company: 'Orange'
id: 'sdesbure'
timezone: 'Paris/France'
+ - name: 'Krzysztof Opasiak'
+ email: 'k.opasiak@samsung.com'
+ company: 'Samsung'
+ id: 'kopasiak'
+ timezone: 'Poland/Warsaw'
tsc:
approval: 'https://lists.onap.org/pipermail/onap-tsc'
changes:
- type: 'Addition'
name: 'Brian Freeman'
name: 'Yang Xu'
- link: 'TBD'
\ No newline at end of file
+ link: 'TBD'
The top level of the ONAP charts is shown below:
-.. graphviz::
+.. code-block:: bash
+
+ common
+ ├── cassandra
+ │ ├── Chart.yaml
+ │ ├── requirements.yaml
+ │ ├── resources
+ │ │ ├── config
+ │ │ │ └── docker-entrypoint.sh
+ │ │ ├── exec.py
+ │ │ └── restore.sh
+ │ ├── templates
+ │ │ ├── backup
+ │ │ │ ├── configmap.yaml
+ │ │ │ ├── cronjob.yaml
+ │ │ │ ├── pv.yaml
+ │ │ │ └── pvc.yaml
+ │ │ ├── configmap.yaml
+ │ │ ├── pv.yaml
+ │ │ ├── service.yaml
+ │ │ └── statefulset.yaml
+ │ └── values.yaml
+ ├── common
+ │ ├── Chart.yaml
+ │ ├── templates
+ │ │ ├── _createPassword.tpl
+ │ │ ├── _ingress.tpl
+ │ │ ├── _labels.tpl
+ │ │ ├── _mariadb.tpl
+ │ │ ├── _name.tpl
+ │ │ ├── _namespace.tpl
+ │ │ ├── _repository.tpl
+ │ │ ├── _resources.tpl
+ │ │ ├── _secret.yaml
+ │ │ ├── _service.tpl
+ │ │ ├── _storage.tpl
+ │ │ └── _tplValue.tpl
+ │ └── values.yaml
+ ├── ...
+ └── postgres-legacy
+ ├── Chart.yaml
+ ├── requirements.yaml
+ ├── charts
+ └── configs
- digraph onap_top_chart {
- rankdir="LR";
- {
- node [shape=folder]
- oValues [label="values.yaml"]
- oChart [label="Chart.yaml"]
- dev [label="dev.yaml"]
- prod [label="prod.yaml"]
- crb [label="clusterrolebindings.yaml"]
- secrets [label="secrets.yaml"]
- }
- {
- node [style=dashed]
- vCom [label="component"]
- }
+The common section of charts consists of a set of templates that assist with
+parameter substitution (`_name.tpl`, `_namespace.tpl` and others) and a set of charts
+for components used throughout ONAP. When the common components are used by other charts they
+are instantiated each time or we can deploy a shared instances for several components.
- onap -> oValues
- onap -> oChart
- onap -> templates
- onap -> resources
- oValues -> vCom
- resources -> environments
- environments -> dev
- environments -> prod
- templates -> crb
- templates -> secrets
- }
+All of the ONAP components have charts that follow the pattern shown below:
-Within the `values.yaml` file at the `onap` level, one will find a set of
-boolean values that control which of the ONAP components get deployed as shown
-below:
+.. code-block:: bash
+
+ name-of-my-component
+ ├── Chart.yaml
+ ├── requirements.yaml
+ ├── component
+ │ └── subcomponent-folder
+ ├── charts
+ │ └── subchart-folder
+ ├── resources
+ │ ├── folder1
+ │ │ ├── file1
+ │ │ └── file2
+ │ └── folder1
+ │ ├── file3
+ │ └── folder3
+ │ └── file4
+ ├── templates
+ │ ├── NOTES.txt
+ │ ├── configmap.yaml
+ │ ├── deployment.yaml
+ │ ├── ingress.yaml
+ │ ├── job.yaml
+ │ ├── secrets.yaml
+ │ └── service.yaml
+ └── values.yaml
+
+Note that the component charts / components may include a hierarchy of sub
+components and in themselves can be quite complex.
+
+You can use either `charts` or `components` folder for your subcomponents.
+`charts` folder means that the subcomponent will always been deployed.
+
+`components` folders means we can choose if we want to deploy the sub component.
+
+This choice is done in root `values.yaml`:
.. code-block:: yaml
- aaf: # Application Authorization Framework
- enabled: false
- <...>
- so: # Service Orchestrator
- enabled: true
-
-By setting these flags a custom deployment can be created and used during
-deployment by using the `-f` Helm option as follows::
-
- > helm install local/onap -name development -f dev.yaml
-
-Note that there are one or more example deployment files in the
-`onap/resources/environments/` directory. It is best practice to create a
-unique deployment file for each environment used to ensure consistent
-behaviour.
-
-To aid in the long term supportability of ONAP, a set of common charts have
-been created (and will be expanded in subsequent releases of ONAP) that can be
-used by any of the ONAP components by including the common component in its
-`requirements.yaml` file. The common components are arranged as follows:
-
-.. graphviz::
-
- digraph onap_common_chart {
- rankdir="LR";
- {
- node [shape=folder]
- mValues [label="values.yaml"]
- ccValues [label="values.yaml"]
- comValues [label="values.yaml"]
- comChart [label="Chart.yaml"]
- ccChart [label="Chart.yaml"]
- mChart [label="Chart.yaml"]
-
- mReq [label="requirements.yaml"]
- mService [label="service.yaml"]
- mMap [label="configmap.yaml"]
- ccName [label="_name.tpl"]
- ccNS [label="_namespace.tpl"]
- }
- {
- cCom [label="common"]
- mTemp [label="templates"]
- ccTemp [label="templates"]
- }
- {
- more [label="...",style=dashed]
- }
-
- common -> comValues
- common -> comChart
- common -> cCom
- common -> mysql
- common -> more
-
- cCom -> ccChart
- cCom -> ccValues
- cCom -> ccTemp
- ccTemp -> ccName
- ccTemp -> ccNS
-
- mysql -> mValues
- mysql -> mChart
- mysql -> mReq
- mysql -> mTemp
- mTemp -> mService
- mTemp -> mMap
- }
+ ---
+ global:
+ key: value
-The common section of charts consists of a set of templates that assist with
-parameter substitution (`_name.tpl` and `_namespace.tpl`) and a set of charts
-for components used throughout ONAP. Initially `mysql` is in the common area
-but this will expand to include other databases like `mariadb-galera`,
-`postgres`, and `cassandra`. Other candidates for common components include
-`redis` and`kafka`. When the common components are used by other charts they
-are instantiated each time. In subsequent ONAP releases some of the common
-components could be a setup as services that are used by multiple ONAP
-components thus minimizing the deployment and operational costs.
-
-All of the ONAP components have charts that follow the pattern shown below:
-
-.. graphviz::
-
- digraph onap_component_chart {
- rankdir="LR";
- {
- node [shape=folder]
- cValues [label="values.yaml"]
- cChart [label="Chart.yaml"]
- cService [label="service.yaml"]
- cMap [label="configmap.yaml"]
- cFiles [label="config file(s)"]
- }
- {
- cCharts [label="charts"]
- cTemp [label="templates"]
- cRes [label="resources"]
+ component1:
+ enabled: true
+ component2:
+ enabled: true
- }
- {
- sCom [label="component",style=dashed]
- }
+Then in `requirements.yaml`, you'll use these values:
- component -> cValues
- component -> cChart
- component -> cCharts
- component -> cTemp
- component -> cRes
- cTemp -> cService
- cTemp -> cMap
- cRes -> config
- config -> cFiles
- cCharts -> sCom
- }
+.. code-block:: yaml
-Note that the component charts may include a hierarchy of components and in
-themselves can be quite complex.
+ ---
+ dependencies:
+ - name: common
+ version: ~x.y-0
+ repository: '@local'
+ - name: component1
+ version: ~x.y-0
+ repository: 'file://components/component1'
+ condition: component1.enabled
+ - name: component2
+ version: ~x.y-0
+ repository: 'file://components/component2'
+ condition: component2.enabled
Configuration of the components varies somewhat from component to component but
generally follows the pattern of one or more `configmap.yaml` files which can
One of the artifacts that OOM/Kubernetes uses to deploy ONAP components is the
deployment specification, yet another yaml file. Within these deployment specs
-are a number of parameters as shown in the following mariadb example:
+are a number of parameters as shown in the following example:
.. code-block:: yaml
- apiVersion: extensions/v1beta1
- kind: Deployment
+ apiVersion: apps/v1
+ kind: StatefulSet
metadata:
- name: mariadb
+ labels:
+ app.kubernetes.io/name: zookeeper
+ helm.sh/chart: zookeeper
+ app.kubernetes.io/component: server
+ app.kubernetes.io/managed-by: Tiller
+ app.kubernetes.io/instance: onap-oof
+ name: onap-oof-zookeeper
+ namespace: onap
spec:
- <...>
+ <...>
+ replicas: 3
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: zookeeper
+ app.kubernetes.io/component: server
+ app.kubernetes.io/instance: onap-oof
+ serviceName: onap-oof-zookeeper-headless
template:
- <...>
+ metadata:
+ labels:
+ app.kubernetes.io/name: zookeeper
+ helm.sh/chart: zookeeper
+ app.kubernetes.io/component: server
+ app.kubernetes.io/managed-by: Tiller
+ app.kubernetes.io/instance: onap-oof
spec:
- hostname: mariadb
+ <...>
+ affinity:
containers:
- - args:
- image: nexus3.onap.org:10001/mariadb:10.1.11
- name: "mariadb"
- env:
- - name: MYSQL_ROOT_PASSWORD
- value: password
- - name: MARIADB_MAJOR
- value: "10.1"
+ - name: zookeeper
+ <...>
+ image: gcr.io/google_samples/k8szk:v3
+ imagePullPolicy: Always
<...>
- imagePullSecrets:
- - name: onap-docker-registry-key
-
-Note that within the deployment specification, one of the container arguments
-is the key/value pair image: nexus3.onap.org:10001/mariadb:10.1.11 which
-specifies the version of the mariadb software to deploy. Although the
-deployment specifications greatly simplify deployment, maintenance of the
-deployment specifications themselves become problematic as software versions
+ ports:
+ - containerPort: 2181
+ name: client
+ protocol: TCP
+ - containerPort: 3888
+ name: election
+ protocol: TCP
+ - containerPort: 2888
+ name: server
+ protocol: TCP
+ <...>
+
+Note that within the statefulset specification, one of the container arguments
+is the key/value pair image: gcr.io/google_samples/k8szk:v3 which
+specifies the version of the zookeeper software to deploy. Although the
+statefulset specifications greatly simplify statefulset, maintenance of the
+statefulset specifications themselves become problematic as software versions
change over time or as different versions are required for different
-deployments. For example, if the R&D team needs to deploy a newer version of
+statefulsets. For example, if the R&D team needs to deploy a newer version of
mariadb than what is currently used in the production environment, they would
-need to clone the deployment specification and change this value. Fortunately,
+need to clone the statefulset specification and change this value. Fortunately,
this problem has been solved with the templating capabilities of Helm.
-The following example shows how the deployment specifications are modified to
+The following example shows how the statefulset specifications are modified to
incorporate Helm templates such that key/value pairs can be defined outside of
-the deployment specifications and passed during instantiation of the component.
+the statefulset specifications and passed during instantiation of the component.
.. code-block:: yaml
- apiVersion: extensions/v1beta1
- kind: Deployment
+ apiVersion: apps/v1
+ kind: StatefulSet
metadata:
- name: mariadb
- namespace: "{{ .Values.nsPrefix }}-mso"
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels: {{- include "common.labels" . | nindent 4 }}
spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels: {{- include "common.matchLabels" . | nindent 6 }}
+ # serviceName is only needed for StatefulSet
+ # put the postfix part only if you have add a postfix on the service name
+ serviceName: {{ include "common.servicename" . }}-{{ .Values.service.postfix }}
<...>
template:
- <...>
+ metadata:
+ labels: {{- include "common.labels" . | nindent 8 }}
+ annotations: {{- include "common.tplValue" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }}
+ name: {{ include "common.name" . }}
spec:
- hostname: mariadb
- containers:
- - args:
- image: {{ .Values.image.mariadb }}
- imagePullPolicy: {{ .Values.pullPolicy }}
- name: "mariadb"
- env:
- - name: MYSQL_ROOT_PASSWORD
- value: password
- - name: MARIADB_MAJOR
- value: "10.1"
<...>
- imagePullSecrets:
- - name: "{{ .Values.nsPrefix }}-docker-registry-key"apiVersion: extensions/v1beta1
- kind: Deployment
- metadata:
- name: mariadb
- namespace: "{{ .Values.nsPrefix }}-mso"
- spec:
- <...>
- template:
- <...>
- spec:
- hostname: mariadb
containers:
- - args:
- image: {{ .Values.image.mariadb }}
- imagePullPolicy: {{ .Values.pullPolicy }}
- name: "mariadb"
- env:
- - name: MYSQL_ROOT_PASSWORD
- value: password
- - name: MARIADB_MAJOR
- value: "10.1"
- <...>
- imagePullSecrets:
- - name: "{{ .Values.nsPrefix }}-docker-registry-key"
-
-This version of the deployment specification has gone through the process of
-templating values that are likely to change between deployments. Note that the
-image is now specified as: image: {{ .Values.image.mariadb }} instead of a
-string used previously. During the deployment phase, Helm (actually the Helm
+ - name: {{ include "common.name" . }}
+ image: {{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports:
+ {{- range $index, $port := .Values.service.ports }}
+ - containerPort: {{ $port.port }}
+ name: {{ $port.name }}
+ {{- end }}
+ {{- range $index, $port := .Values.service.headlessPorts }}
+ - containerPort: {{ $port.port }}
+ name: {{ $port.name }}
+ {{- end }}
+ <...>
+
+This version of the statefulset specification has gone through the process of
+templating values that are likely to change between statefulsets. Note that the
+image is now specified as: image: {{ .Values.image }} instead of a
+string used previously. During the statefulset phase, Helm (actually the Helm
sub-component Tiller) substitutes the {{ .. }} entries with a variable defined
in a values.yaml file. The content of this file is as follows:
.. code-block:: yaml
- nsPrefix: onap
- pullPolicy: IfNotPresent
- image:
- readiness: oomk8s/readiness-check:2.0.0
- mso: nexus3.onap.org:10001/openecomp/mso:1.0-STAGING-latest
- mariadb: nexus3.onap.org:10001/mariadb:10.1.11
+ <...>
+ image: gcr.io/google_samples/k8szk:v3
+ replicaCount: 3
+ <...>
+
-Within the values.yaml file there is an image section with the key/value pair
-mariadb: nexus3.onap.org:10001/mariadb:10.1.11 which is the same value used in
+Within the values.yaml file there is an image key with the value
+`gcr.io/google_samples/k8szk:v3` which is the same value used in
the non-templated version. Once all of the substitutions are complete, the
-resulting deployment specification ready to be used by Kubernetes.
-
-Also note that in this example, the namespace key/value pair is specified in
-the values.yaml file. This key/value pair will be global across the entire
-ONAP deployment and is therefore a prime example of where configuration
-hierarchy can be very useful.
+resulting statefulset specification ready to be used by Kubernetes.
-When creating a deployment template consider the use of default values if
-appropriate. Helm templating has built in support for DEFAULT values, here is
+When creating a template consider the use of default values if appropriate.
+Helm templating has built in support for DEFAULT values, here is
an example:
.. code-block:: yaml
functions include simple string operations like upper and more complex flow
control operations like if/else.
+OOM is mainly helm templating. In order to have consistent deployment of the
+different components of ONAP, some rules must be followed.
+
+Templates are provided in order to create Kubernetes resources (Secrets,
+Ingress, Services, ...) or part of Kubernetes resources (names, labels,
+resources requests and limits, ...).
+
+Service template
+----------------
+
+In order to create a Service for a component, you have to create a file (with
+`service` in the name.
+For normal service, just put the following line:
+
+.. code-block:: yaml
+
+ {{ include "common.service" . }}
+
+For headless service, the line to put is the following:
+
+.. code-block:: yaml
+
+ {{ include "common.headlessService" . }}
+
+The configuration of the service is done in component `values.yaml`:
+
+.. code-block:: yaml
+
+ service:
+ name: NAME-OF-THE-SERVICE
+ postfix: MY-POSTFIX
+ type: NodePort
+ annotations:
+ someAnnotationsKey: value
+ ports:
+ - name: tcp-MyPort
+ port: 5432
+ nodePort: 88
+ - name: http-api
+ port: 8080
+ nodePort: 89
+ - name: https-api
+ port: 9443
+ nodePort: 90
+
+`annotations` and `postfix` keys are optional.
+if `service.type` is `NodePort`, then you have to give `nodePort` value for your
+service ports (which is the end of the computed nodePort, see example).
+
+It would render the following Service Resource (for a component named
+`name-of-my-component`, with version `x.y.z`, helm deployment name
+`my-deployment` and `global.nodePortPrefix` `302`):
+
+.. code-block:: yaml
+
+ apiVersion: v1
+ kind: Service
+ metadata:
+ annotations:
+ someAnnotationsKey: value
+ name: NAME-OF-THE-SERVICE-MY-POSTFIX
+ labels:
+ app.kubernetes.io/name: name-of-my-component
+ helm.sh/chart: name-of-my-component-x.y.z
+ app.kubernetes.io/instance: my-deployment-name-of-my-component
+ app.kubernetes.io/managed-by: Tiller
+ spec:
+ ports:
+ - port: 5432
+ targetPort: tcp-MyPort
+ nodePort: 30288
+ - port: 8080
+ targetPort: http-api
+ nodePort: 30289
+ - port: 9443
+ targetPort: https-api
+ nodePort: 30290
+ selector:
+ app.kubernetes.io/name: name-of-my-component
+ app.kubernetes.io/instance: my-deployment-name-of-my-component
+ type: NodePort
+
+In the deployment or statefulSet file, you needs to set the good labels in order
+for the service to match the pods.
+
+here's an example to be sure it matchs (for a statefulSet):
+
+.. code-block:: yaml
+
+ apiVersion: apps/v1
+ kind: StatefulSet
+ metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels: {{- include "common.labels" . | nindent 4 }}
+ spec:
+ selector:
+ matchLabels: {{- include "common.matchLabels" . | nindent 6 }}
+ # serviceName is only needed for StatefulSet
+ # put the postfix part only if you have add a postfix on the service name
+ serviceName: {{ include "common.servicename" . }}-{{ .Values.service.postfix }}
+ <...>
+ template:
+ metadata:
+ labels: {{- include "common.labels" . | nindent 8 }}
+ annotations: {{- include "common.tplValue" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }}
+ name: {{ include "common.name" . }}
+ spec:
+ <...>
+ containers:
+ - name: {{ include "common.name" . }}
+ ports:
+ {{- range $index, $port := .Values.service.ports }}
+ - containerPort: {{ $port.port }}
+ name: {{ $port.name }}
+ {{- end }}
+ {{- range $index, $port := .Values.service.headlessPorts }}
+ - containerPort: {{ $port.port }}
+ name: {{ $port.name }}
+ {{- end }}
+ <...>
+
+The configuration of the service is done in component `values.yaml`:
+
+.. code-block:: yaml
+
+ service:
+ name: NAME-OF-THE-SERVICE
+ headless:
+ postfix: NONE
+ annotations:
+ anotherAnnotationsKey : value
+ publishNotReadyAddresses: true
+ headlessPorts:
+ - name: tcp-MyPort
+ port: 5432
+ - name: http-api
+ port: 8080
+ - name: https-api
+ port: 9443
+
+`headless.annotations`, `headless.postfix` and
+`headless.publishNotReadyAddresses` keys are optional.
+
+If `headless.postfix` is not set, then we'll add `-headless` at the end of the
+service name.
+
+If it set to `NONE`, there will be not postfix.
+
+And if set to something, it will add `-something` at the end of the service
+name.
+
+It would render the following Service Resource (for a component named
+`name-of-my-component`, with version `x.y.z`, helm deployment name
+`my-deployment` and `global.nodePortPrefix` `302`):
+
+.. code-block:: yaml
+
+ apiVersion: v1
+ kind: Service
+ metadata:
+ annotations:
+ anotherAnnotationsKey: value
+ name: NAME-OF-THE-SERVICE
+ labels:
+ app.kubernetes.io/name: name-of-my-component
+ helm.sh/chart: name-of-my-component-x.y.z
+ app.kubernetes.io/instance: my-deployment-name-of-my-component
+ app.kubernetes.io/managed-by: Tiller
+ spec:
+ clusterIP: None
+ ports:
+ - port: 5432
+ targetPort: tcp-MyPort
+ nodePort: 30288
+ - port: 8080
+ targetPort: http-api
+ nodePort: 30289
+ - port: 9443
+ targetPort: https-api
+ nodePort: 30290
+ publishNotReadyAddresses: true
+ selector:
+ app.kubernetes.io/name: name-of-my-component
+ app.kubernetes.io/instance: my-deployment-name-of-my-component
+ type: ClusterIP
+
+Previous example of StatefulSet would also match (except for the `postfix` part
+obviously).
+
+Creating Deployment or StatefulSet
+----------------------------------
+
+Deployment and StatefulSet should use the `apps/v1` (which has appeared in
+v1.9).
+As seen on the service part, the following parts are mandatory:
+
+.. code-block:: yaml
+
+ apiVersion: apps/v1
+ kind: StatefulSet
+ metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels: {{- include "common.labels" . | nindent 4 }}
+ spec:
+ selector:
+ matchLabels: {{- include "common.matchLabels" . | nindent 6 }}
+ # serviceName is only needed for StatefulSet
+ # put the postfix part only if you have add a postfix on the service name
+ serviceName: {{ include "common.servicename" . }}-{{ .Values.service.postfix }}
+ <...>
+ template:
+ metadata:
+ labels: {{- include "common.labels" . | nindent 8 }}
+ annotations: {{- include "common.tplValue" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }}
+ name: {{ include "common.name" . }}
+ spec:
+ <...>
+ containers:
+ - name: {{ include "common.name" . }}
ONAP Application Configuration
------------------------------
.. code-block:: yaml
- apiVersion: extensions/v1beta1
+ apiVersion: apps/v1
kind: Deployment
metadata:
- name: {{ include "common.name" . }}
+ name: {{ include "common.fullname" . }}
namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ .Release.Name }}
- heritage: {{ .Release.Service }}
+ labels: {{- include "common.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels: {{- include "common.matchLabels" . | nindent 6 }}
template:
metadata:
labels:
resources:
small:
limits:
- cpu: 20m
+ cpu: 400m
memory: 300Mi
requests:
cpu: 1m
resources:
small:
limits:
- cpu: 40m
+ cpu: 100m
memory: 320Mi
requests:
cpu: 1m
small:
limits:
cpu: 100m
- memory: 15Mi
+ memory: 30Mi
requests:
- cpu: 10m
+ cpu: 25m
memory: 10Mi
large:
limits:
-Subproject commit 1c9c9bba658057f6147276fba4f84e7db9117e70
+Subproject commit 764cd8514707c1630dbfa6792b8d15953d5b9a59
SDNC_HOME=${SDNC_HOME:-/opt/onap/ccsdk}
APPC_HOME=${APPC_HOME:-/opt/onap/appc}
SLEEP_TIME=${SLEEP_TIME:-120}
-MYSQL_PASSWD=${MYSQL_ROOT_PASSWORDD}
+MYSQL_PASSWD=${MYSQL_ROOT_PASSWORD}
ENABLE_ODL_CLUSTER=${ENABLE_ODL_CLUSTER:-false}
ENABLE_AAF=${ENABLE_AAF:-true}
DBINIT_DIR=${DBINIT_DIR:-/opt/opendaylight/current/daexim}
blueprintsprocessor.grpcclient.remote-python.host=cds-command-executor
blueprintsprocessor.grpcclient.remote-python.port=50051
blueprintsprocessor.grpcclient.remote-python.token=Basic Y2NzZGthcHBzOmNjc2RrYXBwcw==
-
+blueprintsprocessor.grpcclient.py-executor.host=py-executor-default:50052
+blueprintsprocessor.grpcclient.py-executor.trustCertCollection=/opt/app/onap/config/certs/py-executor/py-executor-chain.pem
+blueprintsprocessor.grpcclient.py-executor.type=tls-auth
# Config Data REST client settings
blueprintsprocessor.restclient.sdnc.type=basic-auth
blueprintsprocessor.restclient.sdnc.url=http://sdnc:8282
# Self Service Response Kafka Message Producer
blueprintsprocessor.messageproducer.self-service-api.bootstrapServers=message-router-kafka:9092
+# Executor Options
+blueprintsprocessor.resourceResolution.enabled=true
+blueprintsprocessor.netconfExecutor.enabled=true
+blueprintsprocessor.restConfExecutor.enabled=true
+blueprintsprocessor.cliExecutor.enabled=true
+blueprintsprocessor.remoteScriptCommand.enabled=true
# Used in Health Check
blueprintsprocessor.messageproducer.self-service-api.type=kafka-basic-auth
metadata:
name: {{ include "common.fullname" . }}-backup
namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+ labels: {{- include "common.labels" . | nindent 4 }}
spec:
schedule: {{ .Values.backup.cron | quote }}
concurrencyPolicy: Forbid
jobTemplate:
spec:
template:
+ metadata:
+ labels: {{- include "common.labels" . | nindent 12 }}
+ annotations: {{- include "common.tplValue" (dict "value" .Values.podAnnotations "context" .) | nindent 12 }}
+ name: {{ include "common.name" . }}
spec:
restartPolicy: Never
initContainers:
# See the License for the specific language governing permissions and
# limitations under the License.
-{{- $global := . }}
-{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }}
-{{- if eq "True" (include "common.needPV" .) -}}
-{{- range $i := until (int $global.Values.replicaCount)}}
----
-apiVersion: v1
-kind: PersistentVolume
-metadata:
- name: {{ include "common.release" $global }}-{{ $global.Values.service.name }}-{{ $i }}
- namespace: {{ $global.Release.Namespace }}
- labels:
- type: {{ $global.Values.persistence.storageType }}
- app: {{ $global.Values.service.name }}
- chart: {{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" $global }}
- heritage: {{ $global.Release.Service }}
-spec:
- capacity:
- storage: {{ $global.Values.persistence.size }}
- accessModes:
- {{- if $global.Values.backup.enabled }}
- - ReadWriteMany
- {{- else }}
- - ReadWriteOnce
- {{- end }}
- persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }}
- storageClassName: "{{ include "common.fullname" $global }}-data"
- hostPath:
- path: {{ $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.mountSubPath }}-{{ $i }}
-{{- end -}}
-{{- end -}}
-{{- end -}}
+{{ include "common.replicaPV" . }}
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
-spec:
- type: {{ .Values.service.type }}
- publishNotReadyAddresses: true
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- {{- $global := . }}
- {{- range $index, $ports := .Values.service.ports }}
- - port: {{ $ports.port }}
- targetPort: {{ $ports.port }}
- nodePort: {{ $global.Values.global.nodePortPrefix | default $global.Values.nodePortPrefix }}{{ $ports.nodePort }}
- name: {{ $ports.name }}
- {{- end }}
-{{- else -}}
- {{- range $index, $ports := .Values.service.ports }}
- - port: {{ $ports.port }}
- targetPort: {{ $ports.port }}
- name: {{ $ports.name }}
- {{- end }}
-{{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- clusterIP: None
+{{ include "common.headlessService" . }}
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: apps/v1beta1
+apiVersion: apps/v1
kind: StatefulSet
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
serviceName: {{ include "common.servicename" . }}
replicas: {{ .Values.replicaCount }}
podManagementPolicy: {{ .Values.podManagementPolicy }}
updateStrategy:
type: {{ .Values.updateStrategy.type }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- name: {{ include "common.name" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
hostNetwork: {{ .Values.hostNetwork }}
containers:
- name: {{ include "common.name" . }}
image: {{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- {{- range $index, $ports := .Values.service.ports }}
- - containerPort: {{ $ports.port }}
- {{- end }}
+ ports: {{ include "common.containerPorts" . | nindent 8 }}
volumeMounts:
- name: {{ include "common.fullname" . }}-data
mountPath: /var/lib/cassandra
failureThreshold: 3
service:
- type: ClusterIP
name: cassandra
- ports:
- - name: intra
+ headless:
+ suffix: ""
+ annotations:
+ service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
+ publishNotReadyAddresses: true
+ headlessPorts:
+ - name: tcp-intra
port: 7000
- name: tls
port: 7001
- - name: jmx
+ - name: tcp-jmx
port: 7199
- - name: cql
+ - name: tcp-cql
port: 9042
- - name: thrift
+ - name: tcp-thrift
port: 9160
- - name: agent
+ - name: tcp-agent
port: 61621
+podAnnotations: {}
podManagementPolicy: OrderedReady
updateStrategy:
type: RollingUpdate
##
## storageClass: "-"
## Not set as it depends of the backup enabledment or not.
- #accessMode: ReadWriteOnce
+ accessMode: ReadWriteOnce
size: 2Gi
mountPath: /dockerdata-nfs
mountSubPath: cassandra
--- /dev/null
+{{/*
+# Copyright © 2019 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+
+
+{{/*
+Common labels
+*/}}
+{{- define "common.labels" -}}
+app.kubernetes.io/name: {{ include "common.name" . }}
+helm.sh/chart: {{ include "common.chart" . }}
+app.kubernetes.io/instance: {{ include "common.release" . }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+
+{{/*
+Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector
+*/}}
+{{- define "common.matchLabels" -}}
+app.kubernetes.io/name: {{ include "common.name" . }}
+app.kubernetes.io/instance: {{ include "common.release" . }}
+{{- end -}}
+
+{{/*
+ Generate "top" metadata for Deployment / StatefulSet / ...
+*/}}
+{{- define "common.resourceMetadata" -}}
+name: {{ include "common.fullname" . }}
+namespace: {{ include "common.namespace" . }}
+labels: {{- include "common.labels" . | nindent 2 }}
+{{- end -}}
+
+{{/*
+ Generate selectors for Deployment / StatefulSet / ...
+*/}}
+{{- define "common.selectors" -}}
+matchLabels: {{- include "common.matchLabels" . | nindent 2 }}
+{{- end -}}
+
+{{/*
+ Generate "template" metadata for Deployment / StatefulSet / ...
+*/}}
+{{- define "common.templateMetadata" -}}
+{{- if .Values.podAnnotations }}
+annotations: {{- include "common.tplValue" (dict "value" .Values.podAnnotations "context" $) | nindent 2 }}
+{{- end }}
+labels: {{- include "common.labels" . | nindent 2 }}
+name: {{ include "common.name" . }}
+{{- end -}}
{{- define "common.release" -}}
{{- first (regexSplit "-" .Release.Name -1) }}
{{- end -}}
+
+{{- define "common.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
--- /dev/null
+{{/*
+# Copyright © 2019 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{/*
+ Generate the container port list.
+ Will use first ".Values.service.ports" list.
+ Will append ports from ".Values.service.headlessPorts" only if port number is
+ not already in port list.
+*/}}
+{{- define "common.containerPorts" -}}
+{{- $ports := default (list) .Values.service.ports }}
+{{- $portsNumber := list }}
+{{- range $index, $port := $ports }}
+{{- $portsNumber = append $portsNumber $port.port }}
+{{- end }}
+{{- range $index, $port := .Values.service.headlessPorts }}
+{{- if not (has $port.port $portsNumber) }}
+{{- $ports = append $ports $port }}
+{{- end }}
+{{- end }}
+{{- range $index, $port := $ports }}
+- containerPort: {{ $port.port }}
+ name: {{ $port.name }}
+{{- end }}
+{{- end -}}
--- /dev/null
+{{/*
+# Copyright © 2019 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{/*
+ UID of postgres root password
+*/}}
+{{- define "common.postgres.secret.rootPassUID" -}}
+ {{- printf "db-root-password" }}
+{{- end -}}
+
+{{/*
+ Name of postgres secret
+*/}}
+{{- define "common.postgres.secret._secretName" -}}
+ {{- $global := .dot }}
+ {{- $chartName := tpl .chartName $global -}}
+ {{- include "common.secret.genName" (dict "global" $global "uid" (include .uidTemplate $global) "chartName" $chartName) }}
+{{- end -}}
+
+{{/*
+ Name of postgres root password secret
+*/}}
+{{- define "common.postgres.secret.rootPassSecretName" -}}
+ {{- include "common.postgres.secret._secretName" (set . "uidTemplate" "common.postgres.secret.rootPassUID") }}
+{{- end -}}
+
+{{/*
+ UID of postgres user credentials
+*/}}
+{{- define "common.postgres.secret.userCredentialsUID" -}}
+ {{- printf "db-user-credentials" }}
+{{- end -}}
+
+{{/*
+ Name of postgres user credentials secret
+*/}}
+{{- define "common.postgres.secret.userCredentialsSecretName" -}}
+ {{- include "common.postgres.secret._secretName" (set . "uidTemplate" "common.postgres.secret.userCredentialsUID") }}
+{{- end -}}
+
+{{/*
+ UID of postgres primary password
+*/}}
+{{- define "common.postgres.secret.primaryPasswordUID" -}}
+ {{- printf "primary-password" }}
+{{- end -}}
+
+{{/*
+ Name of postgres user credentials secret
+*/}}
+{{- define "common.postgres.secret.primaryPasswordSecretName" -}}
+ {{- include "common.postgres.secret._secretName" (set . "uidTemplate" "common.postgres.secret.primaryPasswordUID") }}
+{{- end -}}
The default will be the chart name (or .Values.nameOverride if set).
And the use of .Values.service.name overrides all.
- - .Values.service.name : override default service (ie. chart) name
+ - .Values.service.name: override default service (ie. chart) name
*/}}
{{/*
Expand the service name for a chart.
{{- define "common.servicename" -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- default $name .Values.service.name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
\ No newline at end of file
+{{- end -}}
+
+{{/* Define the metadata of Service
+ The function takes from one to three arguments (inside a dictionary):
+ - .dot : environment (.)
+ - .suffix : a string which will be added at the end of the name (with a '-').
+ - .annotations: the annotations to add
+ Usage example:
+ {{ include "common.serviceMetadata" ( dict "suffix" "myService" "dot" .) }}
+ {{ include "common.serviceMetadata" ( dict "annotations" .Values.service.annotation "dot" .) }}
+*/}}
+{{- define "common.serviceMetadata" -}}
+ {{- $dot := default . .dot -}}
+ {{- $suffix := default "" .suffix -}}
+ {{- $annotations := default "" .annotations -}}
+{{- if $annotations -}}
+annotations: {{- include "common.tplValue" (dict "value" $annotations "context" $dot) | nindent 2 }}
+{{- end }}
+name: {{ include "common.servicename" $dot }}{{ if $suffix }}{{ print "-" $suffix }}{{ end }}
+namespace: {{ include "common.namespace" $dot }}
+labels: {{- include "common.labels" $dot | nindent 2 -}}
+{{- end -}}
+
+{{/* Define the ports of Service
+ The function takes three arguments (inside a dictionary):
+ - .dot : environment (.)
+ - .ports : an array of ports
+ - .portType: the type of the service
+*/}}
+{{- define "common.servicePorts" -}}
+{{- $portType := .portType -}}
+{{- $dot := .dot -}}
+{{- range $index, $port := .ports }}
+- port: {{ $port.port }}
+ targetPort: {{ $port.name }}
+ {{- if (eq $portType "NodePort") }}
+ nodePort: {{ $dot.Values.global.nodePortPrefix | default $dot.Values.nodePortPrefix }}{{ $port.nodePort }}
+ {{- end }}
+ name: {{ $port.name }}
+{{- end -}}
+{{- end -}}
+
+{{/* Create generic service template
+ The function takes several arguments (inside a dictionary):
+ - .dot : environment (.)
+ - .ports : an array of ports
+ - .portType: the type of the service
+ - .suffix : a string which will be added at the end of the name (with a '-')
+ - .annotations: the annotations to add
+ - .publishNotReadyAddresses: if we publish not ready address
+ - .headless: if the service is headless
+*/}}
+{{- define "common.genericService" -}}
+{{- $dot := default . .dot -}}
+{{- $suffix := default "" .suffix -}}
+{{- $annotations := default "" .annotations -}}
+{{- $publishNotReadyAddresses := default false .publishNotReadyAddresses -}}
+{{- $portType := .portType -}}
+{{- $ports := .ports -}}
+{{- $headless := default false .headless -}}
+apiVersion: v1
+kind: Service
+metadata: {{ include "common.serviceMetadata" (dict "suffix" $suffix "annotations" $annotations "dot" $dot ) | nindent 2 }}
+spec:
+ {{- if $headless }}
+ clusterIP: None
+ {{- end }}
+ ports: {{- include "common.servicePorts" (dict "portType" $portType "ports" $ports "dot" $dot) | nindent 4 }}
+ {{- if $publishNotReadyAddresses }}
+ publishNotReadyAddresses: true
+ {{- end }}
+ type: {{ $portType }}
+ selector: {{- include "common.matchLabels" $dot | nindent 4 }}
+{{- end -}}
+
+{{/* Create service template */}}
+{{- define "common.service" -}}
+{{- $suffix := default "" .Values.service.suffix -}}
+{{- $annotations := default "" .Values.service.annotations -}}
+{{- $publishNotReadyAddresses := default false .Values.service.publishNotReadyAddresses -}}
+{{- $portType := .Values.service.type -}}
+{{- $ports := .Values.service.ports -}}
+{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "portType" $portType) }}
+{{- end -}}
+
+{{/* Create headless service template */}}
+{{- define "common.headlessService" -}}
+{{- $suffix := include "common._makeHeadlessSuffix" . -}}
+{{- $annotations := default "" .Values.service.headless.annotations -}}
+{{- $publishNotReadyAddresses := default false .Values.service.headless.publishNotReadyAddresses -}}
+{{- $ports := .Values.service.headlessPorts -}}
+{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "portType" "ClusterIP" "headless" true ) }}
+{{- end -}}
+
+{{/*
+ Generate the right suffix for headless service
+*/}}
+{{- define "common._makeHeadlessSuffix" -}}
+{{- if hasKey .Values.service.headless "suffix" }}
+{{- .Values.service.headless.suffix }}
+{{- else }}
+{{- print "headless" }}
+{{- end }}
+{{- end -}}
Calculate if we need a PV. If a storageClass is provided, then we don't need.
*/}}
{{- define "common.needPV" -}}
-{{- if or (or .Values.persistence.storageClassOverride .Values.persistence.storageClass) .Values.global.persistence.storageClass -}}
- False
-{{- else -}}
+{{- if not (or (or .Values.persistence.storageClassOverride .Values.persistence.storageClass) .Values.global.persistence.storageClass) -}}
True
{{- end -}}
{{- end -}}
+
+{{/*
+ Generate N PV for a statefulset
+*/}}
+{{- define "common.replicaPV" -}}
+{{- $global := . }}
+{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }}
+{{- if (include "common.needPV" .) -}}
+{{- range $i := until (int $global.Values.replicaCount)}}
+---
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+ name: {{ include "common.fullname" $global }}-data-{{$i}}
+ namespace: {{ include "common.namespace" $global }}
+ labels: {{- include "common.labels" $global | nindent 4 }}
+spec:
+ capacity:
+ storage: {{ $global.Values.persistence.size}}
+ accessModes:
+ - {{ $global.Values.persistence.accessMode }}
+ persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }}
+ storageClassName: "{{ include "common.fullname" $global }}-data"
+ hostPath:
+ path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.mountSubPath }}-{{$i}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
-# Copyright © 2018 Amdocs, Bell Canada
+{{/*
+# Copyright © 2019 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
-type: Opaque
-data:
- db-user-password: {{ default "" .Values.credentials.pgpassword | b64enc | quote }}
-
+{{/*
+Renders a value that contains template.
+Usage:
+{{ include "common.tplValue" ( dict "value" .Values.path.to.the.Value "context" $) }}
+*/}}
+{{- define "common.tplValue" -}}
+ {{- if typeIs "string" .value }}
+ {{- tpl .value .context }}
+ {{- else }}
+ {{- tpl (.value | toYaml) .context }}
+ {{- end }}
+{{- end -}}
password: '{{ tpl (default "" .global.mariadbGalera.userRootPassword) . }}'
- uid: '{{ .Values.config.mysqlDatabase }}'
type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.config.mysqlExternalSecret) . }}'
+ externalSecret: '{{ tpl (default "" .Values.config.userCredentialsExternalSecret) . }}'
login: '{{ .Values.config.userName }}'
password: '{{ .Values.config.userPassword }}'
passwordPolicy: required
userPassword: Ci@shsOd3pky1Vji
userName: u5WZ1GMSIS1wHZF
# set this value if you would like to use external secret instead of providing a password
- # mysqlExternalsecret: some-secret-name
+ # userCredentialsExternalsecret: some-secret-name
mysqlDatabase: ynsaUCru6mUNwGal
mysqlAdditionalDatabases: {}
# add addtional dabases
+++ /dev/null
-# ----------------------------
-# pgPool-II configuration file a custom version
-# ----------------------------
-#
-# This file consists of lines of the form:
-#
-# name = value
-#
-# Whitespace may be used. Comments are introduced with "#" anywhere on a line.
-# The complete list of parameter names and allowed values can be found in the
-# pgPool-II documentation.
-#
-# This file is read on server startup and when the server receives a SIGHUP
-# signal. If you edit the file on a running system, you have to SIGHUP the
-# server for the changes to take effect, or use "pgpool reload". Some
-# parameters, which are marked below, require a server shutdown and restart to
-# take effect.
-#
-
-
-#------------------------------------------------------------------------------
-# CONNECTIONS
-#------------------------------------------------------------------------------
-
-# - pgpool Connection Settings -
-
-listen_addresses = '*'
- # Host name or IP address to listen on:
- # '*' for all, '' for no TCP/IP connections
- # (change requires restart)
-#port = 9999
-port = 5432
- # Port number
- # (change requires restart)
-socket_dir = '/tmp'
- # Unix domain socket path
- # The Debian package defaults to
- # /var/run/postgresql
- # (change requires restart)
-
-
-# - pgpool Communication Manager Connection Settings -
-
-pcp_port = 9898
- # Port number for pcp
- # (change requires restart)
-pcp_socket_dir = '/tmp'
- # Unix domain socket path for pcp
- # The Debian package defaults to
- # /var/run/postgresql
- # (change requires restart)
-
-# - Backend Connection Settings -
-
-backend_hostname0 = '{{.Values.container.name.primary}}'
-backend_port0 = 5432
-backend_weight0= 1
-backend_flag0= 'DISALLOW_TO_FAILOVER'
-
-backend_hostname1 = '{{.Values.container.name.replica}}'
-backend_port1 = 5432
-backend_weight1= 1
-backend_flag1= 'DISALLOW_TO_FAILOVER'
-
-#backend_hostname0 = 'master'
- # Host name or IP address to connect to for backend 0
-#backend_port0 = 5432
- # Port number for backend 0
-#backend_weight0 = 1
- # Weight for backend 0 (only in load balancing mode)
-#backend_data_directory0 = '/data'
- # Data directory for backend 0
-#backend_flag0 = 'ALLOW_TO_FAILOVER'
- # Controls various backend behavior
- # ALLOW_TO_FAILOVER or DISALLOW_TO_FAILOVER
-#backend_hostname1 = 'standby'
-#backend_port1 = 5432
-#backend_weight1 = 1
-#backend_data_directory1 = '/data1'
-#backend_flag1 = 'ALLOW_TO_FAILOVER'
-
-# - Authentication -
-
-enable_pool_hba = on
- # Use pool_hba.conf for client authentication
-pool_passwd = 'pool_passwd'
- # File name of pool_passwd for md5 authentication.
- # "" disables pool_passwd.
- # (change requires restart)
-authentication_timeout = 60
- # Delay in seconds to complete client authentication
- # 0 means no timeout.
-
-# - SSL Connections -
-
-ssl = off
- # Enable SSL support
- # (change requires restart)
-#ssl_key = './server.key'
- # Path to the SSL private key file
- # (change requires restart)
-#ssl_cert = './server.cert'
- # Path to the SSL public certificate file
- # (change requires restart)
-#ssl_ca_cert = ''
- # Path to a single PEM format file
- # containing CA root certificate(s)
- # (change requires restart)
-#ssl_ca_cert_dir = ''
- # Directory containing CA root certificate(s)
- # (change requires restart)
-
-
-#------------------------------------------------------------------------------
-# POOLS
-#------------------------------------------------------------------------------
-
-# - Pool size -
-
-num_init_children = 5
- # Number of pools
- # (change requires restart)
-max_pool = 1
- # Number of connections per pool
- # (change requires restart)
-
-# - Life time -
-
-child_life_time = 300
- # Pool exits after being idle for this many seconds
-child_max_connections = 0
- # Pool exits after receiving that many connections
- # 0 means no exit
-connection_life_time = 0
- # Connection to backend closes after being idle for this many seconds
- # 0 means no close
-client_idle_limit = 0
- # Client is disconnected after being idle for that many seconds
- # (even inside an explicit transactions!)
- # 0 means no disconnection
-
-
-#------------------------------------------------------------------------------
-# LOGS
-#------------------------------------------------------------------------------
-
-# - Where to log -
-
-log_destination = 'stderr'
- # Where to log
- # Valid values are combinations of stderr,
- # and syslog. Default to stderr.
-
-# - What to log -
-
-print_timestamp = on
- # Print timestamp on each line
- # (change requires restart)
-
-log_connections = on
- # Log connections
-log_hostname = on
- # Hostname will be shown in ps status
- # and in logs if connections are logged
-log_statement = on
- # Log all statements
-log_per_node_statement = off
- # Log all statements
- # with node and backend informations
-log_standby_delay = 'if_over_threshold'
- # Log standby delay
- # Valid values are combinations of always,
- # if_over_threshold, none
-
-# - Syslog specific -
-
-syslog_facility = 'LOCAL0'
- # Syslog local facility. Default to LOCAL0
-syslog_ident = 'pgpool'
- # Syslog program identification string
- # Default to 'pgpool'
-
-# - Debug -
-
-debug_level = 1
- # Debug message verbosity level
- # 0 means no message, 1 or more mean verbose
-
-
-#------------------------------------------------------------------------------
-# FILE LOCATIONS
-#------------------------------------------------------------------------------
-
-pid_file_name = '/tmp/pgpool.pid'
- # PID file name
- # (change requires restart)
-logdir = '/tmp'
- # Directory of pgPool status file
- # (change requires restart)
-
-
-#------------------------------------------------------------------------------
-# CONNECTION POOLING
-#------------------------------------------------------------------------------
-
-connection_cache = off
- # Activate connection pools
- # (change requires restart)
-
- # Semicolon separated list of queries
- # to be issued at the end of a session
- # The default is for 8.3 and later
-reset_query_list = 'ABORT; DISCARD ALL'
- # The following one is for 8.2 and before
-#reset_query_list = 'ABORT; RESET ALL; SET SESSION AUTHORIZATION DEFAULT'
-
-
-#------------------------------------------------------------------------------
-# REPLICATION MODE
-#------------------------------------------------------------------------------
-
-replication_mode = off
- # Activate replication mode
- # (change requires restart)
-replicate_select = off
- # Replicate SELECT statements
- # when in replication or parallel mode
- # replicate_select is higher priority than
- # load_balance_mode.
-
-insert_lock = off
- # Automatically locks a dummy row or a table
- # with INSERT statements to keep SERIAL data
- # consistency
- # Without SERIAL, no lock will be issued
-lobj_lock_table = ''
- # When rewriting lo_creat command in
- # replication mode, specify table name to
- # lock
-
-# - Degenerate handling -
-
-replication_stop_on_mismatch = off
- # On disagreement with the packet kind
- # sent from backend, degenerate the node
- # which is most likely "minority"
- # If off, just force to exit this session
-
-failover_if_affected_tuples_mismatch = off
- # On disagreement with the number of affected
- # tuples in UPDATE/DELETE queries, then
- # degenerate the node which is most likely
- # "minority".
- # If off, just abort the transaction to
- # keep the consistency
-
-
-#------------------------------------------------------------------------------
-# LOAD BALANCING MODE
-#------------------------------------------------------------------------------
-
-load_balance_mode = on
- # Activate load balancing mode
- # (change requires restart)
-ignore_leading_white_space = on
- # Ignore leading white spaces of each query
-white_function_list = ''
- # Comma separated list of function names
- # that don't write to database
- # Regexp are accepted
-black_function_list = 'currval,lastval,nextval,setval'
- # Comma separated list of function names
- # that write to database
- # Regexp are accepted
-
-
-#------------------------------------------------------------------------------
-# MASTER/SLAVE MODE
-#------------------------------------------------------------------------------
-
-master_slave_mode = on
- # Activate master/slave mode
- # (change requires restart)
-master_slave_sub_mode = 'stream'
- # Master/slave sub mode
- # Valid values are combinations slony or
- # stream. Default is slony.
- # (change requires restart)
-
-# - Streaming -
-
-sr_check_period = 10
- # Streaming replication check period
- # Disabled (0) by default
-sr_check_user = '{{.Values.credentials.pgusername}}'
- # Streaming replication check user
- # This is neccessary even if you disable streaming
- # replication delay check by sr_check_period = 0
-sr_check_password = '{{.Values.credentials.pgpassword}}'
- # Password for streaming replication check user
-delay_threshold = 10000000
- # Threshold before not dispatching query to standby node
- # Unit is in bytes
- # Disabled (0) by default
-
-# - Special commands -
-
-follow_master_command = ''
- # Executes this command after master failover
- # Special values:
- # %d = node id
- # %h = host name
- # %p = port number
- # %D = database cluster path
- # %m = new master node id
- # %H = hostname of the new master node
- # %M = old master node id
- # %P = old primary node id
- # %r = new master port number
- # %R = new master database cluster path
- # %% = '%' character
-
-
-#------------------------------------------------------------------------------
-# PARALLEL MODE
-#------------------------------------------------------------------------------
-
-parallel_mode = off
- # Activates parallel query mode
- # (change requires restart)
-pgpool2_hostname = ''
- # Set pgpool2 hostname
- # (change requires restart)
-
-# - System DB info -
-
-#system_db_hostname = 'localhost'
- # (change requires restart)
-#system_db_port = 5432
- # (change requires restart)
-#system_db_dbname = 'pgpool'
- # (change requires restart)
-#system_db_schema = 'pgpool_catalog'
- # (change requires restart)
-#system_db_user = 'pgpool'
- # (change requires restart)
-#system_db_password = ''
- # (change requires restart)
-
-
-#------------------------------------------------------------------------------
-# HEALTH CHECK
-#------------------------------------------------------------------------------
-
-health_check_period = 20
- # Health check period
- # Disabled (0) by default
-health_check_timeout = 10
- # Health check timeout
- # 0 means no timeout
-health_check_user = '{{.Values.credentials.pgusername}}'
- # Health check user
-health_check_password = '{{.Values.credentials.pgpassword}}'
- # Password for health check user
-health_check_max_retries = 3
-connect_timeout = 10000 # Timeout value in milliseconds before giving up to connect to backend.
-
- # Maximum number of times to retry a failed health check before giving up.
-health_check_retry_delay = 1
- # Amount of time to wait (in seconds) between retries.
-
-
-#------------------------------------------------------------------------------
-# FAILOVER AND FAILBACK
-#------------------------------------------------------------------------------
-
-failover_command = ''
- # Executes this command at failover
- # Special values:
- # %d = node id
- # %h = host name
- # %p = port number
- # %D = database cluster path
- # %m = new master node id
- # %H = hostname of the new master node
- # %M = old master node id
- # %P = old primary node id
- # %r = new master port number
- # %R = new master database cluster path
- # %% = '%' character
-failback_command = ''
- # Executes this command at failback.
- # Special values:
- # %d = node id
- # %h = host name
- # %p = port number
- # %D = database cluster path
- # %m = new master node id
- # %H = hostname of the new master node
- # %M = old master node id
- # %P = old primary node id
- # %r = new master port number
- # %R = new master database cluster path
- # %% = '%' character
-
-fail_over_on_backend_error = off
- # Initiates failover when reading/writing to the
- # backend communication socket fails
- # If set to off, pgpool will report an
- # error and disconnect the session.
-
-search_primary_node_timeout = 10
- # Timeout in seconds to search for the
- # primary node when a failover occurs.
- # 0 means no timeout, keep searching
- # for a primary node forever.
-
-#------------------------------------------------------------------------------
-# ONLINE RECOVERY
-#------------------------------------------------------------------------------
-
-recovery_user = '{{.Values.credentials.pgusername}}'
- # Online recovery user
-recovery_password = '{{.Values.credentials.pgpassword}}'
- # Online recovery password
-recovery_1st_stage_command = ''
- # Executes a command in first stage
-recovery_2nd_stage_command = ''
- # Executes a command in second stage
-recovery_timeout = 90
- # Timeout in seconds to wait for the
- # recovering node's postmaster to start up
- # 0 means no wait
-client_idle_limit_in_recovery = 0
- # Client is disconnected after being idle
- # for that many seconds in the second stage
- # of online recovery
- # 0 means no disconnection
- # -1 means immediate disconnection
-
-
-#------------------------------------------------------------------------------
-# WATCHDOG
-#------------------------------------------------------------------------------
-
-# - Enabling -
-
-use_watchdog = off
- # Activates watchdog
- # (change requires restart)
-
-# -Connection to up stream servers -
-
-trusted_servers = ''
- # trusted server list which are used
- # to confirm network connection
- # (hostA,hostB,hostC,...)
- # (change requires restart)
-ping_path = '/bin'
- # ping command path
- # (change requires restart)
-
-# - Watchdog communication Settings -
-
-wd_hostname = ''
- # Host name or IP address of this watchdog
- # (change requires restart)
-wd_port = 9000
- # port number for watchdog service
- # (change requires restart)
-wd_authkey = ''
- # Authentication key for watchdog communication
- # (change requires restart)
-
-# - Virtual IP control Setting -
-
-delegate_IP = ''
- # delegate IP address
- # If this is empty, virtual IP never bring up.
- # (change requires restart)
-ifconfig_path = '/sbin'
- # ifconfig command path
- # (change requires restart)
-if_up_cmd = 'ifconfig eth0:0 inet $_IP_$ netmask 255.255.255.0'
- # startup delegate IP command
- # (change requires restart)
-if_down_cmd = 'ifconfig eth0:0 down'
- # shutdown delegate IP command
- # (change requires restart)
-
-arping_path = '/usr/sbin' # arping command path
- # (change requires restart)
-
-arping_cmd = 'arping -U $_IP_$ -w 1'
- # arping command
- # (change requires restart)
-
-# - Behaivor on escalation Setting -
-
-clear_memqcache_on_escalation = on
- # Clear all the query cache on shared memory
- # when standby pgpool escalate to active pgpool
- # (= virtual IP holder).
- # This should be off if client connects to pgpool
- # not using virtual IP.
- # (change requires restart)
-wd_escalation_command = ''
- # Executes this command at escalation on new active pgpool.
- # (change requires restart)
-
-# - Lifecheck Setting -
-
-# -- common --
-
-wd_lifecheck_method = 'heartbeat'
- # Method of watchdog lifecheck ('heartbeat' or 'query')
- # (change requires restart)
-wd_interval = 10
- # lifecheck interval (sec) > 0
- # (change requires restart)
-
-# -- heartbeat mode --
-
-wd_heartbeat_port = 9694
- # Port number for receiving heartbeat signal
- # (change requires restart)
-wd_heartbeat_keepalive = 2
- # Interval time of sending heartbeat signal (sec)
- # (change requires restart)
-wd_heartbeat_deadtime = 30
- # Deadtime interval for heartbeat signal (sec)
- # (change requires restart)
-heartbeat_destination0 = 'host0_ip1'
- # Host name or IP address of destination 0
- # for sending heartbeat signal.
- # (change requires restart)
-heartbeat_destination_port0 = 9694
- # Port number of destination 0 for sending
- # heartbeat signal. Usually this is the
- # same as wd_heartbeat_port.
- # (change requires restart)
-heartbeat_device0 = ''
- # Name of NIC device (such like 'eth0')
- # used for sending/receiving heartbeat
- # signal to/from destination 0.
- # This works only when this is not empty
- # and pgpool has root privilege.
- # (change requires restart)
-
-#heartbeat_destination1 = 'host0_ip2'
-#heartbeat_destination_port1 = 9694
-#heartbeat_device1 = ''
-
-# -- query mode --
-
-wd_life_point = 3
- # lifecheck retry times
- # (change requires restart)
-wd_lifecheck_query = 'SELECT 1'
- # lifecheck query to pgpool from watchdog
- # (change requires restart)
-wd_lifecheck_dbname = 'template1'
- # Database name connected for lifecheck
- # (change requires restart)
-wd_lifecheck_user = 'nobody'
- # watchdog user monitoring pgpools in lifecheck
- # (change requires restart)
-wd_lifecheck_password = ''
- # Password for watchdog user in lifecheck
- # (change requires restart)
-
-# - Other pgpool Connection Settings -
-
-#other_pgpool_hostname0 = 'host0'
- # Host name or IP address to connect to for other pgpool 0
- # (change requires restart)
-#other_pgpool_port0 = 5432
- # Port number for othet pgpool 0
- # (change requires restart)
-#other_wd_port0 = 9000
- # Port number for othet watchdog 0
- # (change requires restart)
-#other_pgpool_hostname1 = 'host1'
-#other_pgpool_port1 = 5432
-#other_wd_port1 = 9000
-
-
-#------------------------------------------------------------------------------
-# OTHERS
-#------------------------------------------------------------------------------
-relcache_expire = 0
- # Life time of relation cache in seconds.
- # 0 means no cache expiration(the default).
- # The relation cache is used for cache the
- # query result against PostgreSQL system
- # catalog to obtain various information
- # including table structures or if it's a
- # temporary table or not. The cache is
- # maintained in a pgpool child local memory
- # and being kept as long as it survives.
- # If someone modify the table by using
- # ALTER TABLE or some such, the relcache is
- # not consistent anymore.
- # For this purpose, cache_expiration
- # controls the life time of the cache.
-relcache_size = 256
- # Number of relation cache
- # entry. If you see frequently:
- # "pool_search_relcache: cache replacement happend"
- # in the pgpool log, you might want to increate this number.
-
-check_temp_table = on
- # If on, enable temporary table check in SELECT statements.
- # This initiates queries against system catalog of primary/master
- # thus increases load of master.
- # If you are absolutely sure that your system never uses temporary tables
- # and you want to save access to primary/master, you could turn this off.
- # Default is on.
-
-
-#------------------------------------------------------------------------------
-# ON MEMORY QUERY MEMORY CACHE
-#------------------------------------------------------------------------------
-memory_cache_enabled = off
- # If on, use the memory cache functionality, off by default
-memqcache_method = 'shmem'
- # Cache storage method. either 'shmem'(shared memory) or
- # 'memcached'. 'shmem' by default
- # (change requires restart)
-memqcache_memcached_host = 'localhost'
- # Memcached host name or IP address. Mandatory if
- # memqcache_method = 'memcached'.
- # Defaults to localhost.
- # (change requires restart)
-memqcache_memcached_port = 11211
- # Memcached port number. Mondatory if memqcache_method = 'memcached'.
- # Defaults to 11211.
- # (change requires restart)
-memqcache_total_size = 67108864
- # Total memory size in bytes for storing memory cache.
- # Mandatory if memqcache_method = 'shmem'.
- # Defaults to 64MB.
- # (change requires restart)
-memqcache_max_num_cache = 1000000
- # Total number of cache entries. Mandatory
- # if memqcache_method = 'shmem'.
- # Each cache entry consumes 48 bytes on shared memory.
- # Defaults to 1,000,000(45.8MB).
- # (change requires restart)
-memqcache_expire = 0
- # Memory cache entry life time specified in seconds.
- # 0 means infinite life time. 0 by default.
- # (change requires restart)
-memqcache_auto_cache_invalidation = on
- # If on, invalidation of query cache is triggered by corresponding
- # DDL/DML/DCL(and memqcache_expire). If off, it is only triggered
- # by memqcache_expire. on by default.
- # (change requires restart)
-memqcache_maxcache = 409600
- # Maximum SELECT result size in bytes.
- # Must be smaller than memqcache_cache_block_size. Defaults to 400KB.
- # (change requires restart)
-memqcache_cache_block_size = 1048576
- # Cache block size in bytes. Mandatory if memqcache_method = 'shmem'.
- # Defaults to 1MB.
- # (change requires restart)
-memqcache_oiddir = '/var/log/pgpool/oiddir'
- # Temporary work directory to record table oids
- # (change requires restart)
-white_memqcache_table_list = ''
- # Comma separated list of table names to memcache
- # that don't write to database
- # Regexp are accepted
-black_memqcache_table_list = ''
- # Comma separated list of table names not to memcache
- # that don't write to database
- # Regexp are accepted
+++ /dev/null
-# pgpool Client Authentication Configuration File a custom version
-# ===============================================
-#
-# The format rule in this file follows the rules in the PostgreSQL
-# Administrator's Guide. Refer to chapter "Client Authentication" for a
-# complete description. A short synopsis follows.
-#
-# This file controls: which hosts are allowed to connect, how clients
-# are authenticated, which user names they can use, which databases they
-# can access. Records take one of these forms:
-#
-# local DATABASE USER METHOD [OPTION]
-# host DATABASE USER CIDR-ADDRESS METHOD [OPTION]
-#
-# (The uppercase items must be replaced by actual values.)
-#
-# The first field is the connection type: "local" is a Unix-domain
-# socket, "host" is either a plain or SSL-encrypted TCP/IP socket.
-#
-# DATABASE can be "all", "sameuser", a database name, or a comma-separated
-# list thereof. Note that "samegroup" like in PostgreSQL's pg_hba.conf
-# file is not supported, since pgpool does not know which group a user
-# belongs to. Also note that the database specified here may not exist in
-# the backend PostgreSQL. pgpool will authenticate based on the database's
-# name, not based on whether it exists or not.
-#
-# USER can be "all", a user name, or a comma-separated list thereof. In
-# both the DATABASE and USER fields you can also write a file name prefixed
-# with "@" to include names from a separate file. Note that a group name
-# prefixed with "+" like in PostgreSQL's pg_hba.conf file is not supported
-# because of the same reason as "samegroup" token. Also note that a user
-# name specified here may not exist in the backend PostgreSQL. pgpool will
-# authenticate based on the user's name, not based on whether he/she exists.
-#
-# CIDR-ADDRESS specifies the set of hosts the record matches.
-# It is made up of an IP address and a CIDR mask that is an integer
-# (between 0 and 32 (IPv4) that specifies the number of significant bits in
-# the mask. Alternatively, you can write an IP address and netmask in
-# separate columns to specify the set of hosts.
-#
-# METHOD can be "trust", "reject", "md5" or "pam". Note that "pam" sends passwords
-# in clear text.
-#
-# OPTION is the name of the PAM service. Default service name is "pgpool"
-#
-# Database and user names containing spaces, commas, quotes and other special
-# characters must be quoted. Quoting one of the keywords "all" or "sameuser"
-# makes the name lose its special character, and just match a database or
-# username with that name.
-#
-# This file is read on pgpool startup. If you edit the file on a running
-# system, you have to restart the pgpool for the changes to take effect.
-
-# Put your actual configuration here
-# ----------------------------------
-#
-# If you want to allow non-local connections, you need to add more
-# "host" records. In that case you will also need to make pgpool listen
-# on a non-local interface via the listen_addresses configuration parameter.
-#
-
-# TYPE DATABASE USER CIDR-ADDRESS METHOD
-
-# "local" is for Unix domain socket connections only
-#local all all trust
-# IPv4 local connections:
-host all all 0.0.0.0/0 md5
-
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-# #
-# # Licensed under the Apache License, Version 2.0 (the "License");
-# # you may not use this file except in compliance with the License.
-# # You may obtain a copy of the License at
-# #
-# # http://www.apache.org/licenses/LICENSE-2.0
-# #
-# # Unless required by applicable law or agreed to in writing, software
-# # distributed under the License is distributed on an "AS IS" BASIS,
-# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# # See the License for the specific language governing permissions and
-# # limitations under the License.
-*/}}
-kind: Deployment
-apiVersion: extensions/v1beta1
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: 2
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - name: {{ include "common.name" . }}-job
- image: "{{.Values.repository}}/{{.Values.image}}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: pgpool-pgconf
- mountPath: /pgconf/pgpoolconfigdir
- readOnly: false
- - name: pgpool-pgconf-static
- mountPath: /configdir/
- readOnly: false
- command:
- - /bin/sh
- args:
- - -c
- - |
- cp /configdir/pgpool.conf /pgconf/pgpoolconfigdir/
- cp /configdir/pool_hba.conf /pgconf/pgpoolconfigdir/
- pg_md5 -f /pgconf/pgpoolconfigdir/pgpool.conf --md5auth --username=${PG_USER} ${PG_PASSWORD}
- env:
- - name: PG_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}
- key: db-user-password
- - name: PG_USER
- value: {{ index .Values.credentials.pgusername }}
- containers:
- - image: "{{.Values.repository}}/{{.Values.image}}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}
- env:
- - name: PG_PRIMARY_SERVICE_NAME
- value: {{.Values.container.name.primary}}
- - name: PG_REPLICA_SERVICE_NAME
- value: {{.Values.container.name.replica}}
- - name: PG_USERNAME
- value: {{.Values.credentials.pgusername}}
- - name: PG_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}
- key: db-user-password
- ports:
- - containerPort: 5432
- name: pgpool
- protocol: TCP
- readinessProbe:
- tcpSocket:
- port: 5432
- initialDelaySeconds: 20
- periodSeconds: 10
- livenessProbe:
- tcpSocket:
- port: 5432
- initialDelaySeconds: 15
- periodSeconds: 20
- volumeMounts:
- - name: pgpool-pgconf
- mountPath: /pgconf/pgpoolconfigdir
- readOnly: false
- volumes:
- - name: pgpool-pgconf
- emptyDir: {}
- - name: pgpool-pgconf-static
- configMap:
- name: {{ include "common.fullname" . }}-pgpool-configmap
+++ /dev/null
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Values.service.name }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- persistence: {}
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: crunchydata
-image: crunchy-pgpool:centos7-10.4-2.0.0
-pullPolicy: Always
-
-container:
- port: 5432
- name:
- primary: pgset-primary
- replica: pgset-replica
-credentials:
- pgusername: testuser
- pgpassword: password
-service:
- name: pgpool
- portName: tcp-postgres
- type: ClusterIP
- externalPort: 5432
- internalPort: 5432
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+# Copyright © 2020 Samsung Electronics
+# #
+# # Licensed under the Apache License, Version 2.0 (the "License");
+# # you may not use this file except in compliance with the License.
+# # You may obtain a copy of the License at
+# #
+# # http://www.apache.org/licenses/LICENSE-2.0
+# #
+# # Unless required by applicable law or agreed to in writing, software
+# # distributed under the License is distributed on an "AS IS" BASIS,
+# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# # See the License for the specific language governing permissions and
+# # limitations under the License.
+*/}}
+
+{{- define "common.postgres.deployment" -}}
+ {{- $dot := .dot }}
+ {{- $pgMode := .pgMode }}
+apiVersion: apps/v1beta1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" $dot }}-{{ $pgMode }}
+ namespace: {{ include "common.namespace" $dot }}
+ labels:
+ app: {{ include "common.name" $dot }}-{{ $pgMode }}
+ chart: {{ $dot.Chart.Name }}-{{ $dot.Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" $dot }}
+ heritage: {{ $dot.Release.Service }}
+ name: "{{ index $dot.Values "container" "name" $pgMode }}"
+spec:
+ serviceName: {{ $dot.Values.service.name }}
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" $dot }}-{{ $pgMode }}
+ release: {{ include "common.release" $dot }}
+ name: "{{ index $dot.Values "container" "name" $pgMode }}"
+ spec:
+ initContainers:
+ - name: init-sysctl
+ command:
+ - /bin/sh
+ - -c
+ - |
+ chown 26:26 /podroot/;
+ chmod 700 /podroot/;
+ image: {{ $dot.Values.global.busyboxRepository | default $dot.Values.busyboxRepository }}/{{ $dot.Values.busyboxImage }}
+ imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" $dot }}-data
+ mountPath: /podroot/
+ containers:
+ - name: {{ include "common.name" $dot }}
+ image: "{{ $dot.Values.postgresRepository }}/{{ $dot.Values.image }}"
+ imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
+ ports:
+ - containerPort: {{ $dot.Values.service.internalPort }}
+ name: {{ $dot.Values.service.portName }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq $dot.Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ $dot.Values.service.internalPort }}
+ initialDelaySeconds: {{ $dot.Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ $dot.Values.liveness.periodSeconds }}
+ timeoutSeconds: {{ $dot.Values.liveness.timeoutSeconds }}
+ {{- end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ $dot.Values.service.internalPort }}
+ initialDelaySeconds: {{ $dot.Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ $dot.Values.readiness.periodSeconds }}
+ env:
+ - name: PGHOST
+ value: /tmp
+ - name: PG_PRIMARY_USER
+ value: primaryuser
+ - name: PG_MODE
+ value: {{ $pgMode }}
+ - name: PG_PRIMARY_HOST
+ value: "{{ $dot.Values.container.name.primary }}"
+ - name: PG_REPLICA_HOST
+ value: "{{ $dot.Values.container.name.replica }}"
+ - name: PG_PRIMARY_PORT
+ value: "{{ $dot.Values.service.internalPort }}"
+ - name: PG_PRIMARY_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.primaryPasswordUID" .) "key" "password") | indent 10 }}
+ - name: PG_USER
+ {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "login") | indent 10 }}
+ - name: PG_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "password") | indent 10 }}
+ - name: PG_DATABASE
+ value: "{{ $dot.Values.config.pgDatabase }}"
+ - name: PG_ROOT_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.rootPassUID" .) "key" "password") | indent 10 }}
+ volumeMounts:
+ - name: pool-hba-conf
+ mountPath: /pgconf/pool_hba.conf
+ subPath: pool_hba.conf
+ - mountPath: /pgdata
+ name: {{ include "common.fullname" $dot }}-data
+ - mountPath: /backup
+ name: {{ include "common.fullname" $dot }}-backup
+ readOnly: true
+ resources:
+{{ include "common.resources" $dot | indent 12 }}
+ {{- if $dot.Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml $dot.Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if $dot.Values.affinity }}
+ affinity:
+{{ toYaml $dot.Values.affinity | indent 10 }}
+ {{- end }}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: {{ include "common.fullname" $dot }}-backup
+ emptyDir: {}
+ - name: {{ include "common.fullname" $dot }}-data
+{{- if $dot.Values.persistence.enabled }}
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" $dot }}-{{ $pgMode }}
+{{- else }}
+ emptyDir: {}
+{{ end }}
+ - name: pool-hba-conf
+ configMap:
+ name: {{ include "common.fullname" $dot }}
+{{- end -}}
\ No newline at end of file
# # See the License for the specific language governing permissions and
# # limitations under the License.
*/}}
-apiVersion: apps/v1beta1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}-primary
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}-primary
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- name: "{{ .Values.container.name.primary }}"
-spec:
- serviceName: {{ .Values.service.name }}
- replicas: 1
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}-primary
- release: {{ include "common.release" . }}
- name: "{{ .Values.container.name.primary }}"
- spec:
- initContainers:
- - name: init-sysctl
- command:
- - /bin/sh
- - -c
- - |
- chown 26:26 /podroot/;
- chmod 700 /podroot/;
- image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.busyboxImage }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-data
- mountPath: /podroot/
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ .Values.postgresRepository }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
- {{- end }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: PGHOST
- value: /tmp
- - name: PG_PRIMARY_USER
- value: primaryuser
- - name: PG_MODE
- value: primary
- - name: PG_PRIMARY_HOST
- value: "{{ .Values.container.name.primary }}"
- - name: PG_REPLICA_HOST
- value: "{{ .Values.container.name.replica }}"
- - name: PG_PRIMARY_PORT
- value: "{{ .Values.service.internalPort }}"
- - name: PG_PRIMARY_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}
- key: pg-primary-password
- - name: PG_USER
- value: "{{ .Values.config.pgUserName }}"
- - name: PG_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}
- key: pg-user-password
- - name: PG_DATABASE
- value: "{{ .Values.config.pgDatabase }}"
- - name: PG_ROOT_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}
- key: pg-root-password
- volumeMounts:
- - name: pool-hba-conf
- mountPath: /pgconf/pool_hba.conf
- subPath: pool_hba.conf
- - mountPath: /pgdata
- name: {{ include "common.fullname" . }}-data
- - mountPath: /backup
- name: {{ include "common.fullname" . }}-backup
- readOnly: true
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}-backup
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-data
-{{- if .Values.persistence.enabled }}
- persistentVolumeClaim:
- claimName: {{ include "common.fullname" . }}-primary
-{{- else }}
- emptyDir: {}
-{{ end }}
- - name: pool-hba-conf
- configMap:
- name: {{ include "common.fullname" . }}
+{{ include "common.postgres.deployment" (dict "dot" . "pgMode" "primary") }}
# # See the License for the specific language governing permissions and
# # limitations under the License.
*/}}
-apiVersion: apps/v1beta1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}-replica
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}-replica
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- name: "{{ .Values.container.name.replica }}"
-spec:
- serviceName: {{ .Values.service.name }}
- replicas: 1
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}-replica
- release: {{ include "common.release" . }}
- name: "{{ .Values.container.name.replica }}"
- spec:
- initContainers:
- - name: init-sysctl
- command:
- - /bin/sh
- - -c
- - |
- chown 26:26 /podroot/;
- chmod 700 /podroot/;
- image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.busyboxImage }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-data
- mountPath: /podroot/
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ .Values.postgresRepository }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
- {{end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: PGHOST
- value: /tmp
- - name: PG_PRIMARY_USER
- value: primaryuser
- - name: PG_MODE
- value: replica
- - name: PG_PRIMARY_HOST
- value: "{{.Values.container.name.primary}}"
- - name: PG_REPLICA_HOST
- value: "{{.Values.container.name.replica}}"
- - name: PG_PRIMARY_PORT
- value: "{{.Values.service.internalPort}}"
- - name: PG_PRIMARY_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}
- key: pg-primary-password
- - name: PG_USER
- value: "{{.Values.config.pgUserName}}"
- - name: PG_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}
- key: pg-user-password
- - name: PG_DATABASE
- value: "{{.Values.config.pgDatabase}}"
- - name: PG_ROOT_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}
- key: pg-root-password
- volumeMounts:
- - name: pool-hba-conf
- mountPath: /pgconf/pool_hba.conf
- subPath: pool_hba.conf
- - mountPath: /pgdata
- name: {{ include "common.fullname" . }}-data
- - mountPath: /backup
- name: {{ include "common.fullname" . }}-backup
- readOnly: true
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}-backup
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-data
-{{- if .Values.persistence.enabled }}
- persistentVolumeClaim:
- claimName: {{ include "common.fullname" . }}-replica
-{{- else }}
- emptyDir: {}
-{{ end }}
- - name: pool-hba-conf
- configMap:
- name: {{ include "common.fullname" . }}
+{{ include "common.postgres.deployment" (dict "dot" . "pgMode" "replica") }}
{{- else }}
storageClassName: {{ include "common.storageClass" . }}
{{- end }}
- storageClassName: "{{ include "common.fullname" . }}-primary"
{{- end -}}
# # See the License for the specific language governing permissions and
# # limitations under the License.
*/}}
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
- pg-primary-password: {{ .Values.config.pgPrimaryPassword | b64enc | quote }}
- pg-user-password: {{ .Values.config.pgUserPassword | b64enc | quote }}
- pg-root-password: {{ .Values.config.pgRootPassword | b64enc | quote }}
-
+{{ include "common.secret" . }}
readinessRepository: oomk8s
readinessImage: readiness-check:2.0.0
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: '{{ include "common.postgres.secret.rootPassUID" . }}'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.config.pgRootPasswordExternalSecret) . }}'
+ password: '{{ .Values.config.pgRootPassword }}'
+ - uid: '{{ include "common.postgres.secret.userCredentialsUID" . }}'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.pgUserExternalSecret) . }}'
+ login: '{{ .Values.config.pgUserName }}'
+ password: '{{ .Values.config.pgUserPassword }}'
+ - uid: '{{ include "common.postgres.secret.primaryPasswordUID" . }}'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.config.pgPrimaryPasswordExternalSecret) . }}'
+ password: '{{ .Values.config.pgPrimaryPassword }}'
+
#################################################################
# Application configuration defaults.
#################################################################
primary: pgset-primary
replica: pgset-replica
-pgpool:
- container:
- port: 5432
- name:
- primary: pgset-primary
- replica: pgset-replica
- credentials:
- pgusername: testuser
- pgpassword: password
- service:
- name: pgpool
-
-
-# default number of instances
-replicaCount: 2
-
nodeSelector: {}
affinity: {}
kind: ConfigMap
apiVersion: v1
+data:
+ enable-underscores-in-headers: "on"
metadata:
name: nginx-configuration
namespace: ingress-nginx
"config_path": "/usr/share/filebeat/filebeat.yml",
"config_subpath": "filebeat.yml",
"image" : "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}",
- "config_map" : "dcae-filebeat-configmap"
+ "config_map" : "{{ include "common.release" . }}-dcae-filebeat-configmap"
},
"tls":
{
- "cert_path": "/opt/tls/shared",
+ "cert_path": "/opt/app/osaaf",
"image": "{{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}",
"component_ca_cert_path": "/opt/dcae/cacert/cacert.pem",
"ca_cert_configmap": "{{ include "common.fullname" . }}-dcae-cacert"
+++ /dev/null
-#============LICENSE_START========================================================
-#=================================================================================
-# Copyright (c) 2017-2018 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright © 2018 Amdocs, Bell Canada
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-{{ if .Values.componentImages.dashboard }}
-dashboard_docker_image: {{ include "common.repository" . }}/{{ .Values.componentImages.dashboard }}
-{{ end }}
-external_port: {{ .Values.config.address.dashboard.port }}
-external_tls_port: {{ .Values.config.address.dashboard.portSecure }}
-database_cluster_name: {{ .Values.postgres.service.name2 }}.{{ include "common.namespace" . }}
-database_cluster_fqdn: {{ .Values.postgres.service.name2 }}.{{ include "common.namespace" . }}.{{ .Values.postgres.suffix }}
-database_name: "dashboard_pg"
-cloudify_ip: {{ .Values.config.address.cm.host }}
-cloudify_user: "admin"
-cloudify_password: "admin"
-consul_url: {{ .Values.config.address.consul_ui }}
-postgres_port: "5432"
-replicas: 1
fieldRef:\r
apiVersion: v1\r
fieldPath: status.podIP\r
+ - name: aaf_locator_fqdn\r
+ value: dcae\r
image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}\r
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}\r
resources: {}\r
volumeMounts:\r
- - mountPath: /opt/tls/shared\r
+ - mountPath: /opt/app/osaaf\r
name: tls-info\r
containers:\r
- name: {{ include "common.name" . }}\r
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
tlsRepository: nexus3.onap.org:10001
- tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:1.0.3
+ tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
config:
logstashServiceName: log-ls
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.6.4
+image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.9.0
default_k8s_location: central
# DCAE component images to be deployed via Cloudify Manager
componentImages:
holmes_rules: onap/holmes/rule-management:1.2.7
holmes_engine: onap/holmes/engine-management:1.2.6
- tca: onap/org.onap.dcaegen2.deployments.tca-cdap-container:1.1.2
+ tca: onap/org.onap.dcaegen2.deployments.tca-cdap-container:1.2.2
ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.5.2
snmptrap: onap/org.onap.dcaegen2.collectors.snmptrap:1.4.0
prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.0
apiVersion: v1
kind: ConfigMap
metadata:
- name: dcae-filebeat-configmap
+ name: {{ include "common.release" . }}-dcae-filebeat-configmap
namespace: {{include "common.namespace" . }}
data:
{{ tpl (.Files.Glob "resources/config/log/*").AsConfig . | indent 2 }}
apiVersion: v1
kind: ConfigMap
metadata:
- name: dcae-filebeat-configmap
+ name: {{ include "common.release" . }}-dcae-filebeat-configmap
namespace: {{ .Values.dcae_ns }}
data:
{{ tpl (.Files.Glob "resources/config/log/*").AsConfig . | indent 2 }}
fieldRef:
apiVersion: v1
fieldPath: status.podIP
+ - name: aaf_locator_fqdn
+ value: dcae
image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
resources: {}
volumeMounts:
- - mountPath: /opt/tls/shared
+ - mountPath: /opt/app/osaaf
name: tls-info
containers:
- name: {{ include "common.name" . }}
readinessImage: readiness-check:2.0.0
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ tlsRepository: nexus3.onap.org:10001
+ tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
repositoryCred:
user: docker
password: docker
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ - name: aaf_locator_fqdn
+ value: dcae
{{- if .Values.service.secure.enabled }}
- name: init-tls
env:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
resources: {}
volumeMounts:
- - mountPath: /opt/tls/shared
+ - mountPath: /opt/app/osaaf
name: tls-info
{{ end }}
containers:
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
tlsRepository: nexus3.onap.org:10001
- tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:1.0.3
+ tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
repositoryCred:
user: docker
password: docker
fieldRef:
apiVersion: v1
fieldPath: status.podIP
+ - name: aaf_locator_fqdn
+ value: dcae
image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
resources: {}
volumeMounts:
- - mountPath: /opt/tls/shared
+ - mountPath: /opt/app/osaaf
name: tls-info
containers:
- name: {{ include "common.name" . }}
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
tlsRepository: nexus3.onap.org:10001
- tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:1.0.3
+ tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
config:
logstashServiceName: log-ls
persistence:
mountSubPath: dcae-dashboard/data
mountInitPath: dcae-dashboard
- pgpool:
- nameOverride: dcae-dashboard-pgpool
- service:
- name: dcae-dashboard-pgpool
- credentials:
- pgusername: dcae_dashboard
- pgpassword: onapdemodb
- container:
- name:
- primary: dcae-dashboard-pgpool-primary
- replica: dcae-dashboard-pgpool-replica
# Resource Limit flavor -By Default using small
flavor: small
# Kubernetes namespace for components deployed via Cloudify manager
# If empty, use the common namespace
# dcae_ns: "dcae"
-
fieldRef:
apiVersion: v1
fieldPath: status.podIP
+ - name: aaf_locator_fqdn
+ value: dcae
image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
resources: {}
volumeMounts:
- - mountPath: /opt/tls/shared
+ - mountPath: /opt/app/osaaf
name: tls-info
- name: init-consul
image: {{ .Values.global.consulLoaderRepository }}/{{ .Values.global.consulLoaderImage }}
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
tlsRepository: nexus3.onap.org:10001
- tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:1.0.3
+ tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
consulLoaderRepository: nexus3.onap.org:10001
consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
repositoryCred:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
+ - name: aaf_locator_fqdn
+ value: dcae
image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
resources: {}
volumeMounts:
- - mountPath: /opt/tls/shared
+ - mountPath: /opt/app/osaaf
name: tls-info
- name: init-consul
image: {{ .Values.global.consulLoaderRepository }}/{{ .Values.global.consulLoaderImage }}
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
tlsRepository: nexus3.onap.org:10001
- tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:1.0.3
+ tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
consulLoaderRepository: nexus3.onap.org:10001
consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
repositoryCred:
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
tlsRepository: nexus3.onap.org:10001
- tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:1.0.3
+ tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
repositoryCred:
user: docker
password: docker
global:
nodePortPrefix: 302
tlsRepository: nexus3.onap.org:10001
- tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:1.0.3
+# Have to use locally-define tlsImage until inventory API can use 2.x.y
+# tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
consulLoaderRepository: nexus3.onap.org:10001
consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
redis:
persistence:
mountSubPath: dbc/data
mountInitPath: dbc
- pgpool:
- nameOverride: dbc-pgpool
- service:
- name: dbc-pgpool
- credentials:
- pgusername: dmaap_admin
- pgpassword: onapdemodb
- container:
- name:
- primary: dbc-pgpool-primary
- replica: dbc-pgpool-replica
ingress:
enabled: false
apiVersion: v1
fieldPath: metadata.namespace
{{- if .Values.global.aafEnabled }}
+ - name: {{ include "common.name" . }}-aaf-readiness
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /root/ready.py
+ args:
+ - --container-name
+ - aaf-locate
+ - --container-name
+ - aaf-cm
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
- name: {{ include "common.name" . }}-dr-node-aaf-config
image: "{{ include "common.repository" . }}/{{ .Values.global.aafAgentImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
{{- if not .Values.persistence.enabled }}
- - name: {{ include "common.fullname" . }}-event-logs-pvc
+ - name: {{ include "common.fullname" . }}-event-logs
emptyDir: {}
- name: {{ include "common.fullname" . }}-data
emptyDir: {}
{{- if .Values.global.aafEnabled }}
- - name: {{ include "common.fullname" . }}-aaf-props-pvc
+ - name: {{ include "common.fullname" . }}-aaf-props
emptyDir: {}
{{- end }}
{{- end }}
# Application configuration defaults.
#################################################################
# application image
-image: onap/dmaap/datarouter-node:2.1.3
+image: onap/dmaap/datarouter-node:2.1.4
pullPolicy: Always
# flag to enable debugging - application support required
# AAF config
org.onap.dmaap.datarouter.provserver.cadi.enabled = false
-org.onap.dmaap.datarouter.provserver.passwordencryption = PasswordEncryptionKey#@$%^&1234#
org.onap.dmaap.datarouter.provserver.aaf.feed.type = org.onap.dmaap-dr.feed
org.onap.dmaap.datarouter.provserver.aaf.sub.type = org.onap.dmaap-dr.sub
org.onap.dmaap.datarouter.provserver.aaf.instance = legacy
args:
- --container-name
- aaf-locate
+ - --container-name
+ - aaf-cm
env:
- name: NAMESPACE
valueFrom:
# Application configuration defaults.
#################################################################
# application image
-image: onap/dmaap/datarouter-prov:2.1.3
+image: onap/dmaap/datarouter-prov:2.1.4
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/dmaap/dmaap-mr:1.1.16
+image: onap/dmaap/dmaap-mr:1.1.17
pullPolicy: Always
kafka:
spec:
containers:
- env:
+ - name: MSB_PROTO
+ value: {{ .Values.config.msbprotocol }}
- name: MSB_ADDR
value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}"
- name: MSB_PORT
value: "{{ .Values.config.aai.username }}"
- name: AAI_PASSWORD
value: "{{ .Values.config.aai.password }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.config.ssl_enabled }}"
name: {{ include "common.name" . }}
volumeMounts:
- mountPath: /var/log/onap
httpGet:
path: /api/multicloud-fcaps/v1/healthcheck
port: {{ .Values.service.internalPort }}
- scheme: HTTP
+ scheme: HTTPS
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
"url": "/api/multicloud-fcaps/v0",
"protocol": "REST",
"port": "{{ .Values.service.externalPort }}",
+ "enable_ssl": {{ .Values.config.ssl_enabled }},
"visualRange": "1"
},
{
"url": "/api/multicloud-fcaps/v1",
"protocol": "REST",
"port": "{{ .Values.service.externalPort }}",
+ "enable_ssl": {{ .Values.config.ssl_enabled }},
"visualRange": "1"
}
]'
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/multicloud/openstack-fcaps:1.4.1
+image: onap/multicloud/openstack-fcaps:1.5.3
pullPolicy: Always
#Istio sidecar injection policy
# application configuration
config:
+ ssl_enabled: true
+ msbprotocol: https
msbgateway: msb-iag
- msbPort: 80
+ msbPort: 443
aai:
port: 8443
schemaVersion: v13
disable_existing_loggers: False
loggers:
+ starlingx_base:
+ handlers: [starlingx_handler]
+ level: "DEBUG"
+ propagate: False
starlingx:
handlers: [starlingx_handler]
level: "DEBUG"
spec:
containers:
- env:
+ - name: MSB_PROTO
+ value: {{ .Values.config.msbprotocol }}
- name: MSB_ADDR
value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}"
- name: MSB_PORT
value: "{{ .Values.config.aai.username }}"
- name: AAI_PASSWORD
value: "{{ .Values.config.aai.password }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.config.ssl_enabled }}"
name: {{ include "common.name" . }}
volumeMounts:
- mountPath: /var/log/onap
httpGet:
path: /api/multicloud-starlingx/v0/swagger.json
port: {{ .Values.service.internalPort }}
- scheme: HTTP
+ scheme: HTTPS
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
"url": "/api/multicloud-starlingx/v0",
"protocol": "REST",
"port": "{{ .Values.service.externalPort }}",
+ "enable_ssl": {{ .Values.config.ssl_enabled }},
"visualRange": "1"
},
{
"url": "/api/multicloud-starlingx/v1",
"protocol": "REST",
"port": "{{ .Values.service.externalPort }}",
+ "enable_ssl": {{ .Values.config.ssl_enabled }},
"visualRange": "1"
}
]'
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/multicloud/openstack-starlingx:1.4.1
+image: onap/multicloud/openstack-starlingx:1.5.3
pullPolicy: Always
#Istio sidecar injection policy
# application configuration
config:
+ ssl_enabled: true
+ msbprotocol: https
msbgateway: msb-iag
- msbPort: 80
+ msbPort: 443
aai:
port: 8443
schemaVersion: v13
name: artifact-data
containers:
- env:
+ - name: MSB_PROTO
+ value: {{ .Values.config.msbprotocol }}
- name: MSB_ADDR
value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}"
- name: MSB_PORT
value: "{{ .Values.config.aai.username }}"
- name: AAI_PASSWORD
value: "{{ .Values.config.aai.password }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.config.ssl_enabled }}"
name: {{ include "common.name" . }}
volumeMounts:
- mountPath: /var/log/onap
httpGet:
path: /api/multicloud-titaniumcloud/v1/swagger.json
port: {{ .Values.service.internalPort }}
- scheme: HTTP
+ scheme: HTTPS
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
"url": "/api/multicloud-titanium_cloud/v0",
"protocol": "REST",
"port": "{{ .Values.service.externalPort }}",
+ "enable_ssl": {{ .Values.config.ssl_enabled }},
"visualRange": "1"
},
{
"url": "/api/multicloud-titaniumcloud/v0",
"protocol": "REST",
"port": "{{ .Values.service.externalPort }}",
+ "enable_ssl": {{ .Values.config.ssl_enabled }},
"visualRange": "1"
},
{
"url": "/api/multicloud-titaniumcloud/v1",
"protocol": "REST",
"port": "{{ .Values.service.externalPort }}",
+ "enable_ssl": {{ .Values.config.ssl_enabled }},
"visualRange": "1"
}
]'
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/multicloud/openstack-windriver:1.4.1
+image: onap/multicloud/openstack-windriver:1.5.3
pullPolicy: Always
#Istio sidecar injection policy
# application configuration
config:
+ ssl_enabled: true
+ msbprotocol: https
msbgateway: msb-iag
- msbPort: 80
+ msbPort: 443
aai:
port: 8443
schemaVersion: v13
containers:
- env:
- name: MSB_PROTO
- value: {{ .Values.config.msbprotocol }}.{{ include "common.namespace" . }}
+ value: {{ .Values.config.msbprotocol }}
- name: MSB_ADDR
value: {{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}
- name: MSB_PORT
"url": "/api/multicloud/v0",
"protocol": "REST",
"port": "{{ .Values.service.externalPort }}",
- "enable_ssl": "{{ .Values.config.ssl_enabled }}",
+ "enable_ssl": {{ .Values.config.ssl_enabled }},
"visualRange": "1"
},
{
"url": "/api/multicloud/v1",
"protocol": "REST",
"port": "{{ .Values.service.externalPort }}",
- "enable_ssl": "{{ .Values.config.ssl_enabled }}",
+ "enable_ssl": {{ .Values.config.ssl_enabled }},
"visualRange": "1"
}
]'
- name: SPRING_DATASOURCE_URL
value: jdbc:mariadb://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{ index .Values "mariadb-galera" "config" "mysqlDatabase" }}
- name: SPRING_DATASOURCE_USERNAME
- value: {{ index .Values "mariadb-galera" "config" "userName" }}
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "nbi-db-secret" "key" "login") | indent 14 }}
- name: SPRING_DATASOURCE_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.mariadbSecret" . }}
- key: {{ include "common.mariadbSecretParam" . }}
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "nbi-db-secret" "key" "password") | indent 14 }}
- name: SPRING_DATA_MONGODB_HOST
value: {{ .Values.mongo.service.name }}.{{ include "common.namespace" . }}
- name: SPRING_DATA_MONGODB_PORT
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-dependencies:
- - name: common
- version: ~5.x-0
- repository: '@local'
+{{ include "common.secret" . }}
internalPort: 3306
nameOverride: mariadb-galera
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: nbi-db-secret
+ name: '{{ include "common.release" . }}-nbi-db-secret'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.db.userName }}'
+ password: '{{ .Values.config.db.userPassword }}'
+
subChartsOnly:
enabled: true
ecompInstanceId: OOM
openStackRegion: RegionOne
openStackVNFTenantId: 31047205ce114b60833b23e400d6a535
+ db:
+ userName: rene
+ # userPassword: password
+ # userCredentialsExternalSecret: some-secret
mariadb-galera:
# '&mariadbConfig' means we "store" the values for later use in the file
# with '*mariadbConfig' pointer.
config: &mariadbConfig
- userName: rene
- userPassword: lkjgklqsdareyhjujlnnbvfvdttuiukgpiokqbfsjdhfigquosegombvjfqhb
- mariadbRootPassword: dhqjdshjdsguryebvcnbvcvdsqghyjqgktgjjfhjfghbfs
- mysqlDatabase: nbi
+ userCredentialsExternalSecret: '{{ include "common.release" . }}-nbi-db-secret'
+ mysqlDatabase: nbi
nameOverride: nbi-galera
service:
name: nbi-galera
vnfsdk:
enabled: false
modeling:
- enabled: false
\ No newline at end of file
+ enabled: false
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
- name: {{ include "common.release" . }}-cmso-db
- key: db-root-password
+ name: {{ include "common.release" . }}-cmso-db-db-root-password
+ key: password
terminationMessagePolicy: File
volumeMounts:
- name: {{ include "common.fullname" . }}-config
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
- name: {{ include "common.release" . }}-cmso-db
- key: db-root-password
+ name: {{ include "common.release" . }}-cmso-db-db-root-password
+ key: password
- name: JAVA_TRUSTSTORE
value: /share/etc/certs/{{ .Values.global.truststoreFile }}
- name: SSL_KEYSTORE
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
- name: {{ include "common.release" . }}-cmso-db
- key: db-root-password
+ name: {{ include "common.release" . }}-cmso-db-db-root-password
+ key: password
terminationMessagePolicy: File
volumeMounts:
- name: {{ include "common.fullname" . }}-config
- name: {{ include "common.fullname" . }}-config
mountPath: /share/etc/config
ports:
- - containerPort: 5000
+ - containerPort: 5000
resources:
{{ include "common.resources" . }}
- name: {{ include "common.name" . }}
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
- name: {{ include "common.release" . }}-cmso-db
- key: user-password
+ name: {{ include "common.release" . }}-cmso-db-db-user-credentials
+ key: password
- name: JAVA_TRUSTSTORE
value: /share/etc/certs/{{ .Values.global.truststoreFile }}
- name: SSL_KEYSTORE
-Subproject commit 091f164a832479cb40ad6f5d7e4960269e75f87f
+Subproject commit 591bfdea4f1d833abee3c7e60f084da546d9082a
ubuntuInitRepository: oomk8s
ubuntuInitImage: ubuntu-init:1.0.0
cassandra:
- #This flag allows SDC to instantiate its own cluster, serviceName
+ #This flag allows SDC to instantiate its own cluster, serviceName
#should be sdc-cs if this flag is enabled
localCluster: false
#The cassandra service name to connect to (default: shared cassandra service)
# See the License for the specific language governing permissions and
# limitations under the License.
aai:
- auth: 221187EFA3AD4E33600DE0488F287099934CE65C3D0697BCECC00BB58E784E07CD74A24581DC31DBC086FF63DF116378776E9BE3D1325885
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.aai.auth )}}
dme2:
timeout: '30000'
endpoint: https://aai.{{ include "common.namespace" . }}:8443
cds:
endpoint: cds-blueprints-processor-grpc
port: 9111
- auth: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw==
+ auth: {{ .Values.cds.auth }}
timeout: 600
camunda:
bpm:
rainyDay:
retryDurationMultiplier: 2
maxRetries: 5
- msoKey: 07a7159d3bf51a0e53be7a8f89699be7
+ msoKey: {{ .Values.mso.key }}
correlation:
timeout: 60
logPath: logs
+ config:
+ cadi: {{ include "cadi.keys" . | nindent 8}}
async:
core-pool-size: 50
max-pool-size: 50
endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/CompleteMsoProcess
requestDb:
endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
- auth: Basic YnBlbDpwYXNzd29yZDEk
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.adapters.requestDb.auth )}}
db:
- auth: A3745B5DBE165EFCF101D85A6FC81C211AB8BF604F8861B6C413D5DC90F8F30E0139DE44B8A342F4EF70AF
- password: wLg4sjrAFUS8rfVfdvTXeQ==
+ auth: {{ .Values.mso.adapters.db.auth }}
+ password: {{ .Values.mso.adapters.db.password }}
endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083/services/RequestsDbAdapter
spring:
endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
db:
endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083/services/RequestsDbAdapter
po:
- auth: A3745B5DBE165EFCF101D85A6FC81C211AB8BF604F8861B6C413D5DC90F8F30E0139DE44B8A342F4EF70AF
+ auth: {{ .Values.mso.adapters.po.auth }}
sdnc:
endpoint: http://so-sdnc-adapter.{{ include "common.namespace" . }}:8086/adapters/SDNCAdapter
rest:
spring:
endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082
db:
- auth: Basic YnBlbDpwYXNzd29yZDEk
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
default:
adapter:
namespace: http://org.onap.mso
endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083/
rollback: 'true'
sdnc:
- password: 1D78CFC35382B6938A989066A7A7EAEF4FE933D2919BABA99EB4763737F39876C333EE5F
+ password: {{ .Values.mso.sdnc.password }}
service:
agnostic:
sniro:
host: http://sniro-emulator:80
site-name: CamundaEngine
sniro:
- auth: test:testpwd
+ auth: {{ .Values.mso.sniro.auth }}
callback: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/adapters/rest/SDNCNotify
- endpoint: http://replaceme:28090/optimizationInstance/V1/create
+ endpoint: {{ .Values.mso.sniro.endpoint }}
timeout: PT30M
oof:
- auth: test:testpwd
+ auth: {{ .Values.mso.oof.auth }}
callbackEndpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage
endpoint: https://oof-osdf.{{ include "common.namespace" . }}:8698/api/oof/v1/placement
timeout: PT30M
vnfm:
adapter:
url: https://so-vnfm-adapter.{{ include "common.namespace" . }}:9092/so/vnfm-adapter/v1/
- auth: Basic dm5mbTpwYXNzd29yZDEk
+ auth: {{ .Values.so.vnfm.adapter.auth }}
org:
onap:
so:
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
secretKeyRef:
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.admin.password
+ {{- if eq .Values.global.security.aaf.enabled true }}
+ - name: TRUSTSTORE
+ value: /app/org.onap.so.trust.jks
+ - name: TRUSTSTORE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: trustStorePassword
+ - name: KEYSTORE
+ value: /app/org.onap.so.jks
+ - name: KEYSTORE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: keyStorePassword
+ {{- end }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
- name: config
mountPath: /app/config
readOnly: true
- livenessProbe:
- httpGet:
- path: {{- index .Values.livenessProbe.path|indent 2}}
- port: {{ index .Values.containerPort }}
- scheme: {{- index .Values.livenessProbe.scheme| indent 2}}
- initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
- periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
- timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}}
- successThreshold: {{ index .Values.livenessProbe.successThreshold}}
- failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
+{{ include "helpers.livenessProbe" .| indent 8 }}
ports:
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
mso:
logPath: logs
site-name: onapheat
+ config:
+ cadi: {{ include "cadi.keys" . | nindent 8}}
catalog:
db:
spring:
endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082
db:
- auth: Basic YnBlbDpwYXNzd29yZDEk
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.db.auth )}}
spring:
datasource:
hikari:
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
secretKeyRef:
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.admin.password
+ {{- if eq .Values.global.security.aaf.enabled true }}
+ - name: TRUSTSTORE
+ value: /app/org.onap.so.trust.jks
+ - name: TRUSTSTORE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: trustStorePassword
+ - name: KEYSTORE
+ value: /app/org.onap.so.jks
+ - name: KEYSTORE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: keyStorePassword
+ {{- end }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
- name: config
mountPath: /app/config
readOnly: true
- livenessProbe:
- httpGet:
- path: {{- index .Values.livenessProbe.path|indent 2}}
- port: {{ index .Values.containerPort }}
- scheme: {{- index .Values.livenessProbe.scheme| indent 2}}
- initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
- periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
- timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}}
- successThreshold: {{ index .Values.livenessProbe.successThreshold}}
- failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
+{{ include "helpers.livenessProbe" .| indent 8 }}
ports:
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
# See the License for the specific language governing permissions and
# limitations under the License.
aai:
- auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.aai.auth )}}
endpoint: https://aai.{{ include "common.namespace" . }}:8443
server:
port: {{ index .Values.containerPort }}
default_keystone_url_version: /v2.0
default_keystone_reg_ex: "/[vV][0-9]"
vnf:
- bpelauth: D1A67FA93B6A6419132D0F83CC771AF774FD3C60853C50C22C8C6FC5088CC79E9E81EDE9EA39F22B2F66A0068E
+ bpelauth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.bpelauth )}}
checkRequiredParameters: true
addGetFilesOnVolumeReq: false
sockettimeout: 30
valet_enabled: false
fail_requests_on_valet_failure: false
network:
- bpelauth: D1A67FA93B6A6419132D0F83CC771AF774FD3C60853C50C22C8C6FC5088CC79E9E81EDE9EA39F22B2F66A0068E
+ bpelauth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.bpelauth )}}
sockettimeout: 5
connecttimeout: 5
retrycount: 5
pollTimeout: 7500
pollInterval: 15
mso:
- auth: BEA8637716A7EB617DF472BA6552D22F68C1CB17B0D094D77DDA562F4ADAAC4457CAB848E1A4
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.encrypted "value2" .Values.mso.auth )}}
logPath: ./logs/openstack
msb-ip: msb-iag.{{ include "common.namespace" . }}
msb-port: 80
workflow:
endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/sobpmnengine
- msoKey: 07a7159d3bf51a0e53be7a8f89699be7
+ msoKey: {{ .Values.mso.msoKey }}
config:
- cadi:
- aafId: poBpmn
+ cadi: {{ include "cadi.keys" . | nindent 8}}
catalog:
db:
spring:
endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082
db:
- auth: Basic YnBlbDpwYXNzd29yZDEk
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.db.auth )}}
site-name: localDevEnv
async:
core-pool-size: 50
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
secretKeyRef:
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.admin.password
+ {{- if eq .Values.global.security.aaf.enabled true }}
+ - name: TRUSTSTORE
+ value: /app/org.onap.so.trust.jks
+ - name: TRUSTSTORE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: trustStorePassword
+ - name: KEYSTORE
+ value: /app/org.onap.so.jks
+ - name: KEYSTORE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: keyStorePassword
+ {{- end }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
- name: config
mountPath: /app/config
readOnly: true
- livenessProbe:
- httpGet:
- path: {{- index .Values.livenessProbe.path|indent 2}}
- port: {{ index .Values.containerPort }}
- scheme: {{- index .Values.livenessProbe.scheme| indent 2}}
- initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
- periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
- timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}}
- successThreshold: {{ index .Values.livenessProbe.successThreshold}}
- failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
+{{ include "helpers.livenessProbe" .| indent 8 }}
ports:
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
mso:
logPath: logs
site-name: localSite
+ config:
+ cadi: {{- include "cadi.keys" . | nindent 8}}
adapters:
requestDb:
- auth: Basic YnBlbDpwYXNzd29yZDEk
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
spring:
datasource:
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
secretKeyRef:
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.admin.password
+ {{- if eq .Values.global.security.aaf.enabled true }}
+ - name: TRUSTSTORE
+ value: /app/org.onap.so.trust.jks
+ - name: TRUSTSTORE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: trustStorePassword
+ - name: KEYSTORE
+ value: /app/org.onap.so.jks
+ - name: KEYSTORE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: keyStorePassword
+ {{- end }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
- name: config
mountPath: /app/config
readOnly: true
- livenessProbe:
- httpGet:
- path: {{- index .Values.livenessProbe.path|indent 2}}
- port: {{ index .Values.containerPort }}
- scheme: {{- index .Values.livenessProbe.scheme| indent 2}}
- initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
- periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
- timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}}
- successThreshold: {{ index .Values.livenessProbe.successThreshold}}
- failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
+{{ include "helpers.livenessProbe" .| indent 8 }}
ports:
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
# See the License for the specific language governing permissions and
# limitations under the License.
aai:
- auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
+ auth: {{.Values.aai.auth}}
server:
port: {{ index .Values.containerPort }}
spring:
pool-name: reqdb-pool
registerMbeans: false
mso:
- msoKey: 07a7159d3bf51a0e53be7a8f89699be7
+ msoKey: {{ index .Values.mso.msoKey }}
logPath: ./logs/sdc
+ config:
+ cadi: {{ include "cadi.keys" . | nindent 8}}
catalog:
db:
spring:
endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082
db:
- auth: Basic YnBlbDpwYXNzd29yZDEk
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.requestDb.auth )}}
site-name: onapheat
camundaURL: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/
adapters:
requestDb:
endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
- auth: Basic YnBlbDpwYXNzd29yZDEk
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.requestDb.auth )}}
aai:
endpoint: https://aai.{{ include "common.namespace" . }}:8443
asdc-connections:
consumerId: SO-COpenSource-Env11
environmentName: AUTO
asdcAddress: sdc-be.{{ include "common.namespace" . }}:8443
- password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F
+ password: {{ index .Values "mso" "asdc-connections" "asdc-controller1" "password" }}
pollingInterval: 60
pollingTimeout: 60
relevantArtifactTypes: HEAT,HEAT_ENV,HEAT_VOL
config:
activity:
endpoint: http://sdc-wfd-be:8080
- key: 566B754875657232314F5548556D3665
+ key: {{ .Values.mso.asdc.config.key }}
components:
count: 3,
componentNames: SO,AAI,SDNC
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
secretKeyRef:
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.admin.password
+ {{- if eq .Values.global.security.aaf.enabled true }}
+ - name: TRUSTSTORE
+ value: /app/org.onap.so.trust.jks
+ - name: TRUSTSTORE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: trustStorePassword
+ - name: KEYSTORE
+ value: /app/org.onap.so.jks
+ - name: KEYSTORE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: keyStorePassword
+ {{- end }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
- name: config
mountPath: /app/config
readOnly: true
- livenessProbe:
- httpGet:
- path: {{- index .Values.livenessProbe.path|indent 2}}
- port: {{ index .Values.containerPort }}
- scheme: {{- index .Values.livenessProbe.scheme| indent 2}}
- initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
- periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
- timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}}
- successThreshold: {{ index .Values.livenessProbe.successThreshold}}
- failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
+{{ include "helpers.livenessProbe" .| indent 8 }}
ports:
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
max-pool-size: 50
queue-capacity: 500
logPath: ./logs/sdnc
+ config:
+ cadi: {{ include "cadi.keys" . | nindent 14}}
catalog:
db:
spring:
endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082
db:
- auth: Basic YnBlbDpwYXNzd29yZDEk
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
site-name: onapheat
org:
onap:
changedelete: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf
delete: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf
rollback: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf
- bpelauth: 4C18603C5AE7E3A42A6CED95CDF9C0BA9B2109B3725747662E5D34E5FDF63DA9ADEBB08185098F14699195FDE9475100
+ bpelauth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.sdnc.bpelauth )}}
bpelurl: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/SDNCAdapterCallbackService
generic-resource:
network-topology-operation:
myurl: http://so-sdnc-adapter.{{ include "common.namespace" . }}:8086/adapters/rest/SDNCNotify
rest:
bpelurl: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage
- sdncauth: ED07A7EE5F099FA53369C3DF2240AD68A00154676EEDBC6F8C16BAA83B1912941B8941ABD48683D2C1072DA7040659692DE936A59BBF42A038CF71DE67B4A375190071EC76EA657801B033C135
+ sdncauth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.sdnc.sdncauth )}}
sdncconnecttime: 5000
sdncurl10: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/GENERIC-RESOURCE-API:'
sdncurl11: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/VNFTOPOLOGYAIC-API:'
'':
query: GET|60000|sdncurl12|
network:
- encryptionKey: 07a7159d3bf51a0e53be7a8f89699be7
+ encryptionKey: {{ index .Values.org.onap.so.adapters.sdnc.network.encryptionKey }}
spring:
security:
usercredentials:
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
secretKeyRef:
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.admin.password
+ {{- if eq .Values.global.security.aaf.enabled true }}
+ - name: TRUSTSTORE
+ value: /app/org.onap.so.trust.jks
+ - name: TRUSTSTORE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: trustStorePassword
+ - name: KEYSTORE
+ value: /app/org.onap.so.jks
+ - name: KEYSTORE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: keyStorePassword
+ {{- end }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
- name: config
mountPath: /app/config
readOnly: true
- livenessProbe:
- httpGet:
- path: {{- index .Values.livenessProbe.path|indent 2}}
- port: {{ index .Values.containerPort }}
- scheme: {{- index .Values.livenessProbe.scheme| indent 2}}
- initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
- periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
- timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}}
- successThreshold: {{ index .Values.livenessProbe.successThreshold}}
- failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
+{{ include "helpers.livenessProbe" .| indent 8 }}
ports:
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
+# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-
apiVersion: v1
-description: ONAP Postgres Server
-name: pgpool
+description: A Helm chart for so secrets
+name: so-secrets
version: 5.0.0
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-
apiVersion: v1
-kind: ConfigMap
+kind: Secret
metadata:
- name: {{ include "common.fullname" . }}-pgpool-configmap
+ name: {{ .Release.Name }}-so-client-certs-secret
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
+ release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
data:
-{{ tpl (.Files.Glob "configs/*").AsConfig . | indent 2 }}
+ trustStorePassword: {{ .Values.global.client.certs.trustStorePassword }}
+ keyStorePassword: {{ .Values.global.client.certs.keyStorePassword}}
+type: Opaque
mso:
site-name: localSite
logPath: ./logs/vfc
+ config:
+ cadi: {{ include "cadi.keys" . | nindent 8}}
msb-ip: msb-iag.{{ include "common.namespace" . }}
msb-port: 80
adapters:
requestDb:
endpoint: https://so-request-db-adapter.{{ include "common.namespace" . }}:8083
- auth: Basic YnBlbDpwYXNzd29yZDEk
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
#Actuator
management:
security:
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
secretKeyRef:
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.admin.password
+ {{- if eq .Values.global.security.aaf.enabled true }}
+ - name: TRUSTSTORE
+ value: /app/org.onap.so.trust.jks
+ - name: TRUSTSTORE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: trustStorePassword
+ - name: KEYSTORE
+ value: /app/org.onap.so.jks
+ - name: KEYSTORE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: keyStorePassword
+ {{- end }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
# See the License for the specific language governing permissions and
# limitations under the License.
aai:
- auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}}
version: v15
endpoint: https://aai.{{ include "common.namespace" . }}:8443
spring:
trust-store: classpath:org.onap.so.trust.jks
trust-store-password: ',sx#.C*W)]wVgJC6ccFHI#:H'
mso:
- key: 07a7159d3bf51a0e53be7a8f89699be7
+ key: {{ .Values.mso.key }}
site-name: localSite
logPath: ./logs/vnfm-adapter
+ config:
+ cadi: {{ include "cadi.keys" . | nindent 8}}
msb-ip: msb-iag.{{ include "common.namespace" . }}
msb-port: 80
sdc:
- username: mso
- password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F
- key: 566B754875657232314F5548556D3665
+ username: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.username "value2" .Values.sdc.username )}}
+ password: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.password "value2" .Values.sdc.password )}}
+ key: {{ .Values.sdc.key }}
endpoint: https://sdc-be.{{ include "common.namespace" . }}:8443
vnfmadapter:
endpoint: https://so-vnfm-adapter.{{ include "common.namespace" . }}:9092
-# Copyright © 2019 Nordix Foundation
+# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
image: {{ include "common.repository" . }}/{{ .Values.image }}
resources:
{{ include "common.resources" . | indent 12 }}
+ {{- if eq .Values.global.security.aaf.enabled true }}
+ env:
+ - name: TRUSTSTORE
+ value: /app/org.onap.so.trust.jks
+ - name: TRUSTSTORE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: trustStorePassword
+ - name: KEYSTORE
+ value: /app/org.onap.so.jks
+ - name: KEYSTORE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: keyStorePassword
+ {{- end }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
max-threads: 50
ssl-enable: false
mso:
- msoKey: 07a7159d3bf51a0e53be7a8f89699be7
- logPath: logs
- site-name: onapheat
+ msoKey: {{ .Values.global.app.msoKey }}
+ logPath: ./logs/apih
+ site-name: {{ index .Values.global.app.siteName }}
adapters:
requestDb:
endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
- auth: Basic YnBlbDpwYXNzd29yZDEk
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
catalog:
db:
spring:
endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082
db:
- auth: Basic YnBlbDpwYXNzd29yZDEk
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
config:
path: /src/main/resources/
+ cadi: {{ include "cadi.keys" . | nindent 10}}
infra:
default:
alacarte:
default:
testApi: GR_API
camundaURL: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/
- camundaAuth: AE2E9BE6EF9249085AF98689C4EE087736A5500629A72F35068FFB88813A023581DD6E765071F1C04075B36EA4213A
+ camundaAuth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.camundaAuth )}}
async:
core-pool-size: 50
max-pool-size: 50
queue-capacity: 500
sdc:
client:
- auth: 878785F4F31BC9CFA5AB52A172008212D8845ED2DE08AD5E56AF114720A4E49768B8F95CDA2EB971765D28EDCDAA24
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.sdc.client.auth )}}
activate:
instanceid: test
userid: cs0008
count: 3
aai:
endpoint: https://aai.{{ include "common.namespace" . }}:8443
- auth: 6E081E10B1CA43A843E303733A74D9B23B601A6E22A21C7EF2C7F15A42F81A1A4E85E65268C2661F71321052C7F3E55B96A8E1E951F8BF6F
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.aai.auth )}}
+
extApi:
endpoint: http://nbi.onap:8080/nbi/api/v3
so:
username: testuser
password: VjR5NDcxSzA=
host: http://dmaap-bc.{{ include "common.namespace" . }}:8080
- auth: 51EA5414022D7BE536E7516C4D1A6361416921849B72C0D6FC1C7F262FD9F2BBC2AD124190A332D9845A188AD80955567A4F975C84C221EEA8243BFD92FFE6896CDD1EA16ADD34E1E3D47D4A
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.so.operationalEnv.dmaap.auth )}}
publisher:
topic: com.att.ecomp.mso.operationalEnvironmentEvent
health:
- auth: Basic bXNvX2FkbWlufHBhc3N3b3JkMSQ=
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.health.auth )}}
endpoints:
- subsystem: apih
uri: http://so-bpmn-infra:8081
- subsystem: catalogdb
uri: http://so-catalog-db-adapter:8082
-
spring:
datasource:
hikari:
cloud-owner: CloudOwner
adapters:
network:
- encryptionKey: 07a7159d3bf51a0e53be7a8f89699be7
+ encryptionKey: {{ .Values.global.app.msoKey }}
--- /dev/null
+{{- define "cadi.keys" -}}
+cadiLoglevel: DEBUG
+cadiKeyFile: /org.onap.so.keyfile
+cadiTrustStore: /app/org.onap.so.trust.jks
+cadiTruststorePassword: {{ .Values.global.app.cadi.cadiTruststorePassword }}
+cadiLatitude: {{ .Values.global.app.cadi.cadiLatitude }}
+cadiLongitude: {{ .Values.global.app.cadi.cadiLongitude }}
+aafEnv: {{ .Values.global.app.cadi.aafEnv }}
+aafApiVersion: 2.0
+aafRootNs: {{ .Values.global.app.cadi.aafRootNs }}
+aafId: {{ .Values.mso.config.cadi.aafId }}
+aafPassword: {{ .Values.mso.config.cadi.aafPassword }}
+aafLocateUrl: {{ .Values.global.app.cadi.aafLocateUrl }}
+aafUrl: {{ .Values.global.app.cadi.aafUrl }}
+apiEnforcement: {{ .Values.mso.config.cadi.apiEnforcement }}
+{{- if (.Values.global.app.cadi.noAuthn) }}
+noAuthn: {{ .Values.mso.config.cadi.noAuthn }}
+{{- end }}
+{{- end }}
--- /dev/null
+{{- define "helpers.livenessProbe" -}}
+livenessProbe:
+ httpGet:
+ path: {{- index .Values.livenessProbe.path|indent 2}}
+ port: {{ index .Values.containerPort }}
+ scheme: {{- index .Values.livenessProbe.scheme| indent 2}}
+ {{- if eq .Values.global.security.aaf.enabled true }}
+ httpHeaders:
+ - name: Authorization
+ value: {{ index .Values.global.aaf.auth.header }}
+ {{- end }}
+ initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
+ periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
+ timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}}
+ successThreshold: {{ index .Values.livenessProbe.successThreshold}}
+ failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
+{{- end -}}
--- /dev/null
+{{- define "helpers.profileProperty" -}}
+ {{ if eq .condition true }}{{.value1}}{{else}}{{.value2}} {{ end }}
+{{- end -}}
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
secretKeyRef:
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.admin.password
+ {{- if eq .Values.global.security.aaf.enabled true }}
+ - name: TRUSTSTORE
+ value: /app/org.onap.so.trust.jks
+ - name: TRUSTSTORE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: trustStorePassword
+ - name: KEYSTORE
+ value: /app/org.onap.so.jks
+ - name: KEYSTORE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: keyStorePassword
+ {{- end }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
- name: config
mountPath: /app/config
readOnly: true
- livenessProbe:
- httpGet:
- path: {{- index .Values.livenessProbe.path|indent 2}}
- port: {{ index .Values.containerPort }}
- scheme: {{- index .Values.livenessProbe.scheme| indent 2}}
- initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
- periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
- timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}}
- successThreshold: {{ index .Values.livenessProbe.successThreshold}}
- failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
+{{ include "helpers.livenessProbe" .| indent 8 }}
ports:
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
dbUser: root
dbPassword: secretpassword
msbEnabled: true
-
+ security:
+ aaf:
+ enabled: false
+ aaf:
+ auth:
+ header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
+ encrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
+ app:
+ siteName: onapheat
+ auth: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
+ defaultCloudOwner: onap
+ cadi:
+ cadiLoglevel: DEBUG
+ cadiKeyFile: /app/org.onap.so.keyfile
+ cadiTrustStore: /app/org.onap.so.trust.jks
+ cadiTruststorePassword: enc:MFpuxKeYK6Eo6QXjDUjtOBbp0FthY7SB4mKSIJm_RWC
+ cadiLatitude: 38.4329
+ cadiLongitude: -90.43248
+ aafEnv: IST
+ aafApiVersion: 2.1
+ aafRootNs: org.onap.so
+ aafLocateUrl: https://aaf-locate.onap:8095
+ aafUrl: https://aaf-locate.onap:8095/locate/org.osaaf.aaf.service:2.1
+ msoKey: 07a7159d3bf51a0e53be7a8f89699be7
+ client:
+ certs:
+ trustStorePassword: b25hcDRzbw==
+ keyStorePassword: c280b25hcA==
#################################################################
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
image: onap/so/api-handler-infra:1.5.3
pullPolicy: Always
-
replicaCount: 1
minReadySeconds: 10
containerPort: 8080
port: 8080
config:
ssl: "none"
+
+mso:
+ adapters:
+ requestDb:
+ auth: Basic YnBlbDpwYXNzd29yZDEk
+ config:
+ cadi:
+ aafId: so@so.onap.org
+ aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
+ apiEnforcement: org.onap.so.apihPerm
+ noAuthn: /manage/health
+ camundaAuth: AE2E9BE6EF9249085AF98689C4EE087736A5500629A72F35068FFB88813A023581DD6E765071F1C04075B36EA4213A
+ sdc:
+ client:
+ auth: 878785F4F31BC9CFA5AB52A172008212D8845ED2DE08AD5E56AF114720A4E49768B8F95CDA2EB971765D28EDCDAA24
+ aai:
+ auth: 6E081E10B1CA43A843E303733A74D9B23B601A6E22A21C7EF2C7F15A42F81A1A4E85E65268C2661F71321052C7F3E55B96A8E1E951F8BF6F
+ so:
+ operationalEnv:
+ dmaap:
+ auth: 51EA5414022D7BE536E7516C4D1A6361416921849B72C0D6FC1C7F262FD9F2BBC2AD124190A332D9845A188AD80955567A4F975C84C221EEA8243BFD92FFE6896CDD1EA16ADD34E1E3D47D4A
+ health:
+ auth: basic bXNvX2FkbWlufHBhc3N3b3JkMSQ=
+so-bpmn-infra:
+ cds:
+ auth: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw==
+ aai:
+ auth: 221187EFA3AD4E33600DE0488F287099934CE65C3D0697BCECC00BB58E784E07CD74A24581DC31DBC086FF63DF116378776E9BE3D1325885
+ mso:
+ key: 07a7159d3bf51a0e53be7a8f89699be7
+ adapters:
+ requestDb:
+ auth: Basic YnBlbDpwYXNzd29yZDEk
+ db:
+ auth: A3745B5DBE165EFCF101D85A6FC81C211AB8BF604F8861B6C413D5DC90F8F30E0139DE44B8A342F4EF70AF
+ password: wLg4sjrAFUS8rfVfdvTXeQ==
+ po:
+ auth: A3745B5DBE165EFCF101D85A6FC81C211AB8BF604F8861B6C413D5DC90F8F30E0139DE44B8A342F4EF70AF
+ config:
+ cadi:
+ aafId: so@so.onap.org
+ aaafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
+ apiEnforcement: org.onap.so.bpmnPerm
+ noAuthn: /manage/health
+ sdnc:
+ password: 1D78CFC35382B6938A989066A7A7EAEF4FE933D2919BABA99EB4763737F39876C333EE5F
+ sniro:
+ auth: test:testpwd
+ endpoint: http://replaceme:28090/optimizationInstance/V1/create
+ oof:
+ auth: test:testpwd
+ so:
+ vnfm:
+ adapter:
+ auth: Basic dm5mbTpwYXNzd29yZDEk
+so-catalog-db-adapter:
+ mso:
+ config:
+ cadi:
+ aafId: so@so.onap.org
+ aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
+ apiEnforcement: org.onap.so.catalogDbAdapterPerm
+ noAuthn: /manage/health
+ adapters:
+ db:
+ auth: Basic YnBlbDpwYXNzd29yZDEk
+so-openstack-adapter:
+ aaf:
+ auth:
+ encrypted: 7F182B0C05D58A23A1C4966B9CDC9E0B8BC5CD53BC8C7B4083D869F8D53E9BDC3EFD55C94B1D3F
+ aai:
+ auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
+ org:
+ onap:
+ so:
+ adapters:
+ bpelauth: D1A67FA93B6A6419132D0F83CC771AF774FD3C60853C50C22C8C6FC5088CC79E9E81EDE9EA39F22B2F66A0068E
+ valet:
+ basic_auth: bXNvOkphY2tkYXdzIGxvdmUgbXkgYmlnIHNwaGlueCBvZiBxdWFydHouCg==
+ mso:
+ msoKey: 07a7159d3bf51a0e53be7a8f89699be7
+ auth: BEA8637716A7EB617DF472BA6552D22F68C1CB17B0D094D77DDA562F4ADAAC4457CAB848E1A4
+ config:
+ cadi:
+ aafId: so@so.onap.org
+ aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
+ apiEnforcement: org.onap.so.openStackAdapterPerm
+ noAuthn: /manage/health
+ db:
+ auth: Basic YnBlbDpwYXNzd29yZDEk
+so-request-db-adapter:
+ mso:
+ config:
+ cadi:
+ aafId: so@so.onap.org
+ aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
+ apiEnforcement: org.onap.so.requestDbAdapterPerm
+ noAuthn: /manage/health
+ adapters:
+ requestDb:
+ auth: Basic YnBlbDpwYXNzd29yZDEk
+so-sdc-controller:
+ aai:
+ auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
+ mso:
+ msoKey: 07a7159d3bf51a0e53be7a8f89699be7
+ config:
+ cadi:
+ aafId: so@so.onap.org
+ aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
+ apiEnforcement: org.onap.so.sdcControllerPerm
+ noAuthn: /manage/health
+ asdc:
+ config:
+ key: 566B754875657232314F5548556D3665
+ requestDb:
+ auth: Basic YnBlbDpwYXNzd29yZDEk
+ asdc-connections:
+ asdc-controller1:
+ password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F
+so-sdnc-adapter:
+ org:
+ onap:
+ so:
+ adapters:
+ sdnc:
+ bpelauth: 4C18603C5AE7E3A42A6CED95CDF9C0BA9B2109B3725747662E5D34E5FDF63DA9ADEBB08185098F14699195FDE9475100
+ sdncauth: ED07A7EE5F099FA53369C3DF2240AD68A00154676EEDBC6F8C16BAA83B1912941B8941ABD48683D2C1072DA7040659692DE936A59BBF42A038CF71DE67B4A375190071EC76EA657801B033C135
+ network:
+ encryptionKey: 07a7159d3bf51a0e53be7a8f89699be7
+ mso:
+ config:
+ cadi:
+ aafId: so@so.onap.org
+ aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
+ apiEnforcement: org.onap.so.sdncAdapterPerm
+ noAuthn: /manage/health
+ adapters:
+ requestDb:
+ auth: Basic YnBlbDpwYXNzd29yZDEk
+ rest:
+ aafEncrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
+so-vfc-adapter:
+ mso:
+ config:
+ cadi:
+ aafId: so@so.onap.org
+ aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
+ apiEnforcement: org.onap.so.vfcAdapterPerm
+ noAuthn: /manage/health
+ adapters:
+ requestDb:
+ auth: Basic YnBlbDpwYXNzd29yZDEk
+so-vnfm-adapter:
+ aaf:
+ auth:
+ username: so@so.onap.org
+ password: 8DB1C939BFC6A35C3832D0E52E452D0E05AE2537AF142CECD125FF827C05A972FDD0F4700547DA
+ aai:
+ auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
+ sdc:
+ username: mso
+ password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F
+ key: 566B754875657232314F5548556D3665
+ mso:
+ key: 07a7159d3bf51a0e53be7a8f89699be7
+ config:
+ cadi:
+ aafId: so@so.onap.org
+ aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
+ apiEnforcement: org.onap.so.vnfmAdapterPerm
+ noAuthn: /manage/health
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
+ - name: MSB_PROTO
+ value: "{{ .Values.global.config.msbprotocol }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.global.config.ssl_enabled }}"
- name: MSB_ADDR
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: MYSQL_ADDR
"url": "/api/catalog/v1",
"protocol": "REST",
"port": "{{.Values.service.externalPort}}",
+ "enable_ssl": {{ .Values.global.config.ssl_enabled }},
"visualRange":"1"
}
]'
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
+ - name: MSB_PROTO
+ value: "{{ .Values.global.config.msbprotocol }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.global.config.ssl_enabled }}"
- name: MSB_ADDR
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: VES_ADDR
"url": "/api/emsdriver/v1",
"protocol": "REST",
"port": "{{.Values.service.externalPort}}",
+ "enable_ssl": {{ .Values.global.config.ssl_enabled }},
"visualRange":"1"
}
]'
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
+ - name: MSB_PROTO
+ value: "{{ .Values.global.config.msbprotocol }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.global.config.ssl_enabled }}"
- name: MSB_ADDR
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
volumeMounts:
"url": "/api/gvnfmdriver/v1",
"protocol": "REST",
"port": "{{.Values.service.externalPort}}",
+ "enable_ssl": {{ .Values.global.config.ssl_enabled }},
"visualRange":"1"
}
]'
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
+ - name: MSB_PROTO
+ value: "{{ .Values.global.config.msbprotocol }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.global.config.ssl_enabled }}"
- name: MSB_ADDR
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
volumeMounts:
"url": "/api/huaweivnfmdriver/v1",
"protocol": "REST",
"port": "{{.Values.service.externalPort}}",
+ "enable_ssl": {{ .Values.global.config.ssl_enabled }},
"visualRange":"1"
}
]'
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
+ - name: MSB_PROTO
+ value: "{{ .Values.global.config.msbprotocol }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.global.config.ssl_enabled }}"
- name: MSB_ADDR
value: "{{ .Values.global.config.msbServiceName}}:{{ .Values.global.config.msbPort }}"
volumeMounts:
"url": "/api/jujuvnfmdriver/v1",
"protocol": "REST",
"port": "{{.Values.service.externalPort}}",
+ "enable_ssl": {{ .Values.global.config.ssl_enabled }},
"visualRange":"1"
}
]'
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
+ - name: MSB_PROTO
+ value: "{{ .Values.global.config.msbprotocol }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.global.config.ssl_enabled }}"
- name: MSB_ADDR
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
resources:
"url": "/api/multivimproxy/v1",
"protocol": "REST",
"port": "{{.Values.service.externalPort}}",
+ "enable_ssl": {{ .Values.global.config.ssl_enabled }},
"visualRange":"1"
}
]'
env:
- name: EXTERNAL_PORT
value: "8089"
+ - name: MSB_PROTO
+ value: "{{ .Values.global.config.msbprotocol }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.global.config.ssl_enabled }}"
- name: MSB_ADDR
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
resources:
"url": "/api/NokiaSVNFM/v1",
"protocol": "REST",
"port": "{{.Values.service.externalPort}}",
+ "enable_ssl": {{ .Values.global.config.ssl_enabled }},
"visualRange":"1"
}
]'
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
+ - name: MSB_PROTO
+ value: "{{ .Values.global.config.msbprotocol }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.global.config.ssl_enabled }}"
- name: MSB_ADDR
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: MYSQL_ADDR
"url": "/api/nslcm/v1",
"protocol": "REST",
"port": "{{.Values.service.externalPort}}",
+ "enable_ssl": {{ .Values.global.config.ssl_enabled }},
"visualRange":"1"
}
]'
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
+ - name: MSB_PROTO
+ value: "{{ .Values.global.config.msbprotocol }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.global.config.ssl_enabled }}"
- name: MSB_ADDR
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
volumeMounts:
"url": "/api/resmgr/v1",
"protocol": "REST",
"port": "{{.Values.service.externalPort}}",
+ "enable_ssl": {{ .Values.global.config.ssl_enabled }},
"visualRange":"1"
}
]'
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
+ - name: MSB_PROTO
+ value: "{{ .Values.global.config.msbprotocol }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.global.config.ssl_enabled }}"
- name: MSB_ADDR
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: MYSQL_ADDR
"url": "/api/vnflcm/v1",
"protocol": "REST",
"port": "{{.Values.service.externalPort}}",
+ "enable_ssl": {{ .Values.global.config.ssl_enabled }},
"visualRange":"1"
}
]'
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
+ - name: MSB_PROTO
+ value: "{{ .Values.global.config.msbprotocol }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.global.config.ssl_enabled }}"
- name: MSB_ADDR
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: MYSQL_ADDR
"url": "/api/vnfmgr/v1",
"protocol": "REST",
"port": "{{.Values.service.externalPort}}",
+ "enable_ssl": {{ .Values.global.config.ssl_enabled }},
"visualRange":"1"
}
]'
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
+ - name: MSB_PROTO
+ value: "{{ .Values.global.config.msbprotocol }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.global.config.ssl_enabled }}"
- name: MSB_ADDR
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: MYSQL_ADDR
"url": "/api/vnfres/v1",
"protocol": "REST",
"port": "{{.Values.service.externalPort}}",
+ "enable_ssl": {{ .Values.global.config.ssl_enabled }},
"visualRange":"1"
}
]'
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
+ - name: MSB_PROTO
+ value: "{{ .Values.global.config.msbprotocol }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.global.config.ssl_enabled }}"
- name: SERVICE_IP
valueFrom:
fieldRef:
"url": "/activiti-rest",
"protocol": "REST",
"port": "{{.Values.service.externalPort}}",
+ "enable_ssl": {{ .Values.global.config.ssl_enabled }},
"visualRange":"1"
}
]'
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
+ - name: MSB_PROTO
+ value: "{{ .Values.global.config.msbprotocol }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.global.config.ssl_enabled }}"
- name: SERVICE_IP
valueFrom:
fieldRef:
"url": "/api/workflow/v1",
"protocol": "REST",
"port": "{{.Values.service.externalPort}}",
+ "enable_ssl": {{ .Values.global.config.ssl_enabled }},
"visualRange":"1"
}
]'
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
+ - name: MSB_PROTO
+ value: "{{ .Values.global.config.msbprotocol }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.global.config.ssl_enabled }}"
- name: MSB_ADDR
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
resources:
"url": "/api/ztesdncdriver/v1",
"protocol": "REST",
"port": "{{.Values.service.externalPort}}",
+ "enable_ssl": {{ .Values.global.config.ssl_enabled }},
"visualRange":"1"
}
]'
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
+ - name: MSB_PROTO
+ value: "{{ .Values.global.config.msbprotocol }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.global.config.ssl_enabled }}"
- name: MSB_ADDR
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
volumeMounts:
"url": "/api/ztevnfmdriver/v1",
"protocol": "REST",
"port": "{{ .Values.service.externalPort }}",
+ "enable_ssl": {{ .Values.global.config.ssl_enabled }},
"visualRange":"1"
}
]'
global:
config:
+ ssl_enabled: false
+ msbprotocol: https
msbServiceName: msb-iag
- msbPort: 80
+ msbPort: 443
dbServiceName: vfc-db
dbPort: 3306
dbUser: root
mariadbRootPassword: secretpassword
redisServiceName: vfc-redis
redisPort: 6379
- reg_to_msb_when_start: True
+ reg_to_msb_when_start: False
persistence:
mountPath: /dockerdata-nfs
# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- name: VID_MYSQL_DBNAME
value: {{ index .Values "mariadb-galera" "config" "mysqlDatabase" }}
- name: VID_MYSQL_USER
- value: {{ index .Values "mariadb-galera" "config" "userName" }}
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "vid-db-user-secret" "key" "login") | indent 14 }}
- name: VID_MYSQL_PASS
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}-db
- key: db-user-password
- #valueFrom:
- # secretKeyRef: {name: {{ include "common.fullname" . }}, key: vid-password}
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "vid-db-user-secret" "key" "password") | indent 14 }}
- name: VID_MYSQL_MAXCONNECTIONS
value: "{{ .Values.config.vidmysqlmaxconnections }}"
volumeMounts:
# Copyright © 2018 Amdocs, Bell Canada
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- /dbcmd-config/db_cmd.sh
env:
- name: MYSQL_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}-db
- key: db-user-password
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "vid-db-user-secret" "key" "password") | indent 10 }}
- name: MYSQL_HOST
value: {{ index .Values "mariadb-galera" "service" "name" }}
- name: MYSQL_USER
- value: {{ index .Values "mariadb-galera" "config" "userName" }}
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "vid-db-user-secret" "key" "login") | indent 10 }}
- name: MYSQL_PORT
value: "{{ index .Values "mariadb-galera" "service" "internalPort" }}"
restartPolicy: Never
# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
- vid-password: {{ .Values.config.vidmysqlpassword | b64enc | quote }}
+{{ include "common.secret" . }}
---
apiVersion: v1
kind: Secret
type: Opaque
data:
{{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-db
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
-type: Opaque
-data:
- db-user-password: {{ index .Values "mariadb-galera" "config" "userPassword" | b64enc | quote }}
- db-root-password: {{ index .Values "mariadb-galera" "config" "mariadbRootPassword" | b64enc | quote }}
# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: vid-db-user-secret
+ name: '{{ include "common.release" . }}-vid-db-user-secret'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.db.userName }}'
+ password: '{{ .Values.config.db.userPassword }}'
+
subChartsOnly:
enabled: true
# application configuration
config:
- vidmysqlpassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+ db:
+ userName: vidadmin
+# userCredentialsExternalSecret: some secret
+# userPassword: password
vidkeystorepassword: '\^7w\!f+aR\{EJcTRsDuA7x\,+c\!'
asdcclientrestauth: "Basic dmlkOktwOGJKNFNYc3pNMFdYbGhhazNlSGxjc2UyZ0F3ODR2YW9HR21KdlV5MlU="
asdcclientrestport: "8443"
mariadb-galera:
config:
- userName: vidadmin
- userPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
- mariadbRootPassword: kjgsdhjqhawxvnbpoiawsfgjsqhsgjhjhdqihhjqdvcbxkjchizpw
+ userCredentialsExternalSecret: '{{ include "common.release" . }}-vid-db-user-secret'
mysqlDatabase: vid_openecomp_epsdk
nameOverride: vid-galera
service:
pgPrimaryPassword: postgres
pgUserPassword: postgres
pgRootPassword: postgres
- pgpool:
- nameOverride: vnfsdk-pgpool
- service:
- name: vnfsdk-pgpool
- credentials:
- pgusername: postgres
- pgpassword: postgres
- container:
- name:
- primary: pgpool-primary
- replica: pgpool-replica
# flag to enable debugging - application support required
debugEnabled: false
Code Review / oom.git / commitdiff