAME
- name: AAI_PASSWORD
value: "{{ .Values.config.aai.password }}"
- name: SSL_ENABLED
- value: "{{ .Values.config.ssl_enabled }}"
+ value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.ssl_enabled }}{{ else }}false{{ end }}"
resources:
{{ include "common.resources" . | indent 12 }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
httpGet:
path: /api/multicloud/v0/swagger.json
port: {{ .Values.service.internalPort }}
- scheme: HTTPS
+ scheme: "{{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}"
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
apiVersion: v1
kind: Service
metadata:
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.name }}
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
"url": "/api/multicloud/v0",
"protocol": "REST",
"port": "{{ .Values.service.externalPort }}",
+ {{if (include "common.needTLS" .) -}}
"enable_ssl": {{ .Values.config.ssl_enabled }},
+ {{- else -}}
+ "enable_ssl": false,
+ {{- end}}
"visualRange": "1"
},
{
"url": "/api/multicloud/v1",
"protocol": "REST",
"port": "{{ .Values.service.externalPort }}",
- "enable_ssl": {{ .Values.config.ssl_enabled }},
+ "enable_ssl": {{ if (include "common.needTLS" .) }}{{ .Values.config.ssl_enabled }}{{ else }}false{{ end }},
"visualRange": "1"
}
]'
#################################################################
global:
nodePortPrefix: 302
- artifactImage: onap/multicloud/framework-artifactbroker:1.7.3
+ artifactImage: onap/multicloud/framework-artifactbroker:1.8.1
prometheus:
enabled: false
persistence: {}
# Application configuration defaults.
#################################################################
# application image
-image: onap/multicloud/framework:1.7.3
+image: onap/multicloud/framework:1.8.1
pullPolicy: Always
#Istio sidecar injection policy
# application configuration
config:
ssl_enabled: true
- msbprotocol: https
msbgateway: msb-iag
- msbPort: 443
logstashServiceName: log-ls
logstashPort: 5044
+ msbPort: 443
+ msbPlainPort: 80
aai:
- port: 8443
+ aaiPort: 8443
+ aaiPlainPort: 8080
schemaVersion: v13
username: AAI
password: AAI
service:
type: ClusterIP
name: multicloud
- portName: multicloud-framework
+ portName: http
externalPort: 9001
internalPort: 9001
nodePort: 91
global: # global defaults
nodePortPrefix: 302
image:
- optf_has: onap/optf-has:2.3.0
+ optf_has: onap/optf-has:2.3.1
#################################################################
# secrets metaconfig
global:
image:
- optf_has: onap/optf-has:2.3.0
+ optf_has: onap/optf-has:2.3.1
#################################################################
# Secrets metaconfig
global:
image:
- optf_has: onap/optf-has:2.3.0
+ optf_has: onap/optf-has:2.3.1
#################################################################
# secrets metaconfig
global:
image:
- optf_has: onap/optf-has:2.3.0
+ optf_has: onap/optf-has:2.3.1
#################################################################
# secrets metaconfig
global:
image:
- optf_has: onap/optf-has:2.3.0
+ optf_has: onap/optf-has:2.3.1
#################################################################
# secrets metaconfig
# Base URL for DCAE, up to and not including the version, and without a
# trailing slash. (string value)
-server_url = https://{{.Values.config.dcae.service}}.{{ include "common.namespace" . }}:{{.Values.config.dcae.port}}
+server_url = http://{{.Values.config.dcae.service}}.{{ include "common.namespace" . }}:{{.Values.config.dcae.port}}
# Timeout for DCAE Rest Call (string value)
#dcae_rest_timeout = 30
# Password for DCAE. (string value)
#password =
-get_slice_config_url = "/api/v1/slices-config"
\ No newline at end of file
+get_slice_config_url = "/api/v1/slices-config"
global:
commonConfigPrefix: onap-oof-has
image:
- optf_has: onap/optf-has:2.3.0
+ optf_has: onap/optf-has:2.3.1
persistence:
enabled: true
resources: *etcd-resources
# Python doesn't support well dollar sign in password
-passwordStrengthOverride: basic
\ No newline at end of file
+passwordStrengthOverride: basic
# Application configuration defaults.
#################################################################
# application image
-image: onap/optf-osdf:3.0.6
+image: onap/optf-osdf:3.0.7
pullPolicy: Always
# flag to enable debugging - application support required
# Deployment configuration
deployment:
name: oom-certservice-cmpv2issuer
- image: onap/org.onap.oom.platform.cert-service.oom-certservice-k8s-external-provider:2.5.0
+ image: onap/org.onap.oom.platform.cert-service.oom-certservice-k8s-external-provider:2.6.0
proxyImage: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.0
# fol local development use IfNotPresent
pullPolicy: Always
# Deployment configuration
repository: "nexus3.onap.org:10001"
-image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.5.0
+image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.6.0
pullPolicy: Always
replicaCount: 1
version: ~11.x-0
repository: 'file://components/policy-distribution'
condition: policy-distribution.enabled
- - name: policy-clamp-be
- version: ~11.x-0
- repository: 'file://components/policy-clamp-be'
- condition: policy-clamp-be.enabled
- name: policy-clamp-ac-k8s-ppnt
version: ~11.x-0
repository: 'file://components/policy-clamp-ac-k8s-ppnt'
"port": 6969,
"userName": "${RESTSERVER_USER}",
"password": "${RESTSERVER_PASSWORD}",
- "https": true,
+ "https": {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }},
"prometheus": true
},
"pdpStatusParameters":{
"topicSources" : [{
"topic" : "POLICY-PDP-PAP",
"servers" : [ "message-router" ],
- "useHttps" : true,
+ "useHttps" : {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }},
"fetchTimeout": 15000,
"topicCommInfrastructure" : "dmaap"
}],
"topicSinks" : [{
"topic" : "POLICY-PDP-PAP",
"servers" : [ "message-router" ],
- "useHttps" : true,
+ "useHttps" : {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }},
"topicCommInfrastructure" : "dmaap"
}]
}
{{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.externalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
{{- else -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
{{- end}}
selector:
app: {{ include "common.name" . }}
# ============LICENSE_START=======================================================
# Copyright (C) 2018 Ericsson. All rights reserved.
# Modifications Copyright (C) 2020 AT&T Intellectual Property.
+# Modifications Copyright © 2022 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }}
- name: RESTSERVER_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "password") | indent 10 }}
+{{- if .Values.config.useStrimziKafka }}
+ - name: JAASLOGIN
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-kafka-user" "key" "sasl.jaas.config") | indent 10 }}
+{{- end }}
volumeMounts:
- mountPath: /config-input
name: apexconfig-input
# ============LICENSE_START=======================================================
# Copyright (C) 2018 Ericsson. All rights reserved.
# Modifications Copyright (C) 2019-2021 AT&T Intellectual Property.
+# Modifications Copyright © 2022 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
password: '{{ .Values.certStores.keyStorePassword }}'
passwordPolicy: required
+ - uid: policy-kafka-user
+ externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
+ type: genericKV
+ envs:
+ - name: sasl.jaas.config
+ value: '{{ .Values.config.someConfig }}'
+ policy: generate
#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-apex-pdp:2.7.3
+image: onap/policy-apex-pdp:2.8.0
pullPolicy: Always
# flag to enable debugging - application support required
service:
type: ClusterIP
name: policy-apex-pdp
- portName: policy-apex-pdp
+ portName: http
externalPort: 6969
internalPort: 6969
nodePort: 37
chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
release: '{{ include "common.release" . }}'
heritage: '{{ .Release.Service }}'
+
+# application configuration
+config:
+# Event consumption (kafka) properties
+ useStrimziKafka: true
+ kafkaBootstrap: strimzi-kafka-bootstrap
+ kafka:
+ consumer:
+ groupId: policy-group
+ app:
+ listener:
+ policyPdpPapTopic: policy-pdp-pap
+# If targeting a custom kafka cluster, ie useStrimziKakfa: false
+# uncomment below config and target your kafka bootstrap servers,
+# along with any other security config.
+#
+# eventConsumption:
+# spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
+# spring.kafka.security.protocol: PLAINTEXT
+# spring.kafka.consumer.group-id: policy-group
+#
+# Any new property can be added in the env by setting in overrides in the format mentioned below
+# All the added properties must be in "key: value" format instead of yaml.
# ============LICENSE_START=======================================================
# Copyright (C) 2022 Bell Canada. All rights reserved.
+# Modifications Copyright (C) 2022 AT&T Intellectual Property.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
server:
port: {{ .Values.service.internalPort }}
+ ssl:
+ enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
spring:
security.user:
password: "${RESTSERVER_PASSWORD}"
mvc.converters.preferred-json-mapper: gson
datasource:
- url: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort}}/policyadmin
+ url: jdbc:mariadb://{{ .Values.db.service.name }}/policyadmin
driverClassName: org.mariadb.jdbc.Driver
username: "${SQL_USER}"
password: "${SQL_PASSWORD}"
name: PolicyProviderParameterGroup
implementation: org.onap.policy.models.provider.impl.DatabasePolicyModelsProviderImpl
driver: org.mariadb.jdbc.Driver
- url: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort}}/policyadmin
+ url: jdbc:mariadb://{{ .Values.db.service.name }}/policyadmin
user: "${SQL_USER}"
password: "${SQL_PASSWORD}"
persistenceUnit: PolicyDb
policy-preload:
policyTypes:
- policytypes/onap.policies.monitoring.tcagen2.yaml
+ - policytypes/onap.policies.monitoring.tcagen2.v2.yaml
- policytypes/onap.policies.monitoring.dcaegen2.collectors.datafile.datafile-app-server.yaml
- policytypes/onap.policies.monitoring.dcae-restconfcollector.yaml
- policytypes/onap.policies.monitoring.dcae-pm-subscription-handler.yaml
httpHeaders:
- name: Authorization
value: Basic {{ printf "%s:%s" .Values.restServer.user .Values.restServer.password | b64enc }}
- scheme: {{ .Values.readiness.scheme }}
+ scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}
successThreshold: {{ .Values.readiness.successThreshold }}
failureThreshold: {{ .Values.readiness.failureThreshold }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
{{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
{{- else -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
{{- end}}
selector:
app: {{ include "common.name" . }}
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-api:2.6.3
+image: onap/policy-api:2.7.0
pullPolicy: Always
# flag to enable debugging - application support required
initialDelaySeconds: 10
periodSeconds: 120
api: /policy/api/v1/healthcheck
- scheme: HTTPS
successThreshold: 1
failureThreshold: 3
timeout: 60
service:
type: ClusterIP
name: policy-api
- portName: policy-api
+ portName: http
externalPort: 6969
internalPort: 6969
nodePort: 40
password: ${RESTSERVER_PASSWORD}
{{- if .Values.config.useStrimziKafka }}
kafka:
+ consumer:
+ group-id: {{ .Values.config.kafka.consumer.groupId }}
bootstrap-servers: {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
security.protocol: SASL_PLAINTEXT
properties.sasl:
mechanism: SCRAM-SHA-512
jaas.config: ${JAASLOGIN}
{{ else }}
-{{ toYaml .Values.config.eventPublisher | nindent 2 }}
+{{ toYaml .Values.config.eventConsumption | nindent 2 }}
{{- end }}
-{{- if .Values.config.additional }}
-{{ toYaml .Values.config.additional | nindent 2 }}
-{{- end }}
security:
enable-csrf: false
- ${topicServer:message-router}
topicCommInfrastructure: dmaap
fetchTimeout: 15000
- useHttps: true
+ useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
topicSinks:
- topic: POLICY-ACRUNTIME-PARTICIPANT
servers:
- ${topicServer:message-router}
topicCommInfrastructure: dmaap
- useHttps: true
+ useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
+# If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below
+# clampAutomationCompositionTopics:
+# topicSources:
+# - topic: policy-acruntime-participant
+# servers:
+# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
+# topicCommInfrastructure: kafka
+# fetchTimeout: 15000
+# useHttps: true
+# additionalProps:
+# security.protocol: SASL_PLAINTEXT
+# sasl.mechanism: SCRAM-SHA-512
+# sasl.jaas.config: ${JAASLOGIN}
+# topicSinks:
+# - topic: policy-acruntime-participant
+# servers:
+# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
+# topicCommInfrastructure: kafka
+# useHttps: true
+# additionalProps:
+# security.protocol: SASL_PLAINTEXT
+# sasl.mechanism: SCRAM-SHA-512
+# sasl.jaas.config: ${JAASLOGIN}
management:
endpoints:
port: 8084
servlet:
context-path: /onap/httpparticipant
+ ssl:
+ enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-ac-http-ppnt:6.2.3
+image: onap/policy-clamp-ac-http-ppnt:6.3.0
pullPolicy: Always
# application configuration
user:
name: ${RESTSERVER_USER}
password: ${RESTSERVER_PASSWORD}
-{{- if .Values.config.useStrimziKafka }}
kafka:
+ consumer:
+ group-id: {{ .Values.config.kafka.consumer.groupId }}
+{{- if .Values.config.useStrimziKafka }}
bootstrap-servers: {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
security.protocol: SASL_PLAINTEXT
properties.sasl:
mechanism: SCRAM-SHA-512
jaas.config: ${JAASLOGIN}
{{ else }}
-{{ toYaml .Values.config.eventPublisher | nindent 2 }}
+{{ toYaml .Values.config.eventConsumption | nindent 2 }}
{{- end }}
-{{- if .Values.config.additional }}
-{{ toYaml .Values.config.additional | nindent 2 }}
-{{- end }}
security:
enable-csrf: false
- ${topicServer:message-router}
topicCommInfrastructure: dmaap
fetchTimeout: 15000
- useHttps: true
+ useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
topicSinks:
-
topic: POLICY-ACRUNTIME-PARTICIPANT
servers:
- ${topicServer:message-router}
topicCommInfrastructure: dmaap
- useHttps: true
+ useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
+
+# If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below
+# clampAutomationCompositionTopics:
+# topicSources:
+# -
+# topic: policy-acruntime-participant
+# servers:
+# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
+# topicCommInfrastructure: kafka
+# fetchTimeout: 15000
+# useHttps: true
+# additionalProps:
+# security.protocol: SASL_PLAINTEXT
+# sasl.mechanism: SCRAM-SHA-512
+# sasl.jaas.config: ${JAASLOGIN}
+# topicSinks:
+# -
+# topic: policy-acruntime-participant
+# servers:
+# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
+# topicCommInfrastructure: kafka
+# useHttps: true
+# additionalProps:
+# security.protocol: SASL_PLAINTEXT
+# sasl.mechanism: SCRAM-SHA-512
+# sasl.jaas.config: ${JAASLOGIN}
management:
endpoints:
port: 8083
servlet:
context-path: /onap/policy/clamp/acm/k8sparticipant
+ ssl:
+ enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+
logging:
# Configuration of logging
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-ac-k8s-ppnt:6.2.3
+image: onap/policy-clamp-ac-k8s-ppnt:6.3.0
pullPolicy: Always
# flag to enable debugging - application support required
user:
name: ${RESTSERVER_USER}
password: ${RESTSERVER_PASSWORD}
-{{- if .Values.config.useStrimziKafka }}
kafka:
+ consumer:
+ group-id: {{ .Values.config.kafka.consumer.groupId }}
+{{- if .Values.config.useStrimziKafka }}
bootstrap-servers: {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
security.protocol: SASL_PLAINTEXT
properties.sasl:
mechanism: SCRAM-SHA-512
jaas.config: ${JAASLOGIN}
{{ else }}
-{{ toYaml .Values.config.eventPublisher | nindent 2 }}
+{{ toYaml .Values.config.eventConsumption | nindent 2 }}
{{- end }}
-{{- if .Values.config.additional }}
-{{ toYaml .Values.config.additional | nindent 2 }}
-{{- end }}
security:
enable-csrf: false
port: 6969
userName: ${API_USER}
password: ${API_PASSWORD}
- useHttps: true
+ useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
allowSelfSignedCerts: true
policyPapParameters:
clientName: pap
port: 6969
userName: ${PAP_USER}
password: ${PAP_PASSWORD}
- useHttps: true
+ useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
allowSelfSignedCerts: true
intermediaryParameters:
reportingTimeIntervalMs: 120000
- ${topicServer:message-router}
topicCommInfrastructure: dmaap
fetchTimeout: 15000
- useHttps: true
+ useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
topicSinks:
-
topic: POLICY-ACRUNTIME-PARTICIPANT
servers:
- ${topicServer:message-router}
topicCommInfrastructure: dmaap
- useHttps: true
+ useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
+
+# If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below
+# clampAutomationCompositionTopics:
+# topicSources:
+# -
+# topic: policy-acruntime-participant
+# servers:
+# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
+# topicCommInfrastructure: kafka
+# fetchTimeout: 15000
+# useHttps: true
+# additionalProps:
+# security.protocol: SASL_PLAINTEXT
+# sasl.mechanism: SCRAM-SHA-512
+# sasl.jaas.config: ${JAASLOGIN}
+# topicSinks:
+# -
+# topic: policy-acruntime-participant
+# servers:
+# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
+# topicCommInfrastructure: kafka
+# useHttps: true
+# additionalProps:
+# security.protocol: SASL_PLAINTEXT
+# sasl.mechanism: SCRAM-SHA-512
+# sasl.jaas.config: ${JAASLOGIN}
management:
endpoints:
port: 8085
servlet:
context-path: /onap/policyparticipant
+ ssl:
+ enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-ac-pf-ppnt:6.2.3
+image: onap/policy-clamp-ac-pf-ppnt:6.3.0
pullPolicy: Always
# flag to enable debugging - application support required
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v2
-description: ONAP Policy Clamp Backend
-name: policy-clamp-be
-version: 11.0.0
-
-dependencies:
- - name: certInitializer
- version: ~11.x-0
- repository: '@local'
- - name: repositoryGenerator
- version: ~11.x-0
- repository: '@local'
- - name: serviceAccount
- version: ~11.x-0
- repository: '@local'
+++ /dev/null
-{{/*
-###
-# ============LICENSE_START=======================================================
-# ONAP CLAMP
-# ================================================================================
-# Copyright (C) 2017-2019 AT&T Intellectual Property. All rights
-# reserved.
-# ================================================================================
-# Modifications copyright (c) 2019 Nokia
-# Modifications Copyright (c) 2022 Nordix Foundation
-# ================================================================================\
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END============================================
-# ===================================================================
-#
-###
-*/}}
-{{- if .Values.global.aafEnabled }}
-server.ssl.key-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }}
-server.ssl.key-store-password=${cadi_keystore_password_p12}
-server.ssl.key-password=${cadi_key_password}
-server.ssl.key-store-type=PKCS12
-server.ssl.key-alias={{ .Values.certInitializer.fqi }}
-
-# The key file used to decode the key store and trust store password
-# If not defined, the key store and trust store password will not be decrypted
-clamp.config.keyFile=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keyFile }}
-
-## Config part for Client certificates
-server.ssl.client-auth=want
-server.ssl.trust-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }}
-server.ssl.trust-store-password=${cadi_truststore_password}
-{{- end }}
-
-#clds datasource connection details
-spring.datasource.username=${MYSQL_USER}
-spring.datasource.password=${MYSQL_PASSWORD}
-spring.datasource.url=jdbc:mariadb:sequential://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/policyclamp?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3
-spring.profiles.active=clamp-default,clamp-aaf-authentication,clamp-sdc-controller,clamp-ssl-config,clamp-policy-controller,default-dictionary-elements
-
-#The log folder that will be used in logback.xml file
-clamp.config.files.sdcController=file:/opt/policy/clamp/sdc-controllers-config-pass.json
-
-#
-# Configuration Settings for Policy Engine Components
-clamp.config.policy.api.url=https://policy-api.{{ include "common.namespace" . }}:6969
-clamp.config.policy.api.userName=policyadmin
-clamp.config.policy.api.password=zb!XztG34
-clamp.config.policy.pap.url=https://policy-pap.{{ include "common.namespace" . }}:6969
-clamp.config.policy.pap.userName=policyadmin
-clamp.config.policy.pap.password=zb!XztG34
-
-#DCAE Inventory Url Properties
-clamp.config.dcae.inventory.url=https://inventory.{{ include "common.namespace" . }}:8080
-clamp.config.dcae.dispatcher.url=https://deployment-handler.{{ include "common.namespace" . }}:8443
-#DCAE Deployment Url Properties
-clamp.config.dcae.deployment.url=https://deployment-handler.{{ include "common.namespace" . }}:8443
-clamp.config.dcae.deployment.userName=none
-clamp.config.dcae.deployment.password=none
-
-#AAF related parameters
-clamp.config.cadi.aafLocateUrl=https://aaf-locate.{{ include "common.namespace" . }}:8095
-
-# Configuration settings for ControlLoop Runtime Rest API
-clamp.config.acm.runtime.url=https://policy-clamp-runtime-acm.{{ include "common.namespace" . }}:6969
-clamp.config.acm.runtime.userName=${RUNTIME_USER}
-clamp.config.acm.runtime.password=${RUNTIME_PASSWORD}
+++ /dev/null
-#!/bin/sh
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-# Modifications Copyright © 2018, 2020-2021 AT&T Intellectual Property
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-mysql -h"${MYSQL_HOST}" -P"${MYSQL_PORT}" -u"${MYSQL_USER}" -p"${MYSQL_PASSWORD}" -f policyclamp < /dbcmd-config/policy-clamp-create-tables.sql
+++ /dev/null
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-filebeat.prospectors:
-#it is mandatory, in our case it's log
-- input_type: log
- #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory.
- paths:
- - /var/log/onap/*/*/*/*.log
- - /var/log/onap/*/*/*.log
- - /var/log/onap/*/*.log
- #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive
- ignore_older: 48h
- # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit
- clean_inactive: 96h
-
-# Name of the registry file. If a relative path is used, it is considered relative to the
-# data path. Else full qualified file name.
-#filebeat.registry_file: ${path.data}/registry
-
-
-output.logstash:
- #List of logstash server ip addresses with port number.
- #But, in our case, this will be the loadbalancer IP address.
- #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately.
- hosts: ["{{.Values.config.log.logstashServiceName}}:{{.Values.config.log.logstashPort}}"]
- #If enable will do load balancing among availabe Logstash, automatically.
- loadbalance: true
-
- #The list of root certificates for server verifications.
- #If certificate_authorities is empty or not set, the trusted
- #certificate authorities of the host system are used.
- #ssl.certificate_authorities: $ssl.certificate_authorities
-
- #The path to the certificate for SSL client authentication. If the certificate is not specified,
- #client authentication is not available.
- #ssl.certificate: $ssl.certificate
-
- #The client certificate key used for client authentication.
- #ssl.key: $ssl.key
-
- #The passphrase used to decrypt an encrypted key stored in the configured key file
- #ssl.key_passphrase: $ssl.key_passphrase
+++ /dev/null
-/*
- * ============LICENSE_START=======================================================
- * Copyright (C) 2021 Nordix Foundation
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * SPDX-License-Identifier: Apache-2.0
- * ============LICENSE_END=========================================================
- */
-
-create table if not exists dictionary (
- name varchar(255) not null,
- created_by varchar(255),
- created_timestamp datetime(6) not null,
- updated_by varchar(255),
- updated_timestamp datetime(6) not null,
- dictionary_second_level integer,
- dictionary_type varchar(255),
- primary key (name)
- ) engine=InnoDB;
-
-create table if not exists dictionary_elements (
- short_name varchar(255) not null,
- created_by varchar(255),
- created_timestamp datetime(6) not null,
- updated_by varchar(255),
- updated_timestamp datetime(6) not null,
- description varchar(255) not null,
- name varchar(255) not null,
- subdictionary_name varchar(255),
- type varchar(255) not null,
- primary key (short_name)
- ) engine=InnoDB;
-
-create table if not exists dictionary_to_dictionaryelements (
- dictionary_name varchar(255) not null,
- dictionary_element_short_name varchar(255) not null,
- primary key (dictionary_name, dictionary_element_short_name)
- ) engine=InnoDB;
-
-create table if not exists hibernate_sequence (
- next_val bigint
-) engine=InnoDB;
-
-insert into hibernate_sequence values ( 1 );
-
-create table if not exists loop_element_models (
- name varchar(255) not null,
- created_by varchar(255),
- created_timestamp datetime(6) not null,
- updated_by varchar(255),
- updated_timestamp datetime(6) not null,
- blueprint_yaml MEDIUMTEXT,
- dcae_blueprint_id varchar(255),
- loop_element_type varchar(255) not null,
- short_name varchar(255),
- primary key (name)
- ) engine=InnoDB;
-
-create table if not exists loop_logs (
- id bigint not null,
- log_component varchar(255) not null,
- log_instant datetime(6) not null,
- log_type varchar(255) not null,
- message MEDIUMTEXT not null,
- loop_id varchar(255) not null,
- primary key (id)
- ) engine=InnoDB;
-
-create table if not exists loop_templates (
- name varchar(255) not null,
- created_by varchar(255),
- created_timestamp datetime(6) not null,
- updated_by varchar(255),
- updated_timestamp datetime(6) not null,
- allowed_loop_type varchar(255),
- blueprint_yaml MEDIUMTEXT,
- dcae_blueprint_id varchar(255),
- maximum_instances_allowed integer,
- svg_representation MEDIUMTEXT,
- unique_blueprint boolean default false,
- service_uuid varchar(255),
- primary key (name)
- ) engine=InnoDB;
-
-create table if not exists loopelementmodels_to_policymodels (
- loop_element_name varchar(255) not null,
- policy_model_type varchar(255) not null,
- policy_model_version varchar(255) not null,
- primary key (loop_element_name, policy_model_type, policy_model_version)
- ) engine=InnoDB;
-
-create table if not exists loops (
- name varchar(255) not null,
- created_by varchar(255),
- created_timestamp datetime(6) not null,
- updated_by varchar(255),
- updated_timestamp datetime(6) not null,
- dcae_deployment_id varchar(255),
- dcae_deployment_status_url varchar(255),
- global_properties_json json,
- last_computed_state varchar(255) not null,
- svg_representation MEDIUMTEXT,
- loop_template_name varchar(255) not null,
- service_uuid varchar(255),
- primary key (name)
- ) engine=InnoDB;
-
-create table if not exists loops_to_microservicepolicies (
- loop_name varchar(255) not null,
- microservicepolicy_name varchar(255) not null,
- primary key (loop_name, microservicepolicy_name)
- ) engine=InnoDB;
-
-create table if not exists looptemplates_to_loopelementmodels (
- loop_element_model_name varchar(255) not null,
- loop_template_name varchar(255) not null,
- flow_order integer not null,
- primary key (loop_element_model_name, loop_template_name)
- ) engine=InnoDB;
-
-create table if not exists micro_service_policies (
- name varchar(255) not null,
- created_by varchar(255),
- created_timestamp datetime(6) not null,
- updated_by varchar(255),
- updated_timestamp datetime(6) not null,
- configurations_json json,
- json_representation json not null,
- pdp_group varchar(255),
- pdp_sub_group varchar(255),
- context varchar(255),
- dcae_blueprint_id varchar(255),
- dcae_deployment_id varchar(255),
- dcae_deployment_status_url varchar(255),
- device_type_scope varchar(255),
- shared bit not null,
- loop_element_model_id varchar(255),
- policy_model_type varchar(255),
- policy_model_version varchar(255),
- primary key (name)
- ) engine=InnoDB;
-
-create table if not exists operational_policies (
- name varchar(255) not null,
- created_by varchar(255),
- created_timestamp datetime(6) not null,
- updated_by varchar(255),
- updated_timestamp datetime(6) not null,
- configurations_json json,
- json_representation json not null,
- pdp_group varchar(255),
- pdp_sub_group varchar(255),
- loop_element_model_id varchar(255),
- policy_model_type varchar(255),
- policy_model_version varchar(255),
- loop_id varchar(255) not null,
- primary key (name)
- ) engine=InnoDB;
-
-create table if not exists policy_models (
- policy_model_type varchar(255) not null,
- version varchar(255) not null,
- created_by varchar(255),
- created_timestamp datetime(6) not null,
- updated_by varchar(255),
- updated_timestamp datetime(6) not null,
- policy_acronym varchar(255),
- policy_tosca MEDIUMTEXT,
- policy_pdp_group json,
- primary key (policy_model_type, version)
- ) engine=InnoDB;
-
-create table if not exists services (
- service_uuid varchar(255) not null,
- name varchar(255) not null,
- resource_details json,
- service_details json,
- version varchar(255),
- primary key (service_uuid)
- ) engine=InnoDB;
-
-alter table dictionary_to_dictionaryelements
- add constraint FK68hjjinnm8nte2owstd0xwp23
- foreign key (dictionary_element_short_name)
- references dictionary_elements (short_name);
-
-alter table dictionary_to_dictionaryelements
- add constraint FKtqfxg46gsxwlm2gkl6ne3cxfe
- foreign key (dictionary_name)
- references dictionary (name);
-
-alter table loop_logs
- add constraint FK1j0cda46aickcaoxqoo34khg2
- foreign key (loop_id)
- references loops (name);
-
-alter table loop_templates
- add constraint FKn692dk6281wvp1o95074uacn6
- foreign key (service_uuid)
- references services (service_uuid);
-
-alter table loopelementmodels_to_policymodels
- add constraint FK23j2q74v6kaexefy0tdabsnda
- foreign key (policy_model_type, policy_model_version)
- references policy_models (policy_model_type, version);
-
-alter table loopelementmodels_to_policymodels
- add constraint FKjag1iu0olojfwryfkvb5o0rk5
- foreign key (loop_element_name)
- references loop_element_models (name);
-
-alter table loops
- add constraint FK844uwy82wt0l66jljkjqembpj
- foreign key (loop_template_name)
- references loop_templates (name);
-
-alter table loops
- add constraint FK4b9wnqopxogwek014i1shqw7w
- foreign key (service_uuid)
- references services (service_uuid);
-
-alter table loops_to_microservicepolicies
- add constraint FKle255jmi7b065fwbvmwbiehtb
- foreign key (microservicepolicy_name)
- references micro_service_policies (name);
-
-alter table loops_to_microservicepolicies
- add constraint FK8avfqaf7xl71l7sn7a5eri68d
- foreign key (loop_name)
- references loops (name);
-
-alter table looptemplates_to_loopelementmodels
- add constraint FK1k7nbrbugvqa0xfxkq3cj1yn9
- foreign key (loop_element_model_name)
- references loop_element_models (name);
-
-alter table looptemplates_to_loopelementmodels
- add constraint FKj29yxyw0x7ue6mwgi6d3qg748
- foreign key (loop_template_name)
- references loop_templates (name);
-
-alter table micro_service_policies
- add constraint FKqvvdypacbww07fuv8xvlvdjgl
- foreign key (loop_element_model_id)
- references loop_element_models (name);
-
-alter table micro_service_policies
- add constraint FKn17j9ufmyhqicb6cvr1dbjvkt
- foreign key (policy_model_type, policy_model_version)
- references policy_models (policy_model_type, version);
-
-alter table operational_policies
- add constraint FKi9kh7my40737xeuaye9xwbnko
- foreign key (loop_element_model_id)
- references loop_element_models (name);
-
-alter table operational_policies
- add constraint FKlsyhfkoqvkwj78ofepxhoctip
- foreign key (policy_model_type, policy_model_version)
- references policy_models (policy_model_type, version);
-
-alter table operational_policies
- add constraint FK1ddoggk9ni2bnqighv6ecmuwu
- foreign key (loop_id)
- references loops (name);
+++ /dev/null
-{
- "sdc-connections":{
- "sdc-controller":{
- "user": "clamp",
- "consumerGroup": "clamp",
- "consumerId": "clamp",
- "environmentName": "AUTO",
- "sdcAddress": "sdc-be.{{ include "common.namespace" . }}:8443",
- "password": "${SDC_CLIENT_PASSWORD_ENC}",
- "pollingInterval":30,
- "pollingTimeout":30,
- "activateServerTLSAuth":"false",
- "keyStorePassword":"",
- "keyStorePath":"",
- "messageBusAddresses":["message-router.{{ include "common.namespace" . }}"]
- }
- }
-}
+++ /dev/null
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit https://127.0.0.1:8443 to use your application"
- kubectl port-forward $POD_NAME 8443:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
-
-{{ include "common.log.configMap" . }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - command:
- - /app/ready.py
- args:
- - --job-name
- - {{ include "common.release" . }}-policy-clamp-galera-config
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
-{{ include "common.certInitializer.initContainer" . | indent 6 }}
- containers:
- # side car containers
- {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.sidecar" . | nindent 8 }}{{ end }}
- # main container
- - name: {{ include "common.name" . }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - sh
- workingDir: "/opt/policy/clamp/"
- args:
- - -c
- - |
- {{- if .Values.global.aafEnabled }}
- export $(grep '^cadi_' {{ .Values.certInitializer.credsPath }}/org.onap.clamp.cred.props | xargs -0)
- export SDC_CLIENT_PASSWORD_ENC=`java -jar {{ .Values.certInitializer.credsPath }}/aaf-cadi-aaf-2.1.20-full.jar cadi digest ${SDC_CLIENT_PASSWORD} {{ .Values.certInitializer.credsPath }}/org.onap.clamp.keyfile`;
- envsubst < "/opt/policy/clamp/sdc-controllers-config.json" > "/opt/policy/clamp/sdc-controllers-config-pass.json"
- {{- end }}
- java -Djava.security.egd=file:/dev/./urandom ${JAVA_RAM_CONFIGURATION} -jar ./policy-clamp-backend.jar --spring.config.location=optional:classpath:/,optional:classpath:/config/,optional:file:./,optional:file:./config/
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- - name: logs
- mountPath: {{ .Values.log.path }}
- - mountPath: /opt/policy/clamp/sdc-controllers-config.json
- name: {{ include "common.fullname" . }}-config
- subPath: sdc-controllers-config.json
- - mountPath: /opt/policy/clamp/application.properties
- name: {{ include "common.fullname" . }}-config
- subPath: application.properties
- env:
- - name: RUNTIME_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-be-secret" "key" "login") | indent 12 }}
- - name: RUNTIME_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-be-secret" "key" "password") | indent 12 }}
- - name: MYSQL_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 12 }}
- - name: MYSQL_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "password") | indent 12 }}
- - name: SDC_CLIENT_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdc-creds" "key" "password") | indent 12 }}
- {{- if ne "unlimited" (include "common.flavor" .) }}
- - name: JAVA_RAM_CONFIGURATION
- value: -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=75
- {{- end }}
- resources: {{ include "common.resources" . | nindent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity: {{ toYaml .Values.affinity | nindent 10 }}
- {{- end }}
- serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- - name: {{ include "common.fullname" . }}-config
- configMap:
- name: {{ include "common.fullname" . }}-configmap
- items:
- - key: sdc-controllers-config.json
- path: sdc-controllers-config.json
- - key: application.properties
- path: application.properties
- - name: logs
- emptyDir: {}
- {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.volumes" . | nindent 8 }}{{ end }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, Bell Canada
-# Modifications Copyright © 2020-2021 AT&T Intellectual Property
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: batch/v1
-kind: Job
-metadata:
- name: {{ include "common.release" . }}-policy-clamp-galera-config
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}-policy-clamp-job
- release: {{ include "common.release" . }}
-spec:
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}-policy-clamp-job
- release: {{ include "common.release" . }}
- spec:
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
- initContainers:
-#This container checks that all galera instances are up before initializing it.
- - name: {{ include "common.name" . }}-readiness
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /app/ready.py
- - --job-name
- - {{ include "common.release" . }}-policy-galera-config
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- containers:
- - name: {{ include "common.release" . }}-policy-clamp-galera-config
- image: {{ include "repositoryGenerator.image.mariadb" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /dbcmd-config/create-db-tables.sh
- name: {{ include "common.fullname" . }}-config
- subPath: create-db-tables.sh
- - mountPath: /dbcmd-config/policy-clamp-create-tables.sql
- name: {{ include "common.fullname" . }}-config
- subPath: policy-clamp-create-tables.sql
- command:
- - /bin/sh
- args:
- - -x
- - /dbcmd-config/create-db-tables.sh
- env:
- - name: MYSQL_HOST
- value: "{{ .Values.db.service.name }}"
- - name: MYSQL_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 10 }}
- - name: MYSQL_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "password") | indent 10 }}
- - name: MYSQL_PORT
- value: "{{ .Values.db.service.internalPort }}"
- resources:
-{{ include "common.resources" . }}
- restartPolicy: Never
- volumes:
- - name: {{ include "common.fullname" . }}-config
- configMap:
- name: {{ include "common.fullname" . }}-configmap
- items:
- - key: create-db-tables.sh
- path: create-db-tables.sh
- - key: policy-clamp-create-tables.sql
- path: policy-clamp-create-tables.sql
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{ include "common.secretFast" . }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
flavor: small
# application image
-image: onap/policy-clamp-backend:6.2.3
+image: onap/policy-clamp-backend:6.3.0
pullPolicy: Always
# flag to enable debugging - application support required
hibernate:
dialect: org.hibernate.dialect.MariaDB103Dialect
format_sql: true
-{{- if .Values.config.useStrimziKafka }}
kafka:
+ consumer:
+ group-id: {{ .Values.config.kafka.consumer.groupId }}
+{{- if .Values.config.useStrimziKafka }}
bootstrap-servers: {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
security.protocol: SASL_PLAINTEXT
properties.sasl:
mechanism: SCRAM-SHA-512
jaas.config: ${JAASLOGIN}
{{ else }}
-{{ toYaml .Values.config.eventPublisher | nindent 2 }}
-{{- end }}
-
-{{- if .Values.config.additional }}
-{{ toYaml .Values.config.additional | nindent 2 }}
+{{ toYaml .Values.config.eventConsumption | nindent 2 }}
{{- end }}
security:
context-path: /onap/policy/clamp/acm
error:
path: /error
+ ssl:
+ enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
runtime:
servers:
- ${topicServer:message-router}
topicCommInfrastructure: dmaap
- useHttps: true
+ useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
fetchTimeout: 15000
topicSinks:
-
servers:
- ${topicServer:message-router}
topicCommInfrastructure: dmaap
- useHttps: true
+ useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
+
+# If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below
+# topicParameterGroup:
+# topicSources:
+# -
+# topic: policy-acruntime-participant
+# servers:
+# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
+# topicCommInfrastructure: kafka
+# useHttps: true
+# fetchTimeout: 15000
+# additionalProps:
+# security.protocol: SASL_PLAINTEXT
+# sasl.mechanism: SCRAM-SHA-512
+# sasl.jaas.config: ${JAASLOGIN}
+# topicSinks:
+# -
+# topic: policy-acruntime-participant
+# servers:
+# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
+# topicCommInfrastructure: kafka
+# useHttps: true
+# additionalProps:
+# security.protocol: SASL_PLAINTEXT
+# sasl.mechanism: SCRAM-SHA-512
+# sasl.jaas.config: ${JAASLOGIN}
management:
endpoints:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-runtime-acm:6.2.3
+image: onap/policy-clamp-runtime-acm:6.3.0
pullPolicy: Always
# flag to enable debugging - application support required
"port":6969,
"userName":"${RESTSERVER_USER}",
"password":"${RESTSERVER_PASSWORD}",
- "https":true,
+ "https": {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }},
"prometheus": true
},
"receptionHandlerParameters":{
"sdcConfiguration":{
"parameterClassName":"org.onap.policy.distribution.reception.handling.sdc.SdcReceptionHandlerConfigurationParameterGroup",
"parameters":{
- "asdcAddress": "sdc-be:8443",
+ "asdcAddress": "sdc-be.{{ include "common.namespace" . }}:{{ (eq "true" (include "common.needTLS" .)) | ternary 8443 8080 }}",
"messageBusAddress": [
"message-router.{{ include "common.namespace" . }}"
],
"keyStorePassword": "null",
"activeserverTlsAuth": false,
"isFilterinEmptyResources": true,
- "isUseHttpsWithDmaap": true
+ "isUseHttpsWithDmaap": {{ (eq "true" (include "common.needTLS" .)) | ternary true false }},
+ "isUseHttpsWithSDC": {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
}
}
},
"port": 6969,
"userName": "${API_USER}",
"password": "${API_PASSWORD}",
- "useHttps": true
+ "useHttps": {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
},
"papParameters": {
"clientName": "policy-pap",
"port": 6969,
"userName": "${PAP_USER}",
"password": "${PAP_PASSWORD}",
- "useHttps": true
+ "useHttps": {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
},
"deployPolicies": true
}
ports:
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
selector:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-distribution:2.7.3
+image: onap/policy-distribution:2.8.0
pullPolicy: Always
# flag to enable debugging - application support required
service:
type: ClusterIP
name: policy-distribution
- portName: policy-distribution
+ portName: http
externalPort: 6969
internalPort: 6969
SQL_HOST={{ .Values.db.name }}
SQL_PORT=3306
+JDBC_URL=jdbc:mariadb://{{ .Values.db.name }}:3306/
+JDBC_OPTS=
+MYSQL_CMD=
# Liveness
LIVENESS_CONTROLLERS=*
# HTTP Servers
-HTTP_SERVER_HTTPS=true
+HTTP_SERVER_HTTPS={{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
PROMETHEUS=true
# PDP-D DMaaP configuration channel
# Open DMaaP
DMAAP_SERVERS=message-router
-DMAAP_HTTPS=true
+DMAAP_HTTPS={{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
# AAI
AAI_HOST=aai.{{.Release.Namespace}}
-AAI_PORT=8443
+AAI_PORT={{ (eq "true" (include "common.needTLS" .)) | ternary 8443 8080 }}
AAI_CONTEXT_URI=
# MSO
{{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.externalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}-{{ .Values.service.externalPort }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}-{{ .Values.service.externalPort }}
- port: {{ .Values.service.externalPort2 }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.portName }}-{{ .Values.service.externalPort2 }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}-{{ .Values.service.externalPort2 }}
{{- else -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}-{{ .Values.service.externalPort }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}-{{ .Values.service.externalPort }}
- port: {{ .Values.service.externalPort2 }}
targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName }}-{{ .Values.service.externalPort2 }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}-{{ .Values.service.externalPort2 }}
{{- end}}
selector:
app: {{ include "common.name" . }}
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-pdpd-cl:1.10.3
+image: onap/policy-pdpd-cl:1.11.0
pullPolicy: Always
# flag to enable debugging - application support required
service:
type: ClusterIP
name: policy-drools-pdp
- portName: policy-drools-pdp
+ portName: http
internalPort: 6969
externalPort: 6969
nodePort: 17
--- /dev/null
+server:
+ port: 2443
+ ssl:
+ enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+# enabled-protocols: TLSv1.2
+# client-auth: want
+# key-store: file:${KEYSTORE}
+# key-store-password: ${KEYSTORE_PASSWD}
+# trust-store: file:${TRUSTSTORE}
+# trust-store-password: ${TRUSTSTORE_PASSWD}
+
+clamp:
+ url:
+ disable-ssl-validation: {{ (eq "true" (include "common.needTLS" .)) | ternary false true }}
+ disable-ssl-hostname-check: {{ (eq "true" (include "common.needTLS" .)) | ternary false true }}
+
+apex-editor:
+ upload-url:
+ upload-userid:
+
+management:
+ endpoints:
+ web:
+ exposure:
+ include: health, metrics, prometheus
--- /dev/null
+<!--
+ ============LICENSE_START=======================================================
+ policy-gui
+ ================================================================================
+ Copyright (C) 2021-2022 Nordix Foundation.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ ============LICENSE_END=========================================================
+ -->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>TRACE</level>
+ </filter>
+ <encoder>
+ <pattern>%d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n
+ </pattern>
+ </encoder>
+ </appender>
+
+ <appender name="ERROR" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${POLICY_LOGS}/error.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>${POLICY_LOGS}/error.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>TRACE</level>
+ </filter>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncError" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="ERROR" />
+ </appender>
+
+ <appender name="DEBUG" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${POLICY_LOGS}/debug.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>${POLICY_LOGS}/debug.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncDebug" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="DEBUG" />
+ </appender>
+
+ <appender name="NETWORK" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${POLICY_LOGS}/network.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>${POLICY_LOGS}/network.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncNetwork" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="NETWORK" />
+ </appender>
+
+ <logger name="network" level="TRACE" additivity="false">
+ <appender-ref ref="asyncNetwork" />
+ </logger>
+
+ <logger name="org.apache" level="TRACE" additivity="false">
+ <appender-ref ref="DEBUG" />
+ </logger>
+
+ <!-- Spring related loggers -->
+ <logger name="org.springframework" level="TRACE" additivity="false">
+ <appender-ref ref="DEBUG" />
+ </logger>
+
+ <!-- GUI related loggers -->
+ <logger name="org.onap.policy.gui" level="TRACE" additivity="false">
+ <appender-ref ref="ERROR" />
+ <appender-ref ref="DEBUG" />
+ </logger>
+
+ <!-- logback internals logging -->
+ <logger name="ch.qos.logback.classic" level="INFO" />
+ <logger name="ch.qos.logback.core" level="INFO" />
+
+ <root level="TRACE">
+ <appender-ref ref="asyncDebug" />
+ <appender-ref ref="asyncError" />
+ <appender-ref ref="asyncNetwork" />
+ <appender-ref ref="STDOUT" />
+ </root>
+</configuration>
apiVersion: v1
kind: ConfigMap
metadata:
- name: {{ include "common.fullname" . }}
+ name: {{ include "common.fullname" . }}-configmap
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/*.{xml,yaml,yml}").AsConfig . | indent 2 }}
{{ include "common.log.configMap" . }}
release: {{ include "common.release" . }}
spec:
initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: KEYSTORE
+ value: {{ .Values.certStores.keystoreLocation }}
+ - name: KEYSTORE_PASSWD
+ value: {{ .Values.certStores.keyStorePassword }}
+ - name: TRUSTSTORE
+ value: {{ .Values.certStores.truststoreLocation }}
+ - name: TRUSTSTORE_PASSWD
+ value: {{ .Values.certStores.trustStorePassword }}
+ - name: POLICY_LOGS
+ value: {{ .Values.log.path }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: policy-gui-config
+ - mountPath: /config
+ name: policy-gui-config-processed
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
- command:
- /app/ready.py
args:
- --container-name
- - policy-clamp-be
+ - policy-clamp-runtime-acm
env:
- name: NAMESPACE
valueFrom:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-{{- if .Values.global.aafEnabled }}
+{{- if not (include "common.onServiceMesh" .) }}
command: ["sh","-c"]
args: ["source {{ .Values.certInitializer.credsPath }}/.ci;/opt/app/policy/gui/bin/policy-gui.sh"]
env:
-{{- else }}
+{{ else }}
command: ["/opt/app/policy/gui/bin/policy-gui.sh"]
env:
- name: KEYSTORE_PASSWD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
- name: TRUSTSTORE_PASSWD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
-{{- end }}
+{{ end }}
- name: CLAMP_URL
- value: https://policy-clamp-be:8443
+ value: http://policy-clamp-runtime-acm:6969
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- name: logs
mountPath: {{ .Values.log.path }}
+ - mountPath: /opt/app/policy/gui/etc/application.yml
+ name: policy-gui-config-processed
+ subPath: application.yml
+ - mountPath: /opt/app/policy/gui/etc/logback.xml
+ name: policy-gui-config-processed
+ subPath: logback.xml
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
- name: logs
emptyDir: {}
{{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.volumes" . | nindent 8 }}{{ end }}
+ - name: policy-gui-config
+ configMap:
+ name: {{ include "common.fullname" . }}-configmap
+ defaultMode: 0755
+ - name: policy-gui-config-processed
+ emptyDir:
+ medium: Memory
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
{{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
{{- else -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
{{- end}}
selector:
app: {{ include "common.name" . }}
certStores:
keyStorePassword: Pol1cy_0nap
+ keystoreLocation: /opt/app/policy/gui/etc/ssl/policy-keystore
+ truststoreLocation: /opt/app/policy/gui/etc/ssl/policy-truststore
trustStorePassword: Pol1cy_0nap
#################################################################
flavor: small
# application image
-image: onap/policy-gui:2.2.3
+image: onap/policy-gui:2.3.0
pullPolicy: Always
# flag to enable debugging - application support required
service:
type: NodePort
name: policy-gui
- portName: policy-gui
+ portName: http
internalPort: 2443
nodePort: 43
{{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.externalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
{{- else -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
{{- end}}
selector:
app: {{ include "common.name" . }}
service:
type: ClusterIP
name: policy-nexus
- portName: policy-nexus
+ portName: http
externalPort: 8081
internalPort: 8081
nodePort: 36
# ============LICENSE_START=======================================================
# Copyright (C) 2022 Bell Canada. All rights reserved.
+# Modifications Copyright © 2022 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
naming:
physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
implicit-strategy: org.onap.policy.common.spring.utils.CustomImplicitNamingStrategy
-{{- if .Values.config.useStrimziKafka }}
kafka:
+ consumer:
+ group-id: {{ .Values.config.kafka.consumer.groupId }}
+{{- if .Values.config.useStrimziKafka }}
bootstrap-servers: {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
security.protocol: SASL_PLAINTEXT
properties.sasl:
mechanism: SCRAM-SHA-512
jaas.config: ${JAASLOGIN}
{{ else }}
-{{ toYaml .Values.config.eventPublisher | nindent 2 }}
-{{- end }}
-
-{{- if .Values.config.additional }}
-{{ toYaml .Values.config.additional | nindent 2 }}
+{{ toYaml .Values.config.eventConsumption | nindent 2 }}
{{- end }}
server:
port: 6969
ssl:
- enabled: true
+ enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
pap:
name: PapGroup
- topic: POLICY-PDP-PAP
servers:
- message-router
- useHttps: true
+ useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
fetchTimeout: 15000
topicCommInfrastructure: dmaap
- topic: POLICY-HEARTBEAT
consumerGroup: policy-pap
servers:
- message-router
- useHttps: true
+ useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
fetchTimeout: 15000
topicCommInfrastructure: dmaap
topicSinks:
- topic: POLICY-PDP-PAP
servers:
- message-router
- useHttps: true
+ useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
topicCommInfrastructure: dmaap
- topic: POLICY-NOTIFICATION
servers:
- message-router
- useHttps: true
+ useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
topicCommInfrastructure: dmaap
+# If Strimzi Kafka to be used for communication, replace following configuration for topicSources and topicSinks
+# servers:
+# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
+# topicCommInfrastructure: kafka
+# additionalProps:
+# security.protocol: SASL_PLAINTEXT
+# sasl.mechanism: SCRAM-SHA-512
+# sasl.jaas.config: ${JAASLOGIN}
+
healthCheckRestClientParameters:
- clientName: api
hostname: policy-api
port: 6969
userName: "${API_USER}"
password: "${API_PASSWORD}"
- useHttps: true
+ useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
basePath: policy/api/v1/healthcheck
- clientName: distribution
hostname: policy-distribution
port: 6969
userName: "${DISTRIBUTION_USER}"
password: "${DISTRIBUTION_PASSWORD}"
- useHttps: true
+ useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
basePath: healthcheck
- clientName: dmaap
hostname: message-router
port: 3905
- useHttps: true
+ useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
basePath: topics
management:
httpHeaders:
- name: Authorization
value: Basic {{ printf "%s:%s" .Values.restServer.user .Values.restServer.password | b64enc }}
- scheme: {{ .Values.readiness.scheme }}
+ scheme: {{ (eq "true" (include "common.needTLS" .)) | ternary "HTTPS" "HTTP" }}
successThreshold: {{ .Values.readiness.successThreshold }}
failureThreshold: {{ .Values.readiness.failureThreshold }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
# Copyright (C) 2019 Nordix Foundation.
# Modifications Copyright (C) 2019-2021 AT&T Intellectual Property.
# Modifications Copyright (C) 2020-2022 Bell Canada. All rights reserved.
+# Modifications Copyright © 2022 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-pap:2.6.3
+image: onap/policy-pap:2.7.0
pullPolicy: Always
# flag to enable debugging - application support required
periodSeconds: 120
port: http-api
api: /policy/pap/v1/healthcheck
- scheme: HTTPS
successThreshold: 1
failureThreshold: 3
timeout: 60
kafkaBootstrap: strimzi-kafka-bootstrap
kafka:
consumer:
- groupId: poicy-group
+ groupId: policy-group
app:
listener:
policyPdpPapTopic: policy-pdp-pap
"port": 6969,
"userName": "${RESTSERVER_USER}",
"password": "${RESTSERVER_PASSWORD}",
- "https": true,
+ "https": {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }},
"aaf": false,
"prometheus": true
},
"port": 6969,
"userName": "${API_USER}",
"password": "${API_PASSWORD}",
- "useHttps": true,
+ "useHttps": {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }},
"aaf": false
},
"applicationParameters": {
"topicSources" : [{
"topic" : "POLICY-PDP-PAP",
"servers" : [ "message-router" ],
- "useHttps" : true,
+ "useHttps" : {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }},
"fetchTimeout" : 15000,
"topicCommInfrastructure" : "dmaap"
}],
"topicSinks" : [{
"topic" : "POLICY-PDP-PAP",
"servers" : [ "message-router" ],
- "useHttps" : true,
+ "useHttps" : {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }},
"topicCommInfrastructure" : "dmaap"
}]
}
{{/*
# ============LICENSE_START=======================================================
-# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# Copyright (C) 2019-2020, 2022 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright (C) 2020 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
{{- end }}
{{- end }}
data:
-{{ tpl (.Files.Glob "resources/config/*.{json,properties,xml}").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/*.{sql,json,properties,xml}").AsConfig . | indent 2 }}
ports:
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
selector:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-xacml-pdp:2.6.3
+image: onap/policy-xacml-pdp:2.7.0
pullPolicy: Always
# flag to enable debugging - application support required
service:
type: ClusterIP
name: policy-xacml-pdp
- portName: policy-xacml-pdp
+ portName: http
externalPort: 6969
internalPort: 6969
apiVersion: batch/v1
kind: Job
metadata:
- name: {{ include "common.release" . }}-policy-galera-config
+ name: {{ include "common.fullname" . }}-galera-init
namespace: {{ include "common.namespace" . }}
labels:
- app: {{ include "common.name" . }}-job
+ app: {{ include "common.name" . }}-galera-init
release: {{ include "common.release" . }}
spec:
template:
metadata:
labels:
- app: {{ include "common.name" . }}-job
+ app: {{ include "common.name" . }}-galera-init
release: {{ include "common.release" . }}
+ name: {{ include "common.name" . }}-galera-init
spec:
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
- initContainers: {{ if .Values.global.postgres.localCluster }}{{ include "common.readinessCheck.waitFor" . | nindent 6 }}{{ end }}
-#This container checks that all galera instances are up before initializing it.
+ initContainers:
- name: {{ include "common.name" . }}-mariadb-readiness
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- - name: {{ include "common.release" . }}-policy-galera-config
+ containers:
+ - name: {{ include "common.name" . }}-galera-config
image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.mariadb.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
subPath: db.sh
command:
- /bin/sh
- args:
- - -x
- - /dbcmd-config/db.sh
+ - -cx
+ - |
+ {{- if include "common.onServiceMesh" . }}
+ echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
+ /dbcmd-config/db.sh
env:
- name: MYSQL_ROOT_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-password" "key" "password") | indent 10 }}
value: "{{ index .Values "mariadb-galera" "service" "internalPort" }}"
resources:
{{ include "common.resources" . }}
- {{ if .Values.global.postgres.localCluster }}
- - name: {{ include "common.release" . }}-policy-pg-config
+ {{- if (include "common.onServiceMesh" .) }}
+ - name: policy-service-mesh-wait-for-job-container
+ image: nexus3.onap.org:10001/onap/oom/readiness:4.1.0
+ imagePullPolicy: Always
+ command:
+ - /bin/sh
+ - "-c"
+ args:
+ - echo "waiting 10s for istio side cars to be up"; sleep 10s;
+ /app/ready.py --service-mesh-check {{ include "common.name" . }}-galera-config -t 45;
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ {{- end }}
+ restartPolicy: Never
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
+ volumes:
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}-db-configmap
+ defaultMode: 0755
+ items:
+ - key: db.sh
+ path: db.sh
+
+{{ if .Values.global.postgres.localCluster }}
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ include "common.fullname" . }}-pg-init
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}-pg-init
+ release: {{ include "common.release" . }}
+spec:
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}-pg-init
+ release: {{ include "common.release" . }}
+ name: {{ include "common.name" . }}-pg-init
+ spec:
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ initContainers: {{ if .Values.global.postgres.localCluster }}{{ include "common.readinessCheck.waitFor" . | nindent 6 }}{{ end }}
+ containers:
+ - name: {{ include "common.name" . }}-pg-config
image: {{ .Values.repository }}/{{ .Values.postgresImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
subPath: db-pg.sh
command:
- /bin/sh
- args:
- - -x
- - /docker-entrypoint-initdb.d/db-pg.sh
+ - -cx
+ - |
+ {{- if include "common.onServiceMesh" . }}
+ echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
+ /docker-entrypoint-initdb.d/db-pg.sh
env:
- name: PG_ADMIN_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-root-pass" "key" "password") | indent 12 }}
value: "{{ .Values.postgres.service.internalPort }}"
resources:
{{ include "common.resources" . }}
- {{ end }}
+ {{- if (include "common.onServiceMesh" .) }}
+ - name: policy-service-mesh-wait-for-job-container
+ image: nexus3.onap.org:10001/onap/oom/readiness:4.1.0
+ imagePullPolicy: Always
+ command:
+ - /bin/sh
+ - "-c"
+ args:
+ - echo "waiting 10s for istio side cars to be up"; sleep 10s;
+ /app/ready.py --service-mesh-check {{ include "common.name" . }}-pg-config -t 45;
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ {{- end }}
+ restartPolicy: Never
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
+ volumes:
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}-db-configmap
+ defaultMode: 0755
+ items:
+ - key: db-pg.sh
+ path: db-pg.sh
+{{ end }}
+
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ include "common.fullname" . }}-galera-config
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}-galera-config
+ release: {{ include "common.release" . }}
+spec:
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}-galera-config
+ release: {{ include "common.release" . }}
+ name: {{ include "common.name" . }}-galera-config
+ spec:
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ initContainers:
+ - name: {{ include "common.name" . }}-init-readiness
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /app/ready.py
+ args:
+ - --job-name
+ - {{ include "common.fullname" . }}-galera-init
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
containers:
- - name: {{ include "common.release" . }}-policy-galera-db-migrator
+ - name: {{ include "common.name" . }}-galera-db-migrator
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbmigrator.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
subPath: db_migrator_policy_init.sh
command:
- /bin/sh
- args:
- - -x
- - /dbcmd-config/db_migrator_policy_init.sh
+ - -cx
+ - |
+ {{- if include "common.onServiceMesh" . }}
+ echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
+ /dbcmd-config/db_migrator_policy_init.sh
env:
- name: SQL_HOST
value: "{{ index .Values "mariadb-galera" "service" "name" }}"
value: "sql"
resources:
{{ include "common.resources" . }}
- {{ if .Values.global.postgres.localCluster }}
- - name: {{ include "common.release" . }}-policy-pg-db-migrator
+ {{- if (include "common.onServiceMesh" .) }}
+ - name: policy-service-mesh-wait-for-job-container
+ image: nexus3.onap.org:10001/onap/oom/readiness:4.1.0
+ imagePullPolicy: Always
+ command:
+ - /bin/sh
+ - "-c"
+ args:
+ - echo "waiting 10s for istio side cars to be up"; sleep 10s;
+ /app/ready.py --service-mesh-check {{ include "common.name" . }}-galera-db-migrator -t 45;
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ {{- end }}
+ restartPolicy: Never
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
+ volumes:
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}-db-configmap
+ defaultMode: 0755
+ items:
+ - key: db_migrator_policy_init.sh
+ path: db_migrator_policy_init.sh
+
+{{ if .Values.global.postgres.localCluster }}
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ include "common.fullname" . }}-pg-config
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}-pg-config
+ release: {{ include "common.release" . }}
+spec:
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}-pg-config
+ release: {{ include "common.release" . }}
+ name: {{ include "common.name" . }}-pg-config
+ spec:
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ initContainers:
+ - name: {{ include "common.name" . }}-init-readiness
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /app/ready.py
+ args:
+ - --job-name
+ - {{ include "common.fullname" . }}-pg-init
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ containers:
+ - name: {{ include "common.name" . }}-pg-db-migrator
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbmigrator.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
subPath: db_migrator_pg_policy_init.sh
command:
- /bin/sh
- args:
- - -x
- - /dbcmd-config/db_migrator_pg_policy_init.sh
+ - -cx
+ - |
+ {{- if include "common.onServiceMesh" . }}
+ echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
+ /dbcmd-config/db_migrator_pg_policy_init.sh
env:
- name: SQL_HOST
value: "{{ .Values.postgres.service.name2 }}"
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }}
resources:
{{ include "common.resources" . }}
- {{ end }}
+ {{- if (include "common.onServiceMesh" .) }}
+ - name: policy-service-mesh-wait-for-job-container
+ image: nexus3.onap.org:10001/onap/oom/readiness:4.1.0
+ imagePullPolicy: Always
+ command:
+ - /bin/sh
+ - "-c"
+ args:
+ - echo "waiting 10s for istio side cars to be up"; sleep 10s;
+ /app/ready.py --service-mesh-check {{ include "common.name" . }}-pg-db-migrator -t 45;
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ {{- end }}
restartPolicy: Never
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: {{ include "common.fullname" . }}-config
configMap:
name: {{ include "common.fullname" . }}-db-configmap
+ defaultMode: 0755
items:
- - key: db.sh
- path: db.sh
- - key: db_migrator_policy_init.sh
- path: db_migrator_policy_init.sh
- - key: db-pg.sh
- path: db-pg.sh
- key: db_migrator_pg_policy_init.sh
path: db_migrator_pg_policy_init.sh
-
+{{ end }}
{{/*
# Copyright © 2022 Nordix Foundation
+# Modifications Copyright © 2022 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- resource:
type: group
name: {{ .Values.config.acRuntimeTopic.consumer.groupId }}
- operation: Read
+ operation: All
- resource:
type: topic
name: {{ .Values.config.acRuntimeTopic.name }}
- operation: Read
+ operation: All
- resource:
type: topic
- name: {{ .Values.config.acRuntimeTopic.name }}
- operation: Write
+ name: {{ .Values.config.policyPdpPapTopic.name }}
+ operation: All
+ - resource:
+ type: topic
+ name: {{ .Values.config.policyHeartbeatTopic.name }}
+ operation: All
+ - resource:
+ type: topic
+ name: {{ .Values.config.policyNotificationTopic.name }}
+ operation: All
{{- end }}
db: *dbSecretsHook
config:
jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
-policy-clamp-be:
- enabled: true
- db: *dbSecretsHook
- config:
- appUserExternalSecret: *policyAppCredsSecret
- jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
policy-clamp-ac-k8s-ppnt:
enabled: true
config:
appUserExternalSecret: *policyAppCredsSecret
jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
policy-gui:
- enabled: true
+ enabled: false
config:
jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
image: mariadb:10.5.8
dbmigrator:
- image: onap/policy-db-migrator:2.4.3
+ image: onap/policy-db-migrator:2.5.0
schema: policyadmin
policy_home: "/opt/app/policy"
segmentBytes: 1073741824
consumer:
groupId: policy-group
+ someConfig: blah
mariadb-galera:
# mariadb-galera.config and global.mariadb.config must be equals
# only use the root password if the database has already been initializaed
# so that it won't try to fill in a password file when it hasn't been set yet
extraArgs=""
- if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
+ if [ "$DATABASE_ALREADY_EXISTS" = "false" ]; then
extraArgs=${extraArgs}" --dont-use-mysql-root-password"
fi
if echo 'SELECT 1' |docker_process_sql ${extraArgs} --database=mysql >/dev/null 2>&1; then
fi
# there's no database, so it needs to be initialized
- if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
+ if [ "$DATABASE_ALREADY_EXISTS" = "false" ]; then
docker_verify_minimum_env
# check dir permissions to reduce likelihood of half-initialized database
- port: {{ .Values.service.internalPort }}
targetPort: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
{{- else -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
{{- end}}
selector:
app: {{ include "common.name" . }}
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdc-backend-all-plugins:1.11.6
-backendInitImage: onap/sdc-backend-init:1.11.6
+image: onap/sdc-backend-all-plugins:1.11.9
+backendInitImage: onap/sdc-backend-init:1.11.9
pullPolicy: Always
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-cassandra:1.11.6
-cassandraInitImage: onap/sdc-cassandra-init:1.11.6
+image: onap/sdc-cassandra:1.11.9
+cassandraInitImage: onap/sdc-cassandra-init:1.11.9
pullPolicy: Always
config:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdc-frontend:1.11.6
+image: onap/sdc-frontend:1.11.9
pullPolicy: Always
config:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdc-onboard-backend:1.11.6
-onboardingInitImage: onap/sdc-onboard-cassandra-init:1.11.6
+image: onap/sdc-onboard-backend:1.11.9
+onboardingInitImage: onap/sdc-onboard-cassandra-init:1.11.9
pullPolicy: Always
# flag to enable debugging - application support required
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdnc-dmaap-listener-image:2.3.2
+image: onap/sdnc-dmaap-listener-image:2.4.0
pullPolicy: Always
# flag to enable debugging - application support required
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdnc-ansible-server-image:2.3.2
+image: onap/sdnc-ansible-server-image:2.4.0
pullPolicy: Always
# flag to enable debugging - application support required
# Application configuration defaults.
#################################################################
# application image
-image: "onap/sdnc-web-image:2.3.2"
+image: "onap/sdnc-web-image:2.4.0"
pullPolicy: Always
config:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdnc-ueb-listener-image:2.3.2
+image: onap/sdnc-ueb-listener-image:2.4.0
pullPolicy: Always
# flag to enable debugging - application support required
# application images
pullPolicy: Always
-image: onap/sdnc-image:2.3.2
+image: onap/sdnc-image:2.4.0
# flag to enable debugging - application support required
debugEnabled: false
server:
+ {{- if include "common.onServiceMesh" . }}
+ forward-headers-strategy: none
+ {{- end }}
port: {{ index .Values.containerPort }}
{{- if .Values.global.aafEnabled }}
ssl:
*/}}
server:
+ {{- if include "common.onServiceMesh" . }}
+ forward-headers-strategy: none
+ {{- end }}
port: {{ index .Values.containerPort }}
tomcat:
max-threads: 50
{{ if (include "common.needTLS" .) }}
endpoint: https://aai.{{ include "common.namespace" . }}:8443
{{ else }}
- endpoint: http://aai.{{ include "common.namespace" . }}:8080
+ endpoint: http://aai.{{ include "common.namespace" . }}:80
{{ end }}
workflowAaiDistributionDelay: PT30S
pnfEntryNotificationTimeout: P14D
headers.minorVersion: 1
headers.latestVersion: 2
server:
+ {{- if include "common.onServiceMesh" . }}
+ forward-headers-strategy: none
+ {{- end }}
port: {{ index .Values.containerPort }}
tomcat:
max-threads: 50
# limitations under the License.
*/}}
server:
+ {{- if include "common.onServiceMesh" . }}
+ forward-headers-strategy: none
+ {{- end }}
port: {{ index .Values.containerPort }}
tomcat:
max-threads: 50
{{ if (include "common.needTLS" .) }}
endpoint: https://aai.{{ include "common.namespace" . }}:8443
{{ else }}
- endpoint: http://aai.{{ include "common.namespace" . }}:8080
+ endpoint: http://aai.{{ include "common.namespace" . }}:80
{{ end }}
enabled: {{ .Values.global.aai.enabled }}
logging:
password: ${ACTUATOR_PASSWORD}
role: ACTUATOR
server:
+ {{- if include "common.onServiceMesh" . }}
+ forward-headers-strategy: none
+ {{- end }}
port: {{ index .Values.containerPort }}
tomcat:
max-threads: 50
{{ if (include "common.needTLS" .) }}
endpoint: https://aai.{{ include "common.namespace" . }}:8443
{{ else }}
- endpoint: http://aai.{{ include "common.namespace" . }}:8080
+ endpoint: http://aai.{{ include "common.namespace" . }}:80
{{ end }}
spring:
datasource:
password: ${ETSI_NFVO_PASSWORD}
role: ETSI-NFVO-Client
server:
+ {{- if include "common.onServiceMesh" . }}
+ forward-headers-strategy: none
+ {{- end }}
port: {{ .Values.containerPort }}
tomcat:
max-threads: 50
{{ if (include "common.needTLS" .) }}
endpoint: https://aai.{{ include "common.namespace" . }}:8443
{{ else }}
- endpoint: http://aai.{{ include "common.namespace" . }}:8080
+ endpoint: http://aai.{{ include "common.namespace" . }}:80
{{ end }}
spring:
security:
password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
role: ACTUATOR
server:
+ {{- if include "common.onServiceMesh" . }}
+ forward-headers-strategy: none
+ {{- end }}
port: {{ index .Values.containerPort }}
ssl:
enabled: false
password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
role: ACTUATOR
server:
+ {{- if include "common.onServiceMesh" . }}
+ forward-headers-strategy: none
+ {{- end }}
port: {{ index .Values.containerPort }}
tomcat:
max-threads: 50
{{ if (include "common.needTLS" .) }}
endpoint: https://aai.{{ include "common.namespace" . }}:8443
{{ else }}
- endpoint: http://aai.{{ include "common.namespace" . }}:8080
+ endpoint: http://aai.{{ include "common.namespace" . }}:80
{{ end }}
logging:
path: logs
password: ${ACTUATOR_PASSWORD}
role: ACTUATOR
server:
+ {{- if include "common.onServiceMesh" . }}
+ forward-headers-strategy: none
+ {{- end }}
port: {{ index .Values.containerPort }}
tomcat:
max-threads: 50
password: ${ACTUATOR_PASSWORD}
role: ACTUATOR
server:
+ {{- if include "common.onServiceMesh" . }}
+ forward-headers-strategy: none
+ {{- end }}
port: {{ index .Values.containerPort }}
tomcat:
max-threads: 50
{{ if (include "common.needTLS" .) }}
endpoint: https://aai.{{ include "common.namespace" . }}:8443
{{ else }}
- endpoint: http://aai.{{ include "common.namespace" . }}:8080
+ endpoint: http://aai.{{ include "common.namespace" . }}:80
{{ end }}
server:
+ {{- if include "common.onServiceMesh" . }}
+ forward-headers-strategy: none
+ {{- end }}
port: {{ index .Values.containerPort }}
+SW port: {{ index .Values.containerPort }}
spring:
datasource:
hikari:
auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.encrypted "value2" .Values.mso.auth )}}
logPath: ./logs/openstack
msb-ip: msb-iag
- msb-port: 443
- msb-scheme: https
+ msb-port: 80
+ msb-scheme: http
workflow:
endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/sobpmnengine
msoKey: {{ .Values.mso.msoKey }}
# will be used as entry in DB to say SITE OFF/ON for healthcheck
*/}}
server:
+ {{- if include "common.onServiceMesh" . }}
+ forward-headers-strategy: none
+ {{- end }}
port: {{ index .Values.containerPort }}
tomcat:
max-threads: 50
aai:
auth: {{.Values.aai.auth}}
server:
+ {{- if include "common.onServiceMesh" . }}
+ forward-headers-strategy: none
+ {{- end }}
port: {{ index .Values.containerPort }}
spring:
datasource:
{{ if (include "common.needTLS" .) }}
endpoint: https://aai.{{ include "common.namespace" . }}:8443
{{ else }}
- endpoint: http://aai.{{ include "common.namespace" . }}:8080
+ endpoint: http://aai.{{ include "common.namespace" . }}:80
{{ end }}
asdc-connections:
asdc-controller1:
# limitations under the License.
*/}}
server:
+ {{- if include "common.onServiceMesh" . }}
+ forward-headers-strategy: none
+ {{- end }}
port: {{ index .Values.containerPort }}
mso:
msoKey: ${MSO_KEY}
*/}}
server:
+ {{- if include "common.onServiceMesh" . }}
+ forward-headers-strategy: none
+ {{- end }}
port: {{ include "common.getPort" (dict "global" . "name" "http") }}
vevnfmadapter:
{{ if (include "common.needTLS" .) }}
endpoint: https://aai.{{ include "common.namespace" . }}:8443
{{ else }}
- endpoint: http://aai.{{ include "common.namespace" . }}:8080
+ endpoint: http://aai.{{ include "common.namespace" . }}:80
{{ end }}
dmaap:
{{ if (include "common.needTLS" .) }}
endpoint: https://aai.{{ include "common.namespace" . }}:8443
{{ else }}
- endpoint: http://aai.{{ include "common.namespace" . }}:8080
+ endpoint: http://aai.{{ include "common.namespace" . }}:80
{{ end }}
auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.aai.auth )}}
server:
{{ if (include "common.needTLS" .) }}
endpoint: https://aai.{{ include "common.namespace" . }}:8443
{{ else }}
- endpoint: http://aai.{{ include "common.namespace" . }}:8080
+ endpoint: http://aai.{{ include "common.namespace" . }}:80
{{ end }}
auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.aai.auth )}}
type: tls
configuration:
bootstrap:
- nodePort: {{ .Values.global.nodePortPrefixExt }}91
+ nodePort: {{ .Values.global.nodePortPrefixExt }}93
brokers:
- broker: 0
- nodePort: {{ .Values.global.nodePortPrefixExt }}92
+ nodePort: {{ .Values.global.nodePortPrefixExt }}90
- broker: 1
- nodePort: {{ .Values.global.nodePortPrefixExt }}93
+ nodePort: {{ .Values.global.nodePortPrefixExt }}91
+ - broker: 2
+ nodePort: {{ .Values.global.nodePortPrefixExt }}92
authorization:
type: simple
superUsers:
# application image
repository: nexus3.onap.org:10001
-image: onap/usecase-ui-server:4.0.7
+image: onap/usecase-ui-server:5.1.1
pullPolicy: Always
# application configuration
flavor: small
# application image
-image: onap/usecase-ui:4.0.7
+image: onap/usecase-ui:5.1.0
pullPolicy: Always
# application configuration
Code Review / oom.git / commitdiff