[AAI] Reintegrate AAI OOM charts in main repo

AAI chart is currently in its own directory. As a lot will be done in
the charts with tight coordination between "common" part and components
parts, it's a lot easier to have everything in a same place for now.

Issue-ID: OOM-2513
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I5e27f7de286bf74e6d3a443e1cb31f63b3d83265
[Update aai to commit 18d4bd165e12cb4d03baa318e506f0dda381cd89]
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>

diff --git a/.gitmodules b/.gitmodules
index 19cca65..3f0f4ef 100644 (file)
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,11 +1,5 @@
-[submodule "kubernetes/aai"]
-  path = kubernetes/aai
-  url = ../aai/oom
-  branch = master
-  ignore = dirty

 [submodule "kubernetes/robot"]
   path = kubernetes/robot
   url = ../testsuite/oom
   branch = master
   ignore = dirty
 [submodule "kubernetes/robot"]
   path = kubernetes/robot
   url = ../testsuite/oom
   branch = master
   ignore = dirty

-

diff --git a/kubernetes/Makefile b/kubernetes/Makefile
index 08b028a..81d35c5 100644 (file)
--- a/kubernetes/Makefile
+++ b/kubernetes/Makefile
@@ -32,7 +32,7 @@ else
        HELM_LINT_CMD := echo "Skipping linting of"
 endif
 
        HELM_LINT_CMD := echo "Skipping linting of"
 endif
 

-SUBMODS := robot aai
+SUBMODS := robot

 EXCLUDES := config oneclick readiness test dist helm $(PARENT_CHART) dcae $(SUBMODS)
 HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) $(PARENT_CHART)
 
 EXCLUDES := config oneclick readiness test dist helm $(PARENT_CHART) dcae $(SUBMODS)
 HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) $(PARENT_CHART)
 

diff --git a/kubernetes/aai b/kubernetes/aai
deleted file mode 160000 (submodule)
index 18d4bd1..0000000
--- a/kubernetes/aai
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit 18d4bd165e12cb4d03baa318e506f0dda381cd89

diff --git a/kubernetes/aai/Chart.yaml b/kubernetes/aai/Chart.yaml
new file mode 100644 (file)
index 0000000..41e4039
--- /dev/null
+++ b/kubernetes/aai/Chart.yaml
@@ -0,0 +1,19 @@
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP Active and Available Inventory
+name: aai
+version: 7.0.0

diff --git a/kubernetes/aai/components/aai-babel/.helmignore b/kubernetes/aai/components/aai-babel/.helmignore
new file mode 100644 (file)
index 0000000..daebc7d
--- /dev/null
+++ b/kubernetes/aai/components/aai-babel/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.\r
+# This supports shell glob matching, relative path matching, and\r
+# negation (prefixed with !). Only one pattern per line.\r
+.DS_Store\r
+# Common VCS dirs\r
+.git/\r
+.gitignore\r
+.bzr/\r
+.bzrignore\r
+.hg/\r
+.hgignore\r
+.svn/\r
+# Common backup files\r
+*.swp\r
+*.bak\r
+*.tmp\r
+*~\r
+# Various IDEs\r
+.project\r
+.idea/\r
+*.tmproj\r

diff --git a/kubernetes/aai/components/aai-babel/Chart.yaml b/kubernetes/aai/components/aai-babel/Chart.yaml
new file mode 100644 (file)
index 0000000..1fcad30
--- /dev/null
+++ b/kubernetes/aai/components/aai-babel/Chart.yaml
@@ -0,0 +1,19 @@
+# Copyright © 2018 Amdocs, AT&T
+# Modifications Copyright © 2018 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: Babel microservice
+name: aai-babel
+version: 7.0.0

diff --git a/kubernetes/aai/components/aai-babel/requirements.yaml b/kubernetes/aai/components/aai-babel/requirements.yaml
new file mode 100644 (file)
index 0000000..193ad2d
--- /dev/null
+++ b/kubernetes/aai/components/aai-babel/requirements.yaml
@@ -0,0 +1,22 @@
+# Copyright © 2018 Amdocs, AT&T
+# Modifications Copyright © 2018 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: common
+    version: ~7.x-0
+    # local reference to common chart, as it is
+    # a part of this chart's package and will not
+    # be published independently to a repo (at this point)
+    repository: '@local'

diff --git a/kubernetes/aai/components/aai-babel/resources/config/artifact-generator.properties b/kubernetes/aai/components/aai-babel/resources/config/artifact-generator.properties
new file mode 100644 (file)
index 0000000..e246b00
--- /dev/null
+++ b/kubernetes/aai/components/aai-babel/resources/config/artifact-generator.properties
@@ -0,0 +1,285 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+#action widget details
+AAI.model-version-id.action=fd7fb09e-d930-41b9-b83f-cfde9df48640
+AAI.model-invariant-id.action=af593b4b-490e-4665-ad74-2f6351c0a7ce
+#action-data widget details
+AAI.model-invariant-id.action-data=9551346c-7d8b-4daf-9926-b93e96e2344a
+AAI.model-version-id.action-data=2f80c596-27e5-4ca9-b5bb-e03a7fd4c0fd
+#allotted-resource widget details
+AAI.model-invariant-id.allotted-resource=f6d6a23d-a1a9-48ff-8419-b6530da2d381
+AAI.model-version-id.allotted-resource=7ad0915f-25c0-4a70-b9bc-185a75f87564
+#availability-zone widget details
+AAI.model-version-id.availability-zone=6c092fb1-21b2-456b-9e01-67fb4de1896e
+AAI.model-invariant-id.availability-zone=61b88c01-d819-41c0-8e21-7fd7ba47148e
+#az-and-dvs-switches widget details
+AAI.model-version-id.az-and-dvs-switches=b2dea88d-78a0-49bf-95c9-5819df08e966
+AAI.model-invariant-id.az-and-dvs-switches=53dc00d4-e6d9-48ec-b6cc-3d3797e9b896
+#class-of-service widget details
+AAI.model-version-id.class-of-service=d2fb27cc-15eb-4c4e-828e-71d41aaecc5b
+AAI.model-invariant-id.class-of-service=18094b19-d16d-4822-8acf-e92c6aefa178
+#cloud-region widget details
+AAI.model-version-id.cloud-region=2a160989-b202-47dd-874b-4a0f275998f7
+AAI.model-invariant-id.cloud-region=425b2158-e51d-4509-9945-dad4556474a3
+#complex widget details
+AAI.model-invariant-id.complex=af91c2f7-35fc-43cf-a13d-443f385b2353
+AAI.model-version-id.complex=3a8ab1ee-9220-4fe8-b89c-9251d160ddc2
+#configuration widget details
+AAI.model-invariant-id.configuration=166c050d-f69d-4305-943e-0bc58c3a26cf
+AAI.model-version-id.configuration=5a175add-57e4-4a5d-8b02-c36f1d69c52b
+#connector widget details
+AAI.model-version-id.connector=22104c9f-29fd-462f-be07-96cd6b46dd33
+AAI.model-invariant-id.connector=4c01c948-7607-4d66-8a6c-99c2c2717936
+#constrained-element-set widget details
+AAI.model-invariant-id.constrained-element-set=c0292b4f-ee97-40cc-8c2e-f967c48f5701
+AAI.model-version-id.constrained-element-set=01102126-9c04-4a89-945b-b131e61e95d7
+#ctag-assignment widget details
+AAI.model-version-id.ctag-assignment=44e5cb1f-0938-41aa-b766-d4595109fe89
+AAI.model-invariant-id.ctag-assignment=fcb8d46b-b656-4ad6-8fa4-22cef74b443f
+#ctag-pool widget details
+AAI.model-invariant-id.ctag-pool=46c51d4e-d67e-4a9c-b1f5-49b1e9c6fcaa
+AAI.model-version-id.ctag-pool=2056c41f-23b9-4de7-9f50-819adad37d76
+#customer widget details
+AAI.model-invariant-id.customer=c1d4305f-cdbd-4bbe-9069-a2f4978fd89e
+AAI.model-version-id.customer=d4df5c27-98a1-4812-a8aa-c17f055b7a3f
+#cvlan-tag-entry widget details
+AAI.model-version-id.cvlan-tag-entry=c3878ffb-8d85-4114-bee6-e4074a9db10b
+AAI.model-invariant-id.cvlan-tag-entry=245cf4b0-7cc5-4eea-bbd9-753e939adcab
+#dvs-switch widget details
+AAI.model-invariant-id.dvs-switch=98fbb471-1f86-428e-bd8a-c8a25de6fa23
+AAI.model-version-id.dvs-switch=4cb44ae8-e3ab-452a-9f95-bcc8a44c55ea
+#edge-prop-names widget details
+AAI.model-invariant-id.edge-prop-names=7a08cad4-8759-46a5-8245-095d1ba57ac6
+AAI.model-version-id.edge-prop-names=f0442326-8201-4d0e-857c-74b4ddcbfc9f
+#element-choice-set widget details
+AAI.model-invariant-id.element-choice-set=9a011958-7165-47a3-b872-00951d1f09ae
+AAI.model-version-id.element-choice-set=af27fbfd-598d-44da-aeae-0f9d3a5fcd6a
+#entitlement widget details
+AAI.model-version-id.entitlement=7e27ba2e-b7db-4e13-9fae-d142152ef98a
+AAI.model-invariant-id.entitlement=ae75b5a0-d5e1-4f3a-b8fb-37626a753da3
+#flavor widget details
+AAI.model-invariant-id.flavor=bace8d1c-a261-4041-9e37-823117415d0f
+AAI.model-version-id.flavor=36200fb5-f251-4f5d-a520-7c5ad5c2cd4b
+#generic-vnf widget details
+AAI.model-version-id.generic-vnf=93a6166f-b3d5-4f06-b4ba-aed48d009ad9
+AAI.model-invariant-id.generic-vnf=acc6edd8-a8d4-4b93-afaa-0994068be14c
+#group-assignment widget details
+AAI.model-invariant-id.group-assignment=7cc05f25-7ba2-42b7-a237-c5662a1689e1
+AAI.model-version-id.group-assignment=fe578080-ce19-4604-8760-fc264fbb2565
+#image widget details
+AAI.model-version-id.image=f6a038c2-820c-42ba-8c2b-375e24e8f932
+AAI.model-invariant-id.image=3f4c7204-739b-4bbb-87a7-8a6856439c90
+#include-node-filter widget details
+AAI.model-invariant-id.include-node-filter=2a2d8ad2-af0a-4e1f-9982-0c899e7dc827
+AAI.model-version-id.include-node-filter=f05f804d-7057-4ffe-bdc5-39f2f0c9c9fd
+#instance-group widget details
+AAI.model-version-id.instance-group=8e6ee9dc-9017-444a-83b3-219edb018128
+AAI.model-invariant-id.instance-group=3bf1e610-45f7-4ad6-b833-ca4c5ee6a3fd
+#inventory-item widget details
+AAI.model-invariant-id.inventory-item=cd57d844-9017-4078-aa19-926935a3d77c
+AAI.model-version-id.inventory-item=69957f4a-2155-4b95-8d72-d6dd9b88b27b
+#inventory-item-data widget details
+AAI.model-version-id.inventory-item-data=0e54bb87-bd6e-4a2b-ad1c-6d935b87ae51
+AAI.model-invariant-id.inventory-item-data=87a383ae-cf03-432e-a9de-04e6a622d0fd
+#ipsec-configuration widget details
+AAI.model-invariant-id.ipsec-configuration=aca4c310-cb45-42bd-9f88-73e40ba7b962
+AAI.model-version-id.ipsec-configuration=d949fd10-36bf-408a-ac7a-cad5004d2e0d
+#key-data widget details
+AAI.model-version-id.key-data=c23ea04d-1a3b-453d-bc49-a6c783a5e92b
+AAI.model-invariant-id.key-data=f5faa464-c2f2-4cc3-89d2-a90452dc3a07
+#l3-interface-ipv4-address-list widget details
+AAI.model-version-id.l3-interface-ipv4-address-list=41e76b6f-1e06-4fd4-82cd-81c50fc4574b
+AAI.model-invariant-id.l3-interface-ipv4-address-list=aad85df2-09be-40fa-b867-16415e4e10e2
+#l3-interface-ipv6-address-list widget details
+AAI.model-invariant-id.l3-interface-ipv6-address-list=82966045-43ee-4982-8307-7e9610866140
+AAI.model-version-id.l3-interface-ipv6-address-list=d040621d-541a-477b-bb1b-a2b61b14e295
+#l3-network widget details
+AAI.model-version-id.l3-network=9111f20f-e680-4001-b83f-19a2fc23bfc1
+AAI.model-invariant-id.l3-network=3d560d81-57d0-438b-a2a1-5334dba0651a
+#lag-interface widget details
+AAI.model-version-id.lag-interface=ce95f7c3-b61b-4758-ae9e-7e943b1c103d
+AAI.model-invariant-id.lag-interface=e0ee9bde-c1fc-4651-a95d-8e0597bf7d70
+#lag-link widget details
+AAI.model-version-id.lag-link=d29a087a-af59-4053-a3f8-0f95a92faa75
+AAI.model-invariant-id.lag-link=86ffe6e5-4d0e-4cec-80b5-5c38aa3eff98
+#license widget details
+AAI.model-invariant-id.license=b9a9b337-1f86-42d3-b9f9-f987a089507c
+AAI.model-version-id.license=6889274b-a1dc-40ab-9090-93677e13e2e6
+#license-key-resource widget details
+AAI.model-invariant-id.license-key-resource=9022ebfe-b54f-4911-a6b2-8c3f5ec189b7
+AAI.model-version-id.license-key-resource=24b25f8c-b8bd-4c62-9421-87c12667aac9
+#l-interface widget details
+AAI.model-version-id.l-interface=a32613fd-18b9-459e-aab8-fffb3912966a
+AAI.model-invariant-id.l-interface=cea0a982-8d55-4093-921e-418fbccf7060
+#logical-link widget details
+AAI.model-version-id.logical-link=a1481a38-f8ba-4ae4-bdf1-06c2c6af4c54
+AAI.model-invariant-id.logical-link=fe012535-2c31-4a39-a739-612374c638a0
+#metadatum widget details
+AAI.model-invariant-id.metadatum=86dbb63a-265e-4614-993f-6771c30b56a5
+AAI.model-version-id.metadatum=6bae950e-8939-41d3-a6a7-251b03e4c1fc
+#model widget details
+AAI.model-invariant-id.model=06d1418a-5faa-452d-a94b-a2829df5f67b
+AAI.model-version-id.model=1f51c05c-b164-4c27-9c03-5cbb239fd6be
+#model-constraint widget details
+AAI.model-invariant-id.model-constraint=c28966f3-e758-4483-b37b-a90b05d3dd33
+AAI.model-version-id.model-constraint=ad70dd19-f156-4fb5-a865-97b5563b0d37
+#model-element widget details
+AAI.model-invariant-id.model-element=2076e726-3577-477a-a300-7fa65cd4df11
+AAI.model-version-id.model-element=753e813a-ba9e-4a1d-ab34-b2f6dc6eec0c
+#multicast-configuration widget details
+AAI.model-invariant-id.multicast-configuration=ea78c9e3-514d-4a0a-9162-13837fa54c35
+AAI.model-version-id.multicast-configuration=666a06ee-4b57-46df-bacf-908da8f10c3f
+#named-query widget details
+AAI.model-version-id.named-query=5c3b7c33-afa3-4be5-8da7-1a5ac6f99896
+AAI.model-invariant-id.named-query=80b712fd-0ad3-4180-a99c-8c995cf1cc32
+#named-query-element widget details
+AAI.model-version-id.named-query-element=204c641a-3494-48c8-979a-86856f5fd32a
+AAI.model-invariant-id.named-query-element=3c504d40-b847-424c-9d25-4fb7e0a3e994
+#network-policy widget details
+AAI.model-invariant-id.network-policy=6aa05779-94d7-4d8b-9bee-59ef2ab0c246
+AAI.model-version-id.network-policy=a0ccd9dc-7062-4940-9bcc-e91dd28af510
+#network-profile widget details
+AAI.model-version-id.network-profile=01f45471-4240-498c-a9e1-235dc0b8b4a6
+AAI.model-invariant-id.network-profile=2734b44a-b8a2-40f6-957d-6256589e5d00
+#newvce widget details
+AAI.model-version-id.newvce=7c79e11f-a408-4593-aa86-ba948a1236af
+AAI.model-invariant-id.newvce=4b05ec9c-c55d-4987-83ff-e08d6ddb694f
+#oam-network widget details
+AAI.model-invariant-id.oam-network=2851cf01-9c40-4064-87d4-6184a6fcff35
+AAI.model-version-id.oam-network=f4fb34f3-fd6e-4a8f-a3fb-4ab61a343b79
+#physical-link widget details
+AAI.model-invariant-id.physical-link=c822d81f-822f-4304-9623-1025b53da568
+AAI.model-version-id.physical-link=9c523936-95b4-4d7f-9f53-6bdfe0cf2c05
+#p-interface widget details
+AAI.model-invariant-id.p-interface=94043c37-4e73-439c-a790-0fdd697924cd
+AAI.model-version-id.p-interface=d2cdb2d0-fc1f-4a57-a89e-591b1c4e3754
+#pnf widget details
+AAI.model-version-id.pnf=e9f1fa7d-c839-418a-9601-03dc0d2ad687
+AAI.model-invariant-id.pnf=862b25a1-262a-4961-bdaa-cdc55d69785a
+#port-group widget details
+AAI.model-version-id.port-group=03e8bb6b-b48a-46ae-b5d4-e5af577e6844
+AAI.model-invariant-id.port-group=8ce940fb-55d7-4230-9e7f-a56cc2741f77
+#property-constraint widget details
+AAI.model-version-id.property-constraint=81706bbd-981e-4362-ae20-995cbcb2d995
+AAI.model-invariant-id.property-constraint=f4a863c3-6886-470a-a6ae-05723837ea45
+#pserver widget details
+AAI.model-invariant-id.pserver=6d932c8f-463b-4e76-83fb-87acfbaa2e2d
+AAI.model-version-id.pserver=72f0d495-bc27-4653-9e1a-eef76bd34bc9
+#related-lookup widget details
+AAI.model-invariant-id.related-lookup=468f6f5b-2996-41bb-b2a3-7cf9613ebb9b
+AAI.model-version-id.related-lookup=0988bab5-bf4f-4938-a419-ab249867d12a
+#reserved-prop-names widget details
+AAI.model-invariant-id.reserved-prop-names=0c3e0ba3-618c-498d-9127-c8d42b00170f
+AAI.model-version-id.reserved-prop-names=ac49d26d-9163-430e-934a-13b738a04f5c
+#result-data widget details
+AAI.model-version-id.result-data=4e9b50aa-5227-4f6f-b489-62e6bbc03c79
+AAI.model-invariant-id.result-data=ff656f23-6185-406f-9006-4b26834f3e1c
+#route-table-reference widget details
+AAI.model-version-id.route-table-reference=fed7e326-03a7-45ff-a3f2-471470d268c4
+AAI.model-invariant-id.route-table-reference=a8614b63-2636-4c4f-98df-fd448c4241db
+#routing-instance widget details
+AAI.model-invariant-id.routing-instance=1c2ded4f-8b01-4193-829c-966847dfec3e
+AAI.model-version-id.routing-instance=3ccbcbc7-d19e-44d5-a52f-7e18aa8d69fa
+#secondary-filter widget details
+AAI.model-version-id.secondary-filter=1380619d-dd1a-4cec-b755-c6407833e065
+AAI.model-invariant-id.secondary-filter=738ff299-6290-4c00-8998-bd0e96a07b93
+#segmentation-assignment widget details
+AAI.model-invariant-id.segmentation-assignment=6e814aee-46e1-4583-a9d4-0049bfd2b59b
+AAI.model-version-id.segmentation-assignment=c5171ae0-44fb-4c04-b482-d56702241a44
+#service widget details
+AAI.model-version-id.service=ecce2c42-3957-4ae0-9442-54bc6afe27b6
+AAI.model-invariant-id.service=07a3a60b-1b6c-4367-8173-8014386f89e3
+#service-capability widget details
+AAI.model-invariant-id.service-capability=b1a7cc05-d19d-443b-a5d1-733e325c4232
+AAI.model-version-id.service-capability=f9cfec1b-18da-4bba-bd83-4b26cca115cd
+#service-instance widget details
+AAI.model-invariant-id.service-instance=82194af1-3c2c-485a-8f44-420e22a9eaa4
+AAI.model-version-id.service-instance=46b92144-923a-4d20-b85a-3cbd847668a9
+#service-subscription widget details
+AAI.model-invariant-id.service-subscription=2e1a602a-acd8-4f78-94ff-618b802a303b
+AAI.model-version-id.service-subscription=5e68299a-79f2-4bfb-8fbc-2bae877a2459
+#site-pair widget details
+AAI.model-version-id.site-pair=7106bc02-6552-4fc3-8a56-4f3df9034531
+AAI.model-invariant-id.site-pair=db63f3e6-f8d1-484e-8d5e-191600b7914b
+#site-pair-set widget details
+AAI.model-invariant-id.site-pair-set=5d4dae3e-b402-4bfd-909e-ece12ff75d26
+AAI.model-version-id.site-pair-set=a5c6c1bc-dc38-468e-9459-bb08f87247df
+#snapshot widget details
+AAI.model-version-id.snapshot=962a7c8b-687f-4d32-a775-fe098e214bcd
+AAI.model-invariant-id.snapshot=24de00ef-aead-4b52-995b-0adf8d4bd90d
+#sriov-vf widget details
+AAI.model-version-id.sriov-vf=1e8b331f-3d4a-4160-b7aa-f4d5a8916625
+AAI.model-invariant-id.sriov-vf=04b2935f-33c4-40a9-8af0-8b52690042dc
+#start-node-filter widget details
+AAI.model-version-id.start-node-filter=aad96fd3-e75f-42fc-9777-3450c36f1168
+AAI.model-invariant-id.start-node-filter=083093a3-e407-447a-ba5d-7583e4d23e1d
+#subnet widget details
+AAI.model-version-id.subnet=f902a6bc-6be4-4fe5-8458-a6ec0056b374
+AAI.model-invariant-id.subnet=1b2c9ba7-e449-4831-ba15-3073672f5ef2
+#tagged-inventory-item-list widget details
+AAI.model-invariant-id.tagged-inventory-item-list=e78a7eaa-f65d-4919-9c2b-5b258c8c4d7e
+AAI.model-version-id.tagged-inventory-item-list=c246f6e2-e3a1-4697-94c0-5672a7fbbf04
+#tenant widget details
+AAI.model-invariant-id.tenant=97c26c99-6870-44c1-8a07-1d900d3f4ce6
+AAI.model-version-id.tenant=abcc54bc-bb74-49dc-9043-7f7171707545
+#tunnel-xconnect widget details
+AAI.model-invariant-id.tunnel-xconnect=50b9e2fa-005c-4bbe-b651-3251dece4cd8
+AAI.model-version-id.tunnel-xconnect=e7cb4ca8-e1a5-4487-a716-4ae0bcd8aef5
+#update-node-key widget details
+AAI.model-version-id.update-node-key=6004cfa6-eb6d-4062-971f-b1fde6b74aa0
+AAI.model-invariant-id.update-node-key=fe81c801-f65d-408a-b2b7-a729a18f8154
+#vce widget details
+AAI.model-version-id.vce=b6cf54b5-ec45-43e1-be64-97b4e1513333
+AAI.model-invariant-id.vce=bab6dceb-e7e6-4301-a5e0-a7399b48d792
+#vf-module widget details
+AAI.model-invariant-id.vf-module=ef86f9c5-2165-44f3-8fc3-96018b609ea5
+AAI.model-version-id.vf-module=c00563ae-812b-4e62-8330-7c4d0f47088a
+#vig-server widget details
+AAI.model-version-id.vig-server=8e8c22f1-fbdf-48ea-844c-8bdeb44e7b16
+AAI.model-invariant-id.vig-server=bed7c3b7-35d0-4cd9-abde-41b20e68b28e
+#virtual-data-center widget details
+AAI.model-invariant-id.virtual-data-center=5150abcf-0c5f-4593-9afe-a19c48fc4824
+AAI.model-version-id.virtual-data-center=6dd43ced-d789-47af-a759-d3abc14e3ac1
+#vlan widget details
+AAI.model-version-id.vlan=257d88a5-a269-4c35-944f-aca04fbdb791
+AAI.model-invariant-id.vlan=d2b1eaf1-ae59-4116-9ee4-aa0179faa4f8
+#vnfc widget details
+AAI.model-invariant-id.vnfc=96129eb9-f0de-4e05-8af2-73146473f766
+AAI.model-version-id.vnfc=5761e0a7-c6df-4d8a-9ebd-b8f445054dec
+#vnf-image widget details
+AAI.model-invariant-id.vnf-image=f9a628ff-7aa0-40e2-a93d-02d91c950982
+AAI.model-version-id.vnf-image=c4d3e747-ba4a-4b17-9896-94c6f18c19d3
+#volume widget details
+AAI.model-version-id.volume=0fbe2e8f-4d91-4415-a772-88387049b38d
+AAI.model-invariant-id.volume=ddd739b4-2b25-46c4-affc-41a32af5cc42
+#volume-group widget details
+AAI.model-invariant-id.volume-group=fcec1b02-b2d0-4834-aef8-d71be04717dd
+AAI.model-version-id.volume-group=99d44c90-1f61-4418-b9a6-56586bf38c79
+#vpe widget details
+AAI.model-invariant-id.vpe=053ec3a7-5b72-492d-b54d-123805a9b967
+AAI.model-version-id.vpe=203817d3-829c-42d4-942d-2a935478e993
+#vpls-pe widget details
+AAI.model-version-id.vpls-pe=b1566228-6785-4ce1-aea2-053736f80341
+AAI.model-invariant-id.vpls-pe=457ba89b-334c-4fbd-acc4-160ac0e0cdc0
+#vpn-binding widget details
+AAI.model-invariant-id.vpn-binding=9e23b675-db2b-488b-b459-57aa9857baa0
+AAI.model-version-id.vpn-binding=21a146e5-9901-448c-9197-723076770119
+#vserver widget details
+AAI.model-invariant-id.vserver=ff69d4e0-a8e8-4108-bdb0-dd63217e63c7
+AAI.model-version-id.vserver=8ecb2c5d-7176-4317-a255-26274edfdd53
+#collection resource widget details
+AAI.model-invariant-id.cr=8bac3599-9a1c-4b7f-80e5-c1838f744c23
+AAI.model-version-id.cr=3f908abc-3a15-40d0-b674-2a639e52884d

diff --git a/kubernetes/aai/components/aai-babel/resources/config/auth/auth_policy.json b/kubernetes/aai/components/aai-babel/resources/config/auth/auth_policy.json
new file mode 100644 (file)
index 0000000..ff33c17
--- /dev/null
+++ b/kubernetes/aai/components/aai-babel/resources/config/auth/auth_policy.json
@@ -0,0 +1,47 @@
+{"roles": [\r
+    {\r
+        "name": "admin",\r
+        "functions": [\r
+            {\r
+                "name": "generateArtifacts",\r
+                "methods": [{"name": "POST"}]\r
+            }\r
+        ],\r
+        "users": [\r
+            {"username": "CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA"}\r
+        ]\r
+    },\r
+    {\r
+        "name": "ops",\r
+        "functions": [{\r
+            "name": "actions",\r
+            "methods": [{"name": "POST"}]\r
+        }],\r
+        "users": [\r
+            {"username": "CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA"}\r
+        ]\r
+    },\r
+    {\r
+        "name": "readonly",\r
+        "functions": [\r
+            {\r
+                "name": "actions",\r
+                "methods": [{"name": "GET"}]\r
+            }\r
+        ],\r
+        "users": [\r
+            {"username": "CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA"}\r
+        ]\r
+    },\r
+    {\r
+        "name": "basicauth",\r
+        "functions": [{\r
+            "name": "util",\r
+            "methods": [{"name": "GET"}]\r
+        }],\r
+        "users": [{\r
+            "user": "aai",\r
+            "pass": "OBF:deadbeef"\r
+        }]\r
+    }\r
+]}\r

diff --git a/kubernetes/aai/components/aai-babel/resources/config/auth/tomcat_keystore b/kubernetes/aai/components/aai-babel/resources/config/auth/tomcat_keystore
new file mode 100644 (file)
index 0000000..e1d24d9
Binary files /dev/null and b/kubernetes/aai/components/aai-babel/resources/config/auth/tomcat_keystore differ

diff --git a/kubernetes/aai/components/aai-babel/resources/config/babel-auth.properties b/kubernetes/aai/components/aai-babel/resources/config/babel-auth.properties
new file mode 100644 (file)
index 0000000..ef85c23
--- /dev/null
+++ b/kubernetes/aai/components/aai-babel/resources/config/babel-auth.properties
@@ -0,0 +1,16 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+auth.policy.file=/auth/auth_policy.json
+auth.authentication.disable=true

diff --git a/kubernetes/aai/components/aai-babel/resources/config/logback.xml b/kubernetes/aai/components/aai-babel/resources/config/logback.xml
new file mode 100644 (file)
index 0000000..878d8c0
--- /dev/null
+++ b/kubernetes/aai/components/aai-babel/resources/config/logback.xml
@@ -0,0 +1,194 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+-->
+<!DOCTYPE xml>
+<configuration scan="true" scanPeriod="30 seconds" debug="true">
+  <include resource="org/springframework/boot/logging/logback/base.xml" />
+
+  <property name="componentName" value="AAI-BAS" />
+  <property name="logDirectory" value="/var/log/onap/${componentName}" />
+
+  <!-- default EELF log file names -->
+  <property name="generalLogName" value="error" />
+  <property name="metricsLogName" value="metrics" />
+  <property name="auditLogName" value="audit" />
+  <property name="debugLogName" value="debug" />
+
+  <property name="errorLogPattern"
+           value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{RequestId}|%thread|%mdc{ServiceName}|%mdc{PartnerName}|%mdc{TargetEntity}|%mdc{TargetServiceName}|%.-5level|%logger|%mdc{ClassName}|%msg%n" />
+
+  <property name="auditLogPattern"
+           value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{BeginTimestamp}|%mdc{EndTimestamp}|%mdc{RequestId}|%mdc{ServiceInstanceId}|%thread|%mdc{ServerFQDN}|%mdc{ServiceName}|%mdc{PartnerName}|%mdc{StatusCode}|%mdc{ResponseCode}|%mdc{ResponseDescription}|%logger|%.-5level|||%mdc{ElapsedTime}|%mdc{RemoteHost}|%mdc{ClientAddress}|%mdc{ClassName}|||%msg%n" />
+
+  <property name="metricsLogPattern"
+           value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{BeginTimestamp}|%mdc{EndTimestamp}|%mdc{RequestId}|%mdc{ServiceInstanceId}|%thread|%mdc{ServerFQDN}|%mdc{ServiceName}|%mdc{PartnerName}|%mdc{TargetEntity}|%mdc{TargetServiceName}|%mdc{StatusCode}|%mdc{ResponseCode}|%mdc{ResponseDescription}|%logger|%.-5level|||%mdc{ElapsedTime}|%mdc{RemoteHost}|%mdc{ClientAddress}|%mdc{ClassName}|||%msg%n" />
+
+  <!-- ============================================================================ -->
+  <!-- EELF Appenders -->
+  <!-- ============================================================================ -->
+
+  <appender name="EELF"
+           class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <file>${logDirectory}/${generalLogName}.log</file>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.log.zip
+      </fileNamePattern>
+      <maxHistory>60</maxHistory>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${errorLogPattern}</pattern>
+    </encoder>
+  </appender>
+  <appender name="asyncEELF" class="ch.qos.logback.classic.AsyncAppender">
+    <!-- deny all events with a level below INFO, that is TRACE and DEBUG -->
+    <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+      <level>INFO</level>
+    </filter>
+    <queueSize>256</queueSize>
+    <appender-ref ref="EELF" />
+  </appender>
+
+  <!-- EELF Audit Appender. This appender is used to record audit engine related logging events. The audit logger and appender
+       are specializations of the EELF application root logger and appender. This can be used to segregate Policy engine events
+       from other components, or it can be eliminated to record these events as part of the application root log. -->
+
+  <appender name="EELFAudit"
+           class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <file>${logDirectory}/${auditLogName}.log</file>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.log.zip
+      </fileNamePattern>
+      <maxHistory>60</maxHistory>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${auditLogPattern}</pattern>
+    </encoder>
+  </appender>
+  <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">
+    <queueSize>256</queueSize>
+    <appender-ref ref="EELFAudit" />
+  </appender>
+
+  <appender name="EELFMetrics"
+           class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <file>${logDirectory}/${metricsLogName}.log</file>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.log.zip
+      </fileNamePattern>
+      <maxHistory>60</maxHistory>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${metricsLogPattern}</pattern>
+    </encoder>
+  </appender>
+
+  <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
+    <queueSize>256</queueSize>
+    <appender-ref ref="EELFMetrics" />
+  </appender>
+
+  <appender name="EELFDebug"
+           class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <file>
+      ${logDirectory}/${debugLogName}.log
+    </file>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.log.zip
+      </fileNamePattern>
+      <maxHistory>60</maxHistory>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${errorLogPattern}</pattern>
+    </encoder>
+  </appender>
+
+  <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
+    <!-- allow only events with a level below INFO, that is TRACE and DEBUG -->
+    <filter class="ch.qos.logback.core.filter.EvaluatorFilter">
+      <evaluator class="ch.qos.logback.classic.boolex.GEventEvaluator">
+       <expression>
+         e.level.toInt() &lt; INFO.toInt()
+       </expression>
+      </evaluator>
+      <OnMismatch>DENY</OnMismatch>
+      <OnMatch>NEUTRAL</OnMatch>
+    </filter>
+    <queueSize>256</queueSize>
+    <appender-ref ref="EELFDebug" />
+    <includeCallerData>false</includeCallerData>
+  </appender>
+
+  <!-- ============================================================================ -->
+  <!-- Default / root appenders -->
+  <!-- This determines the logging level for 3rd party code -->
+  <!-- ============================================================================ -->
+
+  <root level="INFO">
+    <appender-ref ref="asyncEELF" />
+  <appender-ref ref="asyncEELFDebug" />
+</root>
+
+  <!-- ============================================================================ -->
+  <!--  EELF loggers -->
+  <!-- ============================================================================ -->
+
+  <logger name="com.att.eelf" level="INFO" additivity="false">
+  <appender-ref ref="asyncEELF" />
+</logger>
+
+  <!-- The level of this logger determines the contents of the debug log -->
+  <logger name="com.att.eelf.debug" level="INFO" additivity="false">
+  <appender-ref ref="asyncEELFDebug" />
+</logger>
+
+  <logger name="com.att.eelf.audit" level="INFO" additivity="false">
+  <appender-ref ref="asyncEELFAudit" />
+</logger>
+
+  <logger name="com.att.eelf.metrics" level="INFO" additivity="false">
+  <appender-ref ref="asyncEELFMetrics" />
+</logger>
+
+  <!-- ============================================================================ -->
+  <!-- Non-EELF loggers -->
+  <!-- ============================================================================ -->
+
+  <!-- ATT packages including DMAAP message routing -->
+  <logger name="com.att" level="INFO" />
+
+  <!-- Spring related loggers -->
+  <logger name="org.springframework" level="WARN" />
+  <logger name="org.springframework.beans" level="WARN" />
+  <logger name="org.springframework.web" level="WARN" />
+
+  <!-- Other Loggers that may help troubleshoot -->
+  <logger name="org.apache" level="WARN" />
+  <logger name="org.apache.commons" level="WARN" />
+
+  <!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging. May aid in troubleshooting) -->
+  <logger name="org.apache.camel" level="WARN" />
+  <logger name="org.apache.cxf" level="WARN" />
+  <logger name="org.apache.camel.processor.interceptor" level="WARN" />
+  <logger name="org.apache.cxf.jaxrs.interceptor" level="WARN" />
+  <logger name="org.apache.cxf.service" level="WARN" />
+  <logger name="org.restlet" level="WARN" />
+  <logger name="org.apache.camel.component.restlet" level="WARN" />
+
+  <!-- logback internals logging -->
+  <logger name="ch.qos.logback.classic" level="WARN" />
+  <logger name="ch.qos.logback.core" level="WARN" />
+
+</configuration>

diff --git a/kubernetes/aai/components/aai-babel/resources/config/tosca-mappings.json b/kubernetes/aai/components/aai-babel/resources/config/tosca-mappings.json
new file mode 100644 (file)
index 0000000..fa3a9c9
--- /dev/null
+++ b/kubernetes/aai/components/aai-babel/resources/config/tosca-mappings.json
@@ -0,0 +1,193 @@
+{
+       "instanceGroupTypes": [
+               "org.openecomp.groups.NetworkCollection",
+               "org.openecomp.groups.VfcInstanceGroup",
+               "org.openecomp.groups.ResourceInstanceGroup"
+       ],
+       "widgetTypes": [
+               {
+                       "type": "SERVICE",
+                       "name": "service-instance",
+                       "deleteFlag": true,
+                       "modelVersionId": "46b92144-923a-4d20-b85a-3cbd847668a9",
+                       "modelInvariantId": "82194af1-3c2c-485a-8f44-420e22a9eaa4"
+               },
+               {
+                       "type": "VF",
+                       "name": "generic-vnf",
+                       "deleteFlag": true,
+                       "modelVersionId": "93a6166f-b3d5-4f06-b4ba-aed48d009ad9",
+                       "modelInvariantId": "acc6edd8-a8d4-4b93-afaa-0994068be14c"
+               },
+               {
+                       "type": "VFC",
+                       "name": "vnfc",
+                       "deleteFlag": true,
+                       "modelVersionId": "5761e0a7-c6df-4d8a-9ebd-b8f445054dec",
+                       "modelInvariantId": "96129eb9-f0de-4e05-8af2-73146473f766"
+               },
+               {
+                       "type": "VSERVER",
+                       "name": "vserver",
+                       "deleteFlag": true,
+                       "modelVersionId": "8ecb2c5d-7176-4317-a255-26274edfdd53",
+                       "modelInvariantId": "ff69d4e0-a8e8-4108-bdb0-dd63217e63c7"
+               },
+               {
+                       "type": "VOLUME",
+                       "name": "volume",
+                       "deleteFlag": true,
+                       "modelVersionId": "0fbe2e8f-4d91-4415-a772-88387049b38d",
+                       "modelInvariantId": "ddd739b4-2b25-46c4-affc-41a32af5cc42"
+               },
+               {
+                       "type": "FLAVOR",
+                       "name": "flavor",
+                       "deleteFlag": false,
+                       "modelVersionId": "36200fb5-f251-4f5d-a520-7c5ad5c2cd4b",
+                       "modelInvariantId": "bace8d1c-a261-4041-9e37-823117415d0f"
+               },
+               {
+                       "type": "TENANT",
+                       "name": "tenant",
+                       "deleteFlag": false,
+                       "modelVersionId": "abcc54bc-bb74-49dc-9043-7f7171707545",
+                       "modelInvariantId": "97c26c99-6870-44c1-8a07-1d900d3f4ce6"
+               },
+               {
+                       "type": "VOLUME_GROUP",
+                       "name": "volume-group",
+                       "deleteFlag": true,
+                       "modelVersionId": "99d44c90-1f61-4418-b9a6-56586bf38c79",
+                       "modelInvariantId": "fcec1b02-b2d0-4834-aef8-d71be04717dd"
+               },
+               {
+                       "type": "LINT",
+                       "name": "l-interface",
+                       "deleteFlag": true,
+                       "modelVersionId": "a32613fd-18b9-459e-aab8-fffb3912966a",
+                       "modelInvariantId": "cea0a982-8d55-4093-921e-418fbccf7060"
+               },
+               {
+                       "type": "L3_NET",
+                       "name": "l3-network",
+                       "deleteFlag": true,
+                       "modelVersionId": "9111f20f-e680-4001-b83f-19a2fc23bfc1",
+                       "modelInvariantId": "3d560d81-57d0-438b-a2a1-5334dba0651a"
+               },
+               {
+                       "type": "VFMODULE",
+                       "name": "vf-module",
+                       "deleteFlag": true,
+                       "modelVersionId": "c00563ae-812b-4e62-8330-7c4d0f47088a",
+                       "modelInvariantId": "ef86f9c5-2165-44f3-8fc3-96018b609ea5"
+               },
+               {
+                       "type": "IMAGE",
+                       "name": "image",
+                       "deleteFlag": false,
+                       "modelVersionId": "f6a038c2-820c-42ba-8c2b-375e24e8f932",
+                       "modelInvariantId": "3f4c7204-739b-4bbb-87a7-8a6856439c90"
+               },
+               {
+                       "type": "OAM_NETWORK",
+                       "name": "oam-network",
+                       "deleteFlag": true,
+                       "modelVersionId": "f4fb34f3-fd6e-4a8f-a3fb-4ab61a343b79",
+                       "modelInvariantId": "2851cf01-9c40-4064-87d4-6184a6fcff35"
+               },
+               {
+                       "type": "ALLOTTED_RESOURCE",
+                       "name": "allotted-resource",
+                       "deleteFlag": true,
+                       "modelVersionId": "7ad0915f-25c0-4a70-b9bc-185a75f87564",
+                       "modelInvariantId": "f6d6a23d-a1a9-48ff-8419-b6530da2d381"
+               },
+               {
+                       "type": "TUNNEL_XCONNECT",
+                       "name": "tunnel-xconnect",
+                       "deleteFlag": true,
+                       "modelVersionId": "e7cb4ca8-e1a5-4487-a716-4ae0bcd8aef5",
+                       "modelInvariantId": "50b9e2fa-005c-4bbe-b651-3251dece4cd8"
+               },
+               {
+                       "type": "CONFIGURATION",
+                       "name": "configuration",
+                       "deleteFlag": true,
+                       "modelVersionId": "5a175add-57e4-4a5d-8b02-c36f1d69c52b",
+                       "modelInvariantId": "166c050d-f69d-4305-943e-0bc58c3a26cf"
+               },
+               {
+                       "type": "CR",
+                       "name": "cr",
+                       "deleteFlag": true,
+                       "modelVersionId": "3f908abc-3a15-40d0-b674-2a639e52884d",
+                       "modelInvariantId": "8bac3599-9a1c-4b7f-80e5-c1838f744c23"
+               },
+               {
+                       "type": "INSTANCE_GROUP",
+                       "name": "instance-group",
+                       "deleteFlag": true,
+                       "modelVersionId": "8e6ee9dc-9017-444a-83b3-219edb018128",
+                       "modelInvariantId": "3bf1e610-45f7-4ad6-b833-ca4c5ee6a3fd"
+               },
+               {
+                       "type": "PNF",
+                       "name": "pnf",
+                       "deleteFlag": true,
+                       "modelVersionId": "e9f1fa7d-c839-418a-9601-03dc0d2ad687",
+                       "modelInvariantId": "862b25a1-262a-4961-bdaa-cdc55d69785a"
+               }
+       ],
+       "widgetMappings": [
+               {
+                       "prefix": "org.openecomp.resource.vfc",
+                       "type": "widget",
+                       "widget": "VSERVER",
+                       "deleteFlag": true
+               },
+               {
+                       "prefix": "org.openecomp.resource.cp",
+                       "type": "widget",
+                       "widget": "LINT",
+                       "deleteFlag": true
+               },
+               {
+                       "prefix": "org.openecomp.cp",
+                       "type": "widget",
+                       "widget": "LINT",
+                       "deleteFlag": true
+               },
+               {
+                       "prefix": "org.openecomp.resource.vl",
+                       "widget": "L3_NET",
+                       "deleteFlag": false
+               },
+               {
+                       "prefix": "org.openecomp.resource.vf",
+                       "widget": "VF",
+                       "deleteFlag": true
+               },
+               {
+                       "prefix": "org.openecomp.groups.vfmodule",
+                       "widget": "VFMODULE",
+                       "deleteFlag": true
+               },
+               {
+                       "prefix": "org.openecomp.groups.VfModule",
+                       "widget": "VFMODULE",
+                       "deleteFlag": true
+               },
+               {
+                       "prefix": "org.openecomp.resource.vfc.nodes.heat.cinder",
+                       "type": "widget",
+                       "widget": "VOLUME",
+                       "deleteFlag": true
+               },
+               {
+                       "prefix": "org.openecomp.resource.pnf",
+                       "widget": "PNF",
+                       "deleteFlag": true
+               }
+       ]
+}

diff --git a/kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/client-cert.p12 b/kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/client-cert.p12
new file mode 100644 (file)
index 0000000..dbf4fca
Binary files /dev/null and b/kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/client-cert.p12 differ

diff --git a/kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/tomcat_keystore b/kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/tomcat_keystore
new file mode 100644 (file)
index 0000000..9eec841
Binary files /dev/null and b/kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/tomcat_keystore differ

diff --git a/kubernetes/aai/components/aai-babel/resources/fproxy/config/fproxy.properties b/kubernetes/aai/components/aai-babel/resources/fproxy/config/fproxy.properties
new file mode 100644 (file)
index 0000000..f512fb7
--- /dev/null
+++ b/kubernetes/aai/components/aai-babel/resources/fproxy/config/fproxy.properties
@@ -0,0 +1,2 @@
+credential.cache.timeout.ms=180000
+transactionid.header.name=X-TransactionId
\ No newline at end of file

diff --git a/kubernetes/aai/components/aai-babel/resources/fproxy/config/logback-spring.xml b/kubernetes/aai/components/aai-babel/resources/fproxy/config/logback-spring.xml
new file mode 100644 (file)
index 0000000..0637cfb
--- /dev/null
+++ b/kubernetes/aai/components/aai-babel/resources/fproxy/config/logback-spring.xml
@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+
+    <property name="LOGS" value="./logs/AAF-FPS" />
+    <property name="FILEPREFIX" value="application" />
+
+    <appender name="Console"
+        class="ch.qos.logback.core.ConsoleAppender">
+        <layout class="ch.qos.logback.classic.PatternLayout">
+            <Pattern>
+                %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
+            </Pattern>
+        </layout>
+    </appender>
+
+    <appender name="RollingFile"
+        class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>${LOGS}/${FILEPREFIX}.log</file>
+        <encoder
+            class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
+            <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
+        </encoder>
+
+        <rollingPolicy
+            class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+            <!-- rollover daily and when the file reaches 10 MegaBytes -->
+            <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
+            </fileNamePattern>
+            <timeBasedFileNamingAndTriggeringPolicy
+                class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
+                <maxFileSize>10MB</maxFileSize>
+            </timeBasedFileNamingAndTriggeringPolicy>
+        </rollingPolicy>
+    </appender>
+
+    <!-- LOG everything at INFO level -->
+    <root level="info">
+        <appender-ref ref="RollingFile" />
+        <appender-ref ref="Console" />
+    </root>
+
+    <!-- LOG "com.baeldung*" at TRACE level -->
+    <logger name="org.onap.aaf.fproxy" level="info" />
+
+</configuration>
\ No newline at end of file

diff --git a/kubernetes/aai/components/aai-babel/resources/fproxy/config/readme.txt b/kubernetes/aai/components/aai-babel/resources/fproxy/config/readme.txt
new file mode 100644 (file)
index 0000000..79cf29e
--- /dev/null
+++ b/kubernetes/aai/components/aai-babel/resources/fproxy/config/readme.txt
@@ -0,0 +1 @@
+Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file

diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/client-cert.p12 b/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/client-cert.p12
new file mode 100644 (file)
index 0000000..dbf4fca
Binary files /dev/null and b/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/client-cert.p12 differ

diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/tomcat_keystore b/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/tomcat_keystore
new file mode 100644 (file)
index 0000000..99129c1
Binary files /dev/null and b/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/tomcat_keystore differ

diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/uri-authorization.json b/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/uri-authorization.json
new file mode 100644 (file)
index 0000000..acc9409
--- /dev/null
+++ b/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/uri-authorization.json
@@ -0,0 +1,93 @@
+[
+  {
+    "uri": "\/not\/allowed\/at\/all$",
+    "permissions": [
+      "test.auth.access.ifYouLikedItYouShouldHavePutAPermissionOnIt"
+     ]
+  },
+  {
+    "uri": "\/one\/auth\/required$",
+    "permissions": [
+      "test.auth.access.aSimpleSingleAuth"
+     ]
+  },
+  {
+    "uri": "\/multi\/auth\/required$",
+    "permissions": [
+      "test.auth.access.aMultipleAuth1",
+      "test.auth.access.aMultipleAuth2",
+      "test.auth.access.aMultipleAuth3"
+     ]
+  },
+  {
+    "uri": "\/one\/[^\/]+\/required$",
+    "permissions": [
+      "test.auth.access.aSimpleSingleAuth"
+     ]
+  },
+  {
+    "uri": "\/services\/getAAFRequest$",
+    "permissions": [
+      "test.auth.access|services|GET,PUT"
+     ]
+  },
+  {
+    "uri": "\/admin\/getAAFRequest$",
+    "permissions": [
+      "test.auth.access|admin|GET,PUT,POST"
+     ]
+  },
+  {
+    "uri": "\/service\/aai\/webapp\/index.html$",
+    "permissions": [
+      "test.auth.access|services|GET,PUT"
+     ]
+  },
+  {
+    "uri": "\/services\/aai\/webapp\/index.html$",
+    "permissions": [
+      "test.auth.access|services|GET,PUT"
+     ]
+  },
+  {
+    "uri": "\/$",
+    "permissions": [
+       "\\|services\\|GET",
+      "test\\.auth\\.access\\|services\\|GET,PUT"
+     ]
+  },
+  {
+    "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions$",
+    "permissions": [
+      "test\\.auth\\.access\\|rest\\|read"
+     ]
+  },
+  {
+    "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+$*",
+    "permissions": [
+      "test.auth.access|clouds|read",
+      "test.auth.access|tenants|read"
+    ]
+  },
+  {
+    "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+\/tenants/tenant/[^\/]+/vservers/vserver/[^\/]+$",
+    "permissions": [
+      "test.auth.access|clouds|read",
+      "test.auth.access|tenants|read",
+      "test.auth.access|vservers|read"
+    ]
+  },
+  {
+    "uri": "\/backend$",
+    "permissions": [
+      "test\\.auth\\.access\\|services\\|GET,PUT",
+      "\\|services\\|GET"
+     ]
+  },
+  {
+    "uri": "\/services\/babel-service\/.*",
+    "permissions": [
+      "org\\.access\\|\\*\\|\\*"
+     ]
+  }
+]

diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/cadi.properties b/kubernetes/aai/components/aai-babel/resources/rproxy/config/cadi.properties
new file mode 100644 (file)
index 0000000..a82e38c
--- /dev/null
+++ b/kubernetes/aai/components/aai-babel/resources/rproxy/config/cadi.properties
@@ -0,0 +1,25 @@
+# This is a normal Java Properties File
+# Comments are with Pound Signs at beginning of lines,
+# and multi-line expression of properties can be obtained by backslash at end of line
+
+#hostname is used for local testing where you may have to set your hostname to **.att.com or **.sbc.com. The example given below
+#will allow for an ATT cross domain cookie to be used for GLO. If you are running on Windows corp machine, your machine name 
+#may be used automatically by cadi. However, if it is not, you will need to use hostname=mywebserver.att.com and add mywebserver.att.com
+#to your hosts file on your machine.
+#hostname=test.aic.cip.att.com
+
+cadi_loglevel=DEBUG
+cadi_keyfile=/opt/app/rproxy/config/security/keyfile
+
+cadi_truststore=/opt/app/rproxy/config/auth/tomcat_keystore
+cadi_truststore_password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+
+# Configure AAF
+aaf_url=https://{{.Values.global.aaf.serverHostname}}:{{.Values.global.aaf.serverPort}}
+aaf_env=DEV
+
+aaf_id=demo@people.osaaf.org
+aaf_password=enc:92w4px0y_rrm265LXLpw58QnNPgDXykyA1YTrflbAKz
+
+# This is a colon separated list of client cert issuers
+cadi_x509_issuers=CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA

diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/forward-proxy.properties b/kubernetes/aai/components/aai-babel/resources/rproxy/config/forward-proxy.properties
new file mode 100644 (file)
index 0000000..1b58d42
--- /dev/null
+++ b/kubernetes/aai/components/aai-babel/resources/rproxy/config/forward-proxy.properties
@@ -0,0 +1,4 @@
+forward-proxy.protocol = https
+forward-proxy.host = localhost
+forward-proxy.port = 10680
+forward-proxy.cacheurl = /credential-cache
\ No newline at end of file

diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/logback-spring.xml b/kubernetes/aai/components/aai-babel/resources/rproxy/config/logback-spring.xml
new file mode 100644 (file)
index 0000000..2cd95d4
--- /dev/null
+++ b/kubernetes/aai/components/aai-babel/resources/rproxy/config/logback-spring.xml
@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+
+    <property name="LOGS" value="./logs/reverse-proxy" />
+    <property name="FILEPREFIX" value="application" />
+
+    <appender name="Console"
+        class="ch.qos.logback.core.ConsoleAppender">
+        <layout class="ch.qos.logback.classic.PatternLayout">
+            <Pattern>
+                %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
+            </Pattern>
+        </layout>
+    </appender>
+
+    <appender name="RollingFile"
+        class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>${LOGS}/${FILEPREFIX}.log</file>
+        <encoder
+            class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
+            <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
+        </encoder>
+
+        <rollingPolicy
+            class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+            <!-- rollover daily and when the file reaches 10 MegaBytes -->
+            <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
+            </fileNamePattern>
+            <timeBasedFileNamingAndTriggeringPolicy
+                class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
+                <maxFileSize>10MB</maxFileSize>
+            </timeBasedFileNamingAndTriggeringPolicy>
+        </rollingPolicy>
+    </appender>
+
+    <!-- LOG everything at INFO level -->
+    <root level="info">
+        <appender-ref ref="RollingFile" />
+        <appender-ref ref="Console" />
+    </root>
+
+    <!-- LOG "com.baeldung*" at TRACE level  -->
+    <logger name="org.onap.aaf.rproxy" level="info" />
+
+</configuration>

diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/primary-service.properties b/kubernetes/aai/components/aai-babel/resources/rproxy/config/primary-service.properties
new file mode 100644 (file)
index 0000000..7055bf5
--- /dev/null
+++ b/kubernetes/aai/components/aai-babel/resources/rproxy/config/primary-service.properties
@@ -0,0 +1,3 @@
+primary-service.protocol = https
+primary-service.host = localhost
+primary-service.port = 9516

diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/readme.txt b/kubernetes/aai/components/aai-babel/resources/rproxy/config/readme.txt
new file mode 100644 (file)
index 0000000..79cf29e
--- /dev/null
+++ b/kubernetes/aai/components/aai-babel/resources/rproxy/config/readme.txt
@@ -0,0 +1 @@
+Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file

diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/reverse-proxy.properties b/kubernetes/aai/components/aai-babel/resources/rproxy/config/reverse-proxy.properties
new file mode 100644 (file)
index 0000000..8d46e1f
--- /dev/null
+++ b/kubernetes/aai/components/aai-babel/resources/rproxy/config/reverse-proxy.properties
@@ -0,0 +1 @@
+transactionid.header.name=X-TransactionId
\ No newline at end of file

diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/security/keyfile b/kubernetes/aai/components/aai-babel/resources/rproxy/config/security/keyfile
new file mode 100644 (file)
index 0000000..6cd12fc
--- /dev/null
+++ b/kubernetes/aai/components/aai-babel/resources/rproxy/config/security/keyfile
@@ -0,0 +1,27 @@
+bZNOXiGDJ2_eiKBKWYLIFx27URvb-SWfmOl2d-QKetcVKIupOrsG-ScS_VXOtKN3Yxfb2cR6t7oM
+1RNpDnhsKAxDLM6A62IkS_h_Rp3Q9c2JeyomVmyiuHR7a2ARbelaMrX8WDrxXI_t9ce4pIHDVE29
+xiQm3Bdp7d7IiKkgg-ipvOU7Y6NEzeQbvHlHvRTJ3ZZMSwHxBOA5M8DhKN-AF1sqwozEVaNAuJxK
+BVdh72A6KTW7ieb_GvVQQp8h32BuOz8oJhZV7KaGXsWTEvXg9ImboY0h7Sl9hufgn1ZtDK1jxzGm
+6O6LBg1qezzZaFGTXRmHvaeYmEeYSu0bGsU4x-JCU0RyhNTzFhkhjNoccaqPXBdcJymLf096mD99
+QLS8nyji_KtLQJL1fqr500c8p6SOURLPgG6Gzkn4ghgFYlfgve92xs1R3ggHKhNTLV4HJ4O6iSDm
+zCoHeRbsZR1JER9yxT-v8NtcHOMAZe1oDQeY6jVyxb-bhaonN6eZPI4nyF6MHJQtWKhGARC_kOs6
+x9E0ZdAEp5TrX7F7J5PwkXzbCOuSiTVftOBum43iUB4q9He8tn2tJ0X4LtLHT3bPl16wWnZm9RPf
+8wBtTJh4QP_cTStPq1ftSaLIAuqVFpbiC2DxGemXZn3QvykuYqa-rKeYPoIJ5dtWd5rNb_hhcSIz
+FakKTELb0HWYGji98TBF6PaStea2f2m-wGX_uQGD7_Dijl6AgnV9koKVs1bN1XljLtNMPbLdD8sz
+UCvc5lwvCFyyeunljI7os1fgwBmaMyckflq5VfZv9kFxom6jFLbcozylQ_uBg4j7oCP79IXVUI-r
+banZltOSmm8zHGc2R9UlUyxJWBi01yxwi1hUtn9g1H4RtncQpu3BY0Qvu5YLAmS5imivUnGVZWbv
+6wcqnJt5HwaVatE9NHONSLNTViQPsUOutWZBZxhJtAncdZuWOYZSh4TPzUJWvt6zT0E3YMBc_UuG
+yPmdLyqo7qGHR8YWRqq_vq6ISJqENMnVD6X9-BeI6KM4GPEAlDWyhgENXxQFjG45ufg3UpP8LBTB
+xDntlfkphRumsd13-8IlvwVtlpgnbuCMbwP_-lNVeNJcdA1InPt79oY-SEVZ-RVM1881ZASCnFeB
+lh3BTc_bGQ8YoC9s6iHtcCK_1SdbwzBfQBJUqqcYsa8hJLe-j8di7KCaFzI3a-UXWKuuWljpbKbq
+ibd48UFJt_34_GxkD6bmLxycuNH-og2Sd2VcYU0o5UarcrY4-2sgFPE7Mzxovrl98uayfgNF9DqE
+fJ4MwFGqLRtEHlm4zfuMxQ5Rh_giMUHDJApc1DYRkxdGbNUd4bC4aRBln2IhN-rNKbSVtiW_uT6v
+1KTMGmElvktjPWybJd2SvhT5qOLUM81-cmZzAsNa04jxZLBlQn_1fel3IroVos4Ohbdhar2NG6T5
+liten9RZ9P4Cg9RWhgeQonAD5kqLWXAHnCfffb5CVcAU5PHqkCgCbdThvD0-zIGETLO9AE0jKISc
+0o67CUZn3MzJ9pP_3gh-ALr2w-KAwqasqCf0igf1wmEDijv9wEDcgDm39ERIElTpGKgfyuVl4F8u
+PrpK5ZfpUYySUB6CZFQVVz0MvH6E7orQk4dCKFIimV_XwEtGijBttrTvyV6xYNScAEw_olt-0mdm
+8UEKSsuqSyDMxUWLjKJT19rNedahYJNtI87WR9Fhhjsrai9Or3a-srOYa56wcvSj2ZHbkevbO9Xv
+dQ2wzWCGEAMQSpSr83n0XEpR2pZT19Z19Svbhr08mnt2JNykCk60FLCeDTUOylJtYw6YOjqBizQZ
+-85B51BCbSEaAKJkgT9-8n_-LGW5aPBrBB_9FT7UIYczNEt3B1Lqr2s4ipPI_36JecEfqaS2cNLn
+c0ObAtNGAONkhO5LYLneMR3fZPMFuOX1-rMObPgE0i9dYqWDZ_30w9rpRsmiWyxYi5lvWDxU5L1J
+uJxwREz3oa_VgpSC3Y2oxCufdQwzBk57iVLDOb1qs_Hwj1SWd1nukWyAo2-g5sR1folAEcao
\ No newline at end of file

diff --git a/kubernetes/aai/components/aai-babel/templates/configmap.yaml b/kubernetes/aai/components/aai-babel/templates/configmap.yaml
new file mode 100644 (file)
index 0000000..07e684d
--- /dev/null
+++ b/kubernetes/aai/components/aai-babel/templates/configmap.yaml
@@ -0,0 +1,70 @@
+# Copyright © 2018 Amdocs, AT&T
+# Modifications Copyright © 2018 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-configmap
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+
+{{ if .Values.global.installSidecarSecurity }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-fproxy-config
+  namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/fproxy/config/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-fproxy-log-config
+  namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/fproxy/config/logback-spring.xml").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-rproxy-config
+  namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-rproxy-log-config
+  namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/logback-spring.xml").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
+  namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/auth/uri-authorization.json").AsConfig . | indent 2 }}
+{{ end }}
\ No newline at end of file

diff --git a/kubernetes/aai/components/aai-babel/templates/deployment.yaml b/kubernetes/aai/components/aai-babel/templates/deployment.yaml
new file mode 100644 (file)
index 0000000..70ed7bf
--- /dev/null
+++ b/kubernetes/aai/components/aai-babel/templates/deployment.yaml
@@ -0,0 +1,254 @@
+# Copyright © 2018 Amdocs, AT&T
+# Modifications Copyright © 2018 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "common.fullname" . }}
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+spec:
+  selector:
+    matchLabels:
+      app: {{ include "common.name" . }}
+  replicas: {{ .Values.replicaCount }}
+  template:
+    metadata:
+      labels:
+        app: {{ include "common.name" . }}
+        release: {{ include "common.release" . }}
+    spec:
+    {{ if .Values.global.installSidecarSecurity }}
+      hostAliases:
+      - ip: {{ .Values.global.aaf.serverIp }}
+        hostnames:
+        - {{ .Values.global.aaf.serverHostname }}
+
+      initContainers:
+        - name: {{ .Values.global.tproxyConfig.name }}
+          image: "{{ include "common.repository" . }}/{{ .Values.global.tproxyConfig.image }}"
+          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          securityContext:
+            privileged: true
+    {{ end }}
+      containers:
+        - name: {{ include "common.name" . }}
+          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          ports:
+          - containerPort: {{ .Values.service.internalPort }}
+          # disable liveness probe when breakpoints set in debugger
+          # so K8s doesn't restart unresponsive container
+          {{ if .Values.liveness.enabled }}
+          livenessProbe:
+            tcpSocket:
+              port: {{ .Values.service.internalPort }}
+            initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+            periodSeconds: {{ .Values.liveness.periodSeconds }}
+          {{ end }}
+          readinessProbe:
+            tcpSocket:
+              port: {{ .Values.service.internalPort }}
+            initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+            periodSeconds: {{ .Values.readiness.periodSeconds }}
+          env:
+            - name: CONFIG_HOME
+              value: /opt/app/babel/config
+            - name: KEY_STORE_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ template "common.fullname" . }}-pass
+                  key: KEY_STORE_PASSWORD
+            - name: KEY_MANAGER_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ template "common.fullname" . }}-pass
+                  key: KEY_MANAGER_PASSWORD
+          volumeMounts:
+          - mountPath: /etc/localtime
+            name: localtime
+            readOnly: true
+          - mountPath: /opt/app/babel/config/artifact-generator.properties
+            name: {{ include "common.fullname" . }}-config
+            subPath: artifact-generator.properties
+          - mountPath: /opt/app/babel/config/tosca-mappings.json
+            name: {{ include "common.fullname" . }}-config
+            subPath: tosca-mappings.json
+          - mountPath: /opt/app/babel/config/babel-auth.properties
+            name: {{ include "common.fullname" . }}-config
+            subPath: babel-auth.properties
+          - mountPath: /opt/app/babel/config/auth
+            name: {{ include "common.fullname" . }}-secrets
+          - mountPath: /var/log/onap
+            name: {{ include "common.fullname" . }}-logs
+          - mountPath: /opt/app/babel/config/logback.xml
+            name: {{ include "common.fullname" . }}-config
+            subPath: logback.xml
+          resources:
+{{ include "common.resources" . }}
+      {{- if .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+      {{- end -}}
+      {{- if .Values.affinity }}
+      affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+      {{- end }}
+
+        # side car containers
+        - name: filebeat-onap
+          image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          volumeMounts:
+          - mountPath: /usr/share/filebeat/filebeat.yml
+            subPath: filebeat.yml
+            name: filebeat-conf
+          - mountPath: /var/log/onap
+            name: {{ include "common.fullname" . }}-logs
+          - mountPath: /usr/share/filebeat/data
+            name: aai-filebeat
+
+    {{ if .Values.global.installSidecarSecurity }}
+        - name: {{ .Values.global.rproxy.name }}
+          image: "{{ include "common.repository" . }}/{{ .Values.global.rproxy.image }}"
+          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          env:
+          - name: CONFIG_HOME
+            value: "/opt/app/rproxy/config"
+          - name: KEY_STORE_PASSWORD
+            value: {{ .Values.config.keyStorePassword }}
+          - name: spring_profiles_active
+            value: {{ .Values.global.rproxy.activeSpringProfiles }}
+          volumeMounts:
+          - name: {{ include "common.fullname" . }}-rproxy-config
+            mountPath: /opt/app/rproxy/config/forward-proxy.properties
+            subPath: forward-proxy.properties
+          - name: {{ include "common.fullname" . }}-rproxy-config
+            mountPath: /opt/app/rproxy/config/primary-service.properties
+            subPath: primary-service.properties
+          - name: {{ include "common.fullname" . }}-rproxy-config
+            mountPath: /opt/app/rproxy/config/reverse-proxy.properties
+            subPath: reverse-proxy.properties
+          - name: {{ include "common.fullname" . }}-rproxy-config
+            mountPath: /opt/app/rproxy/config/cadi.properties
+            subPath: cadi.properties
+          - name: {{ include "common.fullname" . }}-rproxy-log-config
+            mountPath: /opt/app/rproxy/config/logback-spring.xml
+            subPath: logback-spring.xml
+          - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
+            mountPath: /opt/app/rproxy/config/auth/uri-authorization.json
+            subPath: uri-authorization.json
+          - name: {{ include "common.fullname" . }}-rproxy-auth-config
+            mountPath: /opt/app/rproxy/config/auth/tomcat_keystore
+            subPath: tomcat_keystore
+          - name: {{ include "common.fullname" . }}-rproxy-auth-config
+            mountPath: /opt/app/rproxy/config/auth/client-cert.p12
+            subPath: client-cert.p12
+          - name: {{ include "common.fullname" . }}-rproxy-auth-config
+            mountPath: /opt/app/rproxy/config/auth/aaf_truststore.jks
+            subPath: aaf_truststore.jks
+          - name: {{ include "common.fullname" . }}-rproxy-security-config
+            mountPath: /opt/app/rproxy/config/security/keyfile
+            subPath: keyfile
+
+          ports:
+          - containerPort: {{ .Values.global.rproxy.port }}
+
+        - name: {{ .Values.global.fproxy.name }}
+          image: "{{ include "common.repository" . }}/{{ .Values.global.fproxy.image }}"
+          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          env:
+          - name: CONFIG_HOME
+            value: "/opt/app/fproxy/config"
+          - name: KEY_STORE_PASSWORD
+            value: {{ .Values.config.keyStorePassword }}
+          - name: spring_profiles_active
+            value: {{ .Values.global.fproxy.activeSpringProfiles }}
+          volumeMounts:
+          - name: {{ include "common.fullname" . }}-fproxy-config
+            mountPath: /opt/app/fproxy/config/fproxy.properties
+            subPath: fproxy.properties
+          - name: {{ include "common.fullname" . }}-fproxy-log-config
+            mountPath: /opt/app/fproxy/config/logback-spring.xml
+            subPath: logback-spring.xml
+          - name: {{ include "common.fullname" . }}-fproxy-auth-config
+            mountPath: /opt/app/fproxy/config/auth/tomcat_keystore
+            subPath: tomcat_keystore
+          - name: {{ include "common.fullname" . }}-fproxy-auth-config
+            mountPath: /opt/app/fproxy/config/auth/client-cert.p12
+            subPath: client-cert.p12
+          ports:
+          - containerPort: {{ .Values.global.fproxy.port }}
+    {{ end }}
+
+      volumes:
+        - name: localtime
+          hostPath:
+            path: /etc/localtime
+        - name: {{ include "common.fullname" . }}-config
+          configMap:
+            name: {{ include "common.fullname" . }}-configmap
+            items:
+            - key: artifact-generator.properties
+              path: artifact-generator.properties
+            - key: tosca-mappings.json
+              path: tosca-mappings.json
+            - key: babel-auth.properties
+              path: babel-auth.properties
+            - key: logback.xml
+              path: logback.xml
+        - name: {{ include "common.fullname" . }}-secrets
+          secret:
+            secretName: {{ include "common.fullname" . }}-babel-secrets
+        - name: filebeat-conf
+          configMap:
+            name: aai-filebeat
+        - name: {{ include "common.fullname" . }}-logs
+          emptyDir: {}
+        - name: aai-filebeat
+          emptyDir: {}
+    {{ if .Values.global.installSidecarSecurity }}
+        - name: {{ include "common.fullname" . }}-rproxy-config
+          configMap:
+            name: {{ include "common.fullname" . }}-rproxy-config
+        - name: {{ include "common.fullname" . }}-rproxy-log-config
+          configMap:
+            name: {{ include "common.fullname" . }}-rproxy-log-config
+        - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
+          configMap:
+            name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
+        - name: {{ include "common.fullname" . }}-rproxy-auth-config
+          secret:
+            secretName: {{ include "common.fullname" . }}-rproxy-auth-config
+        - name: {{ include "common.fullname" . }}-rproxy-security-config
+          secret:
+            secretName: {{ include "common.fullname" . }}-rproxy-security-config
+        - name: {{ include "common.fullname" . }}-fproxy-config
+          configMap:
+            name: {{ include "common.fullname" . }}-fproxy-config
+        - name: {{ include "common.fullname" . }}-fproxy-log-config
+          configMap:
+            name: {{ include "common.fullname" . }}-fproxy-log-config
+        - name: {{ include "common.fullname" . }}-fproxy-auth-config
+          secret:
+            secretName: {{ include "common.fullname" . }}-fproxy-auth-config
+    {{ end }}
+
+      imagePullSecrets:
+      - name: "{{ include "common.namespace" . }}-docker-registry-key"

diff --git a/kubernetes/aai/components/aai-babel/templates/ingress.yaml b/kubernetes/aai/components/aai-babel/templates/ingress.yaml
new file mode 100644 (file)
index 0000000..8f87c68
--- /dev/null
+++ b/kubernetes/aai/components/aai-babel/templates/ingress.yaml
@@ -0,0 +1 @@
+{{ include "common.ingress" . }}

diff --git a/kubernetes/aai/components/aai-babel/templates/secrets.yaml b/kubernetes/aai/components/aai-babel/templates/secrets.yaml
new file mode 100644 (file)
index 0000000..adc2220
--- /dev/null
+++ b/kubernetes/aai/components/aai-babel/templates/secrets.yaml
@@ -0,0 +1,88 @@
+# Copyright © 2018 Amdocs, AT&T
+# Modifications Copyright © 2018 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "common.fullname" . }}-babel-secrets
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/config/auth/*").AsSecrets . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "common.fullname" . }}-pass
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+type: Opaque
+data:
+  KEY_STORE_PASSWORD: {{ .Values.config.keyStorePassword | b64enc | quote }}
+  KEY_MANAGER_PASSWORD: {{ .Values.config.keyManagerPassword | b64enc | quote }}
+
+{{ if .Values.global.installSidecarSecurity }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "common.fullname" . }}-fproxy-auth-config
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/fproxy/config/auth/*").AsSecrets . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "common.fullname" . }}-rproxy-auth-config
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/auth/*").AsSecrets . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "common.fullname" . }}-rproxy-security-config
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/security/*").AsSecrets . | indent 2 }}
+{{ end }}
\ No newline at end of file

diff --git a/kubernetes/aai/components/aai-babel/templates/service.yaml b/kubernetes/aai/components/aai-babel/templates/service.yaml
new file mode 100644 (file)
index 0000000..69892ac
--- /dev/null
+++ b/kubernetes/aai/components/aai-babel/templates/service.yaml
@@ -0,0 +1,52 @@
+# Copyright © 2018 Amdocs, AT&T
+# Modifications Copyright © 2018 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "common.servicename" . }}
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+  {{ if .Values.global.installSidecarSecurity }}
+      {{if eq .Values.service.type "NodePort" -}}
+      - port: {{ .Values.global.rproxy.port }}
+        nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+        name: {{ .Values.service.portName }}
+      {{- else -}}
+      - port: {{ .Values.service.externalPort }}
+        targetPort: {{ .Values.global.rproxy.port }}
+        name: {{ .Values.service.portName }}
+      {{- end}}
+  {{ else }}
+      {{if eq .Values.service.type "NodePort" -}}
+      - port: {{ .Values.service.internalPort }}
+        nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+        name: {{ .Values.service.portName }}
+      {{- else -}}
+      - port: {{ .Values.service.externalPort }}
+        targetPort: {{ .Values.service.internalPort }}
+        name: {{ .Values.service.portName }}
+      {{- end}}
+  {{ end }}
+  selector:
+    app: {{ include "common.name" . }}
+    release: {{ include "common.release" . }}

diff --git a/kubernetes/aai/components/aai-babel/values.yaml b/kubernetes/aai/components/aai-babel/values.yaml
new file mode 100644 (file)
index 0000000..24b22b5
--- /dev/null
+++ b/kubernetes/aai/components/aai-babel/values.yaml
@@ -0,0 +1,87 @@
+# Copyright © 2018 Amdocs, AT&T
+# Modifications Copyright © 2018 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+  loggingImage: beats/filebeat:5.5.0
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+
+# application image
+image: onap/babel:1.7.1
+
+flavor: small
+flavorOverride: small
+
+# application configuration
+config:
+  keyStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+  keyManagerPassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+  initialDelaySeconds: 10
+  periodSeconds: 10
+  # necessary to disable liveness probe when setting breakpoints
+  # in debugger so K8s doesn't restart unresponsive container
+  enabled: false
+
+readiness:
+  initialDelaySeconds: 10
+  periodSeconds: 10
+
+service:
+  type: NodePort
+  portName: babel
+  externalPort: 9516
+  internalPort: 9516
+  nodePort: 79
+
+ingress:
+  enabled: false
+  service:
+    - baseaddr: "aaibabel"
+      name: "aai-babel"
+      port: 9516
+  config:
+    ssl: "redirect"
+
+resources:
+  small:
+    limits:
+      cpu: 2
+      memory: 4Gi
+    requests:
+      cpu: 0.5
+      memory: 1Gi
+  large:
+    limits:
+      cpu: 4
+      memory: 8Gi
+    requests:
+      cpu: 2
+      memory: 2Gi
+  unlimited: {}

diff --git a/kubernetes/aai/components/aai-data-router/.helmignore b/kubernetes/aai/components/aai-data-router/.helmignore
new file mode 100644 (file)
index 0000000..daebc7d
--- /dev/null
+++ b/kubernetes/aai/components/aai-data-router/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.\r
+# This supports shell glob matching, relative path matching, and\r
+# negation (prefixed with !). Only one pattern per line.\r
+.DS_Store\r
+# Common VCS dirs\r
+.git/\r
+.gitignore\r
+.bzr/\r
+.bzrignore\r
+.hg/\r
+.hgignore\r
+.svn/\r
+# Common backup files\r
+*.swp\r
+*.bak\r
+*.tmp\r
+*~\r
+# Various IDEs\r
+.project\r
+.idea/\r
+*.tmproj\r

diff --git a/kubernetes/aai/components/aai-data-router/Chart.yaml b/kubernetes/aai/components/aai-data-router/Chart.yaml
new file mode 100644 (file)
index 0000000..70f75f6
--- /dev/null
+++ b/kubernetes/aai/components/aai-data-router/Chart.yaml
@@ -0,0 +1,18 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP AAI Data-Router
+name: aai-data-router
+version: 7.0.0

diff --git a/kubernetes/aai/components/aai-data-router/resources/config/auth/client-cert-onap.p12 b/kubernetes/aai/components/aai-data-router/resources/config/auth/client-cert-onap.p12
new file mode 100644 (file)
index 0000000..dbf4fca
Binary files /dev/null and b/kubernetes/aai/components/aai-data-router/resources/config/auth/client-cert-onap.p12 differ

diff --git a/kubernetes/aai/components/aai-data-router/resources/config/auth/data-router_policy.json b/kubernetes/aai/components/aai-data-router/resources/config/auth/data-router_policy.json
new file mode 100644 (file)
index 0000000..c03870e
--- /dev/null
+++ b/kubernetes/aai/components/aai-data-router/resources/config/auth/data-router_policy.json
@@ -0,0 +1,18 @@
+{\r
+       "roles": [\r
+               {\r
+                       "name": "admin",\r
+                       "functions": [\r
+                               {\r
+                                       "name": "search", "methods": [ { "name": "GET" },{ "name": "DELETE" }, { "name": "PUT" }, { "name": "POST" } ]\r
+                               }\r
+                       ],\r
+\r
+                       "users": [\r
+                               {\r
+                                       "username": "CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA"\r
+                               }\r
+                       ]\r
+               }\r
+       ]\r
+}\r

diff --git a/kubernetes/aai/components/aai-data-router/resources/config/auth/tomcat_keystore b/kubernetes/aai/components/aai-data-router/resources/config/auth/tomcat_keystore
new file mode 100644 (file)
index 0000000..7a77386
Binary files /dev/null and b/kubernetes/aai/components/aai-data-router/resources/config/auth/tomcat_keystore differ

diff --git a/kubernetes/aai/components/aai-data-router/resources/config/data-router.properties b/kubernetes/aai/components/aai-data-router/resources/config/data-router.properties
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/kubernetes/aai/components/aai-data-router/resources/config/log/logback.xml b/kubernetes/aai/components/aai-data-router/resources/config/log/logback.xml
new file mode 100644 (file)
index 0000000..d7ff014
--- /dev/null
+++ b/kubernetes/aai/components/aai-data-router/resources/config/log/logback.xml
@@ -0,0 +1,193 @@
+<!--
+    ============LICENSE_START=======================================================
+    org.onap.aai
+    ================================================================================
+    Copyright © 2018 AT&T Intellectual Property. All rights reserved.
+    Copyright © 2018 Amdocs
+    ================================================================================
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+
+          http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+    ============LICENSE_END=========================================================
+-->
+<configuration scan="true" scanPeriod="3 seconds" debug="false">
+  <!--<jmxConfigurator /> -->
+  <!-- directory path for all other type logs -->
+
+  <property name="logDir"  value="/var/log/onap" />
+
+  <!--  specify the component name -->
+  <property name="componentName" value="AAI-DR" />
+
+  <!--  default eelf log file names -->
+  <property name="generalLogName" value="error" />
+  <property name="metricsLogName" value="metrics" />
+  <property name="auditLogName" value="audit" />
+  <property name="debugLogName" value="debug" />
+
+  <property name="errorLogPattern" value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{RequestId}|%thread|data-router|%mdc{PartnerName}|%logger||%.-5level|%msg%n" />
+  <property name="auditMetricPattern" value="%m%n" />
+
+  <property name="logDirectory" value="${logDir}/${componentName}" />
+
+  <!-- Example evaluator filter applied against console appender -->
+  <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+    <encoder>
+      <pattern>${errorLogPattern}</pattern>
+    </encoder>
+  </appender>
+
+  <!-- ============================================================================ -->
+  <!-- EELF Appenders -->
+  <!-- ============================================================================ -->
+
+  <!-- The EELFAppender is used to record events to the general application
+       log -->
+
+  <appender name="EELF"
+            class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <file>${logDirectory}/${generalLogName}.log</file>
+    <rollingPolicy
+        class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.log.zip
+      </fileNamePattern>
+      <maxHistory>60</maxHistory>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${errorLogPattern}</pattern>
+    </encoder>
+  </appender>
+  <appender name="asyncEELF" class="ch.qos.logback.classic.AsyncAppender">
+    <!-- deny all events with a level below INFO, that is TRACE and DEBUG -->
+    <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+      <level>INFO</level>
+    </filter>
+    <queueSize>256</queueSize>
+    <appender-ref ref="EELF" />
+  </appender>
+
+  <!-- EELF Audit Appender. This appender is used to record audit engine
+       related logging events. The audit logger and appender are specializations
+       of the EELF application root logger and appender. This can be used to segregate
+       Policy engine events from other components, or it can be eliminated to record
+       these events as part of the application root log. -->
+
+  <appender name="EELFAudit"
+            class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <file>${logDirectory}/${auditLogName}.log</file>
+    <rollingPolicy
+        class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.log.zip
+      </fileNamePattern>
+      <maxHistory>60</maxHistory>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${auditMetricPattern}</pattern>
+    </encoder>
+  </appender>
+  <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">
+    <queueSize>256</queueSize>
+    <appender-ref ref="EELFAudit" />
+  </appender>
+
+  <appender name="EELFMetrics"
+            class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <file>${logDirectory}/${metricsLogName}.log</file>
+    <rollingPolicy
+        class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.log.zip
+      </fileNamePattern>
+      <maxHistory>60</maxHistory>
+    </rollingPolicy>
+    <encoder>
+      <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} -
+           %msg%n"</pattern> -->
+      <pattern>${auditMetricPattern}</pattern>
+    </encoder>
+  </appender>
+
+  <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
+    <queueSize>256</queueSize>
+    <appender-ref ref="EELFMetrics"/>
+  </appender>
+
+  <appender name="EELFDebug"
+            class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <file>${logDirectory}/${debugLogName}.log</file>
+    <rollingPolicy
+        class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.log.zip
+      </fileNamePattern>
+      <maxHistory>60</maxHistory>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${errorLogPattern}</pattern>
+    </encoder>
+  </appender>
+
+  <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
+    <queueSize>256</queueSize>
+    <appender-ref ref="EELFDebug" />
+    <includeCallerData>false</includeCallerData>
+  </appender>
+
+  <!-- ============================================================================ -->
+  <!--  EELF loggers -->
+  <!-- ============================================================================ -->
+  <logger name="com.att.eelf" level="info" additivity="false">
+    <appender-ref ref="asyncEELF" />
+    <appender-ref ref="asyncEELFDebug" />
+  </logger>
+
+  <logger name="com.att.eelf.audit" level="info" additivity="false">
+    <appender-ref ref="asyncEELFAudit" />
+  </logger>
+  <logger name="com.att.eelf.metrics" level="info" additivity="false">
+    <appender-ref ref="asyncEELFMetrics" />
+  </logger>
+
+  <!-- Spring related loggers -->
+  <logger name="org.springframework" level="WARN" />
+  <logger name="org.springframework.beans" level="WARN" />
+  <logger name="org.springframework.web" level="WARN" />
+  <logger name="com.blog.spring.jms" level="WARN" />
+
+  <!-- Data Router service loggers -->
+  <logger name="org.onap.aai.data-router" level="INFO" />
+
+  <!-- Other Loggers that may help troubleshoot -->
+  <logger name="net.sf" level="WARN" />
+  <logger name="org.apache" level="WARN" />
+  <logger name="org.apache.commons.httpclient" level="WARN" />
+  <logger name="org.apache.commons" level="WARN" />
+  <logger name="org.apache.coyote" level="WARN" />
+  <logger name="org.apache.jasper" level="WARN" />
+
+  <!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging.
+       May aid in troubleshooting) -->
+  <logger name="org.apache.camel" level="WARN" />
+  <logger name="org.apache.cxf" level="WARN" />
+  <logger name="org.apache.camel.processor.interceptor" level="WARN" />
+  <logger name="org.apache.cxf.jaxrs.interceptor" level="WARN" />
+  <logger name="org.apache.cxf.service" level="WARN" />
+  <logger name="org.restlet" level="WARN" />
+  <logger name="org.apache.camel.component.restlet" level="WARN" />
+
+  <!-- logback internals logging -->
+  <logger name="ch.qos.logback.classic" level="WARN" />
+  <logger name="ch.qos.logback.core" level="WARN" />
+
+  <root>
+    <appender-ref ref="asyncEELF" />
+    <!-- <appender-ref ref="asyncEELFDebug" /> -->
+  </root>
+
+</configuration>

diff --git a/kubernetes/aai/components/aai-data-router/resources/config/schemaIngest.properties b/kubernetes/aai/components/aai-data-router/resources/config/schemaIngest.properties
new file mode 100644 (file)
index 0000000..b94ce51
--- /dev/null
+++ b/kubernetes/aai/components/aai-data-router/resources/config/schemaIngest.properties
@@ -0,0 +1,65 @@
+#
+# ============LICENSE_START=======================================================
+# org.onap.aai
+# ================================================================================
+# Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved.
+# Copyright © 2017-2018 Amdocs
+# Modifications Copyright © 2018 Bell Canada
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+#
+
+
+# Properties for the SchemaLocationsBean
+# Files named aai_oxm_v*.xml are unpacked here:
+nodeDir=/opt/app/data-router/onap/oxm
+# Dummy folder/directory:
+edgeDir=
+
+# Properties required by the aai-common - aai-schema-ingest lib as of 1.3.0
+schema.configuration.location=N/A
+schema.nodes.location=/opt/app/data-router/onap/oxm/
+schema.edges.location=
+# These versions need to exist if they are included in the list
+schema.version.list={{ .Values.config.schemaVersionList }}
+# Decalares the oxm version to load
+schema.version.api.default={{ .Values.config.schemaApiDefault }}
+
+# Don't use these properties in our application, need to be set to prevent an exception on startup (see SchemaVersions bean)
+schema.version.depth.start={{.Values.global.config.schema.version.depth}}
+schema.version.related.link.start={{.Values.global.config.schema.version.related.link}}
+schema.version.app.root.start={{.Values.global.config.schema.version.app.root}}
+schema.version.namespace.change.start={{.Values.global.config.schema.version.namespace.change}}
+schema.version.edge.label.start={{.Values.global.config.schema.version.edge.label}}
+
+#This property is used to enable or disable schema service, possible values are: schema-service  or config
+schema.translator.list={{.Values.config.schemaTranslatorList}}
+
+#These properties are needed when schema service is  enabled
+schema.service.base.url=https://aai-schema-service:8452/aai/schema-service/v1/
+schema.service.nodes.endpoint=nodes?version=
+schema.service.edges.endpoint=edgerules?version=
+schema.service.versions.endpoint=versions
+schema.local=true
+schema.filename=mockrequests
+#Default rest client is the two-way-ssl
+#schema.service.client=two-way-ssl
+#Replace the below with the A&AI client key store
+schema.service.ssl.key-store=${CONFIG_HOME}/auth/{{.Values.global.config.keystore.filename}}
+#Replace the below with the A&AI tomcat trust store
+schema.service.ssl.trust-store=${CONFIG_HOME}/auth/{{.Values.global.config.truststore.filename}}
+schema.service.ssl.key-store-password={{.Values.global.config.keystore.passwd}}
+schema.service.ssl.trust-store-password={{.Values.global.config.truststore.passwd}}
+
+spring.application.name=datarouter

diff --git a/kubernetes/aai/components/aai-data-router/resources/dynamic/conf/data-router-oxm.xml b/kubernetes/aai/components/aai-data-router/resources/dynamic/conf/data-router-oxm.xml
new file mode 100644 (file)
index 0000000..2e3361d
--- /dev/null
+++ b/kubernetes/aai/components/aai-data-router/resources/dynamic/conf/data-router-oxm.xml
@@ -0,0 +1,17 @@
+<beans xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+        xmlns="http://www.springframework.org/schema/beans" xmlns:context="http://www.springframework.org/schema/context"
+        xmlns:task="http://www.springframework.org/schema/task"
+        xsi:schemaLocation="http://www.springframework.org/schema/beans https://www.springframework.org/schema/beans/spring-beans.xsd
+                http://www.springframework.org/schema/context https://www.springframework.org/schema/context/spring-context.xsd
+                http://www.springframework.org/schema/task https://www.springframework.org/schema/task/spring-task.xsd">
+
+  <context:property-placeholder
+        location="file:${CONFIG_HOME}/schemaIngest.properties"
+        ignore-unresolvable="true" />
+
+        <bean id="nodeIngestor" class="org.onap.aai.nodes.NodeIngestor" autowire="byName"/>
+                <bean id="oxmModelLoader" class="org.onap.aai.schema.OxmModelLoader" >
+                      <constructor-arg ref="nodeIngestor"/>
+                </bean>
+
+</beans>

diff --git a/kubernetes/aai/components/aai-data-router/resources/dynamic/conf/entity-event-policy.xml b/kubernetes/aai/components/aai-data-router/resources/dynamic/conf/entity-event-policy.xml
new file mode 100644 (file)
index 0000000..b5e4129
--- /dev/null
+++ b/kubernetes/aai/components/aai-data-router/resources/dynamic/conf/entity-event-policy.xml
@@ -0,0 +1,56 @@
+<!--
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+-->
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xsi:schemaLocation="
+              http://www.springframework.org/schema/beans
+              http://www.springframework.org/schema/beans/spring-beans.xsd">
+
+  <bean id="eepConfig" class="org.onap.aai.datarouter.policy.EntityEventPolicyConfig" >
+    <property name="sourceDomain" value="dev" />
+    <property name="searchBaseUrl" value="https://{{.Values.global.searchData.serviceName}}.{{.Release.Namespace}}:9509" />
+    <property name="searchEndpoint" value="services/search-data-service/v1/search/indexes/" />
+    <property name="searchEndpointDocuments" value = "documents" />
+    <property name="searchEntitySearchIndex" value="entity-search-index" />
+    <property name="searchTopographySearchIndex" value="topography-search-index" />
+    <property name="searchEntityAutoSuggestIndex" value="entityautosuggestindex" />
+    <property name="searchAggregationVnfIndex" value="aggregate_generic-vnf_index" />
+    <property name="searchCertName" value="client-cert-onap.p12" />
+    <property name="searchKeystorePwd" value="OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10" />
+    <property name="searchKeystore" value="tomcat_keystore" />
+    <property name="schemaVersions" ref="schemaVersions" />
+    <property name="schemaLocationsBean" ref="schemaLocationsBean" />
+  </bean>
+  
+  <bean id="consumerBeanEntityEvent" class="org.onap.aai.event.client.DMaaPEventConsumer" >
+    <constructor-arg name="host" value="message-router.{{.Release.Namespace}}:{{.Values.event.port.dmaap}}" />
+    <constructor-arg name="topic" value="{{.Values.event.consumer.topic}}" />
+    <constructor-arg name="username" value="" />
+    <constructor-arg name="password" value="" />
+    <constructor-arg name="consumerGroup" value="datarouter" />
+    <constructor-arg name="consumerId" value="datarouter" />
+    <constructor-arg name="timeoutMs" value="1000" />
+    <constructor-arg name="messageLimit" value="100" />
+    <constructor-arg name="transportType" value="HTTPAUTH" />
+    <constructor-arg name="protocol" value="{{.Values.event.protocol}}" />
+    <constructor-arg name="filter"><null /></constructor-arg>
+  </bean>
+
+  <bean id="entityEventPolicy" class="org.onap.aai.datarouter.policy.EntityEventPolicy" init-method="startup" >
+    <constructor-arg ref="eepConfig"/>
+  </bean>
+</beans>

diff --git a/kubernetes/aai/components/aai-data-router/resources/dynamic/routes/entity-event.route b/kubernetes/aai/components/aai-data-router/resources/dynamic/routes/entity-event.route
new file mode 100644 (file)
index 0000000..14db6d6
--- /dev/null
+++ b/kubernetes/aai/components/aai-data-router/resources/dynamic/routes/entity-event.route
@@ -0,0 +1,4 @@
+<route xmlns="http://camel.apache.org/schema/spring" trace="true">\r
+  <from uri="event-bus:mybus/?eventTopic=AAI-EVENT&amp;consumer=#consumerBeanEntityEvent" />\r
+  <to uri="bean:entityEventPolicy?method=process"/>\r
+</route>
\ No newline at end of file

diff --git a/kubernetes/aai/components/aai-data-router/templates/configmap.yaml b/kubernetes/aai/components/aai-data-router/templates/configmap.yaml
new file mode 100644 (file)
index 0000000..93b498a
--- /dev/null
+++ b/kubernetes/aai/components/aai-data-router/templates/configmap.yaml
@@ -0,0 +1,68 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-prop
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-dynamic
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/dynamic/routes/entity-event.route").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/dynamic/conf/data-router-oxm.xml").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/dynamic/conf/entity-event-policy.xml").AsConfig . | indent 2 }}
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-log-configmap
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/log/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-filebeat-configmap
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/log/filebeat/*").AsConfig . | indent 2 }}

diff --git a/kubernetes/aai/components/aai-data-router/templates/deployment.yaml b/kubernetes/aai/components/aai-data-router/templates/deployment.yaml
new file mode 100644 (file)
index 0000000..01efcd0
--- /dev/null
+++ b/kubernetes/aai/components/aai-data-router/templates/deployment.yaml
@@ -0,0 +1,188 @@
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "common.fullname" . }}
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app: {{ include "common.name" . }}
+  template:
+    metadata:
+      labels:
+        app: {{ include "common.name" . }}
+        release: {{ include "common.release" . }}
+      name: {{ include "common.name" . }}
+    spec:
+      {{- if .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+      {{- end -}}
+      {{- if .Values.affinity }}
+      affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+      {{- end }}
+      initContainers:
+      - command:
+        - /bin/sh
+        - -c
+        - |
+          mkdir -p /logroot/data-router/logs
+          chmod -R 777 /logroot/data-router/logs
+          chown -R root:root /logroot
+        env:
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: metadata.namespace
+        securityContext:
+          privileged: true
+        image: {{ .Values.global.dockerhubRepository | default .Values.dockerhubRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        name: init-sysctl
+        volumeMounts:
+        - name: {{ include "common.fullname" . }}-logs
+          mountPath: /logroot/
+      containers:
+      - name: {{ include "common.name" . }}
+        image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        env:
+        - name: SERVICE_BEANS
+          value: /opt/app/data-router/dynamic/conf
+        - name: CONFIG_HOME
+          value: /opt/app/data-router/config/
+        - name: KEY_STORE_PASSWORD
+          value: {{ .Values.config.keyStorePassword }}
+        - name: DYNAMIC_ROUTES
+          value: /opt/app/data-router/dynamic/routes
+        - name: KEY_MANAGER_PASSWORD
+          value: {{ .Values.config.keyManagerPassword }}
+        - name: PATH
+          value: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+        - name: JAVA_HOME
+          value: usr/lib/jvm/java-8-openjdk-amd64
+        volumeMounts:
+        - mountPath: /etc/localtime
+          name: localtime
+          readOnly: true
+        - mountPath:  /opt/app/data-router/config/auth
+          name: {{ include "common.fullname" . }}-auth
+        - mountPath:  /opt/app/data-router/config/data-router.properties
+          subPath: data-router.properties
+          name: {{ include "common.fullname" . }}-properties
+        - mountPath:  /opt/app/data-router/config/schemaIngest.properties
+          subPath: schemaIngest.properties
+          name: {{ include "common.fullname" . }}-properties
+        - mountPath: /opt/app/data-router/dynamic/routes/entity-event.route
+          subPath: entity-event.route
+          name: {{ include "common.fullname" . }}-dynamic-route
+        - mountPath: /opt/app/data-router/dynamic/conf/entity-event-policy.xml
+          subPath: entity-event-policy.xml
+          name: {{ include "common.fullname" . }}-dynamic-policy
+        - mountPath: /opt/app/data-router/dynamic/conf/data-router-oxm.xml
+          subPath: data-router-oxm.xml
+          name: {{ include "common.fullname" . }}-dynamic-oxm
+        - mountPath: /opt/app/data-router/bundleconfig/etc/logback.xml
+          name: {{ include "common.fullname" . }}-logback-config
+          subPath: logback.xml
+        - mountPath: /var/log/onap
+          name: {{ include "common.fullname" . }}-logs
+        - mountPath: /logs
+          name: {{ include "common.fullname" . }}-logs
+
+        ports:
+        - containerPort: {{ .Values.service.internalPort }}
+        {{- if eq .Values.liveness.enabled true }}
+        livenessProbe:
+          tcpSocket:
+            port: {{ .Values.service.internalPort }}
+          initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+          periodSeconds: {{ .Values.liveness.periodSeconds }}
+        {{ end -}}
+        readinessProbe:
+          tcpSocket:
+            port: {{ .Values.service.internalPort }}
+          initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+          periodSeconds: {{ .Values.readiness.periodSeconds }}
+        resources:
+{{ include "common.resources" . }}
+
+      # side car containers
+      - name: filebeat-onap
+        image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        volumeMounts:
+        - mountPath: /usr/share/filebeat/filebeat.yml
+          subPath: filebeat.yml
+          name: filebeat-conf
+        - mountPath: /var/log/onap
+          name: {{ include "common.fullname" . }}-logs
+        - mountPath: /logs
+          name: {{ include "common.fullname" . }}-logs
+        - mountPath: /usr/share/filebeat/data
+          name: aai-filebeat
+        resources:
+{{ include "common.resources" . }}
+      volumes:
+      - name: localtime
+        hostPath:
+          path: /etc/localtime
+      - name: filebeat-conf
+        configMap:
+          name: aai-filebeat
+      - name: aai-filebeat
+        emptyDir: {}
+      - name: {{ include "common.fullname" . }}-auth
+        secret:
+          secretName: {{ include "common.fullname" . }}
+      - name: {{ include "common.fullname" . }}-properties
+        configMap:
+          name: {{ include "common.fullname" . }}-prop
+          items:
+          - key: data-router.properties
+            path: data-router.properties
+          - key: schemaIngest.properties
+            path: schemaIngest.properties
+      - name: {{ include "common.fullname" . }}-dynamic-route
+        configMap:
+          name: {{ include "common.fullname" . }}-dynamic
+      - name: {{ include "common.fullname" . }}-dynamic-policy
+        configMap:
+          name: {{ include "common.fullname" . }}-dynamic
+      - name: {{ include "common.fullname" . }}-dynamic-oxm
+        configMap:
+          name: {{ include "common.fullname" . }}-dynamic
+      - name: {{ include "common.fullname" . }}-logs
+        emptyDir: {}
+      - name: {{ include "common.fullname" . }}-logback-config
+        configMap:
+          name: {{ include "common.fullname" . }}-log-configmap
+          items:
+          - key: logback.xml
+            path: logback.xml
+      restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }}
+      imagePullSecrets:
+      - name: "{{ include "common.namespace" . }}-docker-registry-key"

diff --git a/kubernetes/aai/components/aai-data-router/templates/secret.yaml b/kubernetes/aai/components/aai-data-router/templates/secret.yaml
new file mode 100644 (file)
index 0000000..292e035
--- /dev/null
+++ b/kubernetes/aai/components/aai-data-router/templates/secret.yaml
@@ -0,0 +1,27 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "common.fullname" . }}
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/config/auth/*").AsSecrets . | indent 2 }}

diff --git a/kubernetes/aai/components/aai-data-router/values.yaml b/kubernetes/aai/components/aai-data-router/values.yaml
new file mode 100644 (file)
index 0000000..354559b
--- /dev/null
+++ b/kubernetes/aai/components/aai-data-router/values.yaml
@@ -0,0 +1,112 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Default values for data-router.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+global: # global defaults
+  nodePortPrefix: 302
+  loggingImage: beats/filebeat:5.5.0
+
+# application image
+repository: nexus3.onap.org:10001
+image: onap/data-router:1.7.0
+pullPolicy: Always
+restartPolicy: Always
+flavor: small
+flavorOverride: small
+dockerhubRepository: registry.hub.docker.com
+ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
+
+# application configuration
+config:
+  keyStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+  keyManagerPassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+  schemaTranslatorList: config
+  schemaVersionList: "v11,v12,v13,v14,v15,v16,v17,v18,v19"
+  schemaApiDefault: "v19"
+
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+  initialDelaySeconds: 300
+  periodSeconds: 10
+  # necessary to disable liveness probe when setting breakpoints
+  # in debugger so K8s doesn't restart unresponsive container
+  enabled: true
+
+readiness:
+  initialDelaySeconds: 120
+  periodSeconds: 10
+
+service:
+  name: aai-data-router
+  internalPort: 9502
+
+ingress:
+  enabled: false
+
+persistence:
+  enabled: true
+
+  ## A manually managed Persistent Volume and Claim
+  ## Requires persistence.enabled: true
+  ## If defined, PVC must be created manually before volume will be bound
+  # existingClaim:
+  volumeReclaimPolicy: Retain
+
+  ## database data Persistent Volume Storage Class
+  ## If defined, storageClassName: <storageClass>
+  ## If set to "-", storageClassName: "", which disables dynamic provisioning
+  ## If undefined (the default) or set to null, no storageClassName spec is
+  ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
+  ##   GKE, AWS & OpenStack)
+  ##
+  ## storageClass: "-"
+  accessMode: ReadWriteMany
+  size: 2Gi
+  mountPath: /dockerdata-nfs
+  mountSubPath: aai/data-router/logs
+
+resources:
+  small:
+    limits:
+      cpu: 2
+      memory: 4Gi
+    requests:
+      cpu: 0.25
+      memory: 750Mi
+  large:
+    limits:
+      cpu: 4
+      memory: 8Gi
+    requests:
+      cpu: 0.5
+      memory: 1536Mi
+  unlimited: {}
+
+# Entity Event route configuration
+event:
+  port:
+    dmaap: 3905
+  protocol: https
+  consumer:
+    topic: AAI-EVENT

diff --git a/kubernetes/aai/components/aai-elasticsearch/.helmignore b/kubernetes/aai/components/aai-elasticsearch/.helmignore
new file mode 100644 (file)
index 0000000..daebc7d
--- /dev/null
+++ b/kubernetes/aai/components/aai-elasticsearch/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.\r
+# This supports shell glob matching, relative path matching, and\r
+# negation (prefixed with !). Only one pattern per line.\r
+.DS_Store\r
+# Common VCS dirs\r
+.git/\r
+.gitignore\r
+.bzr/\r
+.bzrignore\r
+.hg/\r
+.hgignore\r
+.svn/\r
+# Common backup files\r
+*.swp\r
+*.bak\r
+*.tmp\r
+*~\r
+# Various IDEs\r
+.project\r
+.idea/\r
+*.tmproj\r

diff --git a/kubernetes/aai/components/aai-elasticsearch/Chart.yaml b/kubernetes/aai/components/aai-elasticsearch/Chart.yaml
new file mode 100644 (file)
index 0000000..93c6b25
--- /dev/null
+++ b/kubernetes/aai/components/aai-elasticsearch/Chart.yaml
@@ -0,0 +1,18 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP AAI elasticsearch
+name: aai-elasticsearch
+version: 7.0.0

diff --git a/kubernetes/aai/components/aai-elasticsearch/resources/config/elasticsearch.yml b/kubernetes/aai/components/aai-elasticsearch/resources/config/elasticsearch.yml
new file mode 100644 (file)
index 0000000..ae12344
--- /dev/null
+++ b/kubernetes/aai/components/aai-elasticsearch/resources/config/elasticsearch.yml
@@ -0,0 +1,372 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+##################### Elasticsearch Configuration Example #####################
+
+# This file contains an overview of various configuration settings,
+# targeted at operations staff. Application developers should
+# consult the guide at <http://elasticsearch.org/guide>.
+#
+# The installation procedure is covered at
+# <http://elasticsearch.org/guide/en/elasticsearch/reference/current/setup.html>.
+#
+# Elasticsearch comes with reasonable defaults for most settings,
+# so you can try it out without bothering with configuration.
+#
+# Most of the time, these defaults are just fine for running a production
+# cluster. If you're fine-tuning your cluster, or wondering about the
+# effect of certain configuration option, please _do ask_ on the
+# mailing list or IRC channel [http://elasticsearch.org/community].
+
+# Any element in the configuration can be replaced with environment variables
+# by placing them in ${...} notation. For example:
+#
+# node.rack: ${RACK_ENV_VAR}
+
+# For information on supported formats and syntax for the config file, see
+# <http://elasticsearch.org/guide/en/elasticsearch/reference/current/setup-configuration.html>
+################################### Cluster ###################################
+
+# Cluster name identifies your cluster for auto-discovery. If you're running
+# multiple clusters on the same network, make sure you're using unique names.
+#
+# cluster.name: elasticsearch
+
+cluster.name: ES_AAI
+
+#################################### Node #####################################
+
+node.name: ES_ONAP
+node.master: true
+node.data: true
+
+
+# Use the Cluster Health API [http://localhost:9200/_cluster/health], the
+# Node Info API [http://localhost:9200/_nodes] or GUI tools
+# such as <http://www.elasticsearch.org/overview/marvel/>,
+# <http://github.com/karmi/elasticsearch-paramedic>,
+# <http://github.com/lukas-vlcek/bigdesk> and
+# <http://mobz.github.com/elasticsearch-head> to inspect the cluster state.
+
+# By default, multiple nodes are allowed to start from the same installation location
+# to disable it, set the following:
+
+node.max_local_storage_nodes: 1
+
+
+#################################### Index ####################################
+# You can set a number of options (such as shard/replica options, mapping
+# or analyzer definitions, translog settings, ...) for indices globally,
+# in this file.
+#
+# Note, that it makes more sense to configure index settings specifically for
+# a certain index, either when creating it or by using the index templates API.
+#
+# See <http://elasticsearch.org/guide/en/elasticsearch/reference/current/index-modules.html> and
+# <http://elasticsearch.org/guide/en/elasticsearch/reference/current/indices-create-index.html>
+# for more information.
+
+# Set the number of shards (splits) of an index (5 by default):
+
+#index.number_of_shards: 5
+
+# Set the number of replicas (additional copies) of an index (1 by default):
+
+#index.number_of_replicas: 1
+
+# These settings directly affect the performance of index and search operations
+# in your cluster. Assuming you have enough machines to hold shards and
+# replicas, the rule of thumb is:
+#
+# 1. Having more *shards* enhances the _indexing_ performance and allows to
+#    _distribute_ a big index across machines.
+# 2. Having more *replicas* enhances the _search_ performance and improves the
+#    cluster _availability_.
+#
+# The "number_of_shards" is a one-time setting for an index.
+#
+# The "number_of_replicas" can be increased or decreased anytime,
+# by using the Index Update Settings API.
+#
+# Elasticsearch takes care about load balancing, relocating, gathering the
+# results from nodes, etc. Experiment with different settings to fine-tune
+# your setup.
+
+# Use the Index Status API (<http://localhost:9200/A/_status>) to inspect
+# the index status.
+
+
+#################################### Paths ####################################
+
+# Path to directory containing configuration (this file and logging.yml):
+#path.conf: /opt/app/elasticsearch/config
+
+# Path to directory where to store index data allocated for this node.
+# Use swm auto link to redirect the data directory if necessary.
+
+path.data: /usr/share/elasticsearch/data
+
+# path.data: /path/to/data1,/path/to/data2
+
+# path.work: /path/to/work
+
+path.logs: /usr/share/elasticsearch/logs
+
+#path.plugins: /opt/app/elasticsearch/plugins
+
+
+#################################### Plugin ###################################
+
+# If a plugin listed here is not installed for current node, the node will not start.
+#
+# plugin.mandatory: mapper-attachments,lang-groovy
+
+
+################################### Memory ####################################
+
+# Elasticsearch performs poorly when JVM starts swapping: you should ensure that
+# it _never_ swaps.
+#
+# Set this property to true to lock the memory: default is true
+
+#bootstrap.memory_lock: true
+
+# Make sure that the ES_MIN_MEM and ES_MAX_MEM environment variables are set
+# to the same value, and that the machine has enough memory to allocate
+# for Elasticsearch, leaving enough memory for the operating system itself.
+#
+# You should also make sure that the Elasticsearch process is allowed to lock
+# the memory, eg. by using `ulimit -l unlimited`.
+
+### Kernel Settings
+
+# Elasticsearch installs system call filters of various flavors depending on the
+# operating system (e.g., seccomp on Linux). These system call filters are
+# installed to prevent the ability to execute system calls related to forking
+# as a defense mechanism against arbitrary code execution attacks on
+# Elasticsearch The system call filter check ensures that if system call
+# filters are enabled, then they were successfully installed. To pass the system
+# call filter check you must either fix any configuration errors on your system
+# that prevented system call filters from installing (check your logs), or at
+# your own risk disable system call filters by setting
+# bootstrap.system_call_filter to false.
+# See: https://www.elastic.co/guide/en/elasticsearch/reference/current/system-call-filter-check.html
+#
+# seccomp is found in Linux kernels: 2.6.37\962.6.39, 3.0\963.19, 4.0\964.9,
+# 4.10-rc+HEAD
+#
+# The default setting is to disable the filters assuming an older kernel
+# version where seccomp is not available.
+# See: https://discuss.elastic.co/t/elasticsearch-warn-unable-to-install-syscall-filter/42819
+
+bootstrap.system_call_filter: false
+
+############################## Network And HTTP ###############################
+# Elasticsearch, by default, binds itself to the 0.0.0.0 address, and listens
+# on port [9200-9300] for HTTP traffic and on port [9300-9400] for node-to-node
+# communication. (the range means that if the port is busy, it will automatically
+# try the next port).
+
+# Set the bind address specifically (IPv4 or IPv6):
+network.bind_host: 0.0.0.0
+
+# Set the address other nodes will use to communicate with this node. If not
+# set, it is automatically derived. It must point to an actual IP address.
+
+# network.publish_host: 0.0.0.0
+
+# Set both 'bind_host' and 'publish_host':
+# network.host: 192.168.0.1
+
+
+# Set a custom port for the node to node communication (9300 by default):
+transport.tcp.port: {{ .Values.service.internalPort2 }}
+
+# Enable compression for all communication between nodes (disabled by default):
+transport.tcp.compress: false
+
+# Set a custom port to listen for HTTP traffic:
+# http.port: 9200
+http.port: {{ .Values.service.internalPort }}
+
+# Set a custom allowed content length:
+# http.max_content_length: 100mb
+http.max_content_length: 100mb
+
+# Disable HTTP completely:
+# http.enabled: false
+http.enabled: true
+
+# This is specifically useful for permitting which front end Kibana Url's are permitted to access elastic search.
+http.cors.enabled: false
+http.cors.allow-origin: "/.*/"
+http.cors.allow-headers: X-Requested-With, Content-Type, Content-Length
+http.cors.allow-credentials: false
+################################### Gateway ###################################
+
+# The gateway allows for persisting the cluster state between full cluster
+# restarts. Every change to the state (such as adding an index) will be stored
+# in the gateway, and when the cluster starts up for the first time,
+# it will read its state from the gateway.
+# There are several types of gateway implementations. For more information, see
+# <http://elasticsearch.org/guide/en/elasticsearch/reference/current/modules-gateway.html>.
+
+# The default gateway type is the "local" gateway (recommended):
+#
+#gateway.type: local
+#gateway.type: local
+
+# Settings below control how and when to start the initial recovery process on
+# a full cluster restart (to reuse as much local data as possible when using shared
+# gateway).
+
+# Allow recovery process after N nodes in a cluster are up:
+#
+# gateway.recover_after_nodes: 1
+gateway.recover_after_nodes: 1
+
+# Set the timeout to initiate the recovery process, once the N nodes
+# from previous setting are up (accepts time value):
+#
+#gateway.recover_after_time: 5m
+gateway.recover_after_time: 5m
+
+# Set how many nodes are expected in this cluster. Once these N nodes
+# are up (and recover_after_nodes is met), begin recovery process immediately
+# (without waiting for recover_after_time to expire):
+#
+# gateway.expected_nodes: 2
+gateway.expected_nodes: 2
+
+############################# Recovery Throttling #############################
+
+# These settings allow to control the process of shards allocation between
+# nodes during initial recovery, replica allocation, rebalancing,
+# or when adding and removing nodes.
+
+# Set the number of concurrent recoveries happening on a node:
+#
+# 1. During the initial recovery
+#
+# cluster.routing.allocation.node_initial_primaries_recoveries: 4
+#
+# 2. During adding/removing nodes, rebalancing, etc
+#
+# cluster.routing.allocation.node_concurrent_recoveries: 2
+
+# Set to throttle throughput when recovering (eg. 100mb, by default 20mb):
+# indices.recovery.max_bytes_per_sec: 20mb
+indices.recovery.max_bytes_per_sec: 20mb
+
+# Set to limit the number of open concurrent streams when
+# recovering a shard from a peer:
+#
+# indices.recovery.concurrent_streams: 5
+#indices.recovery.concurrent_streams: 5
+
+################################## Discovery ##################################
+
+# Discovery infrastructure ensures nodes can be found within a cluster
+# and master node is elected. Multicast discovery is the default.
+
+# Set to ensure a node sees N other master eligible nodes to be considered
+# operational within the cluster. Its recommended to set it to a higher value
+# than 1 when running more than 2 nodes in the cluster.
+#
+discovery.zen.minimum_master_nodes: 1
+
+# Set the time to wait for ping responses from other nodes when discovering.
+# Set this option to a higher value on a slow or congested network
+# to minimize discovery failures:
+#
+# discovery.zen.ping_timeout: 3s
+discovery.zen.ping_timeout: 3s
+
+# For more information, see
+# <http://elasticsearch.org/guide/en/elasticsearch/reference/current/modules-discovery-zen.html>
+
+# Unicast discovery allows to explicitly control which nodes will be used
+# to discover the cluster. It can be used when multicast is not present,
+# or to restrict the cluster communication-wise.
+#
+# 1. Disable multicast discovery (enabled by default):
+# discovery.zen.ping.multicast.enabled: false
+#discovery.zen.ping.multicast.enabled: false
+
+
+# 2. Configure an initial list of master nodes in the cluster
+#    to perform discovery when new nodes (master or data) are started:
+#
+# discovery.zen.ping.unicast.hosts: ["host1", "host2:port"]
+discovery.zen.ping.unicast.hosts: ["0.0.0.0"]
+
+# EC2 discovery allows to use AWS EC2 API in order to perform discovery.
+#
+# You have to install the cloud-aws plugin for enabling the EC2 discovery.
+#
+# For more information, see
+# <http://elasticsearch.org/guide/en/elasticsearch/reference/current/modules-discovery-ec2.html>
+#
+#
+# See <http://elasticsearch.org/tutorials/elasticsearch-on-ec2/>
+# for a step-by-step tutorial.
+
+# GCE discovery allows to use Google Compute Engine API in order to perform discovery.
+#
+# You have to install the cloud-gce plugin for enabling the GCE discovery.
+#
+# For more information, see <https://github.com/elasticsearch/elasticsearch-cloud-gce>.
+
+# Azure discovery allows to use Azure API in order to perform discovery.
+#
+# You have to install the cloud-azure plugin for enabling the Azure discovery.
+#
+# For more information, see <https://github.com/elasticsearch/elasticsearch-cloud-azure>.
+
+################################## Slow Log ##################################
+
+# Shard level query and fetch threshold logging.
+
+#index.search.slowlog.threshold.query.warn: 10s
+#index.search.slowlog.threshold.query.info: 5s
+#index.search.slowlog.threshold.query.debug: 2s
+#index.search.slowlog.threshold.query.trace: 500ms
+
+#index.search.slowlog.threshold.fetch.warn: 1s
+#index.search.slowlog.threshold.fetch.info: 800ms
+#index.search.slowlog.threshold.fetch.debug: 500ms
+#index.search.slowlog.threshold.fetch.trace: 200ms
+
+#index.indexing.slowlog.threshold.index.warn: 10s
+#index.indexing.slowlog.threshold.index.info: 5s
+#index.indexing.slowlog.threshold.index.debug: 2s
+#index.indexing.slowlog.threshold.index.trace: 500ms
+
+################################## GC Logging ################################
+
+#monitor.jvm.gc.young.warn: 1000ms
+#monitor.jvm.gc.young.info: 700ms
+#monitor.jvm.gc.young.debug: 400ms
+
+#monitor.jvm.gc.old.warn: 10s
+#monitor.jvm.gc.old.info: 5s
+#monitor.jvm.gc.old.debug: 2s
+
+
+# x-pack security conflicts with searchguard
+xpack.security.enabled: false
+xpack.ml.enabled: false
+xpack.monitoring.enabled: false
+xpack.watcher.enabled: false

diff --git a/kubernetes/aai/components/aai-elasticsearch/resources/config/jvm.options b/kubernetes/aai/components/aai-elasticsearch/resources/config/jvm.options
new file mode 100644 (file)
index 0000000..e69d798
--- /dev/null
+++ b/kubernetes/aai/components/aai-elasticsearch/resources/config/jvm.options
@@ -0,0 +1,117 @@
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+## JVM configuration
+
+################################################################
+## IMPORTANT: JVM heap size
+################################################################
+##
+## You should always set the min and max JVM heap
+## size to the same value. For example, to set
+## the heap to 4 GB, set:
+##
+## -Xms4g
+## -Xmx4g
+##
+## See https://www.elastic.co/guide/en/elasticsearch/reference/current/heap-size.html
+## for more information
+##
+################################################################
+
+# Xms represents the initial size of total heap space
+# Xmx represents the maximum size of total heap space
+
+-Xms1g
+-Xmx1g
+
+################################################################
+## Expert settings
+################################################################
+##
+## All settings below this section are considered
+## expert settings. Don't tamper with them unless
+## you understand what you are doing
+##
+################################################################
+
+## GC configuration
+-XX:+UseConcMarkSweepGC
+-XX:CMSInitiatingOccupancyFraction=75
+-XX:+UseCMSInitiatingOccupancyOnly
+
+## optimizations
+
+# pre-touch memory pages used by the JVM during initialization
+-XX:+AlwaysPreTouch
+
+## basic
+
+# force the server VM
+-server
+
+# explicitly set the stack size
+-Xss1m
+
+# set to headless, just in case
+-Djava.awt.headless=true
+
+# ensure UTF-8 encoding by default (e.g. filenames)
+-Dfile.encoding=UTF-8
+
+# use our provided JNA always versus the system one
+-Djna.nosys=true
+
+# turn off a JDK optimization that throws away stack traces for common
+# exceptions because stack traces are important for debugging
+-XX:-OmitStackTraceInFastThrow
+
+# flags to configure Netty
+-Dio.netty.noUnsafe=true
+-Dio.netty.noKeySetOptimization=true
+-Dio.netty.recycler.maxCapacityPerThread=0
+
+# log4j 2
+-Dlog4j.shutdownHookEnabled=false
+-Dlog4j2.disable.jmx=true
+
+## heap dumps
+
+# generate a heap dump when an allocation from the Java heap fails
+# heap dumps are created in the working directory of the JVM
+-XX:+HeapDumpOnOutOfMemoryError
+
+# specify an alternative path for heap dumps
+# ensure the directory exists and has sufficient space
+#-XX:HeapDumpPath=/heap/dump/path
+
+## GC logging
+
+#-XX:+PrintGCDetails
+#-XX:+PrintGCTimeStamps
+#-XX:+PrintGCDateStamps
+#-XX:+PrintClassHistogram
+#-XX:+PrintTenuringDistribution
+#-XX:+PrintGCApplicationStoppedTime
+
+# log GC status to a file with time stamps
+# ensure the directory exists
+#-Xloggc:${loggc}
+
+# By default, the GC log file will not rotate.
+# By uncommenting the lines below, the GC log file
+# will be rotated every 128MB at most 32 times.
+#-XX:+UseGCLogFileRotation
+#-XX:NumberOfGCLogFiles=32
+#-XX:GCLogFileSize=128M

diff --git a/kubernetes/aai/components/aai-elasticsearch/resources/config/log4j2.properties b/kubernetes/aai/components/aai-elasticsearch/resources/config/log4j2.properties
new file mode 100644 (file)
index 0000000..e674865
--- /dev/null
+++ b/kubernetes/aai/components/aai-elasticsearch/resources/config/log4j2.properties
@@ -0,0 +1,88 @@
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+status = error
+
+# log action execution errors for easier debugging
+logger.action.name = org.elasticsearch.action
+logger.action.level = INFO
+
+appender.console.type = Console
+appender.console.name = console
+appender.console.layout.type = PatternLayout
+appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%m%n
+
+appender.rolling.type = RollingFile
+appender.rolling.name = rolling
+appender.rolling.fileName = ${sys:es.logs.base_path}.log
+appender.rolling.layout.type = PatternLayout
+appender.rolling.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%.10000m%n
+appender.rolling.filePattern = ${sys:es.logs.base_path}-%d{yyyy-MM-dd}.log
+appender.rolling.policies.type = Policies
+appender.rolling.policies.time.type = TimeBasedTriggeringPolicy
+appender.rolling.policies.time.interval = 1
+appender.rolling.policies.time.modulate = true
+
+rootLogger.level = info
+rootLogger.appenderRef.console.ref = console
+rootLogger.appenderRef.rolling.ref = rolling
+
+# appender.deprecation_rolling.type = RollingFile
+# appender.deprecation_rolling.name = deprecation_rolling
+# appender.deprecation_rolling.fileName = ${sys:es.logs.base_path}_deprecation.log
+# appender.deprecation_rolling.layout.type = PatternLayout
+# appender.deprecation_rolling.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%.10000m%n
+# appender.deprecation_rolling.filePattern = ${sys:es.logs.base_path}_deprecation-%i.log.gz
+# appender.deprecation_rolling.policies.type = Policies
+# appender.deprecation_rolling.policies.size.type = SizeBasedTriggeringPolicy
+# appender.deprecation_rolling.policies.size.size = 1GB
+# appender.deprecation_rolling.strategy.type = DefaultRolloverStrategy
+# appender.deprecation_rolling.strategy.max = 4
+ 
+# logger.deprecation.name = org.elasticsearch.deprecation
+# logger.deprecation.level = warn
+# logger.deprecation.appenderRef.deprecation_rolling.ref = deprecation_rolling
+# logger.deprecation.additivity = false
+
+appender.index_search_slowlog_rolling.type = RollingFile
+appender.index_search_slowlog_rolling.name = index_search_slowlog_rolling
+appender.index_search_slowlog_rolling.fileName = ${sys:es.logs.base_path}_index_search_slowlog.log
+appender.index_search_slowlog_rolling.layout.type = PatternLayout
+appender.index_search_slowlog_rolling.layout.pattern = [%d{ISO8601}][%-5p][%-25c] %marker%.10000m%n
+appender.index_search_slowlog_rolling.filePattern = ${sys:es.logs.base_path}_index_search_slowlog-%d{yyyy-MM-dd}.log
+appender.index_search_slowlog_rolling.policies.type = Policies
+appender.index_search_slowlog_rolling.policies.time.type = TimeBasedTriggeringPolicy
+appender.index_search_slowlog_rolling.policies.time.interval = 1
+appender.index_search_slowlog_rolling.policies.time.modulate = true
+
+logger.index_search_slowlog_rolling.name = index.search.slowlog
+logger.index_search_slowlog_rolling.level = trace
+logger.index_search_slowlog_rolling.appenderRef.index_search_slowlog_rolling.ref = index_search_slowlog_rolling
+logger.index_search_slowlog_rolling.additivity = false
+
+appender.index_indexing_slowlog_rolling.type = RollingFile
+appender.index_indexing_slowlog_rolling.name = index_indexing_slowlog_rolling
+appender.index_indexing_slowlog_rolling.fileName = ${sys:es.logs.base_path}_index_indexing_slowlog.log
+appender.index_indexing_slowlog_rolling.layout.type = PatternLayout
+appender.index_indexing_slowlog_rolling.layout.pattern = [%d{ISO8601}][%-5p][%-25c] %marker%.10000m%n
+appender.index_indexing_slowlog_rolling.filePattern = ${sys:es.logs.base_path}_index_indexing_slowlog-%d{yyyy-MM-dd}.log
+appender.index_indexing_slowlog_rolling.policies.type = Policies
+appender.index_indexing_slowlog_rolling.policies.time.type = TimeBasedTriggeringPolicy
+appender.index_indexing_slowlog_rolling.policies.time.interval = 1
+appender.index_indexing_slowlog_rolling.policies.time.modulate = true
+
+logger.index_indexing_slowlog.name = index.indexing.slowlog.index
+logger.index_indexing_slowlog.level = trace
+logger.index_indexing_slowlog.appenderRef.index_indexing_slowlog_rolling.ref = index_indexing_slowlog_rolling
+logger.index_indexing_slowlog.additivity = false

diff --git a/kubernetes/aai/components/aai-elasticsearch/templates/configmap.yaml b/kubernetes/aai/components/aai-elasticsearch/templates/configmap.yaml
new file mode 100644 (file)
index 0000000..b3af5da
--- /dev/null
+++ b/kubernetes/aai/components/aai-elasticsearch/templates/configmap.yaml
@@ -0,0 +1,26 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-es-config
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}

diff --git a/kubernetes/aai/components/aai-elasticsearch/templates/deployment.yaml b/kubernetes/aai/components/aai-elasticsearch/templates/deployment.yaml
new file mode 100644 (file)
index 0000000..8fa165a
--- /dev/null
+++ b/kubernetes/aai/components/aai-elasticsearch/templates/deployment.yaml
@@ -0,0 +1,120 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "common.fullname" . }}
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app: {{ include "common.name" . }}
+  template:
+    metadata:
+      labels:
+        app: {{ include "common.name" . }}
+        release: {{ include "common.release" . }}
+      name: {{ include "common.name" . }}
+    spec:
+      hostname: {{ include "common.name" . }}
+      initContainers:
+      - command:
+        - /bin/sh
+        - -c
+        - |
+          sysctl -w vm.max_map_count=262144
+          mkdir -p /logroot/elasticsearch/logs
+          mkdir -p /logroot/elasticsearch/data
+          chmod -R 777 /logroot/elasticsearch
+          chown -R 1000:1000 /logroot
+        env:
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: metadata.namespace
+        securityContext:
+          privileged: true
+        image: {{ .Values.global.dockerhubRepository | default .Values.dockerhubRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
+        imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
+        name: init-sysctl
+        volumeMounts:
+        - name: elasticsearch-data
+          mountPath: /logroot/
+      containers:
+      - name: {{ include "common.name" . }}
+        image: "{{ .Values.global.loggingRepository }}/{{ .Values.image }}"
+        imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
+        ports:
+        - containerPort: {{ .Values.service.internalPort }}
+        - containerPort: {{ .Values.service.internalPort2 }}
+        # disable liveness probe when breakpoints set in debugger
+        # so K8s doesn't restart unresponsive container
+        {{- if eq .Values.liveness.enabled true }}
+        livenessProbe:
+          tcpSocket:
+            port: {{ .Values.service.internalPort }}
+          initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+          periodSeconds: {{ .Values.liveness.periodSeconds }}
+        {{ end -}}
+        readinessProbe:
+          tcpSocket:
+            port: {{ .Values.service.internalPort }}
+          initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+          periodSeconds: {{ .Values.readiness.periodSeconds }}
+        volumeMounts:
+          - name: localtime
+            mountPath: /etc/localtime
+            readOnly: true
+          - name: elasticsearch-config
+            subPath: elasticsearch.yml
+            mountPath: /usr/share/elasticsearch/config/elasticsearch.yml
+          - name: elasticsearch-config
+            subPath: jvm.options
+            mountPath: /usr/share/elasticsearch/config/jvm.options
+          - name: elasticsearch-config
+            subPath: log4j2.properties
+            mountPath: /usr/share/elasticsearch/config/log4j2.properties
+          - name: elasticsearch-data
+            mountPath: /usr/share/elasticsearch/data
+        resources:
+{{ include "common.resources" . | indent 12 }}
+      {{- if .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+      {{- end -}}
+      {{- if .Values.affinity }}
+      affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+      {{- end }}
+      volumes:
+      - name: localtime
+        hostPath:
+          path: /etc/localtime
+      - name: elasticsearch-config
+        configMap:
+          name: {{ include "common.fullname" . }}-es-config
+      - name: elasticsearch-data
+        persistentVolumeClaim:
+          claimName: {{ include "common.fullname" . }}-data
+      restartPolicy: {{ .Values.restartPolicy }}
+      imagePullSecrets:
+      - name: "{{ include "common.namespace" . }}-docker-registry-key"

diff --git a/kubernetes/aai/components/aai-elasticsearch/templates/pv.yaml b/kubernetes/aai/components/aai-elasticsearch/templates/pv.yaml
new file mode 100644 (file)
index 0000000..0838e33
--- /dev/null
+++ b/kubernetes/aai/components/aai-elasticsearch/templates/pv.yaml
@@ -0,0 +1,42 @@
+{{/*
+# Copyright ▒ 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if eq "True" (include "common.needPV" .) -}}
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+  name: {{ include "common.fullname" . }}
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+    release: "{{ include "common.release" . }}"
+    heritage: "{{ .Release.Service }}"
+    name: {{ include "common.fullname" . }}
+  annotations:
+    "helm.sh/hook": pre-upgrade,pre-install
+    "helm.sh/hook-weight": "0"
+    "helm.sh/hook-delete-policy": before-hook-creation
+spec:
+  capacity:
+    storage: {{ .Values.persistence.size}}
+  accessModes:
+    - {{ .Values.persistence.accessMode }}
+  persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
+  storageClassName: "{{ include "common.fullname" . }}-data"
+  hostPath:
+    path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }}
+{{- end -}}
\ No newline at end of file

diff --git a/kubernetes/aai/components/aai-elasticsearch/templates/pvc.yaml b/kubernetes/aai/components/aai-elasticsearch/templates/pvc.yaml
new file mode 100644 (file)
index 0000000..513a7e8
--- /dev/null
+++ b/kubernetes/aai/components/aai-elasticsearch/templates/pvc.yaml
@@ -0,0 +1,36 @@
+{{/*
+# Copyright ▒ 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: {{ include "common.fullname" . }}-data
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    release: "{{ include "common.release" . }}"
+    heritage: "{{ .Release.Service }}"
+{{- if .Values.persistence.annotations }}
+{{ toYaml .Values.persistence.annotations | indent 4 }}
+{{- end }}
+spec:
+  accessModes:
+    - {{ .Values.persistence.accessMode }}
+  resources:
+    requests:
+      storage: {{ .Values.persistence.size }}
+  storageClassName: {{ include "common.storageClass" . }}

diff --git a/kubernetes/aai/components/aai-elasticsearch/templates/service.yaml b/kubernetes/aai/components/aai-elasticsearch/templates/service.yaml
new file mode 100644 (file)
index 0000000..68d767b
--- /dev/null
+++ b/kubernetes/aai/components/aai-elasticsearch/templates/service.yaml
@@ -0,0 +1,44 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "common.servicename" . }}
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+  {{if eq .Values.service.type "NodePort" -}}
+  - port: {{ .Values.service.internalPort }}
+    nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+    name: {{ .Values.service.portName }}
+  - port: {{ .Values.service.internalPort2 }}
+    nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
+    name: {{ .Values.service.portName2 }}
+  {{- else -}}
+  - port: {{ .Values.service.internalPort }}
+    name: {{ .Values.service.portName }}
+  - port: {{ .Values.service.internalPort2 }}
+    name: {{ .Values.service.portName2 }}
+  {{- end}}
+  selector:
+    app: {{ include "common.name" . }}
+    release: {{ include "common.release" . }}
+  clusterIP: None

diff --git a/kubernetes/aai/components/aai-elasticsearch/values.yaml b/kubernetes/aai/components/aai-elasticsearch/values.yaml
new file mode 100644 (file)
index 0000000..49b4c36
--- /dev/null
+++ b/kubernetes/aai/components/aai-elasticsearch/values.yaml
@@ -0,0 +1,108 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Default values for elasticsearch.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+global: # global defaults
+  nodePortPrefix: 302
+  persistence:
+    mountPath: /dockerdata-nfs
+
+# application image
+image: elasticsearch/elasticsearch:6.1.2
+pullPolicy: Always
+restartPolicy: Always
+
+flavor: small
+flavorOverride: small
+
+# application configuration
+config:
+  tcpPort: 8443
+  nodeKeyStore: esaai-keystore.jks
+  nodeKeyStorePassword: b87b46d3da7d3d4aadfe
+  adminKeyStore: sgadmin-keystore.p12
+  adminKeyStorePassword: 341274302a70ad691e12
+  trustStore: truststore.jks
+  trustStorePassword: b200926e9da205487f63
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+  initialDelaySeconds: 10
+  periodSeconds: 10
+  # necessary to disable liveness probe when setting breakpoints
+  # in debugger so K8s doesn't restart unresponsive container
+  enabled: true
+
+readiness:
+  initialDelaySeconds: 10
+  periodSeconds: 10
+
+service:
+  type: ClusterIP
+  name: aai-elasticsearch
+  portName: aai-elasticsearch
+  internalPort: 9200
+  portName2: aai-elasticsearch-tcp
+  internalPort2: 8443
+
+ingress:
+  enabled: false
+
+persistence:
+  enabled: true
+
+  ## A manually managed Persistent Volume and Claim
+  ## Requires persistence.enabled: true
+  ## If defined, PVC must be created manually before volume will be bound
+  # existingClaim:
+  volumeReclaimPolicy: Retain
+
+  ## database data Persistent Volume Storage Class
+  ## If defined, storageClassName: <storageClass>
+  ## If set to "-", storageClassName: "", which disables dynamic provisioning
+  ## If undefined (the default) or set to null, no storageClassName spec is
+  ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
+  ##   GKE, AWS & OpenStack)
+  ##
+  ## storageClass: "-"
+  accessMode: ReadWriteOnce
+  size: 2Gi
+  mountPath: /dockerdata-nfs
+  mountSubPath: aai/elasticsearch/data
+
+resources:
+  small:
+    limits:
+      cpu: 2
+      memory: 4Gi
+    requests:
+      cpu: 0.5
+      memory: 2Gi
+  large:
+    limits:
+      cpu: 4
+      memory: 8Gi
+    requests:
+      cpu: 1
+      memory: 4Gi
+  unlimited: {}

diff --git a/kubernetes/aai/components/aai-graphadmin/.helmignore b/kubernetes/aai/components/aai-graphadmin/.helmignore
new file mode 100644 (file)
index 0000000..f0c1319
--- /dev/null
+++ b/kubernetes/aai/components/aai-graphadmin/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj

diff --git a/kubernetes/aai/components/aai-graphadmin/Chart.yaml b/kubernetes/aai/components/aai-graphadmin/Chart.yaml
new file mode 100644 (file)
index 0000000..2388e62
--- /dev/null
+++ b/kubernetes/aai/components/aai-graphadmin/Chart.yaml
@@ -0,0 +1,23 @@
+#
+# ============LICENSE_START=======================================================
+# org.onap.aai
+# ================================================================================
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: v1
+description: ONAP AAI GraphAdmin
+name: aai-graphadmin
+version: 7.0.0

diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/aaiconfig.properties b/kubernetes/aai/components/aai-graphadmin/resources/config/aaiconfig.properties
new file mode 100644 (file)
index 0000000..e9ec685
--- /dev/null
+++ b/kubernetes/aai/components/aai-graphadmin/resources/config/aaiconfig.properties
@@ -0,0 +1,126 @@
+#
+# ============LICENSE_START=======================================================
+# org.onap.aai
+# ================================================================================
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+aai.config.checktime=1000
+
+# this could come from siteconfig.pl?
+aai.config.nodename=AutomaticallyOverwritten
+
+aai.server.url.base=https://aai.{{ include "common.namespace" . }}:8443/aai/
+aai.server.url=https://aai.{{ include "common.namespace" . }}:8443/aai/{{ .Values.global.config.schema.version.api.default }}/
+aai.global.callback.url=https://aai.{{ include "common.namespace" . }}:8443/aai/
+
+{{ if .Values.global.config.basic.auth.enabled }}
+aai.tools.enableBasicAuth=true
+aai.tools.username={{ .Values.global.config.basic.auth.username }}
+aai.tools.password={{ .Values.global.config.basic.auth.passwd }}
+{{ end }}
+
+aai.truststore.filename={{ .Values.global.config.truststore.filename }}
+aai.truststore.passwd.x={{ .Values.global.config.truststore.passwd }}
+aai.keystore.filename={{ .Values.global.config.keystore.filename }}
+aai.keystore.passwd.x={{ .Values.global.config.keystore.passwd }}
+
+aai.notification.current.version={{ .Values.global.config.schema.version.api.default }}
+aai.notificationEvent.default.status=UNPROCESSED
+aai.notificationEvent.default.eventType={{ .Values.global.config.notification.eventType }}
+aai.notificationEvent.default.domain={{ .Values.global.config.notification.domain }}
+aai.notificationEvent.default.sourceName=aai
+aai.notificationEvent.default.sequenceNumber=0
+aai.notificationEvent.default.severity=NORMAL
+aai.notificationEvent.default.version={{ .Values.global.config.schema.version.api.default }}
+# This one lets us enable/disable resource-version checking on updates/deletes
+aai.resourceversion.enableflag=true
+aai.logging.maxStackTraceEntries=10
+aai.default.api.version={{ .Values.global.config.schema.version.api.default }}
+
+# Used by Data Grooming
+aai.grooming.default.max.fix={{ .Values.config.maxFix.dataGrooming | int }}
+aai.grooming.default.sleep.minutes={{ .Values.config.sleepMinutes.dataGrooming | int }}
+
+# Used by DupeTool
+aai.dupeTool.default.max.fix={{ .Values.config.maxFix.dupeTool | int }}
+aai.dupeTool.default.sleep.minutes={{ .Values.config.sleepMinutes.dupeTool | int }}
+
+
+aai.model.proc.max.levels=50
+aai.edgeTag.proc.max.levels=50
+
+# Used by the ForceDelete tool
+aai.forceDel.protected.nt.list=cloud-region
+aai.forceDel.protected.edge.count=10
+aai.forceDel.protected.descendant.count=10
+
+#used by the dataGrooming and dataSnapshot cleanup tasks
+aai.cron.enable.datagroomingcleanup={{ .Values.config.cron.dataCleanup.dataGrooming.enabled }}
+aai.cron.enable.datasnapshotcleanup={{ .Values.config.cron.dataCleanup.dataSnapshot.enabled }}
+aai.datagrooming.agezip={{ .Values.config.cron.dataCleanup.dataGrooming.ageZip | int }}
+aai.datagrooming.agedelete={{ .Values.config.cron.dataCleanup.dataGrooming.ageDelete | int  }}
+
+aai.datasnapshot.agezip={{ .Values.config.cron.dataCleanup.dataSnapshot.ageZip | int }}
+aai.datasnapshot.agedelete={{ .Values.config.cron.dataCleanup.dataSnapshot.ageDelete | int }}
+
+#used by the dataSnapshot and dataGrooming tasks
+aai.cron.enable.dataSnapshot={{ .Values.config.cron.dataSnapshot.enabled }}
+
+aai.cron.enable.dataGrooming={{ .Values.config.cron.dataGrooming.enabled }}
+
+#used by the dataGrooming tasks
+aai.datagrooming.enableautofix=true
+aai.datagrooming.enabledupefixon=true
+aai.datagrooming.enabledontfixorphans=true
+aai.datagrooming.enabletimewindowminutes=true
+aai.datagrooming.enableskiphostcheck=false
+aai.datagrooming.enablesleepminutes=false
+aai.datagrooming.enableedgesonly=false
+aai.datagrooming.enableskipedgechecks=false
+aai.datagrooming.enablemaxfix=false
+aai.datagrooming.enablesinglecommits=false
+aai.datagrooming.enabledupecheckoff=false
+aai.datagrooming.enableghost2checkoff=false
+aai.datagrooming.enableghost2fixon=false
+aai.datagrooming.enablef=false
+
+# used by the dataGrooming to set values
+aai.datagrooming.timewindowminutesvalue=10500
+aai.datagrooming.sleepminutesvalue=100
+aai.datagrooming.maxfixvalue=10
+aai.datagrooming.fvalue=10
+
+#timeout for traversal enabled flag
+aai.graphadmin.timeoutenabled={{ .Values.config.timeout.enabled }}
+#default timeout limit added for graphadmin if not overridden (in ms)
+aai.graphadmin.timeoutlimit={{ .Values.config.timeout.limit }}
+
+#timeout app specific -1 to bypass for that app id, a whole number to override the timeout with that value (in ms)
+aai.graphadmin.timeout.appspecific={{ .Values.global.config.realtime.clients }}
+
+# Disable the process check which are oriented towards linux OS
+# These props should only be true for local on windows
+aai.disable.check.snapshot.running=false
+aai.disable.check.grooming.running=false
+
+# Specify the params listed right here that you would have send to the dataSnapshot shell script
+# JUST_TAKE_SNAPSHOT
+# THREADED_SNAPSHOT 2 DEBUG
+# THREADED_SNAPSHOT 2
+aai.datasnapshot.params={{ .Values.config.cron.dataSnapshot.params }}
+
+# Concurrency lock control flag
+aai.lock.uri.enabled={{ .Values.config.aai.lock.uri.enabled }}

diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties b/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties
new file mode 100644 (file)
index 0000000..7cc354a
--- /dev/null
+++ b/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties
@@ -0,0 +1,111 @@
+#
+# ============LICENSE_START=======================================================
+# org.onap.aai
+# ================================================================================
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+# The following info parameters are being referenced by ajsc6
+info.build.artifact=aai-graphadmin
+info.build.name=resources
+info.build.description=Resources Microservice
+info.build.version=1.2.0
+
+spring.application.name=aai-graphadmin
+spring.jersey.type=filter
+
+spring.main.allow-bean-definition-overriding=true
+server.servlet.context-path=/
+
+spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration
+
+spring.profiles.active={{ .Values.config.profiles.active }}
+spring.jersey.application-path=${schema.uri.base.path}
+#The max number of active threads in this pool
+server.tomcat.max-threads=200
+#The minimum number of threads always kept alive
+server.tomcat.min-Spare-Threads=25
+#The number of milliseconds before an idle thread shutsdown, unless the number of active threads are less or equal to minSpareThreads
+server.tomcat.max-idle-time=60000
+
+# If you get an application startup failure that the port is already taken
+# If thats not it, please check if the key-store file path makes sense
+server.local.startpath=aai-graphadmin/src/main/resources/
+server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties
+
+server.port=8449
+server.ssl.enabled-protocols=TLSv1.1,TLSv1.2
+server.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }}
+server.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }})
+server.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.truststore.filename }}
+server.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }})
+server.ssl.client-auth=want
+server.ssl.key-store-type=JKS
+
+# JMS bind address host port
+jms.bind.address=tcp://localhost:61649
+dmaap.ribbon.listOfServers=message-router.{{.Release.Namespace}}:3905
+dmaap.ribbon.transportType=https
+
+# Schema related attributes for the oxm and edges
+# Any additional schema related attributes should start with prefix schema
+schema.configuration.location=N/A
+schema.source.name={{ .Values.global.config.schema.source.name }}
+schema.nodes.location=${server.local.startpath}/schema/${schema.source.name}/oxm/
+schema.edges.location=${server.local.startpath}/schema/${schema.source.name}/dbedgerules/
+
+schema.ingest.file=${server.local.startpath}/application.properties
+
+# Schema Version Related Attributes
+
+schema.uri.base.path={{ .Values.global.config.schema.uri.base.path }}
+# Lists all of the versions in the schema
+schema.version.list={{ .Values.global.config.schema.version.list }}
+# Specifies from which version should the depth parameter to default to zero
+schema.version.depth.start={{ .Values.global.config.schema.version.depth }}
+# Specifies from which version should the related link be displayed in response payload
+schema.version.related.link.start={{ .Values.global.config.schema.version.related.link }}
+
+# Specifies from which version should the client see only the uri excluding host info
+# Before this version server base will also be included
+schema.version.app.root.start={{ .Values.global.config.schema.version.app.root }}
+# Specifies from which version should the namespace be changed
+schema.version.namespace.change.start={{ .Values.global.config.schema.version.namespace.change }}
+# Specifies from which version should the client start seeing the edge label in payload
+schema.version.edge.label.start={{ .Values.global.config.schema.version.edge.label }}
+# Specifies the version that the application should default to
+schema.version.api.default={{ .Values.global.config.schema.version.api.default }}
+
+schema.translator.list={{ .Values.global.config.schema.translator.list }}
+schema.service.base.url=https://aai-schema-service.{{ include "common.namespace" . }}:8452/aai/schema-service/v1/
+schema.service.nodes.endpoint=nodes?version=
+schema.service.edges.endpoint=edgerules?version=
+schema.service.versions.endpoint=versions
+schema.service.client={{ .Values.global.config.schema.service.client }}
+
+schema.service.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }}
+schema.service.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.truststore.filename }}
+schema.service.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }})
+schema.service.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }})
+
+aperture.rdbmsname=aai_relational
+
+aperture.service.client={{ .Values.global.config.schema.service.client }}
+aperture.service.base.url=http://localhost:8457/aai/aperture
+aperture.service.ssl.key-store=${server.local.startpath}etc/auth/{{ .Values.global.config.keystore.filename }}
+aperture.service.ssl.trust-store=${server.local.startpath}etc/auth/{{ .Values.global.config.truststore.filename }}
+aperture.service.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }})
+aperture.service.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }})
+aperture.service.timeout-in-milliseconds=300000

diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/janusgraph-cached.properties b/kubernetes/aai/components/aai-graphadmin/resources/config/janusgraph-cached.properties
new file mode 100644 (file)
index 0000000..232262e
--- /dev/null
+++ b/kubernetes/aai/components/aai-graphadmin/resources/config/janusgraph-cached.properties
@@ -0,0 +1,97 @@
+#
+# ============LICENSE_START=======================================================
+# org.onap.aai
+# ================================================================================
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+query.fast-property=true
+query.smart-limit=false
+
+{{ if .Values.global.config.cluster.cassandra.dynamic }}
+
+storage.backend=cql
+storage.hostname={{.Values.global.cassandra.serviceName}}
+storage.cql.keyspace=aaigraph
+storage.username={{.Values.global.cassandra.username}}
+storage.password={{.Values.global.cassandra.password}}
+
+storage.cql.read-consistency-level=LOCAL_QUORUM
+storage.cql.write-consistency-level=LOCAL_QUORUM
+storage.cql.replication-factor={{.Values.global.cassandra.replicas}}
+storage.cql.only-use-local-consistency-for-system-operations=true
+
+{{ else }}
+
+{{ if .Values.global.config.storage }}
+
+storage.backend={{ .Values.global.config.storage.backend }}
+
+{{ if eq .Values.global.config.storage.backend "cassandra" }}
+
+storage.hostname={{ .Values.global.config.storage.hostname }}
+storage.cassandra.keyspace={{ .Values.global.config.storage.name }}
+
+storage.cassandra.read-consistency-level={{ .Values.global.config.storage.cassandra.readConsistency }}
+storage.cassandra.write-consistency-level={{ .Values.global.config.storage.cassandra.writeConsistency }}
+storage.cassandra.replication-factor={{ .Values.global.config.storage.cassandra.replicationFactor | int }}
+storage.cassandra.astyanax.cluster-name= {{ .Values.global.config.storage.clusterName }}
+storage.cassandra.astyanax.local-datacenter= {{ .Values.global.config.storage.localDataCenter }}
+
+storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }}
+cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }}
+log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }}
+
+{{ else if eq .Values.global.config.storage.backend "cql" }}
+
+storage.hostname={{ .Values.global.config.storage.hostname }}
+storage.cql.keyspace={{ .Values.global.config.storage.name }}
+
+storage.cql.read-consistency-level={{ .Values.global.config.storage.cql.readConsistency }}
+storage.cql.write-consistency-level={{ .Values.global.config.storage.cql.readConsistency }}
+storage.cql.replication-factor={{ .Values.global.config.storage.cql.replicationFactor | int }}
+
+storage.cql.only-use-local-consistency-for-system-operations={{ .Values.global.config.storage.cql.localConsistencyForSysOps }}
+storage.cql.cluster-name={{ .Values.global.config.storage.clusterName }}
+storage.cql.local-datacenter={{ .Values.global.config.storage.localDataCenter }}
+
+storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }}
+cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }}
+log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }}
+
+{{ else if eq .Values.global.config.storage.backend "hbase" }}
+
+storage.hostname={{ .Values.global.config.storage.hostname }}
+storage.hbase.table={{ .Values.global.config.storage.name }}
+
+storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }}
+cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }}
+log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }}
+
+{{ end }}
+
+{{ end }}
+
+{{ end }}
+
+storage.lock.wait-time=300
+#caching on
+cache.db-cache = true
+cache.db-cache-clean-wait = 20
+cache.db-cache-time = 180000
+cache.db-cache-size = 0.3
+
+#load graphson file on startup
+load.snapshot.file=false

diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/janusgraph-realtime.properties b/kubernetes/aai/components/aai-graphadmin/resources/config/janusgraph-realtime.properties
new file mode 100644 (file)
index 0000000..923611d
--- /dev/null
+++ b/kubernetes/aai/components/aai-graphadmin/resources/config/janusgraph-realtime.properties
@@ -0,0 +1,91 @@
+#
+# ============LICENSE_START=======================================================
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+query.fast-property=true
+query.smart-limit=false
+
+{{ if .Values.global.config.cluster.cassandra.dynamic }}
+
+storage.backend=cql
+storage.hostname={{.Values.global.cassandra.serviceName}}
+storage.cql.keyspace=aaigraph
+storage.username={{.Values.global.cassandra.username}}
+storage.password={{.Values.global.cassandra.password}}
+
+storage.cql.read-consistency-level=LOCAL_QUORUM
+storage.cql.write-consistency-level=LOCAL_QUORUM
+storage.cql.replication-factor={{.Values.global.cassandra.replicas}}
+storage.cql.only-use-local-consistency-for-system-operations=true
+
+{{ else }}
+
+{{ if .Values.global.config.storage }}
+
+storage.backend={{ .Values.global.config.storage.backend }}
+
+{{ if eq .Values.global.config.storage.backend "cassandra" }}
+
+storage.hostname={{ .Values.global.config.storage.hostname }}
+storage.cassandra.keyspace={{ .Values.global.config.storage.name }}
+
+storage.cassandra.read-consistency-level={{ .Values.global.config.storage.cassandra.readConsistency }}
+storage.cassandra.write-consistency-level={{ .Values.global.config.storage.cassandra.writeConsistency }}
+storage.cassandra.replication-factor={{ .Values.global.config.storage.cassandra.replicationFactor | int }}
+storage.cassandra.astyanax.cluster-name= {{ .Values.global.config.storage.clusterName }}
+storage.cassandra.astyanax.local-datacenter= {{ .Values.global.config.storage.localDataCenter }}
+
+storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }}
+cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }}
+log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }}
+
+{{ else if eq .Values.global.config.storage.backend "cql" }}
+
+storage.hostname={{ .Values.global.config.storage.hostname }}
+storage.cql.keyspace={{ .Values.global.config.storage.name }}
+
+storage.cql.read-consistency-level={{ .Values.global.config.storage.cql.readConsistency }}
+storage.cql.write-consistency-level={{ .Values.global.config.storage.cql.readConsistency }}
+storage.cql.replication-factor={{ .Values.global.config.storage.cql.replicationFactor | int }}
+
+storage.cql.only-use-local-consistency-for-system-operations={{ .Values.global.config.storage.cql.localConsistencyForSysOps }}
+storage.cql.cluster-name={{ .Values.global.config.storage.clusterName }}
+storage.cql.local-datacenter={{ .Values.global.config.storage.localDataCenter }}
+
+storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }}
+cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }}
+log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }}
+
+{{ else if eq .Values.global.config.storage.backend "hbase" }}
+
+storage.hostname={{ .Values.global.config.storage.hostname }}
+storage.hbase.table={{ .Values.global.config.storage.name }}
+
+storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }}
+cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }}
+log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }}
+
+{{ end }}
+
+{{ end }}
+
+{{ end }}
+
+storage.lock.wait-time=300
+# Setting db-cache to false ensure the fastest propagation of changes across servers
+cache.db-cache = false
+#load graphson file on startup
+load.snapshot.file=false

diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/localhost-access-logback.xml b/kubernetes/aai/components/aai-graphadmin/resources/config/localhost-access-logback.xml
new file mode 100644 (file)
index 0000000..95d4123
--- /dev/null
+++ b/kubernetes/aai/components/aai-graphadmin/resources/config/localhost-access-logback.xml
@@ -0,0 +1,60 @@
+<!--
+
+    ============LICENSE_START=======================================================
+    org.onap.aai
+    ================================================================================
+    Copyright © 2018 AT&T Intellectual Property. All rights reserved.
+    ================================================================================
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+    ============LICENSE_END=========================================================
+
+-->
+<configuration>
+       <property name="AJSC_HOME" value="${AJSC_HOME:-.}" />
+       <appender name="ACCESS"
+               class="ch.qos.logback.core.rolling.RollingFileAppender">
+               <file>${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log</file>
+               <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+                       <fileNamePattern>${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log.%d{yyyy-MM-dd}
+                       </fileNamePattern>
+               </rollingPolicy>
+               <encoder class="org.onap.aai.logging.CustomLogPatternLayoutEncoder">
+                       <Pattern>%a %u %z [%t] "%m %U%q" %s %b %y %i{X-TransactionId} %i{X-FromAppId} %i{X-Forwarded-For} %i{X-AAI-SSL-Client-CN} %i{X-AAI-SSL-Client-OU} %i{X-AAI-SSL-Client-O} %i{X-AAI-SSL-Client-L} %i{X-AAI-SSL-Client-ST} %i{X-AAI-SSL-Client-C} %i{X-AAI-SSL-Client-NotBefore} %i{X-AAI-SSL-Client-NotAfter} %i{X-AAI-SSL-Client-DN} %D</Pattern>
+               </encoder>
+       </appender>
+       <appender-ref ref="ACCESS" />
+</configuration>
+
+<!-- 
+%a - Remote IP address
+%A - Local IP address
+%b - Bytes sent, excluding HTTP headers, or '-' if no bytes were sent
+%B - Bytes sent, excluding HTTP headers
+%h - Remote host name
+%H - Request protocol
+%l - Remote logical username from identd (always returns '-')
+%m - Request method
+%p - Local port
+%q - Query string (prepended with a '?' if it exists, otherwise an empty string
+%r - First line of the request
+%s - HTTP status code of the response
+%S - User session ID
+%t - Date and time, in Common Log Format format
+%u - Remote user that was authenticated
+%U - Requested URL path
+%v - Local server name
+%I - current request thread name (can compare later with stacktraces)
+
+%z - Custom pattern that parses the cert for the subject
+%y - Custom pattern determines rest or dme2
+ -->
\ No newline at end of file

diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/logback.xml b/kubernetes/aai/components/aai-graphadmin/resources/config/logback.xml
new file mode 100644 (file)
index 0000000..553de3f
--- /dev/null
+++ b/kubernetes/aai/components/aai-graphadmin/resources/config/logback.xml
@@ -0,0 +1,958 @@
+<?xml version="1.0"?>
+<!--
+
+    ============LICENSE_START=======================================================
+    org.onap.aai
+    ================================================================================
+    Copyright 2019 AT&T Intellectual Property. All rights reserved.
+    ================================================================================
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+    ============LICENSE_END=========================================================
+
+-->
+<configuration scan="true" scanPeriod="60 seconds" debug="false">
+  <statusListener class="ch.qos.logback.core.status.NopStatusListener"/>
+  <property resource="application.properties"/>
+  <property name="namespace" value="graph-admin"/>
+  <property name="AJSC_HOME" value="${AJSC_HOME:-.}"/>
+  <property name="logDirectory" value="${AJSC_HOME}/logs"/>
+  <!-- Old patterns
+       <property name="eelfLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%X{serviceName}|%X{partnerName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
+       <property name="eelfAuditLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%X{serviceName}|%X{partnerName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n|\r\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
+       <property name="eelfMetricLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%X{serviceName}|%X{partnerName}|%X{targetEntity}|%X{targetServiceName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{targetVirtualEntity}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
+       <property name="eelfErrorLogPattern" value="%ecompStartTime|%X{requestId}|%-10t|%X{serviceName}|%X{partnerName}|%X{targetEntity}|%X{targetServiceName}|%ecompErrorCategory|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n|\r\n', '^'}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
+       <property name="eelfErrorLogPattern" value="%ecompStartTime|%X{requestId}|%-10t|%X{serviceName}|%X{partnerName}|%X{targetEntity}|%X{targetServiceName}|%ecompErrorCategory|%ecompResponseCode|%ecompResponseDescription|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
+    <property name="eelfTransLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%X{serviceName}|%X{partnerName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{partnerName}:%m%n"/>
+       -->
+  <property name="p_tim" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}"/>
+  <property name="p_lvl" value="%level"/>
+  <property name="p_log" value="%logger"/>
+  <property name="p_mdc" value="%replace(%replace(%mdc){'\t','\\\\t'}){'\n', '\\\\n'}"/>
+  <property name="p_msg" value="%replace(%replace(%msg){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+  <property name="p_exc" value="%replace(%replace(%rootException){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+  <property name="p_mak" value="%replace(%replace(%marker){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+  <property name="p_thr" value="%thread"/>
+  <property name="pattern" value="%nopexception${p_tim}\t${p_thr}\t${p_lvl}\t${p_log}\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n"/>
+  <!-- Patterns from onap demo -->
+  <property name="errorPattern" value="%X{LogTimestamp}|%X{RequestID}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%.-5level|%X{ErrorCode}|%X{ErrorDesc}|%msg%n"/>
+  <property name="debugPattern" value="%X{LogTimestamp}|%X{RequestID}|%msg\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t|^%n"/>
+  <property name="auditPattern" value="%X{EntryTimestamp}|%X{LogTimestamp}|%X{RequestID}|%X{ServiceInstanceID}|%thread||%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}||||${p_mak}|${p_mdc}|||%msg%n"/>
+  <property name="metricPattern" value="%X{InvokeTimestamp}|%X{LogTimestamp}|%X{RequestID}|%X{ServiceInstanceID}|%thread||%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}||||%X{TargetVirtualEntity}|${p_mak}|${p_mdc}|||%msg%n"/>
+  <property name="transLogPattern" value="%X{LogTimestamp}|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{RequestID}|%X{ServiceInstanceID}|%-10t|%X{ServerFQDN}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%replace(%replace(%X{ResponseDesc}){'\\|', '!'}){'\r|\n', '^'}|%X{InstanceUUID}|%level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{clientIpAddress}||%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{PartnerName}:%m%n"/>
+  <conversionRule conversionWord="clr" converterClass="org.springframework.boot.logging.logback.ColorConverter"/>
+  <conversionRule conversionWord="wex" converterClass="org.springframework.boot.logging.logback.WhitespaceThrowableProxyConverter"/>
+  <conversionRule conversionWord="wEx" converterClass="org.springframework.boot.logging.logback.ExtendedWhitespaceThrowableProxyConverter"/>
+  <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+    <encoder>
+      <pattern>
+                               %clr(%d{yyyy-MM-dd HH:mm:ss.SSS}){faint} %clr(${LOG_LEVEL_PATTERN:-%5p}) %clr(${PID:- }){magenta} %clr(---){faint} %clr([%15.15t]){faint} %clr(%-40.40logger{39}){cyan} %clr(:){faint} %m%n${LOG_EXCEPTION_CONVERSION_WORD:-%wEx}
+                       </pattern>
+    </encoder>
+  </appender>
+  <appender name="SANE" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <file>${logDirectory}/rest/sane.log</file>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/rest/sane.log.%d{yyyy-MM-dd}</fileNamePattern>
+    </rollingPolicy>
+    <encoder>
+      <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n
+                       </pattern>
+    </encoder>
+  </appender>
+  <appender name="asyncSANE" class="ch.qos.logback.classic.AsyncAppender">
+    <queueSize>1000</queueSize>
+    <includeCallerData>true</includeCallerData>
+    <appender-ref ref="SANE"/>
+  </appender>
+  <appender name="METRIC" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <file>${logDirectory}/rest/metrics.log</file>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/rest/metrics.log.%d{yyyy-MM-dd}
+                       </fileNamePattern>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${metricPattern}</pattern>
+    </encoder>
+  </appender>
+  <appender name="asyncMETRIC" class="ch.qos.logback.classic.AsyncAppender">
+    <queueSize>1000</queueSize>
+    <includeCallerData>true</includeCallerData>
+    <appender-ref ref="METRIC"/>
+  </appender>
+  <appender name="DEBUG" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <filter class="ch.qos.logback.classic.filter.LevelFilter">
+      <level>DEBUG</level>
+      <onMatch>ACCEPT</onMatch>
+      <onMismatch>DENY</onMismatch>
+    </filter>
+    <file>${logDirectory}/rest/debug.log</file>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/rest/debug.log.%d{yyyy-MM-dd}</fileNamePattern>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${debugPattern}</pattern>
+    </encoder>
+  </appender>
+  <appender name="asyncDEBUG" class="ch.qos.logback.classic.AsyncAppender">
+    <queueSize>1000</queueSize>
+    <appender-ref ref="DEBUG"/>
+    <includeCallerData>true</includeCallerData>
+  </appender>
+  <appender name="ERROR" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <file>${logDirectory}/rest/error.log</file>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/rest/error.log.%d{yyyy-MM-dd}</fileNamePattern>
+    </rollingPolicy>
+    <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+      <level>WARN</level>
+    </filter>
+    <encoder>
+      <pattern>${errorPattern}</pattern>
+    </encoder>
+  </appender>
+  <appender name="asyncERROR" class="ch.qos.logback.classic.AsyncAppender">
+    <queueSize>1000</queueSize>
+    <appender-ref ref="ERROR"/>
+  </appender>
+  <appender name="AUDIT" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <file>${logDirectory}/rest/audit.log</file>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/rest/audit.log.%d{yyyy-MM-dd}
+                       </fileNamePattern>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${auditPattern}</pattern>
+    </encoder>
+  </appender>
+  <appender name="asyncAUDIT" class="ch.qos.logback.classic.AsyncAppender">
+    <queueSize>1000</queueSize>
+    <includeCallerData>true</includeCallerData>
+    <appender-ref ref="AUDIT"/>
+  </appender>
+  <appender name="translog" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <filter class="ch.qos.logback.classic.filter.LevelFilter">
+      <level>DEBUG</level>
+      <onMatch>ACCEPT</onMatch>
+      <onMismatch>DENY</onMismatch>
+    </filter>
+    <file>${logDirectory}/rest/translog.log</file>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/rest/translog.log.%d{yyyy-MM-dd}
+                       </fileNamePattern>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${transLogPattern}</pattern>
+    </encoder>
+  </appender>
+  <appender name="asynctranslog" class="ch.qos.logback.classic.AsyncAppender">
+    <queueSize>1000</queueSize>
+    <includeCallerData>true</includeCallerData>
+    <appender-ref ref="translog"/>
+  </appender>
+  <appender name="dmaapAAIEventConsumer" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+      <level>WARN</level>
+    </filter>
+    <File>${logDirectory}/dmaapAAIEventConsumer/error.log</File>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/error.log.%d{yyyy-MM-dd}
+                       </fileNamePattern>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${"errorPattern"}</pattern>
+    </encoder>
+  </appender>
+  <appender name="dmaapAAIEventConsumerInfo" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <filter class="ch.qos.logback.classic.filter.LevelFilter">
+      <level>INFO</level>
+      <onMatch>ACCEPT</onMatch>
+      <onMismatch>DENY</onMismatch>
+    </filter>
+    <File>${logDirectory}/dmaapAAIEventConsumer/dmaap-transaction.log</File>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/dmaap-transaction.log.%d{yyyy-MM-dd}
+            </fileNamePattern>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${debugPattern}</pattern>
+    </encoder>
+  </appender>
+  <appender name="dmaapAAIEventConsumerDebug" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <filter class="ch.qos.logback.classic.filter.LevelFilter">
+      <level>DEBUG</level>
+      <onMatch>ACCEPT</onMatch>
+      <onMismatch>DENY</onMismatch>
+    </filter>
+    <File>${logDirectory}/dmaapAAIEventConsumer/debug.log</File>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/debug.log.%d{yyyy-MM-dd}
+                       </fileNamePattern>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${debugPattern}</pattern>
+    </encoder>
+  </appender>
+  <appender name="dmaapAAIEventConsumerMetric" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <filter class="ch.qos.logback.classic.filter.LevelFilter">
+      <level>INFO</level>
+      <onMatch>ACCEPT</onMatch>
+      <onMismatch>DENY</onMismatch>
+    </filter>
+    <File>${logDirectory}/dmaapAAIEventConsumer/metrics.log</File>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/metrics.log.%d{yyyy-MM-dd}
+                       </fileNamePattern>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${metricPattern}</pattern>
+    </encoder>
+  </appender>
+  <appender name="external" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+      <level>WARN</level>
+    </filter>
+    <file>${logDirectory}/external/external.log</file>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/external/external.log.%d{yyyy-MM-dd}
+                       </fileNamePattern>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${debugPattern}</pattern>
+    </encoder>
+  </appender>
+  <!-- DataGrooming logs started -->
+  <appender name="dataGrooming" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+      <level>WARN</level>
+    </filter>
+    <File>${logDirectory}/dataGrooming/error.log</File>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/dataGrooming/error.log.%d{yyyy-MM-dd}</fileNamePattern>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${errorPattern}</pattern>
+    </encoder>
+  </appender>
+  <appender name="dataGroomingdebug" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <filter class="ch.qos.logback.classic.filter.LevelFilter">
+      <level>DEBUG</level>
+      <onMatch>ACCEPT</onMatch>
+      <onMismatch>DENY</onMismatch>
+    </filter>
+    <File>${logDirectory}/dataGrooming/debug.log</File>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/dataGrooming/debug.log.%d{yyyy-MM-dd}</fileNamePattern>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${debugPattern}</pattern>
+    </encoder>
+  </appender>
+  <appender name="dataGroomingaudit" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <filter class="ch.qos.logback.classic.filter.LevelFilter">
+      <level>INFO</level>
+      <onMatch>ACCEPT</onMatch>
+      <onMismatch>DENY</onMismatch>
+    </filter>
+    <File>${logDirectory}/dataGrooming/audit.log</File>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/dataGrooming/audit.log.%d{yyyy-MM-dd}</fileNamePattern>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${auditPattern}</pattern>
+    </encoder>
+  </appender>
+  <!-- DataGrooming logs ended -->
+  <!-- DataSnapshot logs started -->
+  <appender name="dataSnapshot" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+      <level>WARN</level>
+    </filter>
+    <File>${logDirectory}/dataSnapshot/error.log</File>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/dataSnapshot/error.log.%d{yyyy-MM-dd}</fileNamePattern>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${errorPattern}</pattern>
+    </encoder>
+  </appender>
+  <appender name="dataSnapshotdebug" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <filter class="ch.qos.logback.classic.filter.LevelFilter">
+      <level>DEBUG</level>
+      <onMatch>ACCEPT</onMatch>
+      <onMismatch>DENY</onMismatch>
+    </filter>
+    <File>${logDirectory}/dataSnapshot/debug.log</File>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/dataSnapshot/debug.log.%d{yyyy-MM-dd}</fileNamePattern>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${debugPattern}</pattern>
+    </encoder>
+  </appender>
+  <appender name="dataSnapshotaudit" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <filter class="ch.qos.logback.classic.filter.LevelFilter">
+      <level>INFO</level>
+      <onMatch>ACCEPT</onMatch>
+      <onMismatch>DENY</onMismatch>
+    </filter>
+    <File>${logDirectory}/dataSnapshot/audit.log</File>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/dataSnapshot/audit.log.%d{yyyy-MM-dd}</fileNamePattern>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${auditPattern}</pattern>
+    </encoder>
+  </appender>
+  <!-- DataSnapshot logs ended -->
+  <!-- HistoryTruncate logs started -->
+  <appender name="historyTruncate" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+      <level>WARN</level>
+    </filter>
+    <File>${logDirectory}/historyTruncate/error.log</File>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/historyTruncate/error.log.%d{yyyy-MM-dd}</fileNamePattern>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${errorPattern}</pattern>
+    </encoder>
+  </appender>
+  <appender name="historyTruncatedebug" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <filter class="ch.qos.logback.classic.filter.LevelFilter">
+      <level>DEBUG</level>
+      <onMatch>ACCEPT</onMatch>
+      <onMismatch>DENY</onMismatch>
+    </filter>
+    <File>${logDirectory}/historyTruncate/debug.log</File>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/historyTruncate/debug.log.%d{yyyy-MM-dd}</fileNamePattern>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${debugPattern}</pattern>
+    </encoder>
+  </appender>
+  <appender name="historyTruncateaudit" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <filter class="ch.qos.logback.classic.filter.LevelFilter">
+      <level>INFO</level>
+      <onMatch>ACCEPT</onMatch>
+      <onMismatch>DENY</onMismatch>
+    </filter>
+    <File>${logDirectory}/historyTruncate/audit.log</File>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/historyTruncate/audit.log.%d{yyyy-MM-dd}</fileNamePattern>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${auditPattern}</pattern>
+    </encoder>
+  </appender>
+  <!-- historyTruncate logs ended -->
+  <!-- CreateDBSchema logs started  -->
+  <appender name="createDBSchema" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+      <level>WARN</level>
+    </filter>
+    <File>${logDirectory}/createDBSchema/error.log</File>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/createDBSchema/error.log.%d{yyyy-MM-dd}</fileNamePattern>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${"errorPattern"}</pattern>
+    </encoder>
+  </appender>
+  <appender name="createDBSchemadebug" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <filter class="ch.qos.logback.classic.filter.LevelFilter">
+      <level>DEBUG</level>
+      <onMatch>ACCEPT</onMatch>
+      <onMismatch>DENY</onMismatch>
+    </filter>
+    <File>${logDirectory}/createDBSchema/debug.log</File>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/createDBSchema/debug.log.%d{yyyy-MM-dd}</fileNamePattern>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${debugPattern}</pattern>
+    </encoder>
+  </appender>
+  <appender name="createDBSchemametric" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <filter class="ch.qos.logback.classic.filter.LevelFilter">
+      <level>INFO</level>
+      <onMatch>ACCEPT</onMatch>
+      <onMismatch>DENY</onMismatch>
+    </filter>
+    <File>${logDirectory}/createDBSchema/metrics.log</File>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/createDBSchema/metrics.log.%d{yyyy-MM-dd}</fileNamePattern>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${metricPattern}</pattern>
+    </encoder>
+  </appender>
+  <!-- CreateDBSchema logs ended  -->
+  <!-- DataCleanupTasks logs started  -->
+  <appender name="dataCleanuperror" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+      <level>WARN</level>
+    </filter>
+    <File>${logDirectory}/misc/error.log</File>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/misc/error.log.%d{yyyy-MM-dd}</fileNamePattern>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${"errorPattern"}</pattern>
+    </encoder>
+  </appender>
+  <appender name="dataCleanupdebug" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <filter class="ch.qos.logback.classic.filter.LevelFilter">
+      <level>DEBUG</level>
+      <onMatch>ACCEPT</onMatch>
+      <onMismatch>DENY</onMismatch>
+    </filter>
+    <File>${logDirectory}/misc/debug.log</File>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/misc/debug.log.%d{yyyy-MM-dd}</fileNamePattern>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${debugPattern}</pattern>
+    </encoder>
+  </appender>
+  <appender name="dataCleanupaudit" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <filter class="ch.qos.logback.classic.filter.LevelFilter">
+      <level>INFO</level>
+      <onMatch>ACCEPT</onMatch>
+      <onMismatch>DENY</onMismatch>
+    </filter>
+    <File>${logDirectory}/misc/audit.log</File>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/misc/audit.log.%d{yyyy-MM-dd}</fileNamePattern>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${auditPattern}</pattern>
+    </encoder>
+  </appender>
+  <!-- DataCleanupTasks logs ended  -->
+  <!-- dupeTool logs started -->
+  <appender name="dupeTooldebug" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <filter class="ch.qos.logback.classic.filter.LevelFilter">
+      <level>DEBUG</level>
+      <onMatch>ACCEPT</onMatch>
+      <onMismatch>DENY</onMismatch>
+    </filter>
+    <File>${logDirectory}/dupetool/debug.log</File>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/dupetool/debug.log.%d{yyyy-MM-dd}</fileNamePattern>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${debugPattern}</pattern>
+    </encoder>
+  </appender>
+  <appender name="dupeToolerror" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <filter class="ch.qos.logback.classic.filter.LevelFilter">
+      <level>WARN</level>
+      <onMatch>ACCEPT</onMatch>
+      <onMismatch>DENY</onMismatch>
+    </filter>
+    <File>${logDirectory}/dupeTool/error.log</File>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/dupeTool/error.log.%d{yyyy-MM-dd}</fileNamePattern>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${errorPattern}</pattern>
+    </encoder>
+  </appender>
+  <!-- dupeTool logs ended -->
+  <!-- dynamicPayloadGenerator log starts here -->
+  <appender name="dynamicPayloadGeneratorError" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+      <level>WARN</level>
+    </filter>
+    <File>${logDirectory}/dynamicPayloadGenerator/error.log</File>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/dynamicPayloadGenerator/error.log.%d{yyyy-MM-dd}</fileNamePattern>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${errorPattern}</pattern>
+    </encoder>
+  </appender>
+  <appender name="dynamicPayloadGeneratorDebug" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <filter class="ch.qos.logback.classic.filter.LevelFilter">
+      <level>DEBUG</level>
+      <onMatch>ACCEPT</onMatch>
+      <onMismatch>DENY</onMismatch>
+    </filter>
+    <File>${logDirectory}/dynamicPayloadGenerator/debug.log</File>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/dynamicPayloadGenerator/debug.log.%d{yyyy-MM-dd}</fileNamePattern>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${debugPattern}</pattern>
+    </encoder>
+  </appender>
+  <appender name="dynamicPayloadGeneratorAudit" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <filter class="ch.qos.logback.classic.filter.LevelFilter">
+      <level>INFO</level>
+      <onMatch>ACCEPT</onMatch>
+      <onMismatch>DENY</onMismatch>
+    </filter>
+    <File>${logDirectory}/dataExport/audit.log</File>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/dynamicPayloadGenerator/audit.log.%d{yyyy-MM-dd}</fileNamePattern>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${auditPattern}</pattern>
+    </encoder>
+  </appender>
+  <!-- dynamicPayloadGenerator log ends here -->
+  <!-- forceDelete logs started -->
+  <appender name="forceDeletedebug" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <filter class="ch.qos.logback.classic.filter.LevelFilter">
+      <level>DEBUG</level>
+      <onMatch>ACCEPT</onMatch>
+      <onMismatch>DENY</onMismatch>
+    </filter>
+    <File>${logDirectory}/forceDelete/debug.log</File>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/forceDelete/debug.log.%d{yyyy-MM-dd}</fileNamePattern>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${debugPattern}</pattern>
+    </encoder>
+  </appender>
+  <appender name="forceDeleteerror" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <filter class="ch.qos.logback.classic.filter.LevelFilter">
+      <level>WARN</level>
+      <onMatch>ACCEPT</onMatch>
+      <onMismatch>DENY</onMismatch>
+    </filter>
+    <File>${logDirectory}/forceDelete/error.log</File>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/forceDelete/error.log.%d{yyyy-MM-dd}</fileNamePattern>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${errorPattern}</pattern>
+    </encoder>
+  </appender>
+  <!-- forceDelete logs ended -->
+  <!-- migration logs started -->
+  <appender name="migrationdebug" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <filter class="ch.qos.logback.classic.filter.LevelFilter">
+      <level>DEBUG</level>
+      <onMatch>ACCEPT</onMatch>
+      <onMismatch>DENY</onMismatch>
+    </filter>
+    <File>${logDirectory}/migration/debug.log</File>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/migration/debug.log.%d{yyyy-MM-dd}</fileNamePattern>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${debugPattern}</pattern>
+    </encoder>
+  </appender>
+  <appender name="migrationerror" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <filter class="ch.qos.logback.classic.filter.LevelFilter">
+      <level>WARN</level>
+      <onMatch>ACCEPT</onMatch>
+      <onMismatch>DENY</onMismatch>
+    </filter>
+    <File>${logDirectory}/migration/error.log</File>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/migration/error.log.%d{yyyy-MM-dd}</fileNamePattern>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${errorPattern}</pattern>
+    </encoder>
+  </appender>
+  <!-- migration logs ended -->
+  <!-- DataGrooming logs started -->
+  <appender name="dataExportError" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+      <level>WARN</level>
+    </filter>
+    <File>${logDirectory}/dataExport/error.log</File>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/dataExport/error.log.%d{yyyy-MM-dd}</fileNamePattern>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${errorPattern}</pattern>
+    </encoder>
+  </appender>
+  <appender name="dataExportDebug" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <filter class="ch.qos.logback.classic.filter.LevelFilter">
+      <level>DEBUG</level>
+      <onMatch>ACCEPT</onMatch>
+      <onMismatch>DENY</onMismatch>
+    </filter>
+    <File>${logDirectory}/dataExport/debug.log</File>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/dataExport/debug.log.%d{yyyy-MM-dd}</fileNamePattern>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${debugPattern}</pattern>
+    </encoder>
+  </appender>
+  <appender name="dataExportAudit" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <filter class="ch.qos.logback.classic.filter.LevelFilter">
+      <level>INFO</level>
+      <onMatch>ACCEPT</onMatch>
+      <onMismatch>DENY</onMismatch>
+    </filter>
+    <File>${logDirectory}/dataExport/audit.log</File>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/dataExport/audit.log.%d{yyyy-MM-dd}</fileNamePattern>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${auditPattern}</pattern>
+    </encoder>
+  </appender>
+  <!-- schemaMod log starts -->
+  <appender name="schemaModdebug" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <filter class="ch.qos.logback.classic.filter.LevelFilter">
+      <level>DEBUG</level>
+      <onMatch>ACCEPT</onMatch>
+      <onMismatch>DENY</onMismatch>
+    </filter>
+    <File>${logDirectory}/schemaMod/debug.log</File>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/schemaMod/debug.log.%d{yyyy-MM-dd}</fileNamePattern>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${debugPattern}</pattern>
+    </encoder>
+  </appender>
+  <appender name="schemaModerror" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <filter class="ch.qos.logback.classic.filter.LevelFilter">
+      <level>WARN</level>
+      <onMatch>ACCEPT</onMatch>
+      <onMismatch>DENY</onMismatch>
+    </filter>
+    <File>${logDirectory}/schemaMod/error.log</File>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/schemaMod/error.log.%d{yyyy-MM-dd}</fileNamePattern>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${errorPattern}</pattern>
+    </encoder>
+  </appender>
+  <!-- schemaMod log ends -->
+  <!-- uniquePropertyCheck log starts here -->
+  <appender name="uniquePropertyCheckdebug" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <filter class="ch.qos.logback.classic.filter.LevelFilter">
+      <level>DEBUG</level>
+      <onMatch>ACCEPT</onMatch>
+      <onMismatch>DENY</onMismatch>
+    </filter>
+    <File>${logDirectory}/uniquePropertyCheck/debug.log</File>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/uniquePropertyCheck/debug.log.%d{yyyy-MM-dd}</fileNamePattern>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${debugPattern}</pattern>
+    </encoder>
+  </appender>
+  <appender name="uniquePropertyCheckmetric" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <filter class="ch.qos.logback.classic.filter.LevelFilter">
+      <level>INFO</level>
+      <onMatch>ACCEPT</onMatch>
+      <onMismatch>DENY</onMismatch>
+    </filter>
+    <File>${logDirectory}/uniquePropertyCheck/metrics.log</File>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/uniquePropertyCheck/metrics.log.%d{yyyy-MM-dd}</fileNamePattern>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${metricPattern}</pattern>
+    </encoder>
+  </appender>
+  <appender name="uniquePropertyCheckerror" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <filter class="ch.qos.logback.classic.filter.LevelFilter">
+      <level>WARN</level>
+      <onMatch>ACCEPT</onMatch>
+      <onMismatch>DENY</onMismatch>
+    </filter>
+    <File>${logDirectory}/uniquePropertyCheck/error.log</File>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/uniquePropertyCheck/error.log.%d{yyyy-MM-dd}</fileNamePattern>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${errorPattern}</pattern>
+    </encoder>
+  </appender>
+  <!-- uniquePropertyCheck log ends here -->
+  <!-- dynamicPayloadGenerator log starts here -->
+  <appender name="dynamicPayloadGeneratorError" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+      <level>WARN</level>
+    </filter>
+    <File>${logDirectory}/dynamicPayloadGenerator/error.log</File>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/dynamicPayloadGenerator/error.log.%d{yyyy-MM-dd}</fileNamePattern>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${errorPattern}</pattern>
+    </encoder>
+  </appender>
+  <appender name="dynamicPayloadGeneratorDebug" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <filter class="ch.qos.logback.classic.filter.LevelFilter">
+      <level>DEBUG</level>
+      <onMatch>ACCEPT</onMatch>
+      <onMismatch>DENY</onMismatch>
+    </filter>
+    <File>${logDirectory}/dynamicPayloadGenerator/debug.log</File>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/dynamicPayloadGenerator/debug.log.%d{yyyy-MM-dd}</fileNamePattern>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${debugPattern}</pattern>
+    </encoder>
+  </appender>
+  <appender name="dynamicPayloadGeneratorAudit" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <filter class="ch.qos.logback.classic.filter.LevelFilter">
+      <level>INFO</level>
+      <onMatch>ACCEPT</onMatch>
+      <onMismatch>DENY</onMismatch>
+    </filter>
+    <File>${logDirectory}/dataExport/audit.log</File>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/dynamicPayloadGenerator/audit.log.%d{yyyy-MM-dd}</fileNamePattern>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${auditPattern}</pattern>
+    </encoder>
+  </appender>
+  <!-- dynamicPayloadGenerator log ends here -->
+  <logger name="org.onap.aai" level="DEBUG" additivity="false">
+    <appender-ref ref="asyncDEBUG"/>
+    <appender-ref ref="asyncSANE"/>
+    <appender-ref ref="STDOUT"/>
+  </logger>
+  <!-- Spring related loggers -->
+  <logger name="org.springframework" level="WARN"/>
+  <logger name="org.springframework.beans" level="WARN"/>
+  <logger name="org.springframework.web" level="WARN"/>
+  <logger name="com.blog.spring.jms" level="WARN"/>
+  <logger name="com.jayway.jsonpath" level="WARN"/>
+  <!-- AJSC Services (bootstrap services) -->
+  <logger name="ajsc" level="WARN"/>
+  <logger name="ajsc.RouteMgmtService" level="WARN"/>
+  <logger name="ajsc.ComputeService" level="WARN"/>
+  <logger name="ajsc.VandelayService" level="WARN"/>
+  <logger name="ajsc.FilePersistenceService" level="WARN"/>
+  <logger name="ajsc.UserDefinedJarService" level="WARN"/>
+  <logger name="ajsc.UserDefinedBeansDefService" level="WARN"/>
+  <logger name="ajsc.LoggingConfigurationService" level="WARN"/>
+  <!-- AJSC related loggers (DME2 Registration, csi logging, restlet, servlet 
+               logging) -->
+  <logger name="org.codehaus.groovy" level="WARN"/>
+  <logger name="com.att.scamper" level="WARN"/>
+  <logger name="ajsc.utils" level="WARN"/>
+  <logger name="ajsc.utils.DME2Helper" level="WARN"/>
+  <logger name="ajsc.filters" level="WARN"/>
+  <logger name="ajsc.beans.interceptors" level="WARN"/>
+  <logger name="ajsc.restlet" level="WARN"/>
+  <logger name="ajsc.servlet" level="WARN"/>
+  <logger name="com.att.ajsc" level="WARN"/>
+  <logger name="com.att.ajsc.csi.logging" level="WARN"/>
+  <logger name="com.att.ajsc.filemonitor" level="WARN"/>
+  <logger name="com.netflix.loadbalancer" level="WARN"/>
+  <logger name="org.apache.zookeeper" level="WARN"/>
+  <!-- Other Loggers that may help troubleshoot -->
+  <logger name="net.sf" level="WARN"/>
+  <logger name="org.apache.commons.httpclient" level="WARN"/>
+  <logger name="org.apache.commons" level="WARN"/>
+  <logger name="org.apache.coyote" level="WARN"/>
+  <logger name="org.apache.jasper" level="WARN"/>
+  <!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging. 
+               May aid in troubleshooting) -->
+  <logger name="org.apache.camel" level="WARN"/>
+  <logger name="org.apache.cxf" level="WARN"/>
+  <logger name="org.apache.camel.processor.interceptor" level="WARN"/>
+  <logger name="org.apache.cxf.jaxrs.interceptor" level="WARN"/>
+  <logger name="org.apache.cxf.service" level="WARN"/>
+  <logger name="org.restlet" level="WARN"/>
+  <logger name="org.apache.camel.component.restlet" level="WARN"/>
+  <logger name="org.hibernate.validator" level="WARN"/>
+  <logger name="org.hibernate" level="WARN"/>
+  <logger name="org.hibernate.ejb" level="OFF"/>
+  <!-- logback internals logging -->
+  <logger name="ch.qos.logback.classic" level="WARN"/>
+  <logger name="ch.qos.logback.core" level="WARN"/>
+  <logger name="org.eclipse.jetty" level="WARN"/>
+  <!-- logback jms appenders & loggers definition starts here -->
+  <appender name="auditLogs" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <filter class="ch.qos.logback.classic.filter.ThresholdFilter"/>
+    <file>${logDirectory}/perf-audit/Audit-${lrmRVer}-${lrmRO}-${Pid}.log
+               </file>
+    <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+      <fileNamePattern>${logDirectory}/perf-audit/Audit-${lrmRVer}-${lrmRO}-${Pid}.%i.log.zip
+                       </fileNamePattern>
+      <minIndex>1</minIndex>
+      <maxIndex>9</maxIndex>
+    </rollingPolicy>
+    <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+      <maxFileSize>5MB</maxFileSize>
+    </triggeringPolicy>
+    <encoder>
+      <pattern>auditPattern</pattern>
+    </encoder>
+  </appender>
+  <appender name="perfLogs" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <filter class="ch.qos.logback.classic.filter.ThresholdFilter"/>
+    <file>${logDirectory}/perf-audit/Perform-${lrmRVer}-${lrmRO}-${Pid}.log
+               </file>
+    <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+      <fileNamePattern>${logDirectory}/perf-audit/Perform-${lrmRVer}-${lrmRO}-${Pid}.%i.log.zip
+                       </fileNamePattern>
+      <minIndex>1</minIndex>
+      <maxIndex>9</maxIndex>
+    </rollingPolicy>
+    <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+      <maxFileSize>5MB</maxFileSize>
+    </triggeringPolicy>
+    <encoder>
+      <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
+    </encoder>
+  </appender>
+  <appender name="auth" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+      <level>DEBUG</level>
+    </filter>
+    <file>${logDirectory}/auth/auth.log</file>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/auth/auth.log.%d{yyyy-MM-dd}
+                       </fileNamePattern>
+    </rollingPolicy>
+    <encoder>
+      <pattern>%d{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}[%thread] %-5level %logger{1024} - %msg%n</pattern>
+    </encoder>
+  </appender>
+  <appender name="asyncAUTH" class="ch.qos.logback.classic.AsyncAppender">
+    <queueSize>1000</queueSize>
+    <includeCallerData>true</includeCallerData>
+    <appender-ref ref="auth"/>
+  </appender>
+  <logger name="AuditRecord" level="INFO" additivity="false">
+    <appender-ref ref="auditLogs"/>
+  </logger>
+  <logger name="AuditRecord_DirectCall" level="INFO" additivity="false">
+    <appender-ref ref="auditLogs"/>
+  </logger>
+  <logger name="PerfTrackerRecord" level="INFO" additivity="false">
+    <appender-ref ref="perfLogs"/>
+  </logger>
+  <!-- logback jms appenders & loggers definition ends here -->
+  <logger name="org.onap.aai.aaf" level="DEBUG" additivity="false">
+    <appender-ref ref="asyncAUTH"/>
+  </logger>
+  <logger name="org.onap.aai.aailog.filter.RestClientLoggingInterceptor" level="INFO">
+    <appender-ref ref="asyncMETRIC"/>
+  </logger>
+  <logger name="org.onap.logging.filter.base.AbstractMetricLogFilter" level="INFO">
+    <appender-ref ref="asyncMETRIC"/>
+  </logger>
+  <logger name="org.onap.aai.aailog.logs.AaiScheduledTaskAuditLog" level="INFO">
+    <appender-ref ref="asyncAUDIT"/>
+  </logger>
+  <logger name="org.onap.logging.filter.base.AbstractAuditLogFilter" level="INFO">
+    <appender-ref ref="asyncAUDIT"/>
+  </logger>
+  <logger name="org.onap.aai.aailog.logs.AaiDBMetricLog" level="INFO">
+    <appender-ref ref="asyncMETRIC"/>
+  </logger>
+  <logger name="org.onap.aai.logging.ErrorLogHelper" level="WARN">
+    <appender-ref ref="asyncERROR"/>
+  </logger>
+  <logger name="org.onap.aai.interceptors.post" level="DEBUG" additivity="false">
+    <appender-ref ref="asynctranslog"/>
+  </logger>
+  <logger name="org.onap.aai.dmaap" level="DEBUG" additivity="false">
+    <appender-ref ref="dmaapAAIEventConsumer"/>
+    <appender-ref ref="dmaapAAIEventConsumerDebug"/>
+    <appender-ref ref="dmaapAAIEventConsumerMetric"/>
+  </logger>
+  <logger name="org.onap.aai.datasnapshot" level="DEBUG" additivity="false">
+    <appender-ref ref="dataSnapshot"/>
+    <appender-ref ref="dataSnapshotdebug"/>
+    <appender-ref ref="dataSnapshotaudit"/>
+    <appender-ref ref="STDOUT"/>
+  </logger>
+  <logger name="org.onap.aai.historytruncate" level="DEBUG" additivity="false">
+    <appender-ref ref="historyTruncate"/>
+    <appender-ref ref="historyTruncatedebug"/>
+    <appender-ref ref="historyTruncateaudit"/>
+  </logger>
+  <logger name="org.onap.aai.datagrooming" level="DEBUG" additivity="false">
+    <appender-ref ref="dataGrooming"/>
+    <appender-ref ref="dataGroomingdebug"/>
+    <appender-ref ref="dataGroomingaudit"/>
+    <appender-ref ref="STDOUT"/>
+  </logger>
+  <logger name="org.onap.aai.schema" level="DEBUG" additivity="false">
+    <appender-ref ref="createDBSchema"/>
+    <appender-ref ref="createDBSchemadebug"/>
+    <appender-ref ref="createDBSchemametric"/>
+  </logger>
+  <logger name="org.onap.aai.dbgen.DupeTool" level="DEBUG" additivity="false">
+    <appender-ref ref="dupeTooldebug"/>
+    <appender-ref ref="dupeToolerror"/>
+  </logger>
+  <logger name="org.onap.aai.dbgen.DynamicPayloadGenerator" level="DEBUG" additivity="false">
+    <appender-ref ref="dynamicPayloadGeneratorAudit"/>
+    <appender-ref ref="dynamicPayloadGeneratorError"/>
+    <appender-ref ref="dynamicPayloadGeneratorDebug"/>
+  </logger>
+  <logger name="org.onap.aai.dbgen" level="DEBUG" additivity="false">
+    <appender-ref ref="createDBSchema"/>
+    <appender-ref ref="createDBSchemadebug"/>
+    <appender-ref ref="createDBSchemametric"/>
+  </logger>
+  <logger name="org.onap.aai.datacleanup" level="DEBUG" additivity="false">
+    <appender-ref ref="dataCleanuperror"/>
+    <appender-ref ref="dataCleanupdebug"/>
+    <appender-ref ref="dataCleanupaudit"/>
+    <appender-ref ref="STDOUT"/>
+  </logger>
+  <logger name="org.onap.aai.migration" level="DEBUG" additivity="false">
+    <appender-ref ref="migrationdebug"/>
+    <appender-ref ref="migrationerror"/>
+  </logger>
+  <logger name="org.onap.aai.util.SendMigrationNotifications" level="DEBUG" additivity="false">
+    <appender-ref ref="migrationdebug"/>
+    <appender-ref ref="migrationerror"/>
+  </logger>
+  <logger name="org.onap.aai.util.SendDeleteMigrationNotifications" level="DEBUG" additivity="false">
+    <appender-ref ref="migrationdebug"/>
+    <appender-ref ref="migrationerror"/>
+  </logger>
+  <logger name="org.onap.aai.dataexport" level="DEBUG" additivity="false">
+    <appender-ref ref="dataExportError"/>
+    <appender-ref ref="dataExportDebug"/>
+    <appender-ref ref="dataExportAudit"/>
+    <appender-ref ref="STDOUT"/>
+  </logger>
+  <logger name="org.apache" level="WARN"/>
+  <logger name="org.zookeeper" level="WARN"/>
+  <logger name="com.netflix" level="WARN"/>
+  <logger name="org.janusgraph" level="WARN"/>
+  <logger name="com.att.aft.dme2" level="WARN"/>
+  <!-- ============================================================================ -->
+  <!-- General EELF logger -->
+  <!-- ============================================================================ -->
+  <logger name="com.att.eelf" level="WARN" additivity="false">
+    <appender-ref ref="asyncDEBUG"/>
+    <appender-ref ref="asyncERROR"/>
+    <appender-ref ref="asyncMETRIC"/>
+  </logger>
+  <root level="DEBUG">
+    <appender-ref ref="external"/>
+    <appender-ref ref="STDOUT"/>
+  </root>
+</configuration>

diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/migration/janusgraph-migration-cached.properties b/kubernetes/aai/components/aai-graphadmin/resources/config/migration/janusgraph-migration-cached.properties
new file mode 100644 (file)
index 0000000..b8f9a7f
--- /dev/null
+++ b/kubernetes/aai/components/aai-graphadmin/resources/config/migration/janusgraph-migration-cached.properties
@@ -0,0 +1,70 @@
+#
+# ============LICENSE_START=======================================================
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+query.fast-property=true
+query.smart-limit=false
+
+{{- if eq .Values.global.jobs.migration.remoteCassandra.enabled false }}
+
+storage.backend=cql
+storage.hostname={{ .Values.global.cassandra.existingInstServiceName | default .Values.global.cassandra.serviceName }}
+storage.cql.keyspace=aaigraph
+storage.username={{.Values.global.cassandra.username}}
+storage.password={{.Values.global.cassandra.password}}
+
+storage.cql.read-consistency-level=LOCAL_QUORUM
+storage.cql.write-consistency-level=LOCAL_QUORUM
+storage.cql.replication-factor={{.Values.global.cassandra.replicas}}
+storage.cql.only-use-local-consistency-for-system-operations=true
+{{- else }}
+{{- if .Values.global.jobs.migration.remoteCassandra.storage }}
+storage.backend={{ .Values.global.jobs.migration.remoteCassandra.storage.backend }}
+storage.hostname={{ .Values.global.jobs.migration.remoteCassandra.storage.hostname }}
+{{- if eq .Values.global.jobs.migration.remoteCassandra.storage.backend "cassandra" }}
+storage.cassandra.keyspace={{ .Values.global.jobs.migration.remoteCassandra.storage.name }}
+storage.cassandra.read-consistency-level={{ .Values.global.jobs.migration.remoteCassandra.storage.cassandra.readConsistency }}
+storage.cassandra.write-consistency-level={{ .Values.global.jobs.migration.remoteCassandra.storage.cassandra.writeConsistency }}
+storage.cassandra.replication-factor={{ .Values.global.jobs.migration.remoteCassandra.storage.cassandra.replicationFactor | int }}
+storage.cassandra.replication-strategy-class=org.apache.cassandra.locator.SimpleStrategy
+
+{{- else if eq .Values.global.jobs.migration.remoteCassandra.storage.backend "cql" }}
+storage.cql.keyspace={{ .Values.global.jobs.migration.remoteCassandra.storage.name }}
+storage.cql.read-consistency-level={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.readConsistency }}
+storage.cql.write-consistency-level={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.readConsistency }}
+storage.cql.replication-factor={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.replicationFactor | int }}
+storage.cql.only-use-local-consistency-for-system-operations={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.localConsistencyForSysOps }}
+storage.cql.cluster-name={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.clusterName }}
+storage.cql.local-datacenter={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.localDataCenter }}
+
+{{- else if eq .Values.global.jobs.migration.remoteCassandra.storage.backend "hbase" }}
+storage.hbase.table={{ .Values.global.jobs.migration.remoteCassandra.storage.name }}
+{{- end }}
+storage.connection-timeout={{ .Values.global.jobs.migration.remoteCassandra.storage.connectionTimeout | int }}
+cache.tx-cache-size={{ .Values.global.jobs.migration.remoteCassandra.storage.cacheSize | int }}
+log.tx.key-consistent={{ .Values.global.jobs.migration.remoteCassandra.storage.keyConsistent }}
+{{- end }}
+{{- end }}
+storage.lock.wait-time=300
+
+#caching on
+cache.db-cache = true
+cache.db-cache-clean-wait = 20
+cache.db-cache-time = 180000
+cache.db-cache-size = 0.3
+
+#load graphson file on startup
+load.snapshot.file=false

diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/migration/janusgraph-migration-real.properties b/kubernetes/aai/components/aai-graphadmin/resources/config/migration/janusgraph-migration-real.properties
new file mode 100644 (file)
index 0000000..4b7261e
--- /dev/null
+++ b/kubernetes/aai/components/aai-graphadmin/resources/config/migration/janusgraph-migration-real.properties
@@ -0,0 +1,65 @@
+#
+# ============LICENSE_START=======================================================
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+query.fast-property=true
+query.smart-limit=false
+
+{{- if eq .Values.global.jobs.migration.remoteCassandra.enabled false }}
+
+storage.backend=cql
+storage.hostname={{ .Values.global.cassandra.existingInstServiceName | default .Values.global.cassandra.serviceName }}
+storage.cql.keyspace=aaigraph
+storage.username={{.Values.global.cassandra.username}}
+storage.password={{.Values.global.cassandra.password}}
+
+storage.cql.read-consistency-level=LOCAL_QUORUM
+storage.cql.write-consistency-level=LOCAL_QUORUM
+storage.cql.replication-factor={{.Values.global.cassandra.replicas}}
+storage.cql.only-use-local-consistency-for-system-operations=true
+{{- else }}
+{{- if .Values.global.jobs.migration.remoteCassandra.storage }}
+storage.backend={{ .Values.global.jobs.migration.remoteCassandra.storage.backend }}
+storage.hostname={{ .Values.global.jobs.migration.remoteCassandra.storage.hostname }}
+{{- if eq .Values.global.jobs.migration.remoteCassandra.storage.backend "cassandra" }}
+storage.cassandra.keyspace={{ .Values.global.jobs.migration.remoteCassandra.storage.name }}
+storage.cassandra.read-consistency-level={{ .Values.global.jobs.migration.remoteCassandra.storage.cassandra.readConsistency }}
+storage.cassandra.write-consistency-level={{ .Values.global.jobs.migration.remoteCassandra.storage.cassandra.writeConsistency }}
+storage.cassandra.replication-factor={{ .Values.global.jobs.migration.remoteCassandra.storage.cassandra.replicationFactor | int }}
+storage.cassandra.replication-strategy-class=org.apache.cassandra.locator.SimpleStrategy
+
+{{- else if eq .Values.global.jobs.migration.remoteCassandra.storage.backend "cql" }}
+storage.cql.keyspace={{ .Values.global.jobs.migration.remoteCassandra.storage.name }}
+storage.cql.read-consistency-level={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.readConsistency }}
+storage.cql.write-consistency-level={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.readConsistency }}
+storage.cql.replication-factor={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.replicationFactor | int }}
+storage.cql.only-use-local-consistency-for-system-operations={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.localConsistencyForSysOps }}
+storage.cql.cluster-name={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.clusterName }}
+storage.cql.local-datacenter={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.localDataCenter }}
+
+{{- else if eq .Values.global.jobs.migration.remoteCassandra.storage.backend "hbase" }}
+storage.hbase.table={{ .Values.global.jobs.migration.remoteCassandra.storage.name }}
+{{- end }}
+storage.connection-timeout={{ .Values.global.jobs.migration.remoteCassandra.storage.connectionTimeout | int }}
+cache.tx-cache-size={{ .Values.global.jobs.migration.remoteCassandra.storage.cacheSize | int }}
+log.tx.key-consistent={{ .Values.global.jobs.migration.remoteCassandra.storage.keyConsistent }}
+{{- end }}
+{{- end }}
+storage.lock.wait-time=300
+# Setting db-cache to false ensure the fastest propagation of changes across servers
+cache.db-cache = false
+#load graphson file on startup
+load.snapshot.file=false

diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/realm.properties b/kubernetes/aai/components/aai-graphadmin/resources/config/realm.properties
new file mode 100644 (file)
index 0000000..97627ea
--- /dev/null
+++ b/kubernetes/aai/components/aai-graphadmin/resources/config/realm.properties
@@ -0,0 +1,42 @@
+#
+# ============LICENSE_START=======================================================
+# org.onap.aai
+# ================================================================================
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+# format : username: password[,rolename ...]
+# default username/password: AAI/AAI, MSO/MSO, ModelLoader/ModelLoader...
+AAI:OBF:1gfr1ev31gg7,admin
+MSO:OBF:1jzx1lz31k01,admin
+SDNC:OBF:1itr1i0l1i151isv,admin
+DCAE:OBF:1g8u1f9d1f991g8w,admin
+POLICY:OBF:1mk61i171ima1im41i0j1mko,admin
+ASDC:OBF:1f991j0u1j001f9d,admin
+VID:OBF:1jm91i0v1jl9,admin
+APPC:OBF:1f991ksf1ksf1f9d,admin
+ModelLoader:OBF:1qvu1v2h1sov1sar1wfw1j7j1wg21saj1sov1v1x1qxw,admin
+AaiUI:OBF:1gfr1p571unz1p4j1gg7,admin
+OOF:OBF:1img1ke71ily,admin
+aai@aai.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+so@so.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+sdnc@sdnc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+dcae@dcae.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+policy@policy.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+sdc@sdc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+vid@vid.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+appc@appc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+oof@oof.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+pomba@pomba.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+vfc@vfc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin

diff --git a/kubernetes/aai/components/aai-graphadmin/templates/configmap.yaml b/kubernetes/aai/components/aai-graphadmin/templates/configmap.yaml
new file mode 100644 (file)
index 0000000..e704743
--- /dev/null
+++ b/kubernetes/aai/components/aai-graphadmin/templates/configmap.yaml
@@ -0,0 +1,63 @@
+#
+# ============LICENSE_START=======================================================
+# org.onap.aai
+# ================================================================================
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-configmap
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+  {{- if .Values.global.jobs.migration.enabled }}
+  annotations:
+    "helm.sh/hook": pre-upgrade,pre-install
+    "helm.sh/hook-weight": "0"
+    "helm.sh/hook-delete-policy": before-hook-creation
+  {{- end }}
+data:
+{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/localhost-access-logback.xml").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/janusgraph-realtime.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/janusgraph-cached.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/aaiconfig.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/realm.properties").AsConfig . | indent 2 }}
+
+{{- if .Values.global.jobs.migration.enabled }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-migration-configmap
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+  annotations:
+    "helm.sh/hook": pre-upgrade,pre-install
+    "helm.sh/hook-weight": "0"
+    "helm.sh/hook-delete-policy": before-hook-creation
+data:
+{{ tpl (.Files.Glob "resources/config/migration/*").AsConfig . | indent 2 }}
+{{- end }}

diff --git a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml
new file mode 100644 (file)
index 0000000..a43e984
--- /dev/null
+++ b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml
@@ -0,0 +1,187 @@
+#
+# ============LICENSE_START=======================================================
+# org.onap.aai
+# ================================================================================
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2020 Nokia Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "common.fullname" . }}
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app: {{ include "common.name" . }}
+  template:
+    metadata:
+      labels:
+        app: {{ include "common.name" . }}
+        release: {{ include "common.release" . }}
+      name: {{ include "common.name" . }}
+      annotations:
+        checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+    spec:
+      hostname: aai-graphadmin
+    {{ if .Values.global.initContainers.enabled }}
+      initContainers:
+      - command:
+      {{ if .Values.global.jobs.migration.enabled }}
+        - /app/ready.py
+        args:
+        - --job-name
+        - {{ include "common.release" . }}-aai-graphadmin-migration
+      {{  else if .Values.global.jobs.createSchema.enabled  }}
+        - /app/ready.py
+        args:
+        - --job-name
+        - {{ include "common.release" . }}-aai-graphadmin-create-db-schema
+      {{  else }}
+        - /app/ready.py
+        args:
+        - --container-name
+        {{- if .Values.global.cassandra.localCluster }}
+        - aai-cassandra
+        {{- else }}
+        - cassandra
+        {{- end }}
+        - --container-name
+        - aai-schema-service
+      {{  end  }}
+        env:
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: metadata.namespace
+        image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        name: {{ include "common.name" . }}-readiness
+      {{  end  }}
+      containers:
+      - name: {{ include "common.name" . }}
+        image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        env:
+        - name: LOCAL_USER_ID
+          value: {{ .Values.global.config.userId | quote }}
+        - name: LOCAL_GROUP_ID
+          value: {{ .Values.global.config.groupId | quote }}
+        volumeMounts:
+        - mountPath: /etc/localtime
+          name: localtime
+          readOnly: true
+        - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties
+          name: {{ include "common.fullname" . }}-config
+          subPath: janusgraph-realtime.properties
+        - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-cached.properties
+          name: {{ include "common.fullname" . }}-config
+          subPath: janusgraph-cached.properties
+        - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties
+          name: {{ include "common.fullname" . }}-config
+          subPath: aaiconfig.properties
+        - mountPath: /opt/aai/logroot/AAI-RES
+          name: {{ include "common.fullname" . }}-logs
+        - mountPath: /opt/app/aai-graphadmin/resources/logback.xml
+          name: {{ include "common.fullname" . }}-config
+          subPath: logback.xml
+        - mountPath: /opt/app/aai-graphadmin/resources/localhost-access-logback.xml
+          name: {{ include "common.fullname" . }}-config
+          subPath: localhost-access-logback.xml
+        - mountPath: /opt/app/aai-graphadmin/resources/etc/auth/realm.properties
+          name: {{ include "common.fullname" . }}-config
+          subPath: realm.properties
+        - mountPath: /opt/app/aai-graphadmin/resources/application.properties
+          name: {{ include "common.fullname" . }}-config
+          subPath: application.properties
+          {{ $global := . }}
+          {{ range $job := .Values.global.config.auth.files }}
+        - mountPath: /opt/app/aai-graphadmin/resources/etc/auth/{{ . }}
+          name: {{ include "common.fullname" $global }}-auth-truststore-sec
+          subPath: {{ . }}
+          {{ end }}
+        ports:
+        - containerPort: {{ .Values.service.internalPort }}
+        - containerPort: {{ .Values.service.internalPort2 }}
+        # disable liveness probe when breakpoints set in debugger
+        # so K8s doesn't restart unresponsive container
+        {{ if .Values.liveness.enabled }}
+        livenessProbe:
+          tcpSocket:
+            port: {{ .Values.service.internalPort }}
+          initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+          periodSeconds: {{ .Values.liveness.periodSeconds }}
+        {{ end }}
+        readinessProbe:
+          tcpSocket:
+            port: {{ .Values.service.internalPort }}
+          initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+          periodSeconds: {{ .Values.readiness.periodSeconds }}
+        resources:
+{{ include "common.resources" . }}
+      {{- if .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+      {{- end -}}
+      {{- if .Values.affinity }}
+      affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+      {{- end }}
+
+      # side car containers
+      - name: filebeat-onap
+        image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        volumeMounts:
+        - mountPath: /usr/share/filebeat/filebeat.yml
+          subPath: filebeat.yml
+          name: filebeat-conf
+        - mountPath: /var/log/onap
+          name: {{ include "common.fullname" . }}-logs
+        - mountPath: /usr/share/filebeat/data
+          name: {{ include "common.fullname" . }}-filebeat
+
+      volumes:
+      - name: localtime
+        hostPath:
+          path: /etc/localtime
+      - name: filebeat-conf
+        configMap:
+          name: aai-filebeat
+      - name: {{ include "common.fullname" . }}-logs
+        emptyDir: {}
+      - name: {{ include "common.fullname" . }}-filebeat
+        emptyDir: {}
+      - name: {{ include "common.fullname" . }}-config
+        configMap:
+         name: {{ include "common.fullname" . }}-configmap
+      - name: {{ include "common.fullname" . }}-auth-truststore-sec
+        secret:
+         secretName: aai-common-truststore
+         items:
+          {{ range $job := .Values.global.config.auth.files }}
+           - key: {{ . }}
+             path: {{ . }}
+          {{ end }}
+      restartPolicy: {{ .Values.restartPolicy }}
+      imagePullSecrets:
+      - name: "{{ include "common.namespace" . }}-docker-registry-key"

diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml
new file mode 100644 (file)
index 0000000..3111d0c
--- /dev/null
+++ b/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml
@@ -0,0 +1,141 @@
+#
+# ============LICENSE_START=======================================================
+# org.onap.aai
+# ================================================================================
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2020 Nokia Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+# In ONAP, the following job will always be run on each installation
+# The following job will go through the latest oxm and
+# create properties based on the data type defined in the oxm
+# and create the required indexes for the appropriate properties
+# This can be run multiple times as the code if the index or property already exists
+# then the index or property won't be created again
+# NOTE - During the execution of the createSchema job, there should
+# be no other janusgraph connection to the graph as its the reason
+# that resources traversal and graphadmin wait until this job is done
+# If you are using an existing cassandra cluster not coming from oom
+# then it is your job to ensure that there are no connections to the database
+
+{{- if .Values.global.jobs.migration.enabled }}
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ include "common.fullname" . }}-db-backup
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}-job
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+  annotations:
+    "helm.sh/hook": pre-upgrade,pre-install
+    "helm.sh/hook-weight": "2"
+    "helm.sh/hook-delete-policy": before-hook-creation
+spec:
+  backoffLimit: 20
+  template:
+    metadata:
+      labels:
+        app: {{ include "common.name" . }}-job
+        release: {{ include "common.release" . }}
+      name: {{ include "common.name" . }}
+    spec:
+      {{ if eq .Values.global.jobs.migration.remoteCassandra.enabled false }}
+      initContainers:
+      - command:
+        - /bin/bash
+        - -c
+        - /app/ready.py --container-name aai-cassandra --timeout 1 || /app/ready.py --container-name cassandra
+        env:
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: metadata.namespace
+        image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        name: {{ include "common.name" . }}-db-backup-readiness
+      {{- end }}
+      containers:
+      - name: {{ include "common.name" . }}-db-backup-job
+        image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        command:
+        - /bin/bash
+        - docker-entrypoint.sh
+        - dataSnapshot.sh
+        env:
+        - name: LOCAL_USER_ID
+          value: {{ .Values.global.config.userId | quote }}
+        - name: LOCAL_GROUP_ID
+          value: {{ .Values.global.config.groupId | quote }}
+        volumeMounts:
+        - mountPath: /etc/localtime
+          name: localtime
+          readOnly: true
+        - mountPath: /opt/app/aai-graphadmin/logs/data/dataSnapshots
+          name: {{ include "common.fullname" . }}-snapshots
+        - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties
+          name: {{ include "common.fullname" . }}-migration
+          subPath: janusgraph-migration-real.properties
+        - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-cached.properties
+          name: {{ include "common.fullname" . }}-migration
+          subPath: janusgraph-migration-cached.properties
+        - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties
+          name: {{ include "common.fullname" . }}-config
+          subPath: aaiconfig.properties
+        - mountPath: /opt/aai/logroot/AAI-RES/
+          name: {{ include "common.fullname" . }}-logs
+        - mountPath: /opt/app/aai-graphadmin/resources/logback.xml
+          name: {{ include "common.fullname" . }}-config
+          subPath: logback.xml
+        - mountPath: /opt/app/aai-graphadmin/resources/localhost-access-logback.xml
+          name: {{ include "common.fullname" . }}-config
+          subPath: localhost-access-logback.xml
+        - mountPath: /opt/app/aai-graphadmin/resources/application.properties
+          name: {{ include "common.fullname" . }}-config
+          subPath: application.properties
+        resources:
+{{ include "common.resources" . | indent 10 }}
+      {{- if .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+      {{- end -}}
+      {{- if .Values.affinity }}
+      affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+      {{- end }}
+      volumes:
+      - name: localtime
+        hostPath:
+          path: /etc/localtime
+      - name: {{ include "common.fullname" . }}-logs
+        emptyDir: {}
+      - name: {{ include "common.fullname" . }}-config
+        configMap:
+         name: {{ include "common.fullname" . }}-configmap
+      - name: {{ include "common.fullname" . }}-migration
+        configMap:
+         name: {{ include "common.fullname" . }}-migration-configmap
+      - name: {{ include "common.fullname" . }}-snapshots
+        persistentVolumeClaim:
+          claimName: {{ include "common.fullname" . }}-migration
+      restartPolicy: Never
+      imagePullSecrets:
+      - name: "{{ include "common.namespace" . }}-docker-registry-key"
+{{ end }}

diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml
new file mode 100644 (file)
index 0000000..fe3e6e8
--- /dev/null
+++ b/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml
@@ -0,0 +1,150 @@
+#
+# ============LICENSE_START=======================================================
+# org.onap.aai
+# ================================================================================
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2020 Nokia Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+# In ONAP, the following job will always be run on each installation
+# The following job will go through the latest oxm and
+# create properties based on the data type defined in the oxm
+# and create the required indexes for the appropriate properties
+# This can be run multiple times as the code if the index or property already exists
+# then the index or property won't be created again
+# NOTE - During the execution of the createSchema job, there should
+# be no other janusgraph connection to the graph as its the reason
+# that resources traversal and graphadmin wait until this job is done
+# If you are using an existing cassandra cluster not coming from oom
+# then it is your job to ensure that there are no connections to the database
+
+{{- if and ( not .Values.global.jobs.migration.enabled ) ( .Values.global.jobs.createSchema.enabled ) }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ include "common.fullname" . }}-create-db-schema
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}-job
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+spec:
+  backoffLimit: 20
+  template:
+    metadata:
+      labels:
+        app: {{ include "common.name" . }}-job
+        release: {{ include "common.release" . }}
+      name: {{ include "common.name" . }}
+    spec:
+      initContainers:
+      - command:
+        - /app/ready.py
+        args:
+        - --container-name
+        {{- if .Values.global.cassandra.localCluster }}
+        - aai-cassandra
+        {{- else }}
+        - cassandra
+        {{- end }}
+        - --container-name
+        - aai-schema-service
+        env:
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: metadata.namespace
+        image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        name: {{ include "common.name" . }}-readiness
+      containers:
+      - name: {{ include "common.name" . }}-job
+        image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        command:
+        - /bin/bash
+        - docker-entrypoint.sh
+        - createDBSchema.sh
+        env:
+        - name: LOCAL_USER_ID
+          value: {{ .Values.global.config.userId | quote }}
+        - name: LOCAL_GROUP_ID
+          value: {{ .Values.global.config.groupId | quote }}
+        volumeMounts:
+        - mountPath: /etc/localtime
+          name: localtime
+          readOnly: true
+        - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties
+          name: {{ include "common.fullname" . }}-config
+          subPath: janusgraph-realtime.properties
+        - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-cached.properties
+          name: {{ include "common.fullname" . }}-config
+          subPath: janusgraph-cached.properties
+        - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties
+          name: {{ include "common.fullname" . }}-config
+          subPath: aaiconfig.properties
+        - mountPath: /opt/aai/logroot/AAI-GA
+          name: {{ include "common.fullname" . }}-logs
+        - mountPath: /opt/app/aai-graphadmin/resources/logback.xml
+          name: {{ include "common.fullname" . }}-config
+          subPath: logback.xml
+        - mountPath: /opt/app/aai-graphadmin/resources/localhost-access-logback.xml
+          name: {{ include "common.fullname" . }}-config
+          subPath: localhost-access-logback.xml
+        - mountPath: /opt/app/aai-graphadmin/resources/application.properties
+          name: {{ include "common.fullname" . }}-config
+          subPath: application.properties
+          {{ $global := . }}
+          {{ range $job := .Values.global.config.auth.files }}
+        - mountPath: /opt/app/aai-graphadmin/resources/etc/auth/{{ . }}
+          name: {{ include "common.fullname" $global }}-auth-truststore-sec
+          subPath: {{ . }}
+          {{ end }}
+        resources:
+{{ include "common.resources" . }}
+      {{- if .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+      {{- end -}}
+      {{- if .Values.affinity }}
+      affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+      {{- end }}
+      volumes:
+      - name: localtime
+        hostPath:
+          path: /etc/localtime
+      - name: filebeat-conf
+        configMap:
+          name: aai-filebeat
+      - name: {{ include "common.fullname" . }}-logs
+        emptyDir: {}
+      - name: {{ include "common.fullname" . }}-config
+        configMap:
+         name: {{ include "common.fullname" . }}-configmap
+      - name: {{ include "common.fullname" . }}-auth-truststore-sec
+        secret:
+         secretName: aai-common-truststore
+         items:
+          {{ range $job := .Values.global.config.auth.files }}
+           - key: {{ . }}
+             path: {{ . }}
+          {{ end }}
+      restartPolicy: Never
+      imagePullSecrets:
+      - name: "{{ include "common.namespace" . }}-docker-registry-key"
+{{ end }}

diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml
new file mode 100644 (file)
index 0000000..f95557d
--- /dev/null
+++ b/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml
@@ -0,0 +1,309 @@
+#
+# ============LICENSE_START=======================================================
+# org.onap.aai
+# ================================================================================
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2020 Nokia Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+# In ONAP, the following job will always be run on each installation
+# The following job will go through the latest oxm and
+# create properties based on the data type defined in the oxm
+# and create the required indexes for the appropriate properties
+# This can be run multiple times as the code if the index or property already exists
+# then the index or property won't be created again
+# NOTE - During the execution of the createSchema job, there should
+# be no other janusgraph connection to the graph as its the reason
+# that resources traversal and graphadmin wait until this job is done
+# If you are using an existing cassandra cluster not coming from oom
+# then it is your job to ensure that there are no connections to the database
+
+{{- if .Values.global.jobs.migration.enabled }}
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ include "common.fullname" . }}-migration
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}-job
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+  annotations:
+    "helm.sh/hook": post-upgrade,post-rollback,post-install
+    "helm.sh/hook-weight": "1"
+    "helm.sh/hook-delete-policy": before-hook-creation
+spec:
+  backoffLimit: 20
+  template:
+    metadata:
+      labels:
+        app: {{ include "common.name" . }}-job
+        release: {{ include "common.release" . }}
+      name: {{ include "common.name" . }}
+    spec:
+      initContainers:
+      - command:
+        - /app/ready.py
+        args:
+        - --container-name
+        {{- if .Values.global.cassandra.localCluster }}
+        - aai-cassandra
+        {{- else }}
+        - cassandra
+        {{- end }}
+        - --container-name
+        - aai-schema-service
+        env:
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: metadata.namespace
+        image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        name: {{ include "common.name" . }}-readiness
+      - command:
+        - /bin/bash
+        - -c
+        - bash docker-entrypoint.sh dataRestoreFromSnapshot.sh `ls -t /opt/app/aai-graphadmin/logs/data/dataSnapshots|head -1|awk -F".P" '{ print $1 }'`
+        env:
+        - name: LOCAL_USER_ID
+          value: {{ .Values.global.config.userId | quote }}
+        - name: LOCAL_GROUP_ID
+          value: {{ .Values.global.config.groupId | quote }}
+        volumeMounts:
+        - mountPath: /etc/localtime
+          name: localtime
+          readOnly: true
+        - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties
+          name: {{ include "common.fullname" . }}-config
+          subPath: janusgraph-realtime.properties
+        - mountPath: /opt/app/aai-graphadmin/logs/data/dataSnapshots
+          name: {{ include "common.fullname" . }}-snapshots
+        - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-cached.properties
+          name: {{ include "common.fullname" . }}-config
+          subPath: janusgraph-cached.properties
+        - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties
+          name: {{ include "common.fullname" . }}-config
+          subPath: aaiconfig.properties
+        - mountPath: /opt/aai/logroot/AAI-GA
+          name: {{ include "common.fullname" . }}-logs
+        - mountPath: /opt/app/aai-graphadmin/resources/logback.xml
+          name: {{ include "common.fullname" . }}-config
+          subPath: logback.xml
+        - mountPath: /opt/app/aai-graphadmin/resources/localhost-access-logback.xml
+          name: {{ include "common.fullname" . }}-config
+          subPath: localhost-access-logback.xml
+        - mountPath: /opt/app/aai-graphadmin/resources/application.properties
+          name: {{ include "common.fullname" . }}-config
+          subPath: application.properties
+          {{ $global := . }}
+          {{ range $job := .Values.global.config.auth.files }}
+        - mountPath: /opt/app/aai-graphadmin/resources/etc/auth/{{ . }}
+          name: {{ include "common.fullname" $global }}-auth-truststore-sec
+          subPath: {{ . }}
+          {{ end }}
+        image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        name: {{ include "common.name" . }}-restore-backup
+      containers:
+      - image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        name: {{ include "common.name" . }}-perform-migration
+        command:
+        - /bin/bash
+        - -c
+        - bash docker-entrypoint.sh run_Migrations.sh -e UpdateAaiUriIndexMigration --commit --skipPreMigrationSnapShot --runDisabled RebuildAllEdges
+        env:
+        - name: LOCAL_USER_ID
+          value: {{ .Values.global.config.userId | quote }}
+        - name: LOCAL_GROUP_ID
+          value: {{ .Values.global.config.groupId | quote }}
+        volumeMounts:
+        - mountPath: /etc/localtime
+          name: localtime
+          readOnly: true
+        - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties
+          name: {{ include "common.fullname" . }}-config
+          subPath: janusgraph-realtime.properties
+        - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-cached.properties
+          name: {{ include "common.fullname" . }}-config
+          subPath: janusgraph-cached.properties
+        - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties
+          name: {{ include "common.fullname" . }}-config
+          subPath: aaiconfig.properties
+        - mountPath: /opt/aai/logroot/AAI-GA
+          name: {{ include "common.fullname" . }}-logs
+        - mountPath: /opt/app/aai-graphadmin/resources/logback.xml
+          name: {{ include "common.fullname" . }}-config
+          subPath: logback.xml
+        - mountPath: /opt/app/aai-graphadmin/resources/localhost-access-logback.xml
+          name: {{ include "common.fullname" . }}-config
+          subPath: localhost-access-logback.xml
+        - mountPath: /opt/app/aai-graphadmin/resources/application.properties
+          name: {{ include "common.fullname" . }}-config
+          subPath: application.properties
+          {{ $global := . }}
+          {{ range $job := .Values.global.config.auth.files }}
+        - mountPath: /opt/app/aai-graphadmin/resources/etc/auth/{{ . }}
+          name: {{ include "common.fullname" $global }}-auth-truststore-sec
+          subPath: {{ . }}
+          {{ end }}
+        resources:
+{{ include "common.resources" . }}
+      {{- if .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+      {{- end -}}
+      {{- if .Values.affinity }}
+      affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+      {{- end }}
+      volumes:
+      - name: localtime
+        hostPath:
+          path: /etc/localtime
+      - name: filebeat-conf
+        configMap:
+          name: aai-filebeat
+      - name: {{ include "common.fullname" . }}-logs
+        emptyDir: {}
+      - name: {{ include "common.fullname" . }}-config
+        configMap:
+         name: {{ include "common.fullname" . }}-configmap
+      - name: {{ include "common.fullname" . }}-snapshots
+        persistentVolumeClaim:
+          claimName: {{ include "common.fullname" . }}-migration
+      - name: {{ include "common.fullname" . }}-auth-truststore-sec
+        secret:
+         secretName: aai-common-truststore
+         items:
+          {{ range $job := .Values.global.config.auth.files }}
+           - key: {{ . }}
+             path: {{ . }}
+          {{ end }}
+      restartPolicy: Never
+      imagePullSecrets:
+      - name: "{{ include "common.namespace" . }}-docker-registry-key"
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ include "common.fullname" . }}-db-backup-job
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}-db-backup-job
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+  annotations:
+    "helm.sh/hook": pre-upgrade,pre-install
+    "helm.sh/hook-weight": "2"
+    "helm.sh/hook-delete-policy": before-hook-creation
+spec:
+  backoffLimit: 20
+  template:
+    metadata:
+      labels:
+        app: {{ include "common.name" . }}-db-backup-job
+        release: {{ include "common.release" . }}
+      name: {{ include "common.name" . }}
+    spec:
+      {{ if eq .Values.global.jobs.migration.remoteCassandra.enabled false }}
+      initContainers:
+      - command:
+        - /bin/bash
+        - -c
+        - /app/ready.py --container-name aai-cassandra --timeout 1 || /app/ready.py --container-name cassandra
+        env:
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: metadata.namespace
+        image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        name: {{ include "common.name" . }}-db-backup-readiness
+      {{- end }}
+      containers:
+      - name: {{ include "common.name" . }}-db-backup-job
+        image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        command:
+        - /bin/bash
+        - docker-entrypoint.sh
+        - dataSnapshot.sh
+        env:
+        - name: LOCAL_USER_ID
+          value: {{ .Values.global.config.userId | quote }}
+        - name: LOCAL_GROUP_ID
+          value: {{ .Values.global.config.groupId | quote }}
+        volumeMounts:
+        - mountPath: /etc/localtime
+          name: localtime
+          readOnly: true
+        - mountPath: /opt/app/aai-graphadmin/logs/data/dataSnapshots
+          name: {{ include "common.fullname" . }}-snapshots
+        - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties
+          name: {{ include "common.fullname" . }}-migration
+          subPath: janusgraph-migration-real.properties
+        - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-cached.properties
+          name: {{ include "common.fullname" . }}-migration
+          subPath: janusgraph-migration-cached.properties
+        - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties
+          name: {{ include "common.fullname" . }}-config
+          subPath: aaiconfig.properties
+        - mountPath: /opt/aai/logroot/AAI-RES/
+          name: {{ include "common.fullname" . }}-logs
+        - mountPath: /opt/app/aai-graphadmin/resources/logback.xml
+          name: {{ include "common.fullname" . }}-config
+          subPath: logback.xml
+        - mountPath: /opt/app/aai-graphadmin/resources/localhost-access-logback.xml
+          name: {{ include "common.fullname" . }}-config
+          subPath: localhost-access-logback.xml
+        - mountPath: /opt/app/aai-graphadmin/resources/application.properties
+          name: {{ include "common.fullname" . }}-config
+          subPath: application.properties
+        resources:
+{{ include "common.resources" . | indent 10 }}
+      {{- if .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+      {{- end -}}
+      {{- if .Values.affinity }}
+      affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+      {{- end }}
+      volumes:
+      - name: localtime
+        hostPath:
+          path: /etc/localtime
+      - name: {{ include "common.fullname" . }}-logs
+        emptyDir: {}
+      - name: {{ include "common.fullname" . }}-config
+        configMap:
+         name: {{ include "common.fullname" . }}-configmap
+      - name: {{ include "common.fullname" . }}-migration
+        configMap:
+         name: {{ include "common.fullname" . }}-migration-configmap
+      - name: {{ include "common.fullname" . }}-snapshots
+        persistentVolumeClaim:
+          claimName: {{ include "common.fullname" . }}-migration
+      restartPolicy: Never
+      imagePullSecrets:
+      - name: "{{ include "common.namespace" . }}-docker-registry-key"
+{{ end }}

diff --git a/kubernetes/aai/components/aai-graphadmin/templates/pv.yaml b/kubernetes/aai/components/aai-graphadmin/templates/pv.yaml
new file mode 100644 (file)
index 0000000..563b920
--- /dev/null
+++ b/kubernetes/aai/components/aai-graphadmin/templates/pv.yaml
@@ -0,0 +1,44 @@
+{{/*
+# Copyright ▒ 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.global.jobs.migration.enabled -}}
+{{- if eq "True" (include "common.needPV" .) -}}
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+  name: {{ include "common.fullname" . }}
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+    release: "{{ include "common.release" . }}"
+    heritage: "{{ .Release.Service }}"
+    name: {{ include "common.fullname" . }}
+  annotations:
+    "helm.sh/hook": pre-upgrade,pre-install
+    "helm.sh/hook-weight": "0"
+    "helm.sh/hook-delete-policy": before-hook-creation
+spec:
+  capacity:
+    storage: {{ .Values.persistence.size}}
+  accessModes:
+    - {{ .Values.persistence.accessMode }}
+  persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
+  storageClassName: "{{ include "common.fullname" . }}-data"
+  hostPath:
+    path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath1 }}
+{{- end -}}
+{{- end -}}

diff --git a/kubernetes/aai/components/aai-graphadmin/templates/pvc.yaml b/kubernetes/aai/components/aai-graphadmin/templates/pvc.yaml
new file mode 100644 (file)
index 0000000..bf89006
--- /dev/null
+++ b/kubernetes/aai/components/aai-graphadmin/templates/pvc.yaml
@@ -0,0 +1,42 @@
+{{/*
+# Copyright ▒ 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.global.jobs.migration.enabled -}}
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: {{ include "common.fullname" . }}-migration
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    release: "{{ include "common.release" . }}"
+    heritage: "{{ .Release.Service }}"
+  annotations:
+    "helm.sh/hook": pre-upgrade,pre-install
+    "helm.sh/hook-weight": "-1"
+    "helm.sh/hook-delete-policy": before-hook-creation
+{{- if .Values.persistence.annotations }}
+{{ toYaml .Values.persistence.annotations | indent 4 }}
+{{- end }}
+spec:
+  accessModes:
+    - {{ .Values.persistence.accessMode }}
+  resources:
+    requests:
+      storage: {{ .Values.persistence.size }}
+  storageClassName: {{ include "common.storageClass" . }}
+{{- end -}}

diff --git a/kubernetes/aai/components/aai-graphadmin/templates/service.yaml b/kubernetes/aai/components/aai-graphadmin/templates/service.yaml
new file mode 100644 (file)
index 0000000..ab6c677
--- /dev/null
+++ b/kubernetes/aai/components/aai-graphadmin/templates/service.yaml
@@ -0,0 +1,49 @@
+#
+# ============LICENSE_START=======================================================
+# org.onap.aai
+# ================================================================================
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "common.servicename" . }}
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+  {{if eq .Values.service.type "NodePort" -}}
+  - port: {{ .Values.service.internalPort }}
+    nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+    name: {{ .Values.service.portName }}
+  - port: {{ .Values.service.internalPort2 }}
+    nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
+    name: {{ .Values.service.portName2 }}
+  {{- else -}}
+  - port: {{ .Values.service.internalPort }}
+    name: {{ .Values.service.portName }}
+  - port: {{ .Values.service.internalPort2 }}
+    name: {{ .Values.service.portName2 }}
+  {{- end}}
+  selector:
+    app: {{ include "common.name" . }}
+    release: {{ include "common.release" . }}
+  clusterIP: None

diff --git a/kubernetes/aai/components/aai-graphadmin/values.yaml b/kubernetes/aai/components/aai-graphadmin/values.yaml
new file mode 100644 (file)
index 0000000..ee0a20b
--- /dev/null
+++ b/kubernetes/aai/components/aai-graphadmin/values.yaml
@@ -0,0 +1,158 @@
+#
+# ============LICENSE_START=======================================================
+# org.onap.aai
+# ================================================================================
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2020 Nokia Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+# Default values for resources.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+global: # global defaults
+  nodePortPrefix: 302
+  readinessImage: onap/oom/readiness:3.0.1
+
+
+# application image
+repository: nexus3.onap.org:10001
+image: onap/aai-graphadmin:1.7.1
+pullPolicy: Always
+restartPolicy: Always
+flavor: small
+flavorOverride: small
+# default number of instances
+replicaCount: 1
+
+# Configuration for the graphadmin deployment
+config:
+
+  # Specify the profiles for the graphadmin microservice
+  profiles:
+    active: "dmaap,one-way-ssl"
+
+  # Specifies the timeout limit for the REST API requests
+  timeout:
+    enabled: true
+    limit: 180000
+
+  # Default maximum records to fix for the data grooming and dupeTool
+  maxFix:
+    dataGrooming: 150
+    dupeTool: 25
+
+  # Default number of sleep minutes for dataGrooming and dupeTool
+  sleepMinutes:
+    dataGrooming: 7
+    dupeTool: 7
+
+  # Cron specific attributes to be triggered for the graphadmin spring cron tasks
+  cron:
+    # Specifies that the data grooming tool which runs duplicates should be enabled
+    dataGrooming:
+      enabled: true
+    # Specifies that the data snapshot which takes a graphson snapshot should be enabled
+    dataSnapshot:
+      enabled: true
+      params: JUST_TAKE_SNAPSHOT
+
+    # Data cleanup which zips snapshots older than x days and deletes older than y days
+    dataCleanup:
+
+      dataGrooming:
+        enabled: true
+        # Zips up the dataGrooming files older than 5 days
+        ageZip: 5
+        # Deletes the dataGrooming files older than 30 days
+        ageDelete: 30
+
+      dataSnapshot:
+        enabled: true
+        # Zips up the dataSnapshot graphson files older than 5 days
+        ageZip: 5
+        # Deletes the dataSnapshot graphson files older than 30 days
+        ageDelete: 30
+  # Concurrency lock control flag
+  aai:
+    lock:
+      uri:
+        enabled: false
+
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+  initialDelaySeconds: 60
+  periodSeconds: 60
+  # necessary to disable liveness probe when setting breakpoints
+  # in debugger so K8s doesn't restart unresponsive container
+  enabled: false
+
+readiness:
+  initialDelaySeconds: 60
+  periodSeconds: 10
+
+service:
+  type: ClusterIP
+  # REST API port for the graphadmin microservice
+  portName: aai-graphadmin-8449
+  internalPort: 8449
+  portName2: aai-graphadmin-5005
+  internalPort2: 5005
+
+ingress:
+  enabled: false
+
+persistence:
+  enabled: true
+  ## A manually managed Persistent Volume and Claim
+  ## Requires persistence.enabled: true
+  ## If defined, PVC must be created manually before volume will be bound
+  # existingClaim:
+  volumeReclaimPolicy: Retain
+  ## database data Persistent Volume Storage Class
+  ## If defined, storageClassName: <storageClass>
+  ## If set to "-", storageClassName: "", which disables dynamic provisioning
+  ## If undefined (the default) or set to null, no storageClassName spec is
+  ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
+  ##   GKE, AWS & OpenStack)
+  ##
+  # storageClass: "-"
+  accessMode: ReadWriteMany
+  size: 2Gi
+
+  mountPath: /dockerdata-nfs
+  mountSubPath: aai/aai-graphadmin
+  mountSubPath1: aai/migration
+
+resources:
+  small:
+    limits:
+      cpu: 2
+      memory: 4Gi
+    requests:
+      cpu: 0.5
+      memory: 1536Mi
+  large:
+    limits:
+      cpu: 4
+      memory: 8Gi
+    requests:
+      cpu: 1
+      memory: 2Gi
+  unlimited: {}

diff --git a/kubernetes/aai/components/aai-modelloader/.helmignore b/kubernetes/aai/components/aai-modelloader/.helmignore
new file mode 100644 (file)
index 0000000..daebc7d
--- /dev/null
+++ b/kubernetes/aai/components/aai-modelloader/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.\r
+# This supports shell glob matching, relative path matching, and\r
+# negation (prefixed with !). Only one pattern per line.\r
+.DS_Store\r
+# Common VCS dirs\r
+.git/\r
+.gitignore\r
+.bzr/\r
+.bzrignore\r
+.hg/\r
+.hgignore\r
+.svn/\r
+# Common backup files\r
+*.swp\r
+*.bak\r
+*.tmp\r
+*~\r
+# Various IDEs\r
+.project\r
+.idea/\r
+*.tmproj\r

diff --git a/kubernetes/aai/components/aai-modelloader/Chart.yaml b/kubernetes/aai/components/aai-modelloader/Chart.yaml
new file mode 100644 (file)
index 0000000..98c842d
--- /dev/null
+++ b/kubernetes/aai/components/aai-modelloader/Chart.yaml
@@ -0,0 +1,18 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP AAI modelloader
+name: aai-modelloader
+version: 7.0.0

diff --git a/kubernetes/aai/components/aai-modelloader/resources/config/auth/aai-os-cert.p12 b/kubernetes/aai/components/aai-modelloader/resources/config/auth/aai-os-cert.p12
new file mode 100644 (file)
index 0000000..ee57120
Binary files /dev/null and b/kubernetes/aai/components/aai-modelloader/resources/config/auth/aai-os-cert.p12 differ

diff --git a/kubernetes/aai/components/aai-modelloader/resources/config/auth/babel-client-cert.p12 b/kubernetes/aai/components/aai-modelloader/resources/config/auth/babel-client-cert.p12
new file mode 100644 (file)
index 0000000..e64895e
Binary files /dev/null and b/kubernetes/aai/components/aai-modelloader/resources/config/auth/babel-client-cert.p12 differ

diff --git a/kubernetes/aai/components/aai-modelloader/resources/config/auth/tomcat_keystore b/kubernetes/aai/components/aai-modelloader/resources/config/auth/tomcat_keystore
new file mode 100644 (file)
index 0000000..e1d24d9
Binary files /dev/null and b/kubernetes/aai/components/aai-modelloader/resources/config/auth/tomcat_keystore differ

diff --git a/kubernetes/aai/components/aai-modelloader/resources/config/log/logback.xml b/kubernetes/aai/components/aai-modelloader/resources/config/log/logback.xml
new file mode 100644 (file)
index 0000000..72b5dab
--- /dev/null
+++ b/kubernetes/aai/components/aai-modelloader/resources/config/log/logback.xml
@@ -0,0 +1,168 @@
+<!--
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+-->
+
+<configuration scan="true" scanPeriod="3 seconds" debug="false">
+  <include resource="org/springframework/boot/logging/logback/base.xml" />
+  <property name="logDir" value="/var/log/onap" />
+  <property name="componentName" value="AAI-ML"></property>
+
+  <!-- default eelf log file names -->
+  <property name="generalLogName" value="error" />
+  <property name="metricsLogName" value="metrics" />
+  <property name="auditLogName" value="audit" />
+  <property name="debugLogName" value="debug" />
+
+  <property name="errorLogPattern"
+           value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{RequestId}|%thread|ModelLoader|%mdc{PartnerName}|%logger||%.-5level|%msg%n" />
+  <property name="auditMetricPattern" value="%m%n" />
+
+  <property name="logDirectory" value="${logDir}/${componentName}" />
+
+  <!-- Example evaluator filter applied against console appender -->
+  <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+    <encoder>
+      <pattern>${defaultPattern}</pattern>
+    </encoder>
+  </appender>
+
+  <!-- ============================================================================ -->
+  <!-- EELF Appenders -->
+  <!-- ============================================================================ -->
+
+  <!-- The EELFAppender is used to record events to the general application
+       log -->
+
+  <appender name="EELF"
+           class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <file>${logDirectory}/${generalLogName}.log</file>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.log.zip</fileNamePattern>
+      <maxHistory>60</maxHistory>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${errorLogPattern}</pattern>
+    </encoder>
+  </appender>
+  <appender name="asyncEELF" class="ch.qos.logback.classic.AsyncAppender">
+    <!-- deny all events with a level below INFO, that is TRACE and DEBUG -->
+    <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+      <level>INFO</level>
+    </filter>
+    <queueSize>256</queueSize>
+    <appender-ref ref="EELF" />
+  </appender>
+
+  <appender name="EELFAudit"
+           class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <file>${logDirectory}/${auditLogName}.log</file>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.log.zip</fileNamePattern>
+      <maxHistory>60</maxHistory>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${auditMetricPattern}</pattern>
+    </encoder>
+  </appender>
+  <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">
+    <queueSize>256</queueSize>
+    <appender-ref ref="EELFAudit" />
+  </appender>
+
+  <appender name="EELFMetrics"
+           class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <file>${logDirectory}/${metricsLogName}.log</file>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.log.zip</fileNamePattern>
+      <maxHistory>60</maxHistory>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${auditMetricPattern}</pattern>
+    </encoder>
+  </appender>
+  <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
+    <queueSize>256</queueSize>
+    <appender-ref ref="EELFMetrics" />
+  </appender>
+
+  <appender name="EELFDebug"
+           class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <file>${logDirectory}/${debugLogName}.log</file>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.log.zip</fileNamePattern>
+      <maxHistory>60</maxHistory>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${errorLogPattern}</pattern>
+    </encoder>
+  </appender>
+  <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
+    <queueSize>256</queueSize>
+    <appender-ref ref="EELFDebug" />
+    <includeCallerData>true</includeCallerData>
+  </appender>
+
+  <!-- ============================================================================ -->
+  <!-- EELF loggers -->
+  <!-- ============================================================================ -->
+  <logger name="com.att.eelf" level="info" additivity="false">
+    <appender-ref ref="asyncEELF" />
+    <appender-ref ref="asyncEELFDebug" />
+  </logger>
+  <logger name="com.att.eelf.audit" level="info" additivity="false">
+    <appender-ref ref="asyncEELFAudit" />
+  </logger>
+  <logger name="com.att.eelf.metrics" level="info" additivity="false">
+    <appender-ref ref="asyncEELFMetrics" />
+  </logger>
+
+  <!-- Spring related loggers -->
+  <logger name="org.springframework" level="WARN" />
+  <logger name="org.springframework.beans" level="WARN" />
+  <logger name="org.springframework.web" level="WARN" />
+  <logger name="com.blog.spring.jms" level="WARN" />
+
+  <logger name="com.att" level="INFO" />
+
+  <!-- Model Loader loggers -->
+  <logger name="org.openecomp.modelloader" level="INFO" />
+
+  <!-- Other Loggers that may help troubleshoot -->
+  <logger name="net.sf" level="WARN" />
+  <logger name="org.apache.commons.httpclient" level="WARN" />
+  <logger name="org.apache.commons" level="WARN" />
+  <logger name="org.apache.coyote" level="WARN" />
+  <logger name="org.apache.jasper" level="WARN" />
+
+  <!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging.
+       May aid in troubleshooting) -->
+  <logger name="org.apache.camel" level="WARN" />
+  <logger name="org.apache.cxf" level="WARN" />
+  <logger name="org.apache.camel.processor.interceptor" level="WARN" />
+  <logger name="org.apache.cxf.jaxrs.interceptor" level="WARN" />
+  <logger name="org.apache.cxf.service" level="WARN" />
+  <logger name="org.restlet" level="WARN" />
+  <logger name="org.apache.camel.component.restlet" level="WARN" />
+
+  <!-- logback internals logging -->
+  <logger name="ch.qos.logback.classic" level="WARN" />
+  <logger name="ch.qos.logback.core" level="WARN" />
+
+  <root>
+  <appender-ref ref="asyncEELF" />
+  <!-- <appender-ref ref="asyncEELFDebug" /> -->
+</root>
+
+</configuration>

diff --git a/kubernetes/aai/components/aai-modelloader/resources/config/model-loader.properties b/kubernetes/aai/components/aai-modelloader/resources/config/model-loader.properties
new file mode 100644 (file)
index 0000000..246e528
--- /dev/null
+++ b/kubernetes/aai/components/aai-modelloader/resources/config/model-loader.properties
@@ -0,0 +1,46 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Model Loader Distribution Client Configuration
+ml.distribution.ACTIVE_SERVER_TLS_AUTH=false
+ml.distribution.ASDC_ADDRESS=sdc-be.{{.Release.Namespace}}:8443
+ml.distribution.CONSUMER_GROUP=aai-ml-group
+ml.distribution.CONSUMER_ID=aai-ml
+ml.distribution.ENVIRONMENT_NAME=AUTO
+ml.distribution.KEYSTORE_PASSWORD=
+ml.distribution.KEYSTORE_FILE=asdc-client.jks
+ml.distribution.PASSWORD=OBF:1ks51l8d1o3i1pcc1r2r1e211r391kls1pyj1z7u1njf1lx51go21hnj1y0k1mli1sop1k8o1j651vu91mxw1vun1mze1vv11j8x1k5i1sp11mjc1y161hlr1gm41m111nkj1z781pw31kku1r4p1e391r571pbm1o741l4x1ksp
+ml.distribution.POLLING_INTERVAL=30
+ml.distribution.POLLING_TIMEOUT=20
+ml.distribution.USER=aai
+ml.distribution.ARTIFACT_TYPES=MODEL_QUERY_SPEC,TOSCA_CSAR
+ml.distribution.MSG_BUS_ADDRESSES=message-router.{{.Release.Namespace}}
+
+# Model Loader AAI REST Client Configuration
+ml.aai.BASE_URL=https://aai.{{.Release.Namespace}}:8443
+ml.aai.MODEL_URL=/aai/v*/service-design-and-creation/models/model/
+ml.aai.NAMED_QUERY_URL=/aai/v*/service-design-and-creation/named-queries/named-query/
+ml.aai.VNF_IMAGE_URL=/aai/v*/service-design-and-creation/vnf-images
+ml.aai.KEYSTORE_FILE=aai-os-cert.p12
+ml.aai.KEYSTORE_PASSWORD=OBF:1i9a1u2a1unz1lr61wn51wn11lss1unz1u301i6o
+ml.aai.AUTH_USER=ModelLoader
+ml.aai.AUTH_PASSWORD=OBF:1qvu1v2h1sov1sar1wfw1j7j1wg21saj1sov1v1x1qxw
+
+# Model Loader Babel REST Client Configuration\r
+ml.babel.BASE_URL=https://aai-babel.{{.Release.Namespace}}:9516
+ml.babel.GENERATE_ARTIFACTS_URL=/services/babel-service/v1/app/generateArtifacts
+ml.babel.KEYSTORE_FILE=babel-client-cert.p12
+ml.babel.KEYSTORE_PASSWORD=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+ml.babel.TRUSTSTORE_FILE=tomcat_keystore
+ml.babel.TRUSTSTORE_PASSWORD=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10

diff --git a/kubernetes/aai/components/aai-modelloader/templates/configmap.yaml b/kubernetes/aai/components/aai-modelloader/templates/configmap.yaml
new file mode 100644 (file)
index 0000000..d1b14e4
--- /dev/null
+++ b/kubernetes/aai/components/aai-modelloader/templates/configmap.yaml
@@ -0,0 +1,39 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-prop
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/model-loader.properties").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-log
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/log/logback.xml").AsConfig . | indent 2 }}

diff --git a/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml b/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml
new file mode 100644 (file)
index 0000000..8cfad20
--- /dev/null
+++ b/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml
@@ -0,0 +1,109 @@
+# Copyright © 2018 Amdocs, AT&T
+# Modifications Copyright © 2018 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "common.fullname" . }}
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app: {{ include "common.name" . }}
+  template:
+    metadata:
+      labels:
+        app: {{ include "common.name" . }}
+        release: {{ include "common.release" . }}
+      name: {{ include "common.name" . }}
+    spec:
+      {{- if .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+      {{- end -}}
+      {{- if .Values.affinity }}
+      affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+      {{- end }}
+      containers:
+      - name: {{ include "common.name" . }}
+        image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        env:
+        - name: CONFIG_HOME
+          value: /opt/app/model-loader/config/
+        volumeMounts:
+        - mountPath: /etc/localtime
+          name: localtime
+          readOnly: true
+        - mountPath: /opt/app/model-loader/config/model-loader.properties
+          subPath: model-loader.properties
+          name: {{ include "common.fullname" . }}-prop-config
+        - mountPath: /opt/app/model-loader/config/auth/
+          name: {{ include "common.fullname" . }}-auth-config
+        - mountPath: /var/log/onap
+          name: {{ include "common.fullname" . }}-logs
+        - mountPath: /opt/app/model-loader/logback.xml
+          name: {{ include "common.fullname" . }}-log-conf
+          subPath: logback.xml
+        ports:
+        - containerPort: {{ .Values.service.internalPort }}
+        - containerPort: {{ .Values.service.internalPort2 }}
+        resources:
+{{ include "common.resources" . }}
+
+      # side car containers
+      - name: filebeat-onap
+        image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        volumeMounts:
+        - mountPath: /usr/share/filebeat/filebeat.yml
+          subPath: filebeat.yml
+          name: filebeat-conf
+        - mountPath: /var/log/onap
+          name: {{ include "common.fullname" . }}-logs
+        - mountPath: /usr/share/filebeat/data
+          name: aai-filebeat
+        resources:
+{{ include "common.resources" . }}
+      volumes:
+      - name: localtime
+        hostPath:
+          path: /etc/localtime
+      - name: {{ include "common.fullname" . }}-prop-config
+        configMap:
+          name: {{ include "common.fullname" . }}-prop
+      - name: {{ include "common.fullname" . }}-auth-config
+        secret:
+          secretName: {{ include "common.fullname" . }}
+      - name: filebeat-conf
+        configMap:
+          name: aai-filebeat
+      - name: {{ include "common.fullname" . }}-logs
+        emptyDir: {}
+      - name: aai-filebeat
+        emptyDir: {}
+      - name: {{ include "common.fullname" . }}-log-conf
+        configMap:
+         name: {{ include "common.fullname" . }}-log
+      restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }}
+      imagePullSecrets:
+      - name: "{{ include "common.namespace" . }}-docker-registry-key"

diff --git a/kubernetes/aai/components/aai-modelloader/templates/ingress.yaml b/kubernetes/aai/components/aai-modelloader/templates/ingress.yaml
new file mode 100644 (file)
index 0000000..8f87c68
--- /dev/null
+++ b/kubernetes/aai/components/aai-modelloader/templates/ingress.yaml
@@ -0,0 +1 @@
+{{ include "common.ingress" . }}

diff --git a/kubernetes/aai/components/aai-modelloader/templates/secret.yaml b/kubernetes/aai/components/aai-modelloader/templates/secret.yaml
new file mode 100644 (file)
index 0000000..292e035
--- /dev/null
+++ b/kubernetes/aai/components/aai-modelloader/templates/secret.yaml
@@ -0,0 +1,27 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "common.fullname" . }}
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/config/auth/*").AsSecrets . | indent 2 }}

diff --git a/kubernetes/aai/components/aai-modelloader/templates/service.yaml b/kubernetes/aai/components/aai-modelloader/templates/service.yaml
new file mode 100644 (file)
index 0000000..37ed1de
--- /dev/null
+++ b/kubernetes/aai/components/aai-modelloader/templates/service.yaml
@@ -0,0 +1,43 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "common.servicename" . }}
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+  {{if eq .Values.service.type "NodePort" -}}
+  - port: {{ .Values.service.internalPort }}
+    nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+    name: {{ .Values.service.portName }}
+  - port: {{ .Values.service.internalPort2 }}
+    nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
+    name: {{ .Values.service.portName2 }}
+  {{- else -}}
+  - port: {{ .Values.service.internalPort }}
+    name: {{ .Values.service.portName }}
+  - port: {{ .Values.service.internalPort2 }}
+    name: {{ .Values.service.portName2 }}
+  {{- end}}
+  selector:
+    app: {{ include "common.name" . }}
+    release: {{ include "common.release" . }}

diff --git a/kubernetes/aai/components/aai-modelloader/values.yaml b/kubernetes/aai/components/aai-modelloader/values.yaml
new file mode 100644 (file)
index 0000000..e2b9fa1
--- /dev/null
+++ b/kubernetes/aai/components/aai-modelloader/values.yaml
@@ -0,0 +1,86 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Default values for modelloader.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+global: # global defaults
+  nodePortPrefix: 302
+
+
+# application image
+repository: nexus3.onap.org:10001
+image: onap/model-loader:1.7.0
+pullPolicy: Always
+restartPolicy: Always
+flavor: small
+flavorOverride: small
+# application configuration
+config: {}
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+  initialDelaySeconds: 10
+  periodSeconds: 10
+  # necessary to disable liveness probe when setting breakpoints
+  # in debugger so K8s doesn't restart unresponsive container
+  enabled: true
+
+readiness:
+  initialDelaySeconds: 10
+  periodSeconds: 10
+
+service:
+  type: NodePort
+  portName: aai-modelloader
+  externalPort: 8080
+  internalPort: 8080
+  nodePort: 10
+  portName2: aai-modelloader-ssl
+  externalPort2: 8443
+  internalPort2: 8443
+  nodePort2: 29
+
+ingress:
+  enabled: false
+  service:
+    - baseaddr: "aaimodelloader"
+      name: "aai-modelloader"
+      port: 8443
+  config:
+    ssl: "redirect"
+
+resources:
+  small:
+    limits:
+      cpu: 2
+      memory: 4Gi
+    requests:
+      cpu: 0.5
+      memory: 1Gi
+  large:
+    limits:
+      cpu: 4
+      memory: 8Gi
+    requests:
+      cpu: 1
+      memory: 1536Mi
+  unlimited: {}

diff --git a/kubernetes/aai/components/aai-resources/.helmignore b/kubernetes/aai/components/aai-resources/.helmignore
new file mode 100644 (file)
index 0000000..daebc7d
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.\r
+# This supports shell glob matching, relative path matching, and\r
+# negation (prefixed with !). Only one pattern per line.\r
+.DS_Store\r
+# Common VCS dirs\r
+.git/\r
+.gitignore\r
+.bzr/\r
+.bzrignore\r
+.hg/\r
+.hgignore\r
+.svn/\r
+# Common backup files\r
+*.swp\r
+*.bak\r
+*.tmp\r
+*~\r
+# Various IDEs\r
+.project\r
+.idea/\r
+*.tmproj\r

diff --git a/kubernetes/aai/components/aai-resources/Chart.yaml b/kubernetes/aai/components/aai-resources/Chart.yaml
new file mode 100644 (file)
index 0000000..7ee15fb
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/Chart.yaml
@@ -0,0 +1,19 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+apiVersion: v1
+description: ONAP AAI resources
+name: aai-resources
+version: 7.0.0

diff --git a/kubernetes/aai/components/aai-resources/resources/config/aaf/bath_config.csv b/kubernetes/aai/components/aai-resources/resources/config/aaf/bath_config.csv
new file mode 100644 (file)
index 0000000..60a8fb5
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/resources/config/aaf/bath_config.csv
@@ -0,0 +1,33 @@
+# AAI -> aai@aai.onap.org
+Basic QUFJOkFBSQ==,Basic YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03
+
+# ModelLoader -> aai@aai.onap.org
+Basic TW9kZWxMb2FkZXI6TW9kZWxMb2FkZXI=,Basic YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03
+
+# AaiUI -> aai@aai.onap.org,
+Basic QWFpVUk6QWFpVUk=,Basic YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03
+
+# MSO -> so@so.onap.org
+Basic TVNPOk1TTw==,Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1NiE=,2050-03-03
+
+# SDNC -> sdnc@sdnc.onap.org
+Basic U0ROQzpTRE5D,Basic c2RuY0BzZG5jLm9uYXAub3JnOmRlbW8xMjM0NTYh,2050-03-03
+
+# DCAE -> dcae@dcae.onap.org
+Basic RENBRTpEQ0FF,Basic ZGNhZUBkY2FlLm9uYXAub3JnOmRlbW8xMjM0NTYh,2050-03-03
+
+# POLICY -> policy@policy.onap.org
+Basic UE9MSUNZOlBPTElDWQ==,Basic cG9saWN5QHBvbGljeS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03
+
+# ASDC -> sdc@sdc.onap.org
+Basic QVNEQzpBU0RD,Basic c2RjQHNkYy5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03
+
+# VID -> vid@vid.onap.org
+Basic VklEOlZJRA==,Basic dmlkQHZpZC5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03
+
+# APPC -> appc@appc.onap.org
+Basic QVBQQzpBUFBD,Basic YXBwY0BhcHBjLm9uYXAub3JnOmRlbW8xMjM0NTYh,2050-03-03
+
+# OOF -> oof@oof.onap.org
+Basic T09GOk9PRg==,Basic b29mQG9vZi5vbmFwLm9yZzpkZW1vMTIzNDQ2IQ==,2050-03-03
+

diff --git a/kubernetes/aai/components/aai-resources/resources/config/aaf/cadi.properties b/kubernetes/aai/components/aai-resources/resources/config/aaf/cadi.properties
new file mode 100644 (file)
index 0000000..ec5fd55
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/resources/config/aaf/cadi.properties
@@ -0,0 +1,8 @@
+
+cadi_loglevel=INFO
+cadi_prop_files=/opt/app/aai-resources/resources/aaf/org.osaaf.location.props:/opt/app/aai-resources/resources/aaf/org.onap.aai.props
+
+# OAuth2
+aaf_oauth2_token_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.token:2.1/token
+aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.introspect:2.1/introspect
+

diff --git a/kubernetes/aai/components/aai-resources/resources/config/aaf/org.onap.aai.keyfile b/kubernetes/aai/components/aai-resources/resources/config/aaf/org.onap.aai.keyfile
new file mode 100644 (file)
index 0000000..4c14bc3
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/resources/config/aaf/org.onap.aai.keyfile
@@ -0,0 +1,27 @@
+VoVoSXQrAveX2NBnoAGs7p5q5Zn5vWkVXC81HQrzers30k7OzSy5rfCRSUVO13wuo-wzJQ4GGn4e
+ZSOZrtTCenFwunUX6mirkIlip8W2TLNVH6O3VN-F7JS6t_6EFF5z1y7amr9MCWQ8p72Ig9uHMUWC
+uPLjD6GUWAEw0BIGtCbXgJDs6v2EOCv0TV8Mq1uYSaiAOZgMlehwt1tWcE3iSRfZscjIp4Kjpe4e
+QsZ9Bc5ATTnY3Tc5Mtmubc-1cwGDQQWFIo5k_cWfxhtpMAsNSidwp-zBjCKEWC465BKSSiUHwp4M
+YW_6xrmN1FobnFqLCNoUEoXH3Mcgeze74dXmaN8_JyQ6T5pT1EtETsitnktrfFh-XsLKGf8vE1m8
+pfAtq4hPeq1jMdG0D8SRVGFxJlHa9VsmYpbUj_4I3GGsaBt_EBl9ZUtL0b3Vnx5fnqS1OZ1amL0z
+94rQfQMf2UAnbI1j2j5oV6Hy2eBmSiLft2aNxs1VPmmZLQsm5dXDKF1eJ6twNmaZvzmQaSHTpN4b
+YqPonSwlYK1ZARaKzx1SivpRWzRP-nqqFazfAnPlLdvCBpCK0g_SjwLvlifozVmH2j0Vd6E9F9XE
+NzJSfUY6NsX6_7t10yDYtBKbFKID3jIKmSj7yn5PKNbEWBwmgvkBh4PIKTRij11udR8S8PnYsfTT
+PyC52LH37LL5Me3Y443zOUXtYWwN6wfCi9H4pDQGmg7mcnpKV0Z-Iw59AuLKypTriG3-9DxYgMSa
+_GCDiCIXhcWSEYieRV45qHoeVdgrPGN8iy9leO_JmikGsjcIKl0-mGrojsV0zHrqeP-fyvgpFD1x
+NXLKeqErqSw_KMFOxCa0-cUQHgrVvrs5wDYeetZ4TRafKEYkojZhq6mbM5V2zScQTxU_VEHK0PIs
+BJ6xHzcw9DLUjPTVtHXXbag9ly9ReoHXRLD5O9RZUvLH9pGRIkn_tMrVD1scMiS4ln9QplyGRF1_
+AAXysVgCna3-xuOIYo8zG74d29eNcuEpejPR8CiSWKiKNqp0zMYB5Jpv2dlf0XMucMne-6WV1-gg
+EETogBbymFC6rcc31TjPwqnqyLY0XP7Gy1trJ47aI9zBXS3IZLmGaKW1d12ELDRsWctujcjHyt1_
+Vp3hrny5w7BNWD8SIueUzke3-OuEhOmu0o84TGvfHc6fmKCggRBn_oXee4OeCnt2HzNSlLvOV9AZ
+g5e1UKuzl2dODQCZHNNdj-7f25LIVSV44m0SVNsDwboQ4s7T5HOTn3NM2KpklwBnB6w5ze2FFBzb
+5XNzyXOpDgHEnszN1U90WrpoFvJ0LFJ5XeX8mH0q9lpcKZXbOqP383_dBXyEd237m2OF6WVG4VVm
+4dqB98pBLiGpCR1K6ocdcZE6mAMQn-OdDaLIJLcXt77i1j2MNlODeax-MJnxMW8EjPAzNJzrdq5e
+21spFMZJT9vthdl0qqiiduuTazaXGrmvnB85uvRCXVqJOesVG3HebubWrQuuuePxVTSL18R_PhId
+0hmqho-MOZUHHTxGzqFDR0iOO8Y4hZfiAipHAd49IkkmYJUrEAb258in8W4__vJ5UcIdq2Rd8L9l
+vtIzf7AKcFCyx7Woi95GpEJ2Kr_f6aG1_04hbFY_LHP3EHPcOxsDHjz-8FYreze_LUdsYx-fBMft
+mcFmbFAblk8Jz7GYQ7c4XwULt2BbMr9rsuGuZHL3Ap6lX1eI0-6d8ZZ3DIXIWubTTqHG_mRNd5XW
+b0x5nlEbnvw4t4DdjGsEONpQfllnnmkr25tPQBncPjlsA3oso6h5QM4psvkkKi8yd0N6t-yyLwra
+w1B3p9YQFzK2hGA24Seo83baLRgIK6YvEsNnXdI7fmVEOetIslQue__6S6GupdqgUFx9xrtDLN-d
+TbdxpezKWfkjCxEBxXyAhOttb3qqP0-jtZV7OEsZmmz0T9DG4hYnNfs-clD7rrD3Va7znzDru2sq
+PtgpapahbNjM9pbx9_fU7M35aEYnGtEwG9BVGVxsWmIBMTc05ncru4qE0fLkjsDSnCMQ54e0
\ No newline at end of file

diff --git a/kubernetes/aai/components/aai-resources/resources/config/aaf/org.onap.aai.p12 b/kubernetes/aai/components/aai-resources/resources/config/aaf/org.onap.aai.p12
new file mode 100644 (file)
index 0000000..b2449c6
Binary files /dev/null and b/kubernetes/aai/components/aai-resources/resources/config/aaf/org.onap.aai.p12 differ

diff --git a/kubernetes/aai/components/aai-resources/resources/config/aaf/org.onap.aai.props b/kubernetes/aai/components/aai-resources/resources/config/aaf/org.onap.aai.props
new file mode 100644 (file)
index 0000000..d5a6475
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/resources/config/aaf/org.onap.aai.props
@@ -0,0 +1,15 @@
+############################################################
+# Properties Generated by AT&T Certificate Manager
+# @copyright 2016, AT&T
+############################################################
+cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US
+cadi_keyfile=/opt/app/aai-resources/resources/aaf/org.onap.aai.keyfile
+cadi_keystore=/opt/app/aai-resources/resources/aaf/org.onap.aai.p12
+cadi_keystore_password=enc:dgVjUeXy3cuR7nJ3TFVrXFfAu19gn6rie-RsS96-0fmeZwMsXlNIgK_rHd2eRY_p
+
+#cadi_key_password=enc:9xs_lJ9QQRDoMcHqLbGg40-gefGrw-sLMjWL40ejbyqdC7Jt_pQfY6ajBLGcbLuL
+cadi_alias=aai@aai.onap.org
+cadi_truststore=/opt/app/aai-resources/resources/aaf/truststoreONAPall.jks
+cadi_truststore_password=enc:nF3CZ7w_swzgWJX8CtEOsKWA50x-Da_HbiYlXPWrQym
+cadi_loglevel=INFO
+cadi_bath_convert=/opt/app/aai-resources/resources/aaf/bath_config.csv

diff --git a/kubernetes/aai/components/aai-resources/resources/config/aaf/org.osaaf.location.props b/kubernetes/aai/components/aai-resources/resources/config/aaf/org.osaaf.location.props
new file mode 100644 (file)
index 0000000..8ae66aa
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/resources/config/aaf/org.osaaf.location.props
@@ -0,0 +1,24 @@
+##
+## org.osaaf.location.props
+##
+## Localized Machine Information
+##
+# Almeda California ?
+cadi_latitude=37.78187
+cadi_longitude=-122.26147
+
+# Locate URL (which AAF Env)
+aaf_locate_url=https://aaf-locate.{{.Release.Namespace}}:8095
+
+
+# AAF URL
+aaf_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1
+
+# AAF Environment Designation
+aaf_env=DEV
+
+# OAuth2 Endpoints
+aaf_oauth2_token_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.token:2.1/token
+aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.introspect:2.1/introspect
+
+

diff --git a/kubernetes/aai/components/aai-resources/resources/config/aaf/permissions.properties b/kubernetes/aai/components/aai-resources/resources/config/aaf/permissions.properties
new file mode 100644 (file)
index 0000000..4234121
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/resources/config/aaf/permissions.properties
@@ -0,0 +1,2 @@
+permission.type=org.onap.aai.resources
+permission.instance=*
\ No newline at end of file

diff --git a/kubernetes/aai/components/aai-resources/resources/config/aaiconfig.properties b/kubernetes/aai/components/aai-resources/resources/config/aaiconfig.properties
new file mode 100644 (file)
index 0000000..f2e7caa
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/resources/config/aaiconfig.properties
@@ -0,0 +1,88 @@
+#
+# ============LICENSE_START=======================================================
+# org.onap.aai
+# ================================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+#
+
+####################################################################
+#  REMEMBER TO THINK ABOUT ENVIRONMENTAL DIFFERENCES AND CHANGE THE
+#  TEMPLATE AND *ALL* DATAFILES
+####################################################################
+
+####################################################################
+#  REMEMBER TO THINK ABOUT ENVIRONMENTAL DIFFERENCES AND CHANGE THE
+#  TEMPLATE AND *ALL* DATAFILES
+####################################################################
+
+aai.config.checktime=1000
+
+# this could come from siteconfig.pl?
+aai.config.nodename=AutomaticallyOverwritten
+
+aai.server.url.base=https://aai.{{ include "common.namespace" . }}:8443/aai/
+aai.server.url=https://aai.{{ include "common.namespace" . }}:8443/aai/{{ .Values.global.config.schema.version.api.default }}/
+aai.global.callback.url=https://aai.{{ include "common.namespace" . }}:8443/aai/
+
+{{ if .Values.global.config.basic.auth.enabled }}
+aai.tools.enableBasicAuth=true
+aai.tools.username={{ .Values.global.config.basic.auth.username }}
+aai.tools.password={{ .Values.global.config.basic.auth.passwd }}
+{{ end }}
+
+aai.truststore.filename={{ .Values.global.config.truststore.filename }}
+aai.truststore.passwd.x={{ .Values.global.config.truststore.passwd }}
+aai.keystore.filename={{ .Values.global.config.keystore.filename }}
+aai.keystore.passwd.x={{ .Values.global.config.keystore.passwd }}
+
+aai.notification.current.version={{ .Values.global.config.schema.version.api.default }}
+aai.notificationEvent.default.status=UNPROCESSED
+aai.notificationEvent.default.eventType={{ .Values.global.config.notification.eventType }}
+aai.notificationEvent.default.domain={{ .Values.global.config.notification.domain }}
+aai.notificationEvent.default.sourceName=aai
+aai.notificationEvent.default.sequenceNumber=0
+aai.notificationEvent.default.severity=NORMAL
+aai.notificationEvent.default.version={{ .Values.global.config.schema.version.api.default }}
+# This one lets us enable/disable resource-version checking on updates/deletes
+aai.resourceversion.enableflag=true
+aai.logging.maxStackTraceEntries=10
+aai.default.api.version={{ .Values.global.config.schema.version.api.default }}
+
+aai.logging.trace.enabled=true
+aai.logging.trace.logrequest=false
+aai.logging.trace.logresponse=false
+
+aai.transaction.logging=true
+aai.transaction.logging.get=false
+aai.transaction.logging.post=true
+
+aai.realtime.clients={{ .Values.global.config.realtime.clients }}
+
+# Timeout for crud enabled flag
+aai.crud.timeoutenabled={{ .Values.config.crud.timeout.enabled }}
+
+# Timeout app specific -1 to bypass for that app id, a whole number to override the timeout with that value (in ms)
+aai.crud.timeout.appspecific={{ .Values.config.crud.timeout.appspecific }}
+
+#default timeout limit added for crud if not overridden (in ms)
+aai.crud.timeoutlimit={{ .Values.config.crud.timeout.limit }}
+#limit set for bulk consumer APIS
+aai.bulkconsumer.payloadlimit={{ .Values.config.bulk.limit }}
+
+#uncomment and use header X-OverrideLimit with the value to override the bulk api limit
+aai.bulkconsumer.payloadoverride={{ .Values.config.bulk.override }}

diff --git a/kubernetes/aai/components/aai-resources/resources/config/application-keycloak.properties b/kubernetes/aai/components/aai-resources/resources/config/application-keycloak.properties
new file mode 100644 (file)
index 0000000..0aee217
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/resources/config/application-keycloak.properties
@@ -0,0 +1,14 @@
+
+spring.autoconfigure.exclude=\
+  org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,\
+  org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration
+
+
+keycloak.auth-server-url=http://{{ .Values.config.keycloak.host }}:{{ .Values.config.keycloak.port }}/auth
+keycloak.realm=aai-resources
+keycloak.resource=aai-resources-app
+keycloak.public-client=true
+keycloak.principal-attribute=preferred_username
+
+keycloak.ssl-required=external
+keycloak.bearer-only=true
\ No newline at end of file

diff --git a/kubernetes/aai/components/aai-resources/resources/config/application.properties b/kubernetes/aai/components/aai-resources/resources/config/application.properties
new file mode 100644 (file)
index 0000000..d0a9c14
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/resources/config/application.properties
@@ -0,0 +1,96 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# The following info parameters are being referenced by ajsc6
+info.build.artifact=aai-resources
+info.build.name=resources
+info.build.description=Resources Microservice
+info.build.version=1.3.0
+
+spring.application.name=aai-resources
+spring.jersey.type=filter
+
+spring.main.allow-bean-definition-overriding=true
+server.servlet.context-path=/
+
+spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration,org.keycloak.adapters.springboot.KeycloakAutoConfiguration,org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration
+
+spring.profiles.active={{ .Values.global.config.profiles.active }}
+spring.jersey.application-path=${schema.uri.base.path}
+#The max number of active threads in this pool
+server.tomcat.max-threads=200
+#The minimum number of threads always kept alive
+server.tomcat.min-Spare-Threads=25
+#The number of milliseconds before an idle thread shutsdown, unless the number of active threads are less or equal to minSpareThreads
+server.tomcat.max-idle-time=60000
+
+# If you get an application startup failure that the port is already taken
+# If thats not it, please check if the key-store file path makes sense
+server.local.startpath=aai-resources/src/main/resources/
+server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties
+
+server.port=8447
+server.ssl.enabled-protocols=TLSv1.1,TLSv1.2
+server.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }}
+server.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }})
+server.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.truststore.filename }}
+server.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }})
+server.ssl.client-auth=want
+server.ssl.key-store-type=JKS
+
+# JMS bind address host port
+jms.bind.address=tcp://localhost:61647
+dmaap.ribbon.listOfServers=message-router.{{.Release.Namespace}}:3905
+dmaap.ribbon.transportType=https
+
+# Schema related attributes for the oxm and edges
+# Any additional schema related attributes should start with prefix schema
+schema.configuration.location=N/A
+schema.source.name={{ .Values.global.config.schema.source.name }}
+schema.nodes.location=${server.local.startpath}/schema/${schema.source.name}/oxm/
+schema.edges.location=${server.local.startpath}/schema/${schema.source.name}/dbedgerules/
+
+schema.ingest.file=${server.local.startpath}/application.properties
+
+# Schema Version Related Attributes
+
+schema.uri.base.path={{ .Values.global.config.schema.uri.base.path }}
+# Lists all of the versions in the schema
+schema.version.list={{ .Values.global.config.schema.version.list }}
+# Specifies from which version should the depth parameter to default to zero
+schema.version.depth.start={{ .Values.global.config.schema.version.depth }}
+# Specifies from which version should the related link be displayed in response payload
+schema.version.related.link.start={{ .Values.global.config.schema.version.related.link }}
+
+# Specifies from which version should the client see only the uri excluding host info
+# Before this version server base will also be included
+schema.version.app.root.start={{ .Values.global.config.schema.version.app.root }}
+# Specifies from which version should the namespace be changed
+schema.version.namespace.change.start={{ .Values.global.config.schema.version.namespace.change }}
+# Specifies from which version should the client start seeing the edge label in payload
+schema.version.edge.label.start={{ .Values.global.config.schema.version.edge.label }}
+# Specifies the version that the application should default to
+schema.version.api.default={{ .Values.global.config.schema.version.api.default }}
+
+schema.translator.list={{ .Values.global.config.schema.translator.list }}
+schema.service.base.url=https://aai-schema-service.{{ include "common.namespace" . }}:8452/aai/schema-service/v1/
+schema.service.nodes.endpoint=nodes?version=
+schema.service.edges.endpoint=edgerules?version=
+schema.service.versions.endpoint=versions
+schema.service.client={{ .Values.global.config.schema.service.client }}
+
+schema.service.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }}
+schema.service.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.truststore.filename }}
+schema.service.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }})
+schema.service.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }})

diff --git a/kubernetes/aai/components/aai-resources/resources/config/auth/aai_policy.json b/kubernetes/aai/components/aai-resources/resources/config/auth/aai_policy.json
new file mode 100644 (file)
index 0000000..65f13ef
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/resources/config/auth/aai_policy.json
@@ -0,0 +1,298 @@
+{
+  "roles": [
+    {
+      "name": "admin",
+      "functions": [
+        {
+          "name": "actions",
+          "methods": [
+            {
+              "name": "GET"
+            },
+            {
+              "name": "DELETE"
+            },
+            {
+              "name": "PUT"
+            }
+          ]
+        },
+        {
+          "name": "servers",
+          "methods": [
+            {
+              "name": "GET"
+            },
+            {
+              "name": "DELETE"
+            },
+            {
+              "name": "PUT"
+            }
+          ]
+        },
+        {
+          "name": "cloudinfra",
+          "methods": [
+            {
+              "name": "GET"
+            },
+            {
+              "name": "DELETE"
+            },
+            {
+              "name": "PUT"
+            }
+          ]
+        },
+        {
+          "name": "cloud-infrastructure",
+          "methods": [
+            {
+              "name": "GET"
+            },
+            {
+              "name": "DELETE"
+            },
+            {
+              "name": "PUT"
+            }
+          ]
+        },
+        {
+          "name": "sdandc",
+          "methods": [
+            {
+              "name": "GET"
+            },
+            {
+              "name": "DELETE"
+            },
+            {
+              "name": "PUT"
+            }
+          ]
+        },
+        {
+          "name": "service-design-and-creation",
+          "methods": [
+            {
+              "name": "GET"
+            },
+            {
+              "name": "DELETE"
+            },
+            {
+              "name": "PUT"
+            }
+          ]
+        },
+        {
+          "name": "business",
+          "methods": [
+            {
+              "name": "GET"
+            },
+            {
+              "name": "DELETE"
+            },
+            {
+              "name": "PUT"
+            }
+          ]
+        },
+        {
+          "name": "network",
+          "methods": [
+            {
+              "name": "GET"
+            },
+            {
+              "name": "DELETE"
+            },
+            {
+              "name": "PUT"
+            }
+          ]
+        },
+        {
+          "name": "search",
+          "methods": [
+            {
+              "name": "GET"
+            },
+            {
+              "name": "POST"
+            }
+          ]
+        },
+        {
+          "name": "util",
+          "methods": [
+            {
+              "name": "GET"
+            }
+          ]
+        },
+        {
+          "name": "license-management",
+          "methods": [
+            {
+              "name": "GET"
+            },
+            {
+              "name": "DELETE"
+            },
+            {
+              "name": "PUT"
+            }
+          ]
+        },
+        {
+          "name": "examples",
+          "methods": [
+            {
+              "name": "GET"
+            }
+          ]
+        },
+        {
+          "name": "resources",
+          "methods": [
+            {
+              "name": "GET"
+            }
+          ]
+        },
+        {
+          "name": "generateurl",
+          "methods": [
+            {
+              "name": "GET"
+            }
+          ]
+        },
+        {
+          "name": "bulkadd",
+          "methods": [
+            {
+              "name": "PUT"
+            }
+          ]
+        },
+        {
+          "name": "nodes",
+          "methods": [
+            {
+              "name": "GET"
+            }
+          ]
+        },
+        {
+          "name": "query",
+          "methods": [
+            {
+              "name": "PUT"
+            }
+          ]
+        },
+        {
+          "name": "dbquery",
+          "methods": [
+            {
+              "name": "PUT"
+            }
+          ]
+        },
+        {
+          "name": "bulk",
+          "methods": [
+            {
+              "name": "POST"
+            }
+          ]
+        },
+        {
+          "name": "bulkprocess",
+          "methods": [
+            {
+              "name": "PUT"
+            }
+          ]
+        },
+        {
+          "name": "recents",
+          "methods": [
+            {
+              "name": "GET"
+            }
+          ]
+        },
+        {
+          "name": "dsl",
+          "methods": [
+            {
+              "name": "PUT"
+            }
+          ]
+        },
+        {
+          "name": "common",
+          "methods": [
+            {
+              "name": "GET"
+            },
+            {
+              "name": "DELETE"
+            },
+            {
+              "name": "PUT"
+            }
+          ]
+        }
+      ],
+      "users": [
+        {
+          "username": "CN=aai, OU=OSAAF, OU=aai@aai.onap.org, O=ONAP, C=US"
+        }
+      ]
+    },
+    {
+      "name": "basicauth",
+      "functions": [
+        {
+          "name": "util",
+          "methods": [
+            {
+              "name": "GET"
+            }
+          ]
+        }
+      ],
+      "users": [
+        {
+          "user": "aai",
+          "pass": "OBF:1u2a1t2v1vgb1s3g1s3m1vgj1t3b1u30"
+        }
+      ]
+    },
+    {
+      "name": "HAProxy",
+      "functions": [
+        {
+          "name": "util",
+          "methods": [
+            {
+              "name": "GET"
+            }
+          ]
+        }
+      ],
+      "users": [
+        {
+          "username": "CN=haproxyuser, OU=OSAAF, OU=aai@aai.onap.org, O=ONAP, C=US"
+        }
+      ]
+    }
+  ]
+}

diff --git a/kubernetes/aai/components/aai-resources/resources/config/janusgraph-cached.properties b/kubernetes/aai/components/aai-resources/resources/config/janusgraph-cached.properties
new file mode 100644 (file)
index 0000000..1db2774
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/resources/config/janusgraph-cached.properties
@@ -0,0 +1,100 @@
+#
+# ============LICENSE_START=======================================================
+# org.onap.aai
+# ================================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+#
+
+query.fast-property=true
+query.smart-limit=false
+
+{{ if .Values.global.config.cluster.cassandra.dynamic }}
+
+storage.backend=cql
+storage.hostname={{.Values.global.cassandra.serviceName}}
+storage.cql.keyspace=aaigraph
+storage.username={{.Values.global.cassandra.username}}
+storage.password={{.Values.global.cassandra.password}}
+
+storage.cql.read-consistency-level=LOCAL_QUORUM
+storage.cql.write-consistency-level=LOCAL_QUORUM
+storage.cql.replication-factor={{.Values.global.cassandra.replicas}}
+storage.cql.only-use-local-consistency-for-system-operations=true
+
+{{ else }}
+
+{{ if .Values.global.config.storage }}
+
+storage.backend={{ .Values.global.config.storage.backend }}
+
+{{ if eq .Values.global.config.storage.backend "cassandra" }}
+
+storage.hostname={{ .Values.global.config.storage.hostname }}
+storage.cassandra.keyspace={{ .Values.global.config.storage.name }}
+
+storage.cassandra.read-consistency-level={{ .Values.global.config.storage.cassandra.readConsistency }}
+storage.cassandra.write-consistency-level={{ .Values.global.config.storage.cassandra.writeConsistency }}
+storage.cassandra.replication-factor={{ .Values.global.config.storage.cassandra.replicationFactor | int }}
+storage.cassandra.astyanax.cluster-name= {{ .Values.global.config.storage.clusterName }}
+storage.cassandra.astyanax.local-datacenter= {{ .Values.global.config.storage.localDataCenter }}
+
+storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }}
+cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }}
+log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }}
+
+{{ else if eq .Values.global.config.storage.backend "cql" }}
+
+storage.hostname={{ .Values.global.config.storage.hostname }}
+storage.cql.keyspace={{ .Values.global.config.storage.name }}
+
+storage.cql.read-consistency-level={{ .Values.global.config.storage.cql.readConsistency }}
+storage.cql.write-consistency-level={{ .Values.global.config.storage.cql.readConsistency }}
+storage.cql.replication-factor={{ .Values.global.config.storage.cql.replicationFactor | int }}
+
+storage.cql.only-use-local-consistency-for-system-operations={{ .Values.global.config.storage.cql.localConsistencyForSysOps }}
+storage.cql.cluster-name={{ .Values.global.config.storage.clusterName }}
+storage.cql.local-datacenter={{ .Values.global.config.storage.localDataCenter }}
+
+storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }}
+cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }}
+log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }}
+
+{{ else if eq .Values.global.config.storage.backend "hbase" }}
+
+storage.hostname={{ .Values.global.config.storage.hostname }}
+storage.hbase.table={{ .Values.global.config.storage.name }}
+
+storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }}
+cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }}
+log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }}
+
+{{ end }}
+
+{{ end }}
+
+{{ end }}
+
+storage.lock.wait-time=300
+#caching on
+cache.db-cache = true
+cache.db-cache-clean-wait = 20
+cache.db-cache-time = 180000
+cache.db-cache-size = 0.3
+
+#load graphson file on startup
+load.snapshot.file=false

diff --git a/kubernetes/aai/components/aai-resources/resources/config/janusgraph-realtime.properties b/kubernetes/aai/components/aai-resources/resources/config/janusgraph-realtime.properties
new file mode 100644 (file)
index 0000000..36cbc42
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/resources/config/janusgraph-realtime.properties
@@ -0,0 +1,94 @@
+#
+# ============LICENSE_START=======================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+#
+
+query.fast-property=true
+query.smart-limit=false
+
+{{ if .Values.global.config.cluster.cassandra.dynamic }}
+
+storage.backend=cql
+storage.hostname={{.Values.global.cassandra.serviceName}}
+storage.cql.keyspace=aaigraph
+storage.username={{.Values.global.cassandra.username}}
+storage.password={{.Values.global.cassandra.password}}
+
+storage.cql.read-consistency-level=LOCAL_QUORUM
+storage.cql.write-consistency-level=LOCAL_QUORUM
+storage.cql.replication-factor={{.Values.global.cassandra.replicas}}
+storage.cql.only-use-local-consistency-for-system-operations=true
+
+{{ else }}
+
+{{ if .Values.global.config.storage }}
+
+storage.backend={{ .Values.global.config.storage.backend }}
+
+{{ if eq .Values.global.config.storage.backend "cassandra" }}
+
+storage.hostname={{ .Values.global.config.storage.hostname }}
+storage.cassandra.keyspace={{ .Values.global.config.storage.name }}
+
+storage.cassandra.read-consistency-level={{ .Values.global.config.storage.cassandra.readConsistency }}
+storage.cassandra.write-consistency-level={{ .Values.global.config.storage.cassandra.writeConsistency }}
+storage.cassandra.replication-factor={{ .Values.global.config.storage.cassandra.replicationFactor | int }}
+storage.cassandra.astyanax.cluster-name= {{ .Values.global.config.storage.clusterName }}
+storage.cassandra.astyanax.local-datacenter= {{ .Values.global.config.storage.localDataCenter }}
+
+storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }}
+cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }}
+log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }}
+
+{{ else if eq .Values.global.config.storage.backend "cql" }}
+
+storage.hostname={{ .Values.global.config.storage.hostname }}
+storage.cql.keyspace={{ .Values.global.config.storage.name }}
+
+storage.cql.read-consistency-level={{ .Values.global.config.storage.cql.readConsistency }}
+storage.cql.write-consistency-level={{ .Values.global.config.storage.cql.readConsistency }}
+storage.cql.replication-factor={{ .Values.global.config.storage.cql.replicationFactor | int }}
+
+storage.cql.only-use-local-consistency-for-system-operations={{ .Values.global.config.storage.cql.localConsistencyForSysOps }}
+storage.cql.cluster-name={{ .Values.global.config.storage.clusterName }}
+storage.cql.local-datacenter={{ .Values.global.config.storage.localDataCenter }}
+
+storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }}
+cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }}
+log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }}
+
+{{ else if eq .Values.global.config.storage.backend "hbase" }}
+
+storage.hostname={{ .Values.global.config.storage.hostname }}
+storage.hbase.table={{ .Values.global.config.storage.name }}
+
+storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }}
+cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }}
+log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }}
+
+{{ end }}
+
+{{ end }}
+
+{{ end }}
+
+storage.lock.wait-time=300
+# Setting db-cache to false ensure the fastest propagation of changes across servers
+cache.db-cache = false
+#load graphson file on startup
+load.snapshot.file=false

diff --git a/kubernetes/aai/components/aai-resources/resources/config/localhost-access-logback.xml b/kubernetes/aai/components/aai-resources/resources/config/localhost-access-logback.xml
new file mode 100644 (file)
index 0000000..4cf6c74
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/resources/config/localhost-access-logback.xml
@@ -0,0 +1,63 @@
+<!--\r
+\r
+    ============LICENSE_START=======================================================\r
+    org.onap.aai\r
+    ================================================================================\r
+    Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+    Modifications Copyright © 2018 Amdocs, Bell Canada\r
+    ================================================================================\r
+    Licensed under the Apache License, Version 2.0 (the "License");\r
+    you may not use this file except in compliance with the License.\r
+    You may obtain a copy of the License at\r
+\r
+       http://www.apache.org/licenses/LICENSE-2.0\r
+\r
+    Unless required by applicable law or agreed to in writing, software\r
+    distributed under the License is distributed on an "AS IS" BASIS,\r
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+    See the License for the specific language governing permissions and\r
+    limitations under the License.\r
+    ============LICENSE_END=========================================================\r
+\r
+    ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+\r
+-->\r
+<configuration>\r
+       <property name="AJSC_HOME" value="${AJSC_HOME:-.}" />\r
+       <appender name="ACCESS"\r
+               class="ch.qos.logback.core.rolling.RollingFileAppender">\r
+               <file>${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log</file>\r
+               <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
+                       <fileNamePattern>${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log.%d{yyyy-MM-dd}\r
+                       </fileNamePattern>\r
+               </rollingPolicy>\r
+               <encoder class="org.onap.aai.logging.CustomLogPatternLayoutEncoder">\r
+                       <Pattern>%a %u %z [%t] "%m %U%q" %s %b %y %i{X-TransactionId} %i{X-FromAppId} %i{X-Forwarded-For} %i{X-AAI-SSL-Client-CN} %i{X-AAI-SSL-Client-OU} %i{X-AAI-SSL-Client-O} %i{X-AAI-SSL-Client-L} %i{X-AAI-SSL-Client-ST} %i{X-AAI-SSL-Client-C} %i{X-AAI-SSL-Client-NotBefore} %i{X-AAI-SSL-Client-NotAfter} %i{X-AAI-SSL-Client-DN} %D</Pattern>\r
+               </encoder>\r
+       </appender>\r
+       <appender-ref ref="ACCESS" />\r
+</configuration>\r
+\r
+<!-- \r
+%a - Remote IP address\r
+%A - Local IP address\r
+%b - Bytes sent, excluding HTTP headers, or '-' if no bytes were sent\r
+%B - Bytes sent, excluding HTTP headers\r
+%h - Remote host name\r
+%H - Request protocol\r
+%l - Remote logical username from identd (always returns '-')\r
+%m - Request method\r
+%p - Local port\r
+%q - Query string (prepended with a '?' if it exists, otherwise an empty string\r
+%r - First line of the request\r
+%s - HTTP status code of the response\r
+%S - User session ID\r
+%t - Date and time, in Common Log Format format\r
+%u - Remote user that was authenticated\r
+%U - Requested URL path\r
+%v - Local server name\r
+%I - current request thread name (can compare later with stacktraces)\r
+\r
+%z - Custom pattern that parses the cert for the subject\r
+%y - Custom pattern determines rest or dme2\r
+ -->\r

diff --git a/kubernetes/aai/components/aai-resources/resources/config/logback.xml b/kubernetes/aai/components/aai-resources/resources/config/logback.xml
new file mode 100644 (file)
index 0000000..f24e86d
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/resources/config/logback.xml
@@ -0,0 +1,344 @@
+<!--
+
+    ============LICENSE_START=======================================================
+    org.onap.aai
+    ================================================================================
+    Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+    Modifications Copyright © 2018 Amdocs, Bell Canada
+    ================================================================================
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+    ============LICENSE_END=========================================================
+
+    ECOMP is a trademark and service mark of AT&T Intellectual Property.
+
+-->
+<configuration scan="true" scanPeriod="60 seconds" debug="false">
+       <statusListener class="ch.qos.logback.core.status.NopStatusListener" />
+
+       <property resource="application.properties" />
+
+       <property name="namespace" value="aai-resources"/>
+
+       <property name="AJSC_HOME" value="${AJSC_HOME:-.}" />
+       <jmxConfigurator />
+       <property name="logDirectory" value="${AJSC_HOME}/logs" />
+       <!-- Old patterns
+       <property name="eelfLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%ecompServiceName|%X{partnerName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
+       <property name="eelfAuditLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%ecompServiceName|%X{partnerName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n|\r\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
+       <property name="eelfMetricLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%ecompServiceName|%X{partnerName}|%X{targetEntity}|%X{targetServiceName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{targetVirtualEntity}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
+       <property name="eelfErrorLogPattern" value="%ecompStartTime|%X{requestId}|%-10t|%ecompServiceName|%X{partnerName}|%X{targetEntity}|%X{targetServiceName}|%ecompErrorCategory|%ecompResponseCode|%ecompResponseDescription|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
+    <property name="eelfTransLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%ecompServiceName|%X{partnerName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{partnerName}:%m%n"/>
+    -->
+       <property name="p_tim" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}"/>
+       <property name="p_lvl" value="%level"/>
+       <property name="p_log" value="%logger"/>
+       <property name="p_mdc" value="%replace(%replace(%replace(%mdc){'\t','\\\\t'}){'\n', '\\\\n'}){'\\|', '!'}"/>
+       <property name="p_msg" value="%replace(%replace(%msg){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+       <property name="p_exc" value="%replace(%replace(%rootException){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+       <property name="p_mak" value="%replace(%replace(%marker){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+       <property name="p_thr" value="%thread"/>
+       <property name="pattern" value="%nopexception${p_tim}\t${p_thr}\t${p_lvl}\t${p_log}\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n"/>
+       <!-- Patterns from onap demo -->
+       <property name="errorPattern" value="%X{LogTimestamp}|%X{RequestID}|%thread|%replace(%X{ServiceName}){'\\|', '!'}|%X{PartnerName}|%X{TargetEntity}|%replace(%X{TargetServiceName}){'\\|', '!'}|%.-5level|%X{ErrorCode}|%X{ErrorDesc}|%msg%n" />
+       <property name="debugPattern" value="%X{LogTimestamp}|%X{RequestID}|%msg\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t|^%n" />
+       <property name="auditPattern" value="%X{EntryTimestamp}|%X{LogTimestamp}|%X{RequestID}|%X{ServiceInstanceID}|%thread||%replace(%X{ServiceName}){'\\|', '!'}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}||||${p_mak}|${p_mdc}|||%msg%n" />
+       <property name="metricPattern" value="%X{InvokeTimestamp}|%X{LogTimestamp}|%X{RequestID}|%X{ServiceInstanceID}|%thread||%replace(%X{ServiceName}){'\\|', '!'}|%X{PartnerName}|%X{TargetEntity}|%replace(%X{TargetServiceName}){'\\|', '!'}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}||||%X{TargetVirtualEntity}|${p_mak}|${p_mdc}|||%msg%n" />
+       <property name="transLogPattern" value="%X{LogTimestamp}|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{RequestID}|%X{ServiceInstanceID}|%-10t|%X{ServerFQDN}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%replace(%replace(%X{ResponseDesc}){'\\|', '!'}){'\r|\n', '^'}|%X{InstanceUUID}|%level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{clientIpAddress}||%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{PartnerName}:%m%n"/>
+       <conversionRule conversionWord="clr" converterClass="org.springframework.boot.logging.logback.ColorConverter" />
+    <conversionRule conversionWord="wex" converterClass="org.springframework.boot.logging.logback.WhitespaceThrowableProxyConverter" />
+    <conversionRule conversionWord="wEx" converterClass="org.springframework.boot.logging.logback.ExtendedWhitespaceThrowableProxyConverter" />
+       <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+               <encoder>
+                       <pattern>
+                               %clr(%d{yyyy-MM-dd HH:mm:ss.SSS}){faint} %clr(${LOG_LEVEL_PATTERN:-%5p}) %clr(${PID:- }){magenta} %clr(---){faint} %clr([%15.15t]){faint} %clr(%-40.40logger{39}){cyan} %clr(:){faint} %m%n${LOG_EXCEPTION_CONVERSION_WORD:-%wEx}
+                       </pattern>
+               </encoder>
+       </appender>
+
+       <appender name="SANE" class="ch.qos.logback.core.rolling.RollingFileAppender">
+               <file>${logDirectory}/rest/sane.log</file>
+               <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+                       <fileNamePattern>${logDirectory}/rest/sane.log.%d{yyyy-MM-dd}</fileNamePattern>
+               </rollingPolicy>
+               <encoder>
+                       <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n
+                       </pattern>
+               </encoder>
+       </appender>
+
+       <appender name="asyncSANE" class="ch.qos.logback.classic.AsyncAppender">
+               <queueSize>1000</queueSize>
+               <includeCallerData>true</includeCallerData>
+               <appender-ref ref="SANE" />
+       </appender>
+       <appender name="METRIC" class="ch.qos.logback.core.rolling.RollingFileAppender">
+               <file>${logDirectory}/rest/metrics.log</file>
+               <rollingPolicy
+                               class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+                       <fileNamePattern>${logDirectory}/rest/metrics.log.%d{yyyy-MM-dd}</fileNamePattern>
+               </rollingPolicy>
+               <encoder>
+                       <pattern>${metricPattern}</pattern>
+               </encoder>
+       </appender>
+
+       <appender name="asyncMETRIC" class="ch.qos.logback.classic.AsyncAppender">
+               <queueSize>1000</queueSize>
+               <includeCallerData>true</includeCallerData>
+               <appender-ref ref="METRIC"/>
+       </appender>
+
+       <appender name="DEBUG"
+                         class="ch.qos.logback.core.rolling.RollingFileAppender">
+               <filter class="ch.qos.logback.classic.filter.LevelFilter">
+                       <level>DEBUG</level>
+                       <onMatch>ACCEPT</onMatch>
+                       <onMismatch>DENY</onMismatch>
+               </filter>
+               <file>${logDirectory}/rest/debug.log</file>
+               <rollingPolicy
+                               class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+                       <fileNamePattern>${logDirectory}/rest/debug.log.%d{yyyy-MM-dd}</fileNamePattern>
+               </rollingPolicy>
+               <encoder>
+                       <pattern>${debugPattern}</pattern>
+               </encoder>
+       </appender>
+
+       <appender name="asyncDEBUG" class="ch.qos.logback.classic.AsyncAppender">
+               <queueSize>1000</queueSize>
+               <appender-ref ref="DEBUG" />
+               <includeCallerData>true</includeCallerData>
+       </appender>
+       <appender name="ERROR"
+                         class="ch.qos.logback.core.rolling.RollingFileAppender">
+               <file>${logDirectory}/rest/error.log</file>
+               <rollingPolicy
+                               class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+                       <fileNamePattern>${logDirectory}/rest/error.log.%d{yyyy-MM-dd}</fileNamePattern>
+               </rollingPolicy>
+               <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+                       <level>WARN</level>
+               </filter>
+               <encoder>
+                       <pattern>${errorPattern}</pattern>
+               </encoder>
+       </appender>
+
+       <appender name="asyncERROR" class="ch.qos.logback.classic.AsyncAppender">
+               <queueSize>1000</queueSize>
+               <appender-ref ref="ERROR"/>
+       </appender>
+
+       <appender name="AUDIT"
+               class="ch.qos.logback.core.rolling.RollingFileAppender">
+               <file>${logDirectory}/rest/audit.log</file>
+               <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+                       <fileNamePattern>${logDirectory}/rest/audit.log.%d{yyyy-MM-dd}
+                       </fileNamePattern>
+               </rollingPolicy>
+               <encoder>
+                       <pattern>${auditPattern}</pattern>
+               </encoder>
+       </appender>
+
+       <appender name="asyncAUDIT" class="ch.qos.logback.classic.AsyncAppender">
+               <queueSize>1000</queueSize>
+               <includeCallerData>true</includeCallerData>
+               <appender-ref ref="AUDIT" />
+       </appender>
+
+       <appender name="translog"
+               class="ch.qos.logback.core.rolling.RollingFileAppender">
+               <filter class="ch.qos.logback.classic.filter.LevelFilter">
+                       <level>DEBUG</level>
+                       <onMatch>ACCEPT</onMatch>
+                       <onMismatch>DENY</onMismatch>
+               </filter>
+               <file>${logDirectory}/rest/translog.log</file>
+               <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+                       <fileNamePattern>${logDirectory}/rest/translog.log.%d{yyyy-MM-dd}
+                       </fileNamePattern>
+               </rollingPolicy>
+               <encoder>
+                       <pattern>${transLogPattern}</pattern>
+               </encoder>
+       </appender>
+
+       <appender name="asynctranslog" class="ch.qos.logback.classic.AsyncAppender">
+               <queueSize>1000</queueSize>
+               <includeCallerData>true</includeCallerData>
+               <appender-ref ref="translog" />
+       </appender>
+
+       <appender name="dmaapAAIEventConsumer"
+               class="ch.qos.logback.core.rolling.RollingFileAppender">
+               <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+                       <level>WARN</level>
+               </filter>
+               <File>${logDirectory}/dmaapAAIEventConsumer/error.log</File>
+               <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+                       <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/error.log.%d{yyyy-MM-dd}
+                       </fileNamePattern>
+               </rollingPolicy>
+               <encoder>
+                       <pattern>${errorPattern}</pattern>
+               </encoder>
+
+       </appender>
+
+       <appender name="dmaapAAIEventConsumerDebug"
+               class="ch.qos.logback.core.rolling.RollingFileAppender">
+               <filter class="ch.qos.logback.classic.filter.LevelFilter">
+                       <level>DEBUG</level>
+                       <onMatch>ACCEPT</onMatch>
+                       <onMismatch>DENY</onMismatch>
+               </filter>
+               <File>${logDirectory}/dmaapAAIEventConsumer/debug.log</File>
+               <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+                       <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/debug.log.%d{yyyy-MM-dd}
+                       </fileNamePattern>
+               </rollingPolicy>
+               <encoder>
+                       <pattern>${debugPattern}</pattern>
+               </encoder>
+       </appender>
+       <appender name="dmaapAAIEventConsumerInfo"
+                         class="ch.qos.logback.core.rolling.RollingFileAppender">
+               <filter class="ch.qos.logback.classic.filter.LevelFilter">
+                       <level>INFO</level>
+                       <onMatch>ACCEPT</onMatch>
+                       <onMismatch>DENY</onMismatch>
+               </filter>
+               <File>${logDirectory}/dmaapAAIEventConsumer/dmaap-transaction.log</File>
+               <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+                       <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/dmaap-transaction.log.%d{yyyy-MM-dd}
+                       </fileNamePattern>
+               </rollingPolicy>
+               <encoder>
+                       <pattern>${auditPattern}</pattern>
+               </encoder>
+       </appender>
+       <appender name="dmaapAAIEventConsumerMetric"
+               class="ch.qos.logback.core.rolling.RollingFileAppender">
+               <filter class="ch.qos.logback.classic.filter.LevelFilter">
+                       <level>INFO</level>
+                       <onMatch>ACCEPT</onMatch>
+                       <onMismatch>DENY</onMismatch>
+               </filter>
+               <File>${logDirectory}/dmaapAAIEventConsumer/metrics.log</File>
+               <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+                       <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/metrics.log.%d{yyyy-MM-dd}
+                       </fileNamePattern>
+               </rollingPolicy>
+               <encoder>
+                       <pattern>${metricPattern}</pattern>
+               </encoder>
+       </appender>
+       <appender name="external"
+               class="ch.qos.logback.core.rolling.RollingFileAppender">
+               <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+                       <level>WARN</level>
+               </filter>
+               <file>${logDirectory}/external/external.log</file>
+               <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+                       <fileNamePattern>${logDirectory}/external/external.log.%d{yyyy-MM-dd}
+                       </fileNamePattern>
+               </rollingPolicy>
+               <encoder>
+                       <pattern>${debugPattern}</pattern>
+               </encoder>
+       </appender>
+       <appender name="auth"
+                         class="ch.qos.logback.core.rolling.RollingFileAppender">
+               <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+                       <level>DEBUG</level>
+               </filter>
+               <file>${logDirectory}/auth/auth.log</file>
+               <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+                       <fileNamePattern>${logDirectory}/auth/auth.log.%d{yyyy-MM-dd}
+                       </fileNamePattern>
+               </rollingPolicy>
+               <encoder>
+                       <pattern>%d{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}[%thread] %-5level %logger{1024} - %msg%n</pattern>
+               </encoder>
+       </appender>
+       <appender name="asyncAUTH" class="ch.qos.logback.classic.AsyncAppender">
+               <queueSize>1000</queueSize>
+               <includeCallerData>true</includeCallerData>
+               <appender-ref ref="auth" />
+       </appender>
+       <!-- logback internals logging -->
+
+       <logger name="ch.qos.logback.classic" level="WARN" />
+       <logger name="ch.qos.logback.core" level="WARN" />
+
+       <logger name="com.att.aft.dme2" level="WARN" />
+       <logger name="com.jayway.jsonpath" level="WARN" />
+
+       <logger name="org.apache" level="OFF" />
+       <logger name="org.apache.commons" level="WARN" />
+       <logger name="org.apache.zookeeper" level="OFF" />
+       <logger name="org.codehaus.groovy" level="WARN" />
+       <logger name="org.eclipse.jetty" level="WARN" />
+       <!-- Spring related loggers -->
+       <logger name="org.springframework" level="WARN" />
+       <logger name="org.springframework.beans" level="WARN" />
+       <logger name="org.springframework.web" level="WARN" />
+       <logger name="org.janusgraph" level="WARN" />
+       <logger name="org.zookeeper" level="OFF" />
+
+
+       <logger name="org.onap.aai" level="DEBUG" additivity="false">
+               <appender-ref ref="asyncDEBUG" />
+               <appender-ref ref="asyncSANE" />
+               <appender-ref ref="STDOUT" />
+       </logger>
+       <logger name="org.onap.aai.aaf.auth" level="DEBUG" additivity="false">
+               <appender-ref ref="asyncAUTH" />
+               <appender-ref ref="STDOUT" />
+       </logger>
+       <logger name="org.onap.aai.aailog.logs.AaiScheduledTaskAuditLog" level="INFO">
+               <appender-ref ref="asyncAUDIT"/>
+       </logger>
+       <logger name="org.onap.logging.filter.base.AbstractAuditLogFilter" level="INFO">
+               <appender-ref ref="asyncAUDIT"/>
+       </logger>
+       <logger name="org.onap.aai.aailog.logs.AaiDBMetricLog" level="INFO">
+               <appender-ref ref="asyncMETRIC"/>
+       </logger>
+       <logger name="org.onap.aai.aailog.logs.AaiDmaapMetricLog" level="INFO">
+               <appender-ref ref="dmaapAAIEventConsumerMetric"/>
+       </logger>
+       <logger name="org.onap.aai.logging.ErrorLogHelper" level="WARN">
+               <appender-ref ref="asyncERROR"/>
+       </logger>
+       <logger name="org.onap.aai.interceptors.post" level="DEBUG" additivity="false">
+               <appender-ref ref="asynctranslog" />
+               <appender-ref ref="STDOUT" />
+       </logger>
+
+       <logger name="org.onap.aai.dmaap" level="DEBUG" additivity="false">
+               <appender-ref ref="dmaapAAIEventConsumer" />
+               <appender-ref ref="dmaapAAIEventConsumerDebug" />
+       </logger>
+
+       <logger name="com.att.nsa.mr" level="INFO" >
+               <appender-ref ref="dmaapAAIEventConsumerInfo" />
+       </logger>
+
+       <root level="DEBUG">
+               <appender-ref ref="external" />
+               <appender-ref ref="STDOUT" />
+       </root>
+</configuration>

diff --git a/kubernetes/aai/components/aai-resources/resources/config/realm.properties b/kubernetes/aai/components/aai-resources/resources/config/realm.properties
new file mode 100644 (file)
index 0000000..0499b34
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/resources/config/realm.properties
@@ -0,0 +1,37 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# format : username: password[,rolename ...]
+# default username/password: AAI/AAI, MSO/MSO, ModelLoader/ModelLoader...
+AAI:OBF:1gfr1ev31gg7,admin
+MSO:OBF:1jzx1lz31k01,admin
+SDNC:OBF:1itr1i0l1i151isv,admin
+DCAE:OBF:1g8u1f9d1f991g8w,admin
+POLICY:OBF:1mk61i171ima1im41i0j1mko,admin
+ASDC:OBF:1f991j0u1j001f9d,admin
+VID:OBF:1jm91i0v1jl9,admin
+APPC:OBF:1f991ksf1ksf1f9d,admin
+ModelLoader:OBF:1qvu1v2h1sov1sar1wfw1j7j1wg21saj1sov1v1x1qxw,admin
+AaiUI:OBF:1gfr1p571unz1p4j1gg7,admin
+OOF:OBF:1img1ke71ily,admin
+aai@aai.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+so@so.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+sdnc@sdnc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+dcae@dcae.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+policy@policy.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+sdc@sdc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+vid@vid.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+appc@appc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+oof@oof.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+pomba@pomba.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+vfc@vfc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin

diff --git a/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/client-cert.p12 b/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/client-cert.p12
new file mode 100644 (file)
index 0000000..d9fe86e
Binary files /dev/null and b/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/client-cert.p12 differ

diff --git a/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/fproxy_truststore b/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/fproxy_truststore
new file mode 100644 (file)
index 0000000..f6ebc75
Binary files /dev/null and b/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/fproxy_truststore differ

diff --git a/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/tomcat_keystore b/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/tomcat_keystore
new file mode 100644 (file)
index 0000000..9eec841
Binary files /dev/null and b/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/tomcat_keystore differ

diff --git a/kubernetes/aai/components/aai-resources/resources/fproxy/config/fproxy.properties b/kubernetes/aai/components/aai-resources/resources/fproxy/config/fproxy.properties
new file mode 100644 (file)
index 0000000..f512fb7
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/resources/fproxy/config/fproxy.properties
@@ -0,0 +1,2 @@
+credential.cache.timeout.ms=180000
+transactionid.header.name=X-TransactionId
\ No newline at end of file

diff --git a/kubernetes/aai/components/aai-resources/resources/fproxy/config/logback-spring.xml b/kubernetes/aai/components/aai-resources/resources/fproxy/config/logback-spring.xml
new file mode 100644 (file)
index 0000000..9a08348
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/resources/fproxy/config/logback-spring.xml
@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+ 
+    <property name="LOGS" value="./logs/AAF-FPS" />
+    <property name="FILEPREFIX" value="application" />
+ 
+    <appender name="Console"
+        class="ch.qos.logback.core.ConsoleAppender">
+        <layout class="ch.qos.logback.classic.PatternLayout">
+            <Pattern>
+                %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
+            </Pattern>
+        </layout>
+    </appender>
+ 
+    <appender name="RollingFile"
+        class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>${LOGS}/${FILEPREFIX}.log</file>
+        <encoder
+            class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
+            <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
+        </encoder>
+ 
+        <rollingPolicy
+            class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+            <!-- rollover daily and when the file reaches 10 MegaBytes -->
+            <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
+            </fileNamePattern>
+            <timeBasedFileNamingAndTriggeringPolicy
+                class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
+                <maxFileSize>10MB</maxFileSize>
+            </timeBasedFileNamingAndTriggeringPolicy>
+        </rollingPolicy>
+    </appender>
+     
+    <!-- LOG everything at INFO level -->
+    <root level="info">
+        <appender-ref ref="RollingFile" />
+        <appender-ref ref="Console" />
+    </root>
+ 
+    <!-- LOG "com.baeldung*" at TRACE level -->
+    <logger name="org.onap.aaf.fproxy" level="info" />
+ 
+</configuration>
\ No newline at end of file

diff --git a/kubernetes/aai/components/aai-resources/resources/fproxy/config/readme.txt b/kubernetes/aai/components/aai-resources/resources/fproxy/config/readme.txt
new file mode 100644 (file)
index 0000000..79cf29e
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/resources/fproxy/config/readme.txt
@@ -0,0 +1 @@
+Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file

diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/client-cert.p12 b/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/client-cert.p12
new file mode 100644 (file)
index 0000000..071d407
Binary files /dev/null and b/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/client-cert.p12 differ

diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/org.onap.aai.p12 b/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/org.onap.aai.p12
new file mode 100644 (file)
index 0000000..023e2ea
Binary files /dev/null and b/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/org.onap.aai.p12 differ

diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/tomcat_keystore b/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/tomcat_keystore
new file mode 100644 (file)
index 0000000..6ad5f51
Binary files /dev/null and b/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/tomcat_keystore differ

diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/uri-authorization.json b/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/uri-authorization.json
new file mode 100644 (file)
index 0000000..e23c03d
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/uri-authorization.json
@@ -0,0 +1,99 @@
+[
+  {
+    "uri": "\/not\/allowed\/at\/all$",
+    "permissions": [
+      "test.auth.access.ifYouLikedItYouShouldHavePutAPermissionOnIt"
+     ]
+  },
+  {
+    "uri": "\/one\/auth\/required$",
+    "permissions": [
+      "test.auth.access.aSimpleSingleAuth"
+     ]
+  },
+  {
+    "uri": "\/multi\/auth\/required$",
+    "permissions": [
+      "test.auth.access.aMultipleAuth1",
+      "test.auth.access.aMultipleAuth2",
+      "test.auth.access.aMultipleAuth3"
+     ]
+  },
+  {
+    "uri": "\/one\/[^\/]+\/required$",
+    "permissions": [
+      "test.auth.access.aSimpleSingleAuth"
+     ]
+  },
+  {
+    "uri": "\/services\/getAAFRequest$",
+    "permissions": [
+      "test.auth.access|services|GET,PUT"
+     ]
+  },
+  {
+    "uri": "\/admin\/getAAFRequest$",
+    "permissions": [
+      "test.auth.access|admin|GET,PUT,POST"
+     ]
+  },
+  {
+    "uri": "\/service\/aai\/webapp\/index.html$",
+    "permissions": [
+      "test.auth.access|services|GET,PUT"
+     ]
+  },
+  {
+    "uri": "\/services\/aai\/webapp\/index.html$",
+    "permissions": [
+      "test.auth.access|services|GET,PUT"
+     ]
+  },
+  {
+    "uri": "\/$",
+    "permissions": [
+       "\\|services\\|GET",
+      "test\\.auth\\.access\\|services\\|GET,PUT"
+     ]
+  },
+  {
+    "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions$",
+    "permissions": [
+      "test\\.auth\\.access\\|rest\\|read"
+     ]
+  },
+  {
+    "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+$*",
+    "permissions": [
+      "test.auth.access|clouds|read",
+      "test.auth.access|tenants|read"
+    ]
+  },
+  {
+    "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+\/tenants/tenant/[^\/]+/vservers/vserver/[^\/]+$",
+    "permissions": [
+      "test.auth.access|clouds|read",
+      "test.auth.access|tenants|read",
+      "test.auth.access|vservers|read"
+    ]
+  },
+  {
+    "uri": "\/backend$",
+    "permissions": [
+      "test\\.auth\\.access\\|services\\|GET,PUT",
+      "\\|services\\|GET"
+     ]
+  },
+  {
+    "uri": "\/aai\/.*",
+    "permissions": [
+      "org\\.onap\\.aai\\.resources\\|\\*\\|.*"
+     ]
+  },
+  {
+    "uri": "\/aai\/util\/echo",
+    "permissions": [
+      "org\\.onap\\.aai\\.resources\\|\\*\\|.*"
+     ]
+  }
+]

diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/cadi.properties b/kubernetes/aai/components/aai-resources/resources/rproxy/config/cadi.properties
new file mode 100644 (file)
index 0000000..4980071
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/resources/rproxy/config/cadi.properties
@@ -0,0 +1,39 @@
+# This is a normal Java Properties File
+# Comments are with Pound Signs at beginning of lines,
+# and multi-line expression of properties can be obtained by backslash at end of line
+
+#hostname is used for local testing where you may have to set your hostname to **.att.com or **.sbc.com. The example given below
+#will allow for an ATT cross domain cookie to be used for GLO. If you are running on Windows corp machine, your machine name 
+#may be used automatically by cadi. However, if it is not, you will need to use hostname=mywebserver.att.com and add mywebserver.att.com
+#to your hosts file on your machine.
+#hostname=test.aic.cip.att.com
+
+cadi_loglevel=DEBUG
+
+# OAuth2
+aaf_oauth2_token_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.token:2.1/token
+aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.introspect:2.1/introspect
+
+cadi_latitude=37.78187
+cadi_longitude=-122.26147
+
+# Locate URL (which AAF Env)
+aaf_locate_url=https://aaf-locate.{{.Release.Namespace}}:8095
+
+# AAF URL
+aaf_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1
+
+cadi_keyfile=/opt/app/rproxy/config/security/keyfile
+cadi_keystore=/opt/app/rproxy/config/auth/org.onap.aai.p12
+cadi_keystore_password=enc:383RDJRFA6yQz9AOxUxC1iIg3xTJXityw05MswnpnEtelRQy2D4r5INQjrea7GTV
+cadi_alias=aai@aai.onap.org
+cadi_truststore=/opt/app/rproxy/config/auth/tomcat_keystore
+cadi_truststore_password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+
+aaf_env=DEV
+
+aaf_id=demo@people.osaaf.org
+aaf_password=enc:92w4px0y_rrm265LXLpw58QnNPgDXykyA1YTrflbAKz
+
+# This is a colon separated list of client cert issuers
+cadi_x509_issuers=CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA

diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/forward-proxy.properties b/kubernetes/aai/components/aai-resources/resources/rproxy/config/forward-proxy.properties
new file mode 100644 (file)
index 0000000..1b58d42
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/resources/rproxy/config/forward-proxy.properties
@@ -0,0 +1,4 @@
+forward-proxy.protocol = https
+forward-proxy.host = localhost
+forward-proxy.port = 10680
+forward-proxy.cacheurl = /credential-cache
\ No newline at end of file

diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/logback-spring.xml b/kubernetes/aai/components/aai-resources/resources/rproxy/config/logback-spring.xml
new file mode 100644 (file)
index 0000000..799fd86
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/resources/rproxy/config/logback-spring.xml
@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+ 
+    <property name="LOGS" value="./logs/reverse-proxy" />
+    <property name="FILEPREFIX" value="application" />
+ 
+    <appender name="Console"
+        class="ch.qos.logback.core.ConsoleAppender">
+        <layout class="ch.qos.logback.classic.PatternLayout">
+            <Pattern>
+                %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
+            </Pattern>
+        </layout>
+    </appender>
+ 
+    <appender name="RollingFile"
+        class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>${LOGS}/${FILEPREFIX}.log</file>
+        <encoder
+            class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
+            <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
+        </encoder>
+ 
+        <rollingPolicy
+            class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+            <!-- rollover daily and when the file reaches 10 MegaBytes -->
+            <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
+            </fileNamePattern>
+            <timeBasedFileNamingAndTriggeringPolicy
+                class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
+                <maxFileSize>10MB</maxFileSize>
+            </timeBasedFileNamingAndTriggeringPolicy>
+        </rollingPolicy>
+    </appender>
+     
+    <!-- LOG everything at INFO level -->
+    <root level="info">
+        <appender-ref ref="RollingFile" />
+        <appender-ref ref="Console" />
+    </root>
+ 
+    <!-- LOG "com.baeldung*" at TRACE level  -->
+    <logger name="org.onap.aaf.rproxy" level="info" />
+ 
+</configuration>

diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/primary-service.properties b/kubernetes/aai/components/aai-resources/resources/rproxy/config/primary-service.properties
new file mode 100644 (file)
index 0000000..2c89d28
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/resources/rproxy/config/primary-service.properties
@@ -0,0 +1,3 @@
+primary-service.protocol = https
+primary-service.host = localhost
+primary-service.port = 8447

diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/readme.txt b/kubernetes/aai/components/aai-resources/resources/rproxy/config/readme.txt
new file mode 100644 (file)
index 0000000..79cf29e
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/resources/rproxy/config/readme.txt
@@ -0,0 +1 @@
+Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file

diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/reverse-proxy.properties b/kubernetes/aai/components/aai-resources/resources/rproxy/config/reverse-proxy.properties
new file mode 100644 (file)
index 0000000..8d46e1f
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/resources/rproxy/config/reverse-proxy.properties
@@ -0,0 +1 @@
+transactionid.header.name=X-TransactionId
\ No newline at end of file

diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/security/keyfile b/kubernetes/aai/components/aai-resources/resources/rproxy/config/security/keyfile
new file mode 100644 (file)
index 0000000..3416d4a
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/resources/rproxy/config/security/keyfile
@@ -0,0 +1,27 @@
+2otP92kNFHdexroZxvgYY7ffslFiwCD3CiVYMIfUF2edqZK7972NwkvE_mbaBo6jh8lByLIqrWAf
+jyzoiVsvQ_kCa0cS1xaRLpcxv3bx1b7o3hGPBqpd6vmSG4y2JLzNlCBZWuTJz827wr8p_fWrYuUm
+4L1WoaEe8W5PRnXjl4hDqbJBAlEoRIBXugUDt_7O5wgx2Rl3HVoOczZtf0RzONZ1F0BmKf3QlAUe
+moSbARitYRgIPt5sLbT7qPyoEpGDhQ1XBowR744-wsjBc-14yO62Ajp5xWKTp15uWn3_HHuw1SAf
+GWSBRGlSlEVkXQqi9Hw5jDttKVzHX1ckwR0SQOirbtHPHplxPX3WKjKhSdSeMzw6LOAHIQYRMKBT
+74oGnULAfPtV7TaGwOKriT3P49CoPdt9On89-LGyCZSxDWKH0K-rgB6I2_hPT2Uzr3jmXiMa-sfh
+iMvyQ7ABBVx0OFsUuNb5mcU2O6dWiQreL5RerrloV_X3ZtnNjxENXKjQ5KBR1A5ISPjFFK-kf4Rb
+p6FSII8LcsiqgdWuZ4GX_C6x8HX4A-vD0x3Uc9CfoXY-k23cNIy-R-W-oB-P2OgdWDNgZ7VaOLNt
+3L-NwWpNblfYvs93cNmkbVAwCZ3r0OP7RFeuON84TRaynK_Fh2S3rypRyJcUmM1pvpZqJ5_-umSW
+hUs1OqkdLv3xjlVzzK-3nMr0q3Zcyp4XdyLYtcX5I3Xqk9ZcsyAT7ghmHhV8KjUjue7OcfAWg0m7
+RJLGq6VC8HeK4HEMa4lF677Qh7DRufghIDEmQSIDfGA790WGSA8HqcOvAL4hURCHyCWiPa5i8ksX
+xX4HyqF8PCVCLJ_ZhzcuIlc0jStAexWbJU_vcyX7XgUaHCkF-M-zv1FP6Z3DHBMD2QqSWjmyNCCk
+8sIuwzs62P_j2o9jG33kssedCrUWOwZancU107-5H0Zw-UWvtCqUfmRZ7TsEbWY7lk_SKfLfAN5q
+ncOQgU_VxDXUFDST4LN_WVECRafK3UtwWomxWSji25Lbf6NVni3ok-yLMDZR-wrE-54jLPES9j0i
+5N0xrk9CfsvGUpUZ1_XQcgaxI6m27DtCCJXb5ywenPBiUIJCMCTq88CqNZxGpju2i4BJcUH2hUHe
+GKhO8pgslwhtEVot9EDwdzSrJkWFCfb6ud4zMxrqdi7-mLWMOydg6lhpEFEX5wu2BLIujGsZlEGE
+_K9jGfBypjXuJCKDZIuPfEnf_7idjKis_JcFB7x4Hx2HHDcBjlWWFZN_VIEnPkQSyZEC26RTFP3k
+zkY3GwUfA36a4XW2pu3gE9wz-W6fkONfzOZ6YiyCm_dRFUVuGSdJG02Hh5iXYlMOGJltPzWH2jVf
+S-QTOmXQTKSOheXoJO6O-9uQbsRf-kq-6w1pvIOp4ms35w4_0Xj0Xr2a9y-L9PdBZvrUsa-jxsZU
+LyA-YY4Ej6QwDBDTD2MGjF1E5_ekYgjoNlltM9rJjofruM4ym0n7LPHC7YXXQSEFOZYeTKi6wUDw
+hQ1DoWHgu4PQ2lexada8sxQdConbPe2iW16h-PrO5D12E4XbT00fqaMlBmjQwzdNRdCC2NRPIQ5W
+nwaO8dZ9yjxsjT7ZVHb9-DRblb3XDocponzxVXqUGtJAie4WXQnerX0ApTWGaHEr5y56JJVS_3LP
+bKrbXBXcs4jTUX4ECXRrOs8JQDQNysXhvTPCu0XUxNZpjx6KLxDs93k2OcESHjl5J6n6OKKJqqoN
+JEyFO5LGXpnmUJbn0-CaHHPRI1mHwEu4brY8wDZd9A0PD1KGXDoCHMfEk1lGblQdyOcVrXZ6uSBk
+Z6zHDnwSCHO1mPYqtelJQehZoFuPSv9PIgKLxs_qJOtZFnXII5YO1mGXgiIBWBjUFDR5HG4ENS6y
+J4MCF-JLMp-PVMAkOaCIQRRDpRnMm_fT1sc_P562Diu_pcdt-r55pMFQYGoGfjRmxQBKk0-SsdnP
+mlZIiis9DfQEN0q3QQdNRYBJD7tmhUwhAPZdLgXqJA8sZf8UyFQhhpsky79NT343YL9smUlF
\ No newline at end of file

diff --git a/kubernetes/aai/components/aai-resources/templates/configmap.yaml b/kubernetes/aai/components/aai-resources/templates/configmap.yaml
new file mode 100644 (file)
index 0000000..1a1192a
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/templates/configmap.yaml
@@ -0,0 +1,159 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-configmap
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/localhost-access-logback.xml").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/janusgraph-realtime.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/janusgraph-cached.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/aaiconfig.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/application-keycloak.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/realm.properties").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-aaf-props
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/aaf/org.osaaf.location.props").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/aaf/permissions.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.props").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/aaf/cadi.properties").AsConfig . | indent 2 }}
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "common.fullname" . }}-aaf-keys
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.keyfile").AsSecrets . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.p12").AsSecrets . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/aaf/bath_config.csv").AsSecrets . | indent 2 }}
+
+{{ if .Values.global.installSidecarSecurity }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-aai-policy-configmap
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/auth/aai_policy.json").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-fproxy-config
+  namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/fproxy/config/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-fproxy-log-config
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/fproxy/config/logback-spring.xml").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "common.fullname" . }}-fproxy-auth-config
+  namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/fproxy/config/auth/*").AsSecrets . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-rproxy-config
+  namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-rproxy-log-config
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/logback-spring.xml").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
+  namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/auth/uri-authorization.json").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "common.fullname" . }}-rproxy-auth-config
+  namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/auth/*").AsSecrets . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "common.fullname" . }}-rproxy-security-config
+  namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/security/*").AsSecrets . | indent 2 }}
+{{ end }}

diff --git a/kubernetes/aai/components/aai-resources/templates/deployment.yaml b/kubernetes/aai/components/aai-resources/templates/deployment.yaml
new file mode 100644 (file)
index 0000000..ae328f5
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/templates/deployment.yaml
@@ -0,0 +1,1484 @@
+# Copyright (c) 2017 Amdocs, Bell Canada
+# Modifications Copyright (c) 2018 AT&T
+# Modifications Copyright (c) 2020 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "common.fullname" . }}
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app: {{ include "common.name" . }}
+  template:
+    metadata:
+      labels:
+        app: {{ include "common.name" . }}
+        release: {{ include "common.release" . }}
+      name: {{ include "common.name" . }}
+      annotations:
+        checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+        msb.onap.org/service-info: '[
+          {
+              "serviceName": "_aai-cloudInfrastructure",
+              "version": "v11",
+              "url": "/aai/v11/cloud-infrastructure",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v11/cloud-infrastructure"
+          },
+          {
+              "serviceName": "_aai-cloudInfrastructure",
+              "version": "v12",
+              "url": "/aai/v12/cloud-infrastructure",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v12/cloud-infrastructure"
+          },
+          {
+              "serviceName": "_aai-cloudInfrastructure",
+              "version": "v13",
+              "url": "/aai/v13/cloud-infrastructure",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v13/cloud-infrastructure"
+          },
+          {
+              "serviceName": "_aai-cloudInfrastructure",
+              "version": "v14",
+              "url": "/aai/v14/cloud-infrastructure",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v14/cloud-infrastructure"
+          },
+          {
+              "serviceName": "_aai-cloudInfrastructure",
+              "version": "v15",
+              "url": "/aai/v15/cloud-infrastructure",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v15/cloud-infrastructure"
+          },
+          {
+              "serviceName": "_aai-cloudInfrastructure",
+              "version": "v16",
+              "url": "/aai/v16/cloud-infrastructure",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v16/cloud-infrastructure"
+          },
+          {
+              "serviceName": "_aai-cloudInfrastructure",
+              "version": "v17",
+              "url": "/aai/v17/cloud-infrastructure",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v17/cloud-infrastructure"
+          },
+          {
+              "serviceName": "_aai-cloudInfrastructure",
+              "version": "v18",
+              "url": "/aai/v18/cloud-infrastructure",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v18/cloud-infrastructure"
+          },
+          {
+              "serviceName": "_aai-cloudInfrastructure",
+              "version": "v19",
+              "url": "/aai/v19/cloud-infrastructure",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v19/cloud-infrastructure"
+          },
+          {
+              "serviceName": "_aai-business",
+              "version": "v11",
+              "url": "/aai/v11/business",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v11/business"
+          },
+          {
+              "serviceName": "_aai-business",
+              "version": "v12",
+              "url": "/aai/v12/business",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v12/business"
+          },
+          {
+              "serviceName": "_aai-business",
+              "version": "v13",
+              "url": "/aai/v13/business",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v13/business"
+          },
+          {
+              "serviceName": "_aai-business",
+              "version": "v14",
+              "url": "/aai/v14/business",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v14/business"
+          },
+          {
+              "serviceName": "_aai-business",
+              "version": "v15",
+              "url": "/aai/v15/business",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v15/business"
+          },
+          {
+              "serviceName": "_aai-business",
+              "version": "v16",
+              "url": "/aai/v16/business",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v16/business"
+          },
+          {
+              "serviceName": "_aai-business",
+              "version": "v17",
+              "url": "/aai/v17/business",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v17/business"
+          },
+          {
+              "serviceName": "_aai-business",
+              "version": "v18",
+              "url": "/aai/v18/business",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v18/business"
+          },
+          {
+              "serviceName": "_aai-business",
+              "version": "v19",
+              "url": "/aai/v19/business",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v19/business"
+          },
+          {
+              "serviceName": "_aai-actions",
+              "version": "v11",
+              "url": "/aai/v11/actions",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v11/actions"
+          },
+          {
+              "serviceName": "_aai-actions",
+              "version": "v12",
+              "url": "/aai/v12/actions",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v12/actions"
+          },
+          {
+              "serviceName": "_aai-actions",
+              "version": "v13",
+              "url": "/aai/v13/actions",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v13/actions"
+          },
+          {
+              "serviceName": "_aai-actions",
+              "version": "v14",
+              "url": "/aai/v14/actions",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v14/actions"
+          },
+          {
+              "serviceName": "_aai-actions",
+              "version": "v15",
+              "url": "/aai/v15/actions",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v15/actions"
+          },
+          {
+              "serviceName": "_aai-actions",
+              "version": "v16",
+              "url": "/aai/v16/actions",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v16/actions"
+          },
+          {
+              "serviceName": "_aai-actions",
+              "version": "v17",
+              "url": "/aai/v17/actions",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v17/actions"
+          },
+          {
+              "serviceName": "_aai-actions",
+              "version": "v18",
+              "url": "/aai/v18/actions",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v18/actions"
+          },
+          {
+              "serviceName": "_aai-actions",
+              "version": "v19",
+              "url": "/aai/v19/actions",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v19/actions"
+          },
+          {
+              "serviceName": "_aai-service-design-and-creation",
+              "version": "v11",
+              "url": "/aai/v11/service-design-and-creation",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v11/service-design-and-creation"
+          },
+          {
+              "serviceName": "_aai-service-design-and-creation",
+              "version": "v12",
+              "url": "/aai/v12/service-design-and-creation",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v12/service-design-and-creation"
+          },
+          {
+              "serviceName": "_aai-service-design-and-creation",
+              "version": "v13",
+              "url": "/aai/v13/service-design-and-creation",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v13/service-design-and-creation"
+          },
+          {
+              "serviceName": "_aai-service-design-and-creation",
+              "version": "v14",
+              "url": "/aai/v14/service-design-and-creation",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v14/service-design-and-creation"
+          },
+           {
+              "serviceName": "_aai-service-design-and-creation",
+              "version": "v15",
+              "url": "/aai/v15/service-design-and-creation",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v15/service-design-and-creation"
+          },
+          {
+              "serviceName": "_aai-service-design-and-creation",
+              "version": "v16",
+              "url": "/aai/v16/service-design-and-creation",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v16/service-design-and-creation"
+          },
+          {
+              "serviceName": "_aai-service-design-and-creation",
+              "version": "v17",
+              "url": "/aai/v17/service-design-and-creation",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v17/service-design-and-creation"
+          },
+          {
+              "serviceName": "_aai-service-design-and-creation",
+              "version": "v18",
+              "url": "/aai/v18/service-design-and-creation",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v18/service-design-and-creation"
+          },
+          {
+              "serviceName": "_aai-service-design-and-creation",
+              "version": "v19",
+              "url": "/aai/v19/service-design-and-creation",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v19/service-design-and-creation"
+          },
+          {
+              "serviceName": "_aai-network",
+              "version": "v11",
+              "url": "/aai/v11/network",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v11/network"
+          },
+          {
+              "serviceName": "_aai-network",
+              "version": "v12",
+              "url": "/aai/v12/network",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v12/network"
+          },
+          {
+              "serviceName": "_aai-network",
+              "version": "v13",
+              "url": "/aai/v13/network",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v13/network"
+          },
+          {
+              "serviceName": "_aai-network",
+              "version": "v14",
+              "url": "/aai/v14/network",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v14/network"
+          },
+          {
+              "serviceName": "_aai-network",
+              "version": "v15",
+              "url": "/aai/v15/network",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v15/network"
+          },
+          {
+              "serviceName": "_aai-network",
+              "version": "v16",
+              "url": "/aai/v16/network",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v16/network"
+          },
+          {
+              "serviceName": "_aai-network",
+              "version": "v17",
+              "url": "/aai/v17/network",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v17/network"
+          },
+          {
+              "serviceName": "_aai-network",
+              "version": "v18",
+              "url": "/aai/v18/network",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v18/network"
+          },
+          {
+              "serviceName": "_aai-network",
+              "version": "v19",
+              "url": "/aai/v19/network",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v19/network"
+          },
+          {
+              "serviceName": "_aai-externalSystem",
+              "version": "v11",
+              "url": "/aai/v11/external-system",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v11/external-system"
+          },
+          {
+              "serviceName": "_aai-externalSystem",
+              "version": "v12",
+              "url": "/aai/v12/external-system",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v12/external-system"
+          },
+          {
+              "serviceName": "_aai-externalSystem",
+              "version": "v13",
+              "url": "/aai/v13/external-system",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v13/external-system"
+          },
+          {
+              "serviceName": "_aai-externalSystem",
+              "version": "v14",
+              "url": "/aai/v14/external-system",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v14/external-system"
+          },
+          {
+              "serviceName": "_aai-externalSystem",
+              "version": "v15",
+              "url": "/aai/v15/external-system",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v15/external-system"
+          },
+          {
+              "serviceName": "_aai-externalSystem",
+              "version": "v16",
+              "url": "/aai/v16/external-system",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v16/external-system"
+          },
+          {
+              "serviceName": "_aai-externalSystem",
+              "version": "v17",
+              "url": "/aai/v17/external-system",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v17/external-system"
+          },
+          {
+              "serviceName": "_aai-externalSystem",
+              "version": "v18",
+              "url": "/aai/v18/external-system",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v18/external-system"
+          },
+          {
+              "serviceName": "_aai-externalSystem",
+              "version": "v19",
+              "url": "/aai/v19/external-system",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v19/external-system"
+          },
+          {
+              "serviceName": "aai-cloudInfrastructure",
+              "version": "v11",
+              "url": "/aai/v11/cloud-infrastructure",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-cloudInfrastructure",
+              "version": "v12",
+              "url": "/aai/v12/cloud-infrastructure",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-cloudInfrastructure",
+              "version": "v13",
+              "url": "/aai/v13/cloud-infrastructure",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-cloudInfrastructure",
+              "version": "v14",
+              "url": "/aai/v14/cloud-infrastructure",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-cloudInfrastructure",
+              "version": "v15",
+              "url": "/aai/v15/cloud-infrastructure",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-cloudInfrastructure",
+              "version": "v16",
+              "url": "/aai/v16/cloud-infrastructure",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-cloudInfrastructure",
+              "version": "v17",
+              "url": "/aai/v17/cloud-infrastructure",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-cloudInfrastructure",
+              "version": "v18",
+              "url": "/aai/v18/cloud-infrastructure",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-cloudInfrastructure",
+              "version": "v19",
+              "url": "/aai/v19/cloud-infrastructure",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-business",
+              "version": "v11",
+              "url": "/aai/v11/business",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-business",
+              "version": "v12",
+              "url": "/aai/v12/business",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-business",
+              "version": "v13",
+              "url": "/aai/v13/business",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-business",
+              "version": "v14",
+              "url": "/aai/v14/business",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-business",
+              "version": "v15",
+              "url": "/aai/v15/business",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-business",
+              "version": "v16",
+              "url": "/aai/v16/business",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-business",
+              "version": "v17",
+              "url": "/aai/v17/business",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-business",
+              "version": "v18",
+              "url": "/aai/v18/business",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-business",
+              "version": "v19",
+              "url": "/aai/v19/business",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-actions",
+              "version": "v11",
+              "url": "/aai/v11/actions",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-actions",
+              "version": "v12",
+              "url": "/aai/v12/actions",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-actions",
+              "version": "v13",
+              "url": "/aai/v13/actions",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-actions",
+              "version": "v14",
+              "url": "/aai/v14/actions",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-actions",
+              "version": "v15",
+              "url": "/aai/v15/actions",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-actions",
+              "version": "v16",
+              "url": "/aai/v16/actions",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-actions",
+              "version": "v17",
+              "url": "/aai/v17/actions",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-actions",
+              "version": "v18",
+              "url": "/aai/v18/actions",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-actions",
+              "version": "v19",
+              "url": "/aai/v19/actions",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-service-design-and-creation",
+              "version": "v11",
+              "url": "/aai/v11/service-design-and-creation",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-service-design-and-creation",
+              "version": "v12",
+              "url": "/aai/v12/service-design-and-creation",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-service-design-and-creation",
+              "version": "v13",
+              "url": "/aai/v13/service-design-and-creation",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-service-design-and-creation",
+              "version": "v14",
+              "url": "/aai/v14/service-design-and-creation",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-service-design-and-creation",
+              "version": "v15",
+              "url": "/aai/v15/service-design-and-creation",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-service-design-and-creation",
+              "version": "v16",
+              "url": "/aai/v16/service-design-and-creation",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-service-design-and-creation",
+              "version": "v17",
+              "url": "/aai/v17/service-design-and-creation",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-service-design-and-creation",
+              "version": "v18",
+              "url": "/aai/v18/service-design-and-creation",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-service-design-and-creation",
+              "version": "v19",
+              "url": "/aai/v19/service-design-and-creation",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-network",
+              "version": "v11",
+              "url": "/aai/v11/network",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-network",
+              "version": "v12",
+              "url": "/aai/v12/network",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-network",
+              "version": "v13",
+              "url": "/aai/v13/network",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-network",
+              "version": "v14",
+              "url": "/aai/v14/network",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-network",
+              "version": "v15",
+              "url": "/aai/v15/network",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-network",
+              "version": "v16",
+              "url": "/aai/v16/network",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-network",
+              "version": "v17",
+              "url": "/aai/v17/network",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-network",
+              "version": "v18",
+              "url": "/aai/v18/network",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-network",
+              "version": "v19",
+              "url": "/aai/v19/network",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-externalSystem",
+              "version": "v11",
+              "url": "/aai/v11/external-system",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-externalSystem",
+              "version": "v12",
+              "url": "/aai/v12/external-system",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-externalSystem",
+              "version": "v13",
+              "url": "/aai/v13/external-system",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-externalSystem",
+              "version": "v14",
+              "url": "/aai/v14/external-system",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-externalSystem",
+              "version": "v15",
+              "url": "/aai/v15/external-system",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-externalSystem",
+              "version": "v16",
+              "url": "/aai/v16/external-system",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-externalSystem",
+              "version": "v17",
+              "url": "/aai/v17/external-system",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-externalSystem",
+              "version": "v18",
+              "url": "/aai/v18/external-system",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-externalSystem",
+              "version": "v19",
+              "url": "/aai/v19/external-system",
+              "protocol": "REST",
+              "port": "8447",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          }
+          ]'
+    spec:
+      hostname: aai-resources
+    {{ if .Values.global.initContainers.enabled }}
+      {{ if .Values.global.installSidecarSecurity }}
+      hostAliases:
+      - ip: {{ .Values.global.aaf.serverIp }}
+        hostnames:
+        - {{ .Values.global.aaf.serverHostname }}
+      {{ end }}
+      initContainers:
+      - command:
+      {{ if .Values.global.jobs.migration.enabled }}
+        - /app/ready.py
+        args:
+        - --job-name
+        - {{ include "common.release" . }}-aai-graphadmin-migration
+      {{  else if .Values.global.jobs.createSchema.enabled  }}
+        - /app/ready.py
+        args:
+        - --job-name
+        - {{ include "common.release" . }}-aai-graphadmin-create-db-schema
+      {{  else }}
+        - /app/ready.py
+        args:
+        - --container-name
+        {{- if .Values.global.cassandra.localCluster }}
+        - aai-cassandra
+        {{- else }}
+        - cassandra
+        {{- end }}
+        - --container-name
+        - aai-schema-service
+      {{  end  }}
+        env:
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: metadata.namespace
+        image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        name: {{ include "common.name" . }}-readiness
+      {{ if .Values.global.installSidecarSecurity }}
+      - name: {{ .Values.global.tproxyConfig.name }}
+        image: "{{ include "common.repository" . }}/{{ .Values.global.tproxyConfig.image }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        securityContext:
+          privileged: true
+      {{ end }}
+    {{ end }}
+      containers:
+      - name: {{ include "common.name" . }}
+        image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        env:
+        - name: LOCAL_USER_ID
+          value: {{ .Values.global.config.userId | quote }}
+        - name: LOCAL_GROUP_ID
+          value: {{ .Values.global.config.groupId | quote }}
+        volumeMounts:
+        - mountPath: /etc/localtime
+          name: localtime
+          readOnly: true
+        - mountPath: /opt/app/aai-resources/resources/etc/appprops/janusgraph-realtime.properties
+          name: {{ include "common.fullname" . }}-config
+          subPath: janusgraph-realtime.properties
+        - mountPath: /opt/app/aai-resources/resources/etc/appprops/janusgraph-cached.properties
+          name: {{ include "common.fullname" . }}-config
+          subPath: janusgraph-cached.properties
+        - mountPath: /opt/app/aai-resources/resources/etc/appprops/aaiconfig.properties
+          name: {{ include "common.fullname" . }}-config
+          subPath: aaiconfig.properties
+        - mountPath: /opt/aai/logroot/AAI-RES
+          name: {{ include "common.fullname" . }}-logs
+        - mountPath: /opt/app/aai-resources/resources/logback.xml
+          name: {{ include "common.fullname" . }}-config
+          subPath: logback.xml
+        - mountPath: /opt/app/aai-resources/resources/localhost-access-logback.xml
+          name: {{ include "common.fullname" . }}-config
+          subPath: localhost-access-logback.xml
+        - mountPath: /opt/app/aai-resources/resources/etc/auth/realm.properties
+          name: {{ include "common.fullname" . }}-config
+          subPath: realm.properties
+        {{ if .Values.global.installSidecarSecurity }}
+        - mountPath: /opt/app/aai-resources/resources/etc/auth/aai_policy.json
+          name: {{ include "common.fullname" . }}-aai-policy
+          subPath: aai_policy.json
+        {{ end }}
+        - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.keyfile
+          name: {{ include "common.fullname" . }}-aaf-certs
+          subPath: org.onap.aai.keyfile
+        - mountPath: /opt/app/aai-resources/resources/aaf/bath_config.csv
+          name: {{ include "common.fullname" . }}-aaf-certs
+          subPath: bath_config.csv
+        - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.props
+          name: {{ include "common.fullname" . }}-aaf-properties
+          subPath: org.onap.aai.props
+        - mountPath: /opt/app/aai-resources/resources/aaf/org.osaaf.location.props
+          name: {{ include "common.fullname" . }}-aaf-properties
+          subPath: org.osaaf.location.props
+        - mountPath: /opt/app/aai-resources/resources/aaf/permissions.properties
+          name: {{ include "common.fullname" . }}-aaf-properties
+          subPath: permissions.properties
+        - mountPath: /opt/app/aai-resources/resources/cadi.properties
+          name: {{ include "common.fullname" . }}-aaf-properties
+          subPath: cadi.properties
+        - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.p12
+          name: {{ include "common.fullname" . }}-aaf-certs
+          subPath: org.onap.aai.p12
+        - mountPath: /opt/app/aai-resources/resources/aaf/truststoreONAPall.jks
+          name: aai-common-aai-auth-mount
+          subPath: truststoreONAPall.jks
+        - mountPath: /opt/app/aai-resources/resources/application.properties
+          name: {{ include "common.fullname" . }}-config
+          subPath: application.properties
+        - mountPath: /opt/app/aai-resources/resources/application-keycloak.properties
+          name: {{ include "common.fullname" . }}-config
+          subPath: application-keycloak.properties
+          {{ $global := . }}
+          {{ range $job := .Values.global.config.auth.files }}
+        - mountPath: /opt/app/aai-resources/resources/etc/auth/{{ . }}
+          name: {{ include "common.fullname" $global }}-auth-truststore-sec
+          subPath: {{ . }}
+          {{ end }}
+        ports:
+        - containerPort: {{ .Values.service.internalPort }}
+        - containerPort: {{ .Values.service.internalPort2 }}
+        # disable liveness probe when breakpoints set in debugger
+        # so K8s doesn't restart unresponsive container
+        {{ if .Values.liveness.enabled }}
+        livenessProbe:
+          tcpSocket:
+            port: {{ .Values.service.internalPort }}
+          initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+          periodSeconds: {{ .Values.liveness.periodSeconds }}
+        {{ end }}
+        readinessProbe:
+          tcpSocket:
+            port: {{ .Values.service.internalPort }}
+          initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+          periodSeconds: {{ .Values.readiness.periodSeconds }}
+        resources:
+{{ include "common.resources" . }}
+      {{- if .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+      {{- end -}}
+      {{- if .Values.affinity }}
+      affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+      {{- end }}
+
+      # side car containers
+      - name: filebeat-onap
+        image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        volumeMounts:
+        - mountPath: /usr/share/filebeat/filebeat.yml
+          subPath: filebeat.yml
+          name: filebeat-conf
+        - mountPath: /var/log/onap
+          name: {{ include "common.fullname" . }}-logs
+        - mountPath: /usr/share/filebeat/data
+          name: {{ include "common.fullname" . }}-filebeat
+        resources:
+{{ include "common.resources" . }}
+    {{ if .Values.global.installSidecarSecurity }}
+      - name: {{ .Values.global.rproxy.name }}
+        image: "{{ include "common.repository" . }}/{{ .Values.global.rproxy.image }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        env:
+        - name: CONFIG_HOME
+          value: "/opt/app/rproxy/config"
+        - name: KEY_STORE_PASSWORD
+          value: {{ .Values.sidecar.keyStorePassword }}
+        - name: spring_profiles_active
+          value: {{ .Values.global.rproxy.activeSpringProfiles }}
+        volumeMounts:
+        - name: {{ include "common.fullname" . }}-rproxy-config
+          mountPath: /opt/app/rproxy/config/forward-proxy.properties
+          subPath: forward-proxy.properties
+        - name: {{ include "common.fullname" . }}-rproxy-config
+          mountPath: /opt/app/rproxy/config/primary-service.properties
+          subPath: primary-service.properties
+        - name: {{ include "common.fullname" . }}-rproxy-config
+          mountPath: /opt/app/rproxy/config/reverse-proxy.properties
+          subPath: reverse-proxy.properties
+        - name: {{ include "common.fullname" . }}-rproxy-config
+          mountPath: /opt/app/rproxy/config/cadi.properties
+          subPath: cadi.properties
+        - name: {{ include "common.fullname" . }}-rproxy-log-config
+          mountPath: /opt/app/rproxy/config/logback-spring.xml
+          subPath: logback-spring.xml
+        - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
+          mountPath: /opt/app/rproxy/config/auth/uri-authorization.json
+          subPath: uri-authorization.json
+        - name: {{ include "common.fullname" . }}-rproxy-auth-config
+          mountPath: /opt/app/rproxy/config/auth/tomcat_keystore
+          subPath: tomcat_keystore
+        - name: {{ include "common.fullname" . }}-rproxy-auth-config
+          mountPath: /opt/app/rproxy/config/auth/client-cert.p12
+          subPath: client-cert.p12
+        - name: {{ include "common.fullname" . }}-rproxy-auth-config
+          mountPath: /opt/app/rproxy/config/auth/aaf_truststore.jks
+          subPath: aaf_truststore.jks
+        - name: {{ include "common.fullname" . }}-rproxy-security-config
+          mountPath: /opt/app/rproxy/config/security/keyfile
+          subPath: keyfile
+        - name: {{ include "common.fullname" . }}-rproxy-auth-config
+          mountPath: /opt/app/rproxy/config/auth/org.onap.aai.p12
+          subPath: org.onap.aai.p12
+        ports:
+        - containerPort: {{ .Values.global.rproxy.port }}
+
+      - name: {{ .Values.global.fproxy.name }}
+        image: "{{ include "common.repository" . }}/{{ .Values.global.fproxy.image }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        env:
+        - name: CONFIG_HOME
+          value: "/opt/app/fproxy/config"
+        - name: KEY_STORE_PASSWORD
+          value: {{ .Values.sidecar.keyStorePassword }}
+        - name: TRUST_STORE_PASSWORD
+          value: {{ .Values.sidecar.trustStorePassword }}
+        - name: spring_profiles_active
+          value: {{ .Values.global.fproxy.activeSpringProfiles }}
+        volumeMounts:
+        - name: {{ include "common.fullname" . }}-fproxy-config
+          mountPath: /opt/app/fproxy/config/fproxy.properties
+          subPath: fproxy.properties
+        - name: {{ include "common.fullname" . }}-fproxy-log-config
+          mountPath: /opt/app/fproxy/config/logback-spring.xml
+          subPath: logback-spring.xml
+        - name: {{ include "common.fullname" . }}-fproxy-auth-config
+          mountPath: /opt/app/fproxy/config/auth/fproxy_truststore
+          subPath: fproxy_truststore
+        - name: {{ include "common.fullname" . }}-fproxy-auth-config
+          mountPath: /opt/app/fproxy/config/auth/tomcat_keystore
+          subPath: tomcat_keystore
+        - name: {{ include "common.fullname" . }}-fproxy-auth-config
+          mountPath: /opt/app/fproxy/config/auth/client-cert.p12
+          subPath: client-cert.p12
+        ports:
+        - containerPort: {{ .Values.global.fproxy.port }}
+    {{ end }}
+
+      volumes:
+      - name: aai-common-aai-auth-mount
+        secret:
+          secretName: aai-common-aai-auth
+      - name: localtime
+        hostPath:
+          path: /etc/localtime
+      - name: filebeat-conf
+        configMap:
+          name: aai-filebeat
+      - name: {{ include "common.fullname" . }}-logs
+        emptyDir: {}
+      - name: {{ include "common.fullname" . }}-filebeat
+        emptyDir: {}
+      - name: {{ include "common.fullname" . }}-config
+        configMap:
+         name: {{ include "common.fullname" . }}-configmap
+      - name: {{ include "common.fullname" . }}-aaf-properties
+        configMap:
+         name: {{ include "common.fullname" . }}-aaf-props
+      - name: {{ include "common.fullname" . }}-aaf-certs
+        secret:
+         secretName: {{ include "common.fullname" . }}-aaf-keys
+      - name: {{ include "common.fullname" . }}-auth-truststore-sec
+        secret:
+         secretName: aai-common-truststore
+         items:
+          {{ range $job := .Values.global.config.auth.files }}
+           - key: {{ . }}
+             path: {{ . }}
+          {{ end }}
+    {{ if .Values.global.installSidecarSecurity }}
+      - name: {{ include "common.fullname" . }}-aai-policy
+        configMap:
+         name: {{ include "common.fullname" . }}-aai-policy-configmap
+      - name: {{ include "common.fullname" . }}-rproxy-config
+        configMap:
+         name: {{ include "common.fullname" . }}-rproxy-config
+      - name: {{ include "common.fullname" . }}-rproxy-log-config
+        configMap:
+         name: {{ include "common.fullname" . }}-rproxy-log-config
+      - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
+        configMap:
+         name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
+      - name: {{ include "common.fullname" . }}-rproxy-auth-config
+        secret:
+         secretName: {{ include "common.fullname" . }}-rproxy-auth-config
+      - name: {{ include "common.fullname" . }}-rproxy-security-config
+        secret:
+         secretName: {{ include "common.fullname" . }}-rproxy-security-config
+      - name: {{ include "common.fullname" . }}-fproxy-config
+        configMap:
+         name: {{ include "common.fullname" . }}-fproxy-config
+      - name: {{ include "common.fullname" . }}-fproxy-log-config
+        configMap:
+         name: {{ include "common.fullname" . }}-fproxy-log-config
+      - name: {{ include "common.fullname" . }}-fproxy-auth-config
+        secret:
+         secretName: {{ include "common.fullname" . }}-fproxy-auth-config
+    {{ end }}
+      restartPolicy: {{ .Values.restartPolicy }}
+      imagePullSecrets:
+      - name: "{{ include "common.namespace" . }}-docker-registry-key"

diff --git a/kubernetes/aai/components/aai-resources/templates/service.yaml b/kubernetes/aai/components/aai-resources/templates/service.yaml
new file mode 100644 (file)
index 0000000..68d767b
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/templates/service.yaml
@@ -0,0 +1,44 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "common.servicename" . }}
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+  {{if eq .Values.service.type "NodePort" -}}
+  - port: {{ .Values.service.internalPort }}
+    nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+    name: {{ .Values.service.portName }}
+  - port: {{ .Values.service.internalPort2 }}
+    nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
+    name: {{ .Values.service.portName2 }}
+  {{- else -}}
+  - port: {{ .Values.service.internalPort }}
+    name: {{ .Values.service.portName }}
+  - port: {{ .Values.service.internalPort2 }}
+    name: {{ .Values.service.portName2 }}
+  {{- end}}
+  selector:
+    app: {{ include "common.name" . }}
+    release: {{ include "common.release" . }}
+  clusterIP: None

diff --git a/kubernetes/aai/components/aai-resources/values.yaml b/kubernetes/aai/components/aai-resources/values.yaml
new file mode 100644 (file)
index 0000000..4b77e31
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/values.yaml
@@ -0,0 +1,123 @@
+# Copyright (c) 2018 Amdocs, Bell Canada, AT&T
+# Copyright (c) 2020 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Default values for resources.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+global: # global defaults
+  nodePortPrefix: 302
+  readinessImage: onap/oom/readiness:3.0.1
+
+# application image
+repository: nexus3.onap.org:10001
+image: onap/aai-resources:1.7.2
+pullPolicy: Always
+restartPolicy: Always
+flavor: small
+flavorOverride: small
+# default number of instances
+replicaCount: 1
+
+# Configuration for the resources deployment
+config:
+  keycloak:
+    host: localhost
+    port: 8180
+
+  # Specifies crud related operation timeouts and overrides
+  crud:
+    timeout:
+      # Specifies if the timeout for REST GET calls should be enabled
+      enabled: true
+      # Specifies the timeout values for application specific
+      # Its a pipe seperated list where each element before comma represents
+      # the X-FromAppId and the comma after specifies the timeout limit in ms
+      # If the timeout limit is -1 then it means for these apps no timeout
+      appspecific: JUNITTESTAPP1,1|JUNITTESTAPP2,-1|DCAE-CCS,-1|DCAES,-1|AAIRctFeed,-1|NewvceCreator,-1|IANewvceCreator,-1|AAI-CSIOVALS,-1
+      # Specifies what is the maximum timeout limit in milliseconds
+      limit: 100000
+
+  # Specifies configuration for bulk apis
+  bulk:
+    # Specifies for a bulk payload how many transactions in total allowed
+    limit: 30
+    # Specifies if the bulk can be override and if it can the value
+    override: false
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+  initialDelaySeconds: 60
+  periodSeconds: 60
+  # necessary to disable liveness probe when setting breakpoints
+  # in debugger so K8s doesn't restart unresponsive container
+  enabled: false
+
+readiness:
+  initialDelaySeconds: 60
+  periodSeconds: 10
+
+# application configuration
+sidecar:
+  keyStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+  keyManagerPassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+  trustStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+
+service:
+  type: ClusterIP
+  portName: aai-resources-8447
+  internalPort: 8447
+  portName2: aai-resources-5005
+  internalPort2: 5005
+
+ingress:
+  enabled: false
+
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  #
+  # Example:
+  # Configure resource requests and limits
+  # ref: http://kubernetes.io/docs/user-guide/compute-resources/
+  # Minimum memory for development is 2 CPU cores and 4GB memory
+  # Minimum memory for production is 4 CPU cores and 8GB memory
+#resources:
+#  limits:
+#    cpu: 2
+#    memory: 4Gi
+#  requests:
+#    cpu: 2
+#    memory: 4Gi
+resources:
+  small:
+    limits:
+      cpu: 2
+      memory: 4Gi
+    requests:
+      cpu: 1
+      memory: 3Gi
+  large:
+    limits:
+      cpu: 4
+      memory: 8Gi
+    requests:
+      cpu: 2
+      memory: 4Gi
+  unlimited: {}

diff --git a/kubernetes/aai/components/aai-schema-service/.helmignore b/kubernetes/aai/components/aai-schema-service/.helmignore
new file mode 100644 (file)
index 0000000..daebc7d
--- /dev/null
+++ b/kubernetes/aai/components/aai-schema-service/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.\r
+# This supports shell glob matching, relative path matching, and\r
+# negation (prefixed with !). Only one pattern per line.\r
+.DS_Store\r
+# Common VCS dirs\r
+.git/\r
+.gitignore\r
+.bzr/\r
+.bzrignore\r
+.hg/\r
+.hgignore\r
+.svn/\r
+# Common backup files\r
+*.swp\r
+*.bak\r
+*.tmp\r
+*~\r
+# Various IDEs\r
+.project\r
+.idea/\r
+*.tmproj\r

diff --git a/kubernetes/aai/components/aai-schema-service/Chart.yaml b/kubernetes/aai/components/aai-schema-service/Chart.yaml
new file mode 100644 (file)
index 0000000..8894701
--- /dev/null
+++ b/kubernetes/aai/components/aai-schema-service/Chart.yaml
@@ -0,0 +1,19 @@
+# Copyright © 2019 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+apiVersion: v1
+description: ONAP AAI Schema Service
+name: aai-schema-service
+version: 7.0.0

diff --git a/kubernetes/aai/components/aai-schema-service/config/aaiconfig.properties b/kubernetes/aai/components/aai-schema-service/config/aaiconfig.properties
new file mode 100644 (file)
index 0000000..2172d71
--- /dev/null
+++ b/kubernetes/aai/components/aai-schema-service/config/aaiconfig.properties
@@ -0,0 +1,43 @@
+#
+# ============LICENSE_START=======================================================
+# org.onap.aai
+# ================================================================================
+# Copyright © 2019 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+aai.server.url.base=https://aai.{{ include "common.namespace" . }}:8443/aai/
+aai.server.url=https://aai.{{ include "common.namespace" . }}:8443/aai/{{ .Values.global.config.schema.version.api.default }}/
+aai.global.callback.url=https://aai.{{ include "common.namespace" . }}:8443/aai/
+
+{{ if .Values.global.config.basic.auth.enabled }}
+aai.tools.enableBasicAuth=true
+aai.tools.username={{ .Values.global.config.basic.auth.username }}
+aai.tools.password={{ .Values.global.config.basic.auth.passwd }}
+{{ end }}
+
+aai.truststore.filename={{ .Values.global.config.truststore.filename }}
+aai.truststore.passwd.x={{ .Values.global.config.truststore.passwd }}
+aai.keystore.filename={{ .Values.global.config.keystore.filename }}
+aai.keystore.passwd.x={{ .Values.global.config.keystore.passwd }}
+
+aai.default.api.version={{ .Values.global.config.schema.version.api.default }}
+
+aai.logging.trace.enabled=true
+aai.logging.trace.logrequest=false
+aai.logging.trace.logresponse=false
+
+aai.transaction.logging=true
+aai.transaction.logging.get=false
+aai.transaction.logging.post=false

diff --git a/kubernetes/aai/components/aai-schema-service/config/application.properties b/kubernetes/aai/components/aai-schema-service/config/application.properties
new file mode 100644 (file)
index 0000000..a639c41
--- /dev/null
+++ b/kubernetes/aai/components/aai-schema-service/config/application.properties
@@ -0,0 +1,71 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# The following info parameters are being referenced by ajsc6
+info.build.artifact=aai-schema-service
+info.build.name=schema-service
+info.build.description=Schema Service Microservice
+info.build.version=1.1.0
+
+spring.application.name=aai-schema-service
+spring.jersey.type=filter
+
+spring.main.allow-bean-definition-overriding=true
+server.servlet.context-path=/
+
+spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration
+
+spring.jersey.application-path=${schema.uri.base.path}
+server.tomcat.max-threads=200
+server.tomcat.min-Spare-Threads=25
+server.tomcat.max-idle-time=60000
+
+server.local.startpath=aai-schema-service/src/main/resources/
+server.basic.auth.location=${server.local.startpath}/etc/auth/realm.properties
+
+server.port=8452
+server.ssl.enabled-protocols=TLSv1.1,TLSv1.2
+server.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }}
+server.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }})
+server.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.truststore.filename }}
+server.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }})
+server.ssl.client-auth=want
+server.ssl.key-store-type=JKS
+
+schema.configuration.location=N/A
+schema.source.name={{ .Values.global.config.schema.source.name }}
+schema.nodes.location=${server.local.startpath}/schema/${schema.source.name}/oxm/
+schema.edges.location=${server.local.startpath}/schema/${schema.source.name}/dbedgerules/
+schema.query.location=${server.local.startpath}/schema/${schema.source.name}/query/
+
+schema.ingest.file=${server.local.startpath}/application.properties
+
+# Schema Version Related Attributes
+schema.uri.base.path={{ .Values.global.config.schema.uri.base.path }}/schema-service
+# Lists all of the versions in the schema
+schema.version.list={{ .Values.global.config.schema.version.list }}
+# Specifies from which version should the depth parameter to default to zero
+schema.version.depth.start={{ .Values.global.config.schema.version.depth }}
+# Specifies from which version should the related link be displayed in response payload
+schema.version.related.link.start={{ .Values.global.config.schema.version.related.link }}
+
+# Specifies from which version should the client see only the uri excluding host info
+# Before this version server base will also be included
+schema.version.app.root.start={{ .Values.global.config.schema.version.app.root }}
+# Specifies from which version should the namespace be changed
+schema.version.namespace.change.start={{ .Values.global.config.schema.version.namespace.change }}
+# Specifies from which version should the client start seeing the edge label in payload
+schema.version.edge.label.start={{ .Values.global.config.schema.version.edge.label }}
+# Specifies the version that the application should default to
+schema.version.api.default={{ .Values.global.config.schema.version.api.default }}

diff --git a/kubernetes/aai/components/aai-schema-service/config/localhost-access-logback.xml b/kubernetes/aai/components/aai-schema-service/config/localhost-access-logback.xml
new file mode 100644 (file)
index 0000000..447f239
--- /dev/null
+++ b/kubernetes/aai/components/aai-schema-service/config/localhost-access-logback.xml
@@ -0,0 +1,58 @@
+<!--
+    ============LICENSE_START=======================================================
+    org.onap.aai
+    ================================================================================
+    Copyright © 2019 AT&T Intellectual Property. All rights reserved.
+    ================================================================================
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+    ============LICENSE_END=========================================================
+-->
+<configuration>
+       <property name="AJSC_HOME" value="${AJSC_HOME:-.}" />
+       <appender name="ACCESS"
+               class="ch.qos.logback.core.rolling.RollingFileAppender">
+               <file>${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log</file>
+               <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+                       <fileNamePattern>${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log.%d{yyyy-MM-dd}
+                       </fileNamePattern>
+               </rollingPolicy>
+               <encoder class="org.onap.aai.logging.CustomLogPatternLayoutEncoder">
+                       <Pattern>%a %u %z [%t] "%m %U%q" %s %b %y %i{X-TransactionId} %i{X-FromAppId} %i{X-Forwarded-For} %i{X-AAI-SSL-Client-CN} %i{X-AAI-SSL-Client-OU} %i{X-AAI-SSL-Client-O} %i{X-AAI-SSL-Client-L} %i{X-AAI-SSL-Client-ST} %i{X-AAI-SSL-Client-C} %i{X-AAI-SSL-Client-NotBefore} %i{X-AAI-SSL-Client-NotAfter} %i{X-AAI-SSL-Client-DN} %D</Pattern>
+               </encoder>
+       </appender>
+       <appender-ref ref="ACCESS" />
+</configuration>
+
+<!-- 
+%a - Remote IP address
+%A - Local IP address
+%b - Bytes sent, excluding HTTP headers, or '-' if no bytes were sent
+%B - Bytes sent, excluding HTTP headers
+%h - Remote host name
+%H - Request protocol
+%l - Remote logical username from identd (always returns '-')
+%m - Request method
+%p - Local port
+%q - Query string (prepended with a '?' if it exists, otherwise an empty string
+%r - First line of the request
+%s - HTTP status code of the response
+%S - User session ID
+%t - Date and time, in Common Log Format format
+%u - Remote user that was authenticated
+%U - Requested URL path
+%v - Local server name
+%I - current request thread name (can compare later with stacktraces)
+
+%z - Custom pattern that parses the cert for the subject
+%y - Custom pattern determines rest or dme2
+ -->

diff --git a/kubernetes/aai/components/aai-schema-service/config/logback.xml b/kubernetes/aai/components/aai-schema-service/config/logback.xml
new file mode 100644 (file)
index 0000000..9cfffe9
--- /dev/null
+++ b/kubernetes/aai/components/aai-schema-service/config/logback.xml
@@ -0,0 +1,295 @@
+<!--
+
+  ============LICENSE_START=======================================================
+  org.onap.aai
+  ================================================================================
+  Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+  ================================================================================
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+  ============LICENSE_END=========================================================
+
+  ECOMP is a trademark and service mark of AT&T Intellectual Property.
+
+-->
+<configuration scan="true" scanPeriod="60 seconds" debug="false">
+  <statusListener class="ch.qos.logback.core.status.NopStatusListener"/>
+
+  <property resource="application.properties"/>
+
+  <property name="namespace" value="aai-schema-service"/>
+
+  <property name="AJSC_HOME" value="${AJSC_HOME:-.}"/>
+  <property name="logDirectory" value="${AJSC_HOME}/logs"/>
+  <!-- Old patterns
+  <property name="eelfLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%ecompServiceName|%X{partnerName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
+  <property name="eelfAuditLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%ecompServiceName|%X{partnerName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n|\r\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
+  <property name="eelfMetricLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%ecompServiceName|%X{partnerName}|%X{targetEntity}|%X{targetServiceName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{targetVirtualEntity}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
+  //<property name="eelfErrorLogPattern" value="%ecompStartTime|%X{requestId}|%-10t|%ecompServiceName|%X{partnerName}|%X{targetEntity}|%X{targetServiceName}|%ecompErrorCategory|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n|\r\n', '^'}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
+  <property name="eelfErrorLogPattern" value="%ecompStartTime|%X{requestId}|%-10t|%ecompServiceName|%X{partnerName}|%X{targetEntity}|%X{targetServiceName}|%ecompErrorCategory|%ecompResponseCode|%ecompResponseDescription|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
+  <property name="eelfTransLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%ecompServiceName|%X{partnerName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{partnerName}:%m%n"/>
+  -->
+  <property name="p_tim" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}"/>
+  <property name="p_lvl" value="%level"/>
+  <property name="p_log" value="%logger"/>
+  <property name="p_mdc" value="%replace(%replace(%replace(%mdc){'\t','\\\\t'}){'\n', '\\\\n'}){'\\|', '!'}"/>
+  <property name="p_msg" value="%replace(%replace(%msg){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+  <property name="p_exc" value="%replace(%replace(%rootException){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+  <property name="p_mak" value="%replace(%replace(%marker){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+  <property name="p_thr" value="%thread"/>
+  <property name="pattern" value="%nopexception${p_tim}\t${p_thr}\t${p_lvl}\t${p_log}\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n"/>
+  <!-- Patterns from onap demo -->
+  <property name="errorPattern" value="%X{LogTimestamp}|%X{RequestID}|%thread|%replace(%X{ServiceName}){'\\|', '!'}|%X{PartnerName}|%X{TargetEntity}|%replace(%X{TargetServiceName}){'\\|', '!'}|%.-5level|%X{ErrorCode}|%X{ErrorDesc}|%msg%n" />
+  <property name="debugPattern" value="%X{LogTimestamp}|%X{RequestID}|%msg\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t|^%n" />
+
+  <property name="auditPattern" value="%X{EntryTimestamp}|%X{LogTimestamp}|%X{RequestID}|%X{ServiceInstanceID}|%thread||%replace(%X{ServiceName}){'\\|', '!'}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}||||${p_mak}|${p_mdc}|||%msg%n" />
+  <property name="metricPattern" value="%X{InvokeTimestamp}|%X{LogTimestamp}|%X{RequestID}|%X{ServiceInstanceID}|%thread||%replace(%X{ServiceName}){'\\|', '!'}|%X{PartnerName}|%X{TargetEntity}|%replace(%X{TargetServiceName}){'\\|', '!'}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}||||%X{TargetVirtualEntity}|${p_mak}|${p_mdc}|||%msg%n" />
+  <property name="transLogPattern" value="%X{LogTimestamp}|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{RequestID}|%X{ServiceInstanceID}|%-10t|%X{ServerFQDN}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%replace(%replace(%X{ResponseDesc}){'\\|', '!'}){'\r|\n', '^'}|%X{InstanceUUID}|%level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{clientIpAddress}||%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{PartnerName}:%m%n"/>
+
+  <conversionRule conversionWord="clr" converterClass="org.springframework.boot.logging.logback.ColorConverter"/>
+  <conversionRule conversionWord="wex" converterClass="org.springframework.boot.logging.logback.WhitespaceThrowableProxyConverter"/>
+  <conversionRule conversionWord="wEx" converterClass="org.springframework.boot.logging.logback.ExtendedWhitespaceThrowableProxyConverter"/>
+  <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+    <encoder>
+      <pattern>
+        %clr(%d{yyyy-MM-dd HH:mm:ss.SSS}){faint} %clr(${LOG_LEVEL_PATTERN:-%5p}) %clr(${PID:- }){magenta} %clr(---){faint} %clr([%15.15t]){faint} %clr(%-40.40logger{39}){cyan} %clr(:){faint} %m%n${LOG_EXCEPTION_CONVERSION_WORD:-%wEx}
+      </pattern>
+    </encoder>
+  </appender>
+
+  <appender name="SANE" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <file>${logDirectory}/rest/sane.log</file>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/rest/sane.log.%d{yyyy-MM-dd}</fileNamePattern>
+    </rollingPolicy>
+    <encoder>
+      <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n
+      </pattern>
+    </encoder>
+  </appender>
+
+  <appender name="asyncSANE" class="ch.qos.logback.classic.AsyncAppender">
+    <queueSize>1000</queueSize>
+    <includeCallerData>true</includeCallerData>
+    <appender-ref ref="SANE"/>
+  </appender>
+
+  <appender name="METRIC" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <file>${logDirectory}/rest/metrics.log</file>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/rest/metrics.log.%d{yyyy-MM-dd}</fileNamePattern>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${metricPattern}</pattern>
+    </encoder>
+  </appender>
+  <appender name="asyncMETRIC" class="ch.qos.logback.classic.AsyncAppender">
+    <queueSize>1000</queueSize>
+    <includeCallerData>true</includeCallerData>
+    <appender-ref ref="METRIC"/>
+  </appender>
+
+  <appender name="DEBUG"
+        class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <filter class="ch.qos.logback.classic.filter.LevelFilter">
+      <level>DEBUG</level>
+      <onMatch>ACCEPT</onMatch>
+      <onMismatch>DENY</onMismatch>
+    </filter>
+    <file>${logDirectory}/rest/debug.log</file>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/rest/debug.log.%d{yyyy-MM-dd}
+      </fileNamePattern>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${debugPattern}</pattern>
+    </encoder>
+  </appender>
+
+  <appender name="asyncDEBUG" class="ch.qos.logback.classic.AsyncAppender">
+    <queueSize>1000</queueSize>
+    <appender-ref ref="DEBUG"/>
+    <includeCallerData>true</includeCallerData>
+  </appender>
+
+  <appender name="ERROR"
+        class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <file>${logDirectory}/rest/error.log</file>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/rest/error.log.%d{yyyy-MM-dd}
+      </fileNamePattern>
+    </rollingPolicy>
+    <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+      <level>WARN</level>
+    </filter>
+    <encoder>
+      <pattern>${errorPattern}</pattern>
+    </encoder>
+  </appender>
+
+  <appender name="asyncERROR" class="ch.qos.logback.classic.AsyncAppender">
+    <queueSize>1000</queueSize>
+    <appender-ref ref="ERROR"/>
+  </appender>
+
+  <appender name="AUDIT"
+        class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <file>${logDirectory}/rest/audit.log</file>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/rest/audit.log.%d{yyyy-MM-dd}
+      </fileNamePattern>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${auditPattern}</pattern>
+    </encoder>
+  </appender>
+
+  <appender name="asyncAUDIT" class="ch.qos.logback.classic.AsyncAppender">
+    <queueSize>1000</queueSize>
+    <includeCallerData>true</includeCallerData>
+    <appender-ref ref="AUDIT"/>
+  </appender>
+
+  <appender name="translog"
+        class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <filter class="ch.qos.logback.classic.filter.LevelFilter">
+      <level>DEBUG</level>
+      <onMatch>ACCEPT</onMatch>
+      <onMismatch>DENY</onMismatch>
+    </filter>
+    <file>${logDirectory}/rest/translog.log</file>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/rest/translog.log.%d{yyyy-MM-dd}
+      </fileNamePattern>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${transLogPattern}</pattern>
+    </encoder>
+  </appender>
+
+  <appender name="asynctranslog" class="ch.qos.logback.classic.AsyncAppender">
+    <queueSize>1000</queueSize>
+    <includeCallerData>true</includeCallerData>
+    <appender-ref ref="translog"/>
+  </appender>
+
+  <appender name="external"
+        class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+      <level>WARN</level>
+    </filter>
+    <file>${logDirectory}/external/external.log</file>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/external/external.log.%d{yyyy-MM-dd}
+      </fileNamePattern>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${debugPattern}</pattern>
+    </encoder>
+  </appender>
+
+  <appender name="auth"
+        class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+      <level>DEBUG</level>
+    </filter>
+    <file>${logDirectory}/auth/auth.log</file>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/auth/auth.log.%d{yyyy-MM-dd}
+      </fileNamePattern>
+    </rollingPolicy>
+    <encoder>
+      <pattern>%d{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}[%thread] %-5level %logger{1024} - %msg%n</pattern>
+    </encoder>
+  </appender>
+  <appender name="asyncAUTH" class="ch.qos.logback.classic.AsyncAppender">
+    <queueSize>1000</queueSize>
+    <includeCallerData>true</includeCallerData>
+    <appender-ref ref="auth" />
+  </appender>
+
+  <logger name="org.onap.aai" level="DEBUG" additivity="false">
+    <appender-ref ref="asyncDEBUG"/>
+    <appender-ref ref="asyncSANE"/>
+    <appender-ref ref="STDOUT"/>
+  </logger>
+
+  <!-- Spring related loggers -->
+  <logger name="org.springframework" level="WARN"/>
+  <logger name="org.springframework.beans" level="WARN"/>
+  <logger name="org.springframework.web" level="WARN"/>
+  <logger name="com.blog.spring.jms" level="WARN"/>
+  <logger name="com.jayway.jsonpath" level="WARN"/>
+
+  <!-- AJSC related loggers (DME2 Registration, csi logging, restlet, servlet
+    logging) -->
+  <logger name="org.codehaus.groovy" level="WARN"/>
+  <logger name="com.netflix.loadbalancer" level="WARN"/>
+
+  <logger name="org.apache.zookeeper" level="OFF"/>
+
+  <!-- Other Loggers that may help troubleshoot -->
+  <logger name="net.sf" level="WARN"/>
+  <logger name="org.apache.commons.httpclient" level="WARN"/>
+  <logger name="org.apache.commons" level="WARN"/>
+  <logger name="org.apache.coyote" level="WARN"/>
+  <logger name="org.apache.jasper" level="WARN"/>
+
+  <!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging.
+    May aid in troubleshooting) -->
+  <logger name="org.apache.camel" level="WARN"/>
+  <logger name="org.apache.cxf" level="WARN"/>
+  <logger name="org.apache.camel.processor.interceptor" level="WARN"/>
+  <logger name="org.apache.cxf.jaxrs.interceptor" level="WARN"/>
+  <logger name="org.apache.cxf.service" level="WARN"/>
+  <logger name="org.restlet" level="WARN"/>
+  <logger name="org.apache.camel.component.restlet" level="WARN"/>
+
+  <logger name="org.hibernate.validator" level="WARN"/>
+  <logger name="org.hibernate" level="WARN"/>
+  <logger name="org.hibernate.ejb" level="OFF"/>
+
+  <!-- logback internals logging -->
+  <logger name="ch.qos.logback.classic" level="WARN"/>
+  <logger name="ch.qos.logback.core" level="WARN"/>
+
+  <logger name="org.eclipse.jetty" level="WARN"/>
+
+  <logger name="org.onap.aai.aaf.auth" level="DEBUG" additivity="false">
+    <appender-ref ref="asyncAUTH" />
+  </logger>
+  <logger name="org.onap.aai.aailog.logs.AaiScheduledTaskAuditLog" level="INFO">
+    <appender-ref ref="asyncAUDIT"/>
+  </logger>
+
+  <logger name="org.onap.logging.filter.base.AbstractAuditLogFilter" level="INFO">
+    <appender-ref ref="asyncAUDIT"/>
+  </logger>
+
+  <logger name="org.onap.aai.logging.ErrorLogHelper" level="WARN">
+    <appender-ref ref="asyncERROR"/>
+  </logger>
+  <logger name="org.onap.aai.schemaservice.interceptors.post" level="DEBUG" additivity="false">
+    <appender-ref ref="asynctranslog" />
+  </logger>
+
+  <logger name="org.apache" level="OFF"/>
+  <logger name="org.zookeeper" level="OFF"/>
+  <logger name="org.janusgraph" level="WARN"/>
+  <logger name="com.att.aft.dme2" level="WARN"/>
+
+
+  <root level="DEBUG">
+    <appender-ref ref="STDOUT" />
+    <appender-ref ref="external"/>
+  </root>
+</configuration>

diff --git a/kubernetes/aai/components/aai-schema-service/config/realm.properties b/kubernetes/aai/components/aai-schema-service/config/realm.properties
new file mode 100644 (file)
index 0000000..988bb24
--- /dev/null
+++ b/kubernetes/aai/components/aai-schema-service/config/realm.properties
@@ -0,0 +1,22 @@
+AAI:OBF:1gfr1ev31gg7,admin
+MSO:OBF:1jzx1lz31k01,admin
+SDNC:OBF:1itr1i0l1i151isv,admin
+DCAE:OBF:1g8u1f9d1f991g8w,admin
+POLICY:OBF:1mk61i171ima1im41i0j1mko,admin
+ASDC:OBF:1f991j0u1j001f9d,admin
+VID:OBF:1jm91i0v1jl9,admin
+APPC:OBF:1f991ksf1ksf1f9d,admin
+ModelLoader:OBF:1qvu1v2h1sov1sar1wfw1j7j1wg21saj1sov1v1x1qxw,admin
+AaiUI:OBF:1gfr1p571unz1p4j1gg7,admin
+OOF:OBF:1img1ke71ily,admin
+aai@aai.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+so@so.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+sdnc@sdnc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+dcae@dcae.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+policy@policy.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+sdc@sdc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+vid@vid.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+appc@appc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+oof@oof.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+pomba@pomba.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+vfc@vfc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin

diff --git a/kubernetes/aai/components/aai-schema-service/templates/configmap.yaml b/kubernetes/aai/components/aai-schema-service/templates/configmap.yaml
new file mode 100644 (file)
index 0000000..9b7ea73
--- /dev/null
+++ b/kubernetes/aai/components/aai-schema-service/templates/configmap.yaml
@@ -0,0 +1,78 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-log
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "config/logback.xml").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-localhost-access-log-configmap
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "config/localhost-access-logback.xml").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-aaiconfig-configmap
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "config/aaiconfig.properties").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-springapp-configmap
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "config/application.properties").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-realm-configmap
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "config/realm.properties").AsConfig . | indent 2 }}

diff --git a/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml b/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml
new file mode 100644 (file)
index 0000000..c6e8e1b
--- /dev/null
+++ b/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml
@@ -0,0 +1,155 @@
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "common.fullname" . }}
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app: {{ include "common.name" . }}
+  template:
+    metadata:
+      labels:
+        app: {{ include "common.name" . }}
+        release: {{ include "common.release" . }}
+      name: {{ include "common.name" . }}
+      annotations:
+        checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+    spec:
+      containers:
+      - name: {{ include "common.name" . }}
+        image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        env:
+        - name: LOCAL_USER_ID
+          value: {{ .Values.global.config.userId | quote }}
+        - name: LOCAL_GROUP_ID
+          value: {{ .Values.global.config.groupId | quote }}
+        volumeMounts:
+        - mountPath: /etc/localtime
+          name: localtime
+          readOnly: true
+        - mountPath: /opt/app/aai-schema-service/resources/etc/appprops/aaiconfig.properties
+          name: aaiconfig-conf
+          subPath: aaiconfig.properties
+        - mountPath: /opt/aai/logroot/AAI-SS
+          name: {{ include "common.fullname" . }}-logs
+        - mountPath: /opt/app/aai-schema-service/resources/logback.xml
+          name: {{ include "common.fullname" . }}-log-conf
+          subPath: logback.xml
+        - mountPath: /opt/app/aai-schema-service/resources/localhost-access-logback.xml
+          name: localhost-access-log-conf
+          subPath: localhost-access-logback.xml
+        - mountPath: /opt/app/aai-schema-service/resources/etc/auth/realm.properties
+          name: realm-conf
+          subPath: realm.properties
+        - mountPath: /opt/app/aai-schema-service/resources/application.properties
+          name: springapp-conf
+          subPath: application.properties
+          {{ $global := . }}
+          {{ range $job := .Values.global.config.auth.files }}
+        - mountPath: /opt/app/aai-schema-service/resources/etc/auth/{{ . }}
+          name: auth-truststore-sec
+          subPath: {{ . }}
+          {{ end }}
+        ports:
+        - containerPort: {{ .Values.service.internalPort }}
+        - containerPort: {{ .Values.service.internalPort2 }}
+        # disable liveness probe when breakpoints set in debugger
+        # so K8s doesn't restart unresponsive container
+        {{ if .Values.liveness.enabled }}
+        livenessProbe:
+          tcpSocket:
+            port: {{ .Values.service.internalPort }}
+          initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+          periodSeconds: {{ .Values.liveness.periodSeconds }}
+        {{ end }}
+        readinessProbe:
+          tcpSocket:
+            port: {{ .Values.service.internalPort }}
+          initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+          periodSeconds: {{ .Values.readiness.periodSeconds }}
+        resources:
+{{ include "common.resources" . | indent 12 }}
+      {{- if .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+      {{- end -}}
+      {{- if .Values.affinity }}
+      affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+      {{- end }}
+
+      # side car containers
+      - name: filebeat-onap
+        image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        volumeMounts:
+        - mountPath: /usr/share/filebeat/filebeat.yml
+          subPath: filebeat.yml
+          name: filebeat-conf
+        - mountPath: /var/log/onap
+          name: {{ include "common.fullname" . }}-logs
+        - mountPath: /usr/share/filebeat/data
+          name: {{ include "common.fullname" . }}-filebeat
+      volumes:
+      - name: aai-common-aai-auth-mount
+        secret:
+          secretName: aai-common-aai-auth
+      - name: localtime
+        hostPath:
+          path: /etc/localtime
+      - name: filebeat-conf
+        configMap:
+          name: aai-filebeat
+      - name: {{ include "common.fullname" . }}-logs
+        emptyDir: {}
+      - name: {{ include "common.fullname" . }}-filebeat
+        emptyDir: {}
+      - name: {{ include "common.fullname" . }}-log-conf
+        configMap:
+         name: {{ include "common.fullname" . }}-log
+      - name: localhost-access-log-conf
+        configMap:
+         name: {{ include "common.fullname" . }}-localhost-access-log-configmap
+      - name: springapp-conf
+        configMap:
+         name: {{ include "common.fullname" . }}-springapp-configmap
+      - name: aaiconfig-conf
+        configMap:
+         name: {{ include "common.fullname" . }}-aaiconfig-configmap
+      - name: realm-conf
+        configMap:
+         name: {{ include "common.fullname" . }}-realm-configmap
+      - name: auth-truststore-sec
+        secret:
+         secretName: aai-common-truststore
+         items:
+          {{ range $job := .Values.global.config.auth.files }}
+           - key: {{ . }}
+             path: {{ . }}
+          {{ end }}
+      restartPolicy: {{ .Values.restartPolicy }}
+      imagePullSecrets:
+      - name: "{{ include "common.namespace" . }}-docker-registry-key"

diff --git a/kubernetes/aai/components/aai-schema-service/templates/service.yaml b/kubernetes/aai/components/aai-schema-service/templates/service.yaml
new file mode 100644 (file)
index 0000000..68d767b
--- /dev/null
+++ b/kubernetes/aai/components/aai-schema-service/templates/service.yaml
@@ -0,0 +1,44 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "common.servicename" . }}
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+  {{if eq .Values.service.type "NodePort" -}}
+  - port: {{ .Values.service.internalPort }}
+    nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+    name: {{ .Values.service.portName }}
+  - port: {{ .Values.service.internalPort2 }}
+    nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
+    name: {{ .Values.service.portName2 }}
+  {{- else -}}
+  - port: {{ .Values.service.internalPort }}
+    name: {{ .Values.service.portName }}
+  - port: {{ .Values.service.internalPort2 }}
+    name: {{ .Values.service.portName2 }}
+  {{- end}}
+  selector:
+    app: {{ include "common.name" . }}
+    release: {{ include "common.release" . }}
+  clusterIP: None

diff --git a/kubernetes/aai/components/aai-schema-service/values.yaml b/kubernetes/aai/components/aai-schema-service/values.yaml
new file mode 100644 (file)
index 0000000..7c29fd4
--- /dev/null
+++ b/kubernetes/aai/components/aai-schema-service/values.yaml
@@ -0,0 +1,88 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Default values for resources.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+global: # global defaults
+  nodePortPrefix: 302
+
+# application image
+repository: nexus3.onap.org:10001
+image: onap/aai-schema-service:1.7.13
+pullPolicy: Always
+restartPolicy: Always
+flavorOverride: small
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+  initialDelaySeconds: 60
+  periodSeconds: 60
+  # necessary to disable liveness probe when setting breakpoints
+  # in debugger so K8s doesn't restart unresponsive container
+  enabled: false
+
+readiness:
+  initialDelaySeconds: 60
+  periodSeconds: 10
+
+service:
+  type: ClusterIP
+  portName: aai-schema-service-8452
+  internalPort: 8452
+  portName2: aai-schema-service-5005
+  internalPort2: 5005
+
+ingress:
+  enabled: false
+
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  #
+  # Example:
+  # Configure resource requests and limits
+  # ref: http://kubernetes.io/docs/user-guide/compute-resources/
+  # Minimum memory for development is 2 CPU cores and 4GB memory
+  # Minimum memory for production is 4 CPU cores and 8GB memory
+#resources:
+#  limits:
+#    cpu: 2
+#    memory: 4Gi
+#  requests:
+#    cpu: 2
+#    memory: 4Gi
+resources:
+  small:
+    limits:
+      cpu: 2
+      memory: 4Gi
+    requests:
+      cpu: 1
+      memory: 3Gi
+  large:
+    limits:
+      cpu: 4
+      memory: 8Gi
+    requests:
+      cpu: 2
+      memory: 4Gi
+  unlimited: {}

diff --git a/kubernetes/aai/components/aai-search-data/.helmignore b/kubernetes/aai/components/aai-search-data/.helmignore
new file mode 100644 (file)
index 0000000..daebc7d
--- /dev/null
+++ b/kubernetes/aai/components/aai-search-data/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.\r
+# This supports shell glob matching, relative path matching, and\r
+# negation (prefixed with !). Only one pattern per line.\r
+.DS_Store\r
+# Common VCS dirs\r
+.git/\r
+.gitignore\r
+.bzr/\r
+.bzrignore\r
+.hg/\r
+.hgignore\r
+.svn/\r
+# Common backup files\r
+*.swp\r
+*.bak\r
+*.tmp\r
+*~\r
+# Various IDEs\r
+.project\r
+.idea/\r
+*.tmproj\r

diff --git a/kubernetes/aai/components/aai-search-data/Chart.yaml b/kubernetes/aai/components/aai-search-data/Chart.yaml
new file mode 100644 (file)
index 0000000..b05b354
--- /dev/null
+++ b/kubernetes/aai/components/aai-search-data/Chart.yaml
@@ -0,0 +1,18 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP AAI search-data
+name: aai-search-data
+version: 7.0.0

diff --git a/kubernetes/aai/components/aai-search-data/resources/config/analysis-config.json b/kubernetes/aai/components/aai-search-data/resources/config/analysis-config.json
new file mode 100644 (file)
index 0000000..5fc135d
--- /dev/null
+++ b/kubernetes/aai/components/aai-search-data/resources/config/analysis-config.json
@@ -0,0 +1,32 @@
+[\r
+       {\r
+               "name": "whitespace_analyzer", \r
+               "description": "A standard whitespace analyzer.",\r
+               "behaviours": [\r
+                       "Tokenize the text using white space characters as delimeters.",\r
+                       "Convert all characters to lower case.",\r
+                       "Convert all alphanumeric and symbolic Unicode characters above the first 127 ASCII characters into their ASCII equivalents."\r
+               ],\r
+               "tokenizer": "whitespace",\r
+               "filters": [\r
+                       "lowercase",\r
+                       "asciifolding"\r
+               ]\r
+       },\r
+       {\r
+               "name": "ngram_analyzer", \r
+               "description": "An analyzer which performs ngram filtering on the data stream.",\r
+               "behaviours": [\r
+                       "Tokenize the text using white space characters as delimeters.",\r
+                       "Convert all characters to lower case.",\r
+                       "Convert all alphanumeric and symbolic Unicode characters above the first 127 ASCII characters into their ASCII equivalents.",\r
+                       "Apply ngram filtering using the following values for minimum and maximum size in codepoints of a single n-gram: minimum = 1, maximum = 2."\r
+               ],\r
+               "tokenizer": "whitespace",\r
+               "filters": [\r
+                       "lowercase",\r
+                       "asciifolding",\r
+                       "ngram_filter"\r
+               ]\r
+       }\r
+]
\ No newline at end of file

diff --git a/kubernetes/aai/components/aai-search-data/resources/config/auth/search_policy.json b/kubernetes/aai/components/aai-search-data/resources/config/auth/search_policy.json
new file mode 100644 (file)
index 0000000..bbbe52f
--- /dev/null
+++ b/kubernetes/aai/components/aai-search-data/resources/config/auth/search_policy.json
@@ -0,0 +1,18 @@
+{\r
+       "roles": [\r
+               {\r
+                       "name": "admin",\r
+                       "functions": [\r
+                               {\r
+                                       "name": "search", "methods": [ { "name": "GET" },{ "name": "DELETE" }, { "name": "PUT" }, { "name": "POST" } ]\r
+                               }\r
+                       ],\r
+\r
+                       "users": [\r
+                               {\r
+                                       "username": "CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA"\r
+                               }\r
+                       ]\r
+               }               \r
+       ]\r
+}\r

diff --git a/kubernetes/aai/components/aai-search-data/resources/config/auth/tomcat_keystore b/kubernetes/aai/components/aai-search-data/resources/config/auth/tomcat_keystore
new file mode 100644 (file)
index 0000000..e280b31
Binary files /dev/null and b/kubernetes/aai/components/aai-search-data/resources/config/auth/tomcat_keystore differ

diff --git a/kubernetes/aai/components/aai-search-data/resources/config/dynamic-custom-template.json b/kubernetes/aai/components/aai-search-data/resources/config/dynamic-custom-template.json
new file mode 100644 (file)
index 0000000..2dac8f7
--- /dev/null
+++ b/kubernetes/aai/components/aai-search-data/resources/config/dynamic-custom-template.json
@@ -0,0 +1,12 @@
+"dynamic_templates":[  
+   {  
+      "strings":{  
+         "match_mapping_type":"string",
+         "match": "*",
+         "mapping":{
+            "type":"text",
+            "fielddata":true
+         }
+      }
+   }
+],

diff --git a/kubernetes/aai/components/aai-search-data/resources/config/elastic-search.properties b/kubernetes/aai/components/aai-search-data/resources/config/elastic-search.properties
new file mode 100644 (file)
index 0000000..65de20d
--- /dev/null
+++ b/kubernetes/aai/components/aai-search-data/resources/config/elastic-search.properties
@@ -0,0 +1,25 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# ElasticSearch Configuration
+
+es.cluster-name=ES_AAI
+es.ip-address=aai-elasticsearch.{{.Release.Namespace}}
+es.http-port={{ .Values.config.elasticsearchHttpPort }}
+es.uri-scheme=http
+es.auth-user=admin
+es.auth-password=OBF:1u2a1toa1w8v1tok1u30
+es.trust-store=auth/tomcat_keystore
+es.trust-store-password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+

diff --git a/kubernetes/aai/components/aai-search-data/resources/config/es-payload-translation.json b/kubernetes/aai/components/aai-search-data/resources/config/es-payload-translation.json
new file mode 100644 (file)
index 0000000..8a29863
--- /dev/null
+++ b/kubernetes/aai/components/aai-search-data/resources/config/es-payload-translation.json
@@ -0,0 +1,17 @@
+{
+  "attr-translations": [
+    {
+      "query": "$..[?(@.type=='string' && @.index=='analyzed')]",
+      "update": {"type": "text", "index": true, "fielddata": true}
+    },
+    {
+      "query": "$..[?(@.type=='string' && @.index=='not_analyzed')]",
+      "update": {"type": "keyword", "index": true}
+    },
+    {
+      "query": "$..[?(@.type=='string' && !@.index)]",
+      "update": {"type": "text", "fielddata": true}
+    }
+  ]
+}
+

diff --git a/kubernetes/aai/components/aai-search-data/resources/config/filter-config.json b/kubernetes/aai/components/aai-search-data/resources/config/filter-config.json
new file mode 100644 (file)
index 0000000..a27f75b
--- /dev/null
+++ b/kubernetes/aai/components/aai-search-data/resources/config/filter-config.json
@@ -0,0 +1,7 @@
+[\r
+       {\r
+               "name": "ngram_filter",\r
+               "description": "Custom NGram Filter.",\r
+               "configuration": " \"type\": \"nGram\", \"min_gram\": 1, \"max_gram\": 50, \"token_chars\": [ \"letter\", \"digit\", \"punctuation\", \"symbol\" ]"\r
+       }\r
+]
\ No newline at end of file

diff --git a/kubernetes/aai/components/aai-search-data/resources/config/log/logback.xml b/kubernetes/aai/components/aai-search-data/resources/config/log/logback.xml
new file mode 100644 (file)
index 0000000..adfed4a
--- /dev/null
+++ b/kubernetes/aai/components/aai-search-data/resources/config/log/logback.xml
@@ -0,0 +1,193 @@
+<!--
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+-->
+
+<configuration scan="true" scanPeriod="3 seconds" debug="false">
+        <!--<jmxConfigurator /> -->
+        <!-- directory path for all other type logs -->
+
+        <property name="logDir"  value="/var/log/onap" />
+
+
+        <!--  specify the component name
+                       <ECOMP-component-name>::= "MSO" | "DCAE" | "ASDC " | "AAI" |"Policy" | "SDNC" | "AC"  -->
+        <property name="componentName" value="AAI-SDB"></property>
+
+        <!--  default eelf log file names -->
+        <property name="generalLogName" value="error" />
+        <property name="metricsLogName" value="metrics" />
+        <property name="auditLogName" value="audit" />
+        <property name="debugLogName" value="debug" />
+
+        <property name="errorLogPattern" value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{RequestId}|%thread|SearchDataService|%mdc{PartnerName}|%logger||%.-5level|%msg%n" />
+        <property name="auditMetricPattern" value="%m%n" />
+
+        <property name="logDirectory" value="${logDir}/${componentName}" />
+
+        <!-- Example evaluator filter applied against console appender -->
+        <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+                <encoder>
+                        <pattern>${errorLogPattern}</pattern>
+                </encoder>
+        </appender>
+
+        <!-- ============================================================================ -->
+        <!-- EELF Appenders -->
+        <!-- ============================================================================ -->
+
+        <!-- The EELFAppender is used to record events to the general application
+                      log -->
+
+        <appender name="EELF"
+                          class="ch.qos.logback.core.rolling.RollingFileAppender">
+                <file>${logDirectory}/${generalLogName}.log</file>
+                <rollingPolicy
+                                class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+                        <fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.log.zip
+                        </fileNamePattern>
+                        <maxHistory>60</maxHistory>
+                </rollingPolicy>
+                <encoder>
+                        <pattern>${errorLogPattern}</pattern>
+                </encoder>
+        </appender>
+        <appender name="asyncEELF" class="ch.qos.logback.classic.AsyncAppender">
+                <!-- deny all events with a level below INFO, that is TRACE and DEBUG -->
+                <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+                        <level>INFO</level>
+                </filter>
+                <queueSize>256</queueSize>
+                <appender-ref ref="EELF" />
+        </appender>
+
+
+        <!-- EELF Audit Appender. This appender is used to record audit engine
+                      related logging events. The audit logger and appender are specializations
+         of the EELF application root logger and appender. This can be used to segregate
+         Policy engine events from other components, or it can be eliminated to record
+         these events as part of the application root log. -->
+
+        <appender name="EELFAudit"
+                          class="ch.qos.logback.core.rolling.RollingFileAppender">
+                <file>${logDirectory}/${auditLogName}.log</file>
+                <rollingPolicy
+                                class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+                        <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.log.zip
+                        </fileNamePattern>
+                        <maxHistory>60</maxHistory>
+                </rollingPolicy>
+                <encoder>
+                        <pattern>${auditMetricPattern}</pattern>
+                </encoder>
+        </appender>
+        <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">
+                <queueSize>256</queueSize>
+                <appender-ref ref="EELFAudit" />
+        </appender>
+
+        <appender name="EELFMetrics"
+                          class="ch.qos.logback.core.rolling.RollingFileAppender">
+                <file>${logDirectory}/${metricsLogName}.log</file>
+                <rollingPolicy
+                                class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+                        <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.log.zip
+                        </fileNamePattern>
+                        <maxHistory>60</maxHistory>
+                </rollingPolicy>
+                <encoder>
+                        <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} -
+                                              %msg%n"</pattern> -->
+                        <pattern>${auditMetricPattern}</pattern>
+                </encoder>
+        </appender>
+
+
+        <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
+                <queueSize>256</queueSize>
+                <appender-ref ref="EELFMetrics"/>
+        </appender>
+
+        <appender name="EELFDebug"
+                          class="ch.qos.logback.core.rolling.RollingFileAppender">
+                <file>${logDirectory}/${debugLogName}.log</file>
+                <rollingPolicy
+                                class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+                        <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.log.zip
+                        </fileNamePattern>
+                        <maxHistory>60</maxHistory>
+                </rollingPolicy>
+                <encoder>
+                        <pattern>${errorLogPattern}</pattern>
+                </encoder>
+        </appender>
+
+        <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
+                <queueSize>256</queueSize>
+                <appender-ref ref="EELFDebug" />
+                <includeCallerData>false</includeCallerData>
+        </appender>
+
+
+        <!-- ============================================================================ -->
+        <!--  EELF loggers -->
+        <!-- ============================================================================ -->
+        <logger name="com.att.eelf" level="info" additivity="false">
+                <appender-ref ref="asyncEELF" />
+                <appender-ref ref="asyncEELFDebug" />
+        </logger>
+
+        <logger name="com.att.eelf.audit" level="info" additivity="false">
+                <appender-ref ref="asyncEELFAudit" />
+        </logger>
+        <logger name="com.att.eelf.metrics" level="info" additivity="false">
+                <appender-ref ref="asyncEELFMetrics" />
+        </logger>
+
+        <!-- Spring related loggers -->
+        <logger name="org.springframework" level="WARN" />
+        <logger name="org.springframework.beans" level="WARN" />
+        <logger name="org.springframework.web" level="WARN" />
+        <logger name="com.blog.spring.jms" level="WARN" />
+
+        <!-- SearchDB loggers -->
+        <logger name="org.openecomp.sa" level="INFO" />
+
+        <!-- Other Loggers that may help troubleshoot -->
+        <logger name="net.sf" level="WARN" />
+        <logger name="org.apache.commons.httpclient" level="WARN" />
+        <logger name="org.apache.commons" level="WARN" />
+        <logger name="org.apache.coyote" level="WARN" />
+        <logger name="org.apache.jasper" level="WARN" />
+
+        <!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging.
+                      May aid in troubleshooting) -->
+        <logger name="org.apache.camel" level="WARN" />
+        <logger name="org.apache.cxf" level="WARN" />
+        <logger name="org.apache.camel.processor.interceptor" level="WARN" />
+        <logger name="org.apache.cxf.jaxrs.interceptor" level="WARN" />
+        <logger name="org.apache.cxf.service" level="WARN" />
+        <logger name="org.restlet" level="WARN" />
+        <logger name="org.apache.camel.component.restlet" level="WARN" />
+
+        <!-- logback internals logging -->
+        <logger name="ch.qos.logback.classic" level="WARN" />
+        <logger name="ch.qos.logback.core" level="WARN" />
+
+        <root>
+                <appender-ref ref="asyncEELF" />
+                <!-- <appender-ref ref="asyncEELFDebug" /> -->
+        </root>
+
+</configuration>

diff --git a/kubernetes/aai/components/aai-search-data/resources/fproxy/config/fproxy.properties b/kubernetes/aai/components/aai-search-data/resources/fproxy/config/fproxy.properties
new file mode 100644 (file)
index 0000000..f512fb7
--- /dev/null
+++ b/kubernetes/aai/components/aai-search-data/resources/fproxy/config/fproxy.properties
@@ -0,0 +1,2 @@
+credential.cache.timeout.ms=180000
+transactionid.header.name=X-TransactionId
\ No newline at end of file

diff --git a/kubernetes/aai/components/aai-search-data/resources/fproxy/config/logback-spring.xml b/kubernetes/aai/components/aai-search-data/resources/fproxy/config/logback-spring.xml
new file mode 100644 (file)
index 0000000..edac199
--- /dev/null
+++ b/kubernetes/aai/components/aai-search-data/resources/fproxy/config/logback-spring.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+
+    <property name="LOGS" value="./logs/AAF-FPS" />
+    <property name="FILEPREFIX" value="application" />
+
+    <appender name="Console"
+        class="ch.qos.logback.core.ConsoleAppender">
+        <layout class="ch.qos.logback.classic.PatternLayout">
+            <Pattern>
+                %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
+            </Pattern>
+        </layout>
+    </appender>
+
+    <appender name="RollingFile"
+        class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>${LOGS}/${FILEPREFIX}.log</file>
+        <encoder
+            class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
+            <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
+        </encoder>
+
+        <rollingPolicy
+            class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+            <!-- rollover daily and when the file reaches 10 MegaBytes -->
+            <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
+            </fileNamePattern>
+            <timeBasedFileNamingAndTriggeringPolicy
+                class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
+                <maxFileSize>10MB</maxFileSize>
+            </timeBasedFileNamingAndTriggeringPolicy>
+        </rollingPolicy>
+    </appender>
+
+    <!-- LOG everything at INFO level -->
+    <root level="debug">
+        <appender-ref ref="RollingFile" />
+        <appender-ref ref="Console" />
+    </root>
+
+    <!-- LOG "com.baeldung*" at TRACE level -->
+    <logger name="org.onap.aaf.fproxy" level="trace" additivity="false">
+        <appender-ref ref="RollingFile" />
+        <appender-ref ref="Console" />
+    </logger>
+
+</configuration>

diff --git a/kubernetes/aai/components/aai-search-data/resources/fproxy/config/readme.txt b/kubernetes/aai/components/aai-search-data/resources/fproxy/config/readme.txt
new file mode 100644 (file)
index 0000000..79cf29e
--- /dev/null
+++ b/kubernetes/aai/components/aai-search-data/resources/fproxy/config/readme.txt
@@ -0,0 +1 @@
+Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file

diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/auth/uri-authorization.json b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/auth/uri-authorization.json
new file mode 100644 (file)
index 0000000..595d484
--- /dev/null
+++ b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/auth/uri-authorization.json
@@ -0,0 +1,11 @@
+[
+  {
+    "uri": "\/services\/search-data-service\/.*",
+    "method": "GET|PUT|POST|DELETE",
+    "permissions": [
+      "org\\.onap\\.aai\\.resources\\|\\*\\|.*"
+     ]
+  }
+
+
+]

diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/cadi.properties b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/cadi.properties
new file mode 100644 (file)
index 0000000..4980071
--- /dev/null
+++ b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/cadi.properties
@@ -0,0 +1,39 @@
+# This is a normal Java Properties File
+# Comments are with Pound Signs at beginning of lines,
+# and multi-line expression of properties can be obtained by backslash at end of line
+
+#hostname is used for local testing where you may have to set your hostname to **.att.com or **.sbc.com. The example given below
+#will allow for an ATT cross domain cookie to be used for GLO. If you are running on Windows corp machine, your machine name 
+#may be used automatically by cadi. However, if it is not, you will need to use hostname=mywebserver.att.com and add mywebserver.att.com
+#to your hosts file on your machine.
+#hostname=test.aic.cip.att.com
+
+cadi_loglevel=DEBUG
+
+# OAuth2
+aaf_oauth2_token_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.token:2.1/token
+aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.introspect:2.1/introspect
+
+cadi_latitude=37.78187
+cadi_longitude=-122.26147
+
+# Locate URL (which AAF Env)
+aaf_locate_url=https://aaf-locate.{{.Release.Namespace}}:8095
+
+# AAF URL
+aaf_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1
+
+cadi_keyfile=/opt/app/rproxy/config/security/keyfile
+cadi_keystore=/opt/app/rproxy/config/auth/org.onap.aai.p12
+cadi_keystore_password=enc:383RDJRFA6yQz9AOxUxC1iIg3xTJXityw05MswnpnEtelRQy2D4r5INQjrea7GTV
+cadi_alias=aai@aai.onap.org
+cadi_truststore=/opt/app/rproxy/config/auth/tomcat_keystore
+cadi_truststore_password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+
+aaf_env=DEV
+
+aaf_id=demo@people.osaaf.org
+aaf_password=enc:92w4px0y_rrm265LXLpw58QnNPgDXykyA1YTrflbAKz
+
+# This is a colon separated list of client cert issuers
+cadi_x509_issuers=CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA

diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/forward-proxy.properties b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/forward-proxy.properties
new file mode 100644 (file)
index 0000000..55a9b48
--- /dev/null
+++ b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/forward-proxy.properties
@@ -0,0 +1,4 @@
+forward-proxy.protocol = https
+forward-proxy.host = localhost
+forward-proxy.port = 10680
+forward-proxy.cacheurl = /credential-cache

diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/logback-spring.xml b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/logback-spring.xml
new file mode 100644 (file)
index 0000000..289fe75
--- /dev/null
+++ b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/logback-spring.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+
+    <property name="LOGS" value="./logs/reverse-proxy" />
+    <property name="FILEPREFIX" value="application" />
+
+    <appender name="Console"
+        class="ch.qos.logback.core.ConsoleAppender">
+        <layout class="ch.qos.logback.classic.PatternLayout">
+            <Pattern>
+                %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
+            </Pattern>
+        </layout>
+    </appender>
+
+    <appender name="RollingFile"
+        class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>${LOGS}/${FILEPREFIX}.log</file>
+        <encoder
+            class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
+            <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
+        </encoder>
+
+        <rollingPolicy
+            class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+            <!-- rollover daily and when the file reaches 10 MegaBytes -->
+            <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
+            </fileNamePattern>
+            <timeBasedFileNamingAndTriggeringPolicy
+                class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
+                <maxFileSize>10MB</maxFileSize>
+            </timeBasedFileNamingAndTriggeringPolicy>
+        </rollingPolicy>
+    </appender>
+
+    <!-- LOG everything at INFO level -->
+    <root level="debug">
+        <appender-ref ref="RollingFile" />
+        <appender-ref ref="Console" />
+    </root>
+
+    <!-- LOG "com.baeldung*" at TRACE level  -->
+    <logger name="org.onap.aaf.rproxy" level="trace" additivity="false">
+        <appender-ref ref="RollingFile" />
+        <appender-ref ref="Console" />
+    </logger>
+
+</configuration>

diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/primary-service.properties b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/primary-service.properties
new file mode 100644 (file)
index 0000000..5fddcb2
--- /dev/null
+++ b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/primary-service.properties
@@ -0,0 +1,3 @@
+primary-service.protocol = https
+primary-service.host = localhost
+primary-service.port = 9509

diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/readme.txt b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/readme.txt
new file mode 100644 (file)
index 0000000..79cf29e
--- /dev/null
+++ b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/readme.txt
@@ -0,0 +1 @@
+Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file

diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/reverse-proxy.properties b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/reverse-proxy.properties
new file mode 100644 (file)
index 0000000..8d46e1f
--- /dev/null
+++ b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/reverse-proxy.properties
@@ -0,0 +1 @@
+transactionid.header.name=X-TransactionId
\ No newline at end of file

diff --git a/kubernetes/aai/components/aai-search-data/templates/configmap.yaml b/kubernetes/aai/components/aai-search-data/templates/configmap.yaml
new file mode 100644 (file)
index 0000000..0ef6aa9
--- /dev/null
+++ b/kubernetes/aai/components/aai-search-data/templates/configmap.yaml
@@ -0,0 +1,83 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-service-log
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/log/logback.xml").AsConfig . | indent 2 }}
+
+{{ if .Values.global.installSidecarSecurity }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-fproxy-config
+  namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/fproxy/config/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-fproxy-log-config
+  namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/fproxy/config/logback-spring.xml").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-rproxy-config
+  namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-rproxy-log-config
+  namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/logback-spring.xml").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
+  namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/auth/uri-authorization.json").AsConfig . | indent 2 }}
+{{ end }}
+

diff --git a/kubernetes/aai/components/aai-search-data/templates/deployment.yaml b/kubernetes/aai/components/aai-search-data/templates/deployment.yaml
new file mode 100644 (file)
index 0000000..83e8f1f
--- /dev/null
+++ b/kubernetes/aai/components/aai-search-data/templates/deployment.yaml
@@ -0,0 +1,259 @@
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "common.fullname" . }}
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app: {{ include "common.name" . }}
+  template:
+    metadata:
+      labels:
+        app: {{ include "common.name" . }}
+        release: {{ include "common.release" . }}
+      name: {{ include "common.name" . }}
+    spec:
+    {{ if .Values.global.installSidecarSecurity }}
+      initContainers:
+        - name: {{ .Values.global.tproxyConfig.name }}
+          image: "{{ include "common.repository" . }}/{{ .Values.global.tproxyConfig.image }}"
+          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          securityContext:
+            privileged: true
+    {{ end }}
+      containers:
+      - name: {{ include "common.name" . }}
+        image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        env:
+        - name: CONFIG_HOME
+          value: /opt/app/search-data-service/config/
+        - name: KEY_STORE_PASSWORD
+          value: {{ .Values.config.keyStorePassword }}
+        - name: KEY_MANAGER_PASSWORD
+          value: {{ .Values.config.keyManagerPassword }}
+        volumeMounts:
+        - mountPath: /etc/localtime
+          name: localtime
+          readOnly: true
+        - mountPath: /opt/app/search-data-service/config/filter-config.json
+          subPath: filter-config.json
+          name: {{ include "common.fullname" . }}-service-config
+        - mountPath: /opt/app/search-data-service/config/elastic-search.properties
+          subPath: elastic-search.properties
+          name: {{ include "common.fullname" . }}-service-config
+        - mountPath: /opt/app/search-data-service/config/analysis-config.json
+          subPath: analysis-config.json
+          name: {{ include "common.fullname" . }}-service-config
+        - mountPath: /opt/app/search-data-service/config/es-payload-translation.json
+          subPath: es-payload-translation.json
+          name: {{ include "common.fullname" . }}-service-config
+        - mountPath: /opt/app/search-data-service/config/dynamic-custom-template.json
+          subPath: dynamic-custom-template.json
+          name: {{ include "common.fullname" . }}-service-config
+        - mountPath: /opt/app/search-data-service/config/auth/tomcat_keystore
+          subPath: tomcat_keystore
+          name: {{ include "common.fullname" . }}-service-auth-config
+        - mountPath: /opt/app/search-data-service/config/auth/search_policy.json
+          subPath: search_policy.json
+          name: {{ include "common.fullname" . }}-search-policy-config
+        - mountPath: /var/log/onap
+          name: {{ include "common.fullname" . }}-service-logs
+        - mountPath: /opt/app/search-data-service/bundleconfig/etc/logback.xml
+          name: {{ include "common.fullname" . }}-service-log-conf
+          subPath: logback.xml
+        ports:
+        - containerPort: {{ .Values.service.internalPort }}
+        # disable liveness probe when breakpoints set in debugger
+        # so K8s doesn't restart unresponsive container
+        {{- if eq .Values.liveness.enabled true }}
+        livenessProbe:
+          tcpSocket:
+            port: {{ .Values.service.internalPort }}
+          initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+          periodSeconds: {{ .Values.liveness.periodSeconds }}
+        {{ end -}}
+        readinessProbe:
+          tcpSocket:
+            port: {{ .Values.service.internalPort }}
+          initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+          periodSeconds: {{ .Values.readiness.periodSeconds }}
+        resources:
+{{ include "common.resources" . }}
+      {{- if .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+      {{- end -}}
+      {{- if .Values.affinity }}
+      affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+      {{- end }}
+
+      # side car containers
+      - name: filebeat-onap
+        image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        volumeMounts:
+        - mountPath: /usr/share/filebeat/filebeat.yml
+          subPath: filebeat.yml
+          name: filebeat-conf
+        - mountPath: /var/log/onap
+          name: {{ include "common.fullname" . }}-service-logs
+        - mountPath: /usr/share/filebeat/data
+          name: {{ include "common.fullname" . }}-service-filebeat
+
+    {{ if .Values.global.installSidecarSecurity }}
+      - name: {{ .Values.global.rproxy.name }}
+        image: "{{ include "common.repository" . }}/{{ .Values.global.rproxy.image }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        env:
+        - name: CONFIG_HOME
+          value: "/opt/app/rproxy/config"
+        - name: KEY_STORE_PASSWORD
+          value: {{ .Values.config.keyStorePassword }}
+        - name: spring_profiles_active
+          value: {{ .Values.global.rproxy.activeSpringProfiles }}
+        volumeMounts:
+        - name: {{ include "common.fullname" . }}-rproxy-config
+          mountPath: /opt/app/rproxy/config/forward-proxy.properties
+          subPath: forward-proxy.properties
+        - name: {{ include "common.fullname" . }}-rproxy-config
+          mountPath: /opt/app/rproxy/config/primary-service.properties
+          subPath: primary-service.properties
+        - name: {{ include "common.fullname" . }}-rproxy-config
+          mountPath: /opt/app/rproxy/config/reverse-proxy.properties
+          subPath: reverse-proxy.properties
+        - name: {{ include "common.fullname" . }}-rproxy-config
+          mountPath: /opt/app/rproxy/config/cadi.properties
+          subPath: cadi.properties
+        - name: {{ include "common.fullname" . }}-rproxy-log-config
+          mountPath: /opt/app/rproxy/config/logback-spring.xml
+          subPath: logback-spring.xml
+        - name: {{ include "common.fullname" . }}-rproxy-auth-certs
+          mountPath: /opt/app/rproxy/config/auth/tomcat_keystore
+          subPath: tomcat_keystore
+        - name: {{ include "common.fullname" . }}-rproxy-auth-certs
+          mountPath: /opt/app/rproxy/config/auth/client-cert.p12
+          subPath: client-cert.p12
+        - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
+          mountPath: /opt/app/rproxy/config/auth/uri-authorization.json
+          subPath: uri-authorization.json
+        - name: {{ include "common.fullname" . }}-rproxy-auth-certs
+          mountPath: /opt/app/rproxy/config/auth/org.onap.aai.p12
+          subPath: org.onap.aai.p12
+        - name: {{ include "common.fullname" . }}-rproxy-security-config
+          mountPath: /opt/app/rproxy/config/security/keyfile
+          subPath: keyfile
+
+        ports:
+        - containerPort: {{ .Values.global.rproxy.port }}
+
+      - name: {{ .Values.global.fproxy.name }}
+        image: "{{ include "common.repository" . }}/{{ .Values.global.fproxy.image }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        env:
+        - name: CONFIG_HOME
+          value: "/opt/app/fproxy/config"
+        - name: KEY_STORE_PASSWORD
+          value: {{ .Values.config.keyStorePassword }}
+        - name: TRUST_STORE_PASSWORD
+          value: {{ .Values.config.trustStorePassword }}
+        - name: spring_profiles_active
+          value: {{ .Values.global.fproxy.activeSpringProfiles }}
+        volumeMounts:
+        - name: {{ include "common.fullname" . }}-fproxy-config
+          mountPath: /opt/app/fproxy/config/fproxy.properties
+          subPath: fproxy.properties
+        - name: {{ include "common.fullname" . }}-fproxy-log-config
+          mountPath: /opt/app/fproxy/config/logback-spring.xml
+          subPath: logback-spring.xml
+        - name: {{ include "common.fullname" . }}-fproxy-auth-certs
+          mountPath: /opt/app/fproxy/config/auth/fproxy_truststore
+          subPath: fproxy_truststore
+        - name: {{ include "common.fullname" . }}-fproxy-auth-certs
+          mountPath: /opt/app/fproxy/config/auth/tomcat_keystore
+          subPath: tomcat_keystore
+        - name: {{ include "common.fullname" . }}-fproxy-auth-certs
+          mountPath: /opt/app/fproxy/config/auth/client-cert.p12
+          subPath: client-cert.p12
+        ports:
+        - containerPort: {{ .Values.global.fproxy.port }}
+    {{ end }}
+
+      volumes:
+      - name: localtime
+        hostPath:
+          path: /etc/localtime
+      - name: {{ include "common.fullname" . }}-service-config
+        configMap:
+          name: {{ include "common.fullname" . }}
+      - name: {{ include "common.fullname" . }}-service-auth-config
+        secret:
+          secretName: {{ include "common.fullname" . }}-keystone
+      - name: {{ include "common.fullname" . }}-search-policy-config
+        secret:
+          secretName: {{ include "common.fullname" . }}-policy
+      - name: filebeat-conf
+        configMap:
+          name: aai-filebeat
+      - name: {{ include "common.fullname" . }}-service-logs
+        emptyDir: {}
+      - name: {{ include "common.fullname" . }}-service-filebeat
+        emptyDir: {}
+      - name: {{ include "common.fullname" . }}-service-log-conf
+        configMap:
+         name: {{ include "common.fullname" . }}-service-log
+    {{ if .Values.global.installSidecarSecurity }}
+      - name: {{ include "common.fullname" . }}-rproxy-config
+        configMap:
+          name: {{ include "common.fullname" . }}-rproxy-config
+      - name: {{ include "common.fullname" . }}-rproxy-log-config
+        configMap:
+          name: {{ include "common.fullname" . }}-rproxy-log-config
+      - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
+        configMap:
+          name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
+      - name: {{ include "common.fullname" . }}-rproxy-auth-config
+        secret:
+          secretName: {{ include "common.fullname" . }}-rproxy-auth-config
+      - name: {{ include "common.fullname" . }}-rproxy-auth-certs
+        secret:
+          secretName: aai-rproxy-auth-certs
+      - name: {{ include "common.fullname" . }}-rproxy-security-config
+        secret:
+          secretName: aai-rproxy-security-config
+      - name: {{ include "common.fullname" . }}-fproxy-config
+        configMap:
+          name: {{ include "common.fullname" . }}-fproxy-config
+      - name: {{ include "common.fullname" . }}-fproxy-log-config
+        configMap:
+          name: {{ include "common.fullname" . }}-fproxy-log-config
+      - name: {{ include "common.fullname" . }}-fproxy-auth-certs
+        secret:
+          secretName: aai-fproxy-auth-certs
+    {{ end }}
+      restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }}
+      imagePullSecrets:
+      - name: "{{ include "common.namespace" . }}-docker-registry-key"

diff --git a/kubernetes/aai/components/aai-search-data/templates/secret.yaml b/kubernetes/aai/components/aai-search-data/templates/secret.yaml
new file mode 100644 (file)
index 0000000..1ae4f4d
--- /dev/null
+++ b/kubernetes/aai/components/aai-search-data/templates/secret.yaml
@@ -0,0 +1,53 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "common.fullname" . }}-keystone
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/config/auth/tomcat_keystore").AsSecrets . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "common.fullname" . }}-policy
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/auth/search_policy.json").AsSecrets . | indent 2 }}
+
+{{ if .Values.global.installSidecarSecurity }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "common.fullname" . }}-rproxy-auth-config
+  namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/auth/*").AsSecrets . | indent 2 }}
+{{ end }}
+

diff --git a/kubernetes/aai/components/aai-search-data/templates/service.yaml b/kubernetes/aai/components/aai-search-data/templates/service.yaml
new file mode 100644 (file)
index 0000000..8898079
--- /dev/null
+++ b/kubernetes/aai/components/aai-search-data/templates/service.yaml
@@ -0,0 +1,53 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "common.servicename" . }}
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+ {{ if .Values.global.installSidecarSecurity }}
+      {{if eq .Values.service.type "NodePort" -}}
+      - port: {{ .Values.service.internalPort }}
+        nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+        targetPort: {{ .Values.global.rproxy.port }}
+        name: {{ .Values.service.portName }}
+      {{- else -}}
+      - port: {{ .Values.service.externalPort }}
+        targetPort: {{ .Values.global.rproxy.port }}
+        name: {{ .Values.service.portName }}
+      {{- end}}
+  {{ else }}
+
+  {{if eq .Values.service.type "NodePort" -}}
+  - port: {{ .Values.service.internalPort }}
+    nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+    name: {{ .Values.service.portName }}
+  {{- else -}}
+  - port: {{ .Values.service.internalPort }}
+    name: {{ .Values.service.portName }}
+  {{- end}}
+{{ end }}
+  selector:
+    app: {{ include "common.name" . }}
+    release: {{ include "common.release" . }}
+  clusterIP: None

diff --git a/kubernetes/aai/components/aai-search-data/values.yaml b/kubernetes/aai/components/aai-search-data/values.yaml
new file mode 100644 (file)
index 0000000..a8089d6
--- /dev/null
+++ b/kubernetes/aai/components/aai-search-data/values.yaml
@@ -0,0 +1,78 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Default values for search-data.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+global: # global defaults
+  nodePortPrefix: 302
+
+
+# application image
+repository: nexus3.onap.org:10001
+image: onap/search-data-service:1.6.2
+pullPolicy: Always
+restartPolicy: Always
+flavor: small
+flavorOverride: small
+# application configuration
+config:
+  elasticsearchHttpPort: 9200
+  keyStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+  keyManagerPassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+  trustStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+  initialDelaySeconds: 10
+  periodSeconds: 10
+  # necessary to disable liveness probe when setting breakpoints
+  # in debugger so K8s doesn't restart unresponsive container
+  enabled: true
+
+readiness:
+  initialDelaySeconds: 10
+  periodSeconds: 10
+
+service:
+  type: ClusterIP
+  portName: aai-search-data
+  internalPort: 9509
+
+ingress:
+  enabled: false
+
+resources:
+  small:
+    limits:
+      cpu: 2
+      memory: 4Gi
+    requests:
+      cpu: 0.25
+      memory: 750Mi
+  large:
+    limits:
+      cpu: 4
+      memory: 8Gi
+    requests:
+      cpu: 0.5
+      memory: 1Gi
+  unlimited: {}

diff --git a/kubernetes/aai/components/aai-sparky-be/.helmignore b/kubernetes/aai/components/aai-sparky-be/.helmignore
new file mode 100644 (file)
index 0000000..daebc7d
--- /dev/null
+++ b/kubernetes/aai/components/aai-sparky-be/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.\r
+# This supports shell glob matching, relative path matching, and\r
+# negation (prefixed with !). Only one pattern per line.\r
+.DS_Store\r
+# Common VCS dirs\r
+.git/\r
+.gitignore\r
+.bzr/\r
+.bzrignore\r
+.hg/\r
+.hgignore\r
+.svn/\r
+# Common backup files\r
+*.swp\r
+*.bak\r
+*.tmp\r
+*~\r
+# Various IDEs\r
+.project\r
+.idea/\r
+*.tmproj\r

diff --git a/kubernetes/aai/components/aai-sparky-be/Chart.yaml b/kubernetes/aai/components/aai-sparky-be/Chart.yaml
new file mode 100644 (file)
index 0000000..a817934
--- /dev/null
+++ b/kubernetes/aai/components/aai-sparky-be/Chart.yaml
@@ -0,0 +1,18 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP AAI sparky-be
+name: aai-sparky-be
+version: 7.0.0

diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-default.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-default.properties
new file mode 100644 (file)
index 0000000..67a22f7
--- /dev/null
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-default.properties
@@ -0,0 +1,16 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+oxm.apiVersion=v14
+oxm.apiVersionList=v8,v9,v10,v11,v12,v13,v14
\ No newline at end of file

diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-override.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-override.properties
new file mode 100644 (file)
index 0000000..5c733e8
--- /dev/null
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-override.properties
@@ -0,0 +1,16 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+oxm.apiVersionOverride=v14
+oxm.apiVersionList=v8,v9,v10,v11,v12,v13,v14
\ No newline at end of file

diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-schema-prod.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-schema-prod.properties
new file mode 100644 (file)
index 0000000..c7f6bbc
--- /dev/null
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-schema-prod.properties
@@ -0,0 +1,28 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+oxm.schemaNodeDir=/opt/app/sparky/onap/oxm
+#schemaServiceTranslator is used to define whether to retreive the oxm from schema service microservice or read from the disk, possible values are schema-service/config 
+oxm.schemaServiceTranslatorList=config
+# The end point for onap is https://<hostname>:<port>/onap/schema-service/v1/
+oxm.schemaServiceBaseUrl=https://<schema-service/config>/aai/schema-service/v1/
+oxm.schemaServiceKeystore=file:${CONFIG_HOME}/auth/aai-client-cert.p12
+oxm.schemaServiceTruststore=file:${CONFIG_HOME}/auth/tomcat_keystore
+oxm.schemaServiceKeystorePassword=OBF:1i9a1u2a1unz1lr61wn51wn11lss1unz1u301i6o
+oxm.schemaServiceTruststorePassword=OBF:1i9a1u2a1unz1lr61wn51wn11lss1unz1u301i6o
+
+
+
+# Schema Service need this variable for the time being
+spring.applicationName=sparky

diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application-resources.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application-resources.properties
new file mode 100644 (file)
index 0000000..cdd3d48
--- /dev/null
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application-resources.properties
@@ -0,0 +1,20 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+resources.hostname=aai
+resources.port=8443
+resources.authType=SSL_BASIC
+resources.basicAuthUserName=aai@aai.onap.org
+resources.basicAuthPassword=1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek
+resources.trust-store=tomcat_keystore

diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application-ssl.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application-ssl.properties
new file mode 100644 (file)
index 0000000..50e8432
--- /dev/null
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application-ssl.properties
@@ -0,0 +1,20 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+server.port=8000
+server.ssl.key-store=file:${CONFIG_HOME}/auth/org.onap.aai.p12
+server.ssl.key-store-password=OBF:1cqc1l4h1qhu1j751p3j1kmy1ncw1o6g1hf418571g7i1d9r1dan1ga8185f1hfy1o461ncu1kjo1p671j7x1qjg1l8t1cne
+server.ssl.enabled-protocols=TLSv1.1,TLSv1.2
+server.ssl.trust-store=file:${CONFIG_HOME}/auth/truststoreONAPall.jks
+server.ssl.trust-store-password=OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0

diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application-sync.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application-sync.properties
new file mode 100644 (file)
index 0000000..4fb10a2
--- /dev/null
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application-sync.properties
@@ -0,0 +1,6 @@
+aggregationSyncEnabled=true
+historicalEntitySyncEnabled=true
+autoSuggestSyncEnabled=true
+vnfAliasSyncEnabled=true
+geoSyncEnabled=true
+viewInspectSyncEnabled=true
\ No newline at end of file

diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application.properties
new file mode 100644 (file)
index 0000000..108f9ef
--- /dev/null
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application.properties
@@ -0,0 +1,35 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#
+# disable the default thyme leaf icon on web-pages
+#
+spring.mvc.favicon.enabled=false
+
+#
+# to switch to http, remove ssl and put http
+# and in the values.yaml change the internalPort to 9517
+#
+
+spring.profiles.active=camel,ssl,fe-prod,oxm-schema-prod,oxm-default,resources,sync,portal
+
+portal.cadiFileLocation={{.Values.config.cadiFileLocation}}
+portal.cadiFileLocation={{.Values.config.cadiFileLocation}}
+searchservice.hostname={{.Values.global.searchData.serviceName}}
+searchservice.port=9509
+searchservice.client-cert=client-cert-onap.p12
+searchservice.client-cert-password=1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+searchservice.truststore=tomcat_keystore
+
+schema.ingest.file=${CONFIG_HOME}/schemaIngest.properties

diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/auth/client-cert-onap.p12 b/kubernetes/aai/components/aai-sparky-be/resources/config/auth/client-cert-onap.p12
new file mode 100644 (file)
index 0000000..aa4ae74
Binary files /dev/null and b/kubernetes/aai/components/aai-sparky-be/resources/config/auth/client-cert-onap.p12 differ

diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/auth/csp-cookie-filter.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/auth/csp-cookie-filter.properties
new file mode 100644 (file)
index 0000000..6edc3d9
--- /dev/null
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/auth/csp-cookie-filter.properties
@@ -0,0 +1,26 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+global.login.url=aaiportal.onap.org
+
+# MOTS ID of the application
+application.id=12345
+
+# valid domains for open redirect
+redirect-domain=domain.com
+
+# Required by esGateKeeper. Valid values are:
+# DEVL - used during development
+# PROD - used in production
+gatekeeper.environment=TEST

diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/auth/org.onap.aai.p12 b/kubernetes/aai/components/aai-sparky-be/resources/config/auth/org.onap.aai.p12
new file mode 100644 (file)
index 0000000..b2449c6
Binary files /dev/null and b/kubernetes/aai/components/aai-sparky-be/resources/config/auth/org.onap.aai.p12 differ

diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/key.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/key.properties
new file mode 100644 (file)
index 0000000..67268e3
--- /dev/null
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/key.properties
@@ -0,0 +1 @@
+cipher.enc.key=AGLDdG4D04BKm2IxIWEr8o==!

diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/portal.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/portal.properties
new file mode 100644 (file)
index 0000000..e18585d
--- /dev/null
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/portal.properties
@@ -0,0 +1,47 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+################################################################################
+############################## Portal properties ###############################
+################################################################################
+
+# Java class that implements the ECOMP role and user mgt API
+portal.api.impl.class = org.onap.aai.sparky.security.portal.PortalRestAPICentralServiceImpl
+
+# Instance of ECOMP Portal where the app has been on-boarded
+# use insecure http for dev purposes to avoid self-signed certificate
+ecomp_rest_url = https://portal-app:8443/ONAPPORTAL/auxapi
+
+# Standard global logon page
+ecomp_redirect_url = https://portal.api.simpledemo.onap.org:30225/ONAPPORTAL/login.htm
+
+# Name of cookie to extract on login request
+csp_cookie_name = EPService
+# Alternate values: DEVL, V_DEVL, V_PROD
+csp_gate_keeper_prod_key = PROD
+
+# Toggles use of UEB
+ueb_listeners_enable = false
+# IDs application withing UEB flow
+ueb_app_key=ueb_key_7
+# Use this tag if the app is centralized
+role_access_centralized=remote
+
+# Connection and Read timeout values
+ext_req_connection_timeout=15000
+ext_req_read_timeout=20000
+
+#Add AAF namespace if the app is centralized
+auth_namespace={{.Values.config.aafNamespace}}

diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/portal/cadi.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/cadi.properties
new file mode 100644 (file)
index 0000000..1f154b6
--- /dev/null
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/cadi.properties
@@ -0,0 +1,45 @@
+# Configure AAF
+aaf_locate_url=https://aaf-locate.{{.Release.Namespace}}:8095
+aaf_url=<%=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1
+
+#aaf_url=https://DME2RESOLVE/service=com.att.authz.AuthorizationService/version=2.0/envContext=TEST/routeOffer=BAU_SE
+# AAF Environment Designation
+
+#if you are running aaf service from a docker image you have to use aaf service IP and port number
+aaf_id={{.Values.config.aafUsername}}
+#Encrypt the password using AAF Jar
+aaf_password={{.Values.config.aafPassword}}
+# Sample CADI Properties, from CADI 1.4.2
+#hostname=org.onap.aai.orr
+csp_domain=PROD
+# Add Absolute path to Keyfile
+cadi_keyfile={{.Values.config.cadiKeyFile}}
+
+# This is required to accept Certificate Authentication from Certman certificates.
+# can be TEST, IST or PROD
+aaf_env=DEV
+
+# DEBUG prints off all the properties.  Use to get started.
+cadi_loglevel=DEBUG
+
+# Add Absolute path to truststore2018.jks
+cadi_truststore={{.Values.config.cadiTrustStore}}
+# Note: This is the ONLY password that doesn't have to be encrypted. All Java's TrustStores are this passcode by default, because they are public certs
+cadi_truststore_password={{.Values.config.cadiTrustStorePassword}}
+
+# how to turn on SSL Logging
+#javax.net.debug=ssl
+
+# Use "maps.bing.com" to get Lat and Long for an Address
+AFT_LATITUDE=32.780140
+AFT_LONGITUDE=-96.800451
+AFT_ENVIRONMENT=AFTUAT
+AFT_DME2_CLIENT_IGNORE_SSL_CONFIG=true
+DME2.DEBUG=true
+AFT_DME2_HTTP_EXCHANGE_TRACE_ON=true
+
+cadi_latitude=32.780140
+cadi_longitude=-96.800451
+
+aaf_root_ns=com.att.aaf
+aaf_api_version=2.0

diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/portal/keyFile b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/keyFile
new file mode 100644 (file)
index 0000000..921ce67
--- /dev/null
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/keyFile
@@ -0,0 +1,27 @@
+77E_fh-8gTjeg8egAo-JgNkXYm1FGEBPMo44vKPgKyGCJj9Dn0xJqIBct2Ko35X4_HSU3wPq3I2q
+YHIvJCjmzXTVu2zvu4rIGTlwycTtLGDkgPyhOYFytv4GgazbpSs9331MPUeVVrdpkDCQmjtHSB4m
+DThhfEe2lkbZ35ljX3sVSf3JDy4ngRot0ktQwnnY4vxFdgVUl7LzVinXWgFLoqMyXmKh_bGw9aUH
+VMgqFsF_YmqLZY5ZARAraeywktvrU5kXYh5SnfXoJy7XIk0TBjHKqO-1mW-TcIgS3_v6GIGkZnpq
+e1FyE8cS21gTPFlc1KDoWUZE2yoEsQKJc4RFWfjid_mE6nckxym1TOsEn3G2_TlkZvliN_QMDB_c
+RuFLDB9HCChm4YYHpSn-RBqtJFz29bMTHQX8VNVfZ_Zhh-4dWOlEfpSzJvAqm_boo-8y8YDGIusx
+mvKyPXEKVCuBOljHaKhYg0d43nAXIFsssKpjmtQizA2L_TP1Mo_lDFIlCsPcRlHKTvzkTstEAhRj
+JnepzA--olBMwBkPxjm1Y5XQBGZH72i_o4Hr7_NqHb9sP486I2Nd1-owjHkhacGrLO1oORnuBUxp
+_SnaXYywe9tTz3BcfFupXSoDv4Sj7g9B53yPIWmjGggigidql3SNJsui6qOtwDHOejzEDFm23Lj7
+fXD6sb52U_ul9ahi4CoLTzpvMsPRYOqyRCk8K8FVBauZbG5D42oaFPn0S0rCSHOCU1TXbRdTF-Cs
+I2R0pEHNgb33yx6vtInaTSYIQ5cxa3XDA_50AQearV5SuYSlp8dK0BkpVCKgvSQdTn-2WiaV_hvO
+KzG7D2adT1kYY6TjYMXIaUiJ33y1XSNDG0s6r4NG5dNE6Jj7thdpnV-AAZoi0uZh1_bsHKLVmHRr
+NCXAc6DZm1D4N9y5lOJwUprUlJisZXLFTQThGMRY5dtiY_eK9Xjj4FQygXXhuhFXHz2-e4YApORv
+lXDcT29IZuuI1j26bxdNdhNr1wZsqqievBN6l6OQMiP21eIrxAUu1BEmiVOrfOzaEjxldDN2gFum
+4-zf9gsQT9UT8KEuOje64wVeHr09JpWuddV9HOAMvqc6mKTWmvUv_QiLgtK_b39QccMrOfOA1usM
+biRJ9wuTYIr584Q9CjHEcm5e2YufcbF-IDZ4IDui8gNXyYJuusTYdspeKzrtiLKfgI56ZWA3it9G
+SOkN18YyUmhk7HFkx9qEifb4UEbUQPb0dyXBRotf-91c5CPkct-36uV4sZBA_AR1tX3-aRKKB_SQ
+B0zaG-eaEdEqKv-ZYHqk23ZxiEsCX3ZdY7VSMWztE3_D5n8UgEl4et5LVfnjvU-arVVO93WUbXk0
+zi2QrOwytOZ0StAvFdF1nVwWllPg4EYcn8qLJIaaBRvLMlpHixtwRhltwJeMmJl3ExImOxNhVbhF
+6LxVXW6JK8JfMIwb_TE4EShDBjemq76BojQOwrO4OAyPG7B5iUtefdY-Zu1EtjXPhrUgljI_A1tg
+5_2WNjNTCT7Bvig3saFsIRi3cvgIcMAF2H7kJYw3UDvCFnx4LIom2u6vSeyatPxEOhRfpP0KvgEU
+koM9DFJW7VWQ11mB_DcU2NoYHdFKFy_cM62kIvoRwZTADGryEtkLSWEDT8MLpVrGXP2RjSZ3HHqC
+vVpVqQHC2VIqNKi2uHtYCiTEfj81Z0rCrnH3hYIRoOSe5W6m17xyb0RloG0G44uK0oNCfDYLwK0L
+TJaBdWSIBYI__ISsKx8o8r-3XLtbwQPPhv4-LpGwJYd7sIcqnpTYAyNGSrbEM4ECzHCH9Hwf9Duy
+cAQGWqXIbTV9i8ryw8OhcCZPTf3noPZyhzzdegiv6KNT-BBbxsgtDehtP-jvpd9eAhjlfUV_hoFJ
+rBUVMFrIOEDnnItVqBDmnavRdhn6N9ObVjVMv_4inhkvtpBCEVxtVQT2kFuBmZvPu_uHHbXi7_g8
+SVs3AjJ2ya3pZraK6gH3IOYoGtTAH3rKl7XdTMjqWnUCbhepuJqeEOF-DhpsEW7Oo0Lqzbjg
\ No newline at end of file

diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/portal/portal-authentication.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/portal-authentication.properties
new file mode 100644 (file)
index 0000000..97b5399
--- /dev/null
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/portal-authentication.properties
@@ -0,0 +1,31 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T\r
+#\r
+# Licensed under the Apache License, Version 2.0 (the "License");\r
+# you may not use this file except in compliance with the License.\r
+# You may obtain a copy of the License at\r
+#\r
+#       http://www.apache.org/licenses/LICENSE-2.0\r
+#\r
+# Unless required by applicable law or agreed to in writing, software\r
+# distributed under the License is distributed on an "AS IS" BASIS,\r
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+# See the License for the specific language governing permissions and\r
+# limitations under the License.\r
+\r
+#####################################################################################\r
+##############################  Portal Auth Properties ##############################\r
+#####################################################################################\r
+\r
+############################## Auth ##############################\r
+username={{.Values.config.portalUsername}}\r
+password={{.Values.config.portalPassword}}\r
+\r
+##############################  ##############################\r
+#\r
+# ONAP Cookie Processing - During initial development, this flag, if true, will\r
+# prevent the portal interface's login processing from searching for a user\r
+# specific cookie, and will instead allow passage if a valid session cookie is discovered.\r
+onap_enabled={{.Values.config.portalOnapEnabled}}\r
+onap.user_id_cookie_name={{.Values.config.portalCookieName}}\r
+cookie_decryptor_classname={{.Values.config.cookieDecryptorClass}}\r
+app_roles={{.Values.config.portalAppRoles}}\r

diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/roles.config b/kubernetes/aai/components/aai-sparky-be/resources/config/roles.config
new file mode 100644 (file)
index 0000000..ee131d8
--- /dev/null
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/roles.config
@@ -0,0 +1,20 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+[
+  {
+    "id":1,
+    "name":"View"
+  }
+]

diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/users.config b/kubernetes/aai/components/aai-sparky-be/resources/config/users.config
new file mode 100644 (file)
index 0000000..ce69e88
--- /dev/null
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/users.config
@@ -0,0 +1,20 @@
+[{\r
+    "orgId": null,\r
+    "managerId": null,\r
+    "firstName": "Demo",\r
+    "middleInitial": null,\r
+    "lastName": "User",\r
+    "phone": null,\r
+    "email": "demo@email.com",\r
+    "hrid": null,\r
+    "orgUserId": "demo",\r
+    "orgCode": null,\r
+    "orgManagerUserId": null,\r
+    "jobTitle": null,\r
+    "loginId": "demo",\r
+    "active": false,\r
+    "roles": [{\r
+        "id": 1,\r
+        "name": "View"\r
+    }]\r
+}]
\ No newline at end of file

diff --git a/kubernetes/aai/components/aai-sparky-be/templates/configmap.yaml b/kubernetes/aai/components/aai-sparky-be/templates/configmap.yaml
new file mode 100644 (file)
index 0000000..9e0a572
--- /dev/null
+++ b/kubernetes/aai/components/aai-sparky-be/templates/configmap.yaml
@@ -0,0 +1,72 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-prop
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/application-resources.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/application-ssl.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/application-oxm-default.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/application-oxm-override.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/application-oxm-schema-prod.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/roles.config").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/users.config").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-portal
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/portal/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-portal-props
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/portal/BOOT-INF/classes/*").AsConfig . | indent 2 }}

diff --git a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml
new file mode 100644 (file)
index 0000000..a4fe4e2
--- /dev/null
+++ b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml
@@ -0,0 +1,206 @@
+# Copyright (c) 2017 Amdocs, Bell Canada
+# Modifications Copyright (c) 2018 AT&T
+# Modifications Copyright (c) 2020 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "common.fullname" . }}
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app: {{ include "common.name" . }}
+  template:
+    metadata:
+      labels:
+        app: {{ include "common.name" . }}
+        release: {{ include "common.release" . }}
+      name: {{ include "common.name" . }}
+    spec:
+      initContainers:
+      - command:
+        - /app/ready.py
+        args:
+        - --container-name
+        - aai-elasticsearch
+        - --container-name
+        - aai-search-data
+        - --container-name
+        - aai
+        env:
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: metadata.namespace
+        image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        name: {{ include "common.name" . }}-readiness
+      containers:
+      - name: {{ include "common.name" . }}
+        image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+
+        volumeMounts:
+        - mountPath: /etc/localtime
+          name: localtime
+          readOnly: true
+        - mountPath: /opt/app/sparky/config/auth/client-cert-onap.p12
+          name: {{ include "common.fullname" . }}-auth-config
+          subPath: client-cert-onap.p12
+
+        - mountPath: /opt/app/sparky/config/auth/csp-cookie-filter.properties
+          name: {{ include "common.fullname" . }}-auth-config
+          subPath: csp-cookie-filter.properties
+
+        - mountPath: /opt/app/sparky/config/auth/org.onap.aai.p12
+          name: {{ include "common.fullname" . }}-auth-config
+          subPath: org.onap.aai.p12
+
+        - mountPath: /opt/app/sparky/config/auth/truststoreONAPall.jks
+          name: aai-common-aai-auth-mount
+          subPath: truststoreONAPall.jks
+
+        - mountPath: /opt/app/sparky/config/portal/
+          name: {{ include "common.fullname" . }}-portal-config
+
+        - mountPath: /opt/app/sparky/config/portal/BOOT-INF/classes/
+          name: {{ include "common.fullname" . }}-portal-config-props
+
+        - mountPath: /var/log/onap
+          name: {{ include "common.fullname" . }}-logs
+
+        - mountPath:  /opt/app/sparky/config/application.properties
+          name: {{ include "common.fullname" . }}-properties
+          subPath: application.properties
+
+        - mountPath:  /opt/app/sparky/config/application-resources.properties
+          name: {{ include "common.fullname" . }}-properties
+          subPath: application-resources.properties
+
+        - mountPath:  /opt/app/sparky/config/application-ssl.properties
+          name: {{ include "common.fullname" . }}-properties
+          subPath: application-ssl.properties
+
+        - mountPath:  /opt/app/sparky/config/application-oxm-default.properties
+          name: {{ include "common.fullname" . }}-properties
+          subPath: application-oxm-default.properties
+
+        - mountPath:  /opt/app/sparky/config/application-oxm-override.properties
+          name: {{ include "common.fullname" . }}-properties
+          subPath: application-oxm-override.properties
+
+        - mountPath:  /opt/app/sparky/config/application-oxm-schema-prod.properties
+          name: {{ include "common.fullname" . }}-properties
+          subPath: application-oxm-schema-prod.properties
+
+        - mountPath:  /opt/app/sparky/config/roles.config
+          name: {{ include "common.fullname" . }}-properties
+          subPath: roles.config
+
+        - mountPath:  /opt/app/sparky/config/users.config
+          name: {{ include "common.fullname" . }}-properties
+          subPath: users.config
+
+        ports:
+        - containerPort: {{ .Values.service.internalPort }}
+        # disable liveness probe when breakpoints set in debugger
+        # so K8s doesn't restart unresponsive container
+        {{- if eq .Values.liveness.enabled true }}
+        livenessProbe:
+          tcpSocket:
+            port: {{ .Values.service.internalPort }}
+          initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+          periodSeconds: {{ .Values.liveness.periodSeconds }}
+        {{ end -}}
+        readinessProbe:
+          tcpSocket:
+            port: {{ .Values.service.internalPort }}
+          initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+          periodSeconds: {{ .Values.readiness.periodSeconds }}
+        resources:
+{{ include "common.resources" . }}
+      {{- if .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+      {{- end -}}
+      {{- if .Values.affinity }}
+      affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+      {{- end }}
+
+      # side car containers
+      - name: filebeat-onap
+        image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        volumeMounts:
+        - mountPath: /usr/share/filebeat/filebeat.yml
+          subPath: filebeat.yml
+          name: filebeat-conf
+        - mountPath: /var/log/onap
+          name: {{ include "common.fullname" . }}-logs
+        - mountPath: /usr/share/filebeat/data
+          name: aai-sparky-filebeat
+        resources:
+{{ include "common.resources" . }}
+
+      volumes:
+      - name: localtime
+        hostPath:
+          path: /etc/localtime
+
+      - name: {{ include "common.fullname" . }}-properties
+        configMap:
+          name: {{ include "common.fullname" . }}-prop
+
+      - name: {{ include "common.fullname" . }}-config
+        configMap:
+          name: {{ include "common.fullname" . }}
+
+      - name: {{ include "common.fullname" . }}-portal-config
+        configMap:
+          name: {{ include "common.fullname" . }}-portal
+
+      - name: {{ include "common.fullname" . }}-portal-config-props
+        configMap:
+          name: {{ include "common.fullname" . }}-portal-props
+
+      - name: {{ include "common.fullname" . }}-auth-config
+        secret:
+          secretName: {{ include "common.fullname" . }}
+      
+      - name: aai-common-aai-auth-mount
+        secret:
+          secretName: aai-common-aai-auth
+      
+      - name: filebeat-conf
+        configMap:
+          name: aai-filebeat
+      - name: {{ include "common.fullname" . }}-logs
+        emptyDir: {}
+      - name: aai-sparky-filebeat
+        emptyDir: {}
+      - name: modeldir
+        emptyDir: {}
+      restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }}
+      imagePullSecrets:
+      - name: "{{ include "common.namespace" . }}-docker-registry-key"

diff --git a/kubernetes/aai/components/aai-sparky-be/templates/ingress.yaml b/kubernetes/aai/components/aai-sparky-be/templates/ingress.yaml
new file mode 100644 (file)
index 0000000..8f87c68
--- /dev/null
+++ b/kubernetes/aai/components/aai-sparky-be/templates/ingress.yaml
@@ -0,0 +1 @@
+{{ include "common.ingress" . }}

diff --git a/kubernetes/aai/components/aai-sparky-be/templates/secret.yaml b/kubernetes/aai/components/aai-sparky-be/templates/secret.yaml
new file mode 100644 (file)
index 0000000..292e035
--- /dev/null
+++ b/kubernetes/aai/components/aai-sparky-be/templates/secret.yaml
@@ -0,0 +1,27 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "common.fullname" . }}
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/config/auth/*").AsSecrets . | indent 2 }}

diff --git a/kubernetes/aai/components/aai-sparky-be/templates/service.yaml b/kubernetes/aai/components/aai-sparky-be/templates/service.yaml
new file mode 100644 (file)
index 0000000..5c939ae
--- /dev/null
+++ b/kubernetes/aai/components/aai-sparky-be/templates/service.yaml
@@ -0,0 +1,38 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "common.servicename" . }}
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+  {{if eq .Values.service.type "NodePort" -}}
+  - port: {{ .Values.service.internalPort }}
+    nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+    name: {{ .Values.service.portName }}
+  {{- else -}}
+  - port: {{ .Values.service.internalPort }}
+    name: {{ .Values.service.portName }}
+  {{- end}}
+  selector:
+    app: {{ include "common.name" . }}
+    release: {{ include "common.release" . }}

diff --git a/kubernetes/aai/components/aai-sparky-be/values.yaml b/kubernetes/aai/components/aai-sparky-be/values.yaml
new file mode 100644 (file)
index 0000000..10448b7
--- /dev/null
+++ b/kubernetes/aai/components/aai-sparky-be/values.yaml
@@ -0,0 +1,120 @@
+# Copyright (c) 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright (c) 2020 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Default values for sparky-be.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+global: # global defaults
+  nodePortPrefix: 302
+  aai:
+    serviceName: aai
+  aaiElasticsearch:
+    serviceName: aai-elasticsearch
+  gizmo:
+    serviceName: aai-gizmo
+  searchData:
+    serviceName: aai-search-data
+  readinessImage: onap/oom/readiness:3.0.1
+
+# application image
+repository: nexus3.onap.org:10001
+image: onap/sparky-be:1.6.2
+pullPolicy: Always
+restartPolicy: Always
+flavor: small
+flavorOverride: small
+dockerhubRepository: registry.hub.docker.com
+ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
+# application configuration
+config:
+  elasticsearchHttpPort: 9200
+  gerritBranch: 3.0.0-ONAP
+  gerritProject: http://gerrit.onap.org/r/aai/test-config
+  portalUsername: aaiui
+  portalPassword: OBF:1t2v1vfv1unz1vgz1t3b
+  portalCookieName: UserId
+  portalAppRoles: ui_view
+  aafUsername: aai@aai.onap.org
+  aafNamespace: org.onap.aai
+  aafPassword: enc:xxYw1FqXU5UpianbPeH5Rezg0YfjzuwQrSiLcCmJGfz
+  cadiKeyFile: /opt/app/sparky/config/portal/keyFile
+  cadiTrustStore: /opt/app/sparky/config/auth/truststoreONAPall.jks
+  cadiFileLocation: /opt/app/sparky/config/portal/cadi.properties
+  cadiTrustStorePassword: changeit
+  cookieDecryptorClass: org.onap.aai.sparky.security.BaseCookieDecryptor
+
+# ONAP Cookie Processing - During initial development, the following flag, if true, will
+# prevent the portal interface's login processing from searching for a user
+# specific cookie, and will instead allow passage if a valid session cookie is discovered.
+  portalOnapEnabled: true
+#
+
+# override chart name (sparky-be) to share a common namespace
+# suffix with parent chart (aai)
+nsSuffix: aai
+
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+  initialDelaySeconds: 10
+  periodSeconds: 10
+  # necessary to disable liveness probe when setting breakpoints
+  # in debugger so K8s doesn't restart unresponsive container
+  enabled: true
+
+readiness:
+  initialDelaySeconds: 10
+  periodSeconds: 10
+
+service:
+  type: NodePort
+  portName: aai-sparky-be
+  internalPort: 8000
+  nodePort: 20
+
+ingress:
+  enabled: false
+  service:
+    - baseaddr: "aaisparkybe"
+      name: "aai-sparky-be"
+      port: 8000
+  config:
+    ssl: "redirect"
+
+# Configure resource requests and limits
+# ref: http://kubernetes.io/docs/user-guide/compute-resources/
+resources:
+  small:
+    limits:
+      cpu: 2
+      memory: 4Gi
+    requests:
+      cpu: 0.25
+      memory: 1Gi
+  large:
+    limits:
+      cpu: 4
+      memory: 8Gi
+    requests:
+      cpu: 0.5
+      memory: 2Gi
+  unlimited: {}

diff --git a/kubernetes/aai/components/aai-traversal/.helmignore b/kubernetes/aai/components/aai-traversal/.helmignore
new file mode 100644 (file)
index 0000000..daebc7d
--- /dev/null
+++ b/kubernetes/aai/components/aai-traversal/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.\r
+# This supports shell glob matching, relative path matching, and\r
+# negation (prefixed with !). Only one pattern per line.\r
+.DS_Store\r
+# Common VCS dirs\r
+.git/\r
+.gitignore\r
+.bzr/\r
+.bzrignore\r
+.hg/\r
+.hgignore\r
+.svn/\r
+# Common backup files\r
+*.swp\r
+*.bak\r
+*.tmp\r
+*~\r
+# Various IDEs\r
+.project\r
+.idea/\r
+*.tmproj\r

diff --git a/kubernetes/aai/components/aai-traversal/Chart.yaml b/kubernetes/aai/components/aai-traversal/Chart.yaml
new file mode 100644 (file)
index 0000000..80ff28e
--- /dev/null
+++ b/kubernetes/aai/components/aai-traversal/Chart.yaml
@@ -0,0 +1,18 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP AAI traversal
+name: aai-traversal
+version: 7.0.0

diff --git a/kubernetes/aai/components/aai-traversal/resources/config/aaf/bath_config.csv b/kubernetes/aai/components/aai-traversal/resources/config/aaf/bath_config.csv
new file mode 100644 (file)
index 0000000..60a8fb5
--- /dev/null
+++ b/kubernetes/aai/components/aai-traversal/resources/config/aaf/bath_config.csv
@@ -0,0 +1,33 @@
+# AAI -> aai@aai.onap.org
+Basic QUFJOkFBSQ==,Basic YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03
+
+# ModelLoader -> aai@aai.onap.org
+Basic TW9kZWxMb2FkZXI6TW9kZWxMb2FkZXI=,Basic YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03
+
+# AaiUI -> aai@aai.onap.org,
+Basic QWFpVUk6QWFpVUk=,Basic YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03
+
+# MSO -> so@so.onap.org
+Basic TVNPOk1TTw==,Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1NiE=,2050-03-03
+
+# SDNC -> sdnc@sdnc.onap.org
+Basic U0ROQzpTRE5D,Basic c2RuY0BzZG5jLm9uYXAub3JnOmRlbW8xMjM0NTYh,2050-03-03
+
+# DCAE -> dcae@dcae.onap.org
+Basic RENBRTpEQ0FF,Basic ZGNhZUBkY2FlLm9uYXAub3JnOmRlbW8xMjM0NTYh,2050-03-03
+
+# POLICY -> policy@policy.onap.org
+Basic UE9MSUNZOlBPTElDWQ==,Basic cG9saWN5QHBvbGljeS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03
+
+# ASDC -> sdc@sdc.onap.org
+Basic QVNEQzpBU0RD,Basic c2RjQHNkYy5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03
+
+# VID -> vid@vid.onap.org
+Basic VklEOlZJRA==,Basic dmlkQHZpZC5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03
+
+# APPC -> appc@appc.onap.org
+Basic QVBQQzpBUFBD,Basic YXBwY0BhcHBjLm9uYXAub3JnOmRlbW8xMjM0NTYh,2050-03-03
+
+# OOF -> oof@oof.onap.org
+Basic T09GOk9PRg==,Basic b29mQG9vZi5vbmFwLm9yZzpkZW1vMTIzNDQ2IQ==,2050-03-03
+

diff --git a/kubernetes/aai/components/aai-traversal/resources/config/aaf/cadi.properties b/kubernetes/aai/components/aai-traversal/resources/config/aaf/cadi.properties
new file mode 100644 (file)
index 0000000..2b19da9
--- /dev/null
+++ b/kubernetes/aai/components/aai-traversal/resources/config/aaf/cadi.properties
@@ -0,0 +1,8 @@
+
+cadi_loglevel=INFO
+cadi_prop_files=/opt/app/aai-traversal/resources/aaf/org.osaaf.location.props:/opt/app/aai-traversal/resources/aaf/org.onap.aai.props
+
+# OAuth2
+aaf_oauth2_token_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.token:2.1/token
+aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.introspect:2.1/introspect
+

diff --git a/kubernetes/aai/components/aai-traversal/resources/config/aaf/org.onap.aai.keyfile b/kubernetes/aai/components/aai-traversal/resources/config/aaf/org.onap.aai.keyfile
new file mode 100644 (file)
index 0000000..4c14bc3
--- /dev/null
+++ b/kubernetes/aai/components/aai-traversal/resources/config/aaf/org.onap.aai.keyfile
@@ -0,0 +1,27 @@
+VoVoSXQrAveX2NBnoAGs7p5q5Zn5vWkVXC81HQrzers30k7OzSy5rfCRSUVO13wuo-wzJQ4GGn4e
+ZSOZrtTCenFwunUX6mirkIlip8W2TLNVH6O3VN-F7JS6t_6EFF5z1y7amr9MCWQ8p72Ig9uHMUWC
+uPLjD6GUWAEw0BIGtCbXgJDs6v2EOCv0TV8Mq1uYSaiAOZgMlehwt1tWcE3iSRfZscjIp4Kjpe4e
+QsZ9Bc5ATTnY3Tc5Mtmubc-1cwGDQQWFIo5k_cWfxhtpMAsNSidwp-zBjCKEWC465BKSSiUHwp4M
+YW_6xrmN1FobnFqLCNoUEoXH3Mcgeze74dXmaN8_JyQ6T5pT1EtETsitnktrfFh-XsLKGf8vE1m8
+pfAtq4hPeq1jMdG0D8SRVGFxJlHa9VsmYpbUj_4I3GGsaBt_EBl9ZUtL0b3Vnx5fnqS1OZ1amL0z
+94rQfQMf2UAnbI1j2j5oV6Hy2eBmSiLft2aNxs1VPmmZLQsm5dXDKF1eJ6twNmaZvzmQaSHTpN4b
+YqPonSwlYK1ZARaKzx1SivpRWzRP-nqqFazfAnPlLdvCBpCK0g_SjwLvlifozVmH2j0Vd6E9F9XE
+NzJSfUY6NsX6_7t10yDYtBKbFKID3jIKmSj7yn5PKNbEWBwmgvkBh4PIKTRij11udR8S8PnYsfTT
+PyC52LH37LL5Me3Y443zOUXtYWwN6wfCi9H4pDQGmg7mcnpKV0Z-Iw59AuLKypTriG3-9DxYgMSa
+_GCDiCIXhcWSEYieRV45qHoeVdgrPGN8iy9leO_JmikGsjcIKl0-mGrojsV0zHrqeP-fyvgpFD1x
+NXLKeqErqSw_KMFOxCa0-cUQHgrVvrs5wDYeetZ4TRafKEYkojZhq6mbM5V2zScQTxU_VEHK0PIs
+BJ6xHzcw9DLUjPTVtHXXbag9ly9ReoHXRLD5O9RZUvLH9pGRIkn_tMrVD1scMiS4ln9QplyGRF1_
+AAXysVgCna3-xuOIYo8zG74d29eNcuEpejPR8CiSWKiKNqp0zMYB5Jpv2dlf0XMucMne-6WV1-gg
+EETogBbymFC6rcc31TjPwqnqyLY0XP7Gy1trJ47aI9zBXS3IZLmGaKW1d12ELDRsWctujcjHyt1_
+Vp3hrny5w7BNWD8SIueUzke3-OuEhOmu0o84TGvfHc6fmKCggRBn_oXee4OeCnt2HzNSlLvOV9AZ
+g5e1UKuzl2dODQCZHNNdj-7f25LIVSV44m0SVNsDwboQ4s7T5HOTn3NM2KpklwBnB6w5ze2FFBzb
+5XNzyXOpDgHEnszN1U90WrpoFvJ0LFJ5XeX8mH0q9lpcKZXbOqP383_dBXyEd237m2OF6WVG4VVm
+4dqB98pBLiGpCR1K6ocdcZE6mAMQn-OdDaLIJLcXt77i1j2MNlODeax-MJnxMW8EjPAzNJzrdq5e
+21spFMZJT9vthdl0qqiiduuTazaXGrmvnB85uvRCXVqJOesVG3HebubWrQuuuePxVTSL18R_PhId
+0hmqho-MOZUHHTxGzqFDR0iOO8Y4hZfiAipHAd49IkkmYJUrEAb258in8W4__vJ5UcIdq2Rd8L9l
+vtIzf7AKcFCyx7Woi95GpEJ2Kr_f6aG1_04hbFY_LHP3EHPcOxsDHjz-8FYreze_LUdsYx-fBMft
+mcFmbFAblk8Jz7GYQ7c4XwULt2BbMr9rsuGuZHL3Ap6lX1eI0-6d8ZZ3DIXIWubTTqHG_mRNd5XW
+b0x5nlEbnvw4t4DdjGsEONpQfllnnmkr25tPQBncPjlsA3oso6h5QM4psvkkKi8yd0N6t-yyLwra
+w1B3p9YQFzK2hGA24Seo83baLRgIK6YvEsNnXdI7fmVEOetIslQue__6S6GupdqgUFx9xrtDLN-d
+TbdxpezKWfkjCxEBxXyAhOttb3qqP0-jtZV7OEsZmmz0T9DG4hYnNfs-clD7rrD3Va7znzDru2sq
+PtgpapahbNjM9pbx9_fU7M35aEYnGtEwG9BVGVxsWmIBMTc05ncru4qE0fLkjsDSnCMQ54e0
\ No newline at end of file

diff --git a/kubernetes/aai/components/aai-traversal/resources/config/aaf/org.onap.aai.p12 b/kubernetes/aai/components/aai-traversal/resources/config/aaf/org.onap.aai.p12
new file mode 100644 (file)
index 0000000..b2449c6
Binary files /dev/null and b/kubernetes/aai/components/aai-traversal/resources/config/aaf/org.onap.aai.p12 differ

diff --git a/kubernetes/aai/components/aai-traversal/resources/config/aaf/org.onap.aai.props b/kubernetes/aai/components/aai-traversal/resources/config/aaf/org.onap.aai.props
new file mode 100644 (file)
index 0000000..ef78622
--- /dev/null
+++ b/kubernetes/aai/components/aai-traversal/resources/config/aaf/org.onap.aai.props
@@ -0,0 +1,15 @@
+############################################################
+# Properties Generated by AT&T Certificate Manager
+# @copyright 2016, AT&T
+############################################################
+cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US
+cadi_keyfile=/opt/app/aai-traversal/resources/aaf/org.onap.aai.keyfile
+cadi_keystore=/opt/app/aai-traversal/resources/aaf/org.onap.aai.p12
+cadi_keystore_password=enc:dgVjUeXy3cuR7nJ3TFVrXFfAu19gn6rie-RsS96-0fmeZwMsXlNIgK_rHd2eRY_p
+
+#cadi_key_password=enc:9xs_lJ9QQRDoMcHqLbGg40-gefGrw-sLMjWL40ejbyqdC7Jt_pQfY6ajBLGcbLuL
+cadi_alias=aai@aai.onap.org
+cadi_truststore=/opt/app/aai-traversal/resources/aaf/truststoreONAPall.jks
+cadi_truststore_password=enc:nF3CZ7w_swzgWJX8CtEOsKWA50x-Da_HbiYlXPWrQym
+cadi_loglevel=INFO
+cadi_bath_convert=/opt/app/aai-traversal/resources/aaf/bath_config.csv

diff --git a/kubernetes/aai/components/aai-traversal/resources/config/aaf/org.osaaf.location.props b/kubernetes/aai/components/aai-traversal/resources/config/aaf/org.osaaf.location.props
new file mode 100644 (file)
index 0000000..b9ec6b4
--- /dev/null
+++ b/kubernetes/aai/components/aai-traversal/resources/config/aaf/org.osaaf.location.props
@@ -0,0 +1,23 @@
+##
+## org.osaaf.location.props
+##
+## Localized Machine Information
+##
+# Almeda California ?
+cadi_latitude=37.78187
+cadi_longitude=-122.26147
+
+# Locate URL (which AAF Env)
+aaf_locate_url=https://aaf-locate.{{.Release.Namespace}}:8095
+
+# AAF URL
+aaf_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1
+
+# AAF Environment Designation
+aaf_env=DEV
+
+# OAuth2 Endpoints
+aaf_oauth2_token_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.token:2.1/token
+aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.introspect:2.1/introspect
+
+

diff --git a/kubernetes/aai/components/aai-traversal/resources/config/aaf/permissions.properties b/kubernetes/aai/components/aai-traversal/resources/config/aaf/permissions.properties
new file mode 100644 (file)
index 0000000..d4956f5
--- /dev/null
+++ b/kubernetes/aai/components/aai-traversal/resources/config/aaf/permissions.properties
@@ -0,0 +1,2 @@
+permission.type=org.onap.aai.traversal
+permission.instance=*
\ No newline at end of file

diff --git a/kubernetes/aai/components/aai-traversal/resources/config/aaiconfig.properties b/kubernetes/aai/components/aai-traversal/resources/config/aaiconfig.properties
new file mode 100644 (file)
index 0000000..0f23eda
--- /dev/null
+++ b/kubernetes/aai/components/aai-traversal/resources/config/aaiconfig.properties
@@ -0,0 +1,94 @@
+#
+# ============LICENSE_START=======================================================
+# org.onap.aai
+# ================================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+#
+
+aai.config.checktime=1000
+
+# this could come from siteconfig.pl?
+aai.config.nodename=AutomaticallyOverwritten
+
+aai.server.url.base=https://aai.{{ include "common.namespace" . }}:8443/aai/
+aai.server.url=https://aai.{{ include "common.namespace" . }}:8443/aai/{{ .Values.global.config.schema.version.api.default }}/
+aai.global.callback.url=https://aai.{{ include "common.namespace" . }}:8443/aai/
+
+{{ if .Values.global.config.basic.auth.enabled }}
+aai.tools.enableBasicAuth=true
+aai.tools.username={{ .Values.global.config.basic.auth.username }}
+aai.tools.password={{ .Values.global.config.basic.auth.passwd }}
+{{ end }}
+
+aai.truststore.filename={{ .Values.global.config.truststore.filename }}
+aai.truststore.passwd.x={{ .Values.global.config.truststore.passwd }}
+aai.keystore.filename={{ .Values.global.config.keystore.filename }}
+aai.keystore.passwd.x={{ .Values.global.config.keystore.passwd }}
+
+aai.notification.current.version={{ .Values.global.config.schema.version.api.default }}
+aai.notificationEvent.default.status=UNPROCESSED
+aai.notificationEvent.default.eventType={{ .Values.global.config.notification.eventType }}
+aai.notificationEvent.default.domain={{ .Values.global.config.notification.domain }}
+aai.notificationEvent.default.sourceName=aai
+aai.notificationEvent.default.sequenceNumber=0
+aai.notificationEvent.default.severity=NORMAL
+aai.notificationEvent.default.version={{ .Values.global.config.schema.version.api.default }}
+# This one lets us enable/disable resource-version checking on updates/deletes
+aai.resourceversion.enableflag=true
+aai.logging.maxStackTraceEntries=10
+aai.default.api.version={{ .Values.global.config.schema.version.api.default }}
+
+# Used by Model-processing code
+aai.model.delete.sleep.per.vtx.msec=500
+aai.model.query.resultset.maxcount=50
+aai.model.query.timeout.sec=90
+
+aai.model.proc.max.levels=50
+aai.edgeTag.proc.max.levels=50
+
+aai.logging.trace.enabled=true
+aai.logging.trace.logrequest=false
+aai.logging.trace.logresponse=false
+
+aai.transaction.logging=true
+aai.transaction.logging.get=false
+aai.transaction.logging.post=false
+
+aai.realtime.clients={{ .Values.global.config.realtime.clients }}
+
+#timeout for traversal enabled flag
+aai.traversal.timeoutenabled={{ .Values.config.timeout.enabled }}
+
+#timeout app specific
+aai.traversal.timeout.appspecific={{ .Values.config.timeout.appspecific }}
+
+#default timeout limit added for traversal if not overridden (in ms)
+aai.traversal.timeoutlimit={{ .Values.config.timeout.limit | int }}
+
+#timeout for traversal dsl enabled flag
+aai.traversal.dsl.timeoutenabled={{ .Values.config.dsl.timeout.enabled }}
+
+#timeout app specific -1 to bypass for that app id, a whole number to override the timeout with that value (in ms)
+aai.traversal.dsl.timeout.appspecific={{ .Values.config.dsl.timeout.appspecific | join "|" }}
+
+#default timeout limit added for traversal dsl if not overridden (in ms)
+aai.traversal.dsl.timeoutlimit={{ .Values.config.dsl.timeout.limit | int }}
+
+# Threshold for margin of error (in ms) for resources_with_sot format to derive the most recent http method performed
+aai.resource.formatter.threshold=10
+aai.dsl.override={{ .Values.config.dslOverride }}

diff --git a/kubernetes/aai/components/aai-traversal/resources/config/application.properties b/kubernetes/aai/components/aai-traversal/resources/config/application.properties
new file mode 100644 (file)
index 0000000..4a025ba
--- /dev/null
+++ b/kubernetes/aai/components/aai-traversal/resources/config/application.properties
@@ -0,0 +1,99 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# The following info parameters are being referenced by ajsc6
+info.build.artifact=aai-traversal
+info.build.name=traversal
+info.build.description=Traversal Microservice
+info.build.version=1.3.0
+
+spring.application.name=aai-traversal
+spring.jersey.type=filter
+
+spring.main.allow-bean-definition-overriding=true
+server.servlet.context-path=/
+
+spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration
+
+spring.profiles.active={{ .Values.global.config.profiles.active }}
+spring.jersey.application-path=${schema.uri.base.path}
+#The max number of active threads in this pool
+server.tomcat.max-threads=200
+#The minimum number of threads always kept alive
+server.tomcat.min-Spare-Threads=25
+#The number of milliseconds before an idle thread shutsdown, unless the number of active threads are less or equal to minSpareThreads
+server.tomcat.max-idle-time=60000
+
+# If you get an application startup failure that the port is already taken
+# If thats not it, please check if the key-store file path makes sense
+server.local.startpath=aai-traversal/src/main/resources/
+server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties
+
+server.port=8446
+server.ssl.enabled-protocols=TLSv1.1,TLSv1.2
+server.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }}
+server.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }})
+server.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.truststore.filename }}
+server.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }})
+server.ssl.client-auth=want
+server.ssl.key-store-type=JKS
+
+# JMS bind address host port
+jms.bind.address=tcp://localhost:61647
+dmaap.ribbon.listOfServers=message-router.{{ include "common.namespace" . }}:3905
+dmaap.ribbon.transportType=https
+
+# Schema related attributes for the oxm and edges
+# Any additional schema related attributes should start with prefix schema
+schema.configuration.location=N/A
+schema.source.name={{ .Values.global.config.schema.source.name }}
+schema.nodes.location=${server.local.startpath}/schema/${schema.source.name}/oxm/
+schema.edges.location=${server.local.startpath}/schema/${schema.source.name}/dbedgerules/
+# Location of where the stored queries are
+schema.queries.location=${server.local.startpath}/schema/${schema.source.name}/query/
+
+schema.ingest.file=${server.local.startpath}/application.properties
+
+# Schema Version Related Attributes
+
+schema.uri.base.path={{ .Values.global.config.schema.uri.base.path }}
+# Lists all of the versions in the schema
+schema.version.list={{ .Values.global.config.schema.version.list }}
+# Specifies from which version should the depth parameter to default to zero
+schema.version.depth.start={{ .Values.global.config.schema.version.depth }}
+# Specifies from which version should the related link be displayed in response payload
+schema.version.related.link.start={{ .Values.global.config.schema.version.related.link }}
+
+# Specifies from which version should the client see only the uri excluding host info
+# Before this version server base will also be included
+schema.version.app.root.start={{ .Values.global.config.schema.version.app.root }}
+# Specifies from which version should the namespace be changed
+schema.version.namespace.change.start={{ .Values.global.config.schema.version.namespace.change }}
+# Specifies from which version should the client start seeing the edge label in payload
+schema.version.edge.label.start={{ .Values.global.config.schema.version.edge.label }}
+# Specifies the version that the application should default to
+schema.version.api.default={{ .Values.global.config.schema.version.api.default }}
+
+schema.translator.list={{ .Values.global.config.schema.translator.list }}
+schema.service.base.url=https://aai-schema-service.{{ include "common.namespace" . }}:8452/aai/schema-service/v1/
+schema.service.nodes.endpoint=nodes?version=
+schema.service.edges.endpoint=edgerules?version=
+schema.service.versions.endpoint=versions
+schema.service.custom.queries.endpoint=stored-queries
+schema.service.client={{ .Values.global.config.schema.service.client }}
+
+schema.service.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }}
+schema.service.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.truststore.filename }}
+schema.service.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }})
+schema.service.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }})

diff --git a/kubernetes/aai/components/aai-traversal/resources/config/janusgraph-cached.properties b/kubernetes/aai/components/aai-traversal/resources/config/janusgraph-cached.properties
new file mode 100644 (file)
index 0000000..1db2774
--- /dev/null
+++ b/kubernetes/aai/components/aai-traversal/resources/config/janusgraph-cached.properties
@@ -0,0 +1,100 @@
+#
+# ============LICENSE_START=======================================================
+# org.onap.aai
+# ================================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+#
+
+query.fast-property=true
+query.smart-limit=false
+
+{{ if .Values.global.config.cluster.cassandra.dynamic }}
+
+storage.backend=cql
+storage.hostname={{.Values.global.cassandra.serviceName}}
+storage.cql.keyspace=aaigraph
+storage.username={{.Values.global.cassandra.username}}
+storage.password={{.Values.global.cassandra.password}}
+
+storage.cql.read-consistency-level=LOCAL_QUORUM
+storage.cql.write-consistency-level=LOCAL_QUORUM
+storage.cql.replication-factor={{.Values.global.cassandra.replicas}}
+storage.cql.only-use-local-consistency-for-system-operations=true
+
+{{ else }}
+
+{{ if .Values.global.config.storage }}
+
+storage.backend={{ .Values.global.config.storage.backend }}
+
+{{ if eq .Values.global.config.storage.backend "cassandra" }}
+
+storage.hostname={{ .Values.global.config.storage.hostname }}
+storage.cassandra.keyspace={{ .Values.global.config.storage.name }}
+
+storage.cassandra.read-consistency-level={{ .Values.global.config.storage.cassandra.readConsistency }}
+storage.cassandra.write-consistency-level={{ .Values.global.config.storage.cassandra.writeConsistency }}
+storage.cassandra.replication-factor={{ .Values.global.config.storage.cassandra.replicationFactor | int }}
+storage.cassandra.astyanax.cluster-name= {{ .Values.global.config.storage.clusterName }}
+storage.cassandra.astyanax.local-datacenter= {{ .Values.global.config.storage.localDataCenter }}
+
+storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }}
+cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }}
+log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }}
+
+{{ else if eq .Values.global.config.storage.backend "cql" }}
+
+storage.hostname={{ .Values.global.config.storage.hostname }}
+storage.cql.keyspace={{ .Values.global.config.storage.name }}
+
+storage.cql.read-consistency-level={{ .Values.global.config.storage.cql.readConsistency }}
+storage.cql.write-consistency-level={{ .Values.global.config.storage.cql.readConsistency }}
+storage.cql.replication-factor={{ .Values.global.config.storage.cql.replicationFactor | int }}
+
+storage.cql.only-use-local-consistency-for-system-operations={{ .Values.global.config.storage.cql.localConsistencyForSysOps }}
+storage.cql.cluster-name={{ .Values.global.config.storage.clusterName }}
+storage.cql.local-datacenter={{ .Values.global.config.storage.localDataCenter }}
+
+storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }}
+cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }}
+log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }}
+
+{{ else if eq .Values.global.config.storage.backend "hbase" }}
+
+storage.hostname={{ .Values.global.config.storage.hostname }}
+storage.hbase.table={{ .Values.global.config.storage.name }}
+
+storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }}
+cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }}
+log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }}
+
+{{ end }}
+
+{{ end }}
+
+{{ end }}
+
+storage.lock.wait-time=300
+#caching on
+cache.db-cache = true
+cache.db-cache-clean-wait = 20
+cache.db-cache-time = 180000
+cache.db-cache-size = 0.3
+
+#load graphson file on startup
+load.snapshot.file=false

diff --git a/kubernetes/aai/components/aai-traversal/resources/config/janusgraph-realtime.properties b/kubernetes/aai/components/aai-traversal/resources/config/janusgraph-realtime.properties
new file mode 100644 (file)
index 0000000..36cbc42
--- /dev/null
+++ b/kubernetes/aai/components/aai-traversal/resources/config/janusgraph-realtime.properties
@@ -0,0 +1,94 @@
+#
+# ============LICENSE_START=======================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+#
+
+query.fast-property=true
+query.smart-limit=false
+
+{{ if .Values.global.config.cluster.cassandra.dynamic }}
+
+storage.backend=cql
+storage.hostname={{.Values.global.cassandra.serviceName}}
+storage.cql.keyspace=aaigraph
+storage.username={{.Values.global.cassandra.username}}
+storage.password={{.Values.global.cassandra.password}}
+
+storage.cql.read-consistency-level=LOCAL_QUORUM
+storage.cql.write-consistency-level=LOCAL_QUORUM
+storage.cql.replication-factor={{.Values.global.cassandra.replicas}}
+storage.cql.only-use-local-consistency-for-system-operations=true
+
+{{ else }}
+
+{{ if .Values.global.config.storage }}
+
+storage.backend={{ .Values.global.config.storage.backend }}
+
+{{ if eq .Values.global.config.storage.backend "cassandra" }}
+
+storage.hostname={{ .Values.global.config.storage.hostname }}
+storage.cassandra.keyspace={{ .Values.global.config.storage.name }}
+
+storage.cassandra.read-consistency-level={{ .Values.global.config.storage.cassandra.readConsistency }}
+storage.cassandra.write-consistency-level={{ .Values.global.config.storage.cassandra.writeConsistency }}
+storage.cassandra.replication-factor={{ .Values.global.config.storage.cassandra.replicationFactor | int }}
+storage.cassandra.astyanax.cluster-name= {{ .Values.global.config.storage.clusterName }}
+storage.cassandra.astyanax.local-datacenter= {{ .Values.global.config.storage.localDataCenter }}
+
+storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }}
+cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }}
+log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }}
+
+{{ else if eq .Values.global.config.storage.backend "cql" }}
+
+storage.hostname={{ .Values.global.config.storage.hostname }}
+storage.cql.keyspace={{ .Values.global.config.storage.name }}
+
+storage.cql.read-consistency-level={{ .Values.global.config.storage.cql.readConsistency }}
+storage.cql.write-consistency-level={{ .Values.global.config.storage.cql.readConsistency }}
+storage.cql.replication-factor={{ .Values.global.config.storage.cql.replicationFactor | int }}
+
+storage.cql.only-use-local-consistency-for-system-operations={{ .Values.global.config.storage.cql.localConsistencyForSysOps }}
+storage.cql.cluster-name={{ .Values.global.config.storage.clusterName }}
+storage.cql.local-datacenter={{ .Values.global.config.storage.localDataCenter }}
+
+storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }}
+cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }}
+log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }}
+
+{{ else if eq .Values.global.config.storage.backend "hbase" }}
+
+storage.hostname={{ .Values.global.config.storage.hostname }}
+storage.hbase.table={{ .Values.global.config.storage.name }}
+
+storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }}
+cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }}
+log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }}
+
+{{ end }}
+
+{{ end }}
+
+{{ end }}
+
+storage.lock.wait-time=300
+# Setting db-cache to false ensure the fastest propagation of changes across servers
+cache.db-cache = false
+#load graphson file on startup
+load.snapshot.file=false

diff --git a/kubernetes/aai/components/aai-traversal/resources/config/localhost-access-logback.xml b/kubernetes/aai/components/aai-traversal/resources/config/localhost-access-logback.xml
new file mode 100644 (file)
index 0000000..4cf6c74
--- /dev/null
+++ b/kubernetes/aai/components/aai-traversal/resources/config/localhost-access-logback.xml
@@ -0,0 +1,63 @@
+<!--\r
+\r
+    ============LICENSE_START=======================================================\r
+    org.onap.aai\r
+    ================================================================================\r
+    Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+    Modifications Copyright © 2018 Amdocs, Bell Canada\r
+    ================================================================================\r
+    Licensed under the Apache License, Version 2.0 (the "License");\r
+    you may not use this file except in compliance with the License.\r
+    You may obtain a copy of the License at\r
+\r
+       http://www.apache.org/licenses/LICENSE-2.0\r
+\r
+    Unless required by applicable law or agreed to in writing, software\r
+    distributed under the License is distributed on an "AS IS" BASIS,\r
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+    See the License for the specific language governing permissions and\r
+    limitations under the License.\r
+    ============LICENSE_END=========================================================\r
+\r
+    ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+\r
+-->\r
+<configuration>\r
+       <property name="AJSC_HOME" value="${AJSC_HOME:-.}" />\r
+       <appender name="ACCESS"\r
+               class="ch.qos.logback.core.rolling.RollingFileAppender">\r
+               <file>${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log</file>\r
+               <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
+                       <fileNamePattern>${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log.%d{yyyy-MM-dd}\r
+                       </fileNamePattern>\r
+               </rollingPolicy>\r
+               <encoder class="org.onap.aai.logging.CustomLogPatternLayoutEncoder">\r
+                       <Pattern>%a %u %z [%t] "%m %U%q" %s %b %y %i{X-TransactionId} %i{X-FromAppId} %i{X-Forwarded-For} %i{X-AAI-SSL-Client-CN} %i{X-AAI-SSL-Client-OU} %i{X-AAI-SSL-Client-O} %i{X-AAI-SSL-Client-L} %i{X-AAI-SSL-Client-ST} %i{X-AAI-SSL-Client-C} %i{X-AAI-SSL-Client-NotBefore} %i{X-AAI-SSL-Client-NotAfter} %i{X-AAI-SSL-Client-DN} %D</Pattern>\r
+               </encoder>\r
+       </appender>\r
+       <appender-ref ref="ACCESS" />\r
+</configuration>\r
+\r
+<!-- \r
+%a - Remote IP address\r
+%A - Local IP address\r
+%b - Bytes sent, excluding HTTP headers, or '-' if no bytes were sent\r
+%B - Bytes sent, excluding HTTP headers\r
+%h - Remote host name\r
+%H - Request protocol\r
+%l - Remote logical username from identd (always returns '-')\r
+%m - Request method\r
+%p - Local port\r
+%q - Query string (prepended with a '?' if it exists, otherwise an empty string\r
+%r - First line of the request\r
+%s - HTTP status code of the response\r
+%S - User session ID\r
+%t - Date and time, in Common Log Format format\r
+%u - Remote user that was authenticated\r
+%U - Requested URL path\r
+%v - Local server name\r
+%I - current request thread name (can compare later with stacktraces)\r
+\r
+%z - Custom pattern that parses the cert for the subject\r
+%y - Custom pattern determines rest or dme2\r
+ -->\r

diff --git a/kubernetes/aai/components/aai-traversal/resources/config/logback.xml b/kubernetes/aai/components/aai-traversal/resources/config/logback.xml
new file mode 100644 (file)
index 0000000..f24e86d
--- /dev/null
+++ b/kubernetes/aai/components/aai-traversal/resources/config/logback.xml
@@ -0,0 +1,344 @@
+<!--
+
+    ============LICENSE_START=======================================================
+    org.onap.aai
+    ================================================================================
+    Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+    Modifications Copyright © 2018 Amdocs, Bell Canada
+    ================================================================================
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+    ============LICENSE_END=========================================================
+
+    ECOMP is a trademark and service mark of AT&T Intellectual Property.
+
+-->
+<configuration scan="true" scanPeriod="60 seconds" debug="false">
+       <statusListener class="ch.qos.logback.core.status.NopStatusListener" />
+
+       <property resource="application.properties" />
+
+       <property name="namespace" value="aai-resources"/>
+
+       <property name="AJSC_HOME" value="${AJSC_HOME:-.}" />
+       <jmxConfigurator />
+       <property name="logDirectory" value="${AJSC_HOME}/logs" />
+       <!-- Old patterns
+       <property name="eelfLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%ecompServiceName|%X{partnerName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
+       <property name="eelfAuditLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%ecompServiceName|%X{partnerName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n|\r\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
+       <property name="eelfMetricLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%ecompServiceName|%X{partnerName}|%X{targetEntity}|%X{targetServiceName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{targetVirtualEntity}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
+       <property name="eelfErrorLogPattern" value="%ecompStartTime|%X{requestId}|%-10t|%ecompServiceName|%X{partnerName}|%X{targetEntity}|%X{targetServiceName}|%ecompErrorCategory|%ecompResponseCode|%ecompResponseDescription|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
+    <property name="eelfTransLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%ecompServiceName|%X{partnerName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{partnerName}:%m%n"/>
+    -->
+       <property name="p_tim" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}"/>
+       <property name="p_lvl" value="%level"/>
+       <property name="p_log" value="%logger"/>
+       <property name="p_mdc" value="%replace(%replace(%replace(%mdc){'\t','\\\\t'}){'\n', '\\\\n'}){'\\|', '!'}"/>
+       <property name="p_msg" value="%replace(%replace(%msg){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+       <property name="p_exc" value="%replace(%replace(%rootException){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+       <property name="p_mak" value="%replace(%replace(%marker){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+       <property name="p_thr" value="%thread"/>
+       <property name="pattern" value="%nopexception${p_tim}\t${p_thr}\t${p_lvl}\t${p_log}\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n"/>
+       <!-- Patterns from onap demo -->
+       <property name="errorPattern" value="%X{LogTimestamp}|%X{RequestID}|%thread|%replace(%X{ServiceName}){'\\|', '!'}|%X{PartnerName}|%X{TargetEntity}|%replace(%X{TargetServiceName}){'\\|', '!'}|%.-5level|%X{ErrorCode}|%X{ErrorDesc}|%msg%n" />
+       <property name="debugPattern" value="%X{LogTimestamp}|%X{RequestID}|%msg\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t|^%n" />
+       <property name="auditPattern" value="%X{EntryTimestamp}|%X{LogTimestamp}|%X{RequestID}|%X{ServiceInstanceID}|%thread||%replace(%X{ServiceName}){'\\|', '!'}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}||||${p_mak}|${p_mdc}|||%msg%n" />
+       <property name="metricPattern" value="%X{InvokeTimestamp}|%X{LogTimestamp}|%X{RequestID}|%X{ServiceInstanceID}|%thread||%replace(%X{ServiceName}){'\\|', '!'}|%X{PartnerName}|%X{TargetEntity}|%replace(%X{TargetServiceName}){'\\|', '!'}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}||||%X{TargetVirtualEntity}|${p_mak}|${p_mdc}|||%msg%n" />
+       <property name="transLogPattern" value="%X{LogTimestamp}|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{RequestID}|%X{ServiceInstanceID}|%-10t|%X{ServerFQDN}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%replace(%replace(%X{ResponseDesc}){'\\|', '!'}){'\r|\n', '^'}|%X{InstanceUUID}|%level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{clientIpAddress}||%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{PartnerName}:%m%n"/>
+       <conversionRule conversionWord="clr" converterClass="org.springframework.boot.logging.logback.ColorConverter" />
+    <conversionRule conversionWord="wex" converterClass="org.springframework.boot.logging.logback.WhitespaceThrowableProxyConverter" />
+    <conversionRule conversionWord="wEx" converterClass="org.springframework.boot.logging.logback.ExtendedWhitespaceThrowableProxyConverter" />
+       <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+               <encoder>
+                       <pattern>
+                               %clr(%d{yyyy-MM-dd HH:mm:ss.SSS}){faint} %clr(${LOG_LEVEL_PATTERN:-%5p}) %clr(${PID:- }){magenta} %clr(---){faint} %clr([%15.15t]){faint} %clr(%-40.40logger{39}){cyan} %clr(:){faint} %m%n${LOG_EXCEPTION_CONVERSION_WORD:-%wEx}
+                       </pattern>
+               </encoder>
+       </appender>
+
+       <appender name="SANE" class="ch.qos.logback.core.rolling.RollingFileAppender">
+               <file>${logDirectory}/rest/sane.log</file>
+               <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+                       <fileNamePattern>${logDirectory}/rest/sane.log.%d{yyyy-MM-dd}</fileNamePattern>
+               </rollingPolicy>
+               <encoder>
+                       <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n
+                       </pattern>
+               </encoder>
+       </appender>
+
+       <appender name="asyncSANE" class="ch.qos.logback.classic.AsyncAppender">
+               <queueSize>1000</queueSize>
+               <includeCallerData>true</includeCallerData>
+               <appender-ref ref="SANE" />
+       </appender>
+       <appender name="METRIC" class="ch.qos.logback.core.rolling.RollingFileAppender">
+               <file>${logDirectory}/rest/metrics.log</file>
+               <rollingPolicy
+                               class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+                       <fileNamePattern>${logDirectory}/rest/metrics.log.%d{yyyy-MM-dd}</fileNamePattern>
+               </rollingPolicy>
+               <encoder>
+                       <pattern>${metricPattern}</pattern>
+               </encoder>
+       </appender>
+
+       <appender name="asyncMETRIC" class="ch.qos.logback.classic.AsyncAppender">
+               <queueSize>1000</queueSize>
+               <includeCallerData>true</includeCallerData>
+               <appender-ref ref="METRIC"/>
+       </appender>
+
+       <appender name="DEBUG"
+                         class="ch.qos.logback.core.rolling.RollingFileAppender">
+               <filter class="ch.qos.logback.classic.filter.LevelFilter">
+                       <level>DEBUG</level>
+                       <onMatch>ACCEPT</onMatch>
+                       <onMismatch>DENY</onMismatch>
+               </filter>
+               <file>${logDirectory}/rest/debug.log</file>
+               <rollingPolicy
+                               class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+                       <fileNamePattern>${logDirectory}/rest/debug.log.%d{yyyy-MM-dd}</fileNamePattern>
+               </rollingPolicy>
+               <encoder>
+                       <pattern>${debugPattern}</pattern>
+               </encoder>
+       </appender>
+
+       <appender name="asyncDEBUG" class="ch.qos.logback.classic.AsyncAppender">
+               <queueSize>1000</queueSize>
+               <appender-ref ref="DEBUG" />
+               <includeCallerData>true</includeCallerData>
+       </appender>
+       <appender name="ERROR"
+                         class="ch.qos.logback.core.rolling.RollingFileAppender">
+               <file>${logDirectory}/rest/error.log</file>
+               <rollingPolicy
+                               class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+                       <fileNamePattern>${logDirectory}/rest/error.log.%d{yyyy-MM-dd}</fileNamePattern>
+               </rollingPolicy>
+               <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+                       <level>WARN</level>
+               </filter>
+               <encoder>
+                       <pattern>${errorPattern}</pattern>
+               </encoder>
+       </appender>
+
+       <appender name="asyncERROR" class="ch.qos.logback.classic.AsyncAppender">
+               <queueSize>1000</queueSize>
+               <appender-ref ref="ERROR"/>
+       </appender>
+
+       <appender name="AUDIT"
+               class="ch.qos.logback.core.rolling.RollingFileAppender">
+               <file>${logDirectory}/rest/audit.log</file>
+               <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+                       <fileNamePattern>${logDirectory}/rest/audit.log.%d{yyyy-MM-dd}
+                       </fileNamePattern>
+               </rollingPolicy>
+               <encoder>
+                       <pattern>${auditPattern}</pattern>
+               </encoder>
+       </appender>
+
+       <appender name="asyncAUDIT" class="ch.qos.logback.classic.AsyncAppender">
+               <queueSize>1000</queueSize>
+               <includeCallerData>true</includeCallerData>
+               <appender-ref ref="AUDIT" />
+       </appender>
+
+       <appender name="translog"
+               class="ch.qos.logback.core.rolling.RollingFileAppender">
+               <filter class="ch.qos.logback.classic.filter.LevelFilter">
+                       <level>DEBUG</level>
+                       <onMatch>ACCEPT</onMatch>
+                       <onMismatch>DENY</onMismatch>
+               </filter>
+               <file>${logDirectory}/rest/translog.log</file>
+               <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+                       <fileNamePattern>${logDirectory}/rest/translog.log.%d{yyyy-MM-dd}
+                       </fileNamePattern>
+               </rollingPolicy>
+               <encoder>
+                       <pattern>${transLogPattern}</pattern>
+               </encoder>
+       </appender>
+
+       <appender name="asynctranslog" class="ch.qos.logback.classic.AsyncAppender">
+               <queueSize>1000</queueSize>
+               <includeCallerData>true</includeCallerData>
+               <appender-ref ref="translog" />
+       </appender>
+
+       <appender name="dmaapAAIEventConsumer"
+               class="ch.qos.logback.core.rolling.RollingFileAppender">
+               <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+                       <level>WARN</level>
+               </filter>
+               <File>${logDirectory}/dmaapAAIEventConsumer/error.log</File>
+               <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+                       <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/error.log.%d{yyyy-MM-dd}
+                       </fileNamePattern>
+               </rollingPolicy>
+               <encoder>
+                       <pattern>${errorPattern}</pattern>
+               </encoder>
+
+       </appender>
+
+       <appender name="dmaapAAIEventConsumerDebug"
+               class="ch.qos.logback.core.rolling.RollingFileAppender">
+               <filter class="ch.qos.logback.classic.filter.LevelFilter">
+                       <level>DEBUG</level>
+                       <onMatch>ACCEPT</onMatch>
+                       <onMismatch>DENY</onMismatch>
+               </filter>
+               <File>${logDirectory}/dmaapAAIEventConsumer/debug.log</File>
+               <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+                       <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/debug.log.%d{yyyy-MM-dd}
+                       </fileNamePattern>
+               </rollingPolicy>
+               <encoder>
+                       <pattern>${debugPattern}</pattern>
+               </encoder>
+       </appender>
+       <appender name="dmaapAAIEventConsumerInfo"
+                         class="ch.qos.logback.core.rolling.RollingFileAppender">
+               <filter class="ch.qos.logback.classic.filter.LevelFilter">
+                       <level>INFO</level>
+                       <onMatch>ACCEPT</onMatch>
+                       <onMismatch>DENY</onMismatch>
+               </filter>
+               <File>${logDirectory}/dmaapAAIEventConsumer/dmaap-transaction.log</File>
+               <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+                       <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/dmaap-transaction.log.%d{yyyy-MM-dd}
+                       </fileNamePattern>
+               </rollingPolicy>
+               <encoder>
+                       <pattern>${auditPattern}</pattern>
+               </encoder>
+       </appender>
+       <appender name="dmaapAAIEventConsumerMetric"
+               class="ch.qos.logback.core.rolling.RollingFileAppender">
+               <filter class="ch.qos.logback.classic.filter.LevelFilter">
+                       <level>INFO</level>
+                       <onMatch>ACCEPT</onMatch>
+                       <onMismatch>DENY</onMismatch>
+               </filter>
+               <File>${logDirectory}/dmaapAAIEventConsumer/metrics.log</File>
+               <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+                       <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/metrics.log.%d{yyyy-MM-dd}
+                       </fileNamePattern>
+               </rollingPolicy>
+               <encoder>
+                       <pattern>${metricPattern}</pattern>
+               </encoder>
+       </appender>
+       <appender name="external"
+               class="ch.qos.logback.core.rolling.RollingFileAppender">
+               <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+                       <level>WARN</level>
+               </filter>
+               <file>${logDirectory}/external/external.log</file>
+               <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+                       <fileNamePattern>${logDirectory}/external/external.log.%d{yyyy-MM-dd}
+                       </fileNamePattern>
+               </rollingPolicy>
+               <encoder>
+                       <pattern>${debugPattern}</pattern>
+               </encoder>
+       </appender>
+       <appender name="auth"
+                         class="ch.qos.logback.core.rolling.RollingFileAppender">
+               <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+                       <level>DEBUG</level>
+               </filter>
+               <file>${logDirectory}/auth/auth.log</file>
+               <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+                       <fileNamePattern>${logDirectory}/auth/auth.log.%d{yyyy-MM-dd}
+                       </fileNamePattern>
+               </rollingPolicy>
+               <encoder>
+                       <pattern>%d{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}[%thread] %-5level %logger{1024} - %msg%n</pattern>
+               </encoder>
+       </appender>
+       <appender name="asyncAUTH" class="ch.qos.logback.classic.AsyncAppender">
+               <queueSize>1000</queueSize>
+               <includeCallerData>true</includeCallerData>
+               <appender-ref ref="auth" />
+       </appender>
+       <!-- logback internals logging -->
+
+       <logger name="ch.qos.logback.classic" level="WARN" />
+       <logger name="ch.qos.logback.core" level="WARN" />
+
+       <logger name="com.att.aft.dme2" level="WARN" />
+       <logger name="com.jayway.jsonpath" level="WARN" />
+
+       <logger name="org.apache" level="OFF" />
+       <logger name="org.apache.commons" level="WARN" />
+       <logger name="org.apache.zookeeper" level="OFF" />
+       <logger name="org.codehaus.groovy" level="WARN" />
+       <logger name="org.eclipse.jetty" level="WARN" />
+       <!-- Spring related loggers -->
+       <logger name="org.springframework" level="WARN" />
+       <logger name="org.springframework.beans" level="WARN" />
+       <logger name="org.springframework.web" level="WARN" />
+       <logger name="org.janusgraph" level="WARN" />
+       <logger name="org.zookeeper" level="OFF" />
+
+
+       <logger name="org.onap.aai" level="DEBUG" additivity="false">
+               <appender-ref ref="asyncDEBUG" />
+               <appender-ref ref="asyncSANE" />
+               <appender-ref ref="STDOUT" />
+       </logger>
+       <logger name="org.onap.aai.aaf.auth" level="DEBUG" additivity="false">
+               <appender-ref ref="asyncAUTH" />
+               <appender-ref ref="STDOUT" />
+       </logger>
+       <logger name="org.onap.aai.aailog.logs.AaiScheduledTaskAuditLog" level="INFO">
+               <appender-ref ref="asyncAUDIT"/>
+       </logger>
+       <logger name="org.onap.logging.filter.base.AbstractAuditLogFilter" level="INFO">
+               <appender-ref ref="asyncAUDIT"/>
+       </logger>
+       <logger name="org.onap.aai.aailog.logs.AaiDBMetricLog" level="INFO">
+               <appender-ref ref="asyncMETRIC"/>
+       </logger>
+       <logger name="org.onap.aai.aailog.logs.AaiDmaapMetricLog" level="INFO">
+               <appender-ref ref="dmaapAAIEventConsumerMetric"/>
+       </logger>
+       <logger name="org.onap.aai.logging.ErrorLogHelper" level="WARN">
+               <appender-ref ref="asyncERROR"/>
+       </logger>
+       <logger name="org.onap.aai.interceptors.post" level="DEBUG" additivity="false">
+               <appender-ref ref="asynctranslog" />
+               <appender-ref ref="STDOUT" />
+       </logger>
+
+       <logger name="org.onap.aai.dmaap" level="DEBUG" additivity="false">
+               <appender-ref ref="dmaapAAIEventConsumer" />
+               <appender-ref ref="dmaapAAIEventConsumerDebug" />
+       </logger>
+
+       <logger name="com.att.nsa.mr" level="INFO" >
+               <appender-ref ref="dmaapAAIEventConsumerInfo" />
+       </logger>
+
+       <root level="DEBUG">
+               <appender-ref ref="external" />
+               <appender-ref ref="STDOUT" />
+       </root>
+</configuration>

diff --git a/kubernetes/aai/components/aai-traversal/resources/config/realm.properties b/kubernetes/aai/components/aai-traversal/resources/config/realm.properties
new file mode 100644 (file)
index 0000000..0499b34
--- /dev/null
+++ b/kubernetes/aai/components/aai-traversal/resources/config/realm.properties
@@ -0,0 +1,37 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# format : username: password[,rolename ...]
+# default username/password: AAI/AAI, MSO/MSO, ModelLoader/ModelLoader...
+AAI:OBF:1gfr1ev31gg7,admin
+MSO:OBF:1jzx1lz31k01,admin
+SDNC:OBF:1itr1i0l1i151isv,admin
+DCAE:OBF:1g8u1f9d1f991g8w,admin
+POLICY:OBF:1mk61i171ima1im41i0j1mko,admin
+ASDC:OBF:1f991j0u1j001f9d,admin
+VID:OBF:1jm91i0v1jl9,admin
+APPC:OBF:1f991ksf1ksf1f9d,admin
+ModelLoader:OBF:1qvu1v2h1sov1sar1wfw1j7j1wg21saj1sov1v1x1qxw,admin
+AaiUI:OBF:1gfr1p571unz1p4j1gg7,admin
+OOF:OBF:1img1ke71ily,admin
+aai@aai.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+so@so.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+sdnc@sdnc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+dcae@dcae.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+policy@policy.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+sdc@sdc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+vid@vid.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+appc@appc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+oof@oof.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+pomba@pomba.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+vfc@vfc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin

diff --git a/kubernetes/aai/components/aai-traversal/templates/configmap.yaml b/kubernetes/aai/components/aai-traversal/templates/configmap.yaml
new file mode 100644 (file)
index 0000000..08bd2b3
--- /dev/null
+++ b/kubernetes/aai/components/aai-traversal/templates/configmap.yaml
@@ -0,0 +1,64 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-configmap
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/localhost-access-logback.xml").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/janusgraph-realtime.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/janusgraph-cached.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/aaiconfig.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/realm.properties").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-aaf-props
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/aaf/org.osaaf.location.props").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/aaf/permissions.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.props").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/aaf/cadi.properties").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "common.fullname" . }}-aaf-keys
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.keyfile").AsSecrets . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.p12").AsSecrets . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/aaf/bath_config.csv").AsSecrets . | indent 2 }}

diff --git a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml
new file mode 100644 (file)
index 0000000..a864ea9
--- /dev/null
+++ b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml
@@ -0,0 +1,812 @@
+# Copyright (c) 2017 Amdocs, Bell Canada
+# Modifications Copyright (c) 2018 AT&T
+# Modifications Copyright (c) 2020 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "common.fullname" . }}
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app: {{ include "common.name" . }}
+  template:
+    metadata:
+      labels:
+        app: {{ include "common.name" . }}
+        release: {{ include "common.release" . }}
+      name: {{ include "common.name" . }}
+      annotations:
+        checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+        msb.onap.org/service-info: '[
+          {
+              "serviceName": "_aai-generic-query",
+              "version": "v11",
+              "url": "/aai/v11/search/generic-query",
+              "protocol": "REST",
+              "port": "8446",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v11/search/generic-query"
+          },
+          {
+              "serviceName": "_aai-generic-query",
+              "version": "v12",
+              "url": "/aai/v12/search/generic-query",
+              "protocol": "REST",
+              "port": "8446",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v12/search/generic-query"
+          },
+          {
+              "serviceName": "_aai-generic-query",
+              "version": "v13",
+              "url": "/aai/v13/search/generic-query",
+              "protocol": "REST",
+              "port": "8446",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v13/search/generic-query"
+          },
+          {
+              "serviceName": "_aai-generic-query",
+              "version": "v14",
+              "url": "/aai/v14/search/generic-query",
+              "protocol": "REST",
+              "port": "8446",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v14/search/generic-query"
+          },
+          {
+              "serviceName": "_aai-generic-query",
+              "version": "v15",
+              "url": "/aai/v15/search/generic-query",
+              "protocol": "REST",
+              "port": "8446",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v15/search/generic-query"
+          },
+          {
+              "serviceName": "_aai-generic-query",
+              "version": "v16",
+              "url": "/aai/v16/search/generic-query",
+              "protocol": "REST",
+              "port": "8446",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v16/search/generic-query"
+          },
+          {
+              "serviceName": "_aai-generic-query",
+              "version": "v17",
+              "url": "/aai/v17/search/generic-query",
+              "protocol": "REST",
+              "port": "8446",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v17/search/generic-query"
+          },
+          {
+              "serviceName": "_aai-generic-query",
+              "version": "v18",
+              "url": "/aai/v18/search/generic-query",
+              "protocol": "REST",
+              "port": "8446",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v18/search/generic-query"
+          },
+          {
+              "serviceName": "_aai-generic-query",
+              "version": "v19",
+              "url": "/aai/v19/search/generic-query",
+              "protocol": "REST",
+              "port": "8446",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v19/search/generic-query"
+          },
+          {
+              "serviceName": "_aai-nodes-query",
+              "version": "v11",
+              "url": "/aai/v11/search/nodes-query",
+              "protocol": "REST",
+              "port": "8446",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v11/search/nodes-query"
+          },
+          {
+              "serviceName": "_aai-nodes-query",
+              "version": "v12",
+              "url": "/aai/v12/search/nodes-query",
+              "protocol": "REST",
+              "port": "8446",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v12/search/nodes-query"
+          },
+          {
+              "serviceName": "_aai-nodes-query",
+              "version": "v13",
+              "url": "/aai/v13/search/nodes-query",
+              "protocol": "REST",
+              "port": "8446",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v13/search/nodes-query"
+          },
+          {
+              "serviceName": "_aai-nodes-query",
+              "version": "v14",
+              "url": "/aai/v14/search/nodes-query",
+              "protocol": "REST",
+              "port": "8446",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v14/search/nodes-query"
+          },
+          {
+              "serviceName": "_aai-nodes-query",
+              "version": "v15",
+              "url": "/aai/v15/search/nodes-query",
+              "protocol": "REST",
+              "port": "8446",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v15/search/nodes-query"
+          },
+          {
+              "serviceName": "_aai-nodes-query",
+              "version": "v16",
+              "url": "/aai/v16/search/nodes-query",
+              "protocol": "REST",
+              "port": "8446",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v16/search/nodes-query"
+          },
+          {
+              "serviceName": "_aai-nodes-query",
+              "version": "v17",
+              "url": "/aai/v17/search/nodes-query",
+              "protocol": "REST",
+              "port": "8446",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v17/search/nodes-query"
+          },
+          {
+              "serviceName": "_aai-nodes-query",
+              "version": "v18",
+              "url": "/aai/v18/search/nodes-query",
+              "protocol": "REST",
+              "port": "8446",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v18/search/nodes-query"
+          },
+          {
+              "serviceName": "_aai-nodes-query",
+              "version": "v19",
+              "url": "/aai/v19/search/nodes-query",
+              "protocol": "REST",
+              "port": "8446",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v19/search/nodes-query"
+          },
+          {
+              "serviceName": "_aai-query",
+              "version": "v11",
+              "url": "/aai/v11/query",
+              "protocol": "REST",
+              "port": "8446",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v11/query"
+          },
+          {
+              "serviceName": "_aai-query",
+              "version": "v12",
+              "url": "/aai/v12/query",
+              "protocol": "REST",
+              "port": "8446",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v12/query"
+          },
+          {
+              "serviceName": "_aai-query",
+              "version": "v13",
+              "url": "/aai/v13/query",
+              "protocol": "REST",
+              "port": "8446",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v13/query"
+          },
+          {
+              "serviceName": "_aai-query",
+              "version": "v14",
+              "url": "/aai/v14/query",
+              "protocol": "REST",
+              "port": "8446",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v14/query"
+          },
+          {
+              "serviceName": "_aai-query",
+              "version": "v15",
+              "url": "/aai/v15/query",
+              "protocol": "REST",
+              "port": "8446",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v15/query"
+          },
+          {
+              "serviceName": "_aai-query",
+              "version": "v16",
+              "url": "/aai/v16/query",
+              "protocol": "REST",
+              "port": "8446",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v16/query"
+          },
+          {
+              "serviceName": "_aai-query",
+              "version": "v17",
+              "url": "/aai/v17/query",
+              "protocol": "REST",
+              "port": "8446",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v17/query"
+          },
+          {
+              "serviceName": "_aai-query",
+              "version": "v18",
+              "url": "/aai/v18/query",
+              "protocol": "REST",
+              "port": "8446",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v18/query"
+          },
+          {
+              "serviceName": "_aai-query",
+              "version": "v19",
+              "url": "/aai/v19/query",
+              "protocol": "REST",
+              "port": "8446",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/v19/query"
+          },
+          {
+              "serviceName": "_aai-named-query",
+              "url": "/aai/search",
+              "protocol": "REST",
+              "port": "8446",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1",
+              "path": "/aai/search"
+          },
+          {
+              "serviceName": "aai-generic-query",
+              "version": "v11",
+              "url": "/aai/v11/search/generic-query",
+              "protocol": "REST",
+              "port": "8446",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-generic-query",
+              "version": "v12",
+              "url": "/aai/v12/search/generic-query",
+              "protocol": "REST",
+              "port": "8446",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-generic-query",
+              "version": "v13",
+              "url": "/aai/v13/search/generic-query",
+              "protocol": "REST",
+              "port": "8446",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-generic-query",
+              "version": "v14",
+              "url": "/aai/v14/search/generic-query",
+              "protocol": "REST",
+              "port": "8446",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-generic-query",
+              "version": "v15",
+              "url": "/aai/v15/search/generic-query",
+              "protocol": "REST",
+              "port": "8446",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-generic-query",
+              "version": "v16",
+              "url": "/aai/v16/search/generic-query",
+              "protocol": "REST",
+              "port": "8446",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-generic-query",
+              "version": "v17",
+              "url": "/aai/v17/search/generic-query",
+              "protocol": "REST",
+              "port": "8446",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-generic-query",
+              "version": "v18",
+              "url": "/aai/v18/search/generic-query",
+              "protocol": "REST",
+              "port": "8446",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-generic-query",
+              "version": "v19",
+              "url": "/aai/v19/search/generic-query",
+              "protocol": "REST",
+              "port": "8446",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-nodes-query",
+              "version": "v11",
+              "url": "/aai/v11/search/nodes-query",
+              "protocol": "REST",
+              "port": "8446",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-nodes-query",
+              "version": "v12",
+              "url": "/aai/v12/search/nodes-query",
+              "protocol": "REST",
+              "port": "8446",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-nodes-query",
+              "version": "v13",
+              "url": "/aai/v13/search/nodes-query",
+              "protocol": "REST",
+              "port": "8446",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-nodes-query",
+              "version": "v14",
+              "url": "/aai/v14/search/nodes-query",
+              "protocol": "REST",
+              "port": "8446",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-nodes-query",
+              "version": "v15",
+              "url": "/aai/v15/search/nodes-query",
+              "protocol": "REST",
+              "port": "8446",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-nodes-query",
+              "version": "v16",
+              "url": "/aai/v16/search/nodes-query",
+              "protocol": "REST",
+              "port": "8446",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-nodes-query",
+              "version": "v17",
+              "url": "/aai/v17/search/nodes-query",
+              "protocol": "REST",
+              "port": "8446",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-nodes-query",
+              "version": "v18",
+              "url": "/aai/v18/search/nodes-query",
+              "protocol": "REST",
+              "port": "8446",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-nodes-query",
+              "version": "v19",
+              "url": "/aai/v19/search/nodes-query",
+              "protocol": "REST",
+              "port": "8446",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-query",
+              "version": "v11",
+              "url": "/aai/v11/query",
+              "protocol": "REST",
+              "port": "8446",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-query",
+              "version": "v12",
+              "url": "/aai/v12/query",
+              "protocol": "REST",
+              "port": "8446",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-query",
+              "version": "v13",
+              "url": "/aai/v13/query",
+              "protocol": "REST",
+              "port": "8446",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-query",
+              "version": "v14",
+              "url": "/aai/v14/query",
+              "protocol": "REST",
+              "port": "8446",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-query",
+              "version": "v15",
+              "url": "/aai/v15/query",
+              "protocol": "REST",
+              "port": "8446",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-query",
+              "version": "v16",
+              "url": "/aai/v16/query",
+              "protocol": "REST",
+              "port": "8446",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-query",
+              "version": "v17",
+              "url": "/aai/v17/query",
+              "protocol": "REST",
+              "port": "8446",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-query",
+              "version": "v18",
+              "url": "/aai/v18/query",
+              "protocol": "REST",
+              "port": "8446",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-query",
+              "version": "v19",
+              "url": "/aai/v19/query",
+              "protocol": "REST",
+              "port": "8446",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          },
+          {
+              "serviceName": "aai-named-query",
+              "url": "/aai/search",
+              "protocol": "REST",
+              "port": "8446",
+              "enable_ssl": true,
+              "lb_policy":"ip_hash",
+              "visualRange": "1"
+          }
+          ]'
+    spec:
+      hostname: aai-traversal
+    {{ if .Values.global.initContainers.enabled }}
+      initContainers:
+      - command:
+      {{ if .Values.global.jobs.migration.enabled }}
+        - /app/ready.py
+        args:
+        - --job-name
+        - {{ include "common.release" . }}-aai-graphadmin-migration
+      {{  else if .Values.global.jobs.createSchema.enabled  }}
+        - /app/ready.py
+        args:
+        - --job-name
+        - {{ include "common.release" . }}-aai-graphadmin-create-db-schema
+      {{  else }}
+        - /app/ready.py
+        args:
+        - --container-name
+        {{- if .Values.global.cassandra.localCluster }}
+        - aai-cassandra
+        {{- else }}
+        - cassandra
+        {{- end }}
+        - --container-name
+        - aai-schema-service
+      {{  end  }}
+        env:
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: metadata.namespace
+        image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        name: {{ include "common.name" . }}-readiness
+    {{ end }}
+      containers:
+      - name: {{ include "common.name" . }}
+        image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        env:
+        - name: DISABLE_UPDATE_QUERY
+          value: {{ .Values.config.disableUpdateQuery | quote }}
+        - name: LOCAL_USER_ID
+          value: {{ .Values.global.config.userId | quote }}
+        - name: LOCAL_GROUP_ID
+          value: {{ .Values.global.config.groupId | quote }}
+        volumeMounts:
+        - mountPath: /etc/localtime
+          name: localtime
+          readOnly: true
+        - mountPath: /opt/app/aai-traversal/resources/etc/appprops/janusgraph-realtime.properties
+          name: {{ include "common.fullname" . }}-config
+          subPath: janusgraph-realtime.properties
+        - mountPath: /opt/app/aai-traversal/resources/etc/appprops/janusgraph-cached.properties
+          name: {{ include "common.fullname" . }}-config
+          subPath: janusgraph-cached.properties
+        - mountPath: /opt/app/aai-traversal/resources/etc/appprops/aaiconfig.properties
+          name: {{ include "common.fullname" . }}-config
+          subPath: aaiconfig.properties
+        - mountPath: /opt/aai/logroot/AAI-GQ
+          name: {{ include "common.fullname" . }}-logs
+        - mountPath: /opt/aai/logroot/AAI-GQ/misc
+          name: {{ include "common.fullname" . }}-logs-misc
+        - mountPath: /opt/app/aai-traversal/resources/logback.xml
+          name: {{ include "common.fullname" . }}-config
+          subPath: logback.xml
+        - mountPath: /opt/app/aai-traversal/resources/localhost-access-logback.xml
+          name: {{ include "common.fullname" . }}-config
+          subPath: localhost-access-logback.xml
+        - mountPath: /opt/app/aai-traversal/resources/etc/auth/realm.properties
+          name: {{ include "common.fullname" . }}-config
+          subPath: realm.properties
+        - mountPath: /opt/app/aai-traversal/resources/aaf/org.onap.aai.keyfile
+          name: {{ include "common.fullname" . }}-aaf-certs
+          subPath: org.onap.aai.keyfile
+        - mountPath: /opt/app/aai-traversal/resources/aaf/bath_config.csv
+          name: {{ include "common.fullname" . }}-aaf-certs
+          subPath: bath_config.csv
+        - mountPath: /opt/app/aai-traversal/resources/aaf/org.onap.aai.props
+          name: {{ include "common.fullname" . }}-aaf-properties
+          subPath: org.onap.aai.props
+        - mountPath: /opt/app/aai-traversal/resources/aaf/org.osaaf.location.props
+          name: {{ include "common.fullname" . }}-aaf-properties
+          subPath: org.osaaf.location.props
+        - mountPath: /opt/app/aai-traversal/resources/aaf/permissions.properties
+          name: {{ include "common.fullname" . }}-aaf-properties
+          subPath: permissions.properties
+        - mountPath: /opt/app/aai-traversal/resources/cadi.properties
+          name: {{ include "common.fullname" . }}-aaf-properties
+          subPath: cadi.properties
+        - mountPath: /opt/app/aai-traversal/resources/aaf/org.onap.aai.p12
+          name: {{ include "common.fullname" . }}-aaf-certs
+          subPath: org.onap.aai.p12
+        - mountPath: /opt/app/aai-traversal/resources/aaf/truststoreONAPall.jks
+          name: aai-common-aai-auth-mount
+          subPath: truststoreONAPall.jks
+        - mountPath: /opt/app/aai-traversal/resources/application.properties
+          name: {{ include "common.fullname" . }}-config
+          subPath: application.properties
+          {{ $global := . }}
+          {{ range $job := .Values.global.config.auth.files }}
+        - mountPath: /opt/app/aai-traversal/resources/etc/auth/{{ . }}
+          name: {{ include "common.fullname" $global }}-auth-truststore-sec
+          subPath: {{ . }}
+          {{ end }}
+        ports:
+        - containerPort: {{ .Values.service.internalPort }}
+        - containerPort: {{ .Values.service.internalPort2 }}
+        # disable liveness probe when breakpoints set in debugger
+        # so K8s doesn't restart unresponsive container
+        {{ if .Values.liveness.enabled }}
+        livenessProbe:
+          tcpSocket:
+            port: {{ .Values.service.internalPort }}
+          initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+          periodSeconds: {{ .Values.liveness.periodSeconds }}
+        {{ end }}
+        readinessProbe:
+          tcpSocket:
+            port: {{ .Values.service.internalPort }}
+          initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+          periodSeconds: {{ .Values.readiness.periodSeconds }}
+        resources:
+{{ include "common.resources" . }}
+      {{- if .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+      {{- end -}}
+      {{- if .Values.affinity }}
+      affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+      {{- end }}
+
+      # side car containers
+      - name: filebeat-onap
+        image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        volumeMounts:
+        - mountPath: /usr/share/filebeat/filebeat.yml
+          subPath: filebeat.yml
+          name: filebeat-conf
+        - mountPath: /var/log/onap
+          name: {{ include "common.fullname" . }}-logs
+        - mountPath: /usr/share/filebeat/data
+          name: {{ include "common.fullname" . }}-filebeat
+        resources:
+{{ include "common.resources" . }}
+      volumes:
+      - name: localtime
+        hostPath:
+          path: /etc/localtime
+      - name: filebeat-conf
+        configMap:
+          name: aai-filebeat
+      - name: {{ include "common.fullname" . }}-logs
+        emptyDir: {}
+      - name: {{ include "common.fullname" . }}-logs-misc
+        emptyDir: {}
+      - name: {{ include "common.fullname" . }}-filebeat
+        emptyDir: {}
+      - name: {{ include "common.fullname" . }}-config
+        configMap:
+         name: {{ include "common.fullname" . }}-configmap
+      - name: {{ include "common.fullname" . }}-aaf-properties
+        configMap:
+         name: {{ include "common.fullname" . }}-aaf-props
+      - name: {{ include "common.fullname" . }}-aaf-certs
+        secret:
+         secretName: {{ include "common.fullname" . }}-aaf-keys
+      - name: aai-common-aai-auth-mount
+        secret:
+          secretName: aai-common-aai-auth
+      - name: {{ include "common.fullname" . }}-auth-truststore-sec
+        secret:
+         secretName: aai-common-truststore
+         items:
+          {{ range $job := .Values.global.config.auth.files }}
+           - key: {{ . }}
+             path: {{ . }}
+          {{ end }}
+      restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }}
+      imagePullSecrets:
+      - name: "{{ include "common.namespace" . }}-docker-registry-key"

diff --git a/kubernetes/aai/components/aai-traversal/templates/job.yaml b/kubernetes/aai/components/aai-traversal/templates/job.yaml
new file mode 100644 (file)
index 0000000..4d6b0dd
--- /dev/null
+++ b/kubernetes/aai/components/aai-traversal/templates/job.yaml
@@ -0,0 +1,142 @@
+# Copyright (c) 2017-2018 AT&T
+# Modifications Copyright (c) 2018 Amdocs, Bell Canada
+# Modifications Copyright (c) 2020 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ if .Values.global.jobs.updateQueryData.enabled }}
+
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ include "common.fullname" . }}-update-query-data
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+{{ if .Values.global.jobs.migration.enabled }}
+  annotations:
+    "helm.sh/hook": post-upgrade,post-rollback,post-install
+    "helm.sh/hook-weight": "2"
+    "helm.sh/hook-delete-policy": before-hook-creation
+{{ end }}
+spec:
+  template:
+    metadata:
+      labels:
+        app: {{ include "common.name" . }}-job
+        release: {{ include "common.release" . }}
+      name: {{ include "common.name" . }}
+    spec:
+      initContainers:
+      - command:
+        - /app/ready.py
+        args:
+        - --container-name
+        - aai
+        {{ if eq .Values.global.aafEnabled true }}
+        - --container-name
+        - aaf-locate
+        {{ end }}
+        env:
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: metadata.namespace
+        image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        name: {{ include "common.name" . }}-readiness
+      containers:
+      - name: {{ include "common.name" . }}-job
+        image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        command:
+        - bash
+        - "-c"
+        - |
+          set -x
+          if [ ! -d /opt/aai/logroot/AAI-GQ/misc ]; then mkdir -p /opt/aai/logroot/AAI-GQ/misc; fi
+          until nc -w10 -z -v aai.{{.Release.Namespace}} 8443; do echo "Retrying to reach aai on port 8443"; done;
+          bash -x /opt/app/aai-traversal/docker-entrypoint.sh install/updateQueryData.sh
+        env:
+        - name: LOCAL_USER_ID
+          value: {{ .Values.global.config.userId | quote }}
+        - name: LOCAL_GROUP_ID
+          value: {{ .Values.global.config.groupId | quote }}
+        resources:
+{{ include "common.resources" . }}
+        volumeMounts:
+        - mountPath: /etc/localtime
+          name: localtime
+          readOnly: true
+        - mountPath: /opt/app/aai-traversal/resources/etc/appprops/janusgraph-realtime.properties
+          name: {{ include "common.fullname" . }}-config
+          subPath: janusgraph-realtime.properties
+        - mountPath: /opt/app/aai-traversal/resources/etc/appprops/janusgraph-cached.properties
+          name: {{ include "common.fullname" . }}-config
+          subPath: janusgraph-cached.properties
+        - mountPath: /opt/app/aai-traversal/resources/etc/appprops/aaiconfig.properties
+          name: {{ include "common.fullname" . }}-config
+          subPath: aaiconfig.properties
+        - mountPath: /opt/aai/logroot/AAI-GQ/
+          name: {{ include "common.fullname" . }}-logs
+        - mountPath: /opt/aai/logroot/AAI-GQ/misc
+          name: {{ include "common.fullname" . }}-logs-misc
+        - mountPath: /opt/app/aai-traversal/resources/logback.xml
+          name: {{ include "common.fullname" . }}-config
+          subPath: logback.xml
+        - mountPath: /opt/app/aai-traversal/resources/localhost-access-logback.xml
+          name: {{ include "common.fullname" . }}-config
+          subPath: localhost-access-logback.xml
+        - mountPath: /opt/app/aai-traversal/resources/application.properties
+          name: {{ include "common.fullname" . }}-config
+          subPath: application.properties
+          {{ $global := . }}
+          {{ range $job := .Values.global.config.auth.files }}
+        - mountPath: /opt/app/aai-traversal/resources/etc/auth/{{ . }}
+          name: {{ include "common.fullname" $global }}-auth-truststore-sec
+          subPath: {{ . }}
+          {{ end }}
+        # disable liveness probe when breakpoints set in debugger
+        # so K8s doesn't restart unresponsive container
+      volumes:
+      - name: localtime
+        hostPath:
+          path: /etc/localtime
+      - name: filebeat-conf
+        configMap:
+          name: aai-filebeat
+      - name: {{ include "common.fullname" . }}-logs
+        emptyDir: {}
+      - name: {{ include "common.fullname" . }}-logs-misc
+        emptyDir: {}
+      - name: {{ include "common.fullname" . }}-filebeat
+        emptyDir: {}
+      - name: {{ include "common.fullname" . }}-config
+        configMap:
+         name: {{ include "common.fullname" . }}-configmap
+      - name: {{ include "common.fullname" . }}-auth-truststore-sec
+        secret:
+         secretName: aai-common-truststore
+         items:
+          {{ range $job := .Values.global.config.auth.files }}
+           - key: {{ . }}
+             path: {{ . }}
+          {{ end }}
+      restartPolicy: OnFailure
+      imagePullSecrets:
+      - name: "{{ include "common.namespace" . }}-docker-registry-key"
+{{ end }}

diff --git a/kubernetes/aai/components/aai-traversal/templates/service.yaml b/kubernetes/aai/components/aai-traversal/templates/service.yaml
new file mode 100644 (file)
index 0000000..68d767b
--- /dev/null
+++ b/kubernetes/aai/components/aai-traversal/templates/service.yaml
@@ -0,0 +1,44 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "common.servicename" . }}
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+  {{if eq .Values.service.type "NodePort" -}}
+  - port: {{ .Values.service.internalPort }}
+    nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+    name: {{ .Values.service.portName }}
+  - port: {{ .Values.service.internalPort2 }}
+    nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
+    name: {{ .Values.service.portName2 }}
+  {{- else -}}
+  - port: {{ .Values.service.internalPort }}
+    name: {{ .Values.service.portName }}
+  - port: {{ .Values.service.internalPort2 }}
+    name: {{ .Values.service.portName2 }}
+  {{- end}}
+  selector:
+    app: {{ include "common.name" . }}
+    release: {{ include "common.release" . }}
+  clusterIP: None

diff --git a/kubernetes/aai/components/aai-traversal/values.yaml b/kubernetes/aai/components/aai-traversal/values.yaml
new file mode 100644 (file)
index 0000000..e7ffdb9
--- /dev/null
+++ b/kubernetes/aai/components/aai-traversal/values.yaml
@@ -0,0 +1,118 @@
+# Copyright (c) 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright (c) 2020 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Default values for traversal.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+global: # global defaults
+  nodePortPrefix: 302
+  readinessImage: onap/oom/readiness:3.0.1
+
+
+# application image
+repository: nexus3.onap.org:10001
+image: onap/aai-traversal:1.7.2
+pullPolicy: Always
+restartPolicy: Always
+flavor: small
+flavorOverride: small
+# application configuration
+config:
+
+  # Specifies timeout information such as application specific and limits
+  timeout:
+    # If set to true application will timeout for queries taking longer than limit
+    enabled: true
+    # Specifies which apps (X-FromAppId) header should get overridden and (-1) no timeout
+    appspecific: JUNITTESTAPP1,1|JUNITTESTAPP2,-1|DCAE-CCS,-1|DCAES,-1|AAI-FILEGEN-GFPIP,-1
+    # Specifies how long should it wait before timing out the REST request
+    limit: 180000
+
+  # Disables the updateQueryData script to run as part of traversal
+  disableUpdateQuery: true
+
+  # Override of the DSL Timeout Limit
+  dslOverride: 'ZV4V7E3N77SKIB6MR9MHQ6M4P6Q99Z7M76RBODA'
+
+  dsl:
+    # Dsl timeout configuration
+    timeout:
+      # Whether or not the dsl is enabled
+      enabled: true
+      # Default time limit of the DSL query
+      limit: 150000
+      # App Specific Timeout Limit for each of the X-FromAppId
+      appspecific:
+        - JUNITTESTAPP1,1
+        - JUNITTESTAPP2,-1
+        - AAI-TOOLS,-1
+        - DCAE-CCS,1200000
+        - DCAES,1200000
+        - VPESAT,-1
+        - AAI-CACHER,-1
+        - VidAaiController,300000
+        - AAI-UI,180000
+
+persistence:
+  mountPath: /dockerdata-nfs
+  mountSubPath: aai/aai-traversal
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+  initialDelaySeconds: 60
+  periodSeconds: 60
+  # necessary to disable liveness probe when setting breakpoints
+  # in debugger so K8s doesn't restart unresponsive container
+  enabled: false
+
+readiness:
+  initialDelaySeconds: 10
+  periodSeconds: 10
+
+service:
+  type: ClusterIP
+  portName: aai-traversal-8446
+  internalPort: 8446
+  portName2: aai-traversal-5005
+  internalPort2: 5005
+
+ingress:
+  enabled: false
+
+# Configure resource requests and limits
+# ref: http://kubernetes.io/docs/user-guide/compute-resources/
+resources:
+  small:
+    limits:
+      cpu: 2
+      memory: 4Gi
+    requests:
+      cpu: 1
+      memory: 3Gi
+  large:
+    limits:
+      cpu: 4
+      memory: 8Gi
+    requests:
+      cpu: 2
+      memory: 4Gi
+  unlimited: {}

diff --git a/kubernetes/aai/requirements.yaml b/kubernetes/aai/requirements.yaml
new file mode 100644 (file)
index 0000000..af99382
--- /dev/null
+++ b/kubernetes/aai/requirements.yaml
@@ -0,0 +1,69 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+dependencies:
+  - name: common
+    version: ~7.x-0
+    # local reference to common chart, as it is
+    # a part of this chart's package and will not
+    # be published independently to a repo (at this point)
+    repository: '@local'
+  - name: cassandra
+    version: ~7.x-0
+    # local reference to common chart, as it is
+    # a part of this chart's package and will not
+    # be published independently to a repo (at this point)
+    repository: '@local'
+    condition: global.cassandra.localCluster
+  - name: aai-babel
+    version: ~7.x-0
+    repository: 'file://components/aai-babel'
+    condition: aai-babel.enabled
+  - name: aai-data-router
+    version: ~7.x-0
+    repository: 'file://components/aai-data-router'
+    condition: aai-data-router.enabled
+  - name: aai-elasticsearch
+    version: ~7.x-0
+    repository: 'file://components/aai-elasticsearch'
+    condition: aai-elasticsearch.enabled
+  - name: aai-graphadmin
+    version: ~7.x-0
+    repository: 'file://components/aai-graphadmin'
+    condition: aai-graphadmin.enabled
+  - name: aai-modelloader
+    version: ~7.x-0
+    repository: 'file://components/aai-modelloader'
+    condition: aai-modelloader.enabled
+  - name: aai-resources
+    version: ~7.x-0
+    repository: 'file://components/aai-resources'
+    condition: aai-resources.enabled
+  - name: aai-schema-service
+    version: ~7.x-0
+    repository: 'file://components/aai-schema-service'
+    condition: aai-schema-service.enabled
+  - name: aai-search-data
+    version: ~7.x-0
+    repository: 'file://components/aai-search-data'
+    condition: aai-search-data.enabled
+  - name: aai-sparky-be
+    version: ~7.x-0
+    repository: 'file://components/aai-sparky-be'
+    condition: aai-sparky-be.enabled
+  - name: aai-traversal
+    version: ~7.x-0
+    repository: 'file://components/aai-traversal'
+    condition: aai-traversal.enabled

diff --git a/kubernetes/aai/resources/config/aai/aai_keystore b/kubernetes/aai/resources/config/aai/aai_keystore
new file mode 100644 (file)
index 0000000..d1ebae8
Binary files /dev/null and b/kubernetes/aai/resources/config/aai/aai_keystore differ

diff --git a/kubernetes/aai/resources/config/auth/truststoreONAPall.jks b/kubernetes/aai/resources/config/auth/truststoreONAPall.jks
new file mode 100644 (file)
index 0000000..ff844b1
Binary files /dev/null and b/kubernetes/aai/resources/config/auth/truststoreONAPall.jks differ

diff --git a/kubernetes/aai/resources/config/fproxy/auth/client-cert.p12 b/kubernetes/aai/resources/config/fproxy/auth/client-cert.p12
new file mode 100644 (file)
index 0000000..7a4979a
Binary files /dev/null and b/kubernetes/aai/resources/config/fproxy/auth/client-cert.p12 differ

diff --git a/kubernetes/aai/resources/config/fproxy/auth/fproxy_truststore b/kubernetes/aai/resources/config/fproxy/auth/fproxy_truststore
new file mode 100644 (file)
index 0000000..f5e4170
Binary files /dev/null and b/kubernetes/aai/resources/config/fproxy/auth/fproxy_truststore differ

diff --git a/kubernetes/aai/resources/config/fproxy/auth/tomcat_keystore b/kubernetes/aai/resources/config/fproxy/auth/tomcat_keystore
new file mode 100644 (file)
index 0000000..d68bf73
Binary files /dev/null and b/kubernetes/aai/resources/config/fproxy/auth/tomcat_keystore differ

diff --git a/kubernetes/aai/resources/config/haproxy/aai.pem b/kubernetes/aai/resources/config/haproxy/aai.pem
new file mode 100644 (file)
index 0000000..6390db1
--- /dev/null
+++ b/kubernetes/aai/resources/config/haproxy/aai.pem
@@ -0,0 +1,88 @@
+-----BEGIN CERTIFICATE-----
+MIIFKzCCBBOgAwIBAgIILW/fiLbps3kwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE
+BhMCVVMxDTALBgNVBAoMBE9OQVAxDjAMBgNVBAsMBU9TQUFGMRkwFwYDVQQDDBBp
+bnRlcm1lZGlhdGVDQV85MB4XDTIwMDMxNzIwMjg1NloXDTIxMDMxNzIwMjg1Nlow
+WTEMMAoGA1UEAwwDYWFpMR0wGwYDVQQLDBRhYWlAYWFpLm9uYXAub3JnOkRFVjEO
+MAwGA1UECwwFT1NBQUYxDTALBgNVBAoMBE9OQVAxCzAJBgNVBAYTAlVTMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAov4ddmOzRCWAU/sx2Q9kcYZZ0r/x
+agqwDBcmlS2OP0MAou/f/xY2gzE2ugXXGGEXG6PCUx4YEHGeRxyezEQ/+c+kSjFe
+0FTUa8Z1Ojad3VDsJfjfZ1994NpV99KTrrw1Twq9Ei7dpkypUA8kZxEjg7eM11TU
+F4jS6x5NEyVsxih5uJjIF7ErGwimSEKsympcsXezYgG9Z/VPBpZWmYlYl5MWjzT6
+F0FgGfSbajWauMifEPajmvn8ZXn6Lyx0RCI25+BCcOhS6UvYXFX+jE/uOoEbKgwz
+11tIdryEFrXiLVfD01uhacx02YCrzj1u53RWiD6bCPyatKo1hQsf+aDkEQIDAQAB
+o4ICBzCCAgMwCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBeAwIAYDVR0lAQH/BBYw
+FAYIKwYBBQUHAwEGCCsGAQUFBwMCMFQGA1UdIwRNMEuAFIH3mVsQuciM3vNSXupO
+aaBDPqzdoTCkLjAsMQ4wDAYDVQQLDAVPU0FBRjENMAsGA1UECgwET05BUDELMAkG
+A1UEBhMCVVOCAQcwHQYDVR0OBBYEFP94WTftXhHcz93nBT6jIdMe6h+6MIIBTQYD
+VR0RBIIBRDCCAUCBH21hcmsuZC5tYW5hZ2VyQHBlb3BsZS5vc2FhZi5jb22CA2Fh
+aYIUYWFpLXNlYXJjaC1kYXRhLm9uYXCCEmFhaS1zcGFya3ktYmUub25hcIIbYWFp
+LmFwaS5zaW1wbGVkZW1vLm9uYXAub3JngiVhYWkuZWxhc3RpY3NlYXJjaC5zaW1w
+bGVkZW1vLm9uYXAub3JngiVhYWkuZ3JlbWxpbnNlcnZlci5zaW1wbGVkZW1vLm9u
+YXAub3Jngh1hYWkuaGJhc2Uuc2ltcGxlZGVtby5vbmFwLm9yZ4IIYWFpLm9uYXCC
+JWFhaS5zZWFyY2hzZXJ2aWNlLnNpbXBsZWRlbW8ub25hcC5vcmeCF2FhaS5zaW1w
+bGVkZW1vLm9uYXAub3JnghphYWkudWkuc2ltcGxlZGVtby5vbmFwLm9yZzANBgkq
+hkiG9w0BAQsFAAOCAQEAVigPPsYd8yscW+U6zpffBc5S6Mg2DQD/gikB0uF//lIq
+oa5qTI3yB0wPoRKmxpeEZiJYDkBs3App2sPM2fPb9GGmGncCLkprqTflM2Y4yxX4
+k/a7w8vEwMoCrBgxEdmniAj9TirsISyLqBIXoGT7WtaXBLZarYhJ4P7TplhyWuwe
+sV6jxkZLIRLj31ihf32adFIhPZQKxaHbbFnyEylLTdPuZGy3nvdmjajZuomOFF8h
+HhDIouSJAtgkuWVsMiX6iR1qG9//6ymnZMvUyDGr8bkZURhMqesAejwP4aKxqDZg
+B0uVjapQTJH4ES0M+2PoY9gP8uh0dc3TusOs1QYJiA==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEdTCCAl2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB
+RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMwHhcNMTgwODE3MTg1MTM3WhcN
+MjMwODE3MTg1MTM3WjBHMQswCQYDVQQGEwJVUzENMAsGA1UECgwET05BUDEOMAwG
+A1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVkaWF0ZUNBXzkwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv0HHUkba3uNtNI3jPKimUcd6RNwmhSCJL
+neMWpnjqp5/A+HCKyNsEaT4y177hNLmCm/aMm1u2JIfikc+8wEqLCSBBPz+P0h+d
+o+sZ7U+4oeQizdYYpEdzHJ2SieHHa8vtu80rU3nO2NEIkuYC20HcKSEtl8fFKsk3
+nqlhY+tGfYJPTXcDOQAO40BTcgat3C3uIJHkWJJ4RivunE4LEuRv9QyKgAw7rkJV
+v+f7guqpZlXy6dzAkuU7XULWcgo55MkZlssoiErMvEZJad5aWKvRY3g7qUjaQ6wO
+15wOAUoRBW96eeZZbytgn8kybcBy++Ue49gPtgm1MF/KlAsp0MD5AgMBAAGjgYYw
+gYMwHQYDVR0OBBYEFIH3mVsQuciM3vNSXupOaaBDPqzdMB8GA1UdIwQYMBaAFFNV
+M/JL69BRscF4msEoMXvv6u1JMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/
+BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B
+AQsFAAOCAgEADxNymiCNr2e37iLReoaxKmZvwox0cTiNAaj7iafRzmwIoY3VXO8Q
+ix5IYcp4FaQ7fV1jyp/AmaSnyHf6Osl0sx8PxsQkO7ALttxKUrjfbvNSVUA2C/vl
+u5m7UVJLIUtFDZBWanzUSmkTsYLHpiANFQKd2c/cU1qXcyzgJVFEFVyyHNkF7Is+
++pjG9M1hwQHOoTnEuU013P7X1mHek+RXEfhJWwe7UsZnBKZaZKbQZu7hEtqKWYp/
+QsHgnjoLYXsh0WD5rz/mBxdTdDLGpFqWDzDqb8rsYnqBzoowvsasV8X8OSkov0Ht
+8Yka0ckFH9yf8j1Cwmbl6ttuonOhky3N/gwLEozuhy7TPcZGVyzevF70kXy7g1CX
+kpFGJyEHXoprlNi8FR4I+NFzbDe6a2cFow1JN19AJ9Z5Rk5m7M0mQPaQ4RcikjB3
+aoLsASCJTm1OpOFHfxEKiBW4Lsp3Uc5/Rb9ZNbfLrwqWZRM7buW1e3ekLqntgbky
+uKKISHqVJuw/vXHl1jNibEo9+JuQ88VNuAcm7WpGUogeCa2iAlPTckPZei+MwZ8w
+tpvxTyYlZEC8DWzY1VC29+W2N5cvh01e2E3Ql08W1zL63dqrgdEZ3VWjzooYi4ep
+BmMXTvouW+Flyvcw/0oTcfN0biDIt0mCkZ5CQVjfGL9DTOYteR5hw+k=
+-----END CERTIFICATE-----
+Bag Attributes
+    friendlyName: aai@aai.onap.org
+    localKeyID: 54 69 6D 65 20 31 35 38 34 34 37 36 39 33 36 35 31 35 
+Key Attributes: <No Attributes>
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCi/h12Y7NEJYBT
++zHZD2RxhlnSv/FqCrAMFyaVLY4/QwCi79//FjaDMTa6BdcYYRcbo8JTHhgQcZ5H
+HJ7MRD/5z6RKMV7QVNRrxnU6Np3dUOwl+N9nX33g2lX30pOuvDVPCr0SLt2mTKlQ
+DyRnESODt4zXVNQXiNLrHk0TJWzGKHm4mMgXsSsbCKZIQqzKalyxd7NiAb1n9U8G
+llaZiViXkxaPNPoXQWAZ9JtqNZq4yJ8Q9qOa+fxlefovLHREIjbn4EJw6FLpS9hc
+Vf6MT+46gRsqDDPXW0h2vIQWteItV8PTW6FpzHTZgKvOPW7ndFaIPpsI/Jq0qjWF
+Cx/5oOQRAgMBAAECggEAVYWGSf9IKYKP0gDkh+LmrhZzfPxPnHddJgrjqLSNha4P
+YG8CliK+mZmyAGteECGpcUw8g0YwFDi5dtCSldVdyCLmLjO3bxKDnsUz70aHEIAM
+WGQ8PE5Diz6kivMHoFCKnB2jVS4YCNECqco4LIg2nT8q/DU7T9nv6YQtptUlPNdY
+OmJRXfUfcBSUINqVi/VbEjHtbZqc6dgvaRNEF0CYtqHm7P51BXGa3pH+6drL+U+a
+o3T4yHrEsDKUaQzJZoiJneexwN91x42gcyHzg30UZVgCP+9Zt2GQWXqpENNZjGlI
+bwzouvBj266ViBNbuu3tar58MASOCnCKGA0Jrs3P3QKBgQD0ENenvzaqNzV0A47x
++RI76DM2eorY2dxh+4txAt1pXlkbMZuWXjs1ysBPYaGHZRitiCFcaSwdP2T0oCET
+ojYEU97bJkKlcuw2scAqznSi7U0uSaStwaWzEviGTsQ51MKghRESMfpt3BxZqyi0
+BV+fPeRk3l3xaw1AuZQ/JTn0qwKBgQCq9msPcbRzKvsmfsAVvjKAodzl6EaM+PcF
+YLnJLurjCtdyjj1lRaCBg9bRbaRbt9YPg4VA5oMYm2SuwbJQQHjqaeN+SpnV8GGc
+nPsZgoSlfZrnLovyGgC3muiA3uSPREZWUlp+IE8qlQ8VztSWkNyxNej4nhxk2UTH
+DOE2ZmNyMwKBgFD+yeKkZUrFuZp/l8+bfb6dx2kb77oZSrbFmLfvYHUYV2/b3atg
+KDwoxftSBh39odvs4k1dpcMrB6DbBz8RxOVYxAtsPg/T/KoGASTzkOeE4ukqjVkQ
+e6Ha+NjxiNM8VT6aCllEdrxAoLPtRju/0MTy8Dm9ReXZRfOl4pm2C+6zAoGAY2D6
+uu+NxaSmeaoUXo9BLCTrE3oCCNBwR2ACnz/2qiQTOTQV3FitBJxusy7Y67fhZwM8
+4o0ch6FM1Yki7iOMJjeHVlJnOkWReEiIbjvAf7KT6O7VytXytMgHf2IR2nYFrQgS
+Ml71pfsf2b1xNlTe9OQxmNPQDY9+u3ZxM/4wsKECgYBPvlYMaZNIOLFf7VXzUYGG
+rkXMpbLgLvIHvhF+4nsvspPVSqPeWjh2KMee3tMamy93H4R66G/KfoQw02JuZH+N
+HbGnnpyLa2jGjY0NkXEo08o2wsqv2QFtT/SFRoDLkah8rwZUwpxIg0akgrwwTslO
+rzAazDQvlb0itUxgU4qgqw==
+-----END PRIVATE KEY-----

diff --git a/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg b/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg
new file mode 100644 (file)
index 0000000..1c82050
--- /dev/null
+++ b/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg
@@ -0,0 +1,138 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+global
+        log /dev/log    local0
+        stats socket /usr/local/etc/haproxy/haproxy.socket mode 660 level admin
+        stats timeout 30s
+        user root
+        group root
+        daemon
+        #################################
+        # Default SSL material locations#
+        #################################
+        ca-base /etc/ssl/certs
+        crt-base /etc/ssl/private
+
+        # Default ciphers to use on SSL-enabled listening sockets.
+        # For more information, see ciphers(1SSL). This list is from:
+        # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
+        # An alternative list with additional directives can be obtained from
+        # https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy
+        tune.ssl.default-dh-param 2048
+
+defaults
+        log     global
+        mode    http
+        option  httplog
+        option  ssl-hello-chk
+        option  httpchk GET /aai/util/echo HTTP/1.1\r\nHost:\ aai\r\nX-TransactionId:\ haproxy-0111\r\nX-FromAppId:\ haproxy\r\nAccept:\ application/json\r\nAuthorization:\ Basic\ YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==
+        default-server init-addr none
+#       option  dontlognull
+#       errorfile 400 /etc/haproxy/errors/400.http
+#       errorfile 403 /etc/haproxy/errors/403.http
+#       errorfile 408 /etc/haproxy/errors/408.http
+#       errorfile 500 /etc/haproxy/errors/500.http
+#       errorfile 502 /etc/haproxy/errors/502.http
+#       errorfile 503 /etc/haproxy/errors/503.http
+#       errorfile 504 /etc/haproxy/errors/504.http
+
+        option  http-server-close
+        option forwardfor except 127.0.0.1
+        retries 6
+        option redispatch
+        maxconn 50000
+        timeout connect 50000
+        timeout client  480000
+        timeout server  480000
+        timeout http-keep-alive 30000
+
+
+frontend IST_8443
+        mode http
+        bind 0.0.0.0:8443 name https ssl crt /etc/ssl/private/aai.pem
+#       log-format %ci:%cp\ [%t]\ %ft\ %b/%s\ %Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %B\ %CC\ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %hr\ %hs\ {%[ssl_c_verify],%{+Q}[ssl_c_s_dn],%{+Q}[ssl_c_i_dn]}\ %{+Q}r
+        log-format "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC \ %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r"
+        option httplog
+        log global
+        option logasap
+        option forwardfor
+        capture request header  Host len 100
+        capture response header Host len 100
+        option log-separate-errors
+        option forwardfor
+        http-request set-header X-Forwarded-Proto https if { ssl_fc }
+        http-request set-header X-AAI-Client-SSL TRUE if { ssl_c_used }
+        http-request set-header X-AAI-SSL                       %[ssl_fc]
+        http-request set-header X-AAI-SSL-Client-Verify         %[ssl_c_verify]
+        http-request set-header X-AAI-SSL-Client-DN             %{+Q}[ssl_c_s_dn]
+        http-request set-header X-AAI-SSL-Client-CN             %{+Q}[ssl_c_s_dn(cn)]
+        http-request set-header X-AAI-SSL-Issuer                %{+Q}[ssl_c_i_dn]
+        http-request set-header X-AAI-SSL-Client-NotBefore      %{+Q}[ssl_c_notbefore]
+        http-request set-header X-AAI-SSL-Client-NotAfter       %{+Q}[ssl_c_notafter]
+        http-request set-header X-AAI-SSL-ClientCert-Base64   %{+Q}[ssl_c_der,base64]
+        http-request set-header X-AAI-SSL-Client-OU             %{+Q}[ssl_c_s_dn(OU)]
+        http-request set-header X-AAI-SSL-Client-L              %{+Q}[ssl_c_s_dn(L)]
+        http-request set-header X-AAI-SSL-Client-ST             %{+Q}[ssl_c_s_dn(ST)]
+        http-request set-header X-AAI-SSL-Client-C              %{+Q}[ssl_c_s_dn(C)]
+        http-request set-header X-AAI-SSL-Client-O              %{+Q}[ssl_c_s_dn(O)]
+        reqadd X-Forwarded-Proto:\ https
+        reqadd X-Forwarded-Port:\ 8443
+
+#######################
+#ACLS FOR PORT 8446####
+#######################
+
+        acl is_Port_8446_generic path_reg -i ^/aai/v[0-9]+/search/generic-query$
+        acl is_Port_8446_nodes path_reg -i ^/aai/v[0-9]+/search/nodes-query$
+        acl is_Port_8446_version path_reg -i ^/aai/v[0-9]+/query$
+        acl is_named-query path_beg -i /aai/search/named-query
+        acl is_search-model path_beg -i /aai/search/model
+        use_backend IST_AAI_8446 if is_Port_8446_generic or is_Port_8446_nodes or is_Port_8446_version or is_named-query or is_search-model
+
+        default_backend IST_Default_8447
+
+
+#######################
+#DEFAULT BACKEND 847###
+#######################
+
+backend IST_Default_8447
+        balance roundrobin
+        http-request set-header X-Forwarded-Port %[src_port]
+        http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload;
+        server aai-resources.{{.Release.Namespace}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check check-ssl port 8447 ssl verify none
+
+
+#######################
+# BACKEND 8446#########
+#######################
+
+backend IST_AAI_8446
+        balance roundrobin
+        http-request set-header X-Forwarded-Port %[src_port]
+        http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload;
+        server aai-traversal.{{.Release.Namespace}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check check-ssl port 8446 ssl verify none
+
+listen IST_AAI_STATS
+        mode http
+        bind *:8080
+        stats uri /stats
+        stats enable
+        stats refresh 30s
+        stats hide-version
+        stats auth admin:admin
+        stats show-legends
+        stats show-desc IST AAI APPLICATION NODES
+        stats admin if TRUE

diff --git a/kubernetes/aai/resources/config/haproxy/haproxy.cfg b/kubernetes/aai/resources/config/haproxy/haproxy.cfg
new file mode 100644 (file)
index 0000000..4606a42
--- /dev/null
+++ b/kubernetes/aai/resources/config/haproxy/haproxy.cfg
@@ -0,0 +1,126 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+global
+        log /dev/log    local0
+        stats socket /usr/local/etc/haproxy/haproxy.socket mode 660 level admin
+        stats timeout 30s
+        daemon
+        #################################
+        # Default SSL material locations#
+        #################################
+        ca-base /etc/ssl/certs
+        crt-base /etc/ssl/private
+
+        # Default ciphers to use on SSL-enabled listening sockets.
+        # For more information, see ciphers(1SSL). This list is from:
+        # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
+        # An alternative list with additional directives can be obtained from
+        # https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy
+        tune.ssl.default-dh-param 2048
+
+defaults
+        log     global
+        mode    http
+        option  httplog
+        option  ssl-hello-chk
+        option  httpchk GET /aai/util/echo HTTP/1.1\r\nHost:\ aai\r\nX-TransactionId:\ haproxy-0111\r\nX-FromAppId:\ haproxy\r\nAccept:\ application/json\r\nAuthorization:\ Basic\ QUFJOkFBSQ==
+        default-server init-addr none
+#       option  dontlognull
+#       errorfile 400 /etc/haproxy/errors/400.http
+#       errorfile 403 /etc/haproxy/errors/403.http
+#       errorfile 408 /etc/haproxy/errors/408.http
+#       errorfile 500 /etc/haproxy/errors/500.http
+#       errorfile 502 /etc/haproxy/errors/502.http
+#       errorfile 503 /etc/haproxy/errors/503.http
+#       errorfile 504 /etc/haproxy/errors/504.http
+
+        option  http-server-close
+        option forwardfor except 127.0.0.1
+        retries 6
+        option redispatch
+        maxconn 50000
+        timeout connect 50000
+        timeout client  480000
+        timeout server  480000
+        timeout http-keep-alive 30000
+
+
+frontend IST_8443
+        mode http
+        bind 0.0.0.0:8443 name https ssl crt /etc/ssl/private/aai.pem
+#       log-format %ci:%cp\ [%t]\ %ft\ %b/%s\ %Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %B\ %CC\ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %hr\ %hs\ {%[ssl_c_verify],%{+Q}[ssl_c_s_dn],%{+Q}[ssl_c_i_dn]}\ %{+Q}r
+        log-format "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC \ %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r"
+        option httplog
+        log global
+        option logasap
+        option forwardfor
+        capture request header  Host len 100
+        capture response header Host len 100
+        option log-separate-errors
+        option forwardfor
+        http-request set-header X-Forwarded-Proto https if { ssl_fc }
+        http-request set-header X-AAI-Client-SSL TRUE if { ssl_c_used }
+        http-request set-header X-AAI-SSL                       %[ssl_fc]
+        http-request set-header X-AAI-SSL-Client-Verify         %[ssl_c_verify]
+        http-request set-header X-AAI-SSL-Client-DN             %{+Q}[ssl_c_s_dn]
+        http-request set-header X-AAI-SSL-Client-CN             %{+Q}[ssl_c_s_dn(cn)]
+        http-request set-header X-AAI-SSL-Issuer                %{+Q}[ssl_c_i_dn]
+        http-request set-header X-AAI-SSL-Client-NotBefore      %{+Q}[ssl_c_notbefore]
+        http-request set-header X-AAI-SSL-Client-NotAfter       %{+Q}[ssl_c_notafter]
+        http-request set-header X-AAI-SSL-ClientCert-Base64   %{+Q}[ssl_c_der,base64]
+        http-request set-header X-AAI-SSL-Client-OU             %{+Q}[ssl_c_s_dn(OU)]
+        http-request set-header X-AAI-SSL-Client-L              %{+Q}[ssl_c_s_dn(L)]
+        http-request set-header X-AAI-SSL-Client-ST             %{+Q}[ssl_c_s_dn(ST)]
+        http-request set-header X-AAI-SSL-Client-C              %{+Q}[ssl_c_s_dn(C)]
+        http-request set-header X-AAI-SSL-Client-O              %{+Q}[ssl_c_s_dn(O)]
+        reqadd X-Forwarded-Proto:\ https
+        reqadd X-Forwarded-Port:\ 8443
+
+#######################
+#ACLS FOR PORT 8446####
+#######################
+
+        acl is_Port_8446_generic path_reg -i ^/aai/v[0-9]+/search/generic-query$
+        acl is_Port_8446_nodes path_reg -i ^/aai/v[0-9]+/search/nodes-query$
+        acl is_Port_8446_version path_reg -i ^/aai/v[0-9]+/query$
+        acl is_dsl path_reg -i ^/aai/v[0-9]+/dsl$
+        acl is_named-query path_beg -i /aai/search/named-query
+        acl is_search-model path_beg -i /aai/search/model
+        use_backend IST_AAI_8446 if is_Port_8446_generic or is_Port_8446_nodes or is_Port_8446_version or is_named-query or is_search-model or is_dsl
+
+        default_backend IST_Default_8447
+
+
+#######################
+#DEFAULT BACKEND 847###
+#######################
+
+backend IST_Default_8447
+        balance roundrobin
+        http-request set-header X-Forwarded-Port %[src_port]
+        http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload;
+        server aai-resources.{{.Release.Namespace}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check check-ssl port 8447 ssl verify none
+
+
+#######################
+# BACKEND 8446#########
+#######################
+
+backend IST_AAI_8446
+        balance roundrobin
+        http-request set-header X-Forwarded-Port %[src_port]
+        http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload;
+        server aai-traversal.{{.Release.Namespace}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check check-ssl port 8446 ssl verify none
+

diff --git a/kubernetes/aai/resources/config/log/filebeat/filebeat.yml b/kubernetes/aai/resources/config/log/filebeat/filebeat.yml
new file mode 100644 (file)
index 0000000..39cc6db
--- /dev/null
+++ b/kubernetes/aai/resources/config/log/filebeat/filebeat.yml
@@ -0,0 +1,55 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+filebeat.prospectors:
+#it is mandatory, in our case it's log
+- input_type: log
+  #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory.
+  paths:
+    - /var/log/onap/*/*/*/*.log
+    - /var/log/onap/*/*/*.log
+    - /var/log/onap/*/*.log
+  #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive
+  ignore_older: 48h
+  # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit
+  clean_inactive: 96h
+
+
+# Name of the registry file. If a relative path is used, it is considered relative to the
+# data path. Else full qualified file name.
+#filebeat.registry_file: ${path.data}/registry
+
+
+output.logstash:
+  #List of logstash server ip addresses with port number.
+  #But, in our case, this will be the loadbalancer IP address.
+  #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately.
+  hosts: ["{{.Values.config.logstashServiceName}}.{{.Release.Namespace}}:{{.Values.config.logstashPort}}"]
+  #If enable will do load balancing among availabe Logstash, automatically.
+  loadbalance: true
+
+  #The list of root certificates for server verifications.
+  #If certificate_authorities is empty or not set, the trusted
+  #certificate authorities of the host system are used.
+  #ssl.certificate_authorities: $ssl.certificate_authorities
+
+  #The path to the certificate for SSL client authentication. If the certificate is not specified,
+  #client authentication is not available.
+  #ssl.certificate: $ssl.certificate
+
+  #The client certificate key used for client authentication.
+  #ssl.key: $ssl.key
+
+  #The passphrase used to decrypt an encrypted key stored in the configured key file
+  #ssl.key_passphrase: $ssl.key_passphrase

diff --git a/kubernetes/aai/resources/config/rproxy/auth/client-cert.p12 b/kubernetes/aai/resources/config/rproxy/auth/client-cert.p12
new file mode 100644 (file)
index 0000000..dbf4fca
Binary files /dev/null and b/kubernetes/aai/resources/config/rproxy/auth/client-cert.p12 differ

diff --git a/kubernetes/aai/resources/config/rproxy/auth/org.onap.aai.p12 b/kubernetes/aai/resources/config/rproxy/auth/org.onap.aai.p12
new file mode 100644 (file)
index 0000000..023e2ea
Binary files /dev/null and b/kubernetes/aai/resources/config/rproxy/auth/org.onap.aai.p12 differ

diff --git a/kubernetes/aai/resources/config/rproxy/auth/tomcat_keystore b/kubernetes/aai/resources/config/rproxy/auth/tomcat_keystore
new file mode 100644 (file)
index 0000000..99129c1
Binary files /dev/null and b/kubernetes/aai/resources/config/rproxy/auth/tomcat_keystore differ

diff --git a/kubernetes/aai/resources/config/rproxy/security/keyfile b/kubernetes/aai/resources/config/rproxy/security/keyfile
new file mode 100644 (file)
index 0000000..3416d4a
--- /dev/null
+++ b/kubernetes/aai/resources/config/rproxy/security/keyfile
@@ -0,0 +1,27 @@
+2otP92kNFHdexroZxvgYY7ffslFiwCD3CiVYMIfUF2edqZK7972NwkvE_mbaBo6jh8lByLIqrWAf
+jyzoiVsvQ_kCa0cS1xaRLpcxv3bx1b7o3hGPBqpd6vmSG4y2JLzNlCBZWuTJz827wr8p_fWrYuUm
+4L1WoaEe8W5PRnXjl4hDqbJBAlEoRIBXugUDt_7O5wgx2Rl3HVoOczZtf0RzONZ1F0BmKf3QlAUe
+moSbARitYRgIPt5sLbT7qPyoEpGDhQ1XBowR744-wsjBc-14yO62Ajp5xWKTp15uWn3_HHuw1SAf
+GWSBRGlSlEVkXQqi9Hw5jDttKVzHX1ckwR0SQOirbtHPHplxPX3WKjKhSdSeMzw6LOAHIQYRMKBT
+74oGnULAfPtV7TaGwOKriT3P49CoPdt9On89-LGyCZSxDWKH0K-rgB6I2_hPT2Uzr3jmXiMa-sfh
+iMvyQ7ABBVx0OFsUuNb5mcU2O6dWiQreL5RerrloV_X3ZtnNjxENXKjQ5KBR1A5ISPjFFK-kf4Rb
+p6FSII8LcsiqgdWuZ4GX_C6x8HX4A-vD0x3Uc9CfoXY-k23cNIy-R-W-oB-P2OgdWDNgZ7VaOLNt
+3L-NwWpNblfYvs93cNmkbVAwCZ3r0OP7RFeuON84TRaynK_Fh2S3rypRyJcUmM1pvpZqJ5_-umSW
+hUs1OqkdLv3xjlVzzK-3nMr0q3Zcyp4XdyLYtcX5I3Xqk9ZcsyAT7ghmHhV8KjUjue7OcfAWg0m7
+RJLGq6VC8HeK4HEMa4lF677Qh7DRufghIDEmQSIDfGA790WGSA8HqcOvAL4hURCHyCWiPa5i8ksX
+xX4HyqF8PCVCLJ_ZhzcuIlc0jStAexWbJU_vcyX7XgUaHCkF-M-zv1FP6Z3DHBMD2QqSWjmyNCCk
+8sIuwzs62P_j2o9jG33kssedCrUWOwZancU107-5H0Zw-UWvtCqUfmRZ7TsEbWY7lk_SKfLfAN5q
+ncOQgU_VxDXUFDST4LN_WVECRafK3UtwWomxWSji25Lbf6NVni3ok-yLMDZR-wrE-54jLPES9j0i
+5N0xrk9CfsvGUpUZ1_XQcgaxI6m27DtCCJXb5ywenPBiUIJCMCTq88CqNZxGpju2i4BJcUH2hUHe
+GKhO8pgslwhtEVot9EDwdzSrJkWFCfb6ud4zMxrqdi7-mLWMOydg6lhpEFEX5wu2BLIujGsZlEGE
+_K9jGfBypjXuJCKDZIuPfEnf_7idjKis_JcFB7x4Hx2HHDcBjlWWFZN_VIEnPkQSyZEC26RTFP3k
+zkY3GwUfA36a4XW2pu3gE9wz-W6fkONfzOZ6YiyCm_dRFUVuGSdJG02Hh5iXYlMOGJltPzWH2jVf
+S-QTOmXQTKSOheXoJO6O-9uQbsRf-kq-6w1pvIOp4ms35w4_0Xj0Xr2a9y-L9PdBZvrUsa-jxsZU
+LyA-YY4Ej6QwDBDTD2MGjF1E5_ekYgjoNlltM9rJjofruM4ym0n7LPHC7YXXQSEFOZYeTKi6wUDw
+hQ1DoWHgu4PQ2lexada8sxQdConbPe2iW16h-PrO5D12E4XbT00fqaMlBmjQwzdNRdCC2NRPIQ5W
+nwaO8dZ9yjxsjT7ZVHb9-DRblb3XDocponzxVXqUGtJAie4WXQnerX0ApTWGaHEr5y56JJVS_3LP
+bKrbXBXcs4jTUX4ECXRrOs8JQDQNysXhvTPCu0XUxNZpjx6KLxDs93k2OcESHjl5J6n6OKKJqqoN
+JEyFO5LGXpnmUJbn0-CaHHPRI1mHwEu4brY8wDZd9A0PD1KGXDoCHMfEk1lGblQdyOcVrXZ6uSBk
+Z6zHDnwSCHO1mPYqtelJQehZoFuPSv9PIgKLxs_qJOtZFnXII5YO1mGXgiIBWBjUFDR5HG4ENS6y
+J4MCF-JLMp-PVMAkOaCIQRRDpRnMm_fT1sc_P562Diu_pcdt-r55pMFQYGoGfjRmxQBKk0-SsdnP
+mlZIiis9DfQEN0q3QQdNRYBJD7tmhUwhAPZdLgXqJA8sZf8UyFQhhpsky79NT343YL9smUlF
\ No newline at end of file

diff --git a/kubernetes/aai/templates/configmap.yaml b/kubernetes/aai/templates/configmap.yaml
new file mode 100644 (file)
index 0000000..c9cfbef
--- /dev/null
+++ b/kubernetes/aai/templates/configmap.yaml
@@ -0,0 +1,103 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# this is a shared resource for subcharts
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: aai-filebeat
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/log/filebeat/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: aai-deployment-configmap
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+data:
+{{ if .Values.global.installSidecarSecurity }}
+{{ tpl (.Files.Glob "resources/config/haproxy/haproxy-pluggable-security.cfg").AsConfig . | indent 2 }}
+{{ else }}
+{{ tpl (.Files.Glob "resources/config/haproxy/haproxy.cfg").AsConfig . | indent 2 }}
+{{ end }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: aai-haproxy-secret
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/config/haproxy/aai.pem").AsSecrets . | indent 2 }}
+# This is a shared key for both resources and traversal
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: aai-auth-truststore-secret
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/config/aai/*").AsSecrets . | indent 2 }}
+
+{{ if .Values.global.installSidecarSecurity }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: aai-fproxy-auth-certs
+  namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/config/fproxy/auth/*").AsSecrets . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: aai-rproxy-auth-certs
+  namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/config/rproxy/auth/*").AsSecrets . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: aai-rproxy-security-config
+  namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/config/rproxy/security/*").AsSecrets . | indent 2 }}
+{{ end }}
\ No newline at end of file

diff --git a/kubernetes/aai/templates/deployment.yaml b/kubernetes/aai/templates/deployment.yaml
new file mode 100644 (file)
index 0000000..a28d833
--- /dev/null
+++ b/kubernetes/aai/templates/deployment.yaml
@@ -0,0 +1,134 @@
+# Copyright (c) 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright (c) 2020 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "common.fullname" . }}
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+spec:
+  selector:
+    matchLabels:
+      app: {{ include "common.name" . }}
+  replicas: {{ .Values.replicaCount }}
+  template:
+    metadata:
+      labels:
+        app: {{ include "common.name" . }}
+        release: {{ include "common.release" . }}
+      name: {{ include "common.release" . }}
+      annotations:
+        checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+    spec:
+      initContainers:
+      - command:
+        - /app/ready.py
+        args:
+        - --container-name
+        - aai-resources
+        - --container-name
+        - aai-traversal
+        - --container-name
+        - aai-graphadmin
+        env:
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: metadata.namespace
+        image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        name: {{ include "common.name" . }}-readiness
+      containers:
+      - name: {{ include "common.name" . }}
+        image: "{{ .Values.global.dockerhubRepository | default .Values.dockerhubRepository }}/{{ .Values.image }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        volumeMounts:
+        - mountPath: /etc/localtime
+          name: localtime
+          readOnly: true
+        - mountPath: /dev/log
+          name: aai-service-log
+        - mountPath: /usr/local/etc/haproxy/haproxy.cfg
+        {{ if .Values.global.installSidecarSecurity }}
+          subPath: haproxy-pluggable-security.cfg
+        {{ else }}
+          subPath: haproxy.cfg
+        {{ end }}
+          name: haproxy-cfg
+        - mountPath: /etc/ssl/private/aai.pem
+          name: aai-pem
+          subPath: aai.pem
+        ports:
+        - containerPort: {{ .Values.service.internalPort }}
+        # disable liveness probe when breakpoints set in debugger
+        # so K8s doesn't restart unresponsive container
+        {{- if eq .Values.liveness.enabled true }}
+        livenessProbe:
+          tcpSocket:
+            port: {{ .Values.service.internalPort }}
+          initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+          periodSeconds: {{ .Values.liveness.periodSeconds }}
+        {{ end -}}
+        readinessProbe:
+          httpGet:
+            path: /aai/util/echo
+            port: {{ .Values.service.internalPort }}
+            scheme: HTTPS
+            httpHeaders:
+            - name: X-FromAppId
+              value: OOM_ReadinessCheck
+      {{ if .Values.global.installSidecarSecurity }}
+            - name: Authorization
+              value: Basic YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==
+      {{ end }}
+            - name: X-TransactionId
+              value: OOM_ReadinessCheck_TID
+            - name: Accept
+              value: application/json
+          initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+          periodSeconds: {{ .Values.readiness.periodSeconds }}
+        resources:
+{{ include "common.resources" . }}
+      {{- if .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+      {{- end -}}
+      {{- if .Values.affinity }}
+      affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+      {{- end }}
+
+      volumes:
+        - name: localtime
+          hostPath:
+            path: /etc/localtime
+        - name: aai-service-log
+          hostPath:
+            path: "/dev/log"
+        - name: haproxy-cfg
+          configMap:
+            name: aai-deployment-configmap
+        - name: aai-pem
+          secret:
+            secretName: aai-haproxy-secret
+      imagePullSecrets:
+      - name: "{{ include "common.namespace" . }}-docker-registry-key"

diff --git a/kubernetes/aai/templates/ingress.yaml b/kubernetes/aai/templates/ingress.yaml
new file mode 100644 (file)
index 0000000..8f87c68
--- /dev/null
+++ b/kubernetes/aai/templates/ingress.yaml
@@ -0,0 +1 @@
+{{ include "common.ingress" . }}

diff --git a/kubernetes/aai/templates/secret.yaml b/kubernetes/aai/templates/secret.yaml
new file mode 100644 (file)
index 0000000..dd8be62
--- /dev/null
+++ b/kubernetes/aai/templates/secret.yaml
@@ -0,0 +1,36 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: aai-common-aai-auth
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/config/auth/*").AsSecrets . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: aai-common-truststore
+  namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/config/aai/*").AsSecrets . | indent 2 }}

diff --git a/kubernetes/aai/templates/service.yaml b/kubernetes/aai/templates/service.yaml
new file mode 100644 (file)
index 0000000..5ee9668
--- /dev/null
+++ b/kubernetes/aai/templates/service.yaml
@@ -0,0 +1,40 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "common.servicename" . }}
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+spec:
+  ports:
+  {{if eq .Values.service.type "NodePort" -}}
+  - name: {{ .Values.service.portName }}
+    port: {{ .Values.service.externalPort }}
+    targetPort: {{ .Values.service.internalPort }}
+    nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+  {{- else -}}
+  - port: {{ .Values.service.externalPort }}
+    targetPort: {{ .Values.service.internalPort }}
+    name: {{ .Values.service.portName }}
+  {{- end}}
+  type: {{ .Values.service.type }}
+  selector:
+    app: {{ include "common.name" . }}
+  clusterIP: {{ .Values.service.aaiServiceClusterIp }}

diff --git a/kubernetes/aai/values.yaml b/kubernetes/aai/values.yaml
new file mode 100644 (file)
index 0000000..c0f0999
--- /dev/null
+++ b/kubernetes/aai/values.yaml
@@ -0,0 +1,382 @@
+# Copyright (c) 2017 Amdocs, Bell Canada
+# Modifications Copyright (c) 2018 AT&T
+# Modifications Copyright (c) 2020 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Default values for aai.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+global: # global defaults
+  nodePortPrefix: 302
+  repository: nexus3.onap.org:10001
+  dockerhubRepository: docker.io
+  busyboxImage: busybox
+
+  readinessImage: onap/oom/readiness:3.0.1
+
+  loggingRepository: docker.elastic.co
+  loggingImage: beats/filebeat:5.5.0
+
+  restartPolicy: Always
+
+  installSidecarSecurity: false
+  aafEnabled: true
+
+  fproxy:
+    name: forward-proxy
+    activeSpringProfiles: noHostVerification,cadi
+    image: onap/fproxy:2.1.13
+    port: 10680
+
+  rproxy:
+    name: reverse-proxy
+    activeSpringProfiles: noHostVerification,cadi
+    image: onap/rproxy:2.1.13
+    port: 10692
+
+  tproxyConfig:
+    name: init-tproxy-config
+    image: onap/tproxy-config:2.1.13
+
+  # AAF server details. Only needed if the AAF DNS does not resolve from the pod
+  aaf:
+    serverIp: 10.12.6.214
+    serverHostname: aaf.osaaf.org
+    serverPort: 30247
+
+  cassandra:
+    #This will instantiate AAI cassandra cluster, default:shared cassandra.
+    localCluster: false
+
+    #Service Name of the cassandra cluster to connect to.
+    #Override it to aai-cassandra if localCluster is enabled.
+    serviceName: cassandra
+
+    #This should be same as shared cassandra instance or if localCluster is enabled
+    #then it should be same as aai-cassandra replicaCount
+    replicas: 3
+
+    #Cassanara login details
+    username: cassandra
+    password: cassandra
+
+  aai:
+    serviceName: aai
+  babel:
+    serviceName: aai-babel
+  aaiElasticsearch:
+    serviceName: aai-elasticsearch
+  resources:
+    serviceName: aai-resources
+  sparkyBe:
+    serviceName: aai-sparky-be
+  dataRouter:
+    serviceName: aai-data-router
+  gizmo:
+    serviceName: aai-gizmo
+  modelloader:
+    serviceName: aai-modelloader
+  searchData:
+    serviceName: aai-search-data
+  traversal:
+    serviceName: aai-traversal
+  graphadmin:
+    serviceName: aai-graphadmin
+  spike:
+    serviceName: aai-spike
+
+  initContainers:
+    enabled: true
+  # Specifies a list of jobs to be run
+  jobs:
+    # When enabled, it will create the schema based on oxm and edge rules
+    createSchema:
+      enabled: true
+    # When enabled, it will create the widget models via REST API to haproxy
+    updateQueryData:
+      enabled: true
+    #migration using helm hooks
+    migration:
+      enabled: false
+      remoteCassandra:
+        enabled: false
+        storage:
+          backend: cassandra
+          hostname: 10.10.10.10
+          connectionTimeout: 100000
+          cacheSize: 1000000
+          keyConsistent: true
+
+          #If backend is cql or cassandra it should be keyspace name
+          #else backend is hbase it should be hbase table name
+          name: aaigraph
+
+       ## CQL driver specific properties for janusgraph
+       #  cql:
+       #    #Name of the Cassandra Cluster
+       #    cluster: someclustername
+       #    readConsistency: QUORUM
+       #    writeConsistency: QUORUM
+       #    replicationFactor: 3
+       #    localConsistencyForSysOps: true
+
+       ## Cassandra driver specific properties for janusgraph
+          cassandra:
+            #Name of the Cassandra Cluster
+            clusterName: aai-cluster
+            localDataCenter: Pod lab
+            readConsistency: LOCAL_QUORUM
+            writeConsistency: LOCAL_QUORUM
+            replicationFactor: 3
+
+        #storage:
+        #  backend: cassandra
+        #  hostname: somehost1,somehost2,somehost3
+        #  connectionTimeout: 100000
+        #  cacheSize: 1000000
+        #  clusterName: someClusterName
+        #  localDataCenter: someDataCenter
+        #  keyConsistent: true
+        #  #If backend is cql or cassandra it should be keyspace name
+        #  #else backend is hbase it should be hbase table name
+        #  name: your_hbase_table_or_keyspace_name
+
+        ## CQL driver specific properties for janusgraph
+        #  cql:
+        #    #Name of the Cassandra Cluster
+        #    cluster: someclustername
+        #    readConsistency: QUORUM
+        #    writeConsistency: QUORUM
+        #    replicationFactor: 3
+        #    localConsistencyForSysOps: true
+
+        ## Cassandra driver specific properties for janusgraph
+        #  cassandra:
+        #    #Name of the Cassandra Cluster
+        #    cluster: someclustername
+        #    readConsistency: LOCAL_QUORUM
+        #    writeConsistency: LOCAL_QUORUM
+        #    replicationFactor: 3
+
+
+  # Common configuration for resources traversal and graphadmin
+  config:
+    # User information for the admin user in container
+    userId: 1000
+    groupId: 1000
+
+    # Specifies that the cluster connected to a dynamic
+    # cluster being spinned up by kubernetes deployment
+    cluster:
+      cassandra:
+        dynamic: true
+
+    # If cluster.cassandra.dynamic is set to false
+    # Then the following configuration should be uncommented
+    # This is if you are planning to connect to a existing
+    # Cassandra cluster instead of doing the deployment
+    #storage:
+    #  backend: cassandra
+    #  hostname: somehost1,somehost2,somehost3
+    #  connectionTimeout: 100000
+    #  cacheSize: 1000000
+    #  clusterName: someClusterName
+    #  localDataCenter: someDataCenter
+    #  keyConsistent: true
+    #  # If backend is cql or cassandra it should be keyspace name
+    #  # else backend is hbase it should be hbase table name
+    #  name: your_hbase_table_or_keyspace_name
+
+    #  # CQL driver specific properties for janusgraph
+    #  cql:
+    #    # Name of the Cassandra Cluster
+    #    cluster: someclustername
+    #    readConsistency: QUORUM
+    #    writeConsistency: QUORUM
+    #    replicationFactor: 3
+    #    localConsistencyForSysOps: true
+
+    #  # Cassandra driver specific properties for janusgraph
+    #  cassandra:
+    #    # Name of the Cassandra Cluster
+    #    cluster: someclustername
+    #    readConsistency: LOCAL_QUORUM
+    #    writeConsistency: LOCAL_QUORUM
+    #    replicationFactor: 3
+
+    # Specifies if the basic authorization is enabled
+    basic:
+      auth:
+        enabled: true
+        username: AAI
+        passwd: AAI
+
+    # Active spring profiles for the resources microservice
+    profiles:
+      active: production,dmaap,aaf-auth
+
+    # Notification event specific properties
+    notification:
+      eventType: AAI-EVENT
+      domain: dev
+
+    # Schema specific properties that include supported versions of api
+    schema:
+      # Specifies if the connection should be one way ssl, two way ssl or no auth
+      service:
+        client: one-way-ssl
+      # Specifies which translator to use if it has schema-service, then it will make a rest request to schema service
+      translator:
+        list: schema-service
+      source:
+        # Specifies which folder to take a look at
+        name: onap
+      uri:
+        # Base URI Path of the application
+        base:
+          path: /aai
+      version:
+        # Current version of the REST API
+        api:
+          default: v21
+        # Specifies which version the depth parameter is configurable
+        depth: v11
+        # List of all the supported versions of the API
+        list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21
+        # Specifies from which version related link should appear
+        related:
+          link: v11
+        # Specifies from which version the app root change happened
+        app:
+          root: v11
+        # Specifies from which version the xml namespace changed
+        namespace:
+          change: v12
+        # Specifies from which version the edge label appeared in API
+        edge:
+          label: v12
+
+    # Keystore configuration password and filename
+    keystore:
+      filename: aai_keystore
+      passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0
+
+    # Truststore configuration password and filename
+    truststore:
+      filename: aai_keystore
+      passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0
+
+    # Specifies a list of files to be included in auth volume
+    auth:
+      files:
+        - aai_keystore
+
+    # Specifies which clients should always default to realtime graph connection
+    realtime:
+      clients: SDNC,MSO,SO,robot-ete
+
+    # Logback debug enabled
+    logback:
+      console:
+        # If enabled, container will print all logback to standard output
+        # This will make debugging much easier but it should only be done
+        # when debugging the issue and changed back as it can affect performance
+        # since when this is enabled, it prints a lot of information to console
+        enabled: false
+
+# application image
+dockerhubRepository: registry.hub.docker.com
+image: aaionap/haproxy:1.4.2
+pullPolicy: Always
+
+flavor: small
+flavorOverride: small
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+config:
+  logstashServiceName: log-ls
+  logstashPort: 5044
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+  initialDelaySeconds: 10
+  periodSeconds: 10
+  # necessary to disable liveness probe when setting breakpoints
+  # in debugger so K8s doesn't restart unresponsive container
+  enabled: true
+
+#This section is used when localCluster is enabled. AAI will create its own cassandra cluster for its specific use.
+#Below command will instantiate the aai cassandra instances:
+#helm deploy demo local/onap --version=4.0.0 --namespace onap --set aai.enabled=true \
+#                            --set aai.global.cassandra.localCluster=true \
+#                            --set aai.global.cassandra.serviceName=aai-cassandra
+cassandra:
+  nameOverride: aai-cassandra
+  replicaCount: 3
+  service:
+    name: aai-cassandra
+  persistence:
+    mountSubPath: aai/cassandra
+    enabled: true
+
+readiness:
+  initialDelaySeconds: 10
+  periodSeconds: 10
+
+service:
+  type: NodePort
+  portName: aai-ssl
+  externalPort: 8443
+  internalPort: 8443
+  nodePort: 33
+  # POLICY hotfix - Note this must be temporary
+  # See https://jira.onap.org/browse/POLICY-510
+  aaiServiceClusterIp:
+
+ingress:
+  enabled: false
+  service:
+    - baseaddr: "aai.api"
+      name: "aai"
+      port: 8443
+  config:
+    ssl: "redirect"
+
+resources:
+  small:
+    limits:
+      cpu: 2
+      memory: 4Gi
+    requests:
+      cpu: 1
+      memory: 1Gi
+  large:
+    limits:
+      cpu: 4
+      memory: 8Gi
+    requests:
+      cpu: 2
+      memory: 2Gi
+  unlimited: {}
+