Chart.lock
**/charts/*.tgz
*.orig
+*_build
# AAI Schema
**/schema/*
chown -R {{ .Values.user_id }}:{{ .Values.group_id }} {{ .Values.credsPath }}
# application image
-image: onap/aai-graphadmin:1.11.1
+image: onap/aai-graphadmin:1.11.2
pullPolicy: Always
restartPolicy: Always
flavor: small
chown -R 1000 {{ .Values.credsPath }}
# application image
-image: onap/aai-traversal:1.11.1
+image: onap/aai-traversal:1.11.2
pullPolicy: Always
restartPolicy: Always
flavor: small
# application image
dockerhubRepository: registry.hub.docker.com
-image: onap/aai-haproxy:1.9.5
+image: onap/aai-haproxy:1.11.0
pullPolicy: Always
flavor: small
listenerservice:
config:
- asdcAddress: sdc-be.{{include "common.namespace" .}}:{{ (eq "true" (include "common.needTLS" .)) | ternary 8443 8080 }} #SDC-BE
+ sdcAddress: sdc-be.{{include "common.namespace" .}}:{{ (eq "true" (include "common.needTLS" .)) | ternary 8443 8080 }} #SDC-BE
messageBusAddress: message-router.{{include "common.namespace" .}} #Message-Router
user: cds #SDC-username
password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U #SDC-password
pollingInterval: 15
pollingTimeout: 60
relevantArtifactTypes: TOSCA_CSAR
- consumerGroup: cds
+ consumerGroup: {{ .Values.config.kafka.sdcTopic.consumerGroup }}
+ consumerId: {{ .Values.config.kafka.sdcTopic.clientId }}
environmentName: AUTO
- consumerId: cds
keyStorePassword:
keyStorePath:
activateServerTLSAuth : false
- isUseHttpsWithDmaap: false
isUseHttpsWithSDC: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
archivePath: /opt/app/onap/sdc-listener/
grpcAddress: cds-blueprints-processor-grpc
--- /dev/null
+{{/*
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaUser
+metadata:
+ name: {{ include "common.release" . }}-{{ .Values.global.cdsSdcListenerKafkaUser }}
+ labels:
+ strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+ authentication:
+ type: {{ .Values.config.kafka.saslMechanism | lower }}
+ authorization:
+ type: {{ .Values.config.kafka.authType }}
+ acls:
+ - resource:
+ type: group
+ name: {{ .Values.config.kafka.sdcTopic.consumerGroup }}
+ operation: All
+ - resource:
+ type: topic
+ patternType: prefix
+ name: {{ .Values.config.kafka.sdcTopic.pattern }}
+ operation: All
{{/*
# Copyright (c) 2019 Bell Canada
+# Modification Copyright © 2022 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- --container-name
- sdc-be
- --container-name
- - message-router
- - --container-name
- cds-blueprints-processor
env:
- name: NAMESPACE
env:
- name: APP_CONFIG_HOME
value: {{ .Values.config.appConfigDir }}
+ - name: SECURITY_PROTOCOL
+ value: {{ .Values.config.kafka.securityProtocol }}
+ - name: SASL_MECHANISM
+ value: {{ .Values.config.kafka.saslMechanism }}
+ - name: SASL_JAAS_CONFIG
+ value: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cds-sdc-kafka-secret" "key" "sasl.jaas.config") | indent 12 }}
ports:
- containerPort: {{ .Values.service.http.internalPort }}
name: {{ .Values.service.http.portName }}
# Copyright (c) 2019 Bell Canada
+# Modification Copyright © 2022 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
persistence:
mountPath: /dockerdata-nfs
+ cdsSdcListenerKafkaUser: cds-sdc-list-user
+
#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-sdclistener:1.4.1
+image: onap/ccsdk-sdclistener:1.5.0
name: sdc-listener
pullPolicy: Always
# flag to enable debugging - application support required
debugEnabled: false
+secrets:
+ - uid: cds-sdc-kafka-secret
+ externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
+ type: genericKV
+ envs:
+ - name: sasl.jaas.config
+ value: '{{ .Values.config.someConfig }}'
+ policy: generate
+
# application configuration
config:
appConfigDir: /opt/app/onap/config
+ someConfig: blah
+ kafka:
+ securityProtocol: SASL_PLAINTEXT
+ saslMechanism: SCRAM-SHA-512
+ authType: simple
+ sdcTopic:
+ pattern: SDC-DIST
+ consumerGroup: cds
+ clientId: cds-sdc-listener
# default number of instances
replicaCount: 1
persistence:
mountPath: /dockerdata-nfs
cdsKafkaUser: cds-kafka-user
+ cdsSdcListenerKafkaUser: cds-sdc-list-user
#################################################################
# Secrets metaconfig
cds-sdc-listener:
enabled: true
+ config:
+ jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.cdsSdcListenerKafkaUser }}'
cds-ui:
enabled: true
--- /dev/null
+{{/*
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{/*
+ Create a Strimzi KafkaUser.
+ Usage:
+ include "common.kafkauser" .
+
+ Strimzi kafka provides cluster access via its custom resource definition KafkaUser
+ which is deployed using its User Operator component.
+ See more info here - https://github.com/strimzi/strimzi-kafka-operator/blob/main/helm-charts/helm3/strimzi-kafka-operator/crds/044-Crd-kafkauser.yaml
+ This allows fine grained access control per user towards the kafka cluster.
+ See more info here - https://strimzi.io/docs/operators/latest/configuring.html#proc-configuring-kafka-user-str
+
+ The kafka user definition is defined as part of .Values per component.
+ For general use by OOM components, the following list of acl types should suffice:
+ type: group (Used by the client app to be added to a particular kafka consumer group)
+ type: topic (1 or more kafka topics that the client needs to access. Commonly [Read,Write])
+
+ Note: The template will use the following default values.
+
+ spec.authentication.type: scram-sha-512 (dictated by the available broker listeners on the kafka cluster)
+ spec.authorization.type: simple (Only type supported by strimzi at present)
+ spec.authorization.acls.resource.patternType: literal
+
+ Example:
+
+ kafkaUser:
+ acls:
+ - name: sdc (mandatory)
+ suffix: mysuffix (optional. Will be appended (with a hyphen) to the "name" entry. ie "sdc-mysuffix")
+ type: group (mandatory. Type "group" is used by the client as it's kafka consumer group)
+ operations: [Read] (mandatory. List of at least 1)
+ - name: SDC-DISTR
+ type: topic
+ patternType: prefix (optional. In this example, the user will be provided Read and Write access to all topics named "SDC-DISTR*")
+ operations: [Read, Write]
+*/}}
+{{- define "common.kafkauser" -}}
+{{- $global := .global }}
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaUser
+metadata:
+ name: {{ include "common.name" . }}-ku
+ namespace: {{ include "common.namespace" $global }}
+ labels:
+ strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+ authentication:
+ type: {{ .Values.kafkaUser.authenticationType | default "scram-sha-512" }}
+ authorization:
+ type: {{ .Values.kafkaUser.authorizationType | default "simple" }}
+ acls:
+ {{- range $acl := .Values.kafkaUser.acls }}
+ - resource:
+ type: {{ $acl.type }}
+ patternType: {{ $acl.patternType | default "literal" }}
+ name: {{ ternary (printf "%s-%s" $acl.name $acl.suffix) $acl.name (hasKey $acl "suffix") }}
+ operations:
+ {{- range $operation := $acl.operations }}
+ - {{ . }}
+ {{- end }}
+ {{- end }}
+{{- end -}}
+
+{{/*
+ Create a Strimzi KafkaTopic.
+ Usage:
+ include "common.kafkatopic" .
+
+ Strimzi kafka provides kafka topic management via its custom resource definition KafkaTopic
+ which is deployed using its Topic Operator component.
+ See more info here - https://github.com/strimzi/strimzi-kafka-operator/blob/main/helm-charts/helm3/strimzi-kafka-operator/crds/043-Crd-kafkatopic.yaml
+
+ Note: KafkaTopic names should adhere to kubernetes object naming conventions - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/
+ maximum length of 253 characters and consist of lower case alphanumeric characters, -, and .
+
+ Note: The template will use the following default values.
+
+ spec.config.retention.ms: 7200000 (defaults to 2 hrs retention for kafka topic logs)
+ spec.config.segment.bytes: 1073741824 (defaults to 1gb)
+ spec.partitions: 6 (defaults to (2 * (default.replication.factor)) defined by the strimzi broker conf)
+ spec.replicas: 3 (defaults to default.replication.factor defined by the strimzi broker conf. Must be > 0 and <= (num of broker replicas))
+
+ The kafka topic definition is defined as part of .Values per component.
+
+ Example:
+
+ kafkaTopic:
+ - name: my-new-topic (mandatory)
+ retentionMs: 7200000 (optional. Defaults to 2hrs)
+ segmentBytes: 1073741824 (optional. Defaults to 1gb)
+ suffix: my-suffix (optional. Will be appended (with a hyphen) to the "name" value. ie "my-new-topic-my-suffix")
+ - name: my.other.topic
+ suffix: some.other-suffix
+*/}}
+{{- define "common.kafkatopic" -}}
+{{- $global := .global }}
+{{- range $topic := .Values.kafkaTopic }}
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaTopic
+metadata:
+ name: {{ ($topic.name) | lower }}-kt
+ labels:
+ strimzi.io/cluster: {{ include "common.release" $ }}-strimzi
+spec:
+ {{- if (hasKey $topic "partitions") }}
+ partitions: {{ $topic.partitions }}
+ {{- end }}
+ {{- if (hasKey $topic "replicas") }}
+ replicas: {{ $topic.replicas }}
+ {{- end }}
+ topicName: {{ ternary (printf "%s-%s" $topic.name $topic.suffix) $topic.name (hasKey $topic "suffix") }}
+ config:
+ retention.ms: {{ $topic.retentionMs | default "7200000" }}
+ segment.bytes: {{ $topic.segmentBytes | default "1073741824"}}
+---
+{{- end }}
+{{- end -}}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end }}
env:
- - name: ASDC_ADDRESS
- value: {{ .Values.externalServices.sdc_be_https }}
- - name: SCHEMA_MAP_PATH
- value: {{ .Values.schemaMap.directory }}/{{ .Values.schemaMap.filename }}
+ - name: SDC_ADDRESS
+ value: {{ .Values.externalServices.sdc_be_https }}
+ - name: SCHEMA_MAP_PATH
+ value: {{ .Values.schemaMap.directory }}/{{ .Values.schemaMap.filename }}
+ - name: SECURITY_PROTOCOL
+ value: {{ .Values.config.kafka.securityProtocol }}
+ - name: SASL_MECHANISM
+ value: {{ .Values.config.kafka.saslMechanism }}
+ - name: SASL_JAAS_CONFIG
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ves-openapi-kafka-secret" "key" "sasl.jaas.config") | indent 12 }}
volumeMounts:
- name: schema-map
mountPath: {{ .Values.schemaMap.directory }}
{{/*
-# Copyright © 2022 Nordix Foundation
+# Copyright (C) 2022 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-
{{ include "common.secretFast" . }}
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-
-{{- if .Values.global.kafka.useKafka }}
apiVersion: kafka.strimzi.io/v1beta2
kind: KafkaUser
metadata:
- name: {{ include "common.release" . }}-{{ .Values.global.kafka.sdcBeKafkaUser }}
+ name: {{ include "common.release" . }}-{{ .Values.vesOpenApiKafkaUser }}
labels:
strimzi.io/cluster: {{ include "common.release" . }}-strimzi
spec:
authentication:
- type: {{ .Values.config.kafka.saslMech }}
+ type: {{ .Values.config.kafka.saslMechanism | lower }}
authorization:
type: {{ .Values.config.kafka.authType }}
acls:
- resource:
type: group
- name: {{ .Values.config.kafka.topicConsumer.groupId }}-{{ .Values.env.name }}
+ name: {{ .Values.config.kafka.sdcTopic.consumerGroup }}
operation: Read
- resource:
type: topic
patternType: prefix
- name: {{ .Values.config.kafka.topicConsumer.pattern }}
+ name: {{ .Values.config.kafka.sdcTopic.pattern }}
operation: All
-{{- end }}
# Global values
global:
pullPolicy: Always
-image: onap/org.onap.dcaegen2.platform.ves-openapi-manager:1.2.0
+image: onap/org.onap.dcaegen2.platform.ves-openapi-manager:1.3.0
containerPort: &svc_port 8080
+secrets:
+ - uid: ves-openapi-kafka-secret
+ externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
+ type: genericKV
+ envs:
+ - name: sasl.jaas.config
+ value: '{{ .Values.config.someConfig }}'
+ policy: generate
+
+# application configuration
+config:
+ someConfig: blah
+ kafka:
+ bootstrapServer: strimzi-kafka-bootstrap:9092
+ securityProtocol: SASL_PLAINTEXT
+ saslMechanism: SCRAM-SHA-512
+ authType: simple
+ sdcTopic:
+ pattern: SDC-DIST
+ consumerGroup: dcaegen2
+ clientId: ves-openapi-manager
+
+vesOpenApiKafkaUser: ves-open-api-kafka-user
+
service:
ports:
- name: &port http
readinessCheck:
wait_for:
- - message-router
- sdc-be
flavor: small
global:
centralizedLoggingEnabled: true
hvVesKafkaUser: dcae-hv-ves-kafka-user
+ vesOpenApiKafkaUser: ves-open-api-kafka-user
#################################################################
# Filebeat Configuration Defaults.
# Control deployment of DCAE microservices at ONAP installation time
dcae-ves-openapi-manager:
enabled: true
+ config:
+ jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.vesOpenApiKafkaUser }}'
dcae-datafile-collector:
enabled: false
logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services'
version: 12.0.0
dependencies:
+ - name: common
+ version: ~12.x-0
+ repository: '@local'
- name: sdc-be
version: ~12.x-0
repository: 'file://components/sdc-be'
version: 12.0.0
dependencies:
+ - name: common
+ version: ~12.x-0
+ repository: '@local'
- name: certInitializer
version: ~12.x-0
repository: '@local'
fieldPath: status.podIP
{{- if .Values.global.kafka.useKafka }}
- name: SASL_JAAS_CONFIG
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdc-be-kafka-secret" "key" "sasl.jaas.config") | indent 12 }}
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: sasl.jaas.config
- name: USE_KAFKA
value: {{ .Values.global.kafka.useKafka | quote }}
{{- end }}
--- /dev/null
+{{/*
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{- if .Values.global.kafka.useKafka }}
+{{ include "common.kafkauser" . }}
+{{- end }}
+++ /dev/null
-{{/*
-# Copyright © 2022 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-{{- if .Values.global.kafka.useKafka }}
-apiVersion: kafka.strimzi.io/v1beta2
-kind: KafkaTopic
-metadata:
- name: sdc-distro-notif-topic
- labels:
- strimzi.io/cluster: {{ include "common.release" . }}-strimzi
-spec:
- topicName: {{ .Values.global.kafka.topics.sdcDistNotifTopic }}-{{ .Values.env.name }}
- config:
- retention.ms: {{ .Values.config.kafka.topicRetentionMs }}
- segment.bytes: {{ .Values.config.kafka.topicSegmentBytes }}
----
-apiVersion: kafka.strimzi.io/v1beta2
-kind: KafkaTopic
-metadata:
- name: sdc-distro-status-topic
- labels:
- strimzi.io/cluster: {{ include "common.release" . }}-strimzi
-spec:
- topicName: {{ .Values.global.kafka.topics.sdcDistStatusTopic }}-{{ .Values.env.name }}
- config:
- retention.ms: {{ .Values.config.kafka.topicRetentionMs }}
- segment.bytes: {{ .Values.config.kafka.topicSegmentBytes }}
-{{- end }}
\ No newline at end of file
replicaCount: 3
clusterName: cassandra
dataCenter: Pod
- # Strimzi kafka config
+ # Global Strimzi kafka config overridden
+ # from parent values.yaml
kafka:
useKafka: overridden-from-parent-values-yaml
- sdcBeKafkaUser: overridden-from-parent-values-yaml
- topics:
- sdcDistNotifTopic: overridden-from-parent-values-yaml
- sdcDistStatusTopic: overridden-from-parent-values-yaml
#################################################################
# Application configuration defaults.
#environment file
env:
- name: AUTO
+ name: &env AUTO
certInitializer:
nameOverride: sdc-be-cert-init
#################################################################
# SDC Config part
#################################################################
-
-secrets:
- - uid: sdc-be-kafka-secret
- externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
- type: genericKV
- envs:
- - name: sasl.jaas.config
- value: '{{ .Values.config.someConfig }}'
- policy: generate
-
config:
javaOptions: "-Xmx1536m -Xms1536m"
cassandraSslEnabled: "false"
- # Strimzi kafka config
- kafka:
- saslMech: scram-sha-512
- securityProtocol: SASL_PLAINTEXT
- authType: simple
- topicRetentionMs: 7200000
- topicSegmentBytes: 1073741824
- topicConsumer:
- pattern: SDC-DIST
- groupId: sdc
+
+kafkaUser:
+ acls:
+ - name: sdc
+ suffix: *env
+ type: group
+ operations: [Read]
+ - name: SDC-DISTR
+ type: topic
+ patternType: prefix
+ operations: [Read, Write]
+
# default number of instances
replicaCount: 1
]
},
"Kafka": {
- "bootstrap": "{{ include "common.release" . }}-{{ .Values.global.kafka.kafkaBootstrap }}"
+ "bootstrap": "{{ include "common.release" . }}-strimzi-kafka-bootstrap:9092"
},
+ {{- if .Values.global.kafka.useKafka }}
"DistributionTopics": {
"notificationTopicName": "{{ .Values.global.kafka.topics.sdcDistNotifTopic }}",
"statusTopicName": "{{ .Values.global.kafka.topics.sdcDistStatusTopic }}"
},
+ {{- end }}
"Nodes": {
"CS": [
"{{.Values.global.sdc_cassandra.serviceName}}.{{include "common.namespace" .}}"
--- /dev/null
+{{/*
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{- if .Values.global.kafka.useKafka }}
+{{ include "common.kafkatopic" . }}
+{{- end }}
\ No newline at end of file
clusterName: cassandra
dataCenter: Pod
centralizedLoggingEnabled: true
- # Kafka config
+ # global Kafka config passed to sdc-be chart
kafka:
+ # If true, the following Strimzi KafkaTopics will be created
useKafka: true
- sdcBeKafkaUser: sdc-be-kafka-user
- kafkaBootstrap: strimzi-kafka-bootstrap:9092
topics:
- sdcDistNotifTopic: SDC-DISTR-NOTIF-TOPIC
- sdcDistStatusTopic: SDC-DISTR-STATUS-TOPIC
+ sdcDistNotifTopic: ¬if-topic-name SDC-DISTR-NOTIF-TOPIC
+ sdcDistStatusTopic: &status-topic-name SDC-DISTR-STATUS-TOPIC
+
+# Environment file
+env:
+ name: &env AUTO
+
+kafkaTopic:
+ - name: *notif-topic-name
+ suffix: *env
+ - name: *status-topic-name
+ suffix: *env
sdc-be:
logConfigMapNamePrefix: '{{ include "common.release" . }}-sdc'
- config:
- jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.kafka.sdcBeKafkaUser }}'
sdc-fe:
logConfigMapNamePrefix: '{{ include "common.release" . }}-sdc'
sdc-onboarding-be:
sdc-wfd-fe:
logConfigMapNamePrefix: '{{ include "common.release" . }}-sdc'
-# Environment file
-env:
- name: AUTO
-
config:
logstashServiceName: log-ls
logstashPort: 5044
Code Review / oom.git / commitdiff