- name: 'James MacNider'
email: 'James.MacNider@amdocs.com'
company: 'Amdocs'
- id: 'James.MacNider'
+ id: 'jmac'
timezone: 'Canada/Ontario'
- name: 'Hong Guan'
email: 'hg4105@att.com'
+++ /dev/null
-#################################################################
-# Global configuration overrides.
-#
-# These overrides will affect all helm charts (ie. applications)
-# that are listed below and are 'enabled'.
-#################################################################
-global:
- # Change to an unused port prefix range to prevent port conflicts
- # with other instances running within the same k8s cluster
- nodePortPrefix: 302
-
- # image repositories
- repository: nexus3.onap.org:10001
- repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ==
- # readiness check
- readinessRepository: oomk8s
- # logging agent
- loggingRepository: docker.elastic.co
-
- # image pull policy
- pullPolicy: Always
-
- # default mount path root directory referenced
- # by persistent volumes and log files
- persistence:
- mountPath: /dockerdata-nfs
-
- # flag to enable debugging - application support required
- debugEnabled: false
-
-
-#################################################################
-# Enable/disable and configure helm charts (ie. applications)
-# to customize the ONAP deployment.
-#################################################################
-aaf:
- enabled: true
-aai:
- enabled: true
-appc:
- enabled: true
-clamp:
- enabled: true
-cli:
- enabled: true
-consul: # Consul Health Check Monitoring
- enabled: true
-dcaegen2:
- enabled: true
-esr:
- enabled: true
-log: # ONAP Logging ElasticStack
- enabled: true
-message-router:
- enabled: true
-mock:
- enabled: true
-msb:
- enabled: true
-multicloud:
- enabled: true
-policy:
- enabled: true
-portal:
- enabled: true
-robot: # Robot Health Check
- enabled: true
-sdc:
- enabled: true
-sdnc:
- enabled: true
-so: # Service Orchestrator
- enabled: true
-
- replicaCount: 1
-
- liveness:
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
- # so server configuration
- config:
- # message router configuration
- dmaapTopic: "AUTO"
- # openstack configuration
- openStackUserName: "vnf_user"
- openStackRegion: "RegionOne"
- openStackKeyStoneUrl: "http://1.2.3.4:5000"
- openStackServiceTenantName: "service"
- openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e"
-
- # configure embedded mariadb
- mariadb:
- config:
- mariadbRootPassword: password
-uui:
- enabled: true
-vfc:
- enabled: true
-vid:
- enabled: true
-vnfsdk:
- enabled: true
.. table:: OOM Software Requirements
- ============== ========== ===== ======= ========
- Release Kubernetes Helm kubectl Docker
- ============== ========== ===== ======= ========
- amsterdam 1.7.x 2.3.x 1.7.x 1.12.x
- beijing 1.8.10 2.8.2 1.8.10 17.03.x
- casablanca/master 1.8.10 2.9.1 1.8.10 17.03.x
- ============== ========== ===== ======= ========
+ ============== =========== ===== ======== ========
+ Release Kubernetes Helm kubectl Docker
+ ============== =========== ===== ======== ========
+ amsterdam 1.7.x 2.3.x 1.7.x 1.12.x
+ beijing 1.8.10 2.8.2 1.8.10 17.03.x
+ casablanca 1.11.2 2.9.1 1.11.2 17.03.x
+ ============== =========== ===== ======== ========
Minimum Hardware Configuration
==============================
-The minimum hardware requirements are provided below. Note that although ONAP
-may operate on a single node as described production deployments will need at
-least three if not six nodes to ensure there is no single point of failure.
+The hardware requirements are provided below. Note that this is for a
+full ONAP deployment (all components). Customizing ONAP to deploy only
+components that are needed will drastically reduce the requirements.
.. table:: OOM Hardware Requirements
===== ===== ====== ====================
RAM HD vCores Ports
===== ===== ====== ====================
- 128GB 160GB 32 0.0.0.0/0 (all open)
+ 224GB 160GB 112 0.0.0.0/0 (all open)
===== ===== ====== ====================
.. note::
- Kubernetes supports a maximum of 110 pods per node which forces one to use at
- least two nodes to deploy all of ONAP although at least three are recommended
- (for example 4x32GB - 8 vCores each). Subsets of ONAP may still be deployed
- on a single node.
+ Kubernetes supports a maximum of 110 pods per node. The use of many small
+ nodes is preferred over a few larger nodes (for example 14x16GB - 8 vCores each).
+ Subsets of ONAP may still be deployed on a single node.
Cloud Installation
==================
**Step 1.** Clone the OOM repository from ONAP gerrit::
- > git clone -b beijing http://gerrit.onap.org/r/oom
+ > git clone -b casablanca http://gerrit.onap.org/r/oom
> cd oom/kubernetes
+**Step 2.** Install Helm Plugins required to deploy the ONAP Casablanca release::
+ sudo cp -R ~/oom/kubernetes/helm/plugins/ ~/.helm
-**Step 2.** Customize the onap/values.yaml file to suit your deployment. You
+**Step 3.** Customize the onap/values.yaml file to suit your deployment. You
may want to selectively enable or disable ONAP components by changing the
`enabled: true/false` flags as shown below:
-.. code-block:: yaml
-
- #################################################################
- # Global configuration overrides.
- #
- # These overrides will affect all helm charts (ie. applications)
- # that are listed below and are 'enabled'.
- #################################################################
- global:
- # Change to an unused port prefix range to prevent port conflicts
- # with other instances running within the same k8s cluster
- nodePortPrefix: 302
-
- # image repositories
- repository: nexus3.onap.org:10001
- repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ==
- # readiness check
- readinessRepository: oomk8s
- # logging agent
- loggingRepository: docker.elastic.co
-
- # image pull policy
- pullPolicy: Always
-
- # default mount path root directory referenced
- # by persistent volumes and log files
- persistence:
- mountPath: /dockerdata-nfs
-
- # flag to enable debugging - application support required
- debugEnabled: false
-
- #################################################################
- # Enable/disable and configure helm charts (ie. applications)
- # to customize the ONAP deployment.
- #################################################################
- aaf:
- enabled: true
- aai:
- enabled: true
- appc:
- enabled: true
- clamp:
- enabled: true
- cli:
- enabled: true
- consul: # Consul Health Check Monitoring
- enabled: true
- dcaegen2:
- enabled: true
- esr:
- enabled: true
- log:
- enabled: true
- message-router:
- enabled: true
- mock:
- enabled: true
- msb:
- enabled: true
- multicloud:
- enabled: true
- policy:
- enabled: true
- portal:
- enabled: true
- robot: # Robot Health Check
- enabled: true
- sdc:
- enabled: true
- sdnc:
- enabled: true
- so: # Service Orchestrator
- enabled: true
-
- replicaCount: 1
-
- liveness:
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
- # so server configuration
- config:
- # message router configuration
- dmaapTopic: "AUTO"
- # openstack configuration
- openStackUserName: "vnf_user"
- openStackRegion: "RegionOne"
- openStackKeyStoneUrl: "http://1.2.3.4:5000"
- openStackServiceTenantName: "service"
- openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e"
-
- # configure embedded mariadb
- mariadb:
- config:
- mariadbRootPassword: password
- uui:
- enabled: true
- vfc:
- enabled: true
- vid:
- enabled: true
- vnfsdk:
- enabled: true
+.. literalinclude:: onap-values.yaml
+ :language: yaml
.. note::
To generate openStackEncryptedPasswordHere :
**Step 5.** Build a local Helm repository (from the kubernetes directory)::
- > make all
+ > make all; make onap
**Step 6.** Display the charts that available to be deployed::
> helm search -l
- NAME VERSION DESCRIPTION
- local/appc 2.0.0 Application Controller
- local/clamp 2.0.0 ONAP Clamp
- local/common 2.0.0 Common templates for inclusion in other charts
- local/onap 2.0.0 Open Network Automation Platform (ONAP)
- local/robot 2.0.0 A helm Chart for kubernetes-ONAP Robot
- local/so 2.0.0 ONAP Service Orchestrator
+.. literalinclude:: helm-search.txt
.. note::
The setup of the Helm repository is a one time activity. If you make changes to your deployment charts or values be sure to use `make` to update your local Helm repository.
**Step 7.** Once the repo is setup, installation of ONAP can be done with a
single command::
- > helm install local/onap -n dev --namespace onap
+ > helm deploy dev local/onap --namespace onap
-.. note::
- The requirement for the use of the `onap` namespace will be lifted once the OOM team completes their Beijing deveivers.
Use the following to monitor your deployment and determine when ONAP is ready for use::
> kubectl get pods --all-namespaces -o=wide
+
+Undeploying onap can be done using the following command::
+ > helm undeploy dev --purge
+
+
+More examples of using the deploy and undeploy plugins can be found here: https://wiki.onap.org/display/DW/OOM+Helm+%28un%29Deploy+plugins
\ No newline at end of file
Select Flavor
-------------
Known issues exist if flavor is too small for Rancher. Please select a flavor
-with at least 4 vCPU and 8GB ram.
+with at least 4 vCPU and 8GB ram. A size of 8 vCPU and 16GB ram is recommended.
.. image:: Rancher-Select_Flavor.jpeg
* install nfs server
.. note::
- The Beijing release of OOM only supports Helm 2.8.2 not the 2.7.2 shown in
+ The Casablanca release of OOM only supports Helm 2.9.1 not the 2.7.2 shown in
the screen capture below. The supported versions of all the software components
are listed in the :ref:`cloud-setup-guide-label`.
The size of a Kubernetes host depends on the size of the ONAP deployment that
will be installed.
-As of the Beijing release a minimum of 3 x 32GB hosts will be needed to run a
-full ONAP deployment (all components).
+As of the Casablanca release a minimum 224GB will be needed to run a
+full ONAP deployment (all components). It is recommended that more hosts are used
+with fewer resources instead of only a few large hosts. For example 14 x 16GB hosts.
If a small subset of ONAP components are being deployed for testing purposes,
then a single 16GB or 32GB host should suffice.
To prepare your system for an installation of ONAP, you'll need to::
- > git clone -b beijing http://gerrit.onap.org/r/oom
+ > git clone -b casablanca http://gerrit.onap.org/r/oom
> cd oom/kubernetes
To deploy ONAP with this environment file, enter::
- > helm install local/onap -n beijing -f environments/onap-production.yaml
+ > helm deploy local/onap -n casablanca -f environments/onap-production.yaml
.. include:: environments_onap_demo.yaml
:code: yaml
10.12.6.155 portal.api.simpledemo.onap.org
10.12.6.155 vid.api.simpledemo.onap.org
10.12.6.155 sdc.api.fe.simpledemo.onap.org
+ 10.12.6.155 sdc.workflow.plugin.simpledemo.onap.org
+ 10.12.6.155 sdc.dcae.plugin.simpledemo.onap.org
10.12.6.155 portal-sdk.simpledemo.onap.org
10.12.6.155 policy.api.simpledemo.onap.org
10.12.6.155 aai.api.sparky.simpledemo.onap.org
10.12.6.155 cli.api.simpledemo.onap.org
10.12.6.155 msb.api.discovery.simpledemo.onap.org
+ 10.12.6.155 msb.api.simpledemo.onap.org
+ 10.12.6.155 clamp.api.simpledemo.onap.org
+ 10.12.6.155 so.api.simpledemo.onap.org
Ensure you've disabled any proxy settings the browser you are using to access
-the portal and then simply access the familiar URL:
-http://portal.api.simpledemo.onap.org:8989/ONAPPORTAL/login.htm
+the portal and then simply access now the new ssl-encrypted URL:
+https://portal.api.simpledemo.onap.org:30225/ONAPPORTAL/login.htm
+.. note::
+ Using the HTTPS based Portal URL the Browser needs to be configured to accept
+ unsecure credentials.
+ Additionally when opening an Application inside the Portal, the Browser
+ might block the content, which requires to disable the blocking and reloading
+ of the page
+
+.. note::
+ Besides the ONAP Portal the Components can deliver additional user interfaces,
+ please check the Component specific documentation.
.. note::
For example, to upgrade a container by changing configuration, specifically an
environment value::
- > helm upgrade beijing onap/so --version 2.0.1 --set enableDebug=true
+ > helm deploy casablanca onap/so --version 2.0.1 --set enableDebug=true
Issuing this command will result in the appropriate container being stopped by
Kubernetes and replaced with a new container with the new environment value.
To upgrade a component to a new version with a new configuration file enter::
- > helm upgrade beijing onap/so --version 2.0.2 -f environments/demo.yaml
+ > helm deploy casablanca onap/so --version 2.0.2 -f environments/demo.yaml
To fetch release history enter::
what will happen with a given command prior to actually deleting anything. For
example::
- > helm delete --dry-run beijing
+ > helm undeploy casablanca --dry-run
-will display the outcome of deleting the 'beijing' release from the deployment.
+will display the outcome of deleting the 'casablanca' release from the deployment.
To completely delete a release and remove it from the internal store enter::
- > helm delete --purge beijing
+ > helm undeploy casablanca --purge
One can also remove individual components from a deployment by changing the
ONAP configuration values. For example, to remove `so` from a running
deployment enter::
- > helm upgrade beijing osn/onap --set so.enabled=false
+ > helm undeploy casablanca-so --purge
will remove `so` as the configuration indicates it's no longer part of the
deployment. This might be useful if a one wanted to replace just `so` by
#!/bin/bash
DOCKER_VERSION=17.03
-KUBECTL_VERSION=1.8.10
+KUBECTL_VERSION=1.11.2
HELM_VERSION=2.9.1
# setup root access - default login: oom/oom - comment out to restrict access too ssh key only
#!/bin/bash
DOCKER_VERSION=17.03
-RANCHER_VERSION=1.6.18
-KUBECTL_VERSION=1.8.10
+RANCHER_VERSION=1.6.22
+KUBECTL_VERSION=1.11.2
HELM_VERSION=2.9.1
# setup root access - default login: oom/oom - comment out to restrict access too ssh key only
Release Notes
=============
+Version 3.0.0 Casablanca Release
+--------------------------------
+
+:Release Date: 2018-11-30
+
+Summary
+=======
+
+The focus of this release was on incremental improvements in the following areas:
+* Pluggable persistent storage with support for GlusterFS as the first storage class provisioner
+* CPU and Memory limits in Helm Charts to improve Pod placement based on resource availablity in Kubernetes Cluster
+* Support of Node Selectors for Pod placement
+* Common "shared" Helm Charts referencing common images
+ - mariadb-galera
+ - postgres
+ - cassandra
+ - mysql
+ - mongo
+* Integration of ARK Backup and Restore solution
+* Introduction of Helm deploy and undeploy plugins to better manage ONAP deployments
+
+
+**Security Notes**
+
+OOM code has been formally scanned during build time using NexusIQ and no Critical vulnerability was found.
+
+Quick Links:
+ - `OOM project page <https://wiki.onap.org/display/DW/ONAP+Operations+Manager+Project>`_
+
+ - `Passing Badge information for OOM <https://bestpractices.coreinfrastructure.org/en/projects/1631>`_
+
+
+**Known Issues**
+
+Problem: kubectl connections to pods (kubectl exec|logs) will fail after a while due to a known bug in Kubernetes (1.11.2)
+Workaround: Restart of the kubelet daemons on the k8s hosts
+Fix: Will be delivered in the next release via a new Kubernetes version (1.12)
+- `K8S Bug Report <https://github.com/kubernetes/kubernetes/issues/67659>`_
+- `OOM-1532 <https://jira.onap.org/browse/OOM-1532>`_
+- `OOM-1516 <https://jira.onap.org/browse/OOM-1516>`_
+- `OOM-1520 <https://jira.onap.org/browse/OOM-1520>`_
+
+
Version 2.0.0 Beijing Release
-----------------------------
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
-all: $(COMMON_CHARTS_DIR) $(HELM_CHARTS)
+all: $(COMMON_CHARTS_DIR) $(HELM_CHARTS) plugins
$(COMMON_CHARTS):
@echo "\n[$@]"
@find . -type f -name '*.tgz' -delete
@rm -rf $(PACKAGE_DIR)/*
+# publish helm plugins via distrubtion directory
+plugins:
+ @cp -R helm $(PACKAGE_DIR)/
+
# start up a local helm repo to serve up helm chart packages
repo:
@mkdir -p $(PACKAGE_DIR)
mountSubPath: sms/consul/data
service:
- type: NodePort
+ type: ClusterIP
name: aaf-sms-db
portName: aaf-sms-db
internalPort: 8200
- nodePort: 44
+ externalPort: 8200
ingress:
enabled: false
--- /dev/null
+credential.cache.timeout.ms=180000
+transactionid.header.name=X-TransactionId
\ No newline at end of file
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+
+ <property name="LOGS" value="./logs/AAF-FPS" />
+ <property name="FILEPREFIX" value="application" />
+
+ <appender name="Console"
+ class="ch.qos.logback.core.ConsoleAppender">
+ <layout class="ch.qos.logback.classic.PatternLayout">
+ <Pattern>
+ %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
+ </Pattern>
+ </layout>
+ </appender>
+
+ <appender name="RollingFile"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${LOGS}/${FILEPREFIX}.log</file>
+ <encoder
+ class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
+ <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
+ </encoder>
+
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <!-- rollover daily and when the file reaches 10 MegaBytes -->
+ <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
+ </fileNamePattern>
+ <timeBasedFileNamingAndTriggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
+ <maxFileSize>10MB</maxFileSize>
+ </timeBasedFileNamingAndTriggeringPolicy>
+ </rollingPolicy>
+ </appender>
+
+ <!-- LOG everything at INFO level -->
+ <root level="info">
+ <appender-ref ref="RollingFile" />
+ <appender-ref ref="Console" />
+ </root>
+
+ <!-- LOG "com.baeldung*" at TRACE level -->
+ <logger name="org.onap.aaf.fproxy" level="trace" additivity="false">
+ <appender-ref ref="RollingFile" />
+ <appender-ref ref="Console" />
+ </logger>
+
+</configuration>
\ No newline at end of file
--- /dev/null
+Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file
--- /dev/null
+[
+ {
+ "uri": "\/not\/allowed\/at\/all$",
+ "permissions": [
+ "test.auth.access.ifYouLikedItYouShouldHavePutAPermissionOnIt"
+ ]
+ },
+ {
+ "uri": "\/one\/auth\/required$",
+ "permissions": [
+ "test.auth.access.aSimpleSingleAuth"
+ ]
+ },
+ {
+ "uri": "\/multi\/auth\/required$",
+ "permissions": [
+ "test.auth.access.aMultipleAuth1",
+ "test.auth.access.aMultipleAuth2",
+ "test.auth.access.aMultipleAuth3"
+ ]
+ },
+ {
+ "uri": "\/one\/[^\/]+\/required$",
+ "permissions": [
+ "test.auth.access.aSimpleSingleAuth"
+ ]
+ },
+ {
+ "uri": "\/services\/getAAFRequest$",
+ "permissions": [
+ "test.auth.access|services|GET,PUT"
+ ]
+ },
+ {
+ "uri": "\/admin\/getAAFRequest$",
+ "permissions": [
+ "test.auth.access|admin|GET,PUT,POST"
+ ]
+ },
+ {
+ "uri": "\/service\/aai\/webapp\/index.html$",
+ "permissions": [
+ "test.auth.access|services|GET,PUT"
+ ]
+ },
+ {
+ "uri": "\/services\/aai\/webapp\/index.html$",
+ "permissions": [
+ "test.auth.access|services|GET,PUT"
+ ]
+ },
+ {
+ "uri": "\/$",
+ "permissions": [
+ "\\|services\\|GET",
+ "test\\.auth\\.access\\|services\\|GET,PUT"
+ ]
+ },
+ {
+ "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions$",
+ "permissions": [
+ "test\\.auth\\.access\\|rest\\|read"
+ ]
+ },
+ {
+ "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+$*",
+ "permissions": [
+ "test.auth.access|clouds|read",
+ "test.auth.access|tenants|read"
+ ]
+ },
+ {
+ "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+\/tenants/tenant/[^\/]+/vservers/vserver/[^\/]+$",
+ "permissions": [
+ "test.auth.access|clouds|read",
+ "test.auth.access|tenants|read",
+ "test.auth.access|vservers|read"
+ ]
+ },
+ {
+ "uri": "\/backend$",
+ "permissions": [
+ "test\\.auth\\.access\\|services\\|GET,PUT",
+ "\\|services\\|GET"
+ ]
+ },
+ {
+ "uri": "\/services\/babel-service\/.*",
+ "permissions": [
+ "org\\.access\\|\\*\\|\\*"
+ ]
+ }
+]
--- /dev/null
+# This is a normal Java Properties File
+# Comments are with Pound Signs at beginning of lines,
+# and multi-line expression of properties can be obtained by backslash at end of line
+
+#hostname is used for local testing where you may have to set your hostname to **.att.com or **.sbc.com. The example given below
+#will allow for an ATT cross domain cookie to be used for GLO. If you are running on Windows corp machine, your machine name
+#may be used automatically by cadi. However, if it is not, you will need to use hostname=mywebserver.att.com and add mywebserver.att.com
+#to your hosts file on your machine.
+#hostname=test.aic.cip.att.com
+
+cadi_loglevel=DEBUG
+cadi_keyfile=/opt/app/rproxy/config/security/keyfile
+
+cadi_truststore=/opt/app/rproxy/config/auth/tomcat_keystore
+cadi_truststore_password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+
+# Configure AAF
+aaf_url=https://{{.Values.global.aaf.serverHostname}}:{{.Values.global.aaf.serverPort}}
+aaf_env=DEV
+
+aaf_id=demo@people.osaaf.org
+aaf_password=enc:92w4px0y_rrm265LXLpw58QnNPgDXykyA1YTrflbAKz
+
+# This is a colon separated list of client cert issuers
+cadi_x509_issuers=CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA
--- /dev/null
+forward-proxy.protocol = https
+forward-proxy.host = localhost
+forward-proxy.port = 10680
+forward-proxy.cacheurl = /credential-cache
\ No newline at end of file
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+
+ <property name="LOGS" value="./logs/reverse-proxy" />
+ <property name="FILEPREFIX" value="application" />
+
+ <appender name="Console"
+ class="ch.qos.logback.core.ConsoleAppender">
+ <layout class="ch.qos.logback.classic.PatternLayout">
+ <Pattern>
+ %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
+ </Pattern>
+ </layout>
+ </appender>
+
+ <appender name="RollingFile"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${LOGS}/${FILEPREFIX}.log</file>
+ <encoder
+ class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
+ <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
+ </encoder>
+
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <!-- rollover daily and when the file reaches 10 MegaBytes -->
+ <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
+ </fileNamePattern>
+ <timeBasedFileNamingAndTriggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
+ <maxFileSize>10MB</maxFileSize>
+ </timeBasedFileNamingAndTriggeringPolicy>
+ </rollingPolicy>
+ </appender>
+
+ <!-- LOG everything at INFO level -->
+ <root level="debug">
+ <appender-ref ref="RollingFile" />
+ <appender-ref ref="Console" />
+ </root>
+
+ <!-- LOG "com.baeldung*" at TRACE level -->
+ <logger name="org.onap.aaf.rproxy" level="trace" additivity="false">
+ <appender-ref ref="RollingFile" />
+ <appender-ref ref="Console" />
+ </logger>
+
+</configuration>
--- /dev/null
+primary-service.protocol = https
+primary-service.host = localhost
+primary-service.port = 9516
--- /dev/null
+Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file
--- /dev/null
+transactionid.header.name=X-TransactionId
\ No newline at end of file
--- /dev/null
+bZNOXiGDJ2_eiKBKWYLIFx27URvb-SWfmOl2d-QKetcVKIupOrsG-ScS_VXOtKN3Yxfb2cR6t7oM
+1RNpDnhsKAxDLM6A62IkS_h_Rp3Q9c2JeyomVmyiuHR7a2ARbelaMrX8WDrxXI_t9ce4pIHDVE29
+xiQm3Bdp7d7IiKkgg-ipvOU7Y6NEzeQbvHlHvRTJ3ZZMSwHxBOA5M8DhKN-AF1sqwozEVaNAuJxK
+BVdh72A6KTW7ieb_GvVQQp8h32BuOz8oJhZV7KaGXsWTEvXg9ImboY0h7Sl9hufgn1ZtDK1jxzGm
+6O6LBg1qezzZaFGTXRmHvaeYmEeYSu0bGsU4x-JCU0RyhNTzFhkhjNoccaqPXBdcJymLf096mD99
+QLS8nyji_KtLQJL1fqr500c8p6SOURLPgG6Gzkn4ghgFYlfgve92xs1R3ggHKhNTLV4HJ4O6iSDm
+zCoHeRbsZR1JER9yxT-v8NtcHOMAZe1oDQeY6jVyxb-bhaonN6eZPI4nyF6MHJQtWKhGARC_kOs6
+x9E0ZdAEp5TrX7F7J5PwkXzbCOuSiTVftOBum43iUB4q9He8tn2tJ0X4LtLHT3bPl16wWnZm9RPf
+8wBtTJh4QP_cTStPq1ftSaLIAuqVFpbiC2DxGemXZn3QvykuYqa-rKeYPoIJ5dtWd5rNb_hhcSIz
+FakKTELb0HWYGji98TBF6PaStea2f2m-wGX_uQGD7_Dijl6AgnV9koKVs1bN1XljLtNMPbLdD8sz
+UCvc5lwvCFyyeunljI7os1fgwBmaMyckflq5VfZv9kFxom6jFLbcozylQ_uBg4j7oCP79IXVUI-r
+banZltOSmm8zHGc2R9UlUyxJWBi01yxwi1hUtn9g1H4RtncQpu3BY0Qvu5YLAmS5imivUnGVZWbv
+6wcqnJt5HwaVatE9NHONSLNTViQPsUOutWZBZxhJtAncdZuWOYZSh4TPzUJWvt6zT0E3YMBc_UuG
+yPmdLyqo7qGHR8YWRqq_vq6ISJqENMnVD6X9-BeI6KM4GPEAlDWyhgENXxQFjG45ufg3UpP8LBTB
+xDntlfkphRumsd13-8IlvwVtlpgnbuCMbwP_-lNVeNJcdA1InPt79oY-SEVZ-RVM1881ZASCnFeB
+lh3BTc_bGQ8YoC9s6iHtcCK_1SdbwzBfQBJUqqcYsa8hJLe-j8di7KCaFzI3a-UXWKuuWljpbKbq
+ibd48UFJt_34_GxkD6bmLxycuNH-og2Sd2VcYU0o5UarcrY4-2sgFPE7Mzxovrl98uayfgNF9DqE
+fJ4MwFGqLRtEHlm4zfuMxQ5Rh_giMUHDJApc1DYRkxdGbNUd4bC4aRBln2IhN-rNKbSVtiW_uT6v
+1KTMGmElvktjPWybJd2SvhT5qOLUM81-cmZzAsNa04jxZLBlQn_1fel3IroVos4Ohbdhar2NG6T5
+liten9RZ9P4Cg9RWhgeQonAD5kqLWXAHnCfffb5CVcAU5PHqkCgCbdThvD0-zIGETLO9AE0jKISc
+0o67CUZn3MzJ9pP_3gh-ALr2w-KAwqasqCf0igf1wmEDijv9wEDcgDm39ERIElTpGKgfyuVl4F8u
+PrpK5ZfpUYySUB6CZFQVVz0MvH6E7orQk4dCKFIimV_XwEtGijBttrTvyV6xYNScAEw_olt-0mdm
+8UEKSsuqSyDMxUWLjKJT19rNedahYJNtI87WR9Fhhjsrai9Or3a-srOYa56wcvSj2ZHbkevbO9Xv
+dQ2wzWCGEAMQSpSr83n0XEpR2pZT19Z19Svbhr08mnt2JNykCk60FLCeDTUOylJtYw6YOjqBizQZ
+-85B51BCbSEaAKJkgT9-8n_-LGW5aPBrBB_9FT7UIYczNEt3B1Lqr2s4ipPI_36JecEfqaS2cNLn
+c0ObAtNGAONkhO5LYLneMR3fZPMFuOX1-rMObPgE0i9dYqWDZ_30w9rpRsmiWyxYi5lvWDxU5L1J
+uJxwREz3oa_VgpSC3Y2oxCufdQwzBk57iVLDOb1qs_Hwj1SWd1nukWyAo2-g5sR1folAEcao
\ No newline at end of file
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+
+{{ if .Values.global.installSidecarSecurity }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-fproxy-config
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/fproxy/config/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-fproxy-log-config
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/fproxy/config/logback-spring.xml").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-rproxy-config
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-rproxy-log-config
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/logback-spring.xml").AsConfig . | indent 2 }}
+{{ end }}
\ No newline at end of file
app: {{ include "common.name" . }}
release: {{ .Release.Name }}
spec:
+ {{ if .Values.global.installSidecarSecurity }}
+ hostAliases:
+ - ip: {{ .Values.global.aaf.serverIp }}
+ hostnames:
+ - {{ .Values.global.aaf.serverHostname }}
+
+ initContainers:
+ - name: {{ .Values.global.tproxyConfig.name }}
+ image: "{{ include "common.repository" . }}/{{ .Values.global.tproxyConfig.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ securityContext:
+ privileged: true
+ {{ end }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- mountPath: /usr/share/filebeat/data
name: aai-filebeat
+ {{ if .Values.global.installSidecarSecurity }}
+ - name: {{ .Values.global.rproxy.name }}
+ image: "{{ include "common.repository" . }}/{{ .Values.global.rproxy.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: CONFIG_HOME
+ value: "/opt/app/rproxy/config"
+ - name: KEY_STORE_PASSWORD
+ value: {{ .Values.config.keyStorePassword }}
+ - name: spring_profiles_active
+ value: {{ .Values.global.rproxy.activeSpringProfiles }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-rproxy-config
+ mountPath: /opt/app/rproxy/config/forward-proxy.properties
+ subPath: forward-proxy.properties
+ - name: {{ include "common.fullname" . }}-rproxy-config
+ mountPath: /opt/app/rproxy/config/primary-service.properties
+ subPath: primary-service.properties
+ - name: {{ include "common.fullname" . }}-rproxy-config
+ mountPath: /opt/app/rproxy/config/reverse-proxy.properties
+ subPath: reverse-proxy.properties
+ - name: {{ include "common.fullname" . }}-rproxy-config
+ mountPath: /opt/app/rproxy/config/cadi.properties
+ subPath: cadi.properties
+ - name: {{ include "common.fullname" . }}-rproxy-log-config
+ mountPath: /opt/app/rproxy/config/logback-spring.xml
+ subPath: logback-spring.xml
+ - name: {{ include "common.fullname" . }}-rproxy-auth-config
+ mountPath: /opt/app/rproxy/config/auth/tomcat_keystore
+ subPath: tomcat_keystore
+ - name: {{ include "common.fullname" . }}-rproxy-auth-config
+ mountPath: /opt/app/rproxy/config/auth/client-cert.p12
+ subPath: client-cert.p12
+ - name: {{ include "common.fullname" . }}-rproxy-auth-config
+ mountPath: /opt/app/rproxy/config/auth/uri-authorization.json
+ subPath: uri-authorization.json
+ - name: {{ include "common.fullname" . }}-rproxy-auth-config
+ mountPath: /opt/app/rproxy/config/auth/aaf_truststore.jks
+ subPath: aaf_truststore.jks
+ - name: {{ include "common.fullname" . }}-rproxy-security-config
+ mountPath: /opt/app/rproxy/config/security/keyfile
+ subPath: keyfile
+
+ ports:
+ - containerPort: {{ .Values.global.rproxy.port }}
+
+ - name: {{ .Values.global.fproxy.name }}
+ image: "{{ include "common.repository" . }}/{{ .Values.global.fproxy.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: CONFIG_HOME
+ value: "/opt/app/fproxy/config"
+ - name: KEY_STORE_PASSWORD
+ value: {{ .Values.config.keyStorePassword }}
+ - name: spring_profiles_active
+ value: {{ .Values.global.fproxy.activeSpringProfiles }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-fproxy-config
+ mountPath: /opt/app/fproxy/config/fproxy.properties
+ subPath: fproxy.properties
+ - name: {{ include "common.fullname" . }}-fproxy-log-config
+ mountPath: /opt/app/fproxy/config/logback-spring.xml
+ subPath: logback-spring.xml
+ - name: {{ include "common.fullname" . }}-fproxy-auth-config
+ mountPath: /opt/app/fproxy/config/auth/tomcat_keystore
+ subPath: tomcat_keystore
+ - name: {{ include "common.fullname" . }}-fproxy-auth-config
+ mountPath: /opt/app/fproxy/config/auth/client-cert.p12
+ subPath: client-cert.p12
+ ports:
+ - containerPort: {{ .Values.global.fproxy.port }}
+ {{ end }}
+
volumes:
- name: localtime
hostPath:
emptyDir: {}
- name: aai-filebeat
emptyDir: {}
+ {{ if .Values.global.installSidecarSecurity }}
+ - name: {{ include "common.fullname" . }}-rproxy-config
+ configMap:
+ name: {{ include "common.fullname" . }}-rproxy-config
+ - name: {{ include "common.fullname" . }}-rproxy-log-config
+ configMap:
+ name: {{ include "common.fullname" . }}-rproxy-log-config
+ - name: {{ include "common.fullname" . }}-rproxy-auth-config
+ secret:
+ secretName: {{ include "common.fullname" . }}-rproxy-auth-config
+ - name: {{ include "common.fullname" . }}-rproxy-security-config
+ secret:
+ secretName: {{ include "common.fullname" . }}-rproxy-security-config
+ - name: {{ include "common.fullname" . }}-fproxy-config
+ configMap:
+ name: {{ include "common.fullname" . }}-fproxy-config
+ - name: {{ include "common.fullname" . }}-fproxy-log-config
+ configMap:
+ name: {{ include "common.fullname" . }}-fproxy-log-config
+ - name: {{ include "common.fullname" . }}-fproxy-auth-config
+ secret:
+ secretName: {{ include "common.fullname" . }}-fproxy-auth-config
+ {{ end }}
+
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
data:
KEY_STORE_PASSWORD: {{ .Values.config.keyStorePassword | b64enc | quote }}
KEY_MANAGER_PASSWORD: {{ .Values.config.keyManagerPassword | b64enc | quote }}
+
+{{ if .Values.global.installSidecarSecurity }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.fullname" . }}-fproxy-auth-config
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/fproxy/config/auth/*").AsSecrets . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.fullname" . }}-rproxy-auth-config
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/auth/*").AsSecrets . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.fullname" . }}-rproxy-security-config
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/security/*").AsSecrets . | indent 2 }}
+{{ end }}
\ No newline at end of file
spec:
type: {{ .Values.service.type }}
ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort}}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort}}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
+ {{ if .Values.global.installSidecarSecurity }}
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.global.rproxy.port }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.global.rproxy.port }}
+ name: {{ .Values.service.portName }}
+ {{- end}}
+ {{ else }}
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ {{- end}}
+ {{ end }}
selector:
app: {{ include "common.name" . }}
release: {{ .Release.Name }}
cpu: 2
memory: 4Gi
requests:
- cpu: 1
- memory: 2Gi
+ cpu: 0.5
+ memory: 1Gi
large:
limits:
cpu: 4
memory: 8Gi
requests:
- cpu: 4
- memory: 8Gi
+ cpu: 2
+ memory: 2Gi
unlimited: {}
--- /dev/null
+credential.cache.timeout.ms=180000
+transactionid.header.name=X-TransactionId
\ No newline at end of file
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+
+ <property name="LOGS" value="./logs/AAF-FPS" />
+ <property name="FILEPREFIX" value="application" />
+
+ <appender name="Console"
+ class="ch.qos.logback.core.ConsoleAppender">
+ <layout class="ch.qos.logback.classic.PatternLayout">
+ <Pattern>
+ %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
+ </Pattern>
+ </layout>
+ </appender>
+
+ <appender name="RollingFile"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${LOGS}/${FILEPREFIX}.log</file>
+ <encoder
+ class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
+ <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
+ </encoder>
+
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <!-- rollover daily and when the file reaches 10 MegaBytes -->
+ <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
+ </fileNamePattern>
+ <timeBasedFileNamingAndTriggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
+ <maxFileSize>10MB</maxFileSize>
+ </timeBasedFileNamingAndTriggeringPolicy>
+ </rollingPolicy>
+ </appender>
+
+ <!-- LOG everything at INFO level -->
+ <root level="info">
+ <appender-ref ref="RollingFile" />
+ <appender-ref ref="Console" />
+ </root>
+
+ <!-- LOG "com.baeldung*" at TRACE level -->
+ <logger name="org.onap.aaf.fproxy" level="trace" additivity="false">
+ <appender-ref ref="RollingFile" />
+ <appender-ref ref="Console" />
+ </logger>
+
+</configuration>
\ No newline at end of file
--- /dev/null
+Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file
--- /dev/null
+ [
+ {
+ "uri": "\/not\/allowed\/at\/all$",
+ "permissions": [
+ "test.auth.access.ifYouLikedItYouShouldHavePutAPermissionOnIt"
+ ]
+ },
+ {
+ "uri": "\/one\/auth\/required$",
+ "permissions": [
+ "test.auth.access.aSimpleSingleAuth"
+ ]
+ },
+ {
+ "uri": "\/multi\/auth\/required$",
+ "permissions": [
+ "test.auth.access.aMultipleAuth1",
+ "test.auth.access.aMultipleAuth2",
+ "test.auth.access.aMultipleAuth3"
+ ]
+ },
+ {
+ "uri": "\/one\/[^\/]+\/required$",
+ "permissions": [
+ "test.auth.access.aSimpleSingleAuth"
+ ]
+ },
+ {
+ "uri": "\/services\/getAAFRequest$",
+ "permissions": [
+ "test.auth.access|services|GET,PUT"
+ ]
+ },
+ {
+ "uri": "\/admin\/getAAFRequest$",
+ "permissions": [
+ "test.auth.access|admin|GET,PUT,POST"
+ ]
+ },
+ {
+ "uri": "\/service\/aai\/webapp\/index.html$",
+ "permissions": [
+ "test.auth.access|services|GET,PUT"
+ ]
+ },
+ {
+ "uri": "\/services\/aai\/webapp\/index.html$",
+ "permissions": [
+ "test.auth.access|services|GET,PUT"
+ ]
+ },
+ {
+ "uri": "\/$",
+ "permissions": [
+ "\\|services\\|GET",
+ "test\\.auth\\.access\\|services\\|GET,PUT"
+ ]
+ },
+ {
+ "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions$",
+ "permissions": [
+ "test\\.auth\\.access\\|rest\\|read"
+ ]
+ },
+ {
+ "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+$*",
+ "permissions": [
+ "test.auth.access|clouds|read",
+ "test.auth.access|tenants|read"
+ ]
+ },
+ {
+ "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+\/tenants/tenant/[^\/]+/vservers/vserver/[^\/]+$",
+ "permissions": [
+ "test.auth.access|clouds|read",
+ "test.auth.access|tenants|read",
+ "test.auth.access|vservers|read"
+ ]
+ },
+ {
+ "uri": "\/backend$",
+ "permissions": [
+ "test\\.auth\\.access\\|services\\|GET,PUT",
+ "\\|services\\|GET"
+ ]
+ },
+ {
+ "uri": "\/services\/inventory\/.*",
+ "permissions": [
+ "org\\.access\\|\\*\\|\\*"
+ ]
+ },
+ {
+ "uri": "\/services\/champ-service\/.*",
+ "permissions": [
+ "org\\.access\\|\\*\\|\\*"
+ ]
+ }
+ ]
--- /dev/null
+# This is a normal Java Properties File
+# Comments are with Pound Signs at beginning of lines,
+# and multi-line expression of properties can be obtained by backslash at end of line
+
+#hostname is used for local testing where you may have to set your hostname to **.att.com or **.sbc.com. The example given below
+#will allow for an ATT cross domain cookie to be used for GLO. If you are running on Windows corp machine, your machine name
+#may be used automatically by cadi. However, if it is not, you will need to use hostname=mywebserver.att.com and add mywebserver.att.com
+#to your hosts file on your machine.
+#hostname=test.aic.cip.att.com
+
+cadi_loglevel=DEBUG
+cadi_keyfile=/opt/app/rproxy/config/security/keyfile
+
+cadi_truststore=/opt/app/rproxy/config/auth/tomcat_keystore
+cadi_truststore_password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+
+# Configure AAF
+aaf_url=https://{{.Values.global.aaf.serverHostname}}:{{.Values.global.aaf.serverPort}}
+aaf_env=DEV
+
+aaf_id=demo@people.osaaf.org
+aaf_password=enc:92w4px0y_rrm265LXLpw58QnNPgDXykyA1YTrflbAKz
+
+# This is a colon separated list of client cert issuers
+cadi_x509_issuers=CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA
\ No newline at end of file
--- /dev/null
+forward-proxy.protocol = https
+forward-proxy.host = localhost
+forward-proxy.port = 10680
+forward-proxy.cacheurl = /credential-cache
\ No newline at end of file
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+
+ <property name="LOGS" value="./logs/reverse-proxy" />
+ <property name="FILEPREFIX" value="application" />
+
+ <appender name="Console"
+ class="ch.qos.logback.core.ConsoleAppender">
+ <layout class="ch.qos.logback.classic.PatternLayout">
+ <Pattern>
+ %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
+ </Pattern>
+ </layout>
+ </appender>
+
+ <appender name="RollingFile"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${LOGS}/${FILEPREFIX}.log</file>
+ <encoder
+ class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
+ <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
+ </encoder>
+
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <!-- rollover daily and when the file reaches 10 MegaBytes -->
+ <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
+ </fileNamePattern>
+ <timeBasedFileNamingAndTriggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
+ <maxFileSize>10MB</maxFileSize>
+ </timeBasedFileNamingAndTriggeringPolicy>
+ </rollingPolicy>
+ </appender>
+
+ <!-- LOG everything at INFO level -->
+ <root level="debug">
+ <appender-ref ref="RollingFile" />
+ <appender-ref ref="Console" />
+ </root>
+
+ <!-- LOG "com.baeldung*" at TRACE level -->
+ <logger name="org.onap.aaf.rproxy" level="trace" additivity="false">
+ <appender-ref ref="RollingFile" />
+ <appender-ref ref="Console" />
+ </logger>
+
+</configuration>
\ No newline at end of file
--- /dev/null
+primary-service.protocol = https
+primary-service.host = localhost
+primary-service.port = 9522
\ No newline at end of file
--- /dev/null
+Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file
--- /dev/null
+transactionid.header.name=X-TransactionId
\ No newline at end of file
--- /dev/null
+bZNOXiGDJ2_eiKBKWYLIFx27URvb-SWfmOl2d-QKetcVKIupOrsG-ScS_VXOtKN3Yxfb2cR6t7oM
+1RNpDnhsKAxDLM6A62IkS_h_Rp3Q9c2JeyomVmyiuHR7a2ARbelaMrX8WDrxXI_t9ce4pIHDVE29
+xiQm3Bdp7d7IiKkgg-ipvOU7Y6NEzeQbvHlHvRTJ3ZZMSwHxBOA5M8DhKN-AF1sqwozEVaNAuJxK
+BVdh72A6KTW7ieb_GvVQQp8h32BuOz8oJhZV7KaGXsWTEvXg9ImboY0h7Sl9hufgn1ZtDK1jxzGm
+6O6LBg1qezzZaFGTXRmHvaeYmEeYSu0bGsU4x-JCU0RyhNTzFhkhjNoccaqPXBdcJymLf096mD99
+QLS8nyji_KtLQJL1fqr500c8p6SOURLPgG6Gzkn4ghgFYlfgve92xs1R3ggHKhNTLV4HJ4O6iSDm
+zCoHeRbsZR1JER9yxT-v8NtcHOMAZe1oDQeY6jVyxb-bhaonN6eZPI4nyF6MHJQtWKhGARC_kOs6
+x9E0ZdAEp5TrX7F7J5PwkXzbCOuSiTVftOBum43iUB4q9He8tn2tJ0X4LtLHT3bPl16wWnZm9RPf
+8wBtTJh4QP_cTStPq1ftSaLIAuqVFpbiC2DxGemXZn3QvykuYqa-rKeYPoIJ5dtWd5rNb_hhcSIz
+FakKTELb0HWYGji98TBF6PaStea2f2m-wGX_uQGD7_Dijl6AgnV9koKVs1bN1XljLtNMPbLdD8sz
+UCvc5lwvCFyyeunljI7os1fgwBmaMyckflq5VfZv9kFxom6jFLbcozylQ_uBg4j7oCP79IXVUI-r
+banZltOSmm8zHGc2R9UlUyxJWBi01yxwi1hUtn9g1H4RtncQpu3BY0Qvu5YLAmS5imivUnGVZWbv
+6wcqnJt5HwaVatE9NHONSLNTViQPsUOutWZBZxhJtAncdZuWOYZSh4TPzUJWvt6zT0E3YMBc_UuG
+yPmdLyqo7qGHR8YWRqq_vq6ISJqENMnVD6X9-BeI6KM4GPEAlDWyhgENXxQFjG45ufg3UpP8LBTB
+xDntlfkphRumsd13-8IlvwVtlpgnbuCMbwP_-lNVeNJcdA1InPt79oY-SEVZ-RVM1881ZASCnFeB
+lh3BTc_bGQ8YoC9s6iHtcCK_1SdbwzBfQBJUqqcYsa8hJLe-j8di7KCaFzI3a-UXWKuuWljpbKbq
+ibd48UFJt_34_GxkD6bmLxycuNH-og2Sd2VcYU0o5UarcrY4-2sgFPE7Mzxovrl98uayfgNF9DqE
+fJ4MwFGqLRtEHlm4zfuMxQ5Rh_giMUHDJApc1DYRkxdGbNUd4bC4aRBln2IhN-rNKbSVtiW_uT6v
+1KTMGmElvktjPWybJd2SvhT5qOLUM81-cmZzAsNa04jxZLBlQn_1fel3IroVos4Ohbdhar2NG6T5
+liten9RZ9P4Cg9RWhgeQonAD5kqLWXAHnCfffb5CVcAU5PHqkCgCbdThvD0-zIGETLO9AE0jKISc
+0o67CUZn3MzJ9pP_3gh-ALr2w-KAwqasqCf0igf1wmEDijv9wEDcgDm39ERIElTpGKgfyuVl4F8u
+PrpK5ZfpUYySUB6CZFQVVz0MvH6E7orQk4dCKFIimV_XwEtGijBttrTvyV6xYNScAEw_olt-0mdm
+8UEKSsuqSyDMxUWLjKJT19rNedahYJNtI87WR9Fhhjsrai9Or3a-srOYa56wcvSj2ZHbkevbO9Xv
+dQ2wzWCGEAMQSpSr83n0XEpR2pZT19Z19Svbhr08mnt2JNykCk60FLCeDTUOylJtYw6YOjqBizQZ
+-85B51BCbSEaAKJkgT9-8n_-LGW5aPBrBB_9FT7UIYczNEt3B1Lqr2s4ipPI_36JecEfqaS2cNLn
+c0ObAtNGAONkhO5LYLneMR3fZPMFuOX1-rMObPgE0i9dYqWDZ_30w9rpRsmiWyxYi5lvWDxU5L1J
+uJxwREz3oa_VgpSC3Y2oxCufdQwzBk57iVLDOb1qs_Hwj1SWd1nukWyAo2-g5sR1folAEcao
\ No newline at end of file
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/log/*").AsConfig . | indent 2 }}
+{{ if .Values.global.installSidecarSecurity }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-fproxy-config
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/fproxy/config/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-fproxy-log-config
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/fproxy/config/logback-spring.xml").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-rproxy-config
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-rproxy-log-config
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/logback-spring.xml").AsConfig . | indent 2 }}
+{{ end }}
\ No newline at end of file
app: {{ include "common.name" . }}
release: {{ .Release.Name }}
spec:
+ {{ if .Values.global.installSidecarSecurity }}
+ hostAliases:
+ - ip: {{ .Values.global.aaf.serverIp }}
+ hostnames:
+ - {{ .Values.global.aaf.serverHostname }}
+ {{ end }}
initContainers:
- command:
- /root/ready.py
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+ {{ if .Values.global.installSidecarSecurity }}
+ - name: {{ .Values.global.tproxyConfig.name }}
+ image: "{{ include "common.repository" . }}/{{ .Values.global.tproxyConfig.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ securityContext:
+ privileged: true
+ {{ end }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
name: {{ include "common.fullname" . }}-logs
- mountPath: /usr/share/filebeat/data
name: aai-filebeat
+ {{ if .Values.global.installSidecarSecurity }}
+ - name: {{ .Values.global.rproxy.name }}
+ image: "{{ include "common.repository" . }}/{{ .Values.global.rproxy.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: CONFIG_HOME
+ value: "/opt/app/rproxy/config"
+ - name: KEY_STORE_PASSWORD
+ value: {{ .Values.config.keyStorePassword }}
+ - name: spring_profiles_active
+ value: {{ .Values.global.rproxy.activeSpringProfiles }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-rproxy-config
+ mountPath: /opt/app/rproxy/config/forward-proxy.properties
+ subPath: forward-proxy.properties
+ - name: {{ include "common.fullname" . }}-rproxy-config
+ mountPath: /opt/app/rproxy/config/primary-service.properties
+ subPath: primary-service.properties
+ - name: {{ include "common.fullname" . }}-rproxy-config
+ mountPath: /opt/app/rproxy/config/reverse-proxy.properties
+ subPath: reverse-proxy.properties
+ - name: {{ include "common.fullname" . }}-rproxy-config
+ mountPath: /opt/app/rproxy/config/cadi.properties
+ subPath: cadi.properties
+ - name: {{ include "common.fullname" . }}-rproxy-log-config
+ mountPath: /opt/app/rproxy/config/logback-spring.xml
+ subPath: logback-spring.xml
+ - name: {{ include "common.fullname" . }}-rproxy-auth-config
+ mountPath: /opt/app/rproxy/config/auth/tomcat_keystore
+ subPath: tomcat_keystore
+ - name: {{ include "common.fullname" . }}-rproxy-auth-config
+ mountPath: /opt/app/rproxy/config/auth/client-cert.p12
+ subPath: client-cert.p12
+ - name: {{ include "common.fullname" . }}-rproxy-auth-config
+ mountPath: /opt/app/rproxy/config/auth/uri-authorization.json
+ subPath: uri-authorization.json
+ #- name: {{ include "common.fullname" . }}-rproxy-auth-config
+ # mountPath: /opt/app/rproxy/config/auth/aaf_truststore.jks
+ # subPath: aaf_truststore.jks
+ - name: {{ include "common.fullname" . }}-rproxy-security-config
+ mountPath: /opt/app/rproxy/config/security/keyfile
+ subPath: keyfile
+
+ ports:
+ - containerPort: {{ .Values.global.rproxy.port }}
+
+ - name: {{ .Values.global.fproxy.name }}
+ image: "{{ include "common.repository" . }}/{{ .Values.global.fproxy.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: CONFIG_HOME
+ value: "/opt/app/fproxy/config"
+ - name: KEY_STORE_PASSWORD
+ value: {{ .Values.config.keyStorePassword }}
+ - name: spring_profiles_active
+ value: {{ .Values.global.fproxy.activeSpringProfiles }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-fproxy-config
+ mountPath: /opt/app/fproxy/config/fproxy.properties
+ subPath: fproxy.properties
+ - name: {{ include "common.fullname" . }}-fproxy-log-config
+ mountPath: /opt/app/fproxy/config/logback-spring.xml
+ subPath: logback-spring.xml
+ - name: {{ include "common.fullname" . }}-fproxy-auth-config
+ mountPath: /opt/app/fproxy/config/auth/tomcat_keystore
+ subPath: tomcat_keystore
+ - name: {{ include "common.fullname" . }}-fproxy-auth-config
+ mountPath: /opt/app/fproxy/config/auth/client-cert.p12
+ subPath: client-cert.p12
+ ports:
+ - containerPort: {{ .Values.global.fproxy.port }}
+ {{ end }}
volumes:
- name: localtime
name: aai-filebeat
- name: aai-filebeat
emptyDir: {}
+ {{ if .Values.global.installSidecarSecurity }}
+ - name: {{ include "common.fullname" . }}-rproxy-config
+ configMap:
+ name: {{ include "common.fullname" . }}-rproxy-config
+ - name: {{ include "common.fullname" . }}-rproxy-log-config
+ configMap:
+ name: {{ include "common.fullname" . }}-rproxy-log-config
+ - name: {{ include "common.fullname" . }}-rproxy-auth-config
+ secret:
+ secretName: {{ include "common.fullname" . }}-rproxy-auth-config
+ - name: {{ include "common.fullname" . }}-rproxy-security-config
+ secret:
+ secretName: {{ include "common.fullname" . }}-rproxy-security-config
+ - name: {{ include "common.fullname" . }}-fproxy-config
+ configMap:
+ name: {{ include "common.fullname" . }}-fproxy-config
+ - name: {{ include "common.fullname" . }}-fproxy-log-config
+ configMap:
+ name: {{ include "common.fullname" . }}-fproxy-log-config
+ - name: {{ include "common.fullname" . }}-fproxy-auth-config
+ secret:
+ secretName: {{ include "common.fullname" . }}-fproxy-auth-config
+ {{ end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
KEY_STORE_PASSWORD: {{ .Values.config.keyStorePassword | b64enc | quote }}
KEY_MANAGER_PASSWORD: {{ .Values.config.keyManagerPassword | b64enc | quote }}
+{{ if .Values.global.installSidecarSecurity }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.fullname" . }}-fproxy-auth-config
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/fproxy/config/auth/*").AsSecrets . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.fullname" . }}-rproxy-auth-config
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/auth/*").AsSecrets . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.fullname" . }}-rproxy-security-config
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/security/*").AsSecrets . | indent 2 }}
+{{ end }}
\ No newline at end of file
spec:
type: {{ .Values.service.type }}
ports:
+ {{ if .Values.global.installSidecarSecurity }}
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ targetPort: {{ .Values.global.rproxy.port }}
+ name: {{ .Values.service.portName }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.global.rproxy.port }}
+ name: {{ .Values.service.portName }}
+ {{- end}}
+ {{ else }}
{{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.internalPort}}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort}}
targetPort: {{ .Values.service.internalPort }}
name: {{ .Values.service.portName }}
{{- end}}
+ {{ end }}
selector:
app: {{ include "common.name" . }}
release: {{ .Release.Name }}
cpu: 2
memory: 4Gi
requests:
- cpu: 2
- memory: 4Gi
+ cpu: 0.5
+ memory: 1Gi
large:
limits:
cpu: 4
memory: 8Gi
requests:
- cpu: 4
- memory: 8Gi
+ cpu: 1
+ memory: 2Gi
unlimited: {}
# XML beans configuration
# application image
repository: nexus3.onap.org:10001
-image: onap/data-router:1.3.0
+image: onap/data-router:1.3.1
pullPolicy: Always
restartPolicy: Always
flavor: small
cpu: 2
memory: 4Gi
requests:
- cpu: 1
- memory: 2Gi
+ cpu: 0.25
+ memory: 750Mi
large:
limits:
cpu: 4
memory: 8Gi
requests:
- cpu: 4
- memory: 8Gi
+ cpu: 0.5
+ memory: 1536Mi
unlimited: {}
# Entity Event route configuration
cpu: 2
memory: 4Gi
requests:
- cpu: 1
+ cpu: 0.5
memory: 2Gi
large:
limits:
cpu: 4
memory: 8Gi
requests:
- cpu: 4
- memory: 8Gi
+ cpu: 1
+ memory: 4Gi
unlimited: {}
<constructor-arg name="graphDataService" ref="graphDataService" />
</bean>
- <bean id="aaiResourceService" class="org.onap.crud.service.AaiResourceService" init-method="startup" >
- <constructor-arg name="graphDataService" ref="graphDataService" />
- </bean>
-
</beans>
--- /dev/null
+# DB Edge Property files are copied here:
+edgePropsDir=/opt/app/crud-service/config/model
+
--- /dev/null
+{
+ "contains-other-v": "java.lang.String",
+ "delete-other-v": "java.lang.String",
+ "SVC-INFRA": "java.lang.String",
+ "prevent-delete": "java.lang.String"
+}
\ No newline at end of file
--- /dev/null
+# Schema Version Related Attributes
+schema.uri.base.path=/aai
+# Lists all of the versions in the schema
+schema.version.list=v9,v10,v11,v12,v13,v14
+# Specifies from which version should the depth parameter to default to zero
+schema.version.depth.start=v9
+# Specifies from which version should the related link be displayed in response payload
+schema.version.related.link.start=v10
+# Specifies from which version should the client see only the uri excluding host info
+# Before this version server base will also be included
+schema.version.app.root.start=v11
+# Specifies from which version should the namespace be changed
+schema.version.namespace.change.start=v12
+# Specifies from which version should the client start seeing the edge label in payload
+schema.version.edge.label.start=v12
+# Specifies the version that the application should default to
+schema.version.api.default=v14
+
+# Schema Location Related Attributes
+schema.configuration.location=NA
+schema.nodes.location=/opt/app/crud-api/bundleconfig/etc/onap/oxm
+schema.edges.location=/opt/app/crud-api/bundleconfig/etc/onap/dbedgerules
- mountPath: /opt/app/crud-service/config/crud-api.properties
subPath: crud-api.properties
name: {{ include "common.fullname" . }}-config
- - mountPath: /opt/app/crud-service/config/schemaIngest.properties
- subPath: schemaIngest.properties
+ - mountPath: /opt/app/crud-service/config/schema-ingest.properties
+ subPath: schema-ingest.properties
+ name: {{ include "common.fullname" . }}-config
+ - mountPath: /opt/app/crud-service/config/edgeprops-ingest.properties
+ subPath: edgeprops-ingest.properties
name: {{ include "common.fullname" . }}-config
- mountPath: /opt/app/crud-service/config/model/
name: {{ include "common.fullname" . }}-model-config
items:
- key: crud-api.properties
path: crud-api.properties
- - key: schemaIngest.properties
- path: schemaIngest.properties
+ - key: schema-ingest.properties
+ path: schema-ingest.properties
+ - key: edgeprops-ingest.properties
+ path: edgeprops-ingest.properties
- key: crud-beans.xml
path: crud-beans.xml
- name: {{ include "common.fullname" . }}-logback-config
cpu: 2
memory: 4Gi
requests:
- cpu: 1
- memory: 2Gi
+ cpu: 0.5
+ memory: 1Gi
large:
limits:
cpu: 4
memory: 8Gi
requests:
- cpu: 4
- memory: 8Gi
+ cpu: 1
+ memory: 1536Mi
unlimited: {}
# application image
repository: nexus3.onap.org:10001
-image: onap/aai-graphadmin:1.0.0
+image: onap/aai-graphadmin:1.0.1
pullPolicy: Always
restartPolicy: Always
flavor: small
cpu: 2
memory: 4Gi
requests:
- cpu: 2
- memory: 4Gi
+ cpu: 0.5
+ memory: 1536Mi
large:
limits:
cpu: 4
memory: 8Gi
requests:
- cpu: 4
- memory: 8Gi
+ cpu: 1
+ memory: 2Gi
unlimited: {}
cpu: 2
memory: 4Gi
requests:
- cpu: 1
- memory: 2Gi
+ cpu: 0.5
+ memory: 1Gi
large:
limits:
cpu: 4
memory: 8Gi
requests:
- cpu: 4
- memory: 8Gi
+ cpu: 1
+ memory: 1536Mi
unlimited: {}
--- /dev/null
+{
+ "roles": [
+ {
+ "name": "admin",
+ "functions": [
+ {
+ "name": "actions",
+ "methods": [
+ {
+ "name": "GET"
+ },
+ {
+ "name": "DELETE"
+ },
+ {
+ "name": "PUT"
+ }
+ ]
+ },
+ {
+ "name": "servers",
+ "methods": [
+ {
+ "name": "GET"
+ },
+ {
+ "name": "DELETE"
+ },
+ {
+ "name": "PUT"
+ }
+ ]
+ },
+ {
+ "name": "cloudinfra",
+ "methods": [
+ {
+ "name": "GET"
+ },
+ {
+ "name": "DELETE"
+ },
+ {
+ "name": "PUT"
+ }
+ ]
+ },
+ {
+ "name": "cloud-infrastructure",
+ "methods": [
+ {
+ "name": "GET"
+ },
+ {
+ "name": "DELETE"
+ },
+ {
+ "name": "PUT"
+ }
+ ]
+ },
+ {
+ "name": "sdandc",
+ "methods": [
+ {
+ "name": "GET"
+ },
+ {
+ "name": "DELETE"
+ },
+ {
+ "name": "PUT"
+ }
+ ]
+ },
+ {
+ "name": "service-design-and-creation",
+ "methods": [
+ {
+ "name": "GET"
+ },
+ {
+ "name": "DELETE"
+ },
+ {
+ "name": "PUT"
+ }
+ ]
+ },
+ {
+ "name": "business",
+ "methods": [
+ {
+ "name": "GET"
+ },
+ {
+ "name": "DELETE"
+ },
+ {
+ "name": "PUT"
+ }
+ ]
+ },
+ {
+ "name": "network",
+ "methods": [
+ {
+ "name": "GET"
+ },
+ {
+ "name": "DELETE"
+ },
+ {
+ "name": "PUT"
+ }
+ ]
+ },
+ {
+ "name": "search",
+ "methods": [
+ {
+ "name": "GET"
+ },
+ {
+ "name": "POST"
+ }
+ ]
+ },
+ {
+ "name": "util",
+ "methods": [
+ {
+ "name": "GET"
+ }
+ ]
+ },
+ {
+ "name": "license-management",
+ "methods": [
+ {
+ "name": "GET"
+ },
+ {
+ "name": "DELETE"
+ },
+ {
+ "name": "PUT"
+ }
+ ]
+ },
+ {
+ "name": "examples",
+ "methods": [
+ {
+ "name": "GET"
+ }
+ ]
+ },
+ {
+ "name": "resources",
+ "methods": [
+ {
+ "name": "GET"
+ }
+ ]
+ },
+ {
+ "name": "generateurl",
+ "methods": [
+ {
+ "name": "GET"
+ }
+ ]
+ },
+ {
+ "name": "bulkadd",
+ "methods": [
+ {
+ "name": "PUT"
+ }
+ ]
+ },
+ {
+ "name": "nodes",
+ "methods": [
+ {
+ "name": "GET"
+ }
+ ]
+ },
+ {
+ "name": "query",
+ "methods": [
+ {
+ "name": "PUT"
+ }
+ ]
+ },
+ {
+ "name": "dbquery",
+ "methods": [
+ {
+ "name": "PUT"
+ }
+ ]
+ },
+ {
+ "name": "bulk",
+ "methods": [
+ {
+ "name": "POST"
+ }
+ ]
+ },
+ {
+ "name": "bulkprocess",
+ "methods": [
+ {
+ "name": "PUT"
+ }
+ ]
+ },
+ {
+ "name": "recents",
+ "methods": [
+ {
+ "name": "GET"
+ }
+ ]
+ },
+ {
+ "name": "dsl",
+ "methods": [
+ {
+ "name": "PUT"
+ }
+ ]
+ },
+ {
+ "name": "common",
+ "methods": [
+ {
+ "name": "GET"
+ },
+ {
+ "name": "DELETE"
+ },
+ {
+ "name": "PUT"
+ }
+ ]
+ }
+ ],
+ "users": [
+ {
+ "username": "CN=aai, OU=OSAAF, OU=aai@aai.onap.org, O=ONAP, C=US"
+ }
+ ]
+ },
+ {
+ "name": "basicauth",
+ "functions": [
+ {
+ "name": "util",
+ "methods": [
+ {
+ "name": "GET"
+ }
+ ]
+ }
+ ],
+ "users": [
+ {
+ "user": "aai",
+ "pass": "OBF:1u2a1t2v1vgb1s3g1s3m1vgj1t3b1u30"
+ }
+ ]
+ },
+ {
+ "name": "HAProxy",
+ "functions": [
+ {
+ "name": "util",
+ "methods": [
+ {
+ "name": "GET"
+ }
+ ]
+ }
+ ],
+ "users": [
+ {
+ "username": "CN=haproxyuser, OU=OSAAF, OU=aai@aai.onap.org, O=ONAP, C=US"
+ }
+ ]
+ }
+ ]
+}
--- /dev/null
+credential.cache.timeout.ms=180000
+transactionid.header.name=X-TransactionId
\ No newline at end of file
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+
+ <property name="LOGS" value="./logs/AAF-FPS" />
+ <property name="FILEPREFIX" value="application" />
+
+ <appender name="Console"
+ class="ch.qos.logback.core.ConsoleAppender">
+ <layout class="ch.qos.logback.classic.PatternLayout">
+ <Pattern>
+ %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
+ </Pattern>
+ </layout>
+ </appender>
+
+ <appender name="RollingFile"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${LOGS}/${FILEPREFIX}.log</file>
+ <encoder
+ class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
+ <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
+ </encoder>
+
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <!-- rollover daily and when the file reaches 10 MegaBytes -->
+ <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
+ </fileNamePattern>
+ <timeBasedFileNamingAndTriggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
+ <maxFileSize>10MB</maxFileSize>
+ </timeBasedFileNamingAndTriggeringPolicy>
+ </rollingPolicy>
+ </appender>
+
+ <!-- LOG everything at INFO level -->
+ <root level="info">
+ <appender-ref ref="RollingFile" />
+ <appender-ref ref="Console" />
+ </root>
+
+ <!-- LOG "com.baeldung*" at TRACE level -->
+ <logger name="org.onap.aaf.fproxy" level="trace" additivity="false">
+ <appender-ref ref="RollingFile" />
+ <appender-ref ref="Console" />
+ </logger>
+
+</configuration>
\ No newline at end of file
--- /dev/null
+Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file
--- /dev/null
+[
+ {
+ "uri": "\/not\/allowed\/at\/all$",
+ "permissions": [
+ "test.auth.access.ifYouLikedItYouShouldHavePutAPermissionOnIt"
+ ]
+ },
+ {
+ "uri": "\/one\/auth\/required$",
+ "permissions": [
+ "test.auth.access.aSimpleSingleAuth"
+ ]
+ },
+ {
+ "uri": "\/multi\/auth\/required$",
+ "permissions": [
+ "test.auth.access.aMultipleAuth1",
+ "test.auth.access.aMultipleAuth2",
+ "test.auth.access.aMultipleAuth3"
+ ]
+ },
+ {
+ "uri": "\/one\/[^\/]+\/required$",
+ "permissions": [
+ "test.auth.access.aSimpleSingleAuth"
+ ]
+ },
+ {
+ "uri": "\/services\/getAAFRequest$",
+ "permissions": [
+ "test.auth.access|services|GET,PUT"
+ ]
+ },
+ {
+ "uri": "\/admin\/getAAFRequest$",
+ "permissions": [
+ "test.auth.access|admin|GET,PUT,POST"
+ ]
+ },
+ {
+ "uri": "\/service\/aai\/webapp\/index.html$",
+ "permissions": [
+ "test.auth.access|services|GET,PUT"
+ ]
+ },
+ {
+ "uri": "\/services\/aai\/webapp\/index.html$",
+ "permissions": [
+ "test.auth.access|services|GET,PUT"
+ ]
+ },
+ {
+ "uri": "\/$",
+ "permissions": [
+ "\\|services\\|GET",
+ "test\\.auth\\.access\\|services\\|GET,PUT"
+ ]
+ },
+ {
+ "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions$",
+ "permissions": [
+ "test\\.auth\\.access\\|rest\\|read"
+ ]
+ },
+ {
+ "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+$*",
+ "permissions": [
+ "test.auth.access|clouds|read",
+ "test.auth.access|tenants|read"
+ ]
+ },
+ {
+ "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+\/tenants/tenant/[^\/]+/vservers/vserver/[^\/]+$",
+ "permissions": [
+ "test.auth.access|clouds|read",
+ "test.auth.access|tenants|read",
+ "test.auth.access|vservers|read"
+ ]
+ },
+ {
+ "uri": "\/backend$",
+ "permissions": [
+ "test\\.auth\\.access\\|services\\|GET,PUT",
+ "\\|services\\|GET"
+ ]
+ },
+ {
+ "uri": "\/aai\/.*",
+ "permissions": [
+ "org\\.onap\\.aai\\.resources\\|\\*\\|.*"
+ ]
+ },
+ {
+ "uri": "\/aai\/util\/echo",
+ "permissions": [
+ "org\\.onap\\.aai\\.resources\\|\\*\\|.*"
+ ]
+ }
+]
--- /dev/null
+# This is a normal Java Properties File
+# Comments are with Pound Signs at beginning of lines,
+# and multi-line expression of properties can be obtained by backslash at end of line
+
+#hostname is used for local testing where you may have to set your hostname to **.att.com or **.sbc.com. The example given below
+#will allow for an ATT cross domain cookie to be used for GLO. If you are running on Windows corp machine, your machine name
+#may be used automatically by cadi. However, if it is not, you will need to use hostname=mywebserver.att.com and add mywebserver.att.com
+#to your hosts file on your machine.
+#hostname=test.aic.cip.att.com
+
+cadi_loglevel=DEBUG
+
+# OAuth2
+aaf_oauth2_token_url=https://AAF_LOCATE_URL/AAF_NS.token:2.0/token
+aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/AAF_NS.introspect:2.0/introspect
+
+cadi_latitude=37.78187
+cadi_longitude=-122.26147
+
+# Locate URL (which AAF Env)
+aaf_locate_url=https://aaf-locate.{{.Release.Namespace}}:8095
+
+# AAF URL
+aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.0
+
+cadi_keyfile=/opt/app/rproxy/config/security/keyfile
+cadi_keystore=/opt/app/rproxy/config/auth/org.onap.aai.p12
+cadi_keystore_password=enc:383RDJRFA6yQz9AOxUxC1iIg3xTJXityw05MswnpnEtelRQy2D4r5INQjrea7GTV
+cadi_alias=aai@aai.onap.org
+cadi_truststore=/opt/app/rproxy/config/auth/tomcat_keystore
+cadi_truststore_password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+
+aaf_env=DEV
+
+aaf_id=demo@people.osaaf.org
+aaf_password=enc:92w4px0y_rrm265LXLpw58QnNPgDXykyA1YTrflbAKz
+
+# This is a colon separated list of client cert issuers
+cadi_x509_issuers=CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA
--- /dev/null
+forward-proxy.protocol = https
+forward-proxy.host = localhost
+forward-proxy.port = 10680
+forward-proxy.cacheurl = /credential-cache
\ No newline at end of file
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+
+ <property name="LOGS" value="./logs/reverse-proxy" />
+ <property name="FILEPREFIX" value="application" />
+
+ <appender name="Console"
+ class="ch.qos.logback.core.ConsoleAppender">
+ <layout class="ch.qos.logback.classic.PatternLayout">
+ <Pattern>
+ %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
+ </Pattern>
+ </layout>
+ </appender>
+
+ <appender name="RollingFile"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${LOGS}/${FILEPREFIX}.log</file>
+ <encoder
+ class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
+ <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
+ </encoder>
+
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <!-- rollover daily and when the file reaches 10 MegaBytes -->
+ <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
+ </fileNamePattern>
+ <timeBasedFileNamingAndTriggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
+ <maxFileSize>10MB</maxFileSize>
+ </timeBasedFileNamingAndTriggeringPolicy>
+ </rollingPolicy>
+ </appender>
+
+ <!-- LOG everything at INFO level -->
+ <root level="debug">
+ <appender-ref ref="RollingFile" />
+ <appender-ref ref="Console" />
+ </root>
+
+ <!-- LOG "com.baeldung*" at TRACE level -->
+ <logger name="org.onap.aaf.rproxy" level="trace" additivity="false">
+ <appender-ref ref="RollingFile" />
+ <appender-ref ref="Console" />
+ </logger>
+
+</configuration>
--- /dev/null
+primary-service.protocol = https
+primary-service.host = localhost
+primary-service.port = 8447
--- /dev/null
+Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file
--- /dev/null
+transactionid.header.name=X-TransactionId
\ No newline at end of file
--- /dev/null
+2otP92kNFHdexroZxvgYY7ffslFiwCD3CiVYMIfUF2edqZK7972NwkvE_mbaBo6jh8lByLIqrWAf
+jyzoiVsvQ_kCa0cS1xaRLpcxv3bx1b7o3hGPBqpd6vmSG4y2JLzNlCBZWuTJz827wr8p_fWrYuUm
+4L1WoaEe8W5PRnXjl4hDqbJBAlEoRIBXugUDt_7O5wgx2Rl3HVoOczZtf0RzONZ1F0BmKf3QlAUe
+moSbARitYRgIPt5sLbT7qPyoEpGDhQ1XBowR744-wsjBc-14yO62Ajp5xWKTp15uWn3_HHuw1SAf
+GWSBRGlSlEVkXQqi9Hw5jDttKVzHX1ckwR0SQOirbtHPHplxPX3WKjKhSdSeMzw6LOAHIQYRMKBT
+74oGnULAfPtV7TaGwOKriT3P49CoPdt9On89-LGyCZSxDWKH0K-rgB6I2_hPT2Uzr3jmXiMa-sfh
+iMvyQ7ABBVx0OFsUuNb5mcU2O6dWiQreL5RerrloV_X3ZtnNjxENXKjQ5KBR1A5ISPjFFK-kf4Rb
+p6FSII8LcsiqgdWuZ4GX_C6x8HX4A-vD0x3Uc9CfoXY-k23cNIy-R-W-oB-P2OgdWDNgZ7VaOLNt
+3L-NwWpNblfYvs93cNmkbVAwCZ3r0OP7RFeuON84TRaynK_Fh2S3rypRyJcUmM1pvpZqJ5_-umSW
+hUs1OqkdLv3xjlVzzK-3nMr0q3Zcyp4XdyLYtcX5I3Xqk9ZcsyAT7ghmHhV8KjUjue7OcfAWg0m7
+RJLGq6VC8HeK4HEMa4lF677Qh7DRufghIDEmQSIDfGA790WGSA8HqcOvAL4hURCHyCWiPa5i8ksX
+xX4HyqF8PCVCLJ_ZhzcuIlc0jStAexWbJU_vcyX7XgUaHCkF-M-zv1FP6Z3DHBMD2QqSWjmyNCCk
+8sIuwzs62P_j2o9jG33kssedCrUWOwZancU107-5H0Zw-UWvtCqUfmRZ7TsEbWY7lk_SKfLfAN5q
+ncOQgU_VxDXUFDST4LN_WVECRafK3UtwWomxWSji25Lbf6NVni3ok-yLMDZR-wrE-54jLPES9j0i
+5N0xrk9CfsvGUpUZ1_XQcgaxI6m27DtCCJXb5ywenPBiUIJCMCTq88CqNZxGpju2i4BJcUH2hUHe
+GKhO8pgslwhtEVot9EDwdzSrJkWFCfb6ud4zMxrqdi7-mLWMOydg6lhpEFEX5wu2BLIujGsZlEGE
+_K9jGfBypjXuJCKDZIuPfEnf_7idjKis_JcFB7x4Hx2HHDcBjlWWFZN_VIEnPkQSyZEC26RTFP3k
+zkY3GwUfA36a4XW2pu3gE9wz-W6fkONfzOZ6YiyCm_dRFUVuGSdJG02Hh5iXYlMOGJltPzWH2jVf
+S-QTOmXQTKSOheXoJO6O-9uQbsRf-kq-6w1pvIOp4ms35w4_0Xj0Xr2a9y-L9PdBZvrUsa-jxsZU
+LyA-YY4Ej6QwDBDTD2MGjF1E5_ekYgjoNlltM9rJjofruM4ym0n7LPHC7YXXQSEFOZYeTKi6wUDw
+hQ1DoWHgu4PQ2lexada8sxQdConbPe2iW16h-PrO5D12E4XbT00fqaMlBmjQwzdNRdCC2NRPIQ5W
+nwaO8dZ9yjxsjT7ZVHb9-DRblb3XDocponzxVXqUGtJAie4WXQnerX0ApTWGaHEr5y56JJVS_3LP
+bKrbXBXcs4jTUX4ECXRrOs8JQDQNysXhvTPCu0XUxNZpjx6KLxDs93k2OcESHjl5J6n6OKKJqqoN
+JEyFO5LGXpnmUJbn0-CaHHPRI1mHwEu4brY8wDZd9A0PD1KGXDoCHMfEk1lGblQdyOcVrXZ6uSBk
+Z6zHDnwSCHO1mPYqtelJQehZoFuPSv9PIgKLxs_qJOtZFnXII5YO1mGXgiIBWBjUFDR5HG4ENS6y
+J4MCF-JLMp-PVMAkOaCIQRRDpRnMm_fT1sc_P562Diu_pcdt-r55pMFQYGoGfjRmxQBKk0-SsdnP
+mlZIiis9DfQEN0q3QQdNRYBJD7tmhUwhAPZdLgXqJA8sZf8UyFQhhpsky79NT343YL9smUlF
\ No newline at end of file
{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.p12").AsSecrets . | indent 2 }}
{{ tpl (.Files.Glob "resources/config/aaf/truststoreONAPall.jks").AsSecrets . | indent 2 }}
{{ tpl (.Files.Glob "resources/config/aaf/bath_config.csv").AsSecrets . | indent 2 }}
+
+{{ if .Values.global.installSidecarSecurity }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-aai-policy-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/auth/aai_policy.json").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-fproxy-config
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/fproxy/config/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-fproxy-log-config
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/fproxy/config/logback-spring.xml").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.fullname" . }}-fproxy-auth-config
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/fproxy/config/auth/*").AsSecrets . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-rproxy-config
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-rproxy-log-config
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/logback-spring.xml").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.fullname" . }}-rproxy-auth-config
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/auth/*").AsSecrets . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.fullname" . }}-rproxy-security-config
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/security/*").AsSecrets . | indent 2 }}
+{{ end }}
spec:
hostname: aai-resources
{{ if .Values.global.initContainers.enabled }}
+ {{ if .Values.global.installSidecarSecurity }}
+ hostAliases:
+ - ip: {{ .Values.global.aaf.serverIp }}
+ hostnames:
+ - {{ .Values.global.aaf.serverHostname }}
+ {{ end }}
initContainers:
- command:
{{ if .Values.global.jobs.createSchema.enabled }}
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+ {{ if .Values.global.installSidecarSecurity }}
+ - name: {{ .Values.global.tproxyConfig.name }}
+ image: "{{ include "common.repository" . }}/{{ .Values.global.tproxyConfig.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ securityContext:
+ privileged: true
+ {{ end }}
{{ end }}
containers:
- name: {{ include "common.name" . }}
- mountPath: /opt/app/aai-resources/resources/etc/auth/realm.properties
name: {{ include "common.fullname" . }}-realm-conf
subPath: realm.properties
+ {{ if .Values.global.installSidecarSecurity }}
+ - mountPath: /opt/app/aai-resources/resources/etc/auth/aai_policy.json
+ name: {{ include "common.fullname" . }}-aai-policy
+ subPath: aai_policy.json
+ {{ end }}
- mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.keyfile
name: {{ include "common.fullname" . }}-aaf-certs
subPath: org.onap.aai.keyfile
name: {{ include "common.fullname" . }}-logs
- mountPath: /usr/share/filebeat/data
name: {{ include "common.fullname" . }}-filebeat
+ {{ if .Values.global.installSidecarSecurity }}
+ - name: {{ .Values.global.rproxy.name }}
+ image: "{{ include "common.repository" . }}/{{ .Values.global.rproxy.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: CONFIG_HOME
+ value: "/opt/app/rproxy/config"
+ - name: KEY_STORE_PASSWORD
+ value: {{ .Values.sidecar.keyStorePassword }}
+ - name: spring_profiles_active
+ value: {{ .Values.global.rproxy.activeSpringProfiles }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-rproxy-config
+ mountPath: /opt/app/rproxy/config/forward-proxy.properties
+ subPath: forward-proxy.properties
+ - name: {{ include "common.fullname" . }}-rproxy-config
+ mountPath: /opt/app/rproxy/config/primary-service.properties
+ subPath: primary-service.properties
+ - name: {{ include "common.fullname" . }}-rproxy-config
+ mountPath: /opt/app/rproxy/config/reverse-proxy.properties
+ subPath: reverse-proxy.properties
+ - name: {{ include "common.fullname" . }}-rproxy-config
+ mountPath: /opt/app/rproxy/config/cadi.properties
+ subPath: cadi.properties
+ - name: {{ include "common.fullname" . }}-rproxy-log-config
+ mountPath: /opt/app/rproxy/config/logback-spring.xml
+ subPath: logback-spring.xml
+ - name: {{ include "common.fullname" . }}-rproxy-auth-config
+ mountPath: /opt/app/rproxy/config/auth/tomcat_keystore
+ subPath: tomcat_keystore
+ - name: {{ include "common.fullname" . }}-rproxy-auth-config
+ mountPath: /opt/app/rproxy/config/auth/client-cert.p12
+ subPath: client-cert.p12
+ - name: {{ include "common.fullname" . }}-rproxy-auth-config
+ mountPath: /opt/app/rproxy/config/auth/uri-authorization.json
+ subPath: uri-authorization.json
+ - name: {{ include "common.fullname" . }}-rproxy-auth-config
+ mountPath: /opt/app/rproxy/config/auth/aaf_truststore.jks
+ subPath: aaf_truststore.jks
+ - name: {{ include "common.fullname" . }}-rproxy-security-config
+ mountPath: /opt/app/rproxy/config/security/keyfile
+ subPath: keyfile
+ - name: {{ include "common.fullname" . }}-rproxy-auth-config
+ mountPath: /opt/app/rproxy/config/auth/org.onap.aai.p12
+ subPath: org.onap.aai.p12
+ ports:
+ - containerPort: {{ .Values.global.rproxy.port }}
+
+ - name: {{ .Values.global.fproxy.name }}
+ image: "{{ include "common.repository" . }}/{{ .Values.global.fproxy.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: CONFIG_HOME
+ value: "/opt/app/fproxy/config"
+ - name: KEY_STORE_PASSWORD
+ value: {{ .Values.sidecar.keyStorePassword }}
+ - name: TRUST_STORE_PASSWORD
+ value: {{ .Values.sidecar.trustStorePassword }}
+ - name: spring_profiles_active
+ value: {{ .Values.global.fproxy.activeSpringProfiles }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-fproxy-config
+ mountPath: /opt/app/fproxy/config/fproxy.properties
+ subPath: fproxy.properties
+ - name: {{ include "common.fullname" . }}-fproxy-log-config
+ mountPath: /opt/app/fproxy/config/logback-spring.xml
+ subPath: logback-spring.xml
+ - name: {{ include "common.fullname" . }}-fproxy-auth-config
+ mountPath: /opt/app/fproxy/config/auth/fproxy_truststore
+ subPath: fproxy_truststore
+ - name: {{ include "common.fullname" . }}-fproxy-auth-config
+ mountPath: /opt/app/fproxy/config/auth/tomcat_keystore
+ subPath: tomcat_keystore
+ - name: {{ include "common.fullname" . }}-fproxy-auth-config
+ mountPath: /opt/app/fproxy/config/auth/client-cert.p12
+ subPath: client-cert.p12
+ ports:
+ - containerPort: {{ .Values.global.fproxy.port }}
+ {{ end }}
volumes:
- name: localtime
- key: {{ . }}
path: {{ . }}
{{ end }}
+ {{ if .Values.global.installSidecarSecurity }}
+ - name: {{ include "common.fullname" . }}-aai-policy
+ configMap:
+ name: {{ include "common.fullname" . }}-aai-policy-configmap
+ - name: {{ include "common.fullname" . }}-rproxy-config
+ configMap:
+ name: {{ include "common.fullname" . }}-rproxy-config
+ - name: {{ include "common.fullname" . }}-rproxy-log-config
+ configMap:
+ name: {{ include "common.fullname" . }}-rproxy-log-config
+ - name: {{ include "common.fullname" . }}-rproxy-auth-config
+ secret:
+ secretName: {{ include "common.fullname" . }}-rproxy-auth-config
+ - name: {{ include "common.fullname" . }}-rproxy-security-config
+ secret:
+ secretName: {{ include "common.fullname" . }}-rproxy-security-config
+ - name: {{ include "common.fullname" . }}-fproxy-config
+ configMap:
+ name: {{ include "common.fullname" . }}-fproxy-config
+ - name: {{ include "common.fullname" . }}-fproxy-log-config
+ configMap:
+ name: {{ include "common.fullname" . }}-fproxy-log-config
+ - name: {{ include "common.fullname" . }}-fproxy-auth-config
+ secret:
+ secretName: {{ include "common.fullname" . }}-fproxy-auth-config
+ {{ end }}
restartPolicy: {{ .Values.restartPolicy }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
# application image
repository: nexus3.onap.org:10001
-image: onap/aai-resources:1.3.3
+image: onap/aai-resources:1.3.4
pullPolicy: Always
restartPolicy: Always
flavor: small
initialDelaySeconds: 60
periodSeconds: 10
+# application configuration
+sidecar:
+ keyStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+ keyManagerPassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+ trustStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
service:
type: ClusterIP
cpu: 2
memory: 4Gi
requests:
- cpu: 2
- memory: 4Gi
+ cpu: 1
+ memory: 3Gi
large:
limits:
cpu: 4
memory: 8Gi
requests:
- cpu: 4
- memory: 8Gi
+ cpu: 2
+ memory: 4Gi
unlimited: {}
cpu: 2
memory: 4Gi
requests:
- cpu: 1
- memory: 2Gi
+ cpu: 0.25
+ memory: 750Mi
large:
limits:
cpu: 4
memory: 8Gi
requests:
- cpu: 4
- memory: 8Gi
+ cpu: 0.5
+ memory: 1Gi
unlimited: {}
# limitations under the License.
server.port=8000
-server.ssl.key-store=file:${CONFIG_HOME}/auth/tomcat_keystore
-server.ssl.key-store-password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+server.ssl.key-store=file:${CONFIG_HOME}/auth/org.onap.aai.p12
+server.ssl.key-store-password=OBF:1x0v1g131lps1cix1rjb1n5p22691qab1hm51hfc1i2t1lmr1liz1hyx1hfq1hn51qcr22651n5t1rh31cgl1lu61g2f1x1r
+server.ssl.enabled-protocols=TLSv1.1,TLSv1.2
+server.ssl.trust-store=file:${CONFIG_HOME}/auth/truststoreONAPall.jks
+server.ssl.trust-store-password=OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0
# and in the values.yaml change the internalPort to 9517
#
-spring.profiles.active=camel,http,fe-prod,oxm-schema-prod,oxm-default,resources,sync,portal
+spring.profiles.active=camel,ssl,fe-prod,oxm-schema-prod,oxm-default,resources,sync,portal
searchservice.hostname={{.Values.global.searchData.serviceName}}
searchservice.port=9509
ports:
- containerPort: {{ .Values.service.internalPort }}
- - containerPort: {{ .Values.service.internalPort2 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{- if eq .Values.liveness.enabled true }}
# application configuration
config:
elasticsearchHttpPort: 9200
- gerritBranch: master
+ gerritBranch: 3.0.0-ONAP
gerritProject: http://gerrit.onap.org/r/aai/test-config
portalUsername: aaiui
portalPassword: 1t2v1vfv1unz1vgz1t3b
service:
type: NodePort
portName: aai-sparky-be
- internalPort: 9517
+ internalPort: 8000
nodePort: 20
- internalPort2: 8000
ingress:
enabled: false
cpu: 2
memory: 4Gi
requests:
- cpu: 2
- memory: 4Gi
+ cpu: 0.25
+ memory: 1Gi
large:
limits:
cpu: 4
memory: 8Gi
requests:
- cpu: 4
- memory: 8Gi
+ cpu: 0.5
+ memory: 2Gi
unlimited: {}
# ============LICENSE_END=========================================================
#
-# Properties for the SchemaLocationsBean
-# The AAI Schema jar will be unpacked to bundleconfig/etc
-schemaConfig=NA
-# Files named aai_oxm_v*.xml are unpacked here:
-nodeDir=/opt/app/spike/bundleconfig/etc/oxm
-# DB Edge Rules are unpacked here:
-edgeDir=/opt/app/spike/bundleconfig/etc/dbedgerules
# DB Edge Property files are copied here:
-edgePropsDir=/opt/app/spike/config/model/edge_props
\ No newline at end of file
+edgePropsDir=/opt/app/spike/config/model/edge_props
--- /dev/null
+#
+# ============LICENSE_START=======================================================
+# org.onap.aai
+# ================================================================================
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
+# Copyright © 2018 Amdocs
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+#
+
+#######################################
+# Schema Version Related Attributes
+#######################################
+
+schema.uri.base.path=/aai
+# Lists all of the versions in the schema
+schema.version.list=v8,v9,v10,v11,v12,v13,v14
+# Specifies from which version should the depth parameter to default to zero
+schema.version.depth.start=v9
+# Specifies from which version should the related link be displayed in response payload
+schema.version.related.link.start=v10
+# Specifies from which version should the client see only the uri excluding host info
+# Before this version server base will also be included
+schema.version.app.root.start=v11
+# Specifies from which version should the namespace be changed
+schema.version.namespace.change.start=v12
+# Specifies from which version should the client start seeing the edge label in payload
+schema.version.edge.label.start=v12
+# Specifies the version that the application should default to
+schema.version.api.default=v14
+
+#######################################
+# Schema Location Related Attributes
+#######################################
+
+schema.configuration.location=NA
+schema.nodes.location=/opt/app/spike/bundleconfig/etc/onap/oxm
+schema.edges.location=/opt/app/spike/bundleconfig/etc/onap/dbedgerules
- mountPath: /opt/app/spike/config/spike.properties
subPath: spike.properties
name: {{ include "common.fullname" . }}-config
- - mountPath: /opt/app/spike/config/schemaIngest.properties
- subPath: schemaIngest.properties
+ - mountPath: /opt/app/spike/config/schema-ingest.properties
+ subPath: schema-ingest.properties
+ name: {{ include "common.fullname" . }}-config
+ - mountPath: /opt/app/spike/config/edgeprops-ingest.properties
+ subPath: edgeprops-ingest.properties
name: {{ include "common.fullname" . }}-config
- mountPath: /opt/app/spike/config/model/edge_props
name: {{ include "common.fullname" . }}-edge-props-config
path: spike.properties
- key: spike-beans.xml
path: spike-beans.xml
- - key: schemaIngest.properties
- path: schemaIngest.properties
+ - key: schema-ingest.properties
+ path: schema-ingest.properties
+ - key: edgeprops-ingest.properties
+ path: edgeprops-ingest.properties
- key: logback.xml
path: logback.xml
- name: {{ include "common.fullname" . }}-edge-props-config
#################################################################
# application image
-image: onap/spike:1.0-STAGING-latest
+image: onap/spike:1.3.1
flavor: small
# application configuration
config:
cpu: 2
memory: 4Gi
requests:
- cpu: 2
- memory: 4Gi
+ cpu: 0.5
+ memory: 1Gi
large:
limits:
cpu: 4
memory: 8Gi
requests:
- cpu: 4
- memory: 8Gi
+ cpu: 1
+ memory: 1536Mi
unlimited: {}
# XML bean configuration
# application image
repository: nexus3.onap.org:10001
-image: onap/aai-traversal:1.3.2
+image: onap/aai-traversal:1.3.3
pullPolicy: Always
restartPolicy: Always
flavor: small
cpu: 2
memory: 4Gi
requests:
- cpu: 2
- memory: 4Gi
+ cpu: 1
+ memory: 3Gi
large:
limits:
cpu: 4
memory: 8Gi
requests:
- cpu: 4
- memory: 8Gi
+ cpu: 2
+ memory: 4Gi
unlimited: {}
--- /dev/null
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+global
+ log /dev/log local0
+ stats socket /usr/local/etc/haproxy/haproxy.socket mode 660 level admin
+ stats timeout 30s
+ user root
+ group root
+ daemon
+ #################################
+ # Default SSL material locations#
+ #################################
+ ca-base /etc/ssl/certs
+ crt-base /etc/ssl/private
+
+ # Default ciphers to use on SSL-enabled listening sockets.
+ # For more information, see ciphers(1SSL). This list is from:
+ # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
+ # An alternative list with additional directives can be obtained from
+ # https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy
+ tune.ssl.default-dh-param 2048
+
+defaults
+ log global
+ mode http
+ option httplog
+ option ssl-hello-chk
+ option httpchk GET /aai/util/echo HTTP/1.1\r\nHost:\ aai\r\nX-TransactionId:\ haproxy-0111\r\nX-FromAppId:\ haproxy\r\nAccept:\ application/json\r\nAuthorization:\ Basic\ YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==
+ default-server init-addr none
+# option dontlognull
+# errorfile 400 /etc/haproxy/errors/400.http
+# errorfile 403 /etc/haproxy/errors/403.http
+# errorfile 408 /etc/haproxy/errors/408.http
+# errorfile 500 /etc/haproxy/errors/500.http
+# errorfile 502 /etc/haproxy/errors/502.http
+# errorfile 503 /etc/haproxy/errors/503.http
+# errorfile 504 /etc/haproxy/errors/504.http
+
+ option http-server-close
+ option forwardfor except 127.0.0.1
+ retries 6
+ option redispatch
+ maxconn 50000
+ timeout connect 50000
+ timeout client 480000
+ timeout server 480000
+ timeout http-keep-alive 30000
+
+
+frontend IST_8443
+ mode http
+ bind 0.0.0.0:8443 name https ssl crt /etc/ssl/private/aai.pem
+# log-format %ci:%cp\ [%t]\ %ft\ %b/%s\ %Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %B\ %CC\ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %hr\ %hs\ {%[ssl_c_verify],%{+Q}[ssl_c_s_dn],%{+Q}[ssl_c_i_dn]}\ %{+Q}r
+ log-format "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC \ %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r"
+ option httplog
+ log global
+ option logasap
+ option forwardfor
+ capture request header Host len 100
+ capture response header Host len 100
+ option log-separate-errors
+ option forwardfor
+ http-request set-header X-Forwarded-Proto https if { ssl_fc }
+ http-request set-header X-AAI-Client-SSL TRUE if { ssl_c_used }
+ http-request set-header X-AAI-SSL %[ssl_fc]
+ http-request set-header X-AAI-SSL-Client-Verify %[ssl_c_verify]
+ http-request set-header X-AAI-SSL-Client-DN %{+Q}[ssl_c_s_dn]
+ http-request set-header X-AAI-SSL-Client-CN %{+Q}[ssl_c_s_dn(cn)]
+ http-request set-header X-AAI-SSL-Issuer %{+Q}[ssl_c_i_dn]
+ http-request set-header X-AAI-SSL-Client-NotBefore %{+Q}[ssl_c_notbefore]
+ http-request set-header X-AAI-SSL-Client-NotAfter %{+Q}[ssl_c_notafter]
+ http-request set-header X-AAI-SSL-ClientCert-Base64 %{+Q}[ssl_c_der,base64]
+ http-request set-header X-AAI-SSL-Client-OU %{+Q}[ssl_c_s_dn(OU)]
+ http-request set-header X-AAI-SSL-Client-L %{+Q}[ssl_c_s_dn(L)]
+ http-request set-header X-AAI-SSL-Client-ST %{+Q}[ssl_c_s_dn(ST)]
+ http-request set-header X-AAI-SSL-Client-C %{+Q}[ssl_c_s_dn(C)]
+ http-request set-header X-AAI-SSL-Client-O %{+Q}[ssl_c_s_dn(O)]
+ reqadd X-Forwarded-Proto:\ https
+ reqadd X-Forwarded-Port:\ 8443
+
+#######################
+#ACLS FOR PORT 8446####
+#######################
+
+ acl is_Port_8446_generic path_reg -i ^/aai/v[0-9]+/search/generic-query$
+ acl is_Port_8446_nodes path_reg -i ^/aai/v[0-9]+/search/nodes-query$
+ acl is_Port_8446_version path_reg -i ^/aai/v[0-9]+/query$
+ acl is_named-query path_beg -i /aai/search/named-query
+ acl is_search-model path_beg -i /aai/search/model
+ use_backend IST_AAI_8446 if is_Port_8446_generic or is_Port_8446_nodes or is_Port_8446_version or is_named-query or is_search-model
+
+ default_backend IST_Default_8447
+
+
+#######################
+#DEFAULT BACKEND 847###
+#######################
+
+backend IST_Default_8447
+ balance roundrobin
+ http-request set-header X-Forwarded-Port %[src_port]
+ http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload;
+ server aai-resources.{{.Release.Namespace}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check check-ssl port 8447 ssl verify none
+
+
+#######################
+# BACKEND 8446#########
+#######################
+
+backend IST_AAI_8446
+ balance roundrobin
+ http-request set-header X-Forwarded-Port %[src_port]
+ http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload;
+ server aai-traversal.{{.Release.Namespace}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check check-ssl port 8446 ssl verify none
+
+listen IST_AAI_STATS
+ mode http
+ bind *:8080
+ stats uri /stats
+ stats enable
+ stats refresh 30s
+ stats hide-version
+ stats auth admin:admin
+ stats show-legends
+ stats show-desc IST AAI APPLICATION NODES
+ stats admin if TRUE
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
data:
+{{ if .Values.global.installSidecarSecurity }}
+{{ tpl (.Files.Glob "resources/config/haproxy/haproxy-pluggable-security.cfg").AsConfig . | indent 2 }}
+{{ else }}
{{ tpl (.Files.Glob "resources/config/haproxy/haproxy.cfg").AsConfig . | indent 2 }}
+{{ end }}
---
apiVersion: v1
kind: Secret
- mountPath: /dev/log
name: aai-service-log
- mountPath: /usr/local/etc/haproxy/haproxy.cfg
+ {{ if .Values.global.installSidecarSecurity }}
+ subPath: haproxy-pluggable-security.cfg
+ {{ else }}
subPath: haproxy.cfg
+ {{ end }}
name: haproxy-cfg
ports:
- containerPort: {{ .Values.service.internalPort }}
httpHeaders:
- name: X-FromAppId
value: OOM_ReadinessCheck
+ {{ if .Values.global.installSidecarSecurity }}
+ - name: Authorization
+ value: Basic YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==
+ {{ end }}
- name: X-TransactionId
value: {{ uuidv4 }}
- name: Accept
name: config
subPath: RestServer_config
resources:
- {{- if .Values.nodeSelector }}
{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
{{- end -}}
# application image
repository: nexus3.onap.org:10001
-image: onap/appc-cdt-image:1.4.0
+image: onap/appc-cdt-image:1.4.3
pullPolicy: Always
# application configuration
flavor: small
# application image
repository: nexus3.onap.org:10001
-image: onap/appc-image:1.4.2-SNAPSHOT-latest
+image: onap/appc-image:1.4.3
pullPolicy: Always
# flag to enable debugging - application support required
openStackServiceTenantName: default
openStackDomain: default
openStackUserName: admin
- openStackEncryptedPassword: admin
+ openStackEncryptedPassword: enc:LDEbHEAvTF1R
odlUser: admin
appc-ansible-server:
nodePortPrefix: 302
repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ==
persistence: {}
+flavor: small
#################################################################
# Application configuration defaults.
# Minimum memory for development is 2 CPU cores and 4GB memory
# Minimum memory for production is 4 CPU cores and 8GB memory
resources:
- limits:
- cpu: 1
- memory: 4Gi
- requests:
- cpu: 10m
- memory: 2.5Gi
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 10m
+ memory: 2.5Gi
+ large:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 10m
+ memory: 2.5Gi
+ unlimited: {}
readinessRepository: oomk8s
readinessImage: readiness-check:1.1.0
persistence: {}
+flavor: small
#################################################################
# Application configuration defaults.
# Minimum memory for development is 2 CPU cores and 4GB memory
# Minimum memory for production is 4 CPU cores and 8GB memory
resources:
- limits:
- cpu: 1
- memory: 2Gi
- requests:
- cpu: 10m
- memory: 750Mi
-
+ small:
+ limits:
+ cpu: 1
+ memory: 2Gi
+ requests:
+ cpu: 10m
+ memory: 750Mi
+ large:
+ limits:
+ cpu: 1
+ memory: 2Gi
+ requests:
+ cpu: 10m
+ memory: 750Mi
+ unlimited: {}
readinessRepository: oomk8s
readinessImage: readiness-check:1.1.0
persistence: {}
+flavor: small
#################################################################
# Application configuration defaults.
# Minimum memory for development is 2 CPU cores and 4GB memory
# Minimum memory for production is 4 CPU cores and 8GB memory
resources:
- limits:
- cpu: 1
- memory: 1.3Gi
- requests:
- cpu: 10m
- memory: 750Mi
+ small:
+ limits:
+ cpu: 1
+ memory: 1.3Gi
+ requests:
+ cpu: 10m
+ memory: 750Mi
+ large:
+ limits:
+ cpu: 1
+ memory: 1.3Gi
+ requests:
+ cpu: 10m
+ memory: 750Mi
+ unlimited: {}
repository: nexus3.onap.org:10001
image: mariadb:10.1.11
pullPolicy: Always
+flavor: small
#################################################################
# Application configuration defaults.
# Minimum memory for development is 2 CPU cores and 4GB memory
# Minimum memory for production is 4 CPU cores and 8GB memory
resources:
- limits:
- cpu: 1
- memory: 500Mi
- requests:
- cpu: 10m
- memory: 200Mi
+ small:
+ limits:
+ cpu: 1
+ memory: 500Mi
+ requests:
+ cpu: 10m
+ memory: 200Mi
+ large:
+ limits:
+ cpu: 1
+ memory: 500Mi
+ requests:
+ cpu: 10m
+ memory: 200Mi
+ unlimited: {}
subChartsOnly:
enabled: true
+flavor: small
+
# application image
repository: nexus3.onap.org:10001
image: onap/clamp:3.0.3
# Minimum memory for development is 2 CPU cores and 4GB memory
# Minimum memory for production is 4 CPU cores and 8GB memory
resources:
- limits:
- cpu: 1
- memory: 1.2Gi
- requests:
- cpu: 10m
- memory: 800Mi
+ small:
+ limits:
+ cpu: 1
+ memory: 1.2Gi
+ requests:
+ cpu: 10m
+ memory: 800Mi
+ large:
+ limits:
+ cpu: 1
+ memory: 1.2Gi
+ requests:
+ cpu: 10m
+ memory: 800Mi
+ unlimited: {}
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-controllerblueprints:latest
+image: onap/ccsdk-controllerblueprints:0.3.2
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-dgbuilder-image:0.3.1
+image: onap/ccsdk-dgbuilder-image:0.3.2
pullPolicy: Always
# flag to enable debugging - application support required
# Minimum memory for development is 2 CPU cores and 4GB memory
# Minimum memory for production is 4 CPU cores and 8GB memory
resources:
- limits:
- cpu: 2
- memory: 4Gi
- requests:
- cpu: 1
- memory: 2Gi
+ small:
+ limits:
+ cpu: 2
+ memory: 4Gi
+ requests:
+ cpu: 1
+ memory: 2Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 4Gi
+ requests:
+ cpu: 1
+ memory: 2Gi
+ unlimited: {}
# Name for mariadb-galera cluster - should be unique accross all projects or other clusters
nameOverride: mariadb-galera
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-apps-ms-neng:0.3.1
+image: onap/ccsdk-apps-ms-neng:0.3.2
pullPolicy: IfNotPresent
# application configuration
--- /dev/null
+#!/usr/bin/env python
+
+#
+# Copyright (c) 2018 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+"""
+Provides utilities to display oom (sub)modules resources stats
+"""
+
+import os
+import sys
+import getopt
+from fnmatch import fnmatch as match
+import yaml
+
+def info(thing):
+ if thing:
+ sys.stderr.write("{}\n".format(thing))
+
+try:
+ from tabulate import tabulate
+except ImportError as e:
+ info("Warning: cannot import tabulate module (): {}".format(str(e)))
+ def tabulate(lines, headers, tablefmt=None):
+ ''' basic tabulate function '''
+ fmt = ""
+ nbco = len(headers)
+ lenco = map(len, headers)
+ for line in lines:
+ for i in range(nbco):
+ lenco[i] = max(lenco[i], len(str(line[i])))
+
+ fmt = map(lambda n: "{{:<{}}}".format(n), map(lambda i: i+2, lenco))
+ fmt = " ".join(fmt)
+ sep = map(lambda x: '-'*(x+2), lenco)
+
+ output = [fmt.format(*headers), fmt.format(*sep)]
+ for line in lines:
+ output.append(fmt.format(*line))
+ return "\n".join(output)
+
+
+def values(root='.'):
+ ''' Get the list of values.yaml files '''
+ a = []
+ for dirname, dirnames, filenames in os.walk(root):
+ for filename in filenames:
+ if filename == 'values.yaml':
+ a.append((dirname, filename))
+
+ if '.git' in dirnames:
+ # don't go into any .git directories.
+ dirnames.remove('.git')
+ return a
+
+
+def keys(dic, prefix=None):
+ ''' recursively traverse the specified dict to collect existing keys '''
+ result = []
+ if dic:
+ for k, v in dic.items():
+ if prefix:
+ k = '.'.join((prefix, k))
+ if isinstance(v, dict):
+ result += keys(v, k)
+ else:
+ result.append(k)
+ return result
+
+
+class Project:
+ '''
+ class to access to oom (sub)module (aka project) resources
+ '''
+
+ def __init__(self, dirname, filename):
+ self.dirname = os.path.normpath(dirname)
+ self.name = self.explicit()
+ self.filename = os.path.join(dirname, filename)
+ self.resources = None
+ self.load()
+
+ def load(self):
+ ''' load resources from yaml description '''
+ with open(self.filename, 'r') as istream:
+ try:
+ v = yaml.load(istream)
+ if v:
+ self.resources = v.get('resources', None)
+ except Exception as e:
+ print(e)
+ raise
+
+ def explicit(self):
+ ''' return an explicit name for the project '''
+ path = []
+ head, name = os.path.split(self.dirname)
+ if not name:
+ return head
+ while head:
+ head, tail = os.path.split(head)
+ if tail:
+ path.append(tail)
+ else:
+ path.append(head)
+ head = None
+ path.reverse()
+ index = path.index('charts') if 'charts' in path else None
+ if index:
+ name = os.path.join(path[index-1], name)
+ return name
+
+ def __contains__(self, key):
+ params = self.resources
+ if key:
+ for k in key.split('.'):
+ if params and k in params:
+ params = params[k]
+ else:
+ return False
+ return True
+
+ def __getitem__(self, key):
+ params = self.resources
+ for k in key.split('.'):
+ if k in params:
+ params = params[k]
+ if params != self.resources:
+ return params
+
+ def get(self, key, default="-"):
+ """ mimic dict method """
+ if key in self:
+ return self[key]
+ return default
+
+ def keys(self):
+ """ mimic dict method """
+ return keys(self.resources)
+
+
+#
+#
+#
+
+def usage(status=None):
+ """ usage doc """
+ arg0 = os.path.basename(os.path.abspath(sys.argv[0]))
+ print("""Usage: {} [options] <root-directory>""".format(arg0))
+ print((
+ "\n"
+ "Options:\n"
+ "-h, --help Show this help message and exit\n"
+ "-t, --table <format> Use the specified format to display the result table.\n"
+ " Valid formats are those from the python `tabulate'\n"
+ " module. When not available, a basic builtin tabular\n"
+ " function is used and this field has no effect\n"
+ "-f, --fields Comma separated list of resources fields to display.\n"
+ " You may use wildcard patterns, eg small.*. Implicit\n"
+ " value is *, ie all available fields will be used\n"
+ "Examples:\n"
+ " # {0} /opt/oom/kubernetes\n"
+ " # {0} -f small.\\* /opt/oom/kubernetes\n"
+ " # {0} -f '*requests.*' -t fancy_grid /opt/oom/kubernetes\n"
+ " # {0} -f small.requests.cpu,small.requests.memory /opt/oom/kubernetes\n"
+ ).format(arg0))
+ if status is not None:
+ sys.exit(status)
+
+
+def getopts():
+ """ read options from cmdline """
+ opts, args = getopt.getopt(sys.argv[1:],
+ "hf:t:",
+ ["help", "fields=", "table="])
+ if len(args) != 1:
+ usage(1)
+
+ root = args[0]
+ table = None
+ fields = ['*']
+ patterns = []
+
+ for opt, arg in opts:
+ if opt in ("-h", '--help'):
+ usage(0)
+ elif opt in ("-f", "--fields"):
+ fields = arg.split(',')
+ elif opt in ("-t", "--table"):
+ table = arg
+
+ return root, table, fields, patterns
+
+
+def main():
+ """ main """
+ try:
+ root, table, fields, patterns = getopts()
+ except getopt.GetoptError as e:
+ print("Error: {}".format(e))
+ usage(1)
+
+ if not os.path.isdir(root):
+ info("Cannot open {}: Not a directory".format(root))
+ return
+
+ # find projects
+ projects = []
+ for dirname, filename in values(root):
+ projects.append(Project(dirname, filename))
+ if not projects:
+ info("No projects found in {} directory".format(root))
+ return
+
+ # check if we want to use pattern matching (wildcard only)
+ if fields and reduce(lambda x, y: x or y,
+ map(lambda string: '*' in string, fields)):
+ patterns = fields
+ fields = []
+
+ # if fields are not specified or patterns are used, discover available fields
+ # and use them (sort for readability)
+ if patterns or not fields:
+ avail = sorted(set(reduce(lambda x, y: x+y,
+ map(lambda p: p.keys(), projects))))
+ if patterns:
+ for pattern in patterns:
+ fields += filter(lambda string: match(string, pattern), avail)
+ else:
+ fields = avail
+
+ # collect values for each project
+ results = map(lambda project: [project.name] + map(project.get,
+ fields),
+ projects)
+
+ # and then print
+ if results:
+ headers = ['project'] + fields
+ print(tabulate(sorted(results), headers, tablefmt=table))
+
+
+main()
tls_ca_mode : "cert_directory"
# optional tls_wss_ca_mode specifies the same for the tls based web-socket
tls_wss_ca_mode : "cert_directory"
+ # optional timeout_in_secs specifies the timeout for the http requests
+ timeout_in_secs: 60
+ # optional ws_ping_interval_in_secs specifies the ping interval for the web-socket connection
+ ws_ping_interval_in_secs: 180
# deploy_handler config
# changed from string "deployment_handler" in 2.3.1 to structure in 2.4.0
deploy_handler :
#
# "do_not_verify" - special hack to turn off the verification by cacert and hostname
tls_ca_mode : "cert_directory"
-
+ # optional timeout_in_secs specifies the timeout for the http requests
+ timeout_in_secs: 60
# Use to override default setting in blueprints
componentImages:
config_binding_service: onap/org.onap.dcaegen2.platform.configbinding.app-app:2.2.3
- datafile_collector: onap/org.onap.dcaegen2.collectors.datafile.datafile-app-server:1.0.4
- deployment_handler: onap/org.onap.dcaegen2.platform.deployment-handler:3.0.3
+ datafile_collector: onap/org.onap.dcaegen2.collectors.datafile.datafile-app-server:1.1.1
+ deployment_handler: onap/org.onap.dcaegen2.platform.deployment-handler:3.1.0
holmes_rules: onap/holmes/rule-management:1.2.3
holmes_engine: onap/holmes/engine-management:1.2.2
inventory: onap/org.onap.dcaegen2.platform.inventory-api:3.0.4
- policy_handler: onap/org.onap.dcaegen2.platform.policy-handler:4.4.0
+ policy_handler: onap/org.onap.dcaegen2.platform.policy-handler:4.5.0
service_change_handler: onap/org.onap.dcaegen2.platform.servicechange-handler:1.1.5
tca: onap/org.onap.dcaegen2.deployments.tca-cdap-container:1.1.0
ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.3.1
snmptrap: onap/org.onap.dcaegen2.collectors.snmptrap:1.4.0
- prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.1.1
- hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.0.0
+ prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.2.0-SNAPSHOT
+ hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.1.0-SNAPSHOT
# Resource Limit flavor -By Default using small
flavor: small
- mountPath: /etc/localtime
name: localtime
readOnly: true
+ - mountPath: /cfy-persist
+ name: cm-persistent
securityContext:
privileged: True
- lifecycle:
- postStart:
- exec:
- command:
- - bash
- - "-c"
- - |
- set -ex
- mkdir -p /var/run/secrets/kubernetes.io/
- ln -s /secret /var/run/secrets/kubernetes.io/serviceaccount
volumes:
- name: {{ include "common.fullname" . }}-config
configMap:
- name: localtime
hostPath:
path: /etc/localtime
+ - name: cm-persistent
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}-data
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+# Modifications Copyright © 2018 Amdocs, Bell Canada
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+ name: {{ include "common.fullname" . }}
+spec:
+ storageClassName: manual
+ capacity:
+ storage: {{ .Values.persistence.size }}
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ hostPath:
+ path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }}
-#\r
-# ============LICENSE_START=======================================================\r
-# org.onap.aai\r
-# ================================================================================\r
-# Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved.\r
-# Copyright © 2017-2018 Amdocs\r
-# Modifications Copyright © 2018 Bell Canada\r
-# ================================================================================\r
-# Licensed under the Apache License, Version 2.0 (the "License");\r
-# you may not use this file except in compliance with the License.\r
-# You may obtain a copy of the License at\r
-#\r
-# http://www.apache.org/licenses/LICENSE-2.0\r
-#\r
-# Unless required by applicable law or agreed to in writing, software\r
-# distributed under the License is distributed on an "AS IS" BASIS,\r
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
-# See the License for the specific language governing permissions and\r
-# limitations under the License.\r
-# ============LICENSE_END=========================================================\r
-#\r
-\r
-# Properties for the SchemaLocationsBean\r
-\r
-# The AAI Schema jar will be unpacked to bundleconfig/etc\r
-schemaConfig=NA\r
-# OXM files named aai_oxm_v*.xml are unpacked here:\r
-nodeDir=/opt/app/crud-api/bundleconfig/etc/oxm\r
-# DB Edge Rules are unpacked here:\r
-edgeDir=/opt/app/crud-api/bundleconfig/etc/dbedgerules\r
-# DB Edge Property files are copied here:\r
-edgePropsDir=/opt/app/crud-service/config/model\r
+# ================================================================================
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+ name: {{ include "common.fullname" . }}-data
+ labels:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+spec:
+ storageClassName: manual
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ resources:
+ requests:
+ storage: {{ .Values.persistence.size }}
+ selector:
+ matchLabels:
+ name: {{ include "common.fullname" . }}
\ No newline at end of file
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.cm-container:1.4.2
+image: onap/org.onap.dcaegen2.deployments.cm-container:1.5.0
pullPolicy: Always
# probe configuration parameters
# Kubernetes namespace for components deployed via Cloudify manager
# If empty, use the common namespace
# dcae_ns: "dcae"
+
+# Parameters for persistent storage
+persistence:
+ enabled: true
+ accessMode: ReadWriteOnce
+ size: 4Gi
+ mountPath: /dockerdata-nfs
+ mountSubPath: dcae-cm/data
periodSeconds: 10
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.healthcheck-container:1.1.2
+image: onap/org.onap.dcaegen2.deployments.healthcheck-container:1.2.1
# Resource Limit flavor -By Default using small
flavor: small
requests:
cpu: 1000m
memory: 2Gi
- unlimited: {}
\ No newline at end of file
+ unlimited: {}
--- /dev/null
+# Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+ name: {{ include "common.fullname" . }}-pdb
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.fullname" . }}
+ maxUnavailable: 1
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-*/}}
+{{- $root := . -}}
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-kind: PersistentVolume
+{{ range $i, $e := until (atoi (quote $root.Values.replicaCount) | default 3) }}
+---
apiVersion: v1
+kind: PersistentVolume
metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
+ name: {{ $root.Release.Name }}-{{ $root.Values.service.name }}-{{ $i }}
+ namespace: {{ $root.Release.Namespace }}
labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
- release: "{{ .Release.Name }}"
- heritage: "{{ .Release.Service }}"
- name: {{ include "common.fullname" . }}
+ app: {{ $root.Values.service.name }}
+ chart: {{ $root.Chart.Name }}-{{ $root.Chart.Version | replace "+" "_" }}
+ release: {{ $root.Release.Name }}
+ heritage: {{ $root.Release.Service }}
spec:
capacity:
- storage: {{ .Values.persistence.size }}
+ storage: {{ $root.Values.persistence.size }}
accessModes:
- - {{ .Values.persistence.accessMode }}
- persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
+ - {{ $root.Values.persistence.accessMode }}
hostPath:
- path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }}
-{{- end -}}
+ path: {{ $root.Values.persistence.mountPath }}/{{ $root.Release.Name }}/{{ $root.Values.persistence.mountSubPath }}-{{ $i }}
+ persistentVolumeReclaimPolicy: {{ $root.Values.persistence.volumeReclaimPolicy }}
+{{ end }}
+{{ end }}
+
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
+ type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
name: {{ .Values.service.portName }}
+ clusterIP: None
selector:
app: {{ include "common.name" . }}
release: {{ .Release.Name }}
+
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
-kind: Deployment
+apiVersion: apps/v1beta1
+kind: StatefulSet
metadata:
name: {{ include "common.fullname" . }}
namespace: {{ include "common.namespace" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
+ serviceName: {{ .Values.service.name }}
replicas: {{ .Values.replicaCount }}
+ podManagementPolicy: Parallel
template:
metadata:
labels:
app: {{ include "common.name" . }}
release: {{ .Release.Name }}
spec:
+ podAntiAffinity:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - weight: 1
+ podAffinityTerm:
+ labelSelector:
+ matchExpressions:
+ - key: "app"
+ operator: In
+ values:
+ - {{ include "common.name" . }}
+ topologyKey: "kubernetes.io/hostname"
initContainers:
- - name: {{ include "common.name" . }}-seed-kafka-topics
- command:
- - /bin/bash
- - -c
- - >
- if [ -d /tmp/topics/ECOMP-PORTAL-INBOX-0 ]; then
- echo "nothing to do";
- else
- git clone -b {{ .Values.config.gerritBranch }} --single-branch {{ .Values.config.gerritProject }} /tmp/gerrit;
- echo "Clone complete. Copying from /tmp/gerrit/oom-projects/data-kafka/kafka-logs/* to /tmp/topics";
- cp -var /tmp/gerrit/oom-topics/data-kafka/kafka-logs/* /tmp/topics;
- echo "Done.";
- fi
+ - name: {{ include "common.name" . }}-initcontainer
image: "{{ .Values.global.ubuntuInitRepository }}/{{ .Values.ubuntuInitImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /tmp/topics
- name: kafka-data
- command:
- /root/ready.py
args:
{{ include "common.resources" . | indent 12 }}
ports:
- containerPort: {{ .Values.service.internalPort }}
- {{ if eq .Values.liveness.enabled true }}
+ {{ if eq .Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
+ - name: HOST_NAME
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.name
+ - name: HOST_NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
- name: KAFKA_ZOOKEEPER_CONNECT
value: "{{.Values.zookeeper.name}}:{{.Values.zookeeper.port}}"
- name: KAFKA_LISTENER_SECURITY_PROTOCOL_MAP
value: "INTERNAL_PLAINTEXT:PLAINTEXT,EXTERNAL_PLAINTEXT:PLAINTEXT"
- name: KAFKA_ADVERTISED_LISTENERS
- value: "INTERNAL_PLAINTEXT://{{ include "common.servicename" . }}:{{.Values.service.internalPort}}"
+ value: "INTERNAL_PLAINTEXT://$(HOST_NAME).{{ .Values.service.name }}.$(HOST_NAMESPACE).svc.cluster.local:{{ .Values.service.internalPort}}"
- name: KAFKA_LISTENERS
value: "INTERNAL_PLAINTEXT://0.0.0.0:{{.Values.service.internalPort}}"
- name: KAFKA_INTER_BROKER_LISTENER_NAME
value: "INTERNAL_PLAINTEXT"
- name: KAFKA_LOG_DIRS
- value: "/kafka/logs"
+ value: "kafka/logs"
+ - name: BROKER_ID_COMMAND
+ value: "hostname | awk -F '-' '{print $NF}'"
+ - name: KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR
+ value: "{{ .Values.replicaCount }}"
+ - name: KAFKA_DEFAULT_REPLICATION_FACTOR
+ value: "{{ .Values.replicaCount }}"
+ - name: KAFKA_NUM_PARTITIONS
+ value: "{{ .Values.defaultpartitions }}"
volumeMounts:
- mountPath: /etc/localtime
name: localtime
- name: docker-socket
hostPath:
path: /var/run/docker.sock
+{{ if not .Values.persistence.enabled }}
- name: kafka-data
- persistentVolumeClaim:
- claimName: {{ include "common.fullname" . }}
+ emptyDir: {}
+{{ else }}
+ volumeClaimTemplates:
+ - metadata:
+ name: kafka-data
+ labels:
+ app: {{ include "common.fullname" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+ spec:
+ accessModes:
+ - {{ .Values.persistence.accessMode | quote }}
+ resources:
+ requests:
+ storage: {{ .Values.persistence.size | quote }}
+ selector:
+ matchLabels:
+ release: "{{ .Release.Name }}"
+ app: {{ .Values.service.name }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ heritage: "{{ .Release.Service }}"
+{{ end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
# flag to enable debugging - application support required
debugEnabled: false
-# application configuration
-config:
- # gerrit branch where the latest code is checked in
- gerritBranch: master
- # gerrit project where the latest code is checked in
- gerritProject: http://gerrit.onap.org/r/dmaap/messagerouter/messageservice.git
+# default number of instances
+replicaCount: 3
+# defult partitions
+defaultpartitions: 3
-# default number of instances
-replicaCount: 1
nodeSelector: {}
mountSubPath: message-router/data-kafka
service:
- type: NodePort
+ type: ClusterIP
name: message-router-kafka
portName: message-router-kafka
internalPort: 9092
cpu: 1000m
memory: 2Gi
unlimited: {}
+
--- /dev/null
+# Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+ name: {{ include "common.fullname" . }}-pdb
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.fullname" . }}
+ maxUnavailable: 1
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-*/}}
+{{- $root := . -}}
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-kind: PersistentVolume
+{{ range $i, $e := until (atoi (quote $root.Values.replicaCount) | default 3) }}
+---
apiVersion: v1
+kind: PersistentVolume
metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
+ name: {{ $root.Release.Name }}-{{ $root.Values.service.name }}-{{ $i }}
+ namespace: {{ $root.Release.Namespace }}
labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
- release: "{{ .Release.Name }}"
- heritage: "{{ .Release.Service }}"
- name: {{ include "common.fullname" . }}
+ app: {{ $root.Values.service.name }}
+ chart: {{ $root.Chart.Name }}-{{ $root.Chart.Version | replace "+" "_" }}
+ release: {{ $root.Release.Name }}
+ heritage: {{ $root.Release.Service }}
spec:
capacity:
- storage: {{ .Values.persistence.size }}
+ storage: {{ $root.Values.persistence.size }}
accessModes:
- - {{ .Values.persistence.accessMode }}
- persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
+ - {{ $root.Values.persistence.accessMode }}
hostPath:
- path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }}
-{{- end -}}
+ path: {{ $root.Values.persistence.mountPath }}/{{ $root.Release.Name }}/{{ $root.Values.persistence.mountSubPath }}-{{ $i }}
+ persistentVolumeReclaimPolicy: {{ $root.Values.persistence.volumeReclaimPolicy }}
+{{ end }}
+{{ end }}
+
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
# Modifications Copyright © 2018 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
+ type: {{ .Values.service.type }}
ports:
- - port: {{ .Values.service.internalPort }}
- name: {{ .Values.service.name }}
+ - port: {{ .Values.service.clientPort }}
+ name: {{ .Values.service.clientPortName }}
+ - port: {{ .Values.service.serverPort }}
+ name: {{ .Values.service.serverPortName }}
+ - port: {{ .Values.service.leaderElectionPort }}
+ name: {{ .Values.service.leaderElectionPortName }}
+ clusterIP: None
selector:
app: {{ include "common.name" . }}
- release: {{ .Release.Name }}
- clusterIP: None
+ release: {{ .Release.Name }}
\ No newline at end of file
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
-kind: Deployment
+apiVersion: apps/v1beta1
+kind: StatefulSet
metadata:
name: {{ include "common.fullname" . }}
namespace: {{ include "common.namespace" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
+ serviceName: {{ .Values.service.name }}
replicas: {{ .Values.replicaCount }}
+ updateStrategy:
+ type: RollingUpdate
+ rollingUpdate:
+ maxUnavailable: {{ .Values.maxUnavailable }}
+ podManagementPolicy: Parallel
template:
metadata:
labels:
app: {{ include "common.name" . }}
release: {{ .Release.Name }}
spec:
+ podAntiAffinity:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - weight: 1
+ podAffinityTerm:
+ labelSelector:
+ matchExpressions:
+ - key: "app"
+ operator: In
+ values:
+ - {{ include "common.name" . }}
+ topologyKey: "kubernetes.io/hostname"
initContainers:
- - name: {{ include "common.name" . }}-seed-zookeeper-topics
+ - name: {{ include "common.name" . }}-seed-topics-apikeys
command:
- /bin/bash
- -c
resources:
{{ include "common.resources" . | indent 12 }}
ports:
- - containerPort: {{ .Values.service.internalPort }}
+ - containerPort: {{ .Values.service.clientPort }}
+ name: {{ .Values.service.clientPortName }}
+ - containerPort: {{ .Values.service.serverPort }}
+ name: {{ .Values.service.serverPortName }}
+ - containerPort: {{ .Values.service.leaderElectionPort }}
+ name: {{ .Values.service.leaderElectionPortName }}
{{ if eq .Values.liveness.enabled true }}
livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
+ exec:
+ command:
+ - sh
+ - -c
+ - "zookeeper-ready.sh 2181"
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end }}
readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
+ exec:
+ command:
+ - sh
+ - -c
+ - "zookeeper-ready.sh 2181"
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ - name: ZK_REPLICAS
+ value: "{{ .Values.replicaCount }}"
+ - name: ZK_INIT_LIMIT
+ value: "{{ .Values.zk.initLimit }}"
+ - name: ZK_SYNC_LIMIT
+ value: "{{ .Values.zk.syncLimit }}"
volumeMounts:
- mountPath: /etc/localtime
name: localtime
readOnly: true
- - mountPath: /opt/zookeeper-3.4.9/data
+ - mountPath: /var/lib/zookeeper/data
name: zookeeper-data
volumes:
- name: localtime
hostPath:
path: /etc/localtime
+{{ if not .Values.persistence.enabled }}
- name: zookeeper-data
- persistentVolumeClaim:
- claimName: {{ include "common.fullname" . }}
+ emptyDir: {}
+{{ else }}
+ volumeClaimTemplates:
+ - metadata:
+ name: zookeeper-data
+ labels:
+ app: {{ include "common.fullname" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+ spec:
+ accessModes:
+ - {{ .Values.persistence.accessMode | quote }}
+ resources:
+ requests:
+ storage: {{ .Values.persistence.size | quote }}
+ selector:
+ matchLabels:
+ release: "{{ .Release.Name }}"
+ app: {{ .Values.service.name }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ heritage: "{{ .Release.Service }}"
+{{ end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
+
+
# Application configuration defaults.
#################################################################
# application image
-repository: docker.io
-image: wurstmeister/zookeeper:latest
+repository: nexus3.onap.org:10001
+image: onap/dmaap/zookeeper:1.0.0
pullPolicy: Always
ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
gerritProject: http://gerrit.onap.org/r/dmaap/messagerouter/messageservice.git
# default number of instances
-replicaCount: 1
+replicaCount: 3
nodeSelector: {}
initialDelaySeconds: 10
periodSeconds: 10
+#Zookeeper properties
+zk:
+ initLimit: 5
+ syncLimit: 2
+
## Persist data to a persitent volume
persistence:
enabled: true
accessMode: ReadWriteMany
size: 2Gi
mountPath: /dockerdata-nfs
- mountSubPath: message-router/data-zookeeper/
+ mountSubPath: message-router/data-zookeeper
+
+rollingUpdate:
+ maxUnavailable: 1
service:
- type: NodePort
+ type: ClusterIP
name: message-router-zookeeper
portName: message-router-zookeeper
- internalPort: 2181
+ clientPortName: client
+ clientPort: 2181
+ serverPortName: server
+ serverPort: 2888
+ leaderElectionPortName: leader-election
+ leaderElectionPort: 3888
ingress:
enabled: false
-###############################################################################
-# ============LICENSE_START=======================================================
+# LICENSE_START=======================================================
# org.onap.dmaap
# ================================================================================
# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
## hostname is determined via InetAddress.getLocalHost ().getCanonicalHostName(),
## which is not always adequate.) You can set this value explicitly here.
##
-cambria.api.node.identifier=message-router
+#cambria.api.node.identifier=<use-something-unique-to-this-instance>
#cambria.rateLimit.maxEmptyPollsPerMinute=30
#cambria.rateLimitActual.delay.ms=10
#metrics.send.cambria.sendEverySeconds=60
cambria.consumer.cache.zkBasePath=/fe3c/cambria/consumerCache
-
+consumer.timeout=17
+default.partitions=3
+default.replicas=3
##############################################################################
#100mb
maxcontentlength=10000
kafka.max.poll.interval.ms=300000
kafka.heartbeat.interval.ms=60000
kafka.session.timeout.ms=240000
-kafka.max.poll.records=1000
\ No newline at end of file
+kafka.max.poll.records=1000
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
-kind: Deployment
+apiVersion: apps/v1beta1
+kind: StatefulSet
metadata:
name: {{ include "common.fullname" . }}
namespace: {{ include "common.namespace" . }}
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/dmaap/dmaap-mr:1.1.8
+image: onap/dmaap/dmaap-mr:1.1.9
pullPolicy: Always
kafka:
# probe configuration parameters
liveness:
- initialDelaySeconds: 120
+ initialDelaySeconds: 70
periodSeconds: 10
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
readiness:
- initialDelaySeconds: 120
+ initialDelaySeconds: 70
periodSeconds: 10
service:
# default number of instances
# 30+ logs/sec will saturate a single node to 6+ vCores
-replicaCount: 5
+replicaCount: 3
nodeSelector: {}
requests:
cpu: 2
memory: 4Gi
- unlimited: {}
\ No newline at end of file
+ unlimited: {}
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/multicloud/openstack-ocata:1.2.1
+image: onap/multicloud/openstack-ocata:1.2.2
pullPolicy: Always
#Istio sidecar injection policy
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/multicloud/openstack-pike:1.2.1
+image: onap/multicloud/openstack-pike:1.2.2
pullPolicy: Always
#Istio sidecar injection policy
--- /dev/null
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP Multicloud Prometheus
+name: multicloud-prometheus
+version: 3.0.0
--- /dev/null
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP Multicloud Prometheus Alert Manager
+name: prometheus-alertmanager
+version: 3.0.0
--- /dev/null
+global: {}
+ # slack_api_url: ''
+
+receivers:
+ - name: default-receiver
+ # slack_configs:
+ # - channel: '@you'
+ # send_resolved: true
+
+route:
+ group_wait: 10s
+ group_interval: 5m
+ receiver: default-receiver
+ repeat_interval: 3h
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.global.alertmanager.enabled -}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+
+{{- end -}}
--- /dev/null
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.global.alertmanager.enabled -}}
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
+ name: {{ include "common.name" . }}
+ spec:
+ containers:
+ - name: {{ include "common.name" . }}-configmap-reload
+ image: "{{ .Values.global.configmapReload.image.repository }}:{{ .Values.global.configmapReload.image.tag }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ args:
+ - --volume-dir=/etc/config
+ - --webhook-url=http://localhost:9093/-/reload
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-config
+ mountPath: /etc/config
+ readOnly: true
+
+ - name: {{ include "common.name" . }}
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ args:
+ - --config.file=/etc/config/alertmanager.yml
+ - --storage.path={{ .Values.persistence.containerMountPath }}
+ resources:
+{{ toYaml .Values.resources | indent 10 }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ {{- if .Values.readiness.enabled }}
+ readinessProbe:
+ httpGet:
+ path: /#/status
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
+ {{ end -}}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-config
+ mountPath: /etc/config
+ - name: {{ include "common.fullname" . }}-storage
+ mountPath: {{ .Values.persistence.containerMountPath }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+ {{- end }}
+ volumes:
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}
+ - name: {{ include "common.fullname" . }}-storage
+ {{- if .Values.persistence.enabled }}
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}
+ {{- else }}
+ emptyDir: {}
+ {{- end }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ restartPolicy: Always
+
+{{- end -}}
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.global.alertmanager.enabled -}}
+
+{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+ name: {{ include "common.fullname" . }}
+spec:
+ capacity:
+ storage: {{ .Values.persistence.size}}
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
+ hostPath:
+ path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }}
+{{- end -}}
+
+{{- end -}}
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.global.alertmanager.enabled -}}
+
+{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+{{- if .Values.persistence.annotations }}
+ annotations:
+{{ toYaml .Values.persistence.annotations | indent 4 }}
+{{- end }}
+spec:
+ selector:
+ matchLabels:
+ name: {{ include "common.fullname" . }}
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ resources:
+ requests:
+ storage: {{ .Values.persistence.size }}
+{{- if .Values.persistence.storageClass }}
+{{- if (eq "-" .Values.persistence.storageClass) }}
+ storageClassName: ""
+{{- else }}
+ storageClassName: "{{ .Values.persistence.storageClass }}"
+{{- end }}
+{{- end }}
+{{- end -}}
+
+{{- end -}}
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.global.alertmanager.enabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ .Values.service.name }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ annotations:
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - name: {{ .Values.service.portName }}
+ {{if eq .Values.service.type "NodePort" -}}
+ port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default "302" }}{{ .Values.service.nodePort }}
+ {{- else -}}
+ port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ {{- end}}
+ protocol: TCP
+{{- if .Values.service.meshpeer.enabled }}
+ - name: {{ .Values.service.meshpeer.portName }}
+ port: {{ .Values.service.meshpeer.port }}
+ targetPort: {{ .Values.service.meshpeer.port }}
+ protocol: TCP
+{{- end }}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
+
+{{- end -}}
\ No newline at end of file
--- /dev/null
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ persistence: {}
+
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+#Alertmanager Configuration
+image:
+ repository: prom/alertmanager
+ tag: v0.15.2
+
+persistence:
+ enabled: true
+ volumeReclaimPolicy: Retain
+ accessMode: ReadWriteOnce
+ size: 2Gi
+ mountPath: /dockerdata-nfs
+ mountSubPath: multicloud/prometheus/alertmanager
+ containerMountPath: /alertmanager/data
+
+#Service configuration for this chart
+service:
+ type: ClusterIP
+ name: multicloud-prometheus-alertmanager
+ portName: prometheus-alertmanager
+ internalPort: 9093
+ externalPort: 9093
+
+ meshpeer:
+ enabled: false
+ portName: multicloud-prometheus-meshpeer
+ port: 6783
+
+# probe configuration parameters
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 30
+ timeoutSeconds: 30
+ enabled: true
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+ingress:
+ enabled: false
+
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 10m
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 8Gi
+ requests:
+ cpu: 20m
+ memory: 2Gi
+ unlimited: {}
--- /dev/null
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP Multicloud Grafana for Prometheus
+name: prometheus-grafana
+version: 3.0.0
--- /dev/null
+paths:
+ data: /var/lib/grafana/data
+ logs: /var/log/grafana
+ plugins: /var/lib/grafana/plugins
+ provisioning: /etc/grafana/provisioning
+analytics:
+ check_for_updates: true
+log:
+ mode: console
+grafana_net:
+ url: https://grafana.net
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.global.grafana.enabled -}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+
+{{- if .Values.datasources }}
+ {{- range $key, $value := .Values.datasources }}
+ {{ $key }}: |
+{{ toYaml $value | indent 4 }}
+ {{- end -}}
+{{- end -}}
+
+{{- if .Values.dashboardProviders }}
+ {{- range $key, $value := .Values.dashboardProviders }}
+ {{ $key }}: |
+{{ toYaml $value | indent 4 }}
+ {{- end -}}
+{{- end -}}
+
+{{- if .Values.dashboards }}
+ download_dashboards.sh: |
+ #!/usr/bin/env sh
+ set -euf
+ {{- if .Values.dashboardProviders }}
+ {{- range $key, $value := .Values.dashboardProviders }}
+ {{- range $value.providers }}
+ mkdir -p {{ .options.path }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ {{- range $provider, $dashboards := .Values.dashboards }}
+ {{- range $key, $value := $dashboards }}
+ {{- if (or (hasKey $value "gnetId") (hasKey $value "url")) }}
+ curl -sk \
+ --connect-timeout 60 \
+ --max-time 60 \
+ -H "Accept: application/json" \
+ -H "Content-Type: application/json;charset=UTF-8" \
+ {{- if $value.url -}}{{ $value.url }}{{- else -}} https://grafana.com/api/dashboards/{{ $value.gnetId }}/revisions/{{- if $value.revision -}}{{ $value.revision }}{{- else -}}1{{- end -}}/download{{- end -}}{{ if $value.datasource }}| sed 's|\"datasource\":[^,]*|\"datasource\": \"{{ $value.datasource }}\"|g'{{ end }} \
+ > /var/lib/grafana/dashboards/{{ $provider }}/{{ $key }}.json
+ {{- end }}
+ {{- end }}
+ {{- end }}
+{{- end }}
+
+{{- if .Values.dashboards }}
+ {{- range $provider, $dashboards := .Values.dashboards }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" $ }}-dashboards-{{ $provider }}
+ namespace: {{ include "common.namespace" $ }}
+ labels:
+ app: {{ include "common.name" $ }}
+ chart: {{ $.Chart.Name }}-{{ $.Chart.Version | replace "+" "_" }}
+ release: {{ $.Release.Name }}
+ heritage: {{ $.Release.Service }}
+ dashboard-provider: {{ $provider }}
+data:
+ {{- range $key, $value := $dashboards }}
+ {{- if hasKey $value "json" }}
+ {{ $key }}.json: |
+{{ $value.json | indent 4 }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+
+{{- end }}
+{{- end -}}
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.global.grafana.enabled -}}
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
+ name: {{ include "common.name" . }}
+ spec:
+ {{- if .Values.dashboards }}
+ initContainers:
+ - name: {{ include "common.name" . }}-download-dashboards
+ image: "{{ .Values.downloadDashboardsImage.repository }}:{{ .Values.downloadDashboardsImage.tag }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command: ["sh", "/etc/grafana/download_dashboards.sh"]
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-config
+ mountPath: "/etc/grafana/download_dashboards.sh"
+ subPath: download_dashboards.sh
+ - name: {{ include "common.fullname" . }}-storage
+ mountPath: {{ .Values.persistence.containerMountPath }}
+ {{- end }}
+
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ resources:
+{{ toYaml .Values.resources | indent 10 }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ protocol: TCP
+ {{- if .Values.liveness.enabled }}
+ livenessProbe:
+ httpGet:
+ path: /api/health
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
+ {{ end -}}
+ {{- if .Values.readiness.enabled }}
+ readinessProbe:
+ httpGet:
+ path: /api/health
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
+ {{ end -}}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-config
+ mountPath: "/etc/grafana/grafana.ini"
+ subPath: grafana.ini
+ - name: {{ include "common.fullname" . }}-storage
+ mountPath: {{ .Values.persistence.containerMountPath }}
+ {{- if .Values.dashboards }}
+ {{- range $provider, $dashboards := .Values.dashboards }}
+ {{- range $key, $value := $dashboards }}
+ {{- if hasKey $value "json" }}
+ - name: {{ include "common.fullname" $ }}-dashboards-{{ $provider }}
+ mountPath: "/var/lib/grafana/dashboards/{{ $provider }}/{{ $key }}.json"
+ subPath: "{{ $key }}.json"
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ {{- end -}}
+ {{- if .Values.datasources }}
+ - name: {{ include "common.fullname" . }}-config
+ mountPath: "/etc/grafana/provisioning/datasources/datasources.yaml"
+ subPath: datasources.yaml
+ {{- end }}
+ {{- if .Values.dashboardProviders }}
+ - name: {{ include "common.fullname" . }}-config
+ mountPath: "/etc/grafana/provisioning/dashboards/dashboardproviders.yaml"
+ subPath: dashboardproviders.yaml
+ {{- end }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+ {{- end }}
+ volumes:
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}
+ - name: {{ include "common.fullname" . }}-storage
+ {{- if .Values.persistence.enabled }}
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}
+ {{- else }}
+ emptyDir: {}
+ {{- end }}
+ {{- if .Values.dashboards }}
+ {{- range keys .Values.dashboards }}
+ - name: {{ include "common.fullname" $ }}-dashboards-{{ . }}
+ configMap:
+ name: {{ include "common.fullname" $ }}-dashboards-{{ . }}
+ {{- end }}
+ {{- end }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ restartPolicy: Always
+
+{{- end -}}
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.global.grafana.enabled -}}
+
+{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+ name: {{ include "common.fullname" . }}
+spec:
+ capacity:
+ storage: {{ .Values.persistence.size}}
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
+ hostPath:
+ path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }}
+{{- end -}}
+
+{{- end -}}
\ No newline at end of file
{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Copyright 2018 Intel Corporation, Inc
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
*/}}
+{{- if .Values.global.grafana.enabled -}}
+
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
kind: PersistentVolumeClaim
apiVersion: v1
{{- end }}
{{- end }}
{{- end -}}
+
+{{- end -}}
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.global.grafana.enabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ .Values.service.name }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ annotations:
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - name: {{ .Values.service.portName }}
+ {{if eq .Values.service.type "NodePort" -}}
+ port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default "302" }}{{ .Values.service.nodePort }}
+ {{- else -}}
+ port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ {{- end}}
+ protocol: TCP
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
+
+{{- end -}}
\ No newline at end of file
--- /dev/null
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ persistence: {}
+
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+#Alertmanager Configuration
+image:
+ repository: grafana/grafana
+ tag: 5.2.4
+
+downloadDashboardsImage:
+ repository: appropriate/curl
+ tag: latest
+
+persistence:
+ enabled: true
+ volumeReclaimPolicy: Retain
+ accessMode: ReadWriteOnce
+ size: 10Gi
+ mountPath: /dockerdata-nfs
+ mountSubPath: multicloud/prometheus/grafana
+ containerMountPath: /grafana/data
+
+#Service configuration for this chart
+service:
+ type: ClusterIP
+ name: multicloud-prometheus-grafana
+ portName: prometheus-grafana
+ internalPort: 3000
+ externalPort: 3000
+
+#Grafana Datasources
+datasources:
+ datasources.yaml:
+ apiVersion: 1
+ datasources:
+ - name: Prometheus
+ type: prometheus
+ #Make sure the port number matches for the prometheus service
+ url: http://multicloud-prometheus:9090
+ access: proxy
+ isDefault: true
+
+
+#Grafana Dashboard providers
+dashboardProviders: {}
+
+#Grafana Dashboards for importing
+#This requires dashboardProviders to be enabled with some data
+#The dashboards will be downloaded from the URL provided in
+#dashboardProviders
+dashboards: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 30
+ timeoutSeconds: 30
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 30
+ timeoutSeconds: 30
+ enabled: true
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+ingress:
+ enabled: false
+
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 10m
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 8Gi
+ requests:
+ cpu: 20m
+ memory: 2Gi
+ unlimited: {}
--- /dev/null
+global:
+ scrape_interval: 1m
+ scrape_timeout: 10s
+ evaluation_interval: 1m
+
+rule_files:
+ - /etc/config/rules
+ - /etc/config/alerts
+
+scrape_configs:
+ - job_name: prometheus
+ static_configs:
+ - targets:
+ - localhost:9090
+ {{/*
+ #Add more jobs after this indent if needed
+ */}}
+
+{{- if .Values.global.alertmanager.enabled }}
+alerting:
+ alertmanagers:
+ - kubernetes_sd_configs:
+ - role: pod
+ relabel_configs:
+ - source_labels: [__meta_kubernetes_namespace]
+ regex: {{ include "common.namespace" . }}
+ action: keep
+ - source_labels: [__meta_kubernetes_pod_label_app]
+ regex: prometheus
+ action: keep
+ - source_labels: [__meta_kubernetes_pod_label_component]
+ regex: alertmanager
+ action: keep
+ - source_labels: [__meta_kubernetes_pod_container_port_number]
+ regex:
+ action: drop
+{{- end -}}
--- /dev/null
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.global.prometheus.enabled -}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+
+{{- end -}}
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.global.prometheus.enabled -}}
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
+ name: {{ include "common.name" . }}
+ spec:
+ initContainers:
+ - image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-chown-init
+ command: ["chown", "-R", "65534:65534", "{{ .Values.persistence.containerMountPath }}"]
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-storage
+ mountPath: {{ .Values.persistence.containerMountPath }}
+ containers:
+ - name: {{ include "common.name" . }}-configmap-reload
+ image: "{{ .Values.global.configmapReload.image.repository }}:{{ .Values.global.configmapReload.image.tag }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ args:
+ - --volume-dir=/etc/config
+ - --webhook-url=http://localhost:9090/-/reload
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-config
+ mountPath: /etc/config
+ readOnly: true
+
+ - name: {{ include "common.name" . }}-server
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ args:
+ - --config.file=/etc/config/prometheus.yml
+ - --storage.tsdb.path={{ .Values.persistence.containerMountPath }}
+ - --web.console.libraries=/etc/prometheus/console_libraries
+ - --web.console.templates=/etc/prometheus/consoles
+ - --web.enable-lifecycle
+ {{- if .Values.server.enableAdminApi }}
+ - --web.enable-admin-api
+ {{- end }}
+ resources:
+{{ toYaml .Values.resources | indent 10 }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if .Values.liveness.enabled }}
+ livenessProbe:
+ httpGet:
+ path: /-/healthy
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
+ {{ end -}}
+ {{- if .Values.readiness.enabled }}
+ readinessProbe:
+ httpGet:
+ path: /-/ready
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
+ {{ end -}}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-config
+ mountPath: /etc/config
+ - name: {{ include "common.fullname" . }}-storage
+ mountPath: {{ .Values.persistence.containerMountPath }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+ {{- end }}
+ volumes:
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}
+ - name: {{ include "common.fullname" . }}-storage
+ {{- if .Values.persistence.enabled }}
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}
+ {{- else }}
+ emptyDir: {}
+ {{- end }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ restartPolicy: Always
+
+{{- end -}}
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.global.prometheus.enabled -}}
+
+{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+ name: {{ include "common.fullname" . }}
+spec:
+ capacity:
+ storage: {{ .Values.persistence.size}}
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
+ hostPath:
+ path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }}
+{{- end -}}
+
+{{- end -}}
\ No newline at end of file
{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Copyright 2018 Intel Corporation, Inc
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
*/}}
+{{- if .Values.global.prometheus.enabled -}}
+
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
kind: PersistentVolumeClaim
apiVersion: v1
{{- end }}
{{- end }}
{{- end -}}
+
+{{- end -}}
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.global.prometheus.enabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ .Values.service.name }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ annotations:
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - name: {{ .Values.service.portName }}
+ {{if eq .Values.service.type "NodePort" -}}
+ port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default "302" }}{{ .Values.service.nodePort }}
+ {{- else -}}
+ port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ {{- end}}
+ protocol: TCP
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
+
+{{- end -}}
\ No newline at end of file
--- /dev/null
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+ busyboxRepository: registry.hub.docker.com
+ busyboxImage: library/busybox:latest
+ alertmanager:
+ enabled: false
+ grafana:
+ enabled: false
+ configmapReload:
+ image:
+ repository: jimmidyson/configmap-reload
+ tag: v0.2.2
+ persistence: {}
+
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+#Server Configuration
+image:
+ repository: prom/prometheus
+ tag: v2.4.0
+
+server:
+ enableAdminApi: false
+
+persistence:
+ enabled: true
+ volumeReclaimPolicy: Retain
+ accessMode: ReadWriteOnce
+ size: 8Gi
+ mountPath: /dockerdata-nfs
+ mountSubPath: multicloud/prometheus/server
+ containerMountPath: /prometheus/data
+
+#Service configuration for this chart
+service:
+ type: ClusterIP
+ name: multicloud-prometheus
+ portName: multicloud-prometheus
+ internalPort: 9090
+ externalPort: 9090
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 30
+ timeoutSeconds: 30
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 30
+ timeoutSeconds: 30
+ enabled: true
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+ingress:
+ enabled: false
+
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 10m
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 8Gi
+ requests:
+ cpu: 20m
+ memory: 2Gi
+ unlimited: {}
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/multicloud/openstack-windriver:1.2.1
+image: onap/multicloud/openstack-windriver:1.2.2
pullPolicy: Always
#Istio sidecar injection policy
nodePortPrefix: 302
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ prometheus:
+ enabled: false
#################################################################
# Application configuration defaults.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/multicloud/framework:1.2.1
+image: onap/multicloud/framework:1.2.2
pullPolicy: Always
#Istio sidecar injection policy
--- /dev/null
+# NBI
+
+## Introduction
+
+NBI stands for NorthBound Interface. It brings to ONAP a set of API that can be
+used by external systems as BSS for example. These API are based on TMF API.
+
+Full description is on [ONAP Read the Doc](https://onap.readthedocs.io/en/latest/submodules/externalapi/nbi.git/docs/offeredapis/index.html).
+
+## Requirements
+
+NBI needs the following ONAP projects to work:
+
+- AAI
+- SO
+- SDC
+- MSB
enabled: false
log:
enabled: false
+ log-logstash:
+ replicaCount: 1
sniro-emulator:
enabled: false
oof:
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada, Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+# This override file is used to deploy a minmal configuration to
+# to onboard and deploy a VNF.
+# It includes the following components:
+# A&AI, DMAAP, Portal, Robot, SDC, SDNC, SO, VID
+#
+# Minimal resources are also reviewed for the various containers
+# A&AI: no override => to be fixed
+# DMAAP: no override
+# Portal: new values
+# Robot: new values
+# SO: no override
+# SDC: new values
+# SDNC: no override
+# VID: no override
+#
+# Replica are set to 1 (A&AI Cassandra)
+#
+# In addition, some parameters are set to limit the memory footprint
+#
+# It overrides the default ONAP parent chart behaviour to deploy
+# all of ONAP.
+#
+# helm deploy minimal local/onap --namespace onap -f minimal-onap.yaml
+
+#################################################################
+# Minimal ONAP deployment to onboard and deploy a VNF
+#################################################################
+aai:
+ enabled: true
+ global:
+ cassandra:
+ replicas: 1
+ aai-cassandra:
+ replicaCount: 1
+aaf:
+ enabled: false
+appc:
+ enabled: false
+clamp:
+ enabled: false
+cli:
+ enabled: false
+consul:
+ enabled: false
+contrib:
+ enabled: false
+dcaegen2:
+ enabled: false
+dmaap:
+ enabled: true
+esr:
+ enabled: false
+log:
+ enabled: false
+msb:
+ enabled: false
+multicloud:
+ enabled: false
+nbi:
+ enabled: false
+oof:
+ enabled: false
+policy:
+ enabled: false
+pomba:
+ enabled: false
+portal:
+ enabled: true
+ portal-cassandra:
+ config:
+ cassandraJvmOpts: "-Xmx512m -Xms256m"
+ resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 2Gi
+ requests:
+ cpu: 100m
+ memory: 1Gi
+ portal-app:
+ resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 2Gi
+ requests:
+ cpu: 100m
+ memory: 1Gi
+ resources:
+ portal-mariaddb:
+ resources:
+ small:
+ limits:
+ cpu: 800m
+ memory: 1Gi
+ requests:
+ cpu: 100m
+ memory: 500Mi
+ portal-widget:
+ resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 2Gi
+ requests:
+ cpu: 100m
+ memory: 500Mi
+robot:
+ enabled: true
+ config:
+ openStackEncryptedPasswordHere: "$OPENSTACK_ENCRYPTED_PASSWORD"
+ resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 2Gi
+ requests:
+ cpu: 10m
+ memory: 100Mi
+sdc:
+ enabled: true
+ sdc-be:
+ config:
+ javaOptions: "-Xdebug -agentlib:jdwp=transport=dt_socket,address=4000,server=y,suspend=n -Xmx512m -Xms256m"
+ sdc-fe:
+ resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 2Gi
+ requests:
+ cpu: 10m
+ memory: 500Mi
+ sdc-cs:
+ config:
+ maxHeapSize: "512M"
+ heapNewSize: "256M"
+sdnc:
+ enabled: true
+sniro-emulator:
+ enabled: false
+so:
+ enabled: true
+ config:
+ # openstack configuration
+ openStackUserName: "$OPENSTACK_USER_NAME"
+ openStackRegion: "$OPENSTACK_REGION"
+ openStackKeyStoneUrl: "$OPENSTACK_KEYSTONE_URL"
+ openStackServiceTenantName: "$OPENSTACK_TENANT_NAME"
+ openStackEncryptedPasswordHere: "$OPENSTACK_ENCRYPTED_PASSWORD"
+uui:
+ enabled: false
+vid:
+ enabled: true
+vfc:
+ enabled: false
+vnfsdk:
+ enabled: false
+vvp:
+ enabled: false
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2018 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
robot:
enabled: true
config:
-# openStackEncryptedPasswordHere should match the encrypted string used in SO and APPC and overridden per environment
+ # openStackEncryptedPasswordHere should match the encrypted string used in SO and APPC and overridden per environment
openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e"
sdc:
enabled: true
internalPort: 8080
externalPort: 8080
#nodePort: 23
- # as of 20181022 port 23 is reserved for cmso
+ # as of 20181022 port 23 is reserved for cmso
# see https://wiki.onap.org/display/DW/OOM+NodePort+List
# Minimum memory for development is 2 CPU cores and 4GB memory
# Minimum memory for production is 4 CPU cores and 8GB memory
resources:
- limits:
- cpu: 1
- memory: 1.2Gi
- requests:
- cpu: 10m
- memory: 800Mi
+ small:
+ limits:
+ cpu: 1
+ memory: 1.2Gi
+ requests:
+ cpu: 10m
+ memory: 800Mi
+ large:
+ limits:
+ cpu: 1
+ memory: 1.2Gi
+ requests:
+ cpu: 10m
+ memory: 800Mi
+ unlimited: {}
commonConfigPrefix: onap-oof-has
image:
readiness: oomk8s/readiness-check:2.0.0
- optf_has: onap/optf-has:1.2.4
+ optf_has: onap/optf-has:1.2.5
filebeat: docker.elastic.co/beats/filebeat:5.5.0
pullPolicy: Always
for i in 1 2 3 4 5 6 7 8 9
do
- MIRROR_IP=$(curl -s $KUBE_API/namespaces/{{ include "common.namespace" . }}/services/dcae-pnda-mirror \
- --header "Authorization: Bearer $KUBE_TOKEN" \
- --insecure | jq -r '.status.loadBalancer.ingress[0].ip')
+ MIRROR_IP=$(curl -s $KUBE_API/namespaces/{{ include "common.namespace" . }}/pods \
+ --header "Authorization: Bearer $KUBE_TOKEN" \
+ --insecure | jq -r '.items[].status | select(.containerStatuses != null) | select(.containerStatuses[].ready and .containerStatuses[].name=="dcae-pnda-mirror") | .hostIP')
+ MIRROR_PORT=$(curl -s $KUBE_API/namespaces/{{ include "common.namespace" . }}/services/dcae-pnda-mirror \
+ --header "Authorization: Bearer $KUBE_TOKEN" \
+ --insecure | jq -r '.spec.ports[] | select(.name=="dcae-pnda-mirror") | .nodePort')
- if [ "$MIRROR_IP" != "null" ]; then
+ if [ "x${MIRROR_IP}" != "xnull" -a "x${MIRROR_PORT}" != "xnull" ]; then
+ PNDA_MIRROR="http://$MIRROR_IP:$MIRROR_PORT"
break
fi
sleep 5
done
-PNDA_MIRROR="http://$MIRROR_IP:80"
+[ -z "${PNDA_MIRROR}" ] && { echo "Unable to get PNDA mirror IP:PORT"; exit 1; }
sed -i -e 's?CLIENT_IP/32?CLIENT_IP?' bootstrap-scripts/package-install.sh
# Global configuration defaults.
#################################################################
global:
- nodePortPrefix: 302
+ nodePortPrefixExt: 304
readinessRepository: oomk8s
readinessImage: readiness-check:2.0.0
loggingRepository: docker.elastic.co
ports:
{{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort }}
name: {{ .Values.service.portName }}
{{- else -}}
- port: {{ .Values.service.externalPort }}
# Global configuration defaults.
#################################################################
global:
- nodePortPrefix: 302
+ nodePortPrefixExt: 304
readinessRepository: oomk8s
readinessImage: readiness-check:2.0.0
loggingRepository: docker.elastic.co
periodSeconds: 10
service:
- type: LoadBalancer
- name: dcae-pnda-mirror
- portName: client
+ type: NodePort
+ portName: dcae-pnda-mirror
+ nodePort: "00"
externalPort: 80
internalPort: 80
"host":"0.0.0.0",
"port":6969,
"userName":"healthcheck",
- "password":"zb!XztG34"
+ "password":"zb!XztG34",
+ "https":true
},
"receptionHandlerParameters":{
"SDCReceptionHandler":{
"xacmlPdpConfiguration":{
"parameterClassName":"org.onap.policy.distribution.forwarding.xacml.pdp.XacmlPdpPolicyForwarderParameterGroup",
"parameters":{
- "useHttps": false,
+ "useHttps": true,
"hostname": "pdp",
"port": 8081,
"userName": "testpdp",
"password": "alpha123",
"clientAuth": "cHl0aG9uOnRlc3Q=",
"isManaged": true,
- "pdpGroup": "pdpGroup"
+ "pdpGroup": "default"
}
},
"apexForwarderConfiguration":{
}
}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
+sleep 2
+
+echo "Create BRMSParamCCVPN Policy"
+curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/html' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
+ "policyConfigType": "BRMS_PARAM",
+ "policyName": "com.BRMSParamCCVPN",
+ "policyDescription": "BRMS Param CCVPN policy",
+ "policyScope": "com",
+ "attributes": {
+ "MATCHING": {
+ "controller" : "amsterdam"
+ },
+ "RULE": {
+ "templateName": "ClosedLoopControlName",
+ "closedLoopControlName": "ControlLoop-CCVPN-2179b738-fd36-4843-a71a-a8c24c70c66b",
+ "controlLoopYaml": "controlLoop%3A%0D%0A++version%3A+2.0.0%0D%0A++controlLoopName%3A+ControlLoop-CCVPN-2179b738-fd36-4843-a71a-a8c24c70c66b%0D%0A++trigger_policy%3A+unique-policy-id-16-Reroute%0D%0A++timeout%3A+3600%0D%0A++abatement%3A+false%0D%0A+%0D%0Apolicies%3A%0D%0A++-+id%3A+unique-policy-id-16-Reroute%0D%0A++++name%3A+Connectivity Reroute%0D%0A++++description%3A%0D%0A++++actor%3A+SDNC%0D%0A++++recipe%3A+Reroute%0D%0A++++target%3A%0D%0A++++++type%3A+VM%0D%0A++++retry%3A+3%0D%0A++++timeout%3A+1200%0D%0A++++success%3A+final_success%0D%0A++++failure%3A+final_failure%0D%0A++++failure_timeout%3A+final_failure_timeout%0D%0A++++failure_retries%3A+final_failure_retries%0D%0A++++failure_exception%3A+final_failure_exception%0D%0A++++failure_guard%3A+final_failure_guard"
+ }
+ }
+}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
+
#########################################Create Micro Service Config policies##########################################
echo "Create MicroService Config Policies"
"policyType": "BRMS_Param"
}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
+sleep 2
+
+echo "pushPolicy : PUT : com.BRMSParamCCVPN"
+curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
+ "pdpGroup": "default",
+ "policyName": "com.BRMSParamCCVPN",
+ "policyType": "BRMS_Param"
+}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
+
#########################################Pushing MicroService Config policies##########################################
echo "Pushing MicroService Config policies"
# AAI REST Client Configuration
aai.serviceName={{ .Values.config.aaiServiceName }}.{{.Release.Namespace}}
aai.servicePort={{ .Values.config.aaiPort }}
+# AAI APIs authentication mode. Valid values: [basic_auth, client_cert]
+aai.authentication=basic_auth
+aai.trustStorePath=n/a
+aai.keyStorePath=n/a
+aai.keyStorePassword=n/a
aai.username={{ .Values.config.aaiUsername }}
aai.password={{ .Values.config.aaiPassword }}
aai.httpProtocol={{ .Values.config.aaiHttpProtocol }}
--- /dev/null
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+server.host={{ .Values.config.sdncCtxBuilderHost }}
+basicauth.username={{ .Values.config.sdncCtxBuilderUsername }}
+basicauth.password={{ .Values.config.sdncCtxBuilderPassword }}
+server.port={{ .Values.config.ctxBuilderExternalPort }}
+server.protocol=http
+trust.store.path=/auth/tomcat_keystore
+key.store.path=/auth/aai-client-cert.p12
+key.store.password=70c87528c88dcd9f9c2558d30e817868
+key.store.type=PKCS12
+key.manager.factory.algorithm=SunX509
+security.protocol=TLS
+connection.timeout.ms=60000
+read.timeout.ms=60000
+base.uri=/sdnccontextbuilder/v1/service/context
name: {{ include "common.fullname" . }}-dynamic-policy
- mountPath: /logs/
name: {{ include "common.fullname" . }}-logs
+ resources:
+{{ include "common.resources" . | indent 10 }}
ports:
- containerPort: {{ .Values.service.internalPort }}
{{- if eq .Values.liveness.enabled true }}
# application image
repository: nexus3.onap.org:10001
-image: onap/data-router:1.3.0
+image: onap/data-router:1.3.1
pullPolicy: Always
restartPolicy: Always
xpack.watcher.enabled: false
#Set to false to disable Watcher.
+
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIID/TCCAuWgAwIBAgIJALVJyrUvH8uGMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD
+VQQGEwJBVTERMA8GA1UECAwIVmljdG9yaWExEjAQBgNVBAcMCU1lbGJvdXJuZTEd
+MBsGA1UECgwURXhhbXBsZSBPcmdhbml6YXRpb24xGzAZBgNVBAMMEmtpYmFuYS5l
+eGFtcGxlLm9yZzEiMCAGCSqGSIb3DQEJARYTZXhhbXBsZUBleGFtcGxlLm9yZzAe
+Fw0xNjA5MTgwMzU4NTNaFw0yNjA5MTYwMzU4NTNaMIGUMQswCQYDVQQGEwJBVTER
+MA8GA1UECAwIVmljdG9yaWExEjAQBgNVBAcMCU1lbGJvdXJuZTEdMBsGA1UECgwU
+RXhhbXBsZSBPcmdhbml6YXRpb24xGzAZBgNVBAMMEmtpYmFuYS5leGFtcGxlLm9y
+ZzEiMCAGCSqGSIb3DQEJARYTZXhhbXBsZUBleGFtcGxlLm9yZzCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAK3AKz7Jq8CGR75NcbuUKiLTJhSS0/TBGA9M
+k+OmradT5qWhFKbxUDoMwT4YpUTzkUGUzkGEVbUsrKK4XaYXldRoHOm8mS0aBErk
+g2ffmpi+TiGk5LHykZ0avmYeEsqVESAjVEMuU3fWJzZd4NfUcTKsBA7Ccqfnb3CB
+TS5fbAz/zw1K//XR5ZNCEBOsFD+0oFGKTNLCeMBCwccFNyVI2mNZpDA++HilNiQj
+TEJytBXGcMVZaS+Tc0vENfVWHAAtVdk8+dd6jkpNnDhK1W1TB7HvhScewyEGh9yb
+cK5asE8TBebEvUIrPaVFz+ef/o3lRev0Gq1QUYAoaG7ps9JlDcsCAwEAAaNQME4w
+HQYDVR0OBBYEFIKSLrYMY9fXpCS7OGnyxhS7JzRrMB8GA1UdIwQYMBaAFIKSLrYM
+Y9fXpCS7OGnyxhS7JzRrMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB
+ABiu7+GH8WGNPqPUUHP17HHYK41xAyYoKSzCrELKmFLphYhnUQA6EeBY8rjYr3X0
+Z2O0F9J6Cik/kG/uBYW0Oi8PQ0EeSZwzvd+CsAc2EJAryOBpafWRXa2XrOtFkKjq
+jKWHSa0QJsBALiu8+JVfcwXYshbhmdVBxrktxMoY9WpGI7EcZkf77SW5enY4LtSF
+wuRr2lv29YADsa/Q7JV2I4oAbWUjW3513mR5JsefHPk7hXZbRCXqUxFTmWpnDomF
+HDeEDAdSgMgzODnbU/qHI9tmP6iDaCTz/eVfyCMKGYA0oIX1j5GdJ6HXK1OHafJK
+W/M9gDRhQKU0bTXC2CoEOAs=
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCtwCs+yavAhke+
+TXG7lCoi0yYUktP0wRgPTJPjpq2nU+aloRSm8VA6DME+GKVE85FBlM5BhFW1LKyi
+uF2mF5XUaBzpvJktGgRK5INn35qYvk4hpOSx8pGdGr5mHhLKlREgI1RDLlN31ic2
+XeDX1HEyrAQOwnKn529wgU0uX2wM/88NSv/10eWTQhATrBQ/tKBRikzSwnjAQsHH
+BTclSNpjWaQwPvh4pTYkI0xCcrQVxnDFWWkvk3NLxDX1VhwALVXZPPnXeo5KTZw4
+StVtUwex74UnHsMhBofcm3CuWrBPEwXmxL1CKz2lRc/nn/6N5UXr9BqtUFGAKGhu
+6bPSZQ3LAgMBAAECggEAKE5S+d7ItAGydOf8QTpux+NZix5Agx+kGDB4gi/xSsbA
+051ZcBy8sqqwzVnkROmHwcHmUvaC92NkrN6+AsCn5j08r9ArbHYDlugJv7f0YgiL
+kWxyDQGrW9mPX5sMWuhXr6/iZS9C96K7N/ZxKUBD/jA/RLlA5chfZqboI6DJLP5s
+u03ZW4toaGItLZtPxF07eElE4MGG/TbkoBZ5t79Y98TJP2oO95IpPQa8omqQcDEM
+w0DsbV/dJV9AtyZBfmIRNaG5beiIUH26OQzUJP7FP2eIN4F/CAXLdlMnHtQA1XJz
+QRwMxbfBQ+JfKD7YWedqivrjR0iPMx80M4HSU9DFaQKBgQDa+7F7zDRy4WU0GtfP
+g+ArDUMjQv5pTXA0b2hKjHJRXM3LVo5qNJYWlirHtPjkVL4BJSY+iVl9/lfV2Xrf
+gDXQLcUhABx5HNzZ5p+NyDHWrpZamFkfw9wLwQHXZGG8I+dla/iToHRWEH2QYxdz
+VvfntpyE7XbxzhPPiS5haHGerwKBgQDLHxPn/jm2dSHa6jAidJXFJCMblcDuwIBy
+7Cm7vnRro9Mbx/hZkRPXYWHQ/4WEVlWO9Sgkf4ambPSmdFg8ksQwBBd+l3K5K4Un
+2AIL/PqgZg+anoEYYn1sqiWSc+YiO2GiRaHh5wOWtekEBBH9HcYkmKIXm3JHVdSw
+SpQsryxppQKBgDi7qqDLJ+93a7PTHIRbwzEEL5esHKOFd4NuNZPSzS89HugGVcE4
+PIY/g3fX7/+f4NYFHOJozTGyOmlh/c53tfloUkEZeUb7blBZyo5+BkN7WeLAw55S
+LOkyqNp33EZU+vcwwObmVB2UCiPlOEceif2TNvvNVdqRrFpBTS3ZVE5rAoGAJivk
+9cgU2HESt60i9paqPq4X2us9oqCSgwZWoW2dO01CMwpVZZ+Z9vPaCgi68q+2zHLN
+5G4Cw+vd3honKtr5+3wJXkTfzmSbVW2GlPIpt1L2w7vdztNTdsRS4z7clLpMEs67
+KVTcm8n7zEFnkAW0YtQ8Qet4gmdi3O5nAi65TfECgYEA0Pw2X4R37IrYM7tFDJSz
+zDF4mRmk2qfhHBd8IaIDBpsXSgLcVRduro4HBzf/JeCt8rvw3VMLEFyqwyszpHro
+xNnqPvbMPMCtOvUcr1VtXnO7CzaFNCJrfjYdV8vmDgvbYmBEHzG+LGbnVZIBUhQa
+igVjtqU1uT83+VpR703IcBI=
+-----END PRIVATE KEY-----
--- /dev/null
+#!/bin/bash
+
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+mkdir -p /usr/share/kibana/auth
+chmod 0777 /usr/share/kibana/auth
+
+cp /opt/app/auth/* /usr/share/kibana/auth/.
+
+chmod 0400 /usr/share/kibana/auth/*
+
+/usr/share/kibana/node/bin/node --no-warnings /usr/share/kibana/src/cli --cpu.cgroup.path.override=/ --cpuacct.cgroup.path.override=/
elasticsearch.password: "changeme"
# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
# These settings enable SSL for outgoing requests from the Kibana server to the browser.
-#server.ssl.enabled: $server_ssl_enabled
-#server.ssl.certificate: $server_ssl_certificate
-#server.ssl.key: $server_ssl_key
+server.ssl.enabled: {{.Values.config.serverSslEnabled}}
+server.ssl.certificate: {{.Values.config.serverSslCertificate}}
+server.ssl.key: {{.Values.config.serverSslKey}}
# Optional settings that provide the paths to the PEM-format SSL certificate and key files.
# These files validate that your Elasticsearch backend uses the same key files.
namespace: {{ include "common.namespace" . }}
data:
{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-auth
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/auth/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-bin
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/bin/*").AsConfig . | indent 2 }}
- name: {{ include "common.name" . }}
image: "{{ .Values.global.loggingRepository | default .Values.loggingRepository }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command: ["/bin/bash"]
+ args: ["-c", "/opt/app/bin/kibana_start.sh"]
ports:
- containerPort: {{ .Values.service.internalPort }}
name: {{ .Values.service.name }}
readinessProbe:
httpGet:
path: "/"
+ scheme: "HTTPS"
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
livenessProbe:
httpGet:
path: "/"
+ scheme: "HTTPS"
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
- - mountPath: /usr/share/kibana/config/
+ - mountPath: /usr/share/kibana/config
name: {{ include "common.fullname" . }}
+ - mountPath: /opt/app/auth
+ name: {{ include "common.fullname" . }}-auth
+ - mountPath: /opt/app/bin
+ name: {{ include "common.fullname" . }}-bin
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
- key: kibana.yml
path: kibana.yml
- key: default.json
- path: default.json
+ path: default.json
- key: validationsDump.json
path: validationsDump.json
- key: violationsDump.json
path: violationsDump.json
- key: default-mapping.json
- path: default-mapping.json
+ path: default-mapping.json
+ - name: {{ include "common.fullname" . }}-auth
+ configMap:
+ name: {{ include "common.fullname" . }}-auth
+ defaultMode: 0777
+ - name: {{ include "common.fullname" . }}-bin
+ configMap:
+ name: {{ include "common.fullname" . }}-bin
+ defaultMode: 0777
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
elasticsearchServiceName: pomba-es
elasticsearchPort: 9200
+ #Enable HTTPS
+ serverSslEnabled: true
+ serverSslCertificate: /usr/share/kibana/auth/pomba.crt.pem
+ serverSslKey: /usr/share/kibana/auth/pomba.key.pem
+
# default number of instances
replicaCount: 1
small:
limits:
cpu: 2
- memory: 1200Mi
+ memory: 1600Mi
requests:
cpu: 1
- memory: 600Mi
+ memory: 800Mi
large:
limits:
cpu: 4
- memory: 2400Mi
+ memory: 3200Mi
requests:
cpu: 2
- memory: 1200Mi
+ memory: 1600Mi
unlimited: {}
#Servlet context parameters
server.context_parameters.p-name=value #context parameter with p-name as key and value as value.
+#Enable HTTPS
+server.port={{ .Values.config.serverSslPort }}
+server.ssl.key-store={{ .Values.config.serverSslKeyStore }}
+server.ssl.key-store-password={{ .Values.config.serverSslKeyStorePassword }}
+server.ssl.client-auth={{ .Values.config.serverSslClientAuth }}
+server.ssl.enabled={{ .Values.config.serverSslEnabled }}
+server.ssl.enabled-protocols={{ .Values.config.serverSslEnabledProtocols }}
+
# Basic Authentication
basicAuth.username={{ .Values.config.networkDiscoveryUserId }}
basicAuth.password={{ .Values.config.networkDiscoveryPassword }}
-enricher.types = vserver, l3-network
-enricher.type.vserver.url = /enricher/v11/cloud-infrastructure/vservers/vserver/{0}?sot=!aai
-enricher.type.l3-network.url = /enricher/v11/network/l3-networks/l3-network/{0}?sot=!aai
-
-# Mapping from Enricher Attribute name to POMBA Attribute name in the format
-# <Enricher Attribute Name>:<Pomba Attribute Name>; and separated by semicolon ";"
-# for example,
-# vserser-id:id;
-# means Attribute name "vserver-id" from Enricher will be converted to "id" in POMBA.
-enricher.attributeNameMappingList=Id:id;id:id;vserver-id:id;name:name;locked:inMaintenance; \
- hostname:hostName;status:status;vm_state:vmState;vm-state:vmState;admin_state_up:adminState; \
- favor.disk:flavorDisk;flavor.ephemeral:flavorEphemoral;flavor.extra_specs.hw.cpu_model:flavorHwCpuModel; \
- flavor.extra_specs.hw.cpu_policy:flavorHwCpuPolicy;flavor.extra_specs.hw.mem_page_size:flavorHwMemPageSize; \
- flavor.original_name:flavorOriginalName;flavor.ram:flavorRam;flavor.swap:flavorSwag;flavorvcpus:flavorVcpus; \
- image.id:imageId;hostId:hostId;host:host;host_status:hostStatus;security_group.name:securityGroupName; \
- serverName:serverName;metadata.myservername:otherServerName;shared:sharedNetwork;subnets:subnets; \
- userId:userId;tenant_id:tenantId
+openstack.identity.url ={{ .Values.config.openstackIdentityUrl }}
+openstack.identity.user ={{ .Values.config.openstackUserId }}
+openstack.identity.password ={{ .Values.config.openstackPassword }}
+
+openstack.types = vserver, l3-network
+openstack.type.vserver.url = {{ .Values.config.openstackTypeVserverUrl }}
+openstack.type.l3-network.url = {{ .Values.config.openstackTypeL3NetworkUrl }}
+
+openstack.api.microversion = 2.42
+
-<configuration>\r
- <property name="p_tim" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}"/>\r
- <property name="p_lvl" value="%level"/>\r
- <property name="p_log" value="%logger"/>\r
- <property name="p_mdc" value="%replace(%replace(%mdc){'\t','\\\\t'}){'\n', '\\\\n'}"/>\r
- <property name="p_msg" value="%replace(%replace(%msg){'\t', '\\\\t'}){'\n','\\\\n'}"/>\r
- <property name="p_exc" value="%replace(%replace(%rootException){'\t', '\\\\t'}){'\n','\\\\n'}"/>\r
- <!-- tabs -->\r
- <property name="p_mak" value="%replace(%replace(%marker){'\t', '\\\\t'}){'\n','\\\\n'}"/>\r
- <property name="p_thr" value="%thread"/>\r
- <property name="pattern" value="%nopexception${p_tim}\t${p_thr}\t${p_lvl}\t${p_log}\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n"/>\r
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">\r
- <encoder>\r
- <pattern>${pattern}</pattern>\r
- </encoder>\r
- </appender>\r
- <appender name="FILE" class="ch.qos.logback.core.FileAppender">\r
- <file>output.log</file>\r
- <encoder>\r
- <pattern>${pattern}</pattern>\r
- </encoder>\r
- </appender>\r
- <logger level="INFO" name="org.onap.logging.ref.slf4j" additivity="false">\r
- <appender-ref ref="STDOUT" />\r
- <appender-ref ref="FILE" />\r
- </logger>\r
- <root level="INFO">\r
- <appender-ref ref="STDOUT" />\r
- </root>\r
-</configuration>\r
+<configuration >
+ <property name="p_tim" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}"/>
+ <property name="p_lvl" value="%level"/>
+ <property name="p_log" value="%logger"/>
+ <property name="p_mdc" value="%replace(%replace(%mdc){'\t','\\\\t'}){'\n', '\\\\n'}"/>
+ <property name="p_msg" value="%replace(%replace(%msg){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+ <property name="p_exc" value="%replace(%replace(%rootException){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+ <!-- tabs -->
+ <property name="p_mak" value="%replace(%replace(%marker){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+ <property name="p_thr" value="%thread"/>
+ <property name="pattern" value="%nopexception${p_tim}\t${p_thr}\t${p_lvl}\t${p_log}\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n"/>
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <pattern>${pattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="FILE" class="ch.qos.logback.core.FileAppender">
+ <file>/opt/app/logs/EELF/output.log</file>
+ <encoder>
+ <pattern>${pattern}</pattern>
+ </encoder>
+ </appender>
+ <logger level="INFO" name="org.onap.logging.ref.slf4j" additivity="false">
+ <appender-ref ref="STDOUT" />
+ <appender-ref ref="FILE" />
+ </logger>
+ <root level="info">
+ <appender-ref ref="STDOUT" />
+ <appender-ref ref="FILE" />
+ </root>
+</configuration>
-# Copyright © 2018 Amdocs\r
-#\r
-# Licensed under the Apache License, Version 2.0 (the "License");\r
-# you may not use this file except in compliance with the License.\r
-# You may obtain a copy of the License at\r
-#\r
-# http://www.apache.org/licenses/LICENSE-2.0\r
-#\r
-# Unless required by applicable law or agreed to in writing, software\r
-# distributed under the License is distributed on an "AS IS" BASIS,\r
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
-# See the License for the specific language governing permissions and\r
-# limitations under the License.\r
-#\r
-\r
-apiVersion: v1\r
-kind: ConfigMap\r
-metadata:\r
- name: {{ include "common.fullname" . }}-log\r
- namespace: {{ include "common.namespace" . }}\r
-data:\r
-{{ tpl (.Files.Glob "resources/config/log/logback.xml").AsConfig . | indent 2 }}\r
----\r
-apiVersion: v1\r
-kind: ConfigMap\r
-metadata:\r
- name: {{ include "common.fullname" . }}-configmap\r
- namespace: {{ include "common.namespace" . }}\r
-data:\r
-{{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }}\r
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-log
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }}
-# Copyright © 2018 Amdocs\r
-#\r
-# Licensed under the Apache License, Version 2.0 (the "License");\r
-# you may not use this file except in compliance with the License.\r
-# You may obtain a copy of the License at\r
-#\r
-# http://www.apache.org/licenses/LICENSE-2.0\r
-#\r
-# Unless required by applicable law or agreed to in writing, software\r
-# distributed under the License is distributed on an "AS IS" BASIS,\r
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
-# See the License for the specific language governing permissions and\r
-# limitations under the License.\r
-\r
-apiVersion: extensions/v1beta1\r
-kind: Deployment\r
-metadata:\r
- name: {{ include "common.fullname" . }}\r
- namespace: {{ include "common.namespace" . }}\r
- labels:\r
- app: {{ include "common.name" . }}\r
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}\r
- release: {{ .Release.Name }}\r
- heritage: {{ .Release.Service }}\r
-spec:\r
- replicas: {{ .Values.replicaCount }}\r
- template:\r
- metadata:\r
- labels:\r
- app: {{ include "common.name" . }}\r
- release: {{ .Release.Name }}\r
- spec:\r
- containers:\r
- - name: {{ include "common.name" . }}\r
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"\r
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}\r
- ports:\r
- - containerPort: {{ .Values.service.internalPort }}\r
- # disable liveness probe when breakpoints set in debugger\r
- # so K8s doesn't restart unresponsive container\r
- {{ if .Values.liveness.enabled }}\r
- livenessProbe:\r
- tcpSocket:\r
- port: {{ .Values.service.internalPort }}\r
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}\r
- periodSeconds: {{ .Values.liveness.periodSeconds }}\r
- {{ end }}\r
- readinessProbe:\r
- tcpSocket:\r
- port: {{ .Values.service.internalPort }}\r
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}\r
- periodSeconds: {{ .Values.readiness.periodSeconds }}\r
- env:\r
- volumeMounts:\r
- - mountPath: /etc/localtime\r
- name: localtime\r
- readOnly: true\r
- - name: {{ include "common.fullname" . }}-logs\r
- mountPath: /var/log/onap\r
- - mountPath: /opt/app/config/logback.xml\r
- name: {{ include "common.fullname" . }}-log-conf\r
- subPath: logback.xml\r
- - mountPath: /opt/app/config/application.properties\r
- name: {{ include "common.fullname" . }}-config\r
- subPath: application.properties\r
- readOnly: true\r
- - mountPath: /opt/app/config/auth/enricher-client-cert.p12\r
- name: {{ include "common.fullname" . }}-auth-secret\r
- subPath: enricher-client-cert.p12\r
- readOnly: true\r
-\r
- resources:\r
-{{ include "common.resources" . | indent 12 }}\r
- {{- if .Values.nodeSelector }}\r
- nodeSelector:\r
-{{ toYaml .Values.nodeSelector | indent 10 }}\r
- {{- end -}}\r
- {{- if .Values.affinity }}\r
- affinity:\r
-{{ toYaml .Values.affinity | indent 10 }}\r
- {{- end }}\r
-\r
- # Filebeat sidecar container\r
- - name: {{ include "common.name" . }}-filebeat-onap\r
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"\r
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}\r
- volumeMounts:\r
- - name: {{ include "common.fullname" . }}-filebeat-conf\r
- mountPath: /usr/share/filebeat/filebeat.yml\r
- subPath: filebeat.yml\r
- - name: {{ include "common.fullname" . }}-data-filebeat\r
- mountPath: /usr/share/filebeat/data\r
- - name: {{ include "common.fullname" . }}-logs\r
- mountPath: /var/log/onap\r
-\r
- volumes:\r
- - name: localtime\r
- hostPath:\r
- path: /etc/localtime\r
- - name: {{ include "common.fullname" . }}-logs\r
- emptyDir: {}\r
- - name: {{ include "common.fullname" . }}-log-conf\r
- configMap:\r
- name: {{ include "common.fullname" . }}-log\r
- - name: {{ include "common.fullname" . }}-config\r
- configMap:\r
- name: {{ include "common.fullname" . }}-configmap\r
- - name: {{ include "common.fullname" . }}-auth-secret\r
- secret:\r
- secretName: {{ include "common.fullname" . }}-auth\r
- - name: {{ include "common.fullname" . }}-filebeat-conf\r
- configMap:\r
- name: {{ .Release.Name }}-pomba-filebeat-configmap\r
- - name: {{ include "common.fullname" . }}-data-filebeat\r
- emptyDir: {}\r
-\r
- imagePullSecrets:\r
- - name: "{{ include "common.namespace" . }}-docker-registry-key"\r
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
+ spec:
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{ if .Values.liveness.enabled }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /opt/app/logs
+ readOnly: false
+ - mountPath: /opt/app/config/logback.xml
+ name: {{ include "common.fullname" . }}-log-conf
+ subPath: logback.xml
+ - mountPath: /opt/app/config/application.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: application.properties
+ readOnly: true
+ - mountPath: /opt/app/config/auth/client-cert-onap.p12
+ name: {{ include "common.fullname" . }}-auth-secret
+ subPath: client-cert-onap.p12
+ readOnly: true
+ - mountPath: /opt/app/config/auth/tomcat_keystore
+ name: {{ include "common.fullname" . }}-auth-secret
+ subPath: tomcat_keystore
+ readOnly: true
+ - name: {{ include "common.fullname" . }}-logs-eelf
+ mountPath: /opt/app/logs/EELF
+ readOnly: false
+
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+
+ # Filebeat sidecar container
+ - name: {{ include "common.name" . }}-filebeat-onap
+ image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ mountPath: /usr/share/filebeat/data
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /opt/app/logs
+
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-log-conf
+ configMap:
+ name: {{ include "common.fullname" . }}-log
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}-configmap
+ - name: {{ include "common.fullname" . }}-auth-secret
+ secret:
+ secretName: {{ include "common.fullname" . }}-auth
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ configMap:
+ name: {{ .Release.Name }}-pomba-filebeat-configmap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logs-eelf
+ emptyDir: {}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
ports:\r
{{if eq .Values.service.type "NodePort" -}}\r
- port: {{ .Values.service.externalPort }}\r
- #Example internal target port if required\r
- #targetPort: {{ .Values.service.internalPort }}\r
+ targetPort: {{ .Values.service.internalPort }}\r
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}\r
name: {{ .Values.service.portName | default "http" }}\r
{{- else -}}\r
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/network-discovery:latest
+image: onap/network-discovery:1.4.1-latest
pullPolicy: Always
# flag to enable debugging - application support required
# Example:
config:
# Network Discovery Micro Service REST Client Configuration
+
+ #Enable HTTPS
+ serverSslPort: 8443
+ serverSslKeyStore: /opt/app/config/auth/tomcat_keystore
+ serverSslKeyStorePassword: password(OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10)
+ serverSslClientAuth: want
+ serverSslEnabled: true
+ serverSslEnabledProtocols: TLSv1.1,TLSv1.2
+
# Basic Authorization credentials for Network Discovery Micro Service Rest Service
networkDiscoveryUserId: admin
networkDiscoveryPassword: OBF:1u2a1toa1w8v1tok1u30
+ # Basic Authorization credentials for Openstack Rest APIs
+ openstackIdentityUrl: http://10.69.36.11:5000/v3/auth/tokens
+ openstackUserId: admin
+ openstackPassword: OBF:1w951ugg1vun1uha1w8l
+
+ # Openstack Rest API URLs:
+ openstackTypeVserverUrl: http://10.69.36.11:8774/v2.1/servers/{0}
+ openstackTypeL3NetworkUrl: http://10.69.36.11:9696/v2.0/networks/{0}
+
# default number of instances
replicaCount: 1
#Services may use any combination of ports depending on the 'type' of
#service being defined.
- type: ClusterIP
+ type: NodePort
+ name: pomba-networkdiscovery
externalPort: 9531
- internalPort: 8080
-# nodePort: <replace with unused node port suffix eg. 23>
- # optional port name override - default can be defined in service.yaml
- #portName: http
+ internalPort: 8443
+ nodePort: 99
+ portName: https
ingress:
enabled: false
requests:
cpu: 20m
memory: 800Mi
- unlimited: {}
\ No newline at end of file
+ unlimited: {}
-<configuration scan="true" scanPeriod="10 seconds" debug="false">
- <jmxConfigurator />
- <property file="/opt/app/config/application.properties" />
- <property name="logDirectory" value="/var/log/onap/pomba-networkdiscoveryctxbuilder" />
- <!-- Example evaluator filter applied against console appender -->
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
- <!-- filter class="ch.qos.logback.classic.filter.LevelFilter"> <level>ERROR</level>
- <onMatch>ACCEPT</onMatch> <onMismatch>DENY</onMismatch> </filter -->
- <!-- deny all events with a level below INFO, that is TRACE and DEBUG -->
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- <level>INFO</level>
- </filter>
- <encoder>
- <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n
- </pattern>
- </encoder>
- </appender>
-
- <appender name="ERROR"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- <level>INFO</level>
- </filter>
- <file>${logDirectory}/error.log</file>
- <append>true</append>
- <encoder>
- <pattern>%date{"yyyy-MM-dd'T'HH:mm:ss,SSSXXX", UTC}|%X{RequestId}|%.20thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%.-5level|%X{ErrorCode}|%X{ErrorDescription}|%msg%n</pattern>
- </encoder>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
- <maxIndex>10</maxIndex>
- <FileNamePattern>${logDirectory}/error.%i.log.zip
- </FileNamePattern>
- </rollingPolicy>
- <triggeringPolicy
- class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
- <maxFileSize>10MB</maxFileSize>
- </triggeringPolicy>
- </appender>
-
- <appender name="DEBUG"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/debug.log</file>
- <append>true</append>
- <encoder>
- <pattern>%date{"yyyy-MM-dd'T'HH:mm:ss,SSSXXX",UTC}|%X{RequestId}|%.20thread|%.-5level|%logger{36}|%msg%n</pattern>
- </encoder>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/debug.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>10MB</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>5</maxHistory>
- </rollingPolicy>
- </appender>
-
- <appender name="AUDIT"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/audit.log</file>
- <append>true</append>
- <encoder>
- <pattern>%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%.20thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}|%msg%n
- </pattern>
- </encoder>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
- <maxIndex>10</maxIndex>
- <FileNamePattern>${logDirectory}/audit.%i.log.zip
- </FileNamePattern>
- </rollingPolicy>
- <triggeringPolicy
- class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
- <maxFileSize>10MB</maxFileSize>
- </triggeringPolicy>
- </appender>
- <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize>
- <appender-ref ref="AUDIT" />
- </appender>
-
- <appender name="METRIC"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/metric.log</file>
- <append>true</append>
- <encoder>
- <pattern>%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%.20thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{TargetVirtualEntity}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}|
- %msg%n</pattern>
- </encoder>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
- <maxIndex>10</maxIndex>
- <FileNamePattern>${logDirectory}/metric.%i.log.zip
- </FileNamePattern>
- </rollingPolicy>
- <triggeringPolicy
- class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
- <maxFileSize>10MB</maxFileSize>
- </triggeringPolicy>
- </appender>
- <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize>
- <appender-ref ref="METRIC" />
- </appender>
-
- <!-- SECURITY related loggers -->
- <appender name="SECURITY"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/security.log</file>
- <append>true</append>
- <encoder>
- <pattern>%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%.20thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}|%msg%n
- </pattern>
- </encoder>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
- <maxIndex>10</maxIndex>
- <FileNamePattern>${logDirectory}/security.%i.log.zip
- </FileNamePattern>
- </rollingPolicy>
- <triggeringPolicy
- class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
- <maxFileSize>10MB</maxFileSize>
- </triggeringPolicy>
- </appender>
- <appender name="asyncEELFSecurity" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize>
- <appender-ref ref="SECURITY" />
- </appender>
-
- <!-- CLDS related loggers -->
- <logger name="org.onap.pomba.clds" level="INFO" additivity="true">
- <appender-ref ref="ERROR" />
- </logger>
-
- <!-- CLDS related loggers -->
- <logger name="com.att.eelf.error" level="OFF" additivity="true">
- <appender-ref ref="ERROR" />
- </logger>
- <!-- EELF related loggers -->
- <logger name="com.att.eelf.audit" level="INFO" additivity="false">
- <appender-ref ref="asyncEELFAudit" />
- </logger>
- <logger name="com.att.eelf.metrics" level="DEBUG" additivity="false">
- <appender-ref ref="asyncEELFMetrics" />
- </logger>
- <logger name="com.att.eelf.security" level="DEBUG" additivity="false">
- <appender-ref ref="asyncEELFSecurity" />
- </logger>
-
-
- <!-- Spring related loggers -->
- <logger name="org.springframework" level="WARN" />
- <logger name="org.springframework.beans" level="WARN" />
- <logger name="org.springframework.web" level="WARN" />
- <logger name="com.blog.spring.jms" level="WARN" />
-
- <!-- Other Loggers that may help troubleshoot -->
- <logger name="net.sf" level="WARN" />
- <logger name="org.apache.commons.httpclient" level="WARN" />
- <logger name="org.apache.commons" level="WARN" />
- <logger name="org.apache.coyote" level="WARN" />
- <logger name="org.apache.jasper" level="WARN" />
-
- <!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging.
- May aid in troubleshooting) -->
- <logger name="org.apache.camel" level="WARN" />
- <logger name="org.apache.cxf" level="WARN" />
- <logger name="org.apache.camel.processor.interceptor" level="WARN" />
- <logger name="org.apache.cxf.jaxrs.interceptor" level="WARN" />
- <logger name="org.apache.cxf.service" level="WARN" />
- <logger name="org.restlet" level="DEBUG" />
- <logger name="org.apache.camel.component.restlet" level="DEBUG" />
-
- <!-- logback internals logging -->
- <logger name="ch.qos.logback.classic" level="INFO" />
- <logger name="ch.qos.logback.core" level="INFO" />
-
- <!-- logback jms appenders & loggers definition starts here -->
- <!-- logback jms appenders & loggers definition starts here -->
- <appender name="auditLogs"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- </filter>
- <file>${logDirectory}/Audit.log</file>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
- <fileNamePattern>${logDirectory}/Audit.%i.log.zip
- </fileNamePattern>
- <minIndex>1</minIndex>
- <maxIndex>9</maxIndex>
- </rollingPolicy>
- <triggeringPolicy
- class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
- <maxFileSize>5MB</maxFileSize>
- </triggeringPolicy>
- <encoder>
- <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
- </encoder>
- </appender>
- <appender name="perfLogs"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- </filter>
- <file>${logDirectory}/Perform.log</file>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
- <fileNamePattern>${logDirectory}/Perform.%i.log.zip
- </fileNamePattern>
- <minIndex>1</minIndex>
- <maxIndex>9</maxIndex>
- </rollingPolicy>
- <triggeringPolicy
- class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
- <maxFileSize>5MB</maxFileSize>
- </triggeringPolicy>
- <encoder>
- <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
- </encoder>
- </appender>
- <logger name="AuditRecord" level="INFO" additivity="FALSE">
- <appender-ref ref="auditLogs" />
- </logger>
- <logger name="AuditRecord_DirectCall" level="INFO" additivity="FALSE">
- <appender-ref ref="auditLogs" />
- </logger>
- <logger name="PerfTrackerRecord" level="INFO" additivity="FALSE">
- <appender-ref ref="perfLogs" />
- </logger>
- <!-- logback jms appenders & loggers definition ends here -->
-
- <root level="WARN">
- <appender-ref ref="DEBUG" />
- <appender-ref ref="STDOUT" />
- </root>
-
+<configuration >
+ <property name="p_tim" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}"/>
+ <property name="p_lvl" value="%level"/>
+ <property name="p_log" value="%logger"/>
+ <property name="p_mdc" value="%replace(%replace(%mdc){'\t','\\\\t'}){'\n', '\\\\n'}"/>
+ <property name="p_msg" value="%replace(%replace(%msg){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+ <property name="p_exc" value="%replace(%replace(%rootException){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+ <!-- tabs -->
+ <property name="p_mak" value="%replace(%replace(%marker){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+ <property name="p_thr" value="%thread"/>
+ <property name="pattern" value="%nopexception${p_tim}\t${p_thr}\t${p_lvl}\t${p_log}\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n"/>
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <pattern>${pattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="FILE" class="ch.qos.logback.core.FileAppender">
+ <file>/opt/app/logs/EELF/output.log</file>
+ <encoder>
+ <pattern>${pattern}</pattern>
+ </encoder>
+ </appender>
+ <logger level="INFO" name="org.onap.logging.ref.slf4j" additivity="false">
+ <appender-ref ref="STDOUT" />
+ <appender-ref ref="FILE" />
+ </logger>
+ <root level="info">
+ <appender-ref ref="STDOUT" />
+ <appender-ref ref="FILE" />
+ </root>
</configuration>
name: localtime
readOnly: true
- name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
+ mountPath: /opt/app/logs
+ readOnly: false
- mountPath: /opt/app/config/logback.xml
name: {{ include "common.fullname" . }}-log-conf
subPath: logback.xml
name: {{ include "common.fullname" . }}-config
readOnly: true
subPath: application.properties
+ - name: {{ include "common.fullname" . }}-logs-eelf
+ mountPath: /opt/app/logs/EELF
+ readOnly: false
resources:
{{ include "common.resources" . | indent 12 }}
- name: {{ include "common.fullname" . }}-data-filebeat
mountPath: /usr/share/filebeat/data
- name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
+ mountPath: /opt/app/logs
volumes:
- name: localtime
emptyDir: {}
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
-
-
+ - name: {{ include "common.fullname" . }}-logs-eelf
+ emptyDir: {}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/pomba-network-discovery-context-builder:1.3.1
+image: onap/pomba-network-discovery-context-builder:1.4.0-SNAPSHOT-latest
pullPolicy: Always
# flag to enable debugging - application support required
# Network Discovery Micro Service REST Client Configuration
networkDiscoveryServiceName: pomba-networkdiscovery
networkDiscoveryPort: 9531
- networkDiscoveryHttpProtocol: http
+ networkDiscoveryHttpProtocol: https
networkDiscoveryPath: /network-discovery/v1/network/resource
# Wait for Network Discovery MicroService response in milliseconds
networkDiscoveryTimeOutInMilliseconds: 60000
requests:
cpu: 200m
memory: 800Mi
- unlimited: {}
\ No newline at end of file
+ unlimited: {}
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
--- /dev/null
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP POMBA SDNC Context Builder
+name: pomba-sdncctxbuilder
+version: 3.0.0
--- /dev/null
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~3.0.0
+ repository: '@local'
--- /dev/null
+# Copyright © 2019 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License
+
+spring.jersey.type=filter
+spring.mvc.urls=swagger,docs,prometheus,auditevents,info,heapdump,autoconfig,beans,loggers,dump,env,trace,health,configprops,mappings,metrics,webjars
+camel.springboot.xmlRoutes = file:config/dynamic/routes/*.route
+service.xml.beans = config/dynamic/conf/*.xml
+
+server.contextPath=/sdnccontextbuilder/v1
+spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration
+
+#This property is used to set the Tomcat connector attributes.developers can define multiple attributes separated by comma
+#tomcat.connector.attributes=allowTrace-true
+#The max number of active threads in this pool
+server.tomcat.max-threads=200
+#The minimum number of threads always kept alive
+server.tomcat.min-spare-threads=25
+
+# Basic Authorization credentials for SDNC Context Builder REST Service
+sdncCtxBuilder.userId={{ .Values.config.sdncCtxBuilderUserId }}
+sdncCtxBuilder.password={{ .Values.config.sdncCtxBuilderPassword }}
+
+# AAI REST Client Configuration
+aai.serviceName={{ .Values.config.aaiServiceName }}.{{.Release.Namespace}}
+aai.servicePort={{ .Values.config.aaiPort }}
+# AAI APIs authentication mode. Valid values: [basic_auth, client_cert]
+aai.authentication=basic_auth
+aai.trustStorePath=n/a
+aai.keyStorePath=n/a
+aai.keyStorePassword=n/a
+aai.username={{ .Values.config.aaiUsername }}
+aai.password={{ .Values.config.aaiPassword }}
+aai.httpProtocol={{ .Values.config.aaiHttpProtocol }}
+aai.authentication={{ .Values.config.aaiAuthentication }}
+aai.trustStorePath={{ .Values.config.aaiTrustStorePath }}
+aai.keyStorePath={{ .Values.config.aaiKeyStorePath }}
+aai.keyStorePassword={{ .Values.config.aaiKeyStorePassword }}
+aai.connectionTimeout={{ .Values.config.aaiConnectionTimeout }}
+aai.readTimeout={{ .Values.config.aaiReadTimeout }}
+
+# HTTP Basic Authorization credentials for AAI Rest Service API
+aai.http.userId={{ .Values.config.aaiHttpUserId }}
+aai.http.password={{ .Values.config.aaiHttpPassword }}
+
+aai.searchNodeQuery=/aai/v11/search/nodes-query?search-node-type=service-instance&filter=service-instance-id:EQUALS:
+aai.customerQuery=/aai/v11/business/customers/customer/
+aai.serviceInstancePath=/aai/v11/business/customers/customer/{0}/service-subscriptions/service-subscription/{1}/service-instances/service-instance/{2}
+
+# SDNC REST Client Configuration
+sdnc.serviceName={{ .Values.config.sdncServiceName }}.{{.Release.Namespace}}
+sdnc.servicePort={{ .Values.config.sdncPort }}
+sdnc.user={{ .Values.config.sdncUsername }}
+sdnc.password={{ .Values.config.sdncPassword }}
+sdnc.httpProtocol={{ .Values.config.sdncHttpProtocol }}
+sdnc.connectionTimeout={{ .Values.config.sdncConnectionTimeout }}
+sdnc.readTimeout={{ .Values.config.sdncReadTimeout }}
+sdnc.genericResourcePath=/restconf/config/GENERIC-RESOURCE-API:services/service/{0}
+sdnc.vnfPath=/restconf/config/VNF-API:vnfs/vnf-list/{0}
+
+#Servlet context parameters
+server.context_parameters.p-name=value #context parameter with p-name as key and value as value.
--- /dev/null
+<configuration scan="true" scanPeriod="10 seconds" debug="false">
+ <jmxConfigurator />
+ <property name="logDirectory" value="/var/log/onap/pomba-sdncctxbuilder" />
+ <!-- Example evaluator filter applied against console appender -->
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <!-- filter class="ch.qos.logback.classic.filter.LevelFilter"> <level>ERROR</level>
+ <onMatch>ACCEPT</onMatch> <onMismatch>DENY</onMismatch> </filter -->
+ <!-- deny all events with a level below INFO, that is TRACE and DEBUG -->
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>INFO</level>
+ </filter>
+ <encoder>
+ <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n
+ </pattern>
+ </encoder>
+ </appender>
+
+ <appender name="ERROR"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>INFO</level>
+ </filter>
+ <file>${logDirectory}/error.log</file>
+ <append>true</append>
+ <encoder>
+ <pattern>%date{"yyyy-MM-dd'T'HH:mm:ss,SSSXXX", UTC}|%X{RequestId}|%.20thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%.-5level|%X{ErrorCode}|%X{ErrorDescription}|%msg%n</pattern>
+ </encoder>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <maxIndex>10</maxIndex>
+ <FileNamePattern>${logDirectory}/error.%i.log.zip
+ </FileNamePattern>
+ </rollingPolicy>
+ <triggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>10MB</maxFileSize>
+ </triggeringPolicy>
+ </appender>
+
+ <appender name="DEBUG"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/debug.log</file>
+ <append>true</append>
+ <encoder>
+ <pattern>%date{"yyyy-MM-dd'T'HH:mm:ss,SSSXXX",UTC}|%X{RequestId}|%.20thread|%.-5level|%logger{36}|%msg%n</pattern>
+ </encoder>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/debug.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
+ <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
+ <maxFileSize>10MB</maxFileSize>
+ </timeBasedFileNamingAndTriggeringPolicy>
+ <maxHistory>5</maxHistory>
+ </rollingPolicy>
+ </appender>
+
+ <appender name="AUDIT"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/audit.log</file>
+ <append>true</append>
+ <encoder>
+ <pattern>%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%.20thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}|%msg%n
+ </pattern>
+ </encoder>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <maxIndex>10</maxIndex>
+ <FileNamePattern>${logDirectory}/audit.%i.log.zip
+ </FileNamePattern>
+ </rollingPolicy>
+ <triggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>10MB</maxFileSize>
+ </triggeringPolicy>
+ </appender>
+ <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="AUDIT" />
+ </appender>
+
+ <appender name="METRIC"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/metric.log</file>
+ <append>true</append>
+ <encoder>
+ <pattern>%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%.20thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{TargetVirtualEntity}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}|
+ %msg%n</pattern>
+ </encoder>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <maxIndex>10</maxIndex>
+ <FileNamePattern>${logDirectory}/metric.%i.log.zip
+ </FileNamePattern>
+ </rollingPolicy>
+ <triggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>10MB</maxFileSize>
+ </triggeringPolicy>
+ </appender>
+ <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="METRIC" />
+ </appender>
+
+ <!-- SECURITY related loggers -->
+ <appender name="SECURITY"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/security.log</file>
+ <append>true</append>
+ <encoder>
+ <pattern>%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%.20thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}|%msg%n
+ </pattern>
+ </encoder>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <maxIndex>10</maxIndex>
+ <FileNamePattern>${logDirectory}/security.%i.log.zip
+ </FileNamePattern>
+ </rollingPolicy>
+ <triggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>10MB</maxFileSize>
+ </triggeringPolicy>
+ </appender>
+ <appender name="asyncEELFSecurity" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="SECURITY" />
+ </appender>
+
+ <!-- CLDS related loggers -->
+ <logger name="org.onap.pomba.clds" level="INFO" additivity="true">
+ <appender-ref ref="ERROR" />
+ </logger>
+
+ <!-- CLDS related loggers -->
+ <logger name="com.att.eelf.error" level="OFF" additivity="true">
+ <appender-ref ref="ERROR" />
+ </logger>
+ <!-- EELF related loggers -->
+ <logger name="com.att.eelf.audit" level="INFO" additivity="false">
+ <appender-ref ref="asyncEELFAudit" />
+ </logger>
+ <logger name="com.att.eelf.metrics" level="DEBUG" additivity="false">
+ <appender-ref ref="asyncEELFMetrics" />
+ </logger>
+ <logger name="com.att.eelf.security" level="DEBUG" additivity="false">
+ <appender-ref ref="asyncEELFSecurity" />
+ </logger>
+
+
+ <!-- Spring related loggers -->
+ <logger name="org.springframework" level="WARN" />
+ <logger name="org.springframework.beans" level="WARN" />
+ <logger name="org.springframework.web" level="WARN" />
+ <logger name="com.blog.spring.jms" level="WARN" />
+
+ <!-- Other Loggers that may help troubleshoot -->
+ <logger name="net.sf" level="WARN" />
+ <logger name="org.apache.commons.httpclient" level="WARN" />
+ <logger name="org.apache.commons" level="WARN" />
+ <logger name="org.apache.coyote" level="WARN" />
+ <logger name="org.apache.jasper" level="WARN" />
+
+ <!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging.
+ May aid in troubleshooting) -->
+ <logger name="org.apache.camel" level="WARN" />
+ <logger name="org.apache.cxf" level="WARN" />
+ <logger name="org.apache.camel.processor.interceptor" level="WARN" />
+ <logger name="org.apache.cxf.jaxrs.interceptor" level="WARN" />
+ <logger name="org.apache.cxf.service" level="WARN" />
+ <logger name="org.restlet" level="DEBUG" />
+ <logger name="org.apache.camel.component.restlet" level="DEBUG" />
+
+ <!-- logback internals logging -->
+ <logger name="ch.qos.logback.classic" level="INFO" />
+ <logger name="ch.qos.logback.core" level="INFO" />
+
+ <!-- logback jms appenders & loggers definition starts here -->
+ <!-- logback jms appenders & loggers definition starts here -->
+ <appender name="auditLogs"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ </filter>
+ <file>${logDirectory}/Audit.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <fileNamePattern>${logDirectory}/Audit.%i.log.zip
+ </fileNamePattern>
+ <minIndex>1</minIndex>
+ <maxIndex>9</maxIndex>
+ </rollingPolicy>
+ <triggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>5MB</maxFileSize>
+ </triggeringPolicy>
+ <encoder>
+ <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
+ </encoder>
+ </appender>
+ <appender name="perfLogs"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ </filter>
+ <file>${logDirectory}/Perform.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <fileNamePattern>${logDirectory}/Perform.%i.log.zip
+ </fileNamePattern>
+ <minIndex>1</minIndex>
+ <maxIndex>9</maxIndex>
+ </rollingPolicy>
+ <triggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>5MB</maxFileSize>
+ </triggeringPolicy>
+ <encoder>
+ <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
+ </encoder>
+ </appender>
+ <logger name="AuditRecord" level="INFO" additivity="FALSE">
+ <appender-ref ref="auditLogs" />
+ </logger>
+ <logger name="AuditRecord_DirectCall" level="INFO" additivity="FALSE">
+ <appender-ref ref="auditLogs" />
+ </logger>
+ <logger name="PerfTrackerRecord" level="INFO" additivity="FALSE">
+ <appender-ref ref="perfLogs" />
+ </logger>
+ <!-- logback jms appenders & loggers definition ends here -->
+
+ <root level="WARN">
+ <appender-ref ref="DEBUG" />
+ <appender-ref ref="STDOUT" />
+ </root>
+
+</configuration>
--- /dev/null
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-log
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }}
--- /dev/null
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
+ spec:
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{ if .Values.liveness.enabled }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+ - mountPath: /opt/app/config/logback.xml
+ name: {{ include "common.fullname" . }}-log-conf
+ subPath: logback.xml
+ - mountPath: /opt/app/config/application.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: application.properties
+ readOnly: true
+
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+
+ # Filebeat sidecar container
+ - name: {{ include "common.name" . }}-filebeat-onap
+ image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ mountPath: /usr/share/filebeat/data
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}-configmap
+ - name: {{ include "common.fullname" . }}-log-conf
+ configMap:
+ name: {{ include "common.fullname" . }}-log
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ configMap:
+ name: {{ .Release.Name }}-pomba-filebeat-configmap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
+
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.externalPort }}
+ #Example internal target port if required
+ #targetPort: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName | default "http" }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName | default "http" }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
--- /dev/null
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ repository: nexus3.onap.org:10001
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: nexus3.onap.org:10001
+image: onap/pomba-sdnc-context-builder:1.4.0-SNAPSHOT-latest
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+# Example:
+config:
+ # AAI Rest Client Connection
+ aaiServiceName: aai
+ aaiPort: 8443
+ aaiUsername: AAI
+ aaiPassword: OBF:1gfr1ev31gg7
+ aaiHttpProtocol: https
+ aaiAuthentication: basic_auth
+ aaiTrustStorePath: n/a
+ aaiKeyStorePath: n/a
+ aaiKeyStorePassword: n/a
+ aaiConnectionTimeout: 5000
+ aaiReadTimeout: 5000
+ # HTTP Basic Authorization credentials for Rest Service API
+ aaiHttpUserId: admin
+ aaiHttpPassword: OBF:1u2a1toa1w8v1tok1u30
+ sdncCtxBuilderUserId: admin
+ sdncCtxBuilderPassword: OBF:1u2a1toa1w8v1tok1u30
+
+ # SDNC Rest Client Connection
+ sdncServiceName: sdnc
+ sdncPort: 8282
+ sdncUsername: admin
+ sdncPassword: OBF:1ks51l8d1o3i1pcc1r2r1e211r391kls1pyj1z7u1njf1lx51go21hnj1y0k1mli1sop1k8o1j651vu91mxw1vun1mze1vv11j8x1k5i1sp11mjc1y161hlr1gm41m111nkj1z781pw31kku1r4p1e391r571pbm1o741l4x1ksp
+ sdncHttpProtocol: http
+ sdncConnectionTimeout: 5000
+ sdncReadTimeout: 5000
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 60
+ periodSeconds: 30
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 60
+ periodSeconds: 30
+
+#Example service definition with external, internal and node ports.
+service:
+ # The default service name (exposed in the service.yaml) will be the same
+ # name as the chart. If the service name needs to be overriden (such as
+ # when a subchart is shared), uncomment the value below.
+ #name: <service-name-override>
+
+ #Services may use any combination of ports depending on the 'type' of
+ #service being defined.
+ type: ClusterIP
+ externalPort: 9530
+ internalPort: 8080
+# nodePort: <replace with unused node port suffix eg. 23>
+ # optional port name override - default can be defined in service.yaml
+ #portName: http
+
+ingress:
+ enabled: false
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 800Mi
+ requests:
+ cpu: 100m
+ memory: 400Mi
+ large:
+ limits:
+ cpu: 2
+ memory: 1600Mi
+ requests:
+ cpu: 200m
+ memory: 800Mi
+ unlimited: {}
# AAI REST Client Configuration
aai.serviceName={{ .Values.config.aaiServiceName }}.{{.Release.Namespace}}
aai.servicePort={{ .Values.config.aaiPort }}
+# AAI APIs authentication mode. Valid values: [basic_auth, client_cert]
+aai.authentication=basic_auth
+aai.trustStorePath=n/a
+aai.keyStorePath=n/a
+aai.keyStorePassword=n/a
aai.username={{ .Values.config.aaiUsername }}
aai.password={{ .Values.config.aaiPassword }}
aai.httpProtocol={{ .Values.config.aaiHttpProtocol }}
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/service-decomposition:latest
+image: onap/service-decomposition:1.4.2
pullPolicy: Always
# flag to enable debugging - application support required
attributes 'context-list.ndcb.vfList[*].vfModuleList[*].networkList[*]', 'context-list.aai.vfList[*].vfModuleList[*].networkList[*]'
}
+ // SDNC-AAI comparison: Context level
+ useRule {
+ name 'SDNC-AAI-attribute-comparison'
+ attributes 'context-list.sdnc', 'context-list.aai'
+ }
+
+ // SDNC-AAI comparison: Service entity
+ useRule {
+ name 'SDNC-AAI-attribute-comparison'
+ attributes 'context-list.sdnc.service', 'context-list.aai.service'
+ }
+
+ // SDNC-AAI comparison: VF list
+ useRule {
+ name 'SDNC-AAI-attribute-comparison'
+ attributes 'context-list.sdnc.vfList[*]', 'context-list.aai.vfList[*]'
+ }
+
+ // SDNC-AAI comparison: VF-Module list
+ useRule {
+ name 'SDNC-AAI-attribute-comparison'
+ attributes 'context-list.sdnc.vfList[*].vfModuleList[*]', 'context-list.aai.vfList[*].vfModuleList[*]'
+ }
+
+ // SDNC-AAI comparison: VNFC list
+ useRule {
+ name 'SDNC-AAI-attribute-comparison'
+ attributes 'context-list.sdnc.vfList[*].vnfcList[*]', 'context-list.aai.vfList[*].vnfcList[*]'
+ }
+
+ // SDNC-AAI comparison: VM list
+ useRule {
+ name 'SDNC-AAI-attribute-comparison'
+ attributes 'context-list.sdnc.vfList[*].vfModuleList[*].vmList[*]', 'context-list.aai.vfList[*].vfModuleList[*].vmList[*]'
+ }
+
+ // SDNC-AAI comparison: Network list
+ useRule {
+ name 'SDNC-AAI-attribute-comparison'
+ attributes 'context-list.sdnc.vfList[*].vfModuleList[*].networkList[*]', 'context-list.aai.vfList[*].vfModuleList[*].networkList[*]'
+ }
+
+ // SDNC-NDCB comparison: Context level
+ useRule {
+ name 'SDNC-NDCB-attribute-comparison'
+ attributes 'context-list.sdnc', 'context-list.ndcb'
+ }
+
+ // SDNC-NDCB comparison: Service entity
+ useRule {
+ name 'SDNC-NDCB-attribute-comparison'
+ attributes 'context-list.sdnc.service', 'context-list.ndcb.service'
+ }
+
+ // SDNC-NDCB comparison: VF list
+ useRule {
+ name 'SDNC-NDCB-attribute-comparison'
+ attributes 'context-list.sdnc.vfList[*]', 'context-list.ndcb.vfList[*]'
+ }
+
+ // SDNC-NDCB comparison: VF-Module list
+ useRule {
+ name 'SDNC-NDCB-attribute-comparison'
+ attributes 'context-list.sdnc.vfList[*].vfModuleList[*]', 'context-list.ndcb.vfList[*].vfModuleList[*]'
+ }
+
+ // SDNC-NDCB comparison: VNFC list
+ useRule {
+ name 'SDNC-NDCB-attribute-comparison'
+ attributes 'context-list.sdnc.vfList[*].vnfcList[*]', 'context-list.ndcb.vfList[*].vnfcList[*]'
+ }
+
+ // SDNC-NDCB comparison: VM list
+ useRule {
+ name 'SDNC-NDCB-attribute-comparison'
+ attributes 'context-list.sdnc.vfList[*].vfModuleList[*].vmList[*]', 'context-list.ndcb.vfList[*].vfModuleList[*].vmList[*]'
+ }
+
+ // SDNC-NDCB comparison: Network list
+ useRule {
+ name 'SDNC-NDCB-attribute-comparison'
+ attributes 'context-list.sdnc.vfList[*].vfModuleList[*].networkList[*]', 'context-list.ndcb.vfList[*].vfModuleList[*].networkList[*]'
+ }
+
// SDC-AAI VNFC type
useRule {
name 'SDC-AAI-vnfc-type'
name 'NDCB-AAI-attribute-comparison'
category 'Attribute Mismatch'
description 'Verify that all attributes in Network-Discovery are the same as in AAI'
- errorText 'Error found with attribute "{0}"; value "{1}" does not exist in Network-Discovery'
+ errorText 'Error found with attribute "{0}"; Network-Discovery value does not match AAI value "{1}"'
severity 'ERROR'
attributes 'ndcbItems', 'aaiItems'
validate '''
}
return new Tuple2(result, details)
'''
-}
\ No newline at end of file
+}
+
+rule {
+ name 'SDNC-AAI-attribute-comparison'
+ category 'Attribute Mismatch'
+ description 'Verify that all attributes in SDN-C are the same as in AAI'
+ errorText 'Error found with attribute "{0}"; SDN-C value does not match AAI value "{1}"'
+ severity 'ERROR'
+ attributes 'sdncItems', 'aaiItems'
+ validate '''
+ Closure<java.util.Map> getAttributes = { parsedData ->
+ java.util.Map attributeMap = new java.util.HashMap()
+
+ def isAttributeDataQualityOk = { attribute ->
+ attribute.findResult{ k, v -> if(k.equals("dataQuality") ) {return v.get("status")}}.equals("ok")
+ }
+
+ def addToMap = { attrKey, attrValue ->
+ java.util.Set values = attributeMap.get("$attrKey")
+ if(values == null) {
+ values = new java.util.HashSet()
+ attributeMap.put("$attrKey", values)
+ }
+ values.add("$attrValue")
+ }
+
+ def addAttributeToMap = { attribute ->
+ if(isAttributeDataQualityOk(attribute)) {
+ String key, value
+ attribute.each { k, v ->
+ if(k.equals("name")) {key = "$v"}
+ if(k.equals("value")) {value = "$v"}
+ }
+ addToMap("$key", "$value")
+ }
+ }
+
+ def processKeyValue = { key, value ->
+ if(value instanceof java.util.ArrayList) {
+ if(key.equals("attributeList")) {
+ value.each {
+ addAttributeToMap(it)
+ }
+ }
+ } else if(!(value instanceof groovy.json.internal.LazyMap)) {
+ // only add key-value attributes, skip the rest
+ addToMap("$key", "$value")
+ }
+ }
+
+ if(parsedData instanceof java.util.ArrayList) {
+ parsedData.each {
+ it.each { key, value -> processKeyValue(key, value) }
+ }
+ } else {
+ parsedData.each { key, value -> processKeyValue(key, value) }
+ }
+ return attributeMap
+ }
+
+ def slurper = new groovy.json.JsonSlurper()
+ java.util.Map sdnc = getAttributes(slurper.parseText(sdncItems.toString()))
+ java.util.Map aai = getAttributes(slurper.parseText(aaiItems.toString()))
+
+ boolean result = true
+ List<String> details = new ArrayList<>();
+ sdnc.any{ sdncKey, sdncValueList ->
+ def aaiValueList = aai.get("$sdncKey")
+ aaiValueList.each{ aaiValue ->
+ if(!sdncValueList.any{ it == "$aaiValue" }) {
+ result = false
+ details.add("$sdncKey")
+ details.add("$aaiValue")
+ }
+ }
+ if(result == false) {
+ // break out of 'any' loop
+ return true
+ }
+ }
+ return new Tuple2(result, details)
+ '''
+}
+
+
+rule {
+ name 'SDNC-NDCB-attribute-comparison'
+ category 'Attribute Mismatch'
+ description 'Verify that all attributes in SDN-C are the same as in Network Discovery'
+ errorText 'Error found with attribute "{0}"; SDN-C value does not match Network-Discovery value "{1}"'
+ severity 'ERROR'
+ attributes 'sdncItems', 'ndcbItems'
+ validate '''
+ Closure<java.util.Map> getAttributes = { parsedData ->
+ java.util.Map attributeMap = new java.util.HashMap()
+
+ def isAttributeDataQualityOk = { attribute ->
+ attribute.findResult{ k, v -> if(k.equals("dataQuality") ) {return v.get("status")}}.equals("ok")
+ }
+
+ def addToMap = { attrKey, attrValue ->
+ java.util.Set values = attributeMap.get("$attrKey")
+ if(values == null) {
+ values = new java.util.HashSet()
+ attributeMap.put("$attrKey", values)
+ }
+ values.add("$attrValue")
+ }
+
+ def addAttributeToMap = { attribute ->
+ if(isAttributeDataQualityOk(attribute)) {
+ String key, value
+ attribute.each { k, v ->
+ if(k.equals("name")) {key = "$v"}
+ if(k.equals("value")) {value = "$v"}
+ }
+ addToMap("$key", "$value")
+ }
+ }
+
+ def processKeyValue = { key, value ->
+ if(value instanceof java.util.ArrayList) {
+ if(key.equals("attributeList")) {
+ value.each {
+ addAttributeToMap(it)
+ }
+ }
+ } else if(!(value instanceof groovy.json.internal.LazyMap)) {
+ // only add key-value attributes, skip the rest
+ addToMap("$key", "$value")
+ }
+ }
+
+ if(parsedData instanceof java.util.ArrayList) {
+ parsedData.each {
+ it.each { key, value -> processKeyValue(key, value) }
+ }
+ } else {
+ parsedData.each { key, value -> processKeyValue(key, value) }
+ }
+ return attributeMap
+ }
+
+ def slurper = new groovy.json.JsonSlurper()
+ java.util.Map sdnc = getAttributes(slurper.parseText(sdncItems.toString()))
+ java.util.Map ndcb = getAttributes(slurper.parseText(ndcbItems.toString()))
+
+ boolean result = true
+ List<String> details = new ArrayList<>();
+ sdnc.any{ sdncKey, sdncValueList ->
+ def ndcbValueList = ndcb.get("$sdncKey")
+ ndcbValueList.each{ ndcbValue ->
+ if(!sdncValueList.any{ it == "$ndcbValue" }) {
+ result = false
+ details.add("$sdncKey")
+ details.add("$ndcbValue")
+ }
+ }
+ if(result == false) {
+ // break out of 'any' loop
+ return true
+ }
+ }
+ return new Tuple2(result, details)
+ '''
+}
-/*\r
-# Copyright © 2018 Amdocs, Bell Canada, AT&T\r
-#\r
-# Licensed under the Apache License, Version 2.0 (the "License");\r
-# you may not use this file except in compliance with the License.\r
-# You may obtain a copy of the License at\r
-#\r
-# http://www.apache.org/licenses/LICENSE-2.0\r
-#\r
-# Unless required by applicable law or agreed to in writing, software\r
-# distributed under the License is distributed on an "AS IS" BASIS,\r
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
-# See the License for the specific language governing permissions and\r
-# limitations under the License.\r
-\r
-*/\r
-\r
-USE portal;\r
-/*\r
-Any updates required by OOM to the portaldb are made here.\r
-1. split up SDC-FE and SDC-BE. Originally both FE and BE point to the same IP\r
-while the OOM K8s version has these service split up.\r
-*/\r
--- app_url is the FE, app_rest_endpoint is the BE\r
---portal-sdk => TODO: doesn't open a node port yet\r
-update fn_app set app_url = 'http://{{.Values.config.portalSdkHostName}}:{{.Values.config.portalSdkPort}}/ONAPPORTALSDK/welcome.htm', app_rest_endpoint = 'http://portal-sdk:8080/ONAPPORTALSDK/api/v3' where app_name = 'xDemo App';\r
---dmaap-bc => the dmaap-bc doesn't open a node port..\r
-update fn_app set app_url = 'http://{{.Values.config.dmaapBcHostName}}:{{.Values.config.dmaapBcPort}}/ECOMPDBCAPP/dbc#/dmaap', app_rest_endpoint = 'http://dmaap-bc:8989/ECOMPDBCAPP/api/v2' where app_name = 'DMaaP Bus Ctrl';\r
---sdc-be => 8443:30204, 8080:30205\r
---sdc-fe => 8181:30206, 9443:30207\r
-update fn_app set app_url = 'http://{{.Values.config.sdcFeHostName}}:{{.Values.config.sdcFePort}}/sdc1/portal', app_rest_endpoint = 'http://sdc-be:8080/api/v3' where app_name = 'SDC';\r
---pap => 8443:30219\r
-update fn_app set app_url = 'https://{{.Values.config.papHostName}}:{{.Values.config.papPort}}/onap/policy', app_rest_endpoint = 'https://pap:8443/onap/api/v3' where app_name = 'Policy';\r
---vid => 8080:30200\r
-update fn_app set app_url = 'https://{{.Values.config.vidHostName}}:{{.Values.config.vidPort}}/vid/welcome.htm', app_rest_endpoint = 'https://vid:8443/vid/api/v3' where app_name = 'Virtual Infrastructure Deployment';\r
---sparky => TODO: sparky doesn't open a node port yet\r
-update fn_app set app_url = 'http://{{.Values.config.aaiSparkyHostName}}:{{.Values.config.aaiSparkyPort}}/services/aai/webapp/index.html#/viewInspect', app_rest_endpoint = 'http://aai-sparky-be.{{.Release.Namespace}}:9517/api/v2' where app_name = 'A&AI UI';\r
---cli => 8080:30260\r
-update fn_app set app_url = 'http://{{.Values.config.cliHostName}}:{{.Values.config.cliPort}}/', app_type = 1 where app_name = 'CLI';\r
---msb-iag => 80:30280\r
-update fn_app set app_url = 'http://{{.Values.config.msbHostName}}:{{.Values.config.msbPort}}/iui/microservices/default.html' where app_name = 'MSB';\r
-\r
-\r
-/*\r
-Additionally, some more update statments; these should be refactored to another SQL file in future releases \r
-*/\r
-\r
--- portal\r
-update fn_app set auth_central = 'Y' , auth_namespace = 'org.onap.portal' where app_id = 1;\r
--- portal-sdk\r
-update fn_app set app_username='Default', app_password='2VxipM8Z3SETg32m3Gp0FvKS6zZ2uCbCw46WDyK6T5E=', ueb_key='ueb_key' where app_id = 2;\r
--- SDC\r
-update fn_app set app_username='sdc', app_password='j85yNhyIs7zKYbR1VlwEfNhS6b7Om4l0Gx5O8931sCI=', ueb_key='ueb_key' where app_id = 4;\r
--- policy\r
-update fn_app set app_username='Default', app_password='2VxipM8Z3SETg32m3Gp0FvKS6zZ2uCbCw46WDyK6T5E=', ueb_key='ueb_key_5', auth_central = 'Y' , auth_namespace = 'org.onap.policy' where app_id = 5;\r
--- vid\r
-update fn_app set app_username='Default', app_password='2VxipM8Z3SETg32m3Gp0FvKS6zZ2uCbCw46WDyK6T5E=', ueb_key='2Re7Pvdkgw5aeAUD', auth_central = 'Y' , auth_namespace = 'org.onap.vid' where app_id = 6;\r
--- aai sparky\r
-update fn_app set app_username='aaiui', app_password='4LK69amiIFtuzcl6Gsv97Tt7MLhzo03aoOx7dTvdjKQ=', ueb_key='ueb_key' where app_id = 7;\r
-\r
-\r
-\r
+/*
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+*/
+
+USE portal;
+/*
+Any updates required by OOM to the portaldb are made here.
+1. split up SDC-FE and SDC-BE. Originally both FE and BE point to the same IP
+while the OOM K8s version has these service split up.
+*/
+-- app_url is the FE, app_rest_endpoint is the BE
+--portal-sdk => TODO: doesn't open a node port yet
+update fn_app set app_url = 'http://{{.Values.config.portalSdkHostName}}:{{.Values.config.portalSdkPort}}/ONAPPORTALSDK/welcome.htm', app_rest_endpoint = 'http://portal-sdk:8080/ONAPPORTALSDK/api/v3' where app_name = 'xDemo App';
+--dmaap-bc => the dmaap-bc doesn't open a node port..
+update fn_app set app_url = 'http://{{.Values.config.dmaapBcHostName}}:{{.Values.config.dmaapBcPort}}/ECOMPDBCAPP/dbc#/dmaap', app_rest_endpoint = 'http://dmaap-bc:8989/ECOMPDBCAPP/api/v2' where app_name = 'DMaaP Bus Ctrl';
+--sdc-be => 8443:30204, 8080:30205
+--sdc-fe => 8181:30206, 9443:30207
+update fn_app set app_url = 'http://{{.Values.config.sdcFeHostName}}:{{.Values.config.sdcFePort}}/sdc1/portal', app_rest_endpoint = 'http://sdc-be:8080/api/v3' where app_name = 'SDC';
+--pap => 8443:30219
+update fn_app set app_url = 'https://{{.Values.config.papHostName}}:{{.Values.config.papPort}}/onap/policy', app_rest_endpoint = 'https://pap:8443/onap/api/v3' where app_name = 'Policy';
+--vid => 8080:30200
+update fn_app set app_url = 'https://{{.Values.config.vidHostName}}:{{.Values.config.vidPort}}/vid/welcome.htm', app_rest_endpoint = 'https://vid:8443/vid/api/v3' where app_name = 'Virtual Infrastructure Deployment';
+--sparky => TODO: sparky doesn't open a node port yet
+update fn_app set app_url = 'https://{{.Values.config.aaiSparkyHostName}}:{{.Values.config.aaiSparkyPort}}/services/aai/webapp/index.html#/viewInspect', app_rest_endpoint = 'https://aai-sparky-be.{{.Release.Namespace}}:8000/api/v2' where app_name = 'A&AI UI';
+--cli => 8080:30260
+update fn_app set app_url = 'http://{{.Values.config.cliHostName}}:{{.Values.config.cliPort}}/', app_type = 1 where app_name = 'CLI';
+--msb-iag => 80:30280
+update fn_app set app_url = 'http://{{.Values.config.msbHostName}}:{{.Values.config.msbPort}}/iui/microservices/default.html' where app_name = 'MSB';
+
+
+/*
+Create SO-Monitoring App
+*/
+INSERT IGNORE INTO `fn_app` (`app_id`, `app_name`, `app_image_url`, `app_description`, `app_notes`, `app_url`, `app_alternate_url`, `app_rest_endpoint`, `ml_app_name`, `ml_app_admin_id`, `mots_id`, `app_password`, `open`, `enabled`, `thumbnail`, `app_username`, `ueb_key`, `ueb_secret`, `ueb_topic_name`, `app_type`,`auth_central`,`auth_namespace`) VALUES
+(10, 'SO-Monitoring', 'images/cache/portal-345993588_92550.png', NULL, NULL, 'http://{{.Values.config.soMonitoringHostName}}:{{.Values.config.soMonitoringPort}}', NULL, 'http://so-monitoring:30224', '', '', NULL, 'password', 'Y', 'Y', NULL, 'user', '', '', '', 1,'N','SO-Monitoring');
+
+/*
+Add SO Monitoring to Default apps
+*/
+INSERT IGNORE INTO `fn_pers_user_app_sel` VALUES (10,1,10,'S');
+
+/*
+Add Contact information for SO Monitoring
+*/
+INSERT IGNORE INTO `fn_app_contact_us` (app_id, contact_name, contact_email, url, active_yn, description) VALUES ( 10,"SO Team","so@lists.onap.org","https://wiki.onap.org/display/DW/Approved+Projects",NULL, "Service Orchestration (SO).");
+
+/*
+Additionally, some more update statments; these should be refactored to another SQL file in future releases
+*/
+
+-- portal
+update fn_app set auth_central = 'Y' , auth_namespace = 'org.onap.portal' where app_id = 1;
+-- portal-sdk
+update fn_app set app_username='Default', app_password='2VxipM8Z3SETg32m3Gp0FvKS6zZ2uCbCw46WDyK6T5E=', ueb_key='ueb_key' where app_id = 2;
+-- SDC
+update fn_app set app_username='sdc', app_password='j85yNhyIs7zKYbR1VlwEfNhS6b7Om4l0Gx5O8931sCI=', ueb_key='ueb_key' where app_id = 4;
+-- policy
+update fn_app set app_username='Default', app_password='2VxipM8Z3SETg32m3Gp0FvKS6zZ2uCbCw46WDyK6T5E=', ueb_key='ueb_key_5', auth_central = 'Y' , auth_namespace = 'org.onap.policy' where app_id = 5;
+-- vid
+update fn_app set app_username='Default', app_password='2VxipM8Z3SETg32m3Gp0FvKS6zZ2uCbCw46WDyK6T5E=', ueb_key='2Re7Pvdkgw5aeAUD', auth_central = 'Y' , auth_namespace = 'org.onap.vid' where app_id = 6;
+-- aai sparky
+update fn_app set app_username='aaiui', app_password='4LK69amiIFtuzcl6Gsv97Tt7MLhzo03aoOx7dTvdjKQ=', ueb_key='ueb_key' where app_id = 7;
\ No newline at end of file
msbPort: "30280"
# application's front end hostname. Must be resolvable on the client side environment
msbHostName: "msb.api.simpledemo.onap.org"
+ # SO Monitoring assignment for port 30224
+ soMonitoringPort: "30224"
+ # application's front end hostname. Must be resolvable on the client side environment
+ soMonitoringHostName: "so-monitoring"
+
# default number of instances
replicaCount: 1
FROM boxfuse/flyway:5.0.7-alpine
-ARG branch=master
+ARG branch=3.0.0-ONAP
ENV no_proxy "localhost,127.0.0.1,.cluster.local,$KUBERNETES_SERVICE_HOST"
# Setup Corporate proxy
ENV https_proxy ${HTTP_PROXY}
- name: robot-logs
mountPath: /share/logs
resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
+{{ include "common.resources" . }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+ {{- end }}
volumes:
{{- if .Values.persistence.enabled }}
- name: robot-logs
# application image
repository: nexus3.onap.org:10001
-image: onap/testsuite:1.3.1
+image: onap/testsuite:1.3.2
pullPolicy: Always
ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-backend:1.3.2
-backendInitImage: onap/sdc-backend-init:1.3.2
+image: onap/sdc-backend:1.3.5
+backendInitImage: onap/sdc-backend-init:1.3.5
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-cassandra:1.3.2
-cassandraInitImage: onap/sdc-cassandra-init:1.3.2
+image: onap/sdc-cassandra:1.3.5
+cassandraInitImage: onap/sdc-cassandra-init:1.3.5
pullPolicy: Always
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/dcae-be:1.3-STAGING-latest
+image: onap/dcae-be:1.3.0
pullPolicy: Always
-backendInitImage: onap/dcae-tools:1.3-STAGING-latest
+backendInitImage: onap/dcae-tools:1.3.0
# flag to enable debugging - application support required
debugEnabled: false
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/dcae-dt:1.2-STAGING-latest
+image: onap/dcae-dt:1.2.0
pullPolicy: IfNotPresent
config:
javaOptions: -XX:MaxPermSize=256m -Xmx1024m -Dconfig.home=config -Dlog.home=/var/lib/jetty/logs/ -Dlogging.config=config/dcae-dt/logback-spring.xml
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/dcae-fe:1.3-STAGING-latest
+image: onap/dcae-fe:1.3.0
pullPolicy: Always
config:
javaOptions: -XX:MaxPermSize=256m -Xmx1024m -Dconfig.home=config -Dlog.home=/var/lib/jetty/logs/ -Dlogging.config=config/dcae-fe/logback-spring.xml
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/dcae-tosca-app:1.3-STAGING-latest
+image: onap/dcae-tosca-app:1.3.0
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-elasticsearch:1.3.2
-elasticInitImage: onap/sdc-init-elasticsearch:1.3.2
+image: onap/sdc-elasticsearch:1.3.5
+elasticInitImage: onap/sdc-init-elasticsearch:1.3.5
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-frontend:1.3.2
+image: onap/sdc-frontend:1.3.5
pullPolicy: Always
config:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-kibana:1.3.2
+image: onap/sdc-kibana:1.3.5
pullPolicy: Always
config:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-onboard-backend:1.3.2
-onboardingInitImage: onap/sdc-onboard-cassandra-init:1.3.2
+image: onap/sdc-onboard-backend:1.3.5
+onboardingInitImage: onap/sdc-onboard-cassandra-init:1.3.5
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/workflow-backend:1.3.1
-configInitImage: onap/workflow-init:1.3.1
+image: onap/workflow-backend:1.3.2
+configInitImage: onap/workflow-init:1.3.2
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/workflow-frontend:1.3.1
+image: onap/workflow-frontend:1.3.2
pullPolicy: Always
# flag to enable debugging - application support required
},
"ONBOARDING_BE": {
"http_port": "8081",
- "https_port": "8445"
+ "https_port": "8445",
+ "catalog_notification_url": "%s://%s:%s/sdc2/rest/v1/catalog/notif/vsp/"
},
"elasticsearch": {
"cluster_name": "SDC-ES-",
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdnc-dmaap-listener-image:1.4.1
+image: onap/sdnc-dmaap-listener-image:1.4.3
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdnc-ansible-server-image:1.4.1
+image: onap/sdnc-ansible-server-image:1.4.3
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/admportal-sdnc-image:1.4.1
+image: onap/admportal-sdnc-image:1.4.3
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdnc-ueb-listener-image:1.4.1
+image: onap/sdnc-ueb-listener-image:1.4.3
pullPolicy: Always
# flag to enable debugging - application support required
# application images
repository: nexus3.onap.org:10001
pullPolicy: Always
-image: onap/sdnc-image:1.4.1
+image: onap/sdnc-image:1.4.3
# flag to enable debugging - application support required
debugEnabled: false
consumerGroup: consumerGroup
consumerId: consumerId
topicListenerDelayInSeconds: 5
+bpelURL: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081
+msb-ip: msb-iag.{{ include "common.namespace" . }}
+msb-port: 80
mso:
msoKey: 07a7159d3bf51a0e53be7a8f89699be7
correlation:
endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}g:8087/services/rest/v1/volume-groups
vnf-async:
endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/services/VnfAsync
+ vfc:
+ rest:
+ endpoint: http://so-vfc-adapter.{{ include "common.namespace" . }}:8084/services/v1/vfcadapter
workflow:
message:
endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage
uri: /aai/v14/network/vces/vce
vpn-binding:
uri: /aai/v14/network/vpn-bindings/vpn-binding
+ sp-partner:
+ uri: /aai/v14/business/sp-partners/sp-partner
+ device:
+ uri: /aai/v14/network/devices/device
v11:
customer:
uri: /aai/v11/business/customers/customer
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/bpmn-infra:1.3.1
+image: onap/so/bpmn-infra:1.3.3
pullPolicy: Always
replicaCount: 1
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/catalog-db-adapter:1.3.1
+image: onap/so/catalog-db-adapter:1.3.3
pullPolicy: Always
replicaCount: 1
config:
mariadbRootPassword: password
# gerrit branch where the latest heat code is checked in
- gerritBranch: master
+ gerritBranch: 3.0.0-ONAP
# gerrit project where the latest heat code is checked in
gerritProject: http://gerrit.onap.org/r/so/docker-config.git
# default number of instances
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/so-monitoring:1.3.1
+image: onap/so/so-monitoring:1.3.3
pullPolicy: Always
replicaCount: 1
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/openstack-adapter:1.3.1
+image: onap/so/openstack-adapter:1.3.3
pullPolicy: Always
repository: nexus3.onap.org:10001
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/request-db-adapter:1.3.1
+image: onap/so/request-db-adapter:1.3.3
pullPolicy: Always
replicaCount: 1
db:
auth: Basic YnBlbDpwYXNzd29yZDEk
site-name: onapheat
+ camundaURL: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/
adapters:
requestDb:
endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/sdc-controller:1.3.1
+image: onap/so/sdc-controller:1.3.3
pullPolicy: Always
replicaCount: 1
bpelurl: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/SDNCAdapterCallbackService
generic-resource:
network-topology-operation:
+ create: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
activate: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
assign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
deactivate: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
+ delete: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
unassign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
vf-module-topology-operation:
+ create: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
activate: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
assign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
changeassign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
rollback: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
unassign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
vnf-topology-operation:
+ create: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
activate: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
assign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
changeassign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/sdnc-adapter:1.3.1
+image: onap/so/sdnc-adapter:1.3.3
pullPolicy: Always
replicaCount: 1
max-total: 20
validation-query: select 1
test-on-borrow: true
+ security:
+ usercredentials:
+ - username: bpel
+ password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
+ role: BPEL-Client
+ - username: mso_admin
+ password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
+ role: ACTUATOR
server:
port: {{ index .Values.containerPort }}
tomcat:
mso:
site-name: localSite
logPath: ./logs/vfc
+ msb-ip: msb-iag.{{ include "common.namespace" . }}
+ msb-port: 80
adapters:
requestDb:
endpoint: https://so-request-db-adapter.{{ include "common.namespace" . }}:8083
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/vfc-adapter:1.3.1
+image: onap/so/vfc-adapter:1.3.3
pullPolicy: Always
replicaCount: 1
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/api-handler-infra:1.3.1
+image: onap/so/api-handler-infra:1.3.3
pullPolicy: Always
replicaCount: 1
value: "{{ .Values.config.asdcclientrestauth }}"
- name: ASDC_CLIENT_REST_PORT
value: "{{ .Values.config.asdcclientrestport }}"
- - name: VID_AAI_HOST
- value: aai.{{ include "common.namespace" . }}
- - name: VID_AAI_PORT
- value: "{{ .Values.config.vidaaiport }}"
+ - name: VID_AAI_URL
+ value: https://aai.{{ include "common.namespace" . }}:{{ .Values.config.vidaaiport }}
- name: VID_ECOMP_SHARED_CONTEXT_REST_URL
value: http://portal-app.{{ include "common.namespace" . }}:{{ .Values.config.onapport }}/ONAPPORTAL/context
- name: VID_MSO_SERVER_URL
# application image
repository: nexus3.onap.org:10001
-image: onap/vid:3.2.0
+image: onap/vid:3.2.2
pullPolicy: Always
# mariadb image for initializing