aaf@aaf.osaaf.org|aaf-hello|local|/opt/app/osaaf/local||mailto:|org.osaaf.aaf|root|30|{'aaf-hello', 'aaf-hello.api.simpledemo.onap.org', 'aaf-hello.onap', 'aaf.osaaf.org'}|aaf_admin@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
aaf@aaf.osaaf.org|aaf|local|/opt/app/osaaf/local||mailto:|org.osaaf.aaf|root|30|{'aaf', 'aaf.api.simpledemo.onap.org', 'aaf.onap'}|aaf_admin@osaaf.org|{'pkcs12', 'script'}
aaf-sms@aaf-sms.onap.org|aaf-sms|local|/opt/app/osaaf/local||mailto:|org.onap.aaf-sms|root|30|{'aaf-sms-db.onap', 'aaf-sms.api.simpledemo.onap.org', 'aaf-sms.onap', 'aaf-sms.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'pkcs12', 'file'}
-aai@aai.onap.org|aai1|local|/opt/app/osaaf/local||mailto:|org.onap.aai|root|30|{'aai-sparky-be.onap', 'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'pkcs12'}
-aai@aai.onap.org|aai2|aaf|/Users/jf2512||mailto:|org.onap.aai|jf2512|60|{'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.onap aai-sparky-be.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org aai1.onap'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
-aai@aai.onap.org|aai|local|/opt/app/osaaf/local||mailto:|org.onap.aai|root|60|{'aai-search-data.onap', 'aai-sparky-be.onap', 'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12'}
-aai@aai.onap.org|aai.onap|local|/opt/app/osaaf/local||mailto:|org.onap.aai|root|30|{'aai-sparky-be.onap', 'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'file', 'jks', 'pkcs12'}
-aai@aai.onap.org|mithrilcsp.sbc.com|local|/tmp/onap||mailto:|org.onap.aai|jg1555|30|{'aai-sparky-be.onap', 'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'file', 'pkcs12', 'script'}
+aai@aai.onap.org|aai1|local|/opt/app/osaaf/local||mailto:|org.onap.aai|root|30|{'aai-babel.onap', 'aai-babel', 'aai-modelloader.onap', 'aai-modelloader', 'aai-sparky-be.onap', 'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'pkcs12'}
+aai@aai.onap.org|aai2|aaf|/Users/jf2512||mailto:|org.onap.aai|jf2512|60|{'aai-babel.onap', 'aai-babel', 'aai-modelloader.onap', 'aai-modelloader', 'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.onap aai-sparky-be.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org aai1.onap'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
+aai@aai.onap.org|aai|local|/opt/app/osaaf/local||mailto:|org.onap.aai|root|60|{'aai-babel.onap', 'aai-babel', 'aai-graphadmin', 'aai-graphadmin.onap', 'aai-modelloader.onap', 'aai-modelloader', 'aai-search-data.onap', 'aai-sparky-be.onap', 'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12'}
+aai@aai.onap.org|aai.onap|local|/opt/app/osaaf/local||mailto:|org.onap.aai|root|30|{'aai-babel.onap', 'aai-babel', 'aai-modelloader.onap', 'aai-modelloader', 'aai-sparky-be.onap', 'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'file', 'jks', 'pkcs12'}
+aai@aai.onap.org|mithrilcsp.sbc.com|local|/tmp/onap||mailto:|org.onap.aai|jg1555|30|{'aai-babel.onap', 'aai-babel', 'aai-modelloader.onap', 'aai-modelloader', 'aai-sparky-be.onap', 'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'file', 'pkcs12', 'script'}
aai-resources@aai-resources.onap.org|aai-resources|local|/opt/app/osaaf/local||mailto:|org.onap.aai-resources|root|30|{'aai-resources', 'aai-resources.onap'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12'}
+aai-schema-service@aai-schema-service.onap.org|aai-schema-service|local|/opt/app/osaaf/local||mailto:|org.onap.aai-schema-service|root|30|{'aai-schema-service', 'aai-schema-service.onap'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12'}
aai-traversal@aai-traversal.onap.org|aai-traversal|local|/opt/app/osaaf/local||mailto:|org.onap.aai-traversal|root|30|{'aai-traversal', 'aai-traversal.onap'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12'}
appc@appc.onap.org|appc|local|/opt/app/osaaf/local||mailto:|org.onap.appc|root|60|{'appc.api.simpledemo.onap.org', 'appc.onap', 'appc.simpledemo.onap.org'}|mmanager@osaaf.org|{'pkcs12'}
appc-cdt@appc-cdt.onap.org|appc-cdt|local|/opt/app/osaaf/local||mailto:|org.onap.appc-cdt|root|30|{'appc-cdt', 'appc-cdt.api.simpledemo.onap.org', 'appc-cdt.onap'}|mmanager@osaaf.org|{'file', 'pkcs12', 'script'}
clamp@clamp.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.clamp|53344||
aai@aai.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.aai|53344||
aai-resources@aai-resources.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.aai-resources|53344||
+aai-schema-service@aai-schema-service.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.aai-schema-service|53344||
aai-traversal@aai-traversal.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.aai-traversal|53344||
appc@appc.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.appc|53344||
appc-cdt@appc-cdt.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.appc-cdt|53344||
org.onap.aaf-sms||org.onap||3
org.onap.aai||org.onap||3
org.onap.aai-resources||org.onap||3
+org.onap.aai-schema-service||org.onap||3
org.onap.aai-traversal||org.onap||3
org.onap.appc||org.onap||3
org.onap.appc-cdt||org.onap||3
org.onap.aai-resources|access|*|*|AAF Namespace Write Access|"{'org.onap.aai-resources|admin', 'org.onap.aai-resources|service'}"
org.onap.aai-resources|access|*|read|AAF Namespace Read Access|"{'org.onap.aai-resources|owner'}"
org.onap.aai-resources|certman|local|request,ignoreIPs,showpass||"{'org.osaaf.aaf|deploy'}"
+org.onap.aai-schema-service|access|*|*|AAF Namespace Write Access|"{'org.onap.aai-schema-service|admin', 'org.onap.aai-schema-service|service'}"
+org.onap.aai-schema-service|access|*|read|AAF Namespace Read Access|"{'org.onap.aai-schema-service|owner'}"
+org.onap.aai-schema-service|certman|local|request,ignoreIPs,showpass||"{'org.osaaf.aaf|deploy'}"
org.onap.aai-traversal|access|*|*|AAF Namespace Write Access|"{'org.onap.aai-traversal|admin', 'org.onap.aai-traversal|service'}"
org.onap.aai-traversal|access|*|read|AAF Namespace Read Access|"{'org.onap.aai-traversal|owner'}"
org.onap.aai-traversal|certman|local|request,ignoreIPs,showpass||"{'org.osaaf.aaf|deploy'}"
org.onap.aai|traversal_basic|traversal_basic|"{'org.onap.aai|traversal|*|basic'}"
org.onap.aai-resources|admin|AAF Namespace Administrators|"{'org.onap.aai-resources|access|*|*'}"
org.onap.aai-resources|owner|AAF Namespace Owners|"{'org.onap.aai-resources|access|*|read'}"
-org.onap.aai-resources|service||"{'org.onapaai-resources|access|*|*'}"
+org.onap.aai-resources|service||"{'org.onap.aai-resources|access|*|*'}"
+org.onap.aai-schema-service|admin|AAF Namespace Administrators|"{'org.onap.aai-schema-service|access|*|*'}"
+org.onap.aai-schema-service|owner|AAF Namespace Owners|"{'org.onap.aai-schema-service|access|*|read'}"
+org.onap.aai-schema-service|service||"{'org.onap.aai-schema-service|access|*|*'}"
org.onap.aai-traversal|admin|AAF Namespace Administrators|"{'org.onap.aai-traversal|access|*|*'}"
org.onap.aai-traversal|owner|AAF Namespace Owners|"{'org.onap.aai-traversal|access|*|read'}"
-org.onap.aai-traversal|service||"{'org.onapaai-traversal|access|*|*'}"
+org.onap.aai-traversal|service||"{'org.onap.aai-traversal|access|*|*'}"
org.onap|admin|Onap Admins|"{'org.onap.access|*|*'}"
org.onap.appc|admin|AAF Namespace Administrators|"{'org.onap.appc|access|*|*'}"
org.onap.appc|apidoc||"{'org.onap.appc|apidoc|/apidoc/.*|ALL'}"
org.openecomp.dmaapBC|owner|AAF Owners|"{'org.openecomp.dmaapBC.access|*|read'}"
org.openecomp|owner|OpenEcomp Owners|"{'org.openecomp.access|*|read'}"
org.osaaf.aaf|admin|AAF Admins|"{'org.osaaf.aaf.access|*|*', 'org.osaaf.aaf|cache|all|clear', 'org.osaaf.aaf|cache|role|clear', 'org.osaaf.aaf|password|*|create,reset'}"
-org.osaaf.aaf|deploy|ONAP Deployment Role|"{'org.onap.a1p|certman|local|request,ignoreIPs,showpass', 'org.onap.aaf-sms|certman|local|request,ignoreIPs,showpass', 'org.onap.aai|certman|local|request,ignoreIPs,showpass', 'org.onap.aai-resources|certman|local|request,ignoreIPs,showpass', 'org.onap.aai-traversal|certman|local|request,ignoreIPs,showpass', 'org.onap.appc|certman|local|request,ignoreIPs,showpass', 'org.onap.appc-cdt|certman|local|request,ignoreIPs,showpass', 'org.onap.clamp|certman|local|request,ignoreIPs,showpass', 'org.onap.cli|certman|local|request,ignoreIPs,showpass', 'org.onap.dcae|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc-mm-prov|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc-topic-mgr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-dr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-mr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap.mr|certman|local|request,ignoreIPs,showpass', 'org.onap.holmes-engine-mgmt|certman|local|request,ignoreIPs,showpass', 'org.onap.holmes-rule-mgmt|certman|local|request,ignoreIPs,showpass', 'org.onap.msb-eag|certman|local|request,ignoreIPs,showpass', 'org.onap.msb-iag|certman|local|request,ignoreIPs,showpass', 'org.onap.music|certman|local|request,ignoreIPs,showpass', 'org.onap.nbi|certman|local|request,ignoreIPs,showpass', 'org.onap.oof|certman|local|request,ignoreIPs,showpass', 'org.onap.policy|certman|local|request,ignoreIPs,showpass', 'org.onap.pomba|certman|local|request,ignoreIPs,showpass', 'org.onap.portal|certman|local|request,ignoreIPs,showpass', 'org.onap.refrepo|certman|local|request,ignoreIPs,showpass', 'org.onap.sdc|certman|local|request,ignoreIPs,showpass', 'org.onap.sdnc-cds|certman|local|request,ignoreIPs,showpass', 'org.onap.sdnc|certman|local|request,ignoreIPs,showpass', 'org.onap.so|certman|local|request,ignoreIPs,showpass', 'org.onap.vfc|certman|local|request,ignoreIPs,showpass', 'org.onap.vid1|certman|local|request,ignoreIPs,showpass', 'org.onap.vid2|certman|local|request,ignoreIPs,showpass', 'org.onap.vid|certman|local|request,ignoreIPs,showpass', 'org.onap.uui|certman|local|request,ignoreIPs,showpass', 'org.osaaf.aaf|certman|local|request,ignoreIPs,showpass'}"
+org.osaaf.aaf|deploy|ONAP Deployment Role|"{'org.onap.a1p|certman|local|request,ignoreIPs,showpass', 'org.onap.aaf-sms|certman|local|request,ignoreIPs,showpass', 'org.onap.aai|certman|local|request,ignoreIPs,showpass', 'org.onap.aai-resources|certman|local|request,ignoreIPs,showpass', 'org.onap.aai-schema-service|certman|local|request,ignoreIPs,showpass', 'org.onap.aai-traversal|certman|local|request,ignoreIPs,showpass', 'org.onap.appc|certman|local|request,ignoreIPs,showpass', 'org.onap.appc-cdt|certman|local|request,ignoreIPs,showpass', 'org.onap.clamp|certman|local|request,ignoreIPs,showpass', 'org.onap.cli|certman|local|request,ignoreIPs,showpass', 'org.onap.dcae|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc-mm-prov|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc-topic-mgr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-dr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-mr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap.mr|certman|local|request,ignoreIPs,showpass', 'org.onap.holmes-engine-mgmt|certman|local|request,ignoreIPs,showpass', 'org.onap.holmes-rule-mgmt|certman|local|request,ignoreIPs,showpass', 'org.onap.msb-eag|certman|local|request,ignoreIPs,showpass', 'org.onap.msb-iag|certman|local|request,ignoreIPs,showpass', 'org.onap.music|certman|local|request,ignoreIPs,showpass', 'org.onap.nbi|certman|local|request,ignoreIPs,showpass', 'org.onap.oof|certman|local|request,ignoreIPs,showpass', 'org.onap.policy|certman|local|request,ignoreIPs,showpass', 'org.onap.pomba|certman|local|request,ignoreIPs,showpass', 'org.onap.portal|certman|local|request,ignoreIPs,showpass', 'org.onap.refrepo|certman|local|request,ignoreIPs,showpass', 'org.onap.sdc|certman|local|request,ignoreIPs,showpass', 'org.onap.sdnc-cds|certman|local|request,ignoreIPs,showpass', 'org.onap.sdnc|certman|local|request,ignoreIPs,showpass', 'org.onap.so|certman|local|request,ignoreIPs,showpass', 'org.onap.vfc|certman|local|request,ignoreIPs,showpass', 'org.onap.vid1|certman|local|request,ignoreIPs,showpass', 'org.onap.vid2|certman|local|request,ignoreIPs,showpass', 'org.onap.vid|certman|local|request,ignoreIPs,showpass', 'org.onap.uui|certman|local|request,ignoreIPs,showpass', 'org.osaaf.aaf|certman|local|request,ignoreIPs,showpass'}"
org.osaaf.aaf|owner|AAF Owners|"{'org.osaaf.aaf.access|*|read,approve'}"
org.osaaf.aaf|service||"{'org.osaaf.aaf|cache|*|clear'}"
org.osaaf|admin|OSAAF Admins|"{'org.osaaf.access|*|*'}"
mmanager@people.osaaf.org|org.onap.aai.owner|2020-11-26 12:31:54.000+0000|org.onap.aai|owner
mmanager@people.osaaf.org|org.onap.aai-resources.admin|2020-11-26 12:31:54.000+0000|org.onap.aai-resources|admin
mmanager@people.osaaf.org|org.onap.aai-resources.owner|2020-11-26 12:31:54.000+0000|org.onap.aai-resources|owner
+mmanager@people.osaaf.org|org.onap.aai-schema-service.admin|2020-11-26 12:31:54.000+0000|org.onap.aai-schema-service|admin
+mmanager@people.osaaf.org|org.onap.aai-schema-service.owner|2020-11-26 12:31:54.000+0000|org.onap.aai-schema-service|owner
mmanager@people.osaaf.org|org.onap.aai-traversal.admin|2020-11-26 12:31:54.000+0000|org.onap.aai-traversal|admin
mmanager@people.osaaf.org|org.onap.aai-traversal.owner|2020-11-26 12:31:54.000+0000|org.onap.aai-traversal|owner
mmanager@people.osaaf.org|org.onap.admin|2020-11-26 12:31:54.000+0000|org.onap|admin
aaf_admin@people.osaaf.org|org.onap.aaf-sms.admin|2020-11-26 12:31:54.000+0000|org.onap.aaf-sms|admin
aaf_admin@people.osaaf.org|org.onap.aai.admin|2020-11-26 12:31:54.000+0000|org.onap.aai|admin
aaf_admin@people.osaaf.org|org.onap.aai-resources.admin|2020-11-26 12:31:54.000+0000|org.onap.aai-resources|admin
+aaf_admin@people.osaaf.org|org.onap.aai-schema-service.admin|2020-11-26 12:31:54.000+0000|org.onap.aai-schema-service|admin
aaf_admin@people.osaaf.org|org.onap.aai-traversal.admin|2020-11-26 12:31:54.000+0000|org.onap.aai-traversal|admin
aaf_admin@people.osaaf.org|org.onap.appc.admin|2020-11-26 12:31:54.000+0000|org.onap.appc|admin
aaf_admin@people.osaaf.org|org.onap.appc.apidoc|2020-11-26 12:31:54.000+0000|org.onap.appc|apidoc
aai@aai.onap.org|org.onap.aai.resources_all|2020-11-26 12:31:54.000+0000|org.onap.aai|resources_all
aai@aai.onap.org|org.onap.aai.traversal_advanced|2020-11-26 12:31:54.000+0000|org.onap.aai|traversal_advanced
aai-resources@aai-resources.onap.org|org.onap.aai-resources.service|2020-11-26 12:31:54.000+0000|org.onap.aai-resources|service
+aai-schema-service@aai-schema-service.onap.org|org.onap.aai-schema-service.service|2020-11-26 12:31:54.000+0000|org.onap.aai-schema-service|service
aai-traversal@aai-traversal.onap.org|org.onap.aai-traversal.service|2020-11-26 12:31:54.000+0000|org.onap.aai-traversal|service
appc@appc.onap.org|org.onap.aai.resources_all|2020-11-26 12:31:54.000+0000|org.onap.aai|resources_all
appc@appc.onap.org|org.onap.aai.traversal_advanced|2020-11-26 12:31:54.000+0000|org.onap.aai|traversal_advanced
clamp|ONAP CLAMP Application|CLAMP|Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
aai|ONAP AAI Application|AAI|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
aai-resources|ONAP AAI Resources Application|AAI Resources|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
+aai-schema-service|ONAP AAI Schema Service Application|AAI Schema Service|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
aai-traversal|ONAP AAI Traversal Application|AAI Resources|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
appc|ONAP APPC Application|APPC|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
appc-cdt|ONAP APPC CDT Application|APPC|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
+ - name: certInitializer
+ version: ~9.x-0
+ repository: '@local'
- name: repositoryGenerator
version: ~9.x-0
repository: '@local'
+{{/*
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Copyright © 2021 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
server.port=9516
{{ if ( include "common.needTLS" .) }}
-server.ssl.key-store=${CONFIG_HOME}/auth/tomcat_keystore
+server.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
+server.ssl.key-store-password=${KEYSTORE_PASSWORD}
+server.ssl.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
+server.ssl.trust-store-password=${TRUSTSTORE_PASSWORD}
server.ssl.client-auth=need
+server.ssl.key-store-type=PKCS12
{{ else }}
security.require-ssl=false
server.ssl.enabled=false
{{ end }}
+spring.main.allow-bean-definition-overriding=true
server.servlet.context-path=/services/babel-service
-
logging.config=${CONFIG_HOME}/logback.xml
-
tosca.mappings.config=${CONFIG_HOME}/tosca-mappings.json
<?xml version="1.0" encoding="UTF-8"?>
<!--
# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright © 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
<property name="auditLogName" value="audit" />
<property name="debugLogName" value="debug" />
- <property name="errorLogPattern"
- value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{RequestId}|%thread|%mdc{ServiceName}|%mdc{PartnerName}|%mdc{TargetEntity}|%mdc{TargetServiceName}|%.-5level|%logger|%mdc{ClassName}|%msg%n" />
+ <property name="errorLogPattern" value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{RequestId}|%thread|%mdc{ServiceName}|%mdc{PartnerName}|%mdc{TargetEntity}|%mdc{TargetServiceName}|%.-5level|%logger|%mdc{ClassName}|%msg%n" />
- <property name="auditLogPattern"
- value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{BeginTimestamp}|%mdc{EndTimestamp}|%mdc{RequestId}|%mdc{ServiceInstanceId}|%thread|%mdc{ServerFQDN}|%mdc{ServiceName}|%mdc{PartnerName}|%mdc{StatusCode}|%mdc{ResponseCode}|%mdc{ResponseDescription}|%logger|%.-5level|||%mdc{ElapsedTime}|%mdc{RemoteHost}|%mdc{ClientAddress}|%mdc{ClassName}|||%msg%n" />
+ <property name="auditLogPattern" value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{BeginTimestamp}|%mdc{EndTimestamp}|%mdc{RequestId}|%mdc{ServiceInstanceId}|%thread|%mdc{ServerFQDN}|%mdc{ServiceName}|%mdc{PartnerName}|%mdc{StatusCode}|%mdc{ResponseCode}|%mdc{ResponseDescription}|%logger|%.-5level|||%mdc{ElapsedTime}|%mdc{RemoteHost}|%mdc{ClientAddress}|%mdc{ClassName}|||%msg%n" />
- <property name="metricsLogPattern"
- value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{BeginTimestamp}|%mdc{EndTimestamp}|%mdc{RequestId}|%mdc{ServiceInstanceId}|%thread|%mdc{ServerFQDN}|%mdc{ServiceName}|%mdc{PartnerName}|%mdc{TargetEntity}|%mdc{TargetServiceName}|%mdc{StatusCode}|%mdc{ResponseCode}|%mdc{ResponseDescription}|%logger|%.-5level|||%mdc{ElapsedTime}|%mdc{RemoteHost}|%mdc{ClientAddress}|%mdc{ClassName}|||%msg%n" />
+ <property name="metricsLogPattern" value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{BeginTimestamp}|%mdc{EndTimestamp}|%mdc{RequestId}|%mdc{ServiceInstanceId}|%thread|%mdc{ServerFQDN}|%mdc{ServiceName}|%mdc{PartnerName}|%mdc{TargetEntity}|%mdc{TargetServiceName}|%mdc{StatusCode}|%mdc{ResponseCode}|%mdc{ResponseDescription}|%logger|%.-5level|||%mdc{ElapsedTime}|%mdc{RemoteHost}|%mdc{ClientAddress}|%mdc{ClassName}|||%msg%n" />
<!-- ============================================================================ -->
<!-- EELF Appenders -->
<!-- ============================================================================ -->
- <appender name="EELF"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <appender name="EELF" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${generalLogName}.log</file>
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.log.zip
- </fileNamePattern>
+ <fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.log.zip</fileNamePattern>
<maxHistory>60</maxHistory>
</rollingPolicy>
<encoder>
are specializations of the EELF application root logger and appender. This can be used to segregate Policy engine events
from other components, or it can be eliminated to record these events as part of the application root log. -->
- <appender name="EELFAudit"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <appender name="EELFAudit" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${auditLogName}.log</file>
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.log.zip
- </fileNamePattern>
+ <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.log.zip</fileNamePattern>
<maxHistory>60</maxHistory>
</rollingPolicy>
<encoder>
<appender-ref ref="EELFAudit" />
</appender>
- <appender name="EELFMetrics"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <appender name="EELFMetrics" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${metricsLogName}.log</file>
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.log.zip
- </fileNamePattern>
+ <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.log.zip</fileNamePattern>
<maxHistory>60</maxHistory>
</rollingPolicy>
<encoder>
<appender-ref ref="EELFMetrics" />
</appender>
- <appender name="EELFDebug"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>
- ${logDirectory}/${debugLogName}.log
- </file>
+ <appender name="EELFDebug" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${debugLogName}.log</file>
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.log.zip
- </fileNamePattern>
+ <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.log.zip</fileNamePattern>
<maxHistory>60</maxHistory>
</rollingPolicy>
<encoder>
<!-- allow only events with a level below INFO, that is TRACE and DEBUG -->
<filter class="ch.qos.logback.core.filter.EvaluatorFilter">
<evaluator class="ch.qos.logback.classic.boolex.GEventEvaluator">
- <expression>
- e.level.toInt() < INFO.toInt()
- </expression>
+ <expression>e.level.toInt() < INFO.toInt()</expression>
</evaluator>
<OnMismatch>DENY</OnMismatch>
<OnMatch>NEUTRAL</OnMatch>
<includeCallerData>false</includeCallerData>
</appender>
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <pattern>${errorLogPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="AsyncSysOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="STDOUT" />
+ </appender>
+
<!-- ============================================================================ -->
<!-- Default / root appenders -->
<!-- This determines the logging level for 3rd party code -->
<root level="INFO">
<appender-ref ref="asyncEELF" />
- <appender-ref ref="asyncEELFDebug" />
-</root>
+ <appender-ref ref="asyncEELFDebug" />
+ <appender-ref ref="AsyncSysOut" />
+ </root>
<!-- ============================================================================ -->
<!-- EELF loggers -->
<!-- ============================================================================ -->
<logger name="com.att.eelf" level="INFO" additivity="false">
- <appender-ref ref="asyncEELF" />
-</logger>
+ <appender-ref ref="asyncEELF" />
+ <appender-ref ref="AsyncSysOut" />
+ </logger>
<!-- The level of this logger determines the contents of the debug log -->
<logger name="com.att.eelf.debug" level="INFO" additivity="false">
- <appender-ref ref="asyncEELFDebug" />
-</logger>
+ <appender-ref ref="asyncEELFDebug" />
+ <appender-ref ref="AsyncSysOut" />
+ </logger>
<logger name="com.att.eelf.audit" level="INFO" additivity="false">
- <appender-ref ref="asyncEELFAudit" />
-</logger>
+ <appender-ref ref="asyncEELFAudit" />
+ <appender-ref ref="AsyncSysOut" />
+ </logger>
<logger name="com.att.eelf.metrics" level="INFO" additivity="false">
- <appender-ref ref="asyncEELFMetrics" />
-</logger>
+ <appender-ref ref="asyncEELFMetrics" />
+ <appender-ref ref="AsyncSysOut" />
+ </logger>
<!-- ============================================================================ -->
<!-- Non-EELF loggers -->
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
+ initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- if .Values.global.aafEnabled }}
+ command:
+ - sh
+ args:
+ - -c
+ - |
+ echo "*** retrieve Truststore and Keystore password"
+ export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ echo "*** actual launch of AAI Babel"
+ /bin/bash /opt/app/babel/bin/start.sh
+ {{- end }}
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
env:
- name: CONFIG_HOME
value: /opt/app/babel/config
- - name: KEY_STORE_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}-pass
- key: KEY_STORE_PASSWORD
- - name: KEY_MANAGER_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}-pass
- key: KEY_MANAGER_PASSWORD
- volumeMounts:
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
+ - mountPath: /opt/app/babel/config/application.properties
+ name: config
+ subPath: application.properties
- mountPath: /opt/app/babel/config/artifact-generator.properties
- name: {{ include "common.fullname" . }}-config
+ name: config
subPath: artifact-generator.properties
- mountPath: /opt/app/babel/config/tosca-mappings.json
- name: {{ include "common.fullname" . }}-config
+ name: config
subPath: tosca-mappings.json
- mountPath: /opt/app/babel/config/babel-auth.properties
- name: {{ include "common.fullname" . }}-config
+ name: config
subPath: babel-auth.properties
- mountPath: /opt/app/babel/config/auth
- name: {{ include "common.fullname" . }}-secrets
+ name: secrets
- mountPath: {{ .Values.log.path }}
name: logs
- mountPath: /opt/app/babel/config/logback.xml
- name: {{ include "common.fullname" . }}-config
+ name: config
subPath: logback.xml
resources:
{{ include "common.resources" . }}
# side car containers
{{ include "common.log.sidecar" . | nindent 8 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes:
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
- - name: {{ include "common.fullname" . }}-config
+ - name: config
configMap:
name: {{ include "common.fullname" . }}-configmap
- items:
- - key: artifact-generator.properties
- path: artifact-generator.properties
- - key: tosca-mappings.json
- path: tosca-mappings.json
- - key: babel-auth.properties
- path: babel-auth.properties
- - key: logback.xml
- path: logback.xml
- - name: {{ include "common.fullname" . }}-secrets
+ - name: secrets
secret:
secretName: {{ include "common.fullname" . }}-babel-secrets
- name: logs
type: Opaque
data:
{{ tpl (.Files.Glob "resources/config/auth/*").AsSecrets . | indent 2 }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-pass
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
- KEY_STORE_PASSWORD: {{ .Values.config.keyStorePassword | b64enc | quote }}
- KEY_MANAGER_PASSWORD: {{ .Values.config.keyManagerPassword | b64enc | quote }}
#################################################################
global: {}
+#################################################################
+# Certificate configuration
+#################################################################
+certInitializer:
+ nameOverride: aai-babel-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: aai
+ fqi: aai@aai.onap.org
+ public_fqdn: aai.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ fqi_namespace: org.onap.aai
+ aaf_add_config: |
+ echo "*** changing them into shell safe ones"
+ export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
+ export TRUSTSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
+ cd {{ .Values.credsPath }}
+ keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \
+ -storepass "${cadi_keystore_password_p12}" \
+ -keystore {{ .Values.fqi_namespace }}.p12
+ keytool -storepasswd -new "${TRUSTSTORE_PASSWORD}" \
+ -storepass "${cadi_truststore_password}" \
+ -keystore {{ .Values.fqi_namespace }}.trust.jks
+ echo "*** writing passwords into prop file"
+ echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > {{ .Values.credsPath }}/mycreds.prop
+ echo "KEY_STORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.credsPath }}/mycreds.prop
+ echo "KEY_MANAGER_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.credsPath }}/mycreds.prop
+ echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.credsPath }}/mycreds.prop
+ echo "*** change ownership of certificates to targeted user"
+ chown -R 1000 {{ .Values.credsPath }}
+
#################################################################
# Application configuration defaults.
#################################################################
flavor: small
flavorOverride: small
-# application configuration
-config:
- keyStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
- keyManagerPassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
-
# default number of instances
replicaCount: 1
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
+ - name: certInitializer
+ version: ~9.x-0
+ repository: '@local'
- name: repositoryGenerator
version: ~9.x-0
repository: '@local'
# org.onap.aai
# ================================================================================
# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
+# Modifications Copyright © 2021 Orange
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
{{ end }}
{{ if ( include "common.needTLS" .) }}
-aai.truststore.filename={{ .Values.global.config.truststore.filename }}
-aai.truststore.passwd.x={{ .Values.global.config.truststore.passwd }}
-aai.keystore.filename={{ .Values.global.config.keystore.filename }}
-aai.keystore.passwd.x={{ .Values.global.config.keystore.passwd }}
+aai.truststore.filename={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
+aai.truststore.passwd.x=${TRUSTSTORE_PASSWORD}
+aai.keystore.filename={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
+aai.keystore.passwd.x=${KEYSTORE_PASSWORD}
{{ end }}
aai.notification.current.version={{ .Values.global.config.schema.version.api.default }}
# org.onap.aai
# ================================================================================
# Copyright � 2018 AT&T Intellectual Property. All rights reserved.
+# Modifications Copyright © 2021 Orange
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# If you get an application startup failure that the port is already taken
# If thats not it, please check if the key-store file path makes sense
-server.local.startpath=aai-graphadmin/src/main/resources/
+server.local.startpath=/opt/app/aai-graphadmin/resources/
server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties
server.port=8449
{{ if ( include "common.needTLS" .) }}
server.ssl.enabled-protocols=TLSv1.1,TLSv1.2
-server.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }}
-server.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }})
-server.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.truststore.filename }}
-server.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }})
+server.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.jks
+server.ssl.key-store-password=password(${KEYSTORE_JKS_PASSWORD})
+server.ssl.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
+server.ssl.trust-store-password=password(${TRUSTSTORE_PASSWORD})
server.ssl.client-auth=want
server.ssl.key-store-type=JKS
{{ else }}
schema.service.client={{ (eq "true" (include "common.needTLS" .)) | ternary .Values.global.config.schema.service.client "no-auth" }}
{{ if ( include "common.needTLS" .) }}
-schema.service.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }}
-schema.service.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.truststore.filename }}
-schema.service.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }})
-schema.service.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }})
+schema.service.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.jks
+schema.service.ssl.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
+schema.service.ssl.key-store-password=password(${KEYSTORE_JKS_PASSWORD})
+schema.service.ssl.trust-store-password=password(${TRUSTSTORE_PASSWORD})
{{ end }}
aperture.rdbmsname=aai_relational
aperture.service.base.url=http://localhost:8457/aai/aperture
{{ if ( include "common.needTLS" .) }}
-aperture.service.ssl.key-store=${server.local.startpath}etc/auth/{{ .Values.global.config.keystore.filename }}
-aperture.service.ssl.trust-store=${server.local.startpath}etc/auth/{{ .Values.global.config.truststore.filename }}
-aperture.service.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }})
-aperture.service.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }})
+aperture.service.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.jks
+aperture.service.ssl.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
+aperture.service.ssl.key-store-password=password(${KEYSTORE_JKS_PASSWORD})
+aperture.service.ssl.trust-store-password=password(${TRUSTSTORE_PASSWORD})
{{ end }}
aperture.service.timeout-in-milliseconds=300000
<!-- logback jms appenders & loggers definition ends here -->
<logger name="org.onap.aai.aaf" level="DEBUG" additivity="false">
<appender-ref ref="asyncAUTH"/>
+ <appender-ref ref="STDOUT"/>
</logger>
<logger name="org.onap.aai.aailog.filter.RestClientLoggingInterceptor" level="INFO">
<appender-ref ref="asyncMETRIC"/>
+ <appender-ref ref="STDOUT"/>
</logger>
<logger name="org.onap.logging.filter.base.AbstractMetricLogFilter" level="INFO">
<appender-ref ref="asyncMETRIC"/>
+ <appender-ref ref="STDOUT"/>
</logger>
<logger name="org.onap.aai.aailog.logs.AaiScheduledTaskAuditLog" level="INFO">
<appender-ref ref="asyncAUDIT"/>
+ <appender-ref ref="STDOUT"/>
</logger>
<logger name="org.onap.logging.filter.base.AbstractAuditLogFilter" level="INFO">
<appender-ref ref="asyncAUDIT"/>
+ <appender-ref ref="STDOUT"/>
</logger>
<logger name="org.onap.aai.aailog.logs.AaiDBMetricLog" level="INFO">
<appender-ref ref="asyncMETRIC"/>
+ <appender-ref ref="STDOUT"/>
</logger>
<logger name="org.onap.aai.logging.ErrorLogHelper" level="WARN">
<appender-ref ref="asyncERROR"/>
+ <appender-ref ref="STDOUT"/>
</logger>
<logger name="org.onap.aai.interceptors.post" level="DEBUG" additivity="false">
<appender-ref ref="asynctranslog"/>
+ <appender-ref ref="STDOUT"/>
</logger>
<logger name="org.onap.aai.dmaap" level="DEBUG" additivity="false">
<appender-ref ref="dmaapAAIEventConsumer"/>
<appender-ref ref="dmaapAAIEventConsumerDebug"/>
<appender-ref ref="dmaapAAIEventConsumerMetric"/>
+ <appender-ref ref="STDOUT"/>
</logger>
<logger name="org.onap.aai.datasnapshot" level="DEBUG" additivity="false">
<appender-ref ref="dataSnapshot"/>
<appender-ref ref="asyncDEBUG"/>
<appender-ref ref="asyncERROR"/>
<appender-ref ref="asyncMETRIC"/>
+ <appender-ref ref="STDOUT"/>
</logger>
<root level="DEBUG">
<appender-ref ref="external"/>
# org.onap.aai
# ================================================================================
# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
+# Modifications Copyright © 2021 Orange
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: v1
kind: ConfigMap
metadata:
- name: {{ include "common.fullname" . }}-configmap
+ name: {{ include "common.fullname" . }}
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
{{ tpl (.Files.Glob "resources/config/localhost-access-logback.xml").AsConfig . | indent 2 }}
{{ tpl (.Files.Glob "resources/config/janusgraph-realtime.properties").AsConfig . | indent 2 }}
{{ tpl (.Files.Glob "resources/config/janusgraph-cached.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/realm.properties").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-properties
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+ {{- if .Values.global.jobs.migration.enabled }}
+ annotations:
+ "helm.sh/hook": pre-upgrade,pre-install
+ "helm.sh/hook-weight": "0"
+ "helm.sh/hook-delete-policy": before-hook-creation
+ {{- end }}
+data:
{{ tpl (.Files.Glob "resources/config/aaiconfig.properties").AsConfig . | indent 2 }}
{{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }}
-{{ tpl (.Files.Glob "resources/config/realm.properties").AsConfig . | indent 2 }}
-
{{- if .Values.global.jobs.migration.enabled }}
---
apiVersion: v1
kind: ConfigMap
metadata:
- name: {{ include "common.fullname" . }}-migration-configmap
+ name: {{ include "common.fullname" . }}-migration
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
# ================================================================================
# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
# Copyright (c) 2020 Nokia Intellectual Property. All rights reserved.
-# Copyright (c) 2020 Orange Intellectual Property. All rights reserved.
+# Copyright (c) 2020-2021 Orange Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
hostname: aai-graphadmin
terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }}
{{ if .Values.global.initContainers.enabled }}
- initContainers:
+ initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
+ {{- if .Values.global.aafEnabled }}
+ - command:
+ - sh
+ args:
+ - -c
+ - |
+ echo "*** retrieve Truststore and Keystore password"
+ export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0)
+ echo "*** obfuscate them "
+ export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
+ export KEYSTORE_JKS_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
+ export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
+ echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
+ echo "KEYSTORE_JKS_PASSWORD=${KEYSTORE_JKS_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
+ echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
+ image: {{ include "repositoryGenerator.image.jetty" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-obfuscate
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
+ securityContext:
+ runAsUser: {{ .Values.securityContext.user_id }}
+ - command:
+ - sh
+ args:
+ - -c
+ - |
+ echo "*** Set obfuscated Truststore and Keystore password into configuration file"
+ export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0)
+ cd /config-input
+ for PFILE in `ls -1`
+ do
+ envsubst <${PFILE} >/config/${PFILE}
+ done
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
+ - mountPath: /config-input
+ name: properties-input
+ - mountPath: /config
+ name: properties
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+ {{- end }}
- command:
{{ if .Values.global.jobs.migration.enabled }}
- /app/ready.py
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
- name: LOCAL_USER_ID
- value: {{ .Values.global.config.userId | quote }}
+ value: {{ .Values.securityContext.user_id | quote }}
- name: LOCAL_GROUP_ID
- value: {{ .Values.global.config.groupId | quote }}
+ value: {{ .Values.securityContext.group_id | quote }}
- name: INTERNAL_PORT_1
value: {{ .Values.service.internalPort | quote }}
- name: INTERNAL_PORT_2
value: {{ .Values.service.internalPort2 | quote }}
- volumeMounts:
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
- mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties
- name: {{ include "common.fullname" . }}-config
+ name: config
subPath: janusgraph-realtime.properties
- mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-cached.properties
- name: {{ include "common.fullname" . }}-config
+ name: config
subPath: janusgraph-cached.properties
- mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties
- name: {{ include "common.fullname" . }}-config
+ name: properties
subPath: aaiconfig.properties
- mountPath: /opt/aai/logroot/AAI-RES
name: logs
- mountPath: /opt/app/aai-graphadmin/resources/logback.xml
- name: {{ include "common.fullname" . }}-config
+ name: config
subPath: logback.xml
- mountPath: /opt/app/aai-graphadmin/resources/localhost-access-logback.xml
- name: {{ include "common.fullname" . }}-config
+ name: config
subPath: localhost-access-logback.xml
- mountPath: /opt/app/aai-graphadmin/resources/etc/auth/realm.properties
- name: {{ include "common.fullname" . }}-config
+ name: config
subPath: realm.properties
- mountPath: /opt/app/aai-graphadmin/resources/application.properties
- name: {{ include "common.fullname" . }}-config
+ name: properties
subPath: application.properties
- {{ $global := . }}
- {{ range $job := .Values.global.config.auth.files }}
- - mountPath: /opt/app/aai-graphadmin/resources/etc/auth/{{ . }}
- name: {{ include "common.fullname" $global }}-auth-truststore-sec
- subPath: {{ . }}
- {{ end }}
ports:
- containerPort: {{ .Values.service.internalPort }}
- containerPort: {{ .Values.service.internalPort2 }}
# side car containers
{{ include "common.log.sidecar" . | nindent 6 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes:
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: localtime
hostPath:
path: /etc/localtime
- name: logs
emptyDir: {}
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
- - name: {{ include "common.fullname" . }}-config
+ - name: config
+ configMap:
+ name: {{ include "common.fullname" . }}
+ - name: properties-input
configMap:
- name: {{ include "common.fullname" . }}-configmap
- - name: {{ include "common.fullname" . }}-auth-truststore-sec
- secret:
- secretName: aai-common-truststore
- items:
- {{ range $job := .Values.global.config.auth.files }}
- - key: {{ . }}
- path: {{ . }}
- {{ end }}
+ name: {{ include "common.fullname" . }}-properties
+ - name: properties
+ emptyDir:
+ medium: Memory
restartPolicy: {{ .Values.restartPolicy }}
imagePullSecrets:
- name: {{ include "common.namespace" . }}-docker-registry-key
# ================================================================================
# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
# Copyright (c) 2020 Nokia Intellectual Property. All rights reserved.
-# Copyright (c) 2020 Orange Intellectual Property. All rights reserved.
+# Copyright (c) 2020-2021 Orange Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
release: {{ include "common.release" . }}
name: {{ include "common.name" . }}
spec:
+ initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
+ {{- if .Values.global.aafEnabled }}
+ - command:
+ - sh
+ args:
+ - -c
+ - |
+ echo "*** retrieve Truststore and Keystore password"
+ export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0)
+ echo "*** obfuscate them "
+ export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
+ export KEYSTORE_JKS_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
+ export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
+ echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
+ echo "KEYSTORE_JKS_PASSWORD=${KEYSTORE_JKS_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
+ echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
+ image: {{ include "repositoryGenerator.image.jetty" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-obfuscate
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
+ securityContext:
+ runAsUser: {{ .Values.securityContext.user_id }}
+ - command:
+ - sh
+ args:
+ - -c
+ - |
+ echo "*** Set obfuscated Truststore and Keystore password into configuration file"
+ export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0)
+ cd /config-input
+ for PFILE in `ls -1`
+ do
+ envsubst <${PFILE} >/config/${PFILE}
+ done
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
+ - mountPath: /config-input
+ name: properties-input
+ - mountPath: /config
+ name: properties
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+ {{- end }}
{{ if eq .Values.global.jobs.migration.remoteCassandra.enabled false }}
- initContainers:
- command:
- /bin/bash
- -c
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /bin/bash
+ - sh
+ args:
- -c
- |
- bash docker-entrypoint.sh dataSnapshot.sh ;
+ bash docker-entrypoint.sh dataSnapshot.sh
{{- include "common.serviceMesh.killSidecar" . | indent 11 | trim }}
env:
- name: LOCAL_USER_ID
- value: {{ .Values.global.config.userId | quote }}
+ value: {{ .Values.securityContext.user_id | quote }}
- name: LOCAL_GROUP_ID
- value: {{ .Values.global.config.groupId | quote }}
- volumeMounts:
+ value: {{ .Values.securityContext.group_id | quote }}
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
- mountPath: /opt/app/aai-graphadmin/logs/data/dataSnapshots
- name: {{ include "common.fullname" . }}-snapshots
+ name: snapshots
- mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties
- name: {{ include "common.fullname" . }}-migration
+ name: migration
subPath: janusgraph-migration-real.properties
- mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-cached.properties
- name: {{ include "common.fullname" . }}-migration
+ name: migration
subPath: janusgraph-migration-cached.properties
- mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties
- name: {{ include "common.fullname" . }}-config
+ name: properties
subPath: aaiconfig.properties
- mountPath: /opt/aai/logroot/AAI-RES/
- name: {{ include "common.fullname" . }}-logs
+ name: logs
- mountPath: /opt/app/aai-graphadmin/resources/logback.xml
- name: {{ include "common.fullname" . }}-config
+ name: config
subPath: logback.xml
- mountPath: /opt/app/aai-graphadmin/resources/localhost-access-logback.xml
- name: {{ include "common.fullname" . }}-config
+ name: config
subPath: localhost-access-logback.xml
- mountPath: /opt/app/aai-graphadmin/resources/application.properties
- name: {{ include "common.fullname" . }}-config
+ name: properties
subPath: application.properties
- resources:
-{{ include "common.resources" . | indent 10 }}
+ resources: {{ include "common.resources" . | nindent 10 }}
{{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 8 }}
- {{- end -}}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
+ {{- end }}
{{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 8 }}
+ affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
- volumes:
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: localtime
hostPath:
path: /etc/localtime
- - name: {{ include "common.fullname" . }}-logs
+ - name: logs
emptyDir: {}
- - name: {{ include "common.fullname" . }}-config
+ - name: config
+ configMap:
+ name: {{ include "common.fullname" . }}
+ - name: properties-input
configMap:
- name: {{ include "common.fullname" . }}-configmap
- - name: {{ include "common.fullname" . }}-migration
+ name: {{ include "common.fullname" . }}-properties
+ - name: properties
+ emptyDir:
+ medium: Memory
+ - name: migration
configMap:
- name: {{ include "common.fullname" . }}-migration-configmap
- - name: {{ include "common.fullname" . }}-snapshots
+ name: {{ include "common.fullname" . }}-migration
+ - name: snapshots
persistentVolumeClaim:
claimName: {{ include "common.fullname" . }}-migration
restartPolicy: Never
# ================================================================================
# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
# Copyright (c) 2020 Nokia Intellectual Property. All rights reserved.
-# Copyright (c) 2020 Orange Intellectual Property. All rights reserved.
+# Copyright (c) 2020-2021 Orange Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
release: {{ include "common.release" . }}
name: {{ include "common.name" . }}
spec:
- initContainers:
+ initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
+ {{- if .Values.global.aafEnabled }}
+ - command:
+ - sh
+ args:
+ - -c
+ - |
+ echo "*** retrieve Truststore and Keystore password"
+ export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0)
+ echo "*** obfuscate them "
+ export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
+ export KEYSTORE_JKS_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
+ export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
+ echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
+ echo "KEYSTORE_JKS_PASSWORD=${KEYSTORE_JKS_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
+ echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
+ image: {{ include "repositoryGenerator.image.jetty" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-obfuscate
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
+ securityContext:
+ runAsUser: {{ .Values.securityContext.user_id }}
+ - command:
+ - sh
+ args:
+ - -c
+ - |
+ echo "*** Set obfuscated Truststore and Keystore password into configuration file"
+ export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0)
+ cd /config-input
+ for PFILE in `ls -1`
+ do
+ envsubst <${PFILE} >/config/${PFILE}
+ done
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
+ - mountPath: /config-input
+ name: properties-input
+ - mountPath: /config
+ name: properties
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+ {{- end }}
- command:
- /app/ready.py
args:
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /bin/bash
+ - sh
+ args:
- -c
- |
- bash docker-entrypoint.sh createDBSchema.sh ;
+ bash docker-entrypoint.sh createDBSchema.sh
{{- include "common.serviceMesh.killSidecar" . | indent 11 | trim }}
env:
- name: LOCAL_USER_ID
- value: {{ .Values.global.config.userId | quote }}
+ value: {{ .Values.securityContext.user_id | quote }}
- name: LOCAL_GROUP_ID
- value: {{ .Values.global.config.groupId | quote }}
- volumeMounts:
+ value: {{ .Values.securityContext.group_id | quote }}
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
- mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties
- name: {{ include "common.fullname" . }}-config
+ name: config
subPath: janusgraph-realtime.properties
- mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-cached.properties
- name: {{ include "common.fullname" . }}-config
+ name: config
subPath: janusgraph-cached.properties
- mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties
- name: {{ include "common.fullname" . }}-config
+ name: properties
subPath: aaiconfig.properties
- mountPath: /opt/aai/logroot/AAI-GA
- name: {{ include "common.fullname" . }}-logs
+ name: logs
- mountPath: /opt/app/aai-graphadmin/resources/logback.xml
- name: {{ include "common.fullname" . }}-config
+ name: config
subPath: logback.xml
- mountPath: /opt/app/aai-graphadmin/resources/localhost-access-logback.xml
- name: {{ include "common.fullname" . }}-config
+ name: config
subPath: localhost-access-logback.xml
- mountPath: /opt/app/aai-graphadmin/resources/application.properties
- name: {{ include "common.fullname" . }}-config
+ name: properties
subPath: application.properties
- {{ $global := . }}
- {{ range $job := .Values.global.config.auth.files }}
- - mountPath: /opt/app/aai-graphadmin/resources/etc/auth/{{ . }}
- name: {{ include "common.fullname" $global }}-auth-truststore-sec
- subPath: {{ . }}
- {{ end }}
- resources:
-{{ include "common.resources" . }}
+ resources: {{ include "common.resources" . | nindent 10 }}
{{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 8 }}
- {{- end -}}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
+ {{- end }}
{{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 8 }}
+ affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
- volumes:
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: localtime
hostPath:
path: /etc/localtime
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
- - name: {{ include "common.fullname" . }}-logs
+ - name: logs
emptyDir: {}
- - name: {{ include "common.fullname" . }}-config
+ - name: config
+ configMap:
+ name: {{ include "common.fullname" . }}
+ - name: properties-input
configMap:
- name: {{ include "common.fullname" . }}-configmap
- - name: {{ include "common.fullname" . }}-auth-truststore-sec
- secret:
- secretName: aai-common-truststore
- items:
- {{ range $job := .Values.global.config.auth.files }}
- - key: {{ . }}
- path: {{ . }}
- {{ end }}
+ name: {{ include "common.fullname" . }}-properties
+ - name: properties
+ emptyDir:
+ medium: Memory
restartPolicy: Never
imagePullSecrets:
- name: {{ include "common.namespace" . }}-docker-registry-key
# ================================================================================
# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
# Copyright (c) 2020 Nokia Intellectual Property. All rights reserved.
-# Copyright (c) 2020 Orange Intellectual Property. All rights reserved.
+# Copyright (c) 2020-2021 Orange Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
release: {{ include "common.release" . }}
name: {{ include "common.name" . }}
spec:
- initContainers:
+ initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
+ {{- if .Values.global.aafEnabled }}
+ - command:
+ - sh
+ args:
+ - -c
+ - |
+ echo "*** retrieve Truststore and Keystore password"
+ export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0)
+ echo "*** obfuscate them "
+ export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
+ export KEYSTORE_JKS_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
+ export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
+ echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
+ echo "KEYSTORE_JKS_PASSWORD=${KEYSTORE_JKS_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
+ echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
+ image: {{ include "repositoryGenerator.image.jetty" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-obfuscate
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
+ securityContext:
+ runAsUser: {{ .Values.securityContext.user_id }}
+ - command:
+ - sh
+ args:
+ - -c
+ - |
+ echo "*** Set obfuscated Truststore and Keystore password into configuration file"
+ export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0)
+ cd /config-input
+ for PFILE in `ls -1`
+ do
+ envsubst <${PFILE} >/config/${PFILE}
+ done
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
+ - mountPath: /config-input
+ name: properties-input
+ - mountPath: /config
+ name: properties
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+ {{- end }}
- command:
- /app/ready.py
args:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
- command:
- - /bin/bash
+ - sh
+ args:
- -c
- - bash docker-entrypoint.sh dataRestoreFromSnapshot.sh `ls -t /opt/app/aai-graphadmin/logs/data/dataSnapshots|head -1|awk -F".P" '{ print $1 }'`
+ - |
+ bash docker-entrypoint.sh dataRestoreFromSnapshot.sh `ls -t /opt/app/aai-graphadmin/logs/data/dataSnapshots|head -1|awk -F".P" '{ print $1 }'`
env:
- name: LOCAL_USER_ID
- value: {{ .Values.global.config.userId | quote }}
+ value: {{ .Values.securityContext.user_id | quote }}
- name: LOCAL_GROUP_ID
- value: {{ .Values.global.config.groupId | quote }}
- volumeMounts:
+ value: {{ .Values.securityContext.group_id | quote }}
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
- mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties
- name: {{ include "common.fullname" . }}-config
+ name: config
subPath: janusgraph-realtime.properties
- mountPath: /opt/app/aai-graphadmin/logs/data/dataSnapshots
- name: {{ include "common.fullname" . }}-snapshots
+ name: snapshots
- mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-cached.properties
- name: {{ include "common.fullname" . }}-config
+ name: config
subPath: janusgraph-cached.properties
- mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties
- name: {{ include "common.fullname" . }}-config
+ name: properties
subPath: aaiconfig.properties
- mountPath: /opt/aai/logroot/AAI-GA
- name: {{ include "common.fullname" . }}-logs
+ name: logs
- mountPath: /opt/app/aai-graphadmin/resources/logback.xml
- name: {{ include "common.fullname" . }}-config
+ name: config
subPath: logback.xml
- mountPath: /opt/app/aai-graphadmin/resources/localhost-access-logback.xml
- name: {{ include "common.fullname" . }}-config
+ name: config
subPath: localhost-access-logback.xml
- mountPath: /opt/app/aai-graphadmin/resources/application.properties
- name: {{ include "common.fullname" . }}-config
+ name: properties
subPath: application.properties
- {{ $global := . }}
- {{ range $job := .Values.global.config.auth.files }}
- - mountPath: /opt/app/aai-graphadmin/resources/etc/auth/{{ . }}
- name: {{ include "common.fullname" $global }}-auth-truststore-sec
- subPath: {{ . }}
- {{ end }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-restore-backup
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-perform-migration
command:
- - /bin/bash
+ - sh
+ args:
- -c
- |
bash docker-entrypoint.sh run_Migrations.sh -e UpdateAaiUriIndexMigration --commit --skipPreMigrationSnapShot --runDisabled RebuildAllEdges ;
{{- include "common.serviceMesh.killSidecar" . | indent 11 | trim }}
env:
- name: LOCAL_USER_ID
- value: {{ .Values.global.config.userId | quote }}
+ value: {{ .Values.securityContext.user_id | quote }}
- name: LOCAL_GROUP_ID
- value: {{ .Values.global.config.groupId | quote }}
- volumeMounts:
+ value: {{ .Values.securityContext.group_id | quote }}
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
- mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties
- name: {{ include "common.fullname" . }}-config
+ name: config
subPath: janusgraph-realtime.properties
- mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-cached.properties
- name: {{ include "common.fullname" . }}-config
+ name: config
subPath: janusgraph-cached.properties
- mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties
- name: {{ include "common.fullname" . }}-config
+ name: properties
subPath: aaiconfig.properties
- mountPath: /opt/aai/logroot/AAI-GA
- name: {{ include "common.fullname" . }}-logs
+ name: logs
- mountPath: /opt/app/aai-graphadmin/resources/logback.xml
- name: {{ include "common.fullname" . }}-config
+ name: config
subPath: logback.xml
- mountPath: /opt/app/aai-graphadmin/resources/localhost-access-logback.xml
- name: {{ include "common.fullname" . }}-config
+ name: config
subPath: localhost-access-logback.xml
- mountPath: /opt/app/aai-graphadmin/resources/application.properties
- name: {{ include "common.fullname" . }}-config
+ name: properties
subPath: application.properties
- {{ $global := . }}
- {{ range $job := .Values.global.config.auth.files }}
- - mountPath: /opt/app/aai-graphadmin/resources/etc/auth/{{ . }}
- name: {{ include "common.fullname" $global }}-auth-truststore-sec
- subPath: {{ . }}
- {{ end }}
- resources:
-{{ include "common.resources" . }}
+ resources: {{ include "common.resources" . | nindent 10 }}
{{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 8 }}
- {{- end -}}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
+ {{- end }}
{{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 8 }}
+ affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
- volumes:
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: localtime
hostPath:
path: /etc/localtime
- name: {{ include "common.fullname" . }}-snapshots
persistentVolumeClaim:
claimName: {{ include "common.fullname" . }}-migration
- - name: {{ include "common.fullname" . }}-auth-truststore-sec
- secret:
- secretName: aai-common-truststore
- items:
- {{ range $job := .Values.global.config.auth.files }}
- - key: {{ . }}
- path: {{ . }}
- {{ end }}
+ - name: properties-input
+ configMap:
+ name: {{ include "common.fullname" . }}-properties
+ - name: properties
+ emptyDir:
+ medium: Memory
restartPolicy: Never
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
release: {{ include "common.release" . }}
name: {{ include "common.name" . }}
spec:
+ initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
+ {{- if .Values.global.aafEnabled }}
+ - command:
+ - sh
+ args:
+ - -c
+ - |
+ echo "*** retrieve Truststore and Keystore password"
+ export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0)
+ echo "*** obfuscate them "
+ export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
+ export KEYSTORE_JKS_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
+ export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
+ echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
+ echo "KEYSTORE_JKS_PASSWORD=${KEYSTORE_JKS_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
+ echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
+ image: {{ include "repositoryGenerator.image.jetty" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-obfuscate
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
+ securityContext:
+ runAsUser: {{ .Values.securityContext.user_id }}
+ - command:
+ - sh
+ args:
+ - -c
+ - |
+ echo "*** Set obfuscated Truststore and Keystore password into configuration file"
+ export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0)
+ cd /config-input
+ for PFILE in `ls -1`
+ do
+ envsubst <${PFILE} >/config/${PFILE}
+ done
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
+ - mountPath: /config-input
+ name: properties-input
+ - mountPath: /config
+ name: properties
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+ {{- end }}
{{ if eq .Values.global.jobs.migration.remoteCassandra.enabled false }}
- initContainers:
- command:
- /bin/bash
- -c
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /bin/bash
+ - sh
+ args:
- -c
- |
- bash docker-entrypoint.sh dataSnapshot.sh ;
+ bash docker-entrypoint.sh dataSnapshot.sh
{{- include "common.serviceMesh.killSidecar" . | indent 11 | trim }}
env:
- name: LOCAL_USER_ID
- value: {{ .Values.global.config.userId | quote }}
+ value: {{ .Values.securityContext.user_id | quote }}
- name: LOCAL_GROUP_ID
- value: {{ .Values.global.config.groupId | quote }}
- volumeMounts:
+ value: {{ .Values.securityContext.group_id | quote }}
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
- mountPath: /opt/app/aai-graphadmin/logs/data/dataSnapshots
- name: {{ include "common.fullname" . }}-snapshots
+ name: snapshots
- mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties
- name: {{ include "common.fullname" . }}-migration
+ name: migration
subPath: janusgraph-migration-real.properties
- mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-cached.properties
- name: {{ include "common.fullname" . }}-migration
+ name: migration
subPath: janusgraph-migration-cached.properties
- mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties
- name: {{ include "common.fullname" . }}-config
+ name: properties
subPath: aaiconfig.properties
- mountPath: /opt/aai/logroot/AAI-RES/
- name: {{ include "common.fullname" . }}-logs
+ name: logs
- mountPath: /opt/app/aai-graphadmin/resources/logback.xml
- name: {{ include "common.fullname" . }}-config
+ name: config
subPath: logback.xml
- mountPath: /opt/app/aai-graphadmin/resources/localhost-access-logback.xml
- name: {{ include "common.fullname" . }}-config
+ name: config
subPath: localhost-access-logback.xml
- mountPath: /opt/app/aai-graphadmin/resources/application.properties
- name: {{ include "common.fullname" . }}-config
+ name: properties
subPath: application.properties
- resources:
-{{ include "common.resources" . | indent 10 }}
+ resources: {{ include "common.resources" . | nindent 10 }}
{{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 8 }}
- {{- end -}}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
+ {{- end }}
{{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 8 }}
+ affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
- volumes:
+ volumes: {{ include "common.resources" . | nindent 10 }}
- name: localtime
hostPath:
path: /etc/localtime
- - name: {{ include "common.fullname" . }}-logs
+ - name: logs
emptyDir: {}
- - name: {{ include "common.fullname" . }}-config
+ - name: config
configMap:
- name: {{ include "common.fullname" . }}-configmap
- - name: {{ include "common.fullname" . }}-migration
+ name: {{ include "common.fullname" . }}
+ - name: properties-input
configMap:
- name: {{ include "common.fullname" . }}-migration-configmap
- - name: {{ include "common.fullname" . }}-snapshots
+ name: {{ include "common.fullname" . }}-properties
+ - name: properties
+ emptyDir:
+ medium: Memory
+ - name: migration
+ configMap:
+ name: {{ include "common.fullname" . }}-migration
+ - name: snapshots
persistentVolumeClaim:
claimName: {{ include "common.fullname" . }}-migration
restartPolicy: Never
# org.onap.aai
# ================================================================================
# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
+# Modifications Copyright © 2021 Orange
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# ================================================================================
# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
# Copyright (c) 2020 Nokia Intellectual Property. All rights reserved.
-# Copyright (c) 2020 Orange Intellectual Property. All rights reserved.
+# Copyright (c) 2020-2021 Orange Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
migration:
enabled: false
config:
- # User information for the admin user in container
- userId: 1000
# Specifies that the cluster connected to a dynamic
# cluster being spinned up by kubernetes deployment
edge:
label: v12
- # Keystore configuration password and filename
- keystore:
- filename: aai_keystore
- passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0
-
- # Truststore configuration password and filename
- truststore:
- filename: aai_keystore
- passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0
-
-
-
- # Specifies a list of files to be included in auth volume
- auth:
- files:
- - aai_keystore
-
# Specifies which clients should always default to realtime graph connection
realtime:
clients: SDNC,MSO,SO,robot-ete
+#################################################################
+# Certificate configuration
+#################################################################
+certInitializer:
+ nameOverride: aai-graphadmin-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: aai
+ fqi: aai@aai.onap.org
+ public_fqdn: aai.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ fqi_namespace: org.onap.aai
+ user_id: &user_id 1000
+ group_id: &group_id 1000
+ aaf_add_config: |
+ echo "*** changing them into shell safe ones"
+ export KEYSTORE_PLAIN_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
+ export KEYSTORE_JKS_PLAIN_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
+ export TRUSTSTORE_PLAIN_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
+ cd {{ .Values.credsPath }}
+ keytool -storepasswd -new "${KEYSTORE_PLAIN_PASSWORD}" \
+ -storepass "${cadi_keystore_password_p12}" \
+ -keystore {{ .Values.fqi_namespace }}.p12
+ keytool -storepasswd -new "${TRUSTSTORE_PLAIN_PASSWORD}" \
+ -storepass "${cadi_truststore_password}" \
+ -keystore {{ .Values.fqi_namespace }}.trust.jks
+ keytool -storepasswd -new "${KEYSTORE_JKS_PLAIN_PASSWORD}" \
+ -storepass "${cadi_keystore_password_jks}" \
+ -keystore {{ .Values.fqi_namespace }}.jks
+ echo "*** set key password as same password as keystore password"
+ keytool -keypasswd -new "${KEYSTORE_JKS_PLAIN_PASSWORD}" \
+ -keystore {{ .Values.fqi_namespace }}.jks \
+ -keypass "${cadi_keystore_password_jks}" \
+ -storepass "${KEYSTORE_JKS_PLAIN_PASSWORD}" -alias {{ .Values.fqi }}
+ echo "*** writing passwords into prop file"
+ echo "KEYSTORE_PLAIN_PASSWORD=${KEYSTORE_PLAIN_PASSWORD}" > {{ .Values.credsPath }}/mycreds.prop
+ echo "KEYSTORE_JKS_PLAIN_PASSWORD=${KEYSTORE_JKS_PLAIN_PASSWORD}" >> {{ .Values.credsPath }}/mycreds.prop
+ echo "TRUSTSTORE_PLAIN_PASSWORD=${TRUSTSTORE_PLAIN_PASSWORD}" >> {{ .Values.credsPath }}/mycreds.prop
+ echo "*** change ownership of certificates to targeted user"
+ chown -R {{ .Values.user_id }}:{{ .Values.group_id }} {{ .Values.credsPath }}
# application image
image: onap/aai-graphadmin:1.9.1
memory: 2Gi
unlimited: {}
+# Not fully used for now
+securityContext:
+ user_id: *user_id
+ group_id: *group_id
+
#Pods Service Account
serviceAccount:
nameOverride: aai-graphadmin
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
+ - name: certInitializer
+ version: ~9.x-0
+ repository: '@local'
- name: repositoryGenerator
version: ~9.x-0
repository: '@local'
{{/*
<!--
# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright © 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
<property name="auditLogName" value="audit" />
<property name="debugLogName" value="debug" />
- <property name="errorLogPattern"
- value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{RequestId}|%thread|ModelLoader|%mdc{PartnerName}|%logger||%.-5level|%msg%n" />
+ <property name="errorLogPattern" value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{RequestId}|%thread|ModelLoader|%mdc{PartnerName}|%logger||%.-5level|%msg%n" />
<property name="auditMetricPattern" value="%m%n" />
<property name="logDirectory" value="${logDir}/${componentName}" />
<!-- Example evaluator filter applied against console appender -->
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
- <pattern>${defaultPattern}</pattern>
+ <pattern>${errorLogPattern}</pattern>
</encoder>
</appender>
+ <appender name="AsyncSysOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="STDOUT" />
+ </appender>
<!-- ============================================================================ -->
<!-- EELF Appenders -->
<!-- The EELFAppender is used to record events to the general application
log -->
- <appender name="EELF"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <appender name="EELF" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${generalLogName}.log</file>
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
<fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.log.zip</fileNamePattern>
<appender-ref ref="EELF" />
</appender>
- <appender name="EELFAudit"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <appender name="EELFAudit" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${auditLogName}.log</file>
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
<fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.log.zip</fileNamePattern>
<appender-ref ref="EELFAudit" />
</appender>
- <appender name="EELFMetrics"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <appender name="EELFMetrics" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${metricsLogName}.log</file>
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
<fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.log.zip</fileNamePattern>
<appender-ref ref="EELFMetrics" />
</appender>
- <appender name="EELFDebug"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <appender name="EELFDebug" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${debugLogName}.log</file>
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
<fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.log.zip</fileNamePattern>
<logger name="com.att.eelf" level="info" additivity="false">
<appender-ref ref="asyncEELF" />
<appender-ref ref="asyncEELFDebug" />
+ <appender-ref ref="AsyncSysOut" />
</logger>
<logger name="com.att.eelf.audit" level="info" additivity="false">
<appender-ref ref="asyncEELFAudit" />
+ <appender-ref ref="AsyncSysOut" />
</logger>
<logger name="com.att.eelf.metrics" level="info" additivity="false">
<appender-ref ref="asyncEELFMetrics" />
+ <appender-ref ref="AsyncSysOut" />
</logger>
<!-- Spring related loggers -->
<logger name="ch.qos.logback.core" level="WARN" />
<root>
- <appender-ref ref="asyncEELF" />
- <!-- <appender-ref ref="asyncEELFDebug" /> -->
-</root>
+ <appender-ref ref="asyncEELF" />
+ <appender-ref ref="AsyncSysOut" />
+ <!-- <appender-ref ref="asyncEELFDebug" /> -->
+ </root>
</configuration>
{{/*
# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright © 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
ml.distribution.ASDC_ADDRESS=sdc-be.{{.Release.Namespace}}:8443
ml.distribution.ASDC_USE_HTTPS=true
ml.distribution.KEYSTORE_PASSWORD=
-ml.distribution.KEYSTORE_FILE=asdc-client.jks
+ml.distribution.KEYSTORE_FILE=
ml.distribution.PASSWORD=OBF:1ks51l8d1o3i1pcc1r2r1e211r391kls1pyj1z7u1njf1lx51go21hnj1y0k1mli1sop1k8o1j651vu91mxw1vun1mze1vv11j8x1k5i1sp11mjc1y161hlr1gm41m111nkj1z781pw31kku1r4p1e391r571pbm1o741l4x1ksp
{{ else }}
ml.distribution.ASDC_ADDRESS=sdc-be.{{.Release.Namespace}}:8080
ml.babel.BASE_URL={{ include "common.scheme" . }}://aai-babel.{{.Release.Namespace}}:9516
ml.babel.GENERATE_ARTIFACTS_URL=/services/babel-service/v1/app/generateArtifacts
{{ if ( include "common.needTLS" .) }}
-ml.babel.KEYSTORE_FILE=babel-client-cert.p12
-ml.babel.KEYSTORE_PASSWORD=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
-ml.babel.TRUSTSTORE_FILE=tomcat_keystore
-ml.babel.TRUSTSTORE_PASSWORD=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+ml.babel.KEYSTORE_FILE=aaf/local/{{ .Values.certInitializer.fqi_namespace }}.p12
+ml.babel.KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}
+ml.babel.TRUSTSTORE_FILE=aaf/local/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
+ml.babel.TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}
{{ end }}
{{/*
# Copyright © 2018 Amdocs, AT&T
# Modifications Copyright © 2018 Bell Canada
-# Modifications Copyright © 2020 Orange
+# Modifications Copyright © 2020-2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
name: {{ include "common.name" . }}
spec:
{{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 8 }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
{{- end -}}
{{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 8 }}
+ affinity: {{ toYaml .Values.affinity | nindent 8 }}
+ {{- end }}
+ {{- if .Values.global.aafEnabled }}
+ initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
+ - command:
+ - sh
+ args:
+ - -c
+ - |
+ echo "*** retrieve Truststore and Keystore password"
+ export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0)
+ echo "*** obfuscate them "
+ export KEYSTORE_PLAIN_PASSWORD=${KEYSTORE_PLAIN_PASSWORD}
+ export TRUSTSTORE_PLAIN_PASSWORD=${TRUSTSTORE_PLAIN_PASSWORD}
+ export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
+ export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
+ echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
+ echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
+ image: {{ include "repositoryGenerator.image.jetty" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-obfuscate
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
+ securityContext:
+ runAsUser: {{ .Values.securityContext.user_id }}
+ - command:
+ - sh
+ args:
+ - -c
+ - |
+ echo "*** Set obfuscated Truststore and Keystore password into configuration file"
+ export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0)
+ cd /config-input
+ for PFILE in `ls -1`
+ do
+ envsubst <${PFILE} >/config/${PFILE}
+ done
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
+ - mountPath: /config-input
+ name: prop-config-input
+ - mountPath: /config
+ name: prop-config
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
{{- end }}
containers:
- name: {{ include "common.name" . }}
env:
- name: CONFIG_HOME
value: /opt/app/model-loader/config/
- volumeMounts:
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
- mountPath: /opt/app/model-loader/config/model-loader.properties
subPath: model-loader.properties
- name: {{ include "common.fullname" . }}-prop-config
+ name: prop-config
- mountPath: /opt/app/model-loader/config/auth/
- name: {{ include "common.fullname" . }}-auth-config
+ name: auth-config
- mountPath: {{ .Values.log.path }}
name: logs
- mountPath: /opt/app/model-loader/logback.xml
- name: {{ include "common.fullname" . }}-log-conf
+ name: log-config
subPath: logback.xml
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- - containerPort: {{ .Values.service.internalPort2 }}
- resources:
-{{ include "common.resources" . }}
-
+ resources: {{ include "common.resources" . | nindent 10 }}
# side car containers
{{ include "common.log.sidecar" . | nindent 6 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes:
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: localtime
hostPath:
path: /etc/localtime
- - name: {{ include "common.fullname" . }}-prop-config
+ - name: prop-config-input
configMap:
name: {{ include "common.fullname" . }}-prop
- - name: {{ include "common.fullname" . }}-auth-config
+ - name: prop-config
+ emptyDir:
+ medium: Memory
+ - name: auth-config
secret:
secretName: {{ include "common.fullname" . }}
- name: logs
emptyDir: {}
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
- - name: {{ include "common.fullname" . }}-log-conf
+ - name: log-config
configMap:
name: {{ include "common.fullname" . }}-log
restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }}
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- - port: {{ .Values.service.internalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.portName2 }}
- {{- else -}}
- - port: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- - port: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName2 }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
# Copyright © 2018 Amdocs, Bell Canada, AT&T
-# Modifications Copyright © 2020 Orange
+# Modifications Copyright © 2020-2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
global: # global defaults
nodePortPrefix: 302
+#################################################################
+# Certificate configuration
+#################################################################
+certInitializer:
+ nameOverride: aai-ml-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: aai
+ fqi: aai@aai.onap.org
+ public_fqdn: aai.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ appMountPath: /opt/app/model-loader/config/auth/aaf
+ fqi_namespace: org.onap.aai
+ user_id: &user_id 1000
+ group_id: &group_id 1000
+ aaf_add_config: |
+ echo "*** changing them into shell safe ones"
+ export KEYSTORE_PLAIN_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
+ export TRUSTSTORE_PLAIN_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
+ cd {{ .Values.credsPath }}
+ keytool -storepasswd -new "${KEYSTORE_PLAIN_PASSWORD}" \
+ -storepass "${cadi_keystore_password_p12}" \
+ -keystore {{ .Values.fqi_namespace }}.p12
+ keytool -storepasswd -new "${TRUSTSTORE_PLAIN_PASSWORD}" \
+ -storepass "${cadi_truststore_password}" \
+ -keystore {{ .Values.fqi_namespace }}.trust.jks
+ echo "*** writing passwords into prop file"
+ echo "KEYSTORE_PLAIN_PASSWORD=${KEYSTORE_PLAIN_PASSWORD}" > {{ .Values.credsPath }}/mycreds.prop
+ echo "TRUSTSTORE_PLAIN_PASSWORD=${TRUSTSTORE_PLAIN_PASSWORD}" >> {{ .Values.credsPath }}/mycreds.prop
+ echo "*** change ownership of certificates to targeted user"
+ chown -R {{ .Values.user_id }}:{{ .Values.group_id }} {{ .Values.credsPath }}
+
# application image
image: onap/model-loader:1.9.1
pullPolicy: Always
initialDelaySeconds: 10
periodSeconds: 10
-service:
- type: NodePort
- portName: http
- externalPort: 8080
- internalPort: 8080
- nodePort: 10
- portName2: https
- externalPort2: 8443
- internalPort2: 8443
- nodePort2: 29
-
-ingress:
- enabled: false
- service:
- - baseaddr: "aaimodelloader"
- name: "aai-modelloader"
- port: 8443
- config:
- ssl: "redirect"
-
resources:
small:
limits:
roles:
- read
+# Not fully used for now
+securityContext:
+ user_id: *user_id
+ group_id: *group_id
+
#Log configuration
log:
path: /var/log/onap
{{ end }}
{{ if ( include "common.needTLS" .) }}
-aai.truststore.filename={{ .Values.global.config.truststore.filename }}
-aai.truststore.passwd.x={{ .Values.global.config.truststore.passwd }}
-aai.keystore.filename={{ .Values.global.config.keystore.filename }}
-aai.keystore.passwd.x={{ .Values.global.config.keystore.passwd }}
+aai.truststore.filename={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
+aai.truststore.passwd.x=${TRUSTSTORE_PASSWORD}
+aai.keystore.filename={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
+aai.keystore.passwd.x=${KEYSTORE_PASSWORD}
{{ end }}
aai.default.api.version={{ .Values.global.config.schema.version.api.default }}
server.port=8452
{{ if ( include "common.needTLS" .) }}
server.ssl.enabled-protocols=TLSv1.1,TLSv1.2
-server.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }}
-server.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }})
-server.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.truststore.filename }}
-server.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }})
+server.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
+server.ssl.key-store-password=${KEYSTORE_PASSWORD}
+server.ssl.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
+server.ssl.trust-store-password=${TRUSTSTORE_PASSWORD}
server.ssl.client-auth=want
-server.ssl.key-store-type=JKS
+server.ssl.key-store-type=PKCS12
{{ else }}
security.require-ssl=false
server.ssl.enabled=false
<logger name="org.onap.aai.aaf.auth" level="DEBUG" additivity="false">
<appender-ref ref="asyncAUTH" />
+ <appender-ref ref="STDOUT"/>
</logger>
<logger name="org.onap.aai.aailog.logs.AaiScheduledTaskAuditLog" level="INFO">
<appender-ref ref="asyncAUDIT"/>
+ <appender-ref ref="STDOUT"/>
</logger>
<logger name="org.onap.logging.filter.base.AbstractAuditLogFilter" level="INFO">
<appender-ref ref="asyncAUDIT"/>
+ <appender-ref ref="STDOUT"/>
</logger>
<logger name="org.onap.aai.logging.ErrorLogHelper" level="WARN">
<appender-ref ref="asyncERROR"/>
+ <appender-ref ref="STDOUT"/>
</logger>
<logger name="org.onap.aai.schemaservice.interceptors.post" level="DEBUG" additivity="false">
<appender-ref ref="asynctranslog" />
+ <appender-ref ref="STDOUT"/>
</logger>
<logger name="org.apache" level="OFF"/>
AaiUI:OBF:1gfr1p571unz1p4j1gg7,admin
OOF:OBF:1img1ke71ily,admin
aai@aai.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+aai-graphadmin@aai-graphadmin.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
so@so.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
sdnc@sdnc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
dcae@dcae.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
+ - name: certInitializer
+ version: ~9.x-0
+ repository: '@local'
- name: repositoryGenerator
version: ~9.x-0
repository: '@local'
apiVersion: v1
kind: ConfigMap
metadata:
- name: {{ include "common.fullname" . }}-localhost-access-log-configmap
+ name: {{ include "common.fullname" . }}-localhost-access-log
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
apiVersion: v1
kind: ConfigMap
metadata:
- name: {{ include "common.fullname" . }}-aaiconfig-configmap
+ name: {{ include "common.fullname" . }}-aaiconfig
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
apiVersion: v1
kind: ConfigMap
metadata:
- name: {{ include "common.fullname" . }}-springapp-configmap
+ name: {{ include "common.fullname" . }}-springapp
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
apiVersion: v1
kind: ConfigMap
metadata:
- name: {{ include "common.fullname" . }}-realm-configmap
+ name: {{ include "common.fullname" . }}-realm
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
spec:
+ {{- if .Values.global.aafEnabled }}
+ initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
+ - command:
+ - sh
+ args:
+ - -c
+ - |
+ echo "*** retrieve Truststore and Keystore password"
+ export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0)
+ echo "*** obfuscate them "
+ export KEYSTORE_PLAIN_PASSWORD=${KEYSTORE_PLAIN_PASSWORD}
+ export TRUSTSTORE_PLAIN_PASSWORD=${TRUSTSTORE_PLAIN_PASSWORD}
+ export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
+ export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
+ echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
+ echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
+ image: {{ include "repositoryGenerator.image.jetty" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-obfuscate
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
+ securityContext:
+ runAsUser: {{ .Values.securityContext.user_id }}
+ {{- end }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- if .Values.global.aafEnabled }}
+ command:
+ - sh
+ args:
+ - -c
+ - |
+ echo "*** retrieve Truststore and Keystore password"
+ export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ echo "keystore pass: $KEYSTORE_PASSWORD"
+ echo "truststore pass: $TRUSTSTORE_PASSWORD"
+ echo "*** actual launch of AAI Schema Service"
+ /bin/bash /opt/app/aai-schema-service/docker-entrypoint.sh
+ {{- end }}
env:
- name: LOCAL_USER_ID
- value: {{ .Values.global.config.userId | quote }}
+ value: {{ .Values.securityContext.user_id | quote }}
- name: LOCAL_GROUP_ID
- value: {{ .Values.global.config.groupId | quote }}
- volumeMounts:
+ value: {{ .Values.securityContext.group_id | quote }}
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
- mountPath: /opt/aai/logroot/AAI-SS
name: logs
- mountPath: /opt/app/aai-schema-service/resources/logback.xml
- name: {{ include "common.fullname" . }}-log-conf
+ name: log-conf
subPath: logback.xml
- mountPath: /opt/app/aai-schema-service/resources/localhost-access-logback.xml
name: localhost-access-log-conf
- mountPath: /opt/app/aai-schema-service/resources/application.properties
name: springapp-conf
subPath: application.properties
- {{ $global := . }}
- {{ range $job := .Values.global.config.auth.files }}
- - mountPath: /opt/app/aai-schema-service/resources/etc/auth/{{ . }}
- name: auth-truststore-sec
- subPath: {{ . }}
- {{ end }}
ports:
- containerPort: {{ .Values.service.internalPort }}
- containerPort: {{ .Values.service.internalPort2 }}
# side car containers
{{ include "common.log.sidecar" . | nindent 6 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes:
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: aai-common-aai-auth-mount
secret:
secretName: aai-common-aai-auth
- name: logs
emptyDir: {}
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
- - name: {{ include "common.fullname" . }}-log-conf
+ - name: log-conf
configMap:
name: {{ include "common.fullname" . }}-log
- name: localhost-access-log-conf
configMap:
- name: {{ include "common.fullname" . }}-localhost-access-log-configmap
+ name: {{ include "common.fullname" . }}-localhost-access-log
- name: springapp-conf
configMap:
- name: {{ include "common.fullname" . }}-springapp-configmap
+ name: {{ include "common.fullname" . }}-springapp
- name: aaiconfig-conf
configMap:
- name: {{ include "common.fullname" . }}-aaiconfig-configmap
+ name: {{ include "common.fullname" . }}-aaiconfig
- name: realm-conf
configMap:
- name: {{ include "common.fullname" . }}-realm-configmap
- - name: auth-truststore-sec
- secret:
- secretName: aai-common-truststore
- items:
- {{ range $job := .Values.global.config.auth.files }}
- - key: {{ . }}
- path: {{ . }}
- {{ end }}
+ name: {{ include "common.fullname" . }}-realm
restartPolicy: {{ .Values.restartPolicy }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
edge:
label: v12
- # Keystore configuration password and filename
- keystore:
- filename: aai_keystore
- passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0
-
- # Truststore configuration password and filename
- truststore:
- filename: aai_keystore
- passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0
-
- # Specifies a list of files to be included in auth volume
- auth:
- files:
- - aai_keystore
+#################################################################
+# Certificate configuration
+#################################################################
+certInitializer:
+ nameOverride: aai-schema-service-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: aai-schema-service
+ fqi: aai-schema-service@aai-schema-service.onap.org
+ public_fqdn: aai-schema-service.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ fqi_namespace: org.onap.aai-schema-service
+ user_id: &user_id 1000
+ group_id: &group_id 1000
+ aaf_add_config: |
+ echo "*** changing them into shell safe ones"
+ export KEYSTORE_PLAIN_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
+ export TRUSTSTORE_PLAIN_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
+ cd {{ .Values.credsPath }}
+ keytool -storepasswd -new "${KEYSTORE_PLAIN_PASSWORD}" \
+ -storepass "${cadi_keystore_password_p12}" \
+ -keystore {{ .Values.fqi_namespace }}.p12
+ keytool -storepasswd -new "${TRUSTSTORE_PLAIN_PASSWORD}" \
+ -storepass "${cadi_truststore_password}" \
+ -keystore {{ .Values.fqi_namespace }}.trust.jks
+ echo "*** writing passwords into prop file"
+ echo "KEYSTORE_PLAIN_PASSWORD=${KEYSTORE_PLAIN_PASSWORD}" > {{ .Values.credsPath }}/mycreds.prop
+ echo "TRUSTSTORE_PLAIN_PASSWORD=${TRUSTSTORE_PLAIN_PASSWORD}" >> {{ .Values.credsPath }}/mycreds.prop
+ echo "*** change ownership of certificates to targeted user"
+ chown -R {{ .Values.user_id }}:{{ .Values.group_id }} {{ .Values.credsPath }}
# application image
image: onap/aai-schema-service:1.9.2
roles:
- read
+# Not fully used for now
+securityContext:
+ user_id: *user_id
+ group_id: *group_id
+
#Log configuration
log:
path: /var/log/onap
gerritBranch: 3.0.0-ONAP
gerritProject: http://gerrit.onap.org/r/aai/test-config
portalUsername: aaiui
- portalPassword: OBF:1t2v1vfv1unz1vgz1t3b
+ portalPassword: OBF:1t2v1vfv1unz1vgz1t3b # aaiui
portalCookieName: UserId
portalAppRoles: ui_view
cadiFileLocation: /opt/app/sparky/config/portal/cadi.properties
# Keystore configuration password and filename
keystore:
filename: aai_keystore
- passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0
+ passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 # changeit
# Truststore configuration password and filename
truststore:
filename: aai_keystore
- passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0
+ passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 # changeit
# Specifies a list of files to be included in auth volume
auth:
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
- name: {{ include "common.fullname" . }}-data
- mountPath: /data/db
+ mountPath: /var/lib/mongo
resources: {{ include "common.resources" . | nindent 12 }}
{{ include "common.containerSecurityContext" . | indent 10 }}
{{- if .Values.nodeSelector }}
{{- include "repositoryGenerator.image._helper" (merge (dict "image" "htpasswdImage") .) }}
{{- end -}}
+{{- define "repositoryGenerator.image.jetty" -}}
+ {{- include "repositoryGenerator.image._helper" (merge (dict "image" "jettyImage") .) }}
+{{- end -}}
+
{{- define "repositoryGenerator.image.jre" -}}
{{- include "repositoryGenerator.image._helper" (merge (dict "image" "jreImage") .) }}
{{- end -}}
envsubstImage: dibi/envsubst:1
# there's only latest image for htpasswd
htpasswdImage: xmartlabs/htpasswd:latest
+ jettyImage: jetty:9-jdk11-slim
jreImage: onap/integration-java11:7.1.0
kubectlImage: bitnami/kubectl:1.19
loggingImage: beats/filebeat:5.5.0
curlImage: dockerHubRepository
envsubstImage: dockerHubRepository
htpasswdImage: dockerHubRepository
+ jettyImage: dockerHubRepository
jreImage: repository
kubectlImage: dockerHubRepository
loggingImage: elasticRepository
data:
{{ tpl (.Files.Glob "resources/dr_nodes/*.json").AsConfig . | indent 2 }}
---
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-dmaap-dr-node-filebeat-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/log/filebeat/filebeat.yml").AsConfig . | indent 2 }}
+{{ include "common.log.configMap" . }}
affinity: {{ toYaml .Values.affinity | nindent 10 }}
{{- end }}
# Filebeat sidecar container
- - name: {{ include "common.name" . }}-filebeat-onap
- image: {{ include "repositoryGenerator.image.logging" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap/datarouter-node
+ {{ include "common.log.sidecar" . | nindent 8 }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- name: {{ include "common.fullname" . }}-log-conf
configMap:
name: {{ include "common.fullname" . }}-log
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ include "common.fullname" . }}-dmaap-dr-node-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
+ {{ include "common.log.volumes" . | nindent 8 }}
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
{{- if not .Values.persistence.enabled }}
loggingDirectory: /var/log/onap/datarouter
persistence: {}
aafEnabled: true
+ centralizedLoggingEnabled: true
#################################################################
# AAF part
nameOverride: dmaap-dr-node
roles:
- read
+
+#Log configuration
+log:
+ path: /var/log/onap
data:
{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
---
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-dmaap-dr-prov-filebeat-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/log/filebeat/filebeat.yml").AsConfig . | indent 2 }}
+{{ include "common.log.configMap" . }}
---
apiVersion: v1
kind: ConfigMap
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
# Filebeat sidecar container
- - name: {{ include "common.name" . }}-filebeat-onap
- image: {{ include "repositoryGenerator.image.logging" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap/datarouter-prov
+ {{ include "common.log.sidecar" . | nindent 8 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: localtime
- name: {{ include "common.fullname" . }}-log-conf
configMap:
name: {{ include "common.fullname" . }}-log
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ include "common.fullname" . }}-dmaap-dr-prov-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
+ {{ include "common.log.volumes" . | nindent 6 }}
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
imagePullSecrets:
nodePortPrefix: 302
loggingDirectory: /opt/app/datartr/logs
persistence: {}
+ centralizedLoggingEnabled: true
mariadbGalera: &mariadbGalera
#This flag allows DMAAP-DR to instantiate its own mariadb-galera cluster
localCluster: false
nameOverride: dmaap-dr-prov
roles:
- read
+
+#Log configuration
+log:
+ path: /var/log/onap
port: 6969
userName: ${API_USER}
password: ${API_PASSWORD}
- https: true
+ useHttps: true
allowSelfSignedCerts: true
policyPapParameters:
clientName: pap
port: 6969
userName: ${PAP_USER}
password: ${PAP_PASSWORD}
- https: true
+ useHttps: true
allowSelfSignedCerts: true
intermediaryParameters:
reportingTimeIntervalMs: 120000
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
- - name: {{ include "common.fullname" . }}-logs
+ - name: logs
mountPath: /var/log/onap
- name: {{ include "common.fullname" . }}-logback
mountPath: /tmp/logback.xml
exec:
command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/app/jetty/config/catalog-be/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"]
# side car containers
- - name: {{ include "common.name" . }}-filebeat-onap
- image: {{ include "repositoryGenerator.image.logging" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
- resources:
- limits:
- cpu: 100m
- memory: 100Mi
- requests:
- cpu: 3m
- memory: 20Mi
+ {{ include "common.log.sidecar" . | nindent 8 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: {{ include "common.fullname" . }}-localtime
hostPath:
path: /etc/localtime
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ include "common.release" . }}-sdc-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
+ {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
- name: {{ include "common.fullname" . }}-logback
configMap:
name : {{ include "common.fullname" . }}-logging-configmap
defaultMode: 0755
- name: sdc-environments-output
emptyDir: { medium: "Memory" }
- - name: {{ include "common.fullname" . }}-logs
+ - name: logs
emptyDir: {}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
nameOverride: sdc-be
roles:
- read
+
+#Log configuration
+log:
+ path: /var/log/onap
+logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
- - name: {{ include "common.fullname" . }}-logs
+ - name: logs
mountPath: /var/log/onap
- name: {{ include "common.fullname" . }}-configs
mountPath: /app/jetty/config/catalog-fe/plugins-configuration.yaml
exec:
command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/app/jetty/config/catalog-fe/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"]
# side car containers
- - name: {{ include "common.name" . }}-filebeat-onap
- image: {{ include "repositoryGenerator.image.logging" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
- resources:
- limits:
- cpu: 100m
- memory: 100Mi
- requests:
- cpu: 3m
- memory: 20Mi
+ {{ include "common.log.sidecar" . | nindent 8 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: {{ include "common.fullname" . }}-localtime
hostPath:
path: /etc/localtime
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ include "common.release" . }}-sdc-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
+ {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 8 }}
- name: {{ include "common.fullname" . }}-configs
configMap:
name : {{ include "common.fullname" . }}-plugins-configmap
defaultMode: 0755
- name: sdc-environments-output
emptyDir: { medium: "Memory" }
- - name: {{ include "common.fullname" . }}-logs
+ - name: logs
emptyDir: {}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
nameOverride: sdc-fe
roles:
- read
+
+#Log configuration
+log:
+ path: /var/log/onap
+logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
- - name: {{ include "common.fullname" . }}-logs
+ - name: logs
mountPath: /var/log/onap
- name: {{ include "common.fullname" . }}-cert-storage
mountPath: "{{ .Values.cert.certDir }}"
exec:
command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/app/jetty/config/onboarding-be/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"]
# side car containers
- - name: {{ include "common.name" . }}-filebeat-onap
- image: {{ include "repositoryGenerator.image.logging" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
- resources:
- limits:
- cpu: 100m
- memory: 100Mi
- requests:
- cpu: 3m
- memory: 20Mi
+ {{ include "common.log.sidecar" . | nindent 8 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: {{ include "common.fullname" . }}-localtime
hostPath:
path: /etc/localtime
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ include "common.release" . }}-sdc-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
+ {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
- name: {{ include "common.fullname" . }}-logback
configMap:
name : {{ include "common.fullname" . }}-logging-configmap
defaultMode: 0755
- name: sdc-environments-output
emptyDir: { medium: "Memory" }
- - name: {{ include "common.fullname" . }}-logs
+ - name: logs
emptyDir: {}
- name: {{ include "common.fullname" . }}-cert-storage
persistentVolumeClaim:
nameOverride: sdc-onboarding-be
roles:
- read
+
+#Log configuration
+log:
+ path: /var/log/onap
+logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
# side car containers
- - name: {{ include "common.name" . }}-filebeat-onap
- image: {{ include "repositoryGenerator.image.logging" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
- resources:
- limits:
- cpu: 100m
- memory: 100Mi
- requests:
- cpu: 3m
- memory: 20Mi
+ {{ include "common.log.sidecar" . | nindent 8 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: {{ include "common.fullname" . }}-localtime
emptyDir:
medium: "Memory"
{{- end }}
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ include "common.release" . }}-sdc-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-logs
+ {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix . )) | nindent 8 }}
+ - name: logs
emptyDir: {}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
nameOverride: sdc-wfd-fe
roles:
- read
+
+#Log configuration
+log:
+ path: /var/log/onap
+logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
data:
{{ tpl (.Files.Glob "resources/config/environments/*").AsConfig . | indent 2 }}
---
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.release" . }}-sdc-filebeat-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/log/filebeat/*").AsConfig . | indent 2 }}
+{{ include "common.log.configMap" . }}
dataCenter: Pod
security:
disableHttp: true
+ centralizedLoggingEnabled: true
+
+sdc-be:
+ logConfigMapNamePrefix: '{{ include "common.release" . }}-sdc'
+sdc-fe:
+ logConfigMapNamePrefix: '{{ include "common.release" . }}-sdc'
+sdc-onboarding-be:
+ logConfigMapNamePrefix: '{{ include "common.release" . }}-sdc'
+sdc-wfd-fe:
+ logConfigMapNamePrefix: '{{ include "common.release" . }}-sdc'
# Environment file
env:
# limitations under the License.
*/}}
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-filebeat-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/log/filebeat/log4j/*").AsConfig . | indent 2 }}
+{{ include "common.log.configMap" . }}
---
apiVersion: v1
kind: ConfigMap
subPath: blueprints-processor-adaptor.properties
- mountPath: {{ .Values.persistence.mdsalPath }}
name: {{ include "common.fullname" . }}-data
- - mountPath: /var/log/onap
+ - mountPath: {{ .Values.log.path }}
name: logs
- mountPath: {{ .Values.config.odl.salConfigDir }}/{{ .Values.config.odl.salConfigVersion}}/sal-clustering-config-{{ .Values.config.odl.salConfigVersion}}-akkaconf.xml
name: properties
{{ end }}
resources: {{ include "common.resources" . | nindent 12 }}
# side car containers
- - name: filebeat-onap
- image: {{ include "repositoryGenerator.image.logging" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /usr/share/filebeat/filebeat.yml
- name: filebeat-conf
- subPath: filebeat.yml
- - mountPath: /var/log/onap
- name: logs
- - mountPath: /usr/share/filebeat/data
- name: data-filebeat
+ {{ include "common.log.sidecar" . | nindent 8 }}
{{- if .Values.nodeSelector }}
nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
{{- end }}
path: /etc/localtime
- name: logs
emptyDir: {}
- - name: data-filebeat
- emptyDir: {}
- - name: filebeat-conf
- configMap:
- name: {{ include "common.fullname" . }}-filebeat-configmap
+ {{ include "common.log.volumes" . | nindent 8 }}
- name: sdnc-logging-cfg-config
configMap:
name: {{ include "common.fullname" . }}-log-configmap
persistence:
mountPath: /dockerdata-nfs
aafEnabled: true
+ centralizedLoggingEnabled: true
mariadbGalera:
#This flag allows SO to instantiate its own mariadb-galera cluster
#If shared instance is used, this chart assumes that DB already exists
nameOverride: sdnc
roles:
- read
+
+#Log configuration
+log:
+ path: /var/log/onap
mountPath: /app/config
readOnly: true
- name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
+ mountPath: {{ .Values.log.path }}
{{ include "so.helpers.livenessProbe" .| indent 8 }}
ports:
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
protocol: TCP
# Filebeat sidecar container
- - name: {{ include "common.name" . }}-filebeat-onap
- image: {{ include "repositoryGenerator.image.logging" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
- - name: logs
- mountPath: /var/log/onap/so
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
+ {{ include "common.log.sidecar" . | nindent 6 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
- name: {{ include "common.fullname" . }}-log-conf
configMap:
name: {{ include "common.fullname" . }}-log
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ .Release.Name }}-so-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
+ {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
imagePullSecrets:
nameOverride: so-bpmn-infra
roles:
- read
+
+#Log configuration
+log:
+ path: /var/log/onap
+logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
{{ include "so.helpers.livenessProbe" .| indent 8 }}
ports: {{- include "common.containerPorts" . | nindent 12 }}
# Filebeat sidecar container
- - name: {{ include "common.name" . }}-filebeat-onap
- image: {{ include "repositoryGenerator.image.logging" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
- - name: logs
- mountPath: /var/log/onap/so
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
+ {{ include "common.log.sidecar" . | nindent 6 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
- name: {{ include "common.fullname" . }}-log-conf
configMap:
name: {{ include "common.fullname" . }}-log
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ .Release.Name }}-so-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
+ {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
imagePullSecrets:
nameOverride: so-oof-adapter
roles:
- read
+
+#Log configuration
+log:
+ path: /var/log/onap
+logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
name: {{ .Values.service.portName }}
protocol: TCP
# Filebeat sidecar container
- - name: {{ include "common.name" . }}-filebeat-onap
- image: {{ include "repositoryGenerator.image.logging" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
- - name: logs
- mountPath: /var/log/onap/so
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
+ {{ include "common.log.sidecar" . | nindent 6 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
- name: {{ include "common.fullname" . }}-log-conf
configMap:
name: {{ include "common.fullname" . }}-log
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ .Release.Name }}-so-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
+ {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
imagePullSecrets:
nameOverride: so-openstack-adapter
roles:
- read
+
+#Logs configuration
+log:
+ path: /var/log/onap
+logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
name: {{ .Values.service.portName }}
protocol: TCP
# Filebeat sidecar container
- - name: {{ include "common.name" . }}-filebeat-onap
- image: {{ include "repositoryGenerator.image.logging" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
- - name: logs
- mountPath: /var/log/onap/so
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
+ {{ include "common.log.sidecar" . | nindent 6 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
- name: {{ include "common.fullname" . }}-log-conf
configMap:
name: {{ include "common.fullname" . }}-log
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ .Release.Name }}-so-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
+ {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
imagePullSecrets:
nameOverride: so-sdc-controller
roles:
- read
+
+#Logs configuration
+log:
+ path: /var/log/onap
+logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
name: {{ .Values.service.portName }}
protocol: TCP
# Filebeat sidecar container
- - name: {{ include "common.name" . }}-filebeat-onap
- image: {{ include "repositoryGenerator.image.logging" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
- - name: logs
- mountPath: /var/log/onap/so
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
+ {{ include "common.log.sidecar" . | nindent 6 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
- name: {{ include "common.fullname" . }}-log-conf
configMap:
name: {{ include "common.fullname" . }}-log
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ .Release.Name }}-so-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
+ {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
imagePullSecrets:
nameOverride: so-sdnc-adapter
roles:
- read
+
+#Logs configuration
+log:
+ path: /var/log/onap
+logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
data:
{{ tpl (.Files.Glob "resources/config/log/filebeat/filebeat.yml").AsConfig . | indent 2 }}
---
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ .Release.Name }}-so-filebeat-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/log/filebeat/filebeat.yml").AsConfig . | indent 2 }}
+{{ include "common.log.configMap" . }}
mountPath: /app/config
readOnly: true
- name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
+ mountPath: {{ .Values.log.path }}
{{ include "so.helpers.livenessProbe" .| indent 8 }}
ports:
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
protocol: TCP
# Filebeat sidecar container
- - name: {{ include "common.name" . }}-filebeat-onap
- image: {{ include "repositoryGenerator.image.logging" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
- - name: logs
- mountPath: /var/log/onap/so
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
+ {{ include "common.log.sidecar" . | nindent 6 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
- name: {{ include "common.fullname" . }}-log-conf
configMap:
name: {{ include "common.fullname" . }}-log
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ .Release.Name }}-so-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
+ {{ include "common.log.volumes" . | nindent 6 }}
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
imagePullSecrets:
nodePortPrefix: 302
nodePortPrefixExt: 304
aafAgentImage: onap/aaf/aaf_agent:2.1.20
+ centralizedLoggingEnabled: true
mariadbGalera:
nameOverride: mariadb-galera
serviceName: mariadb-galera
so-bpmn-infra:
db:
<<: *dbSecrets
+ logConfigMapNamePrefix: '{{ include "common.release" . }}-so'
so-catalog-db-adapter:
enabled: true
camundaAuth: AE2E9BE6EF9249085AF98689C4EE087736A5500629A72F35068FFB88813A023581DD6E765071F1C04075B36EA4213A
oof:
authSecret: *mso-oof-auth
+ logConfigMapNamePrefix: '{{ include "common.release" . }}-so'
so-openstack-adapter:
enabled: true
db:
<<: *dbSecrets
+ logConfigMapNamePrefix: '{{ include "common.release" . }}-so'
so-request-db-adapter:
db:
so-sdc-controller:
db:
<<: *dbSecrets
+ logConfigMapNamePrefix: '{{ include "common.release" . }}-so'
so-sdnc-adapter:
enabled: true
<<: *dbSecrets
mso:
msoKeySecret: *mso-key
+ logConfigMapNamePrefix: '{{ include "common.release" . }}-so'
so-ve-vnfm-adapter:
enabled: false
nameOverride: so
roles:
- read
+
+#Log configuration
+log:
+ path: /var/log/onap
-{{/*
-#
-# ============LICENSE_START=======================================================
-# Copyright (C) 2019 Nordix Foundation.
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 AT&T. All rights reserved.
+# Modifications Copyright © 2021 Orange
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
-# http://www.apache.org/licenses/LICENSE-2.0
+# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
# ============LICENSE_END=========================================================
-#
-*/}}
+
apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.release" . }}-dmaap-filebeat-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/log/filebeat/filebeat.yml").AsConfig . | indent 2 }}
+description: ONAP UUI NLP
+name: uui-nlp
+version: 9.0.0
--- /dev/null
+#============LICENSE_START========================================================
+# Copyright (c) 2021 AT&T. All rights reserved.
+# Modifications Copyright © 2021 Orange
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: common
+ version: ~9.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~9.x-0
+ repository: '@local'
+ - name: serviceAccount
+ version: ~9.x-0
+ repository: '@local'
--- /dev/null
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 AT&T. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ replicas: 1
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim}}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ volumeMounts:
+ - mountPath: /home/run/bert-master/upload
+ name: uui-server-v
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
+ volumes:
+ - name: uui-server-v
+ {{- if .Values.persistence.enabled }}
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}
+ {{- else }}
+ emptyDir: {}
+ {{- end }}
+
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.PV" . }}
\ No newline at end of file
--- /dev/null
+{{/*
+################################################################################
+# Copyright (c) 2021 AT&T #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+*/}}
+
+{{ include "common.PVC" . }}
\ No newline at end of file
--- /dev/null
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 AT&T. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.service" . }}
--- /dev/null
+#============LICENSE_START========================================================
+#=================================================================================
+# Copyright (c) 2021 AT&T. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+# Global values
+global:
+ pullPolicy: Always
+ persistence: {}
+image: onap/usecase-ui-nlp:1.0.2
+
+uui-nlp:
+ enabled: true
+
+flavor: large
+
+onLinePort: &online_port 33011
+offLinePort: &offline_port 33012
+uploadPort: &upload_port 33013
+
+# service configuration
+service:
+ internalPort: 33013
+ type: ClusterIP
+ name: uui-nlp
+ ports:
+ - name: http-online
+ port: *online_port
+ - name: http-offline
+ port: *offline_port
+ - name: http-upload
+ port: *upload_port
+
+
+liveness:
+ initialDelaySeconds: 300
+ periodSeconds: 30
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 300
+ periodSeconds: 10
+
+# Below parameter should match setting in all clients
+# including contrib\tools\registry-initialize.sh
+# which does preload
+#registryCred:
+# username: onapinitializer
+# password: demo123456!
+
+# Parameters for persistent storage
+persistence:
+ enabled: true
+ accessMode: ReadWriteOnce
+ size: 4Gi
+ mountPath: /dockerdata-nfs
+ mountSubPath: uui-nlp
+ volumeReclaimPolicy: Retain
+
+serviceAccount:
+ nameOverride: uui-nlp
+ roles:
+ - read
+
+securityContext:
+ user_id: 1000
+ group_id: 1000
+
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 1Gi
+ requests:
+ cpu: 0.5
+ memory: 512Mi
+ large:
+ limits:
+ cpu: 2
+ memory: 2Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ unlimited: {}
- name: uui-server
version: ~9.x-0
repository: 'file://components/uui-server'
+ - name: uui-nlp
+ version: ~9.x-0
+ repository: 'file://components/uui-nlp'
+ condition: uui-nlp.enabled
Code Review / oom.git / commitdiff