Service Mesh patch for DCAE, changing port names to http.
Remove aaf-cm readiness check, set tlsServer to false (excluding restconf)
Added environment variables to pods to solve CBS problems
Disable VES authentcation in SM override
Change-Id: I42a12912f471d89bd4ebc6181f5454140e54a605
Issue-ID: OOM-2820
Issue-ID: DCAEGEN2-3277
Signed-off-by: rope252 <gareth.roper@est.tech>
Signed-off-by: Vijay Venkatesh Kumar <vv770d@att.com>
{{- define "dcaegen2-services-common.microserviceDeployment" -}}
{{- $log := default dict .Values.log -}}
{{- $logDir := default "" $log.path -}}
-{{- $certDir := default "" .Values.certDirectory . -}}
+{{- $certDir := (eq "true" (include "common.needTLS" .)) | ternary (default "" .Values.certDirectory . ) "" -}}
{{- $tlsServer := default "" .Values.tlsServer -}}
{{- $commonRelease := print (include "common.release" .) -}}
{{- $policy := default dict .Values.policies -}}
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
+ {{- if .Values.readinessCheck }}
{{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
+ {{- end }}
{{- include "common.dmaap.provisioning.initContainer" . | nindent 6 }}
{{- if $certDir }}
+ - name: {{ include "common.name" . }}-aaf-init-readiness
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /app/ready.py
+ args:
+ - --container-name
+ - aaf-cm
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
- name: init-tls
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.tlsImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
# TLS role -- set to true if microservice acts as server
# If true, an init container will retrieve a server cert
# and key from AAF and mount them in certDirectory.
-tlsServer: true
+tlsServer: false
# CMPv2 certificate
# It is used only when:
readinessCheck:
wait_for:
containers:
- - aaf-cm
- dmaap-bc
- dmaap-provisioning-job
+ - message-router
# Probe Configuration
readiness:
type: ClusterIP
name: datafile-collector
ports:
- - name: https
+ - name: http
port: 8443
plain_port: 8100
port_protocol: http
streams_subscribes:
dmaap_subscriber:
dmaap_info:
- topic_url: "https://message-router:3905/events/unauthenticated.VES_NOTIFICATION_OUTPUT"
+ topic_url: "http://message-router:3904/events/unauthenticated.VES_NOTIFICATION_OUTPUT"
type: message_router
# DataRouter Feed Configuration
# TLS role -- set to true if microservice acts as server
# If true, an init container will retrieve a server cert
# and key from AAF and mount them in certDirectory.
-tlsServer: true
+tlsServer: false
# Dependencies
readinessCheck:
wait_for:
- - aaf-cm
- dcae-datalake-feeder
# Probe Configuration
# TLS role -- set to true if microservice acts as server
# If true, an init container will retrieve a server cert
# and key from AAF and mount them in certDirectory.
-tlsServer: true
+tlsServer: false
# Dependencies
readinessCheck:
wait_for:
- - aaf-cm
- dcae-datalake-feeder
# Probe Configuration
# TLS role -- set to true if microservice acts as server
# If true, an init container will retrieve a server cert
# and key from AAF and mount them in certDirectory.
-tlsServer: true
+tlsServer: false
# Dependencies
readinessCheck:
wait_for:
- - aaf-cm
- &postgresName dcae-datalake-postgres
# Probe Configuration
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.services.heartbeat:2.3.1
+image: onap/org.onap.dcaegen2.services.heartbeat:2.5.0
pullPolicy: Always
# Log directory where logging sidecar should look for log files
# TLS role -- set to true if microservice acts as server
# If true, an init container will retrieve a server cert
# and key from AAF and mount them in certDirectory.
-tlsServer: true
+tlsServer: false
# Dependencies
readinessCheck:
wait_for:
- - aaf-cm
- &postgresName dcae-heartbeat-postgres
+ - message-router
# Probe Configuration
readiness:
- name: repositoryGenerator
version: ~11.x-0
repository: '@local'
- - name: readinessCheck
- version: ~11.x-0
- repository: '@local'
- name: dcaegen2-services-common
version: ~11.x-0
repository: '@local'
# TLS role -- set to true if microservice acts as server
# If true, an init container will retrieve a server cert
# and key from AAF and mount them in certDirectory.
-tlsServer: true
+tlsServer: false
secrets:
- uid: hv-ves-kafka-secret
create: true
# dependencies
-readinessCheck:
- wait_for:
- - aaf-cm
# probe configuration
readiness:
server.idleTimeoutSec: 300
server.listenPort: 6061
cbs.requestIntervalSec: 5
- security.sslDisable: false
+ security.sslDisable: true
security.keys.keyStoreFile: /etc/ves-hv/ssl/cert.jks
security.keys.keyStorePasswordFile: /etc/ves-hv/ssl/jks.pass
security.keys.trustStoreFile: /etc/ves-hv/ssl/trust.jks
applicationEnv:
JAVA_OPTS: '-Dlogback.configurationFile=/etc/ONAP/dcae-hv-ves-collector/logback.xml'
CBS_CLIENT_CONFIG_PATH: '/app-config-input/application_config.yaml'
+ #Temporary Dummy CBS Port Value until internal SDK library is updated
+ CONFIG_BINDING_SERVICE_SERVICE_PORT: '0000'
KAFKA_BOOTSTRAP_SERVERS: '{{ include "common.release" . }}-strimzi-kafka-bootstrap:9092'
USE_SCRAM: 'true'
JAAS_CONFIG:
# TLS role -- set to true if microservice acts as server
# If true, an init container will retrieve a server cert
# and key from AAF and mount them in certDirectory.
-tlsServer: true
-enable_tls: true
+tlsServer: false
+enable_tls: false
# Optional Policy configuration properties
# if present, policy-sync side car will be deployed
# Dependencies
readinessCheck:
wait_for:
- - aaf-cm
+ - message-router
# Probe Configuration
readiness:
kpi.policy: '{"domain":"measurementsForKpi","methodForKpi":[{"eventName":"perf3gpp_CORE-AMF_pmMeasResult","controlLoopSchemaType":"SLICE","policyScope":"resource=networkSlice;type=configuration","policyName":"configuration.dcae.microservice.kpi-computation","policyVersion":"v0.0.1","kpis":[{"measType":"AMFRegNbr","operation":"SUM","operands":"RM.RegisteredSubNbrMean"}]},{"eventName":"perf3gpp_CORE-UPF_pmMeasResult","controlLoopSchemaType":"SLICE","policyScope":"resource=networkSlice;type=configuration","policyName":"configuration.dcae.microservice.kpi-computation","policyVersion":"v0.0.1","kpis":[{"measType":"UpstreamDownstreamThr","operation":"SUM","operands":["GTP.InDataOctN3UPF","GTP.OutDataOctN3UPF"]}]}]'
applicationEnv:
+ CBS_CLIENT_CONFIG_PATH: '/app-config-input/application_config.yaml'
+ #Temporary Dummy CBS Port Value until internal SDK library is updated
+ CONFIG_BINDING_SERVICE_SERVICE_PORT: '0000'
STANDALONE: 'false'
# Resource Limit Flavor -By Default Using Small
# TLS role -- set to true if microservice acts as server
# If true, an init container will retrieve a server cert
# and key from AAF and mount them in certDirectory.
-tlsServer: true
+tlsServer: false
# Dependencies
readinessCheck:
wait_for:
containers:
- - aaf-cm
- dmaap-bc
- dmaap-provisioning-job
- dcae-datafile-collector
+ - message-router
# Probe Configuration
readiness:
name: dcae-pm-mapper
both_tls_and_plain: true
ports:
- - name: https
+ - name: http
port: 8443
plain_port: 8081
port_protocol: http
# Initial Application Configuration
applicationConfig:
- enable_tls: true
+ enable_tls: false
enable_http: true
aaf_identity: ""
aaf_password: ""
key_store_pass_path: /opt/app/pm-mapper/etc/cert/jks.pass
trust_store_path: /opt/app/pm-mapper/etc/cert/trust.jks
trust_store_pass_path: /opt/app/pm-mapper/etc/cert/trust.pass
- dmaap_dr_delete_endpoint: https://dmaap-dr-node:8443/delete
+ dmaap_dr_delete_endpoint: http://dmaap-dr-node:8080/delete
streams_publishes:
dmaap_publisher:
type: message_router
# TLS role -- set to true if microservice acts as server
# If true, an init container will retrieve a server cert
# and key from AAF and mount them in certDirectory.
-tlsServer: true
+tlsServer: false
# Dependencies
readinessCheck:
wait_for:
- - aaf-cm
- &postgresName dcae-pmsh-postgres
+ - message-router
# Probe Configuration
readiness:
periodSeconds: 15
timeoutSeconds: 1
path: /healthcheck
- scheme: HTTPS
- port: 8443
+ scheme: HTTP
+ port: 8080
# Service Configuration
service:
type: ClusterIP
name: dcae-pmsh
ports:
- - name: https
- port: 8443
+ - name: http
+ port: 8080
+ plain_port: 8080
port_protocol: http
# AAF Credentials
# Initial Application Configuration
applicationConfig:
- enable_tls: true
+ enable_tls: false
aaf_identity: ${AAF_IDENTITY}
aaf_password: ${AAF_PASSWORD}
key_path: /opt/app/pmsh/etc/certs/key.pem
policy_pm_publisher:
type: message_router
dmaap_info:
- topic_url: "https://message-router:3905/events/unauthenticated.DCAE_CL_OUTPUT"
+ topic_url: "http://message-router:3904/events/unauthenticated.DCAE_CL_OUTPUT"
streams_subscribes:
policy_pm_subscriber:
type: message_router
dmaap_info:
- topic_url: "https://message-router:3905/events/unauthenticated.PMSH_CL_INPUT"
+ topic_url: "http://message-router:3904/events/unauthenticated.PMSH_CL_INPUT"
aai_subscriber:
type: message_router
dmaap_info:
- topic_url: "https://message-router:3905/events/AAI-EVENT"
+ topic_url: "http://message-router:3904/events/AAI-EVENT"
applicationEnv:
PMSH_PG_URL: &dcaePmshPgPrimary dcae-pmsh-pg-primary
PMSH_PG_PASSWORD:
secretUid: *pgUserCredsSecretUid
key: password
+ PMSH_API_PORT: '8080'
# Resource Limit Flavor -By Default Using Small
flavor: small
# TLS role -- set to true if microservice acts as server
# If true, an init container will retrieve a server cert
# and key from AAF and mount them in certDirectory.
-tlsServer: true
+tlsServer: false
secrets:
- uid: &aaiCredsUID aaicreds
# dependencies
readinessCheck:
wait_for:
- - aaf-cm
+ - message-router
# probe configuration
readiness:
dmaap.dmaapConsumerConfiguration.timeoutMs: -1
dmaap.dmaapProducerConfiguration.dmaapContentType: "application/json"
dmaap.dmaapUpdateProducerConfiguration.dmaapContentType: "application/json"
- aai.aaiClientConfiguration.pnfUrl: https://aai.onap.svc.cluster.local:8443/aai/v23/network/pnfs/pnf
- aai.aaiClientConfiguration.baseUrl: https://aai.onap.svc.cluster.local:8443/aai/v23
- aai.aaiClientConfiguration.aaiHost: aai.onap.svc.cluster.local
- aai.aaiClientConfiguration.aaiHostPortNumber: 8443
- aai.aaiClientConfiguration.aaiProtocol: "https"
+ aai.aaiClientConfiguration.pnfUrl: http://aai-internal.onap.svc.cluster.local:80/aai/v23/network/pnfs/pnf
+ aai.aaiClientConfiguration.baseUrl: http://aai-internal.onap.svc.cluster.local:80/aai/v23
+ aai.aaiClientConfiguration.aaiHost: aai-internal.onap.svc.cluster.local
+ aai.aaiClientConfiguration.aaiHostPortNumber: 80
+ aai.aaiClientConfiguration.aaiProtocol: "http"
aai.aaiClientConfiguration.aaiUserName: ${AAI_USER}
aai.aaiClientConfiguration.aaiUserPassword: ${AAI_PASSWORD}
aai.aaiClientConfiguration.aaiIgnoreSslCertificateErrors: true
# TLS role -- set to true if microservice acts as server
# If true, an init container will retrieve a server cert
# and key from AAF and mount them in certDirectory.
-tlsServer: true
+tlsServer: false
# Dependencies
readinessCheck:
wait_for:
- - aaf-cm
+ - message-router
# Probe Configuration
readiness:
# TLS role -- set to true if microservice acts as server
# If true, an init container will retrieve a server cert
# and key from AAF and mount them in certDirectory.
-tlsServer: true
+tlsServer: false
# Dependencies
readinessCheck:
wait_for:
- - aaf-cm
- &postgresName dcae-sliceanalysisms-postgres
+ - message-router
# Probe Configuration
readiness:
type: ClusterIP
name: dcae-slice-analysis-ms
ports:
- - name: https
+ - name: http
port: 8080
port_protocol: http
sliceanalysisms.cid: sliceanalysisms-cid
sliceanalysisms.configDb.service: http://config-db:8080
sliceanalysisms.configDbEnabled: true
- sliceanalysisms.aai.url: https://aai.onap.svc.cluster.local:8443/aai/v21
- sliceanalysisms.cps.url: https://cps:8088
+ sliceanalysisms.aai.url: http://aai-internal.onap.svc.cluster.local:80/aai/v21
+ sliceanalysisms.cps.url: http://cps:8080
sliceanalysisms.samples: 3
sliceanalysisms.minPercentageChange: 5
sliceanalysisms.initialDelaySeconds: 120000
topic_url: http://message-router:3904/events/AAI-EVENT
applicationEnv:
+ CBS_CLIENT_CONFIG_PATH: '/app-config-input/application_config.yaml'
+ #Temporary Dummy CBS Port Value until internal SDK library is updated
+ CONFIG_BINDING_SERVICE_SERVICE_PORT: '0000'
STANDALONE: 'false'
# Resource Limit Flavor -By Default Using Small
# TLS role -- set to true if microservice acts as server
# If true, an init container will retrieve a server cert
# and key from AAF and mount them in certDirectory.
-tlsServer: true
+tlsServer: false
# Dependencies
# Dependencies
readinessCheck:
wait_for:
- - aaf-cm
- &postgresName dcae-sonhms-postgres
+ - message-router
# Probe Configuration
readiness:
type: ClusterIP
name: dcae-son-handler
ports:
- - name: https
+ - name: http
port: 8080
port_protocol: http
policy-req: []
applicationEnv:
+ CBS_CLIENT_CONFIG_PATH: '/app-config-input/application_config.yaml'
+ #Temporary Dummy CBS Port Value until internal SDK library is updated
+ CONFIG_BINDING_SERVICE_SERVICE_PORT: '0000'
STANDALONE: 'false'
# Resource Limit Flavor -By Default Using Small
# TLS role -- set to true if microservice acts as server
# If true, an init container will retrieve a server cert
# and key from AAF and mount them in certDirectory.
-tlsServer: true
+tlsServer: false
secrets:
- uid: &aaiCredsUID aaicreds
# dependencies
readinessCheck:
wait_for:
- - aaf-cm
+ - message-router
# probe configuration
readiness:
tca.aai.generic_vnf_path: aai/v11/network/generic-vnfs/generic-vnf
tca.aai.node_query_path: aai/v11/search/nodes-query
tca.aai.password: ${AAI_PASSWORD}
- tca.aai.url: https://aai:8443
+ tca.aai.url: http://aai-internal:80
tca.aai.username: ${AAI_USERNAME}
tca.policy: "[{\"domain\":\"measurementsForVfScaling\",\"violatedMetricsPerEventName\":[{\"eventName\":\"Mfvs_eNodeB_RANKPI\",\"controlLoopSchemaType\":\"VNF\",\"policyScope\":\"resource=vFirewall;type=configuration\",\"policyName\":\"configuration.dcae.microservice.tca.xml\",\"policyVersion\":\"v0.0.1\",\"thresholds\":[{\"closedLoopControlName\":\"CL-FRWL-LOW-TRAFFIC-SIG-d925ed73-8231-4d02-9545-db4e101f88f8\",\"closedLoopEventStatus\":\"ONSET\",\"version\":\"1.0.2\",\"fieldPath\":\"$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedBroadcastPacketsAccumulated\",\"thresholdValue\":4000,\"direction\":\"LESS_OR_EQUAL\",\"severity\":\"MAJOR\"},{\"closedLoopControlName\":\"CL-FRWL-HIGH-TRAFFIC-SIG-EA36FE84-9342-5E13-A656-EC5F21309A09\",\"closedLoopEventStatus\":\"ONSET\",\"version\":\"1.0.2\",\"fieldPath\":\"$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedBroadcastPacketsAccumulated\",\"thresholdValue\":20000,\"direction\":\"GREATER_OR_EQUAL\",\"severity\":\"CRITICAL\"}]},{\"eventName\":\"vLoadBalancer\",\"controlLoopSchemaType\":\"VNF\",\"policyScope\":\"resource=vLoadBalancer;type=configuration\",\"policyName\":\"configuration.dcae.microservice.tca.xml\",\"policyVersion\":\"v0.0.1\",\"thresholds\":[{\"closedLoopControlName\":\"CL-LBAL-LOW-TRAFFIC-SIG-FB480F95-A453-6F24-B767-FD703241AB1A\",\"closedLoopEventStatus\":\"ONSET\",\"version\":\"1.0.2\",\"fieldPath\":\"$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedBroadcastPacketsAccumulated\",\"thresholdValue\":500,\"direction\":\"LESS_OR_EQUAL\",\"severity\":\"MAJOR\"},{\"closedLoopControlName\":\"CL-LBAL-LOW-TRAFFIC-SIG-0C5920A6-B564-8035-C878-0E814352BC2B\",\"closedLoopEventStatus\":\"ONSET\",\"version\":\"1.0.2\",\"fieldPath\":\"$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedBroadcastPacketsAccumulated\",\"thresholdValue\":5000,\"direction\":\"GREATER_OR_EQUAL\",\"severity\":\"CRITICAL\"}]}]},{\"domain\":\"measurement\",\"metricsPerEventName\":[{\"eventName\":\"vFirewallBroadcastPackets\",\"controlLoopSchemaType\":\"VM\",\"policyScope\":\"DCAE\",\"policyName\":\"DCAE.Config_tca-hi-lo\",\"policyVersion\":\"v0.0.1\",\"thresholds\":[{\"closedLoopControlName\":\"ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a\",\"version\":\"1.0.2\",\"fieldPath\":\"$.event.measurementFields.nicPerformanceArray[*].receivedTotalPacketsDelta\",\"thresholdValue\":300,\"direction\":\"LESS_OR_EQUAL\",\"severity\":\"MAJOR\",\"closedLoopEventStatus\":\"ABATED\"},{\"closedLoopControlName\":\"ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a\",\"version\":\"1.0.2\",\"fieldPath\":\"$.event.measurementFields.nicPerformanceArray[*].receivedTotalPacketsDelta\",\"thresholdValue\":700,\"direction\":\"GREATER_OR_EQUAL\",\"severity\":\"CRITICAL\",\"closedLoopEventStatus\":\"ONSET\"}]},{\"eventName\":\"vLoadBalancer\",\"controlLoopSchemaType\":\"VM\",\"policyScope\":\"DCAE\",\"policyName\":\"DCAE.Config_tca-hi-lo\",\"policyVersion\":\"v0.0.1\",\"thresholds\":[{\"closedLoopControlName\":\"ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3\",\"version\":\"1.0.2\",\"fieldPath\":\"$.event.measurementFields.nicPerformanceArray[*].receivedTotalPacketsDelta\",\"thresholdValue\":300,\"direction\":\"GREATER_OR_EQUAL\",\"severity\":\"CRITICAL\",\"closedLoopEventStatus\":\"ONSET\"}]},{\"eventName\":\"Measurement_vGMUX\",\"controlLoopSchemaType\":\"VNF\",\"policyScope\":\"DCAE\",\"policyName\":\"DCAE.Config_tca-hi-lo\",\"policyVersion\":\"v0.0.1\",\"thresholds\":[{\"closedLoopControlName\":\"ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e\",\"version\":\"1.0.2\",\"fieldPath\":\"$.event.measurementFields.additionalMeasurements[*].arrayOfFields[0].value\",\"thresholdValue\":0,\"direction\":\"EQUAL\",\"severity\":\"MAJOR\",\"closedLoopEventStatus\":\"ABATED\"},{\"closedLoopControlName\":\"ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e\",\"version\":\"1.0.2\",\"fieldPath\":\"$.event.measurementFields.additionalMeasurements[*].arrayOfFields[0].value\",\"thresholdValue\":0,\"direction\":\"GREATER\",\"severity\":\"CRITICAL\",\"closedLoopEventStatus\":\"ONSET\"}]}]}]"
tca.processing_batch_size: 10000
tca.enable_abatement: true
tca.enable_ecomp_logging: true
+applicationEnv:
+ #Temporary Dummy CBS Port Value until internal SDK library is updated
+ CONFIG_BINDING_SERVICE_SERVICE_PORT: '0000'
+
# Resource Limit flavor -By Default using small
flavor: small
# Segregation for Different environment (Small and Large)
# TLS role -- set to true if microservice acts as server
# If true, an init container will retrieve a server cert
# and key from AAF and mount them in certDirectory.
-tlsServer: true
+tlsServer: false
# CMPv2 certificate
# It is used only when:
# dependencies
readinessCheck:
wait_for:
- - aaf-cm
+ - message-router
# probe configuration
initialDelaySeconds: 5
# TLS role -- set to true if microservice acts as server
# If true, an init container will retrieve a server cert
# and key from AAF and mount them in certDirectory.
-#tlsServer: true
+#tlsServer: false
# Dependencies
readinessCheck:
wait_for:
- - aaf-cm
+ - message-router
# Service Configuration
service:
enabled: true
dcae-ves-collector:
enabled: true
+ applicationConfig:
+ auth.method: "noAuth"
dcae-ves-mapper:
enabled: true
dcae-ves-openapi-manager: