truststorePasswordSecretName: oom-cert-service-truststore-password
truststorePasswordSecretKey: password
certPostProcessor:
- image: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.5.0
+ image: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.6.0
*/}}
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- annotations:
- sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
{{ include "common.certInitializer.initContainer" . | indent 6 | trim }}
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.name }}
- - containerPort: {{ .Values.service.internalPortHttps }}
- name: {{ .Values.service.name }}-https
+ ports: {{- include "common.containerPorts" . | indent 10 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
- port: {{ .Values.service.internalPort }}
+ port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end -}}
readinessProbe:
tcpSocket:
- port: {{ .Values.service.internalPort }}
+ port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
readOnly: true
- mountPath: /usr/local/apiroute-works/logs
name: {{ include "common.fullname" . }}-logs
+ {{- if (include "common.needTLS" .) }}
- mountPath: /usr/local/openresty/nginx/msb-enabled/msbhttps.conf
name: {{ include "common.fullname" . }}-nginx-conf
subPath: msbhttps.conf
+ {{- end }}
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
- name: {{ include "common.fullname" . }}-log-conf
configMap:
name: {{ include "common.fullname" . }}-log
+ {{- if (include "common.needTLS" .) }}
- name: {{ include "common.fullname" . }}-nginx-conf
configMap:
name: {{ include "common.fullname" . }}-nginx
+ {{- end }}
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix . )) | nindent 8 }}
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Values.service.name }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPortHttps }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePortHttps }}
- name: https-{{ .Values.service.name }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: http-{{ .Values.service.name }}
- - port: {{ .Values.service.externalPortHttps }}
- targetPort: {{ .Values.service.internalPortHttps }}
- name: https-{{ .Values.service.name }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }}
\ No newline at end of file
service:
type: NodePort
name: msb-eag
- externalPort: 80
- internalPort: 80
- externalPortHttps: 443
- internalPortHttps: 443
- nodePortHttps: 84
+ both_tls_and_plain: true
+ # for liveness and readiness probe only
+ # internalPort:
+ internalPort: 443
+ internalPlainPort: 80
+ ports:
+ - name: msb-eag
+ port: 443
+ plain_port: 80
+ port_protocol: http
+ nodePort: '84'
ingress:
enabled: false
*/}}
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- annotations:
- sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
{{ include "common.certInitializer.initContainer" . | indent 6 | trim }}
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.name }}
- - containerPort: {{ .Values.service.internalPortHttps }}
- name: {{ .Values.service.name }}-https
+ ports: {{- include "common.containerPorts" . | indent 10 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
- port: {{ .Values.service.internalPort }}
+ port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end -}}
readinessProbe:
tcpSocket:
- port: {{ .Values.service.internalPort }}
+ port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
readOnly: true
- mountPath: /usr/local/apiroute-works/logs
name: {{ include "common.fullname" . }}-logs
+ {{- if (include "common.needTLS" .) }}
- mountPath: /usr/local/openresty/nginx/msb-enabled/msbhttps.conf
name: {{ include "common.fullname" . }}-nginx-conf
subPath: msbhttps.conf
+ {{- end }}
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
- name: {{ include "common.fullname" . }}-log-conf
configMap:
name: {{ include "common.fullname" . }}-log
+ {{- if (include "common.needTLS" .) }}
- name: {{ include "common.fullname" . }}-nginx-conf
configMap:
name: {{ include "common.fullname" . }}-nginx
+ {{- end }}
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix . )) | nindent 8 }}
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Values.service.name }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPortHttps }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePortHttps }}
- name: https-{{ .Values.service.name }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: http-{{ .Values.service.name }}
- - port: {{ .Values.service.externalPortHttps }}
- targetPort: {{ .Values.service.internalPortHttps }}
- name: https-{{ .Values.service.name }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }}
\ No newline at end of file
service:
type: NodePort
name: msb-iag
- externalPort: 80
- internalPort: 80
- nodePort: 80
- externalPortHttps: 443
- internalPortHttps: 443
- nodePortHttps: 83
+ both_tls_and_plain: true
+ # for liveness and readiness probe only
+ # internalPort:
+ internalPort: 443
+ internalPlainPort: 80
+ ports:
+ - name: msb-iag
+ port: 443
+ plain_port: 80
+ port_protocol: http
+ nodePort: '83'
ingress:
enabled: false
# Deployment configuration
deployment:
name: oom-certservice-cmpv2issuer
- image: onap/org.onap.oom.platform.cert-service.oom-certservice-k8s-external-provider:2.5.0
+ image: onap/org.onap.oom.platform.cert-service.oom-certservice-k8s-external-provider:2.6.0
proxyImage: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.0
# fol local development use IfNotPresent
pullPolicy: Always
# Deployment configuration
repository: "nexus3.onap.org:10001"
-image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.5.0
+image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.6.0
pullPolicy: Always
replicaCount: 1
# ============LICENSE_START=======================================================
# Copyright (C) 2022 Bell Canada. All rights reserved.
+# Modifications Copyright (C) 2022 AT&T Intellectual Property.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
policy-preload:
policyTypes:
- policytypes/onap.policies.monitoring.tcagen2.yaml
+ - policytypes/onap.policies.monitoring.tcagen2.v2.yaml
- policytypes/onap.policies.monitoring.dcaegen2.collectors.datafile.datafile-app-server.yaml
- policytypes/onap.policies.monitoring.dcae-restconfcollector.yaml
- policytypes/onap.policies.monitoring.dcae-pm-subscription-handler.yaml
SQL_HOST={{ .Values.db.name }}
SQL_PORT=3306
+JDBC_URL=jdbc:mariadb://{{ .Values.db.name }}:3306/
+JDBC_OPTS=
+MYSQL_CMD=
# Liveness
LIVENESS_CONTROLLERS=*
{{/*
# ============LICENSE_START=======================================================
-# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# Copyright (C) 2019-2020, 2022 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright (C) 2020 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
{{- end }}
{{- end }}
data:
-{{ tpl (.Files.Glob "resources/config/*.{json,properties,xml}").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/*.{sql,json,properties,xml}").AsConfig . | indent 2 }}
image: mariadb:10.5.8
dbmigrator:
- image: onap/policy-db-migrator:2.4.3
+ image: onap/policy-db-migrator:2.5.0
schema: policyadmin
policy_home: "/opt/app/policy"