Patch on CDS charts dedicated to remove https and cert-related
calls from all files.
This ensure compatibility with patched AAI (IID: OOM-2670) and
lays ground for service mesh use.
Replaces https://gerrit.onap.org/r/c/oom/+/126099
Correction for CDS-Strimzi support in application properties
Issue-ID: OOM-2824
Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
Change-Id: I522fe60ca748b7e5f731045dac8ca11b13ae2811
# AAI Data REST Client settings
blueprintsprocessor.restclient.aai-data.type=basic-auth
# AAI Data REST Client settings
blueprintsprocessor.restclient.aai-data.type=basic-auth
-blueprintsprocessor.restclient.aai-data.url=https://aai:8443
+{{ if ( include "common.needTLS" .) }}
+blueprintsprocessor.restclient.aai-data.url=https://{{ .Values.global.aaiData.ServiceName }}:8443
+{{- else -}}
+blueprintsprocessor.restclient.aai-data.url=http://{{ .Values.global.aaiData.ServiceName }}:{{ .Values.global.aaiData.ExternalPlainPort }}
+{{- end }}
blueprintsprocessor.restclient.aai-data.username=aai@aai.onap.org
blueprintsprocessor.restclient.aai-data.password=demo123456!
blueprintsprocessor.restclient.aai-data.additionalHeaders.X-TransactionId=cds-transaction-id
blueprintsprocessor.restclient.aai-data.username=aai@aai.onap.org
blueprintsprocessor.restclient.aai-data.password=demo123456!
blueprintsprocessor.restclient.aai-data.additionalHeaders.X-TransactionId=cds-transaction-id
# Self Service Request Kafka Message Consumer
blueprintsprocessor.messageconsumer.self-service-api.kafkaEnable={{ .Values.kafkaRequestConsumer.enabled }}
blueprintsprocessor.messageconsumer.self-service-api.type={{ .Values.kafkaRequestConsumer.type }}
# Self Service Request Kafka Message Consumer
blueprintsprocessor.messageconsumer.self-service-api.kafkaEnable={{ .Values.kafkaRequestConsumer.enabled }}
blueprintsprocessor.messageconsumer.self-service-api.type={{ .Values.kafkaRequestConsumer.type }}
-{{- if eq .Values.useStrimziKafka true }}
+{{ if eq .Values.useStrimziKafka true }}
blueprintsprocessor.messageconsumer.self-service-api.bootstrapServers={{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
{{- else -}}
blueprintsprocessor.messageconsumer.self-service-api.bootstrapServers={{ .Values.kafkaRequestConsumer.bootstrapServers }}
blueprintsprocessor.messageconsumer.self-service-api.bootstrapServers={{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
{{- else -}}
blueprintsprocessor.messageconsumer.self-service-api.bootstrapServers={{ .Values.kafkaRequestConsumer.bootstrapServers }}
blueprintsprocessor.messageconsumer.self-service-api.topic={{ .Values.kafkaRequestConsumer.topic }}
blueprintsprocessor.messageconsumer.self-service-api.clientId={{ .Values.kafkaRequestConsumer.clientId }}
blueprintsprocessor.messageconsumer.self-service-api.pollMillSec={{ .Values.kafkaRequestConsumer.pollMillSec }}
blueprintsprocessor.messageconsumer.self-service-api.topic={{ .Values.kafkaRequestConsumer.topic }}
blueprintsprocessor.messageconsumer.self-service-api.clientId={{ .Values.kafkaRequestConsumer.clientId }}
blueprintsprocessor.messageconsumer.self-service-api.pollMillSec={{ .Values.kafkaRequestConsumer.pollMillSec }}
-{{- if and (eq .Values.kafkaRequestConsumer.type "kafka-scram-plain-text-auth") (eq .Values.useStrimziKafka true) }}
+{{ if and (eq .Values.kafkaRequestConsumer.type "kafka-scram-plain-text-auth") (eq .Values.useStrimziKafka true) }}
# SCRAM
blueprintsprocessor.messageconsumer.self-service-api.scramUsername={{ include "common.release" . }}-{{ .Values.cdsKafkaUser }}
blueprintsprocessor.messageconsumer.self-service-api.scramPassword=${JAAS_PASS}
# SCRAM
blueprintsprocessor.messageconsumer.self-service-api.scramUsername={{ include "common.release" . }}-{{ .Values.cdsKafkaUser }}
blueprintsprocessor.messageconsumer.self-service-api.scramPassword=${JAAS_PASS}
# Self Service Response Kafka Message Producer
blueprintsprocessor.messageproducer.self-service-api.type={{ .Values.kafkaRequestProducer.type }}
# Self Service Response Kafka Message Producer
blueprintsprocessor.messageproducer.self-service-api.type={{ .Values.kafkaRequestProducer.type }}
-{{- if eq .Values.useStrimziKafka true }}
+{{ if eq .Values.useStrimziKafka true }}
blueprintsprocessor.messageproducer.self-service-api.bootstrapServers={{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
{{- else -}}
blueprintsprocessor.messageproducer.self-service-api.bootstrapServers={{ .Values.kafkaRequestProducer.bootstrapServers }}
{{- end }}
blueprintsprocessor.messageproducer.self-service-api.clientId={{ .Values.kafkaRequestProducer.clientId }}
blueprintsprocessor.messageproducer.self-service-api.topic={{ .Values.kafkaRequestProducer.topic }}
blueprintsprocessor.messageproducer.self-service-api.bootstrapServers={{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
{{- else -}}
blueprintsprocessor.messageproducer.self-service-api.bootstrapServers={{ .Values.kafkaRequestProducer.bootstrapServers }}
{{- end }}
blueprintsprocessor.messageproducer.self-service-api.clientId={{ .Values.kafkaRequestProducer.clientId }}
blueprintsprocessor.messageproducer.self-service-api.topic={{ .Values.kafkaRequestProducer.topic }}
-{{- if and (eq .Values.kafkaRequestConsumer.type "kafka-scram-plain-text-auth") (eq .Values.useStrimziKafka true) }}
+{{ if and (eq .Values.kafkaRequestConsumer.type "kafka-scram-plain-text-auth") (eq .Values.useStrimziKafka true) }}
# SCRAM
blueprintsprocessor.messageproducer.self-service-api.scramUsername={{ include "common.release" . }}-{{ .Values.cdsKafkaUser }}
blueprintsprocessor.messageproducer.self-service-api.scramPassword=${JAAS_PASS}
# SCRAM
blueprintsprocessor.messageproducer.self-service-api.scramUsername={{ include "common.release" . }}-{{ .Values.cdsKafkaUser }}
blueprintsprocessor.messageproducer.self-service-api.scramPassword=${JAAS_PASS}
## Audit request
blueprintsprocessor.messageproducer.self-service-api.audit.kafkaEnable={{ .Values.kafkaAuditRequest.enabled }}
blueprintsprocessor.messageproducer.self-service-api.audit.request.type={{ .Values.kafkaAuditRequest.type }}
## Audit request
blueprintsprocessor.messageproducer.self-service-api.audit.kafkaEnable={{ .Values.kafkaAuditRequest.enabled }}
blueprintsprocessor.messageproducer.self-service-api.audit.request.type={{ .Values.kafkaAuditRequest.type }}
-{{- if eq .Values.useStrimziKafka true }}
+{{ if eq .Values.useStrimziKafka true }}
blueprintsprocessor.messageproducer.self-service-api.audit.request.bootstrapServers={{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
{{- else -}}
blueprintsprocessor.messageproducer.self-service-api.audit.request.bootstrapServers={{ .Values.kafkaAuditRequest.bootstrapServers }}
{{- end }}
blueprintsprocessor.messageproducer.self-service-api.audit.request.clientId={{ .Values.kafkaAuditRequest.clientId }}
blueprintsprocessor.messageproducer.self-service-api.audit.request.topic={{ .Values.kafkaAuditRequest.topic }}
blueprintsprocessor.messageproducer.self-service-api.audit.request.bootstrapServers={{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
{{- else -}}
blueprintsprocessor.messageproducer.self-service-api.audit.request.bootstrapServers={{ .Values.kafkaAuditRequest.bootstrapServers }}
{{- end }}
blueprintsprocessor.messageproducer.self-service-api.audit.request.clientId={{ .Values.kafkaAuditRequest.clientId }}
blueprintsprocessor.messageproducer.self-service-api.audit.request.topic={{ .Values.kafkaAuditRequest.topic }}
-{{- if and (eq .Values.kafkaRequestConsumer.type "kafka-scram-plain-text-auth") (eq .Values.useStrimziKafka true) }}
+{{ if and (eq .Values.kafkaRequestConsumer.type "kafka-scram-plain-text-auth") (eq .Values.useStrimziKafka true) }}
# SCRAM
blueprintsprocessor.messageproducer.self-service-api.audit.request.scramUsername={{ include "common.release" . }}-{{ .Values.cdsKafkaUser }}
blueprintsprocessor.messageproducer.self-service-api.audit.request.scramPassword=${JAAS_PASS}
# SCRAM
blueprintsprocessor.messageproducer.self-service-api.audit.request.scramUsername={{ include "common.release" . }}-{{ .Values.cdsKafkaUser }}
blueprintsprocessor.messageproducer.self-service-api.audit.request.scramPassword=${JAAS_PASS}
## Audit response
blueprintsprocessor.messageproducer.self-service-api.audit.response.type={{ .Values.kafkaAuditResponse.type }}
## Audit response
blueprintsprocessor.messageproducer.self-service-api.audit.response.type={{ .Values.kafkaAuditResponse.type }}
-{{- if eq .Values.useStrimziKafka true }}
+{{ if eq .Values.useStrimziKafka true }}
blueprintsprocessor.messageproducer.self-service-api.audit.response.bootstrapServers={{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
{{- else -}}
blueprintsprocessor.messageproducer.self-service-api.audit.response.bootstrapServers={{ .Values.kafkaAuditRequest.bootstrapServers }}
{{- end }}
blueprintsprocessor.messageproducer.self-service-api.audit.response.clientId={{ .Values.kafkaAuditResponse.clientId }}
blueprintsprocessor.messageproducer.self-service-api.audit.response.topic={{ .Values.kafkaAuditResponse.topic }}
blueprintsprocessor.messageproducer.self-service-api.audit.response.bootstrapServers={{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
{{- else -}}
blueprintsprocessor.messageproducer.self-service-api.audit.response.bootstrapServers={{ .Values.kafkaAuditRequest.bootstrapServers }}
{{- end }}
blueprintsprocessor.messageproducer.self-service-api.audit.response.clientId={{ .Values.kafkaAuditResponse.clientId }}
blueprintsprocessor.messageproducer.self-service-api.audit.response.topic={{ .Values.kafkaAuditResponse.topic }}
-{{- if and (eq .Values.kafkaRequestConsumer.type "kafka-scram-plain-text-auth") (eq .Values.useStrimziKafka true) }}
+{{ if and (eq .Values.kafkaRequestConsumer.type "kafka-scram-plain-text-auth") (eq .Values.useStrimziKafka true) }}
# SCRAM
blueprintsprocessor.messageproducer.self-service-api.audit.response.scramUsername={{ include "common.release" . }}-{{ .Values.cdsKafkaUser }}
blueprintsprocessor.messageproducer.self-service-api.audit.response.scramPassword=${JAAS_PASS}
# SCRAM
blueprintsprocessor.messageproducer.self-service-api.audit.response.scramUsername={{ include "common.release" . }}-{{ .Values.cdsKafkaUser }}
blueprintsprocessor.messageproducer.self-service-api.audit.response.scramPassword=${JAAS_PASS}
endpoints.user.password=eHbVUbJAj4AG2522cSbrOQ==
#BaseUrls for health check blueprint processor services
endpoints.user.password=eHbVUbJAj4AG2522cSbrOQ==
#BaseUrls for health check blueprint processor services
-blueprintprocessor.healthcheck.baseUrl=http://localhost:8080/
+blueprintprocessor.healthcheck.baseUrl=http://cds-blueprints-processor-http:8080/
blueprintprocessor.healthcheck.mapping-service-name-with-service-link=[Execution service,/api/v1/execution-service/health-check],[Resources service,/api/v1/resources/health-check],[Template service,/api/v1/template/health-check]
#BaseUrls for health check Cds Listener services
blueprintprocessor.healthcheck.mapping-service-name-with-service-link=[Execution service,/api/v1/execution-service/health-check],[Resources service,/api/v1/resources/health-check],[Template service,/api/v1/template/health-check]
#BaseUrls for health check Cds Listener services
{{- if eq .Values.service.http.type "NodePort"}}
nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.http.nodePort }}
{{- end}}
{{- if eq .Values.service.http.type "NodePort"}}
nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.http.nodePort }}
{{- end}}
- name: {{ .Values.service.http.portName | default "http" }}
+ name: {{ .Values.service.http.portName | default "http" }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
selector:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
selector:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
persistence:
mountPath: /dockerdata-nfs
persistence:
mountPath: /dockerdata-nfs
- #This configuration specifies Service and port for SDNC OAM interface
+ # This configuration specifies Service and port for SDNC OAM interface
sdncOamService: sdnc-oam
sdncOamPort: 8282
sdncOamService: sdnc-oam
sdncOamPort: 8282
+ # This concerns CDS/AAI communication through HTTP when TLS is not being needed
+ # Port value should match the one in aai/values.yml : service.externalPlainPort
+ aaiData:
+ ExternalPlainPort: 80 # when TLS is not needed
+ ServiceName: aai # domain
+ # http://aai:80 or https://aai:443
+
#AAF is enabled by default
#aafEnabled: true
#AAF is enabled by default
#aafEnabled: true
dbService: mariadb-galera
dbPort: 3306
dbName: sdnctl
dbService: mariadb-galera
dbPort: 3306
dbName: sdnctl
- #dbRootPass: Custom root password
+ # dbRootPass: Custom root password
dbRootPassExternalSecret: '{{ include "common.mariadb.secret.rootPassSecretName" ( dict "dot" . "chartName" .Values.config.sdncDB.dbService ) }}'
cdsDB:
dbServer: cds-db
dbRootPassExternalSecret: '{{ include "common.mariadb.secret.rootPassSecretName" ( dict "dot" . "chartName" .Values.config.sdncDB.dbService ) }}'
cdsDB:
dbServer: cds-db
periodSeconds: 10
liveness:
periodSeconds: 10
liveness:
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
readiness:
initialDelaySeconds: 120
readiness:
initialDelaySeconds: 120
service:
http:
type: ClusterIP
service:
http:
type: ClusterIP
- portName: blueprints-processor-http
internalPort: 8080
externalPort: 8080
grpc:
type: ClusterIP
internalPort: 8080
externalPort: 8080
grpc:
type: ClusterIP
- portName: blueprints-processor-grpc
internalPort: 9111
externalPort: 9111
cluster:
type: ClusterIP
internalPort: 9111
externalPort: 9111
cluster:
type: ClusterIP
- portName: blueprints-processor-cluster
internalPort: 5701
externalPort: 5701
internalPort: 5701
externalPort: 5701
- baseaddr: "blueprintsprocessorhttp"
name: "cds-blueprints-processor-http"
port: 8080
- baseaddr: "blueprintsprocessorhttp"
name: "cds-blueprints-processor-http"
port: 8080
logback:
rootLogLevel: INFO
logback:
rootLogLevel: INFO
service:
type: ClusterIP
grpc:
service:
type: ClusterIP
grpc:
- portName: command-executor-grpc
internalPort: 50051
externalPort: 50051
metrics:
internalPort: 50051
externalPort: 50051
metrics:
- portName: command-executor-metrics
internalPort: 10005
externalPort: 10005
internalPort: 10005
externalPort: 10005
metrics:
serviceMonitor:
enabled: false
metrics:
serviceMonitor:
enabled: false
- port: command-executor-metrics
path: /actuator/prometheus
basicAuth:
enabled: false
path: /actuator/prometheus
basicAuth:
enabled: false
type: ClusterIP
ports:
- port: 50052
type: ClusterIP
ports:
- port: 50052
secrets:
- uid: api-credentials
secrets:
- uid: api-credentials
- asdcAddress: sdc-be.{{include "common.namespace" .}}:8443 #SDC-BE
+ asdcAddress: sdc-be.{{include "common.namespace" .}}:{{ (eq "true" (include "common.needTLS" .)) | ternary 8443 8080 }} #SDC-BE
messageBusAddress: message-router.{{include "common.namespace" .}} #Message-Router
user: cds #SDC-username
password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U #SDC-password
messageBusAddress: message-router.{{include "common.namespace" .}} #Message-Router
user: cds #SDC-username
password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U #SDC-password
keyStorePath:
activateServerTLSAuth : false
isUseHttpsWithDmaap: false
keyStorePath:
activateServerTLSAuth : false
isUseHttpsWithDmaap: false
- isUseHttpsWithSDC: true
+ isUseHttpsWithSDC: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
archivePath: /opt/app/onap/sdc-listener/
grpcAddress: cds-blueprints-processor-grpc
grpcPort: 9111
archivePath: /opt/app/onap/sdc-listener/
grpcAddress: cds-blueprints-processor-grpc
grpcPort: 9111
httpsProxyPort: 0
httpProxyPort: 0
httpsProxyPort: 0
httpProxyPort: 0
cdslistener:
healthcheck:
baseUrl: http://localhost:9000/
mapping-service-name-with-service-link: "[SDC Listener service,/api/v1/sdclistener/healthcheck]"
cdslistener:
healthcheck:
baseUrl: http://localhost:9000/
mapping-service-name-with-service-link: "[SDC Listener service,/api/v1/sdclistener/healthcheck]"
management:
endpoint:
health:
management:
endpoint:
health:
value: {{ .Values.config.appConfigDir }}
ports:
- containerPort: {{ .Values.service.http.internalPort }}
value: {{ .Values.config.appConfigDir }}
ports:
- containerPort: {{ .Values.service.http.internalPort }}
+ name: {{ .Values.service.http.portName }}
{{ if .Values.liveness.enabled }}
livenessProbe:
httpGet:
path: /api/v1/sdclistener/healthcheck
{{ if .Values.liveness.enabled }}
livenessProbe:
httpGet:
path: /api/v1/sdclistener/healthcheck
- port: {{ .Values.service.http.internalPort }}
+ port: {{ .Values.service.http.portName }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{end}}
readinessProbe:
httpGet:
path: /api/v1/sdclistener/healthcheck
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{end}}
readinessProbe:
httpGet:
path: /api/v1/sdclistener/healthcheck
- port: {{ .Values.service.http.internalPort }}
+ port: {{ .Values.service.http.portName }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
{{- if eq .Values.service.type "NodePort"}}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
{{- end}}
{{- if eq .Values.service.type "NodePort"}}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
{{- end}}
- name: {{ .Values.service.http.portName | default "http" }}
+ name: {{ .Values.service.http.portName | default "http" }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
selector:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
selector:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
service:
type: ClusterIP
http:
service:
type: ClusterIP
http:
- portName: cds-sdc-listener-http
internalPort: 8080
externalPort: 8080
internalPort: 8080
externalPort: 8080
- baseaddr: "cdsui"
name: "cds-ui"
port: 3000
- baseaddr: "cdsui"
name: "cds-ui"
port: 3000
- config:
- ssl: "redirect"
+ config:
+ ssl: "redirect"
# Resource Limit flavor -By Default using small
flavor: small
# Resource Limit flavor -By Default using small
flavor: small