repository: nexus3.onap.org:10001
repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ==
# readiness check
- readinessRepository: oomk8s
+ readinessImage: onap/oom/readiness:3.0.1
# logging agent
loggingRepository: docker.elastic.co
spec:
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- so-mariadb
--- /dev/null
+################################################################################
+# Copyright (c) 2020 Nordix Foundation. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+apiVersion: v1
+appVersion: "1.0.0"
+description: A Helm chart for A1 Policy Management Service
+name: a1policymanagement
+version: 6.0.0
--- /dev/null
+################################################################################
+# Copyright (c) 2020 Nordix Foundation. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+{
+ "config": {
+ "controller": [
+ {
+ "name": "controller1",
+ "baseUrl": "{{ .Values.sdncLink }}",
+ "userName": "${A1CONTROLLER_USER}",
+ "password": "${A1CONTROLLER_PASSWORD}"
+ }
+ ],
+ "ric": [
+ {
+ "name": "ric1",
+ "baseUrl": "{{ .Values.ricLink }}",
+ "controller": "controller1",
+ "managedElementIds": [
+ "kista_1",
+ "kista_2"
+ ]
+ }
+ ],
+ "streams_publishes": {
+ "dmaap_publisher": {
+ "type": "message_router",
+ "dmaap_info": {
+ "topic_url": "{{ .Values.streamPublish }}"
+ }
+ }
+ },
+ "streams_subscribes": {
+ "dmaap_subscriber": {
+ "type": "message_router",
+ "dmaap_info": {
+ "topic_url": "{{ .Values.streamSubscribe }}"
+ }
+ }
+ }
+ }
+}
--- /dev/null
+{{/*
+################################################################################
+# Copyright (c) 2020 Nordix Foundation. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+ name: {{ include "common.fullname" . }}-policy-conf
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+################################################################################
+# Copyright (c) 2020 Nordix Foundation. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+*/}}
+
+kind: Deployment
+apiVersion: apps/v1
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ replicas: {{ index .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ template:
+ metadata:
+ labels: {{- include "common.labels" . | nindent 8 }}
+ spec:
+ initContainers:
+ - name: {{ include "common.name" . }}-update-config
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: A1CONTROLLER_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "login") | indent 10 }}
+ - name: A1CONTROLLER_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: {{ include "common.fullname" . }}-policy-conf-input
+ - mountPath: /config
+ name: config
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "common.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.readiness.port }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ livenessProbe:
+ httpGet:
+ path: /status
+ port: {{ .Values.liveness.port }}
+ scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ volumeMounts:
+ - name: config
+ mountPath: /opt/app/policy-agent/data
+ resources: {{ include "common.resources" . | nindent 10 }}
+ volumes:
+ - name: {{ include "common.fullname" . }}-policy-conf-input
+ configMap:
+ name: {{ include "common.fullname" . }}-policy-conf
+ - name: config
+ emptyDir:
+ medium: Memory
--- /dev/null
+{{/*
+################################################################################
+# Copyright (c) 2020 Nordix Foundation. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+*/}}
+
+{{ include "common.secretFast" . }}
--- /dev/null
+{{/*
+################################################################################
+# Copyright (c) 2020 Nordix Foundation. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+*/}}
+
+{{ include "common.service" . }}
--- /dev/null
+################################################################################
+# Copyright (c) 2020 Nordix Foundation. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+# Default values for Policy Management Service.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+global:
+ nodePortPrefix: 300
+ envsubstImage: dibi/envsubst
+
+secrets:
+ - uid: controller-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.a1controller.credsExternalSecret) . }}'
+ login: '{{ .Values.a1controller.user }}'
+ password: '{{ .Values.a1controller.password }}'
+ passwordPolicy: required
+
+repository: nexus3.onap.org:10001
+image: onap/ccsdk-oran-a1policymanagementservice:1.1.0
+pullPolicy: IfNotPresent
+replicaCount: 1
+
+service:
+ type: NodePort
+ name: a1policymanagement
+ both_tls_and_plain: true
+ ports:
+ - name: api
+ port: 8433
+ plain_port: 8081
+ port_protocol: http
+ nodePort: '94'
+
+# SDNC Credentials are used here
+a1controller:
+ user: admin
+ password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+
+sdncLink: https://sdnc.onap:8443
+# Add your own A1 Mediator link. Supports both STD & OSC Version. ex. http://<ip>:<port>
+# Alternatively you can also use the A1 simulator available in ORAN. It provides STD & OSC Version for A1 termination.
+# Refer source code & run in docker container : https://gerrit.o-ran-sc.org/r/admin/repos/sim/a1-interface
+# Refer it/dep repo for k8's deployment: https://gerrit.o-ran-sc.org/r/admin/repos/it/dep
+ricLink:
+streamPublish: http://message-router:3904/events/A1-POLICY-AGENT-WRITE
+streamSubscribe: http://message-router:3904/events/A1-POLICY-AGENT-READ/users/policy-agent?timeout=15000&limit=100
+
+liveness:
+ port: api
+ initialDelaySeconds: 60
+ periodSeconds: 10
+readiness:
+ port: api
+ initialDelaySeconds: 60
+ periodSeconds: 10
+
+#Resource Limit flavor -By Default using small
+flavor: small
+
+resources:
+ small:
+ limits:
+ cpu: 2
+ memory: 4Gi
+ requests:
+ cpu: 1
+ memory: 2Gi
+ large:
+ limits:
+ cpu: 4
+ memory: 8Gi
+ requests:
+ cpu: 2
+ memory: 4Gi
+ unlimited: {}
global:
nodePortPrefix: 302
# Readiness image
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
# Ubuntu Init image
ubuntuInitRepository: registry.hub.docker.com
ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIIFnjCCA4agAwIBAgIEDQtWKTANBgkqhkiG9w0BAQwFADB3MQswCQYDVQQGEwJV\r
-UzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuLUZyYW5jaXNjbzEZ\r
-MBcGA1UEChMQTGludXgtRm91bmRhdGlvbjENMAsGA1UECxMET05BUDERMA8GA1UE\r
-AxMIb25hcC5vcmcwHhcNMjAwNzA5MDgwNDE1WhcNMzAwNzA3MDgwNDE1WjB3MQsw\r
-CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuLUZy\r
-YW5jaXNjbzEZMBcGA1UEChMQTGludXgtRm91bmRhdGlvbjENMAsGA1UECxMET05B\r
-UDERMA8GA1UEAxMIb25hcC5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK\r
-AoICAQCkxel9G29Hgy9j7cEQ0BGlPrP9s1SF3ADe7f56jTjQd/jFUsN67Da+l9Dt\r
-vy1yUwPnTr3krpXOHwQKplsuBDMoa0ayRhqUpp6fuSuu/zgGJOQIe7NlJh9FbYfq\r
-ax0nHO8qtwd+eTUCqkwVfOFZpDFwR7Ss73Z++14Em8TgFiIsTlBV1sa/xRWLT9JL\r
-Sqnr0tQiUJewO6sCUsis+U7kEf+QCueJAktMxR70rQcAJ2gd/zlnIaoaL4rF+MU8\r
-xlbEfMK/rxC6jeVm3oJu4ihjDKj1V6PDyEtzjsWQFtM+y6wgd98Kxt+0mHW3mZZ0\r
-+Ul0fHSE0fRNp8qEMOUKYFbCffWBrMBZaOaUy6FSnnGi8frv7WqJXNiO2lClhsN1\r
-2yA1HgiorhK9sXjVdwsjTmJhOdvn5sla22+QXrobNflHZHo8JhWHpZ9RbBWAZdaa\r
-FrEizBoDnkpdaNb2PykYjqPo8D1Y/lOSDOg32wOW50F6bZg3yyQzFe0+PsAPK/u+\r
-b8THRJhkbXYvcAoDQv785aXoaa0mVg+yAvz6dorchJkViaOvUlNl+DNNKGJb1hWc\r
-KWLU1SpH7I9QWQYGExFEzsg4Wv2ErGponSoecAm+IM23mn/fhGrwv1r/bl5WR++5\r
-5nUIAbPysz3yQoMllSsBBOpuSsCLo1KQqQeQxnTwFxLS0Ag2SwIDAQABozIwMDAd\r
-BgNVHQ4EFgQUff+Pkp90yZtYsNvFGhq6SBdL+f0wDwYDVR0TAQH/BAUwAwEB/zAN\r
-BgkqhkiG9w0BAQwFAAOCAgEAAWzAQxiJb+3WiXnVC0AeQ2GBnj3JNWI13WE1VJ1a\r
-+hsKAGHk6ACzsGfN0BiGp81Bt/4y+AinWTPI0xnuYqfJHS8/7sEvC7aSzmR0TsuM\r
-u7xOYCiczoEwlM2YoFt1dRWt+ve6EZgTXzBSm75to7F3HS0dZzRaEKxyOA3ONFHT\r
-tGgT+u7851qJQvNVwTOt54C7/PZ9Me5y98sosiGbp0USKroJbiMXHzIligp8s1uT\r
-+Pm581C8YTVHKciR/4fhChu+tx39ZR2p4AoJFjEvgcWqYy+sOyn+Z8sWWLoj3dFk\r
-xjdpSRLPI771ihGdV2JXwgzN1ei8OvUzrW1a1gLZkZ1ZWtK4rwpJteFh4YW/wuDb\r
-dKElfqXJITmOEO+uT4cJ5+hGa3rl6asxbEJ6vhy7SZPOzgM1uAjRT1MpBtG/ZPY5\r
-mOkjzNbjlNsgwJNkuXCi4+3DWNC3QNrIqm825Wdr79TM3kYGfkK/ngargA0z0KYc\r
-7sF6P0tGo6gLACbx+dO9KFpjBIqVaw9AUwb/IOGm1Yv+QutEISqgDQTKzT0iv2Pt\r
-eSkR2IzaEvH0VmBnTHoHQwrV7x10cMxhwoA1mRvdt8L+gKC91CbVirIiRGCrJabO\r
-GiKKZ+pD5kVi9gy7omrjw2kH6Vu4aQGySGBhzpIZ977oO9u+jaTdMHBtladqVvWd\r
-sIM=
------END CERTIFICATE-----
global:
nodePortPrefix: 302
# Readiness image
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
# Ubuntu Init image
ubuntuInitRepository: registry.hub.docker.com
ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
global:
nodePortPrefix: 302
# Readiness image
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
# Ubuntu Init image
ubuntuInitRepository: registry.hub.docker.com
ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
global:
nodePortPrefix: 302
# Readiness image
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
# Ubuntu Init image
ubuntuInitRepository: registry.hub.docker.com
ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
global:
nodePortPrefix: 302
# Readiness image
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
# Ubuntu Init image
ubuntuInitRepository: registry.hub.docker.com
ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
global:
nodePortPrefix: 302
# Readiness image
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
# Ubuntu Init image
ubuntuInitRepository: registry.hub.docker.com
ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
global:
nodePortPrefix: 302
# Readiness image
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
# Ubuntu Init image
ubuntuInitRepository: registry.hub.docker.com
ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
selector:
matchLabels:
app: {{ include "common.name" . }}
- serviceName:
+ serviceName: {{ include "common.servicename" . }}
template:
metadata:
labels:
selector:
matchLabels:
app: {{ include "common.name" . }}
- serviceName:
+ serviceName: {{ include "common.servicename" . }}
template:
metadata:
labels:
- mountPath: /sms/auth
name: {{ include "common.fullname" . }}-auth
- name: {{ include "common.name" . }}-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- "aaf-sms-vault"
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
spec:
- replicas: {{ .Values.replicaCount }}
template:
metadata:
labels:
image: "{{ .Values.global.envsubstImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
- - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ - image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- "aaf-sms"
internalPort: 10443
externalPort: 10443
+#define value for aaf-sms-quorumclient subchart
+aaf-sms-quorumclient:
+ service:
+ name: aaf-sms
+
persistence:
enabled: true
volumeReclaimPolicy: Retain
{{- if and .Values.global.tpm.enabled .Values.global.abrmd.enabled -}}
apiVersion: apps/v1
-kind: StatefulSet
+kind: Deployment
metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
selector: {{- include "common.selectors" . | nindent 4 }}
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ - image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-job-complete
command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- -j
- "{{ include "common.fullname" . }}-init"
- name: {{ include "common.fullname" . }}-tpmconfig
mountPath: "/abrmd/cred/"
readOnly: true
- resources: {{ toYaml .Values.resources | nindent 10 }}
+ resources: {{ include "common.resources" . | nindent 10 }}
{{- if .Values.nodeSelector }}
nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
- {{- end -}}
{{- if .Values.global.tpm.enabled }}
{{ (printf "%s: \"%s\"" .Values.global.tpm.nodeLabel .Values.global.tpm.nodeLabelValue) }}
{{- end -}}
+ {{- end -}}
{{- if .Values.affinity }}
affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
- resources: {{ include "common.resources" . | nindent 10 }}
volumes:
- name: {{ include "common.fullname" . }}-data
persistentVolumeClaim:
kind: Job
metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- replicas: {{ .Values.replicaCount }}
serviceName:
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
restartPolicy: Never
initContainers:
{{- if .Values.global.tpm.enabled }}
- - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ - image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- -j
- "{{ include "common.release" . }}-aaf-sshsm-abrmd-init"
kind: Job
metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- replicas: {{ .Values.replicaCount }}
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
restartPolicy: Never
initContainers:
- - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ - image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-distcenter-ready
command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- -j
- "{{ include "common.release" . }}-aaf-sshsm-distcenter"
global:
nodePortPrefix: 302
# Readiness image
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
# Ubuntu Init image
ubuntuInitRepository: registry.hub.docker.com
ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
{{- if .Values.sequence_order }}
- name: {{ include "common.name" . }}-aaf-readiness
command:
- - /root/ready.py
+ - /app/ready.py
args:
{{- range $container := .Values.sequence_order }}
- --container-name
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
resources:
limits:
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
# Modifications Copyright © 2020 Orange
+# Modifications Copyright © 2020 Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- name: aaf-cass
version: ~6.x-0
repository: 'file://components/aaf-cass'
- - name: aaf-cert-service
- version: ~6.x-0
- repository: 'file://components/aaf-cert-service'
- name: aaf-cm
version: ~6.x-0
repository: 'file://components/aaf-cm'
# Copyright © 2017 Amdocs, Bell Canada
# Modifications © 2020 AT&T
+# Modifications Copyright © 2020 Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
global:
nodePortPrefix: 302
# Readiness image
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
# Ubuntu Init image
ubuntuInitRepository: registry.hub.docker.com
ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
public_port: 31112
# Note: as hello is a sample app, find values in charts/aaf-hello/values.yaml
- certServiceClient:
- secret:
- name: aaf-cert-service-client-tls-secret
-
#################################################################
# Application configuration defaults.
#################################################################
-Subproject commit 7e6e2bf385f85e85e008d06b2415290851fee2b7
+Subproject commit 628ecd0d519acc6b4717d05aa12fd4f7b7dfc55f
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
spec:
+ serviceName: {{ include "common.servicename" . }}
selector:
matchLabels:
app: {{ include "common.name" . }}
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
- name: {{ include "common.name" . }}-readiness
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- {{.Values.config.mariadbGaleraContName}}
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-chown
image: "busybox"
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
centralizedLoggingEnabled: false
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
dgbuilder:
nameOverride: appc-dgbuilder
+ certInitializer:
+ nameOverride: appc-dgbuilder-cert-initializer
config:
db:
rootPasswordExternalSecret: '{{ include "common.release" . }}-appc-db-root-pass'
#Actuator properties
management.endpoints.web.exposure.include=*
management.endpoint.health.show-details=always
+
+#K8s Plugin properties
+#Credentials are placeholders as k8s plugin has not authentication atm
+blueprintprocessor.k8s.plugin.username=unused
+blueprintprocessor.k8s.plugin.password=unused
+blueprintprocessor.k8s.plugin.url=http://multicloud-k8s:9015/
</encoder>
</appender>
- <logger name="org.springframework" level="info"/>
- <logger name="org.springframework.web" level="info"/>
- <logger name="org.springframework.security.web.authentication" level="warn"/>
- <logger name="org.hibernate" level="error"/>
- <logger name="org.onap.ccsdk.cds" level="info"/>
+ <logger name="org.springframework" level="{{ .Values.logback.logger.springframework }}"/>
+ <logger name="org.springframework.web" level="{{ .Values.logback.logger.springframeworkWeb }}"/>
+ <logger name="org.springframework.security.web.authentication" level="{{ .Values.logback.logger.springframeworkSecurityWebauthentication }}"/>
+ <logger name="org.hibernate" level="{{ .Values.logback.logger.hibernate }}"/>
+ <logger name="org.onap.ccsdk.cds" level="{{ .Values.logback.logger.onapCcsdkCds }}"/>
- <root level="info">
+ <root level="{{ .Values.logback.rootLogLevel }}">
<appender-ref ref="STDOUT"/>
</root>
name: {{ include "common.name" . }}-update-config
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- cds-db
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
- name: fix-permission
repository: nexus3.onap.org:10001
# readiness check
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
# image pull policy
pullPolicy: Always
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-blueprintsprocessor:0.7.5
+image: onap/ccsdk-blueprintsprocessor:1.0.0
pullPolicy: Always
# flag to enable debugging - application support required
config:
ssl: "none"
-resources: {}
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- #
- # Example:
- # Configure resource requests and limits
- # ref: http://kubernetes.io/docs/user-guide/compute-resources/
- # Minimum memory for development is 2 CPU cores and 4GB memory
- # Minimum memory for production is 4 CPU cores and 8GB memory
-#resources:
-# limits:
-# cpu: 2
-# memory: 4Gi
-# requests:
-# cpu: 2
-# memory: 4Gi
+logback:
+ rootLogLevel: INFO
+ logger:
+ springframework: INFO
+ springframeworkWeb: INFO
+ springframeworkSecurityWebauthentication: INFO
+ hibernate: INFO
+ onapCcsdkCds: INFO
+
+flavor: small
+
+resources:
+ small:
+ limits:
+ cpu: 2
+ memory: 4Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 4
+ memory: 8Gi
+ requests:
+ cpu: 2
+ memory: 4Gi
+ unlimited: {}
spec:
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- cds-blueprints-processor
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
repository: nexus3.onap.org:10001
# readiness check
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
# image pull policy
pullPolicy: Always
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-commandexecutor:0.7.5
+image: onap/ccsdk-commandexecutor:1.0.0
pullPolicy: Always
# application configuration
- name: AUTH_TYPE
value: {{ .Values.config.authType }}
- name: API_USERNAME
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "api-credentials" "key" "login") | nindent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-credentials" "key" "login") | nindent 12 }}
- name: API_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "api-credentials" "key" "password") | nindent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-credentials" "key" "password") | nindent 12 }}
- name: LOG_FILE
value: {{ .Values.config.logFile }}
- name: ARTIFACT_MANAGER_PORT
repository: nexus3.onap.org:10001
# readiness check
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
# image pull policy
pullPolicy: Always
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-py-executor:0.7.5
+image: onap/ccsdk-py-executor:1.0.0
pullPolicy: Always
# default number of instances
</encoder>
</appender>
- <logger name="org.springframework" level="info"/>
- <logger name="org.springframework.web" level="info"/>
- <logger name="org.springframework.security.web.authentication" level="warn"/>
- <logger name="org.hibernate" level="error"/>
- <logger name="org.onap.ccsdk.cds" level="info"/>
+ <logger name="org.springframework" level="{{ .Values.logback.logger.springframework }}"/>
+ <logger name="org.springframework.web" level="{{ .Values.logback.logger.springframeworkWeb }}"/>
+ <logger name="org.springframework.security.web.authentication" level="{{ .Values.logback.logger.springframeworkSecurityWebauthentication }}"/>
+ <logger name="org.hibernate" level="{{ .Values.logback.logger.hibernate }}"/>
+ <logger name="org.onap.ccsdk.cds" level="{{ .Values.logback.logger.onapCcsdkCds }}"/>
- <root level="warn">
+ <root level="{{ .Values.logback.rootLogLevel }}">
<appender-ref ref="STDOUT"/>
</root>
spec:
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- sdc-be
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
repository: nexus3.onap.org:10001
# readiness check
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
# image pull policy
pullPolicy: Always
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-sdclistener:0.7.5
+image: onap/ccsdk-sdclistener:1.0.0
name: sdc-listener
pullPolicy: Always
ingress:
enabled: false
-resources: {}
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- #
- # Example:
- # Configure resource requests and limits
- # ref: http://kubernetes.io/docs/user-guide/compute-resources/
- # Minimum memory for development is 2 CPU cores and 4GB memory
-# Minimum memory for production is 4 CPU cores and 8GB memory
-#resources:
-# limits:
-# cpu: 2
-# memory: 4Gi
-# requests:
-# cpu: 2
-# memory: 4Gi
+logback:
+ rootLogLevel: INFO
+ logger:
+ springframework: INFO
+ springframeworkWeb: INFO
+ springframeworkSecurityWebauthentication: INFO
+ hibernate: INFO
+ onapCcsdkCds: INFO
+
+flavor: small
+
+resources:
+ small:
+ limits:
+ cpu: 2
+ memory: 4Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 4
+ memory: 8Gi
+ requests:
+ cpu: 2
+ memory: 4Gi
+ unlimited: {}
#################################################################
global:
nodePortPrefixExt: 304
- readinessRepository: oomk8s
- readinessImage: readiness-check:1.1.0
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-cds-ui-server:0.7.5
+image: onap/ccsdk-cds-ui-server:1.0.0
pullPolicy: Always
# application configuration
nodePortPrefix: 302
nodePortPrefixExt: 304
repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
persistence:
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts docker
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell helm version --template "{{.Version}}")
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+else
+ @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+endif
+ @helm repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES :=
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+ @helm repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
\ No newline at end of file
# limitations under the License.
dependencies:
- - name: common
+ - name: certInitializer
version: ~6.x-0
- repository: '@local'
+ repository: '@local'
\ No newline at end of file
--- /dev/null
+###
+# ============LICENSE_START=======================================================
+# ONAP CLAMP
+# ================================================================================
+# Copyright (C) 2017-2019 AT&T Intellectual Property. All rights
+# reserved.
+# ================================================================================
+# Modifications copyright (c) 2019 Nokia
+# ================================================================================\
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END============================================
+# ===================================================================
+#
+###
+{{- if .Values.global.aafEnabled }}
+server.ssl.key-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }}
+server.ssl.key-store-password=${cadi_keystore_password_p12}
+server.ssl.key-password=${cadi_key_password}
+server.ssl.key-store-type=PKCS12
+server.ssl.key-alias={{ .Values.certInitializer.fqi }}
+
+# The key file used to decode the key store and trust store password
+# If not defined, the key store and trust store password will not be decrypted
+clamp.config.keyFile=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keyFile }}
+
+## Config part for Client certificates
+server.ssl.client-auth=want
+server.ssl.trust-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }}
+server.ssl.trust-store-password=${cadi_truststore_password}
+{{- end }}
+
+#clds datasource connection details
+spring.datasource.username=${MYSQL_USER}
+spring.datasource.password=${MYSQL_PASSWORD}
+spring.datasource.url=jdbc:mariadb:sequential://clampdb.{{ include "common.namespace" . }}:3306/${MYSQL_DATABASE}?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3
+spring.profiles.active=clamp-default,clamp-aaf-authentication,clamp-sdc-controller,clamp-ssl-config,clamp-policy-controller,default-dictionary-elements
+
+#The log folder that will be used in logback.xml file
+clamp.config.files.sdcController=file:/opt/clamp/sdc-controllers-config.json
+
+#
+# Configuration Settings for Policy Engine Components
+clamp.config.policy.api.url=https4://policy-api.{{ include "common.namespace" . }}:6969
+clamp.config.policy.api.userName=healthcheck
+clamp.config.policy.api.password=zb!XztG34
+clamp.config.policy.pap.url=https4://policy-pap.{{ include "common.namespace" . }}:6969
+clamp.config.policy.pap.userName=healthcheck
+clamp.config.policy.pap.password=zb!XztG34
+
+#DCAE Inventory Url Properties
+clamp.config.dcae.inventory.url=https4://inventory.{{ include "common.namespace" . }}:8080
+clamp.config.dcae.dispatcher.url=https4://deployment-handler.{{ include "common.namespace" . }}:8443
+#DCAE Deployment Url Properties
+clamp.config.dcae.deployment.url=https4://deployment-handler.{{ include "common.namespace" . }}:8443
+clamp.config.dcae.deployment.userName=none
+clamp.config.dcae.deployment.password=none
+
+#AAF related parameters
+clamp.config.cadi.aafLocateUrl=https://aaf-locate.{{ include "common.namespace" . }}:8095
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
- spring_application_json: {{ tpl .Values.config.springApplicationJson . | quote }}
{{ include "common.log.configMap" . }}
spec:
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- - mariadb
+ - clamp-mariadb
env:
- name: NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
# side car containers
{{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.sidecar" . | nindent 8 }}{{ end }}
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- if .Values.global.aafEnabled }}
+ command:
+ - sh
+ workingDir: "/opt/clamp/"
args:
- - ""
+ - -c
+ - |
+ export $(grep '^cadi_' {{ .Values.certInitializer.credsPath }}/org.onap.clamp.cred.props | xargs -0)
+ java -Djava.security.egd=file:/dev/./urandom -Xms256m -Xmx1g -jar ./app.jar
+ {{- else }}
+ args:
+ - ""
+ {{- end }}
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts:
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- name: logs
mountPath: {{ .Values.log.path }}
- mountPath: /opt/clamp/sdc-controllers-config.json
name: {{ include "common.fullname" . }}-config
subPath: sdc-controllers-config.json
+ - mountPath: /opt/clamp/application.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: application.properties
env:
- name: MYSQL_USER
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
- name: MYSQL_DATABASE
value: {{ tpl .Values.db.databaseName .}}
- - name: SPRING_APPLICATION_JSON
- valueFrom:
- configMapKeyRef:
- name: {{ template "common.fullname" . }}
- key: spring_application_json
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
- volumes:
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: {{ include "common.fullname" . }}-config
configMap:
name: {{ include "common.fullname" . }}
items:
- key: sdc-controllers-config.json
path: sdc-controllers-config.json
+ - key: application.properties
+ path: application.properties
- name: logs
emptyDir: {}
{{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.volumes" . | nindent 8 }}{{ end }}
global: # global defaults
nodePortPrefix: 302
repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ==
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
persistence: {}
+ centralizedLoggingEnabled: true
+ #AAF service
+ aafEnabled: true
+
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+ permission_user: 1000
+ permission_group: 999
+ keystoreFile: "org.onap.clamp.p12"
+ truststoreFile: "org.onap.clamp.trust.jks"
+ keyFile: "org.onap.clamp.keyfile"
+ truststoreFileONAP: "truststoreONAPall.jks"
+ nameOverride: clamp-backend-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: clamp
+ fqi: clamp@clamp.onap.org
+ public_fqdn: clamp.onap.org
+ cadi_longitude: "-72.0"
+ cadi_latitude: "38.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop;
+ grep '^cadi' {{ .Values.credsPath }}/mycreds.prop | awk -v FS="cadi_truststore_password=" 'NF>1{print $2}' > {{ .Values.credsPath }}/cadi_truststore_password.pwd;
+ grep '^cadi' {{ .Values.credsPath }}/mycreds.prop | awk -v FS="cadi_key_password=" 'NF>1{print $2}' > {{ .Values.credsPath }}/cadi_key_password.pwd;
+ grep '^cadi' {{ .Values.credsPath }}/mycreds.prop | awk -v FS="cadi_keystore_password=" 'NF>1{print $2}' > {{ .Values.credsPath }}/cadi_keystore_password.pwd;
+ grep '^cadi' {{ .Values.credsPath }}/mycreds.prop | awk -v FS="cadi_keystore_password_p12=" 'NF>1{print $2}' > {{ .Values.credsPath }}/cadi_keystore_password_p12.pwd;
+ cd {{ .Values.credsPath }};
+ chmod a+rx *;
secrets:
- uid: db-secret
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-backend:5.0.7
+image: onap/clamp-backend:5.1.2
pullPolicy: Always
# flag to enable debugging - application support required
# Application configuration defaults.
#################################################################
-db: {}
+#####dummy values for db user and password to pass lint!!!#######
+
+db:
+ user: dummyclds
+ password: dummysidnnd83K
+ databaseName: dummycldsdb4
config:
log:
logstashPort: 5044
mysqlPassword: strong_pitchou
dataRootDir: /dockerdata-nfs
- springApplicationJson: >
- {
- "spring.datasource.username": "${MYSQL_USER}",
- "spring.datasource.password": "${MYSQL_PASSWORD}",
- "spring.datasource.url": "jdbc:mariadb:sequential://clampdb.{{ include "common.namespace" . }}:3306/${MYSQL_DATABASE}?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3",
- "spring.profiles.active": "clamp-default,clamp-aaf-authentication,clamp-sdc-controller,clamp-ssl-config,clamp-policy-controller,legacy-operational-policy,default-dictionary-elements",
- "clamp.config.files.sdcController": "file:/opt/clamp/sdc-controllers-config.json",
- "clamp.config.dcae.inventory.url": "https4://inventory.{{ include "common.namespace" . }}:8080",
- "clamp.config.dcae.dispatcher.url": "https4://deployment-handler.{{ include "common.namespace" . }}:8443",
- "clamp.config.dcae.deployment.url": "https4://deployment-handler.{{ include "common.namespace" . }}:8443",
- "clamp.config.dcae.deployment.userName": "none",
- "clamp.config.dcae.deployment.password": "none",
- "clamp.config.policy.api.url": "https4://policy-api.{{ include "common.namespace" . }}:6969",
- "clamp.config.policy.api.userName": "healthcheck",
- "clamp.config.policy.api.password": "zb!XztG34",
- "clamp.config.policy.pap.url": "https4://policy-pap.{{ include "common.namespace" . }}:6969",
- "clamp.config.policy.pap.userName": "healthcheck",
- "clamp.config.policy.pap.password": "zb!XztG34",
- "clamp.config.cadi.aafLocateUrl": "https://aaf-locate.{{ include "common.namespace" . }}:8095"
- }
# default number of instances
replicaCount: 1
- name: common
version: ~6.x-0
repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
\ No newline at end of file
######## Start OpenDistro for Elasticsearch Security Demo Configuration ########
# WARNING: revise all the lines below before you go into production
+{{- if .Values.global.aafEnabled }}
+opendistro_security.ssl.transport.pemcert_filepath: {{ .Values.certInitializer.clamp_pem }}
+opendistro_security.ssl.transport.pemkey_filepath: {{ .Values.certInitializer.clamp_key }}
+opendistro_security.ssl.transport.pemtrustedcas_filepath: {{ .Values.certInitializer.clamp_ca_certs_pem }}
+opendistro_security.ssl.http.pemcert_filepath: {{ .Values.certInitializer.clamp_pem }}
+opendistro_security.ssl.http.pemkey_filepath: {{ .Values.certInitializer.clamp_key }}
+opendistro_security.ssl.http.pemtrustedcas_filepath: {{ .Values.certInitializer.clamp_ca_certs_pem }}
+{{- else }}
opendistro_security.ssl.transport.pemcert_filepath: esnode.pem
opendistro_security.ssl.transport.pemkey_filepath: esnode-key.pem
opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem
-opendistro_security.ssl.transport.enforce_hostname_verification: false
-opendistro_security.ssl.http.enabled: {{.Values.security.ssl.enabled}}
opendistro_security.ssl.http.pemcert_filepath: esnode.pem
opendistro_security.ssl.http.pemkey_filepath: esnode-key.pem
opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem
+{{- end }}
+opendistro_security.ssl.transport.enforce_hostname_verification: false
+opendistro_security.ssl.http.enabled: {{.Values.security.ssl.enabled}}
+
opendistro_security.allow_unsafe_democertificates: true
opendistro_security.allow_default_init_securityindex: true
opendistro_security.authcz.admin_dn:
mountPath: /usr/share/elasticsearch/logs/
- name: {{ include "common.fullname" . }}-data
mountPath: /usr/share/elasticsearch/data/
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- if .Values.global.aafEnabled }}
+ command:
+ - sh
+ args:
+ - -c
+ - |
+ cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_key }} /usr/share/elasticsearch/config/{{ .Values.certInitializer.clamp_key }}
+ cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_pem }} /usr/share/elasticsearch/config/{{ .Values.certInitializer.clamp_pem }}
+ cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }} /usr/share/elasticsearch/config/{{ .Values.certInitializer.clamp_ca_certs_pem }}
+ /usr/local/bin/docker-entrypoint.sh
+ {{- end }}
ports:
- containerPort: {{ .Values.service.internalPort }}
name: {{ include "common.servicename" . }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
env:
- volumeMounts:
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
- volumes:
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
nodePortPrefix: 302
repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ==
persistence: {}
+ centralizedLoggingEnabled: true
+ #AAF service
+ aafEnabled: true
+
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+ permission_user: 1000
+ permission_group: 999
+ addconfig: true
+ keystoreFile: "org.onap.clamp.p12"
+ truststoreFile: "org.onap.clamp.trust.jks"
+ keyFile: "org.onap.clamp.keyfile"
+ truststoreFileONAP: "truststoreONAPall.jks"
+ clamp_key: "org.onap.clamp.crt.key"
+ clamp_pem: "org.onap.clamp.key.pem"
+ clamp_ca_certs_pem: "clamp-ca-certs.pem"
+ nameOverride: clamp-es-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: clamp
+ fqi: clamp@clamp.onap.org
+ public_fqdn: clamp.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop;
+ export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0);
+ cd {{ .Values.credsPath }};
+ openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }};
+ openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }};
+ openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }};
+ chmod a+rx *;
+
flavor: small
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-dashboard-elasticsearch:5.0.3
+image: onap/clamp-dashboard-elasticsearch:5.0.4
pullPolicy: Always
# flag to enable debugging - application support required
- name: common
version: ~6.x-0
repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
\ No newline at end of file
server.port: {{.Values.service.externalPort}}
server.ssl.enabled: {{.Values.config.sslEnabled}}
+{{- if .Values.global.aafEnabled }}
+server.ssl.certificate: {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_pem }}
+server.ssl.key: {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_key }}
+{{ else }}
server.ssl.certificate: {{.Values.config.sslPemCertFilePath}}
server.ssl.key: {{.Values.config.sslPemkeyFilePath}}
-
+{{- end }}
# The URL of the Elasticsearch instance to use for all your queries.
elasticsearch.hosts: ${elasticsearch_base_url}
spec:
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- clamp-dash-es
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
env:
- name: elasticsearch_base_url
value: "{{ternary "https" "http" .Values.security.ssl.enabled}}://{{.Values.config.elasticsearchServiceName}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.config.elasticsearchPort}}"
- volumeMounts:
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
- volumes:
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
-# Copyright © 2020 Samsung, Orange
+{{/* # Copyright © 2020 Samsung, Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.ingress" . }}
global:
nodePortPrefix: 302
repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ==
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
persistence: {}
+ centralizedLoggingEnabled: true
+ #AAF service
+ aafEnabled: true
+
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+ permission_user: 1000
+ permission_group: 999
+ addconfig: true
+ keystoreFile: "org.onap.clamp.p12"
+ truststoreFile: "org.onap.clamp.trust.jks"
+ keyFile: "org.onap.clamp.keyfile"
+ truststoreFileONAP: "truststoreONAPall.jks"
+ clamp_key: "org.onap.clamp.crt.key"
+ clamp_pem: "org.onap.clamp.key.pem"
+ clamp_ca_certs_pem: "clamp-ca-certs.pem"
+ nameOverride: clamp-kibana-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: clamp
+ fqi: clamp@clamp.onap.org
+ public_fqdn: clamp.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop;
+ export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0);
+ cd {{ .Values.credsPath }};
+ openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }};
+ openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }};
+ openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }};
+ chmod a+rx *;
+
flavor: small
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-dashboard-kibana:5.0.3
+image: onap/clamp-dashboard-kibana:5.0.4
pullPolicy: Always
# flag to enable debugging - application support required
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T,VMware
+# Modifications Copyright © 2018 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- name: common
version: ~6.x-0
repository: '@local'
- - name: music
+ - name: certInitializer
version: ~6.x-0
- repository: '@local'
+ repository: '@local'
\ No newline at end of file
request_timeout => 30
schedule => { "every" => "1m" }
codec => "plain"
+{{- if .Values.global.aafEnabled }}
+ cacert => "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }}"
+{{- else }}
cacert => "/certs.d/aafca.pem"
+{{- end }}
}
}
if "error" in [tags] {
elasticsearch {
+ ilm_enabled => false
codec => "json"
+{{- if .Values.global.aafEnabled }}
+ cacert => "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }}"
+{{- else }}
cacert => "/clamp-cert/ca-certs.pem"
+{{- end }}
ssl_certificate_verification => false
hosts => ["${elasticsearch_base_url}"]
user => ["${logstash_user}"]
} else if "event-cl-aggs" in [tags] {
elasticsearch {
+ ilm_enabled => false
codec => "json"
hosts => ["${elasticsearch_base_url}"]
+{{- if .Values.global.aafEnabled }}
+ cacert => "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }}"
+{{- else }}
cacert => "/clamp-cert/ca-certs.pem"
+{{- end }}
ssl_certificate_verification => false
user => ["${logstash_user}"]
password => ["${logstash_pwd}"]
} else {
elasticsearch {
+ ilm_enabled => false
codec => "json"
hosts => ["${elasticsearch_base_url}"]
+{{- if .Values.global.aafEnabled }}
+ cacert => "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }}"
+{{- else }}
cacert => "/clamp-cert/ca-certs.pem"
+{{- end }}
ssl_certificate_verification => false
user => ["${logstash_user}"]
password => ["${logstash_pwd}"]
spec:
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- clamp-dash-es
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
periodSeconds: {{ .Values.liveness.periodSeconds }}
timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
{{ end -}}
- volumeMounts:
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
- volumes:
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
global:
nodePortPrefix: 302
repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ==
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
persistence: {}
+ centralizedLoggingEnabled: true
+ #AAF service
+ aafEnabled: true
+
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+ permission_user: 1000
+ permission_group: 999
+ addconfig: true
+ keystoreFile: "org.onap.clamp.p12"
+ truststoreFile: "org.onap.clamp.trust.jks"
+ keyFile: "org.onap.clamp.keyfile"
+ truststoreFileONAP: "truststoreONAPall.jks"
+ clamp_key: "org.onap.clamp.crt.key"
+ clamp_pem: "org.onap.clamp.key.pem"
+ clamp_ca_certs_pem: "clamp-ca-certs.pem"
+ nameOverride: clamp-logstash-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: clamp
+ fqi: clamp@clamp.onap.org
+ public_fqdn: clamp.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop;
+ export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0);
+ cd {{ .Values.credsPath }};
+ openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }};
+ openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }};
+ openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }};
+ chmod a+rx *;
+
flavor: small
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-dashboard-logstash:5.0.3
+image: onap/clamp-dashboard-logstash:5.0.4
pullPolicy: Always
# flag to enable debugging - application support required
apiVersion: v1
description: MariaDB Service
-name: mariadb
+name: clamp-mariadb
version: 6.0.0
dependencies:
- name: common
version: ~6.x-0
- repository: '@local'
+ repository: '@local'
\ No newline at end of file
esac
done
+prepare_password()
+{
+ echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g"
+}
+
# usage: file_env VAR [DEFAULT]
# ie: file_env 'XYZ_DB_PASSWORD' 'example'
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
elif [ "${!fileVar:-}" ]; then
val="$(< "${!fileVar}")"
fi
- val=`echo -n $val | sed -e "s/'/''/g"`
+ val=`prepare_password $val`
export "$var"="$val"
unset "$fileVar"
}
persistence: {}
# application image
repository: docker.io
-image: mariadb:10.3.12
+image: mariadb:10.5.4
pullPolicy: Always
flavor: small
#################################################################
password: '{{ .Values.db.password }}'
# Application configuration
-db: {}
+# dummy value db user pasword to pass lint!!!
+db:
+ user: dummy-clds
+ password: dummy-sidnnd83K
+ databaseName: dummy-cldsdb4
# default number of instances
replicaCount: 1
# limitations under the License.
dependencies:
- - name: common
+ - name: certInitializer
version: ~6.x-0
- # local reference to common chart, as it is
- # a part of this chart's package and will not
- # be published independently to a repo (at this point)
repository: '@local'
+ - name: clamp-mariadb
+ version: ~6.x-0
+ repository: 'file://components/clamp-mariadb'
+ - name: clamp-backend
+ version: ~6.x-0
+ repository: 'file://components/clamp-backend'
+ - name: clamp-dash-es
+ version: ~6.x-0
+ repository: 'file://components/clamp-dash-es'
+ - name: clamp-dash-logstash
+ version: ~6.x-0
+ repository: 'file://components/clamp-dash-logstash'
+ - name: clamp-dash-kibana
+ version: ~6.x-0
+ repository: 'file://components/clamp-dash-kibana'
\ No newline at end of file
listen 2443 default ssl;
ssl_protocols TLSv1.2;
+ {{ if .Values.global.aafEnabled }}
+ ssl_certificate {{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.clamp_pem}};
+ ssl_certificate_key {{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.clamp_key}};
+ {{ else }}
ssl_certificate /etc/ssl/clamp.pem;
ssl_certificate_key /etc/ssl/clamp.key;
+ {{ end }}
+
ssl_verify_client optional_no_ca;
location /restservices/clds/ {
proxy_pass https://clamp-backend:443;
spec:
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- clamp-backend
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+{{ include "common.certInitializer.initContainer" . | nindent 6 }}
containers:
# side car containers
{{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.sidecar" . | nindent 8 }}{{ end }}
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts:
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- name: logs
mountPath: {{ .Values.log.path }}
- mountPath: /etc/nginx/conf.d/default.conf
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
- volumes:
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: {{ include "common.fullname" . }}-config
configMap:
name: {{ include "common.fullname" . }}
#################################################################
global: # global defaults
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
- centralizedLoggingEnabled: false
+ centralizedLoggingEnabled: true
+ #AAF service
+ aafEnabled: true
+
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+ permission_user: 1000
+ permission_group: 999
+ addconfig: true
+ keystoreFile: "org.onap.clamp.p12"
+ truststoreFile: "org.onap.clamp.trust.jks"
+ keyFile: "org.onap.clamp.keyfile"
+ truststoreFileONAP: "truststoreONAPall.jks"
+ clamp_key: "clamp.key"
+ clamp_pem: "clamp.pem"
+ clamp_ca_certs_pem: "clamp-ca-certs.pem"
+ nameOverride: clamp-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: clamp
+ fqi: clamp@clamp.onap.org
+ public_fqdn: clamp.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop;
+ export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0);
+ cd {{ .Values.credsPath }};
+ openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }};
+ openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }};
+ openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }};
+ chmod a+rx *;
secrets:
- uid: db-root-pass
db:
userCredsExternalSecret: *dbUserPass
databaseName: *dbName
-mariadb:
+clamp-mariadb:
db:
rootCredsExternalSecret: *dbRootPass
userCredsExternalSecret: *dbUserPass
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-frontend:5.0.7
+image: onap/clamp-frontend:5.1.2
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
#################################################################
# Application configuration defaults.
#################################################################
EXCLUDES :=
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell helm version --template "{{.Version}}")
+
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
all: $(COMMON_CHARTS_DIR) $(HELM_CHARTS)
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+else
@if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+endif
@helm repo index $(PACKAGE_DIR)
clean:
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-{{- $global := . }}
{{- if .Values.backup.enabled }}
apiVersion: batch/v1beta1
kind: CronJob
restartPolicy: Never
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- {{ include "common.name" . }}
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
- name: "cassandra-backup-init"
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /bin/sh
+ - /bin/bash
- -c
- |
clearSnapshot(){
curr_time=$1
echo "Clearing snapshots!!!"
command="nodetool clearsnapshot -t $curr_time"
- /root/exec.py -p "cassandra" -c "$command"
+ /app/exec.py -p "cassandra" -c "$command"
}
{{ $root := . }}
curr_time=`date +%s`
echo "Executing cleanup!!"
command="nodetool cleanup"
- /root/exec.py -p "cassandra" -c "$command"
+ /app/exec.py -p "cassandra" -c "$command"
echo "Cleaned Node!! Backing up database now!!!"
command="nodetool snapshot -t $curr_time"
- /root/exec.py -p "cassandra" -c "$command"
+ /app/exec.py -p "cassandra" -c "$command"
retCode=$?
if [ $retCode -ne 0 ]; then
echo "Backup Failed!!!"
d=$(echo $d | sed 's:/*$::')
keyspace_name=$(echo "$d" | awk -F/ '{ print $NF }')
if [ 1 ] {{- range $t, $keyspace := $root.Values.backup.keyspacesToSkip }} && [ "{{ $keyspace.name }}" != "$keyspace_name" ] {{- end }}; then
- /root/restore.sh -b $backup_dir/cassandra-{{ $i }}/data -s /onap-data/cassandra-{{ $i }}/data/$keyspace_name -k $keyspace_name -t $curr_time &
+ /app/restore.sh -b $backup_dir/cassandra-{{ $i }}/data -s /onap-data/cassandra-{{ $i }}/data/$keyspace_name -k $keyspace_name -t $curr_time &
pids="$pids $!"
fi
done
- mountPath: /backup
name: backup-dir
- name: scripts
- mountPath: /root/restore.sh
+ mountPath: /app/restore.sh
subPath: restore.sh
- name: scripts
- mountPath: /root/exec.py
+ mountPath: /app/exec.py
subPath: exec.py
containers:
- name: cassandra-backup-validate
{{- range $i := until (int .Values.replicaCount)}}
- name: data-dir-{{ $i }}
persistentVolumeClaim:
- claimName: {{ include "common.fullname" $global }}-data-{{ include "common.fullname" $global }}-{{ $i }}
+ claimName: {{ include "common.fullname" . }}-data-{{ $i }}
{{- end }}
- name: backup-dir
persistentVolumeClaim:
+{{/*
# Copyright © 2018 Amdocs, Bell Canada, AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.replicaPV" . }}
+{{/*
# Copyright © 2018 Amdocs, AT&T, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.headlessService" . }}
+{{/*
# Copyright © 2018 Amdocs, AT&T, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: StatefulSet
backup:
mountPath: /dockerdata-nfs/backup
repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
# application image
repository: nexus3.onap.org:10001
{{- define "common.certInitializer._volumeMount" -}}
{{- $dot := default . .dot -}}
{{- $initRoot := default $dot.Values.certInitializer .initRoot -}}
-- mountPath: {{ $initRoot.mountPath }}
+- mountPath: {{ $initRoot.appMountPath }}
name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }}
{{- end -}}
cadi_longitude: "-72.0"
aaf_add_config: ""
mountPath: "/opt/app/osaaf"
+appMountPath: "/opt/app/osaaf"
importCustomCertsEnabled: false
truststoreMountpath: ""
truststoreOutputFileName: truststore.jks
# See the License for the specific language governing permissions and
# limitations under the License.
global:
- aaf:
+ platform:
certServiceClient:
- image: onap/org.onap.aaf.certservice.aaf-certservice-client:1.2.0
+ image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.0
+ secretName: oom-cert-service-client-tls-secret
envVariables:
# Certificate related
cmpv2Organization: "Linux-Foundation"
cmpv2State: "California"
cmpv2Country: "US"
# Client configuration related
- requestURL: "https://aaf-cert-service:8443/v1/certificate/"
+ requestURL: "https://oom-cert-service:8443/v1/certificate/"
requestTimeout: "30000"
keystorePassword: "secret"
truststorePassword: "secret"
+ certPostProcessor:
+ image: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.1.0
+
{{- $aafRoot := default $dot.Values.aafConfig .aafRoot -}}
{{- if $dot.Values.global.aafEnabled -}}
- name: {{ include "common.name" $dot }}-aaf-readiness
- image: "{{ $dot.Values.global.readinessRepository }}/{{ $dot.Values.global.readinessImage }}"
+ image: "{{ include "common.repository" $dot }}/{{ $dot.Values.global.readinessImage }}"
imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- aaf-locate
- name: aaf_locator_app_ns
value: "{{ $aafRoot.app_ns }}"
- name: DEPLOY_FQI
- {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" $aafRoot.secret_uid "key" "login") | indent 6 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" $aafRoot.secret_uid "key" "login") | indent 6 }}
- name: DEPLOY_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" $aafRoot.secret_uid "key" "password") | indent 6 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" $aafRoot.secret_uid "key" "password") | indent 6 }}
#Note: want to put this on Nodes, eventually
- name: cadi_longitude
value: "{{ default "52.3" $aafRoot.cadi_longitude }}"
{{ else if eq "testRelease" (include "common.release" .) }}
{{/* Special case for chart liniting. DON"T NAME YOUR PRODUCTION RELEASE testRelease */}}
{{- printf "testRelease" -}}
+ {{ else if eq "test-release" .Release.Name }}
+ {{/* Special case for chart linting in helm3. DON"T NAME YOUR PRODUCTION RELEASE test-release */}}
+ {{- printf "testRelease" -}}
{{ else }}
{{ fail "masterPassword not provided" }}
{{ end }}
{{- end -}}
+{{- define "common._defaultPasswordStrength" -}}
+ {{ if .Values.passwordStrengthOverride }}
+ {{- printf "%s" .Values.passwordStrengthOverride -}}
+ {{ else if .Values.global.passwordStrength }}
+ {{- printf "%s" .Values.global.passwordStrength -}}
+ {{ else if .Values.passwordStrength }}
+ {{- printf "%s" .Values.passwordStrength -}}
+ {{ else }}
+ {{- printf "long" }}
+ {{ end }}
+{{- end -}}
+
{{/*
Generate a new password based on masterPassword. The new password is not
random, it is derived from masterPassword, fully qualified chart name and
{{- define "common.createPassword" -}}
{{- $dot := default . .dot -}}
{{- $uid := default "onap" .uid -}}
- {{- $strength := default "long" .strength -}}
+ {{- $defaultStrength := include "common._defaultPasswordStrength" $dot | trim -}}
+ {{- $strength := default $defaultStrength .strength -}}
{{- $mp := include "common.masterPassword" $dot -}}
{{- derivePassword 1 $strength $mp (include "common.fullname" $dot) $uid -}}
{{- end -}}
{{- $dot := default . .dot -}}
{{- $suffix := default "" .suffix -}}
{{- $name := default $dot.Chart.Name $dot.Values.nameOverride -}}
+ {{/* when linted, the name must be lower cased. When used from a component,
+ name should be overriden in order to avoid collision so no need to do it */}}
+ {{- if eq (printf "common/%s/templates" $name) $dot.Template.BasePath -}}
+ {{- $name = lower $name -}}
+ {{- end -}}
{{- include "common.fullnameExplicit" (dict "dot" $dot "chartName" $name "suffix" $suffix) }}
{{- end -}}
{{- $uid := (default "" .uid) }}
{{- $name := (default "" .name) }}
{{- $fullname := ne (default "" .chartName) "" | ternary (include "common.fullnameExplicit" (dict "dot" $global "chartName" .chartName)) (include "common.fullname" $global) }}
+ {{- if eq "test-release" $global.Release.Name -}}
+ {{/* Special case for chart liniting in helm3. DON"T NAME YOUR PRODUCTION RELEASE test-release */}}
+ {{- $uid = lower $uid -}}
+ {{- end -}}
{{- default (printf "%s-%s" $fullname $uid) $name }}
{{- end -}}
- name: common
version: ~6.x-0
repository: 'file://../common'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
},
"uiHost": "0.0.0.0",
"version": "0.9.1",
- "performGitPull": "N",
- "enableHttps" : true
+ {{ if .Values.global.aafEnabled }}
+ "enableHttps" : true,
+ {{ end }}
+ "performGitPull": "N"
}
image: "{{ .Values.global.envsubstImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- {{ .Values.config.dbPodName }}
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["/bin/bash"]
- args: ["-c", "cd /opt/onap/ccsdk/dgbuilder/ && ./start.sh sdnc1.0 && wait"]
+ args: ["-c", "cd /opt/onap/ccsdk/dgbuilder/ && {{ if .Values.global.aafEnabled}} cp /opt/app/osaaf/local/node-*.pem certs && {{end}}./start.sh sdnc1.0 && wait"]
ports:
- containerPort: {{ .Values.service.internalPort }}
readinessProbe:
- name: SDNC_CONFIG_DIR
value: /opt/onap/sdnc/data/properties
volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
volumes:
+{{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
+{{/*
# Copyright © 2020 Samsung, Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-
+*/}}
{{ include "common.ingress" . }}
repository: nexus3.onap.org:10001
# readiness check
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
# logging agent
loggingRepository: docker.elastic.co
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-dgbuilder-image:0.7.4
+image: onap/ccsdk-dgbuilder-image:1.0.1
pullPolicy: Always
# flag to enable debugging - application support required
config:
ssl: "redirect"
-resources: {}
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- #
- # Example:
- # Configure resource requests and limits
- # ref: http://kubernetes.io/docs/user-guide/compute-resources/
- # Minimum memory for development is 2 CPU cores and 4GB memory
- # Minimum memory for production is 4 CPU cores and 8GB memory
-#resources:
-# limits:
-# cpu: 2
-# memory: 4Gi
-# requests:
-# cpu: 2
-# memory: 4Gi
+ # dependency / sub-chart configuration
+certInitializer:
+ nameOverride: dgbuilder-cert-initializer
+ truststoreMountpath: /opt/onap/ccsdk/dgbuilder/certs
+ fqdn: "sdnc"
+ app_ns: "org.osaaf.aaf"
+ fqi: "sdnc@sdnc.onap.org"
+ fqi_namespace: org.onap.sdnc
+ public_fqdn: "dgbuilder.onap.org"
+ aafDeployFqi: "deployer@people.osaaf.org"
+ aafDeployPass: demo123456!
+ cadi_latitude: "38.0"
+ cadi_longitude: "-72.0"
+ credsPath: /opt/app/osaaf/local
+ aaf_add_config: >
+ cd /opt/app/osaaf/local;
+ /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} | grep cadi_keystore_password= | cut -d= -f 2 > {{ .Values.credsPath }}/.pass 2>&1 ;
+ cp {{ .Values.fqi_namespace }}.crt node-cert.pem;
+ cp {{ .Values.fqi_namespace }}.key node-key.pem;
+ chmod go+r node-*.pem
+
+#Resource Limit flavor -By Default using small
+flavor: small
+#segregation for different envionment (Small and Large)
+
+resources:
+ small:
+ limits:
+ cpu: 2
+ memory: 4Gi
+ requests:
+ cpu: 1
+ memory: 2Gi
+ large:
+ limits:
+ cpu: 4
+ memory: 8Gi
+ requests:
+ cpu: 2
+ memory: 4Gi
+ unlimited: {}
+
+{{/*
# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{- if .Values.enabled }}
{{- range $kind, $enabled := .Values.hooks }}
{{- if $enabled }}
{{- end }}
containers:
- name: {{ template "common.fullname" . }}-curator
- image: {{printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }}
+ image: {{printf "%s/%s" (include "common.repository" .) .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- name: config-volume
+{{/*
# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{- if .Values.enabled }}
apiVersion: v1
kind: ConfigMap
+{{/*
# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{- if .Values.enabled }}
{{ $role := "curator" -}}
{{ $suffix := $role -}}
{{- end }}
containers:
- name: {{ template "common.fullname" . }}-curator
- image: {{printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }}
+ image: {{printf "%s/%s" (include "common.repository" .) .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- name: config-volume
+{{/*
# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{- if and .Values.enabled .Values.psp.create }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
+{{/*
# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{- if and .Values.enabled .Values.rbac.enabled }}
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
+{{/*
# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{- if and .Values.enabled .Values.rbac.enabled }}
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
+{{/*
# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{- if and .Values.enabled .Values.serviceAccount.create .Values.rbac.enabled }}
apiVersion: v1
kind: ServiceAccount
##
enabled: false
name: curator
-image:
- imageName: bitnami/elasticsearch-curator
- tag: 5.8.1-debian-9-r74
- pullPolicy: IfNotPresent
- ## Optionally specify an array of imagePullSecrets.
- ## Secrets must be manually created in the namespace.
- ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
- ##
- # pullSecrets:
- # - myRegistryKeySecretName
+image: bitnami/elasticsearch-curator:5.8.1-debian-9-r74
+pullPolicy: IfNotPresent
+## Optionally specify an array of imagePullSecrets.
+## Secrets must be manually created in the namespace.
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+##
+# pullSecrets:
+# - myRegistryKeySecretName
service:
port: 9200
cronjob:
+{{/*
# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.replicaPV" (dict "dot" . "suffix" .Values.persistence.suffix )}}
+{{/*
# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
+{{/*
# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: StatefulSet
{{ $role := "data" -}}
{{- end }}
{{- end }}
containers:
- - name: {{ include "common.name" . }}-elasticsearch
- image: {{ printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }}
+ - name: {{ include "common.name" . }}-data
+ image: {{ printf "%s/%s" (include "common.repository" .) .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
{{- if .Values.securityContext.enabled }}
securityContext:
{{- end }}
env:
- name: BITNAMI_DEBUG
- value: {{ ternary "true" "false" .Values.image.debug | quote }}
+ value: {{ ternary "true" "false" .Values.debug | quote }}
- name: ELASTICSEARCH_CLUSTER_NAME
value: {{include "elasticsearch.clustername" .}}
- name: ELASTICSEARCH_CLUSTER_HOSTS
- name: http-transport
port: 9300
-image:
- imageName: bitnami/elasticsearch
- tag: 6.8.6-debian-9-r23
- ## Specify a imagePullPolicy
- ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
- ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
- ##
- pullPolicy: IfNotPresent
- ## Optionally specify an array of imagePullSecrets.
- ## Secrets must be manually created in the namespace.
- ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
- ##
- # pullSecrets:
- # - myRegistryKeySecretName
- ## Set to true if you would like to see extra information on logs
- ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
- ##
- debug: false
+image: bitnami/elasticsearch:7.6.1
+## Specify a imagePullPolicy
+## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+##
+pullPolicy: IfNotPresent
+## Optionally specify an array of imagePullSecrets.
+## Secrets must be manually created in the namespace.
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+##
+# pullSecrets:
+# - myRegistryKeySecretName
+## Set to true if you would like to see extra information on logs
+## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
+##
+debug: false
## updateStrategy for ElasticSearch Data statefulset
+{{/*
# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.replicaPV" (dict "dot" . "suffix" .Values.persistence.suffix )}}
+{{/*
# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{- if .Values.serviceAccount.create }}
+{{/*
# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: StatefulSet
{{- end }}
{{- end }}
containers:
- - name: {{ include "common.name" . }}-elasticsearch
- image: {{ printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }}
+ - name: {{ include "common.name" . }}-master
+ image: {{ printf "%s/%s" (include "common.repository" .) .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
{{- if .Values.securityContext.enabled }}
securityContext:
{{- end }}
env:
- name: BITNAMI_DEBUG
- value: {{ ternary "true" "false" .Values.image.debug | quote }}
+ value: {{ ternary "true" "false" .Values.debug | quote }}
- name: ELASTICSEARCH_CLUSTER_NAME
value: {{ include "elasticsearch.clustername" . }}
- name: ELASTICSEARCH_CLUSTER_HOSTS
+{{/*
# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ $role := "master" -}}
{{ $labels := (dict "role" $role) -}}
{{ $matchLabels := (dict "role" $role) }}
-{{ include "common.service" (dict "labels" $labels "matchLabels" $matchLabels "dot" . ) }}
\ No newline at end of file
+{{ include "common.service" (dict "labels" $labels "matchLabels" $matchLabels "dot" . ) }}
## master acts as master only node, choose 'no' if no further data nodes are deployed)
dedicatednode: "yes"
## dedicatednode: "no"
-image:
- imageName: bitnami/elasticsearch
- tag: 6.8.6-debian-9-r23
- ## Specify a imagePullPolicy
- ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
- ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
- ##
- pullPolicy: IfNotPresent
- ## Optionally specify an array of imagePullSecrets.
- ## Secrets must be manually created in the namespace.
- ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
- ##
- # pullSecrets:
- # - myRegistryKeySecretName
- ## Set to true if you would like to see extra information on logs
- ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
- ##
- debug: false
+image: bitnami/elasticsearch:7.6.1
+## Specify a imagePullPolicy
+## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+##
+pullPolicy: IfNotPresent
+## Optionally specify an array of imagePullSecrets.
+## Secrets must be manually created in the namespace.
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+##
+# pullSecrets:
+# - myRegistryKeySecretName
+## Set to true if you would like to see extra information on logs
+## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
+##
+debug: false
## String to partially override common.fullname template (will maintain the release name)
##
+{{/*
# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
+{{/*
# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{- if .Values.config }}
apiVersion: v1
kind: ConfigMap
+{{/*
# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: Deployment
{{ $role := "coordinating-only" -}}
{{- include "common.certInitializer.volumeMount" . | nindent 10 }}
- name: {{ include "common.name" . }}-elasticsearch
- image: {{ printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }}
+ image: {{ printf "%s/%s" (include "common.repository" .) .Values.image }}
{{- if .Values.securityContext.enabled }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
securityContext:
{{- end }}
env:
- name: BITNAMI_DEBUG
- value: {{ ternary "true" "false" .Values.image.debug | quote }}
+ value: {{ ternary "true" "false" .Values.debug | quote }}
- name: ELASTICSEARCH_CLUSTER_NAME
value: {{ include "elasticsearch.clustername" .}}
- name: ELASTICSEARCH_CLUSTER_HOSTS
+{{/*
# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ $role := "coordinating-only" -}}
{{ $labels := (dict "role" $role) -}}
+{{/*
# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{- $matchLabels := (dict "discovery" (include "elasticsearch.clustername" .) "nameNoMatch" "useDiscoveryService") }}
{{ include "common.headlessService" (dict "matchLabels" $matchLabels "dot" .) }}
+{{/*
# Copyright © 2018 Amdocs, Bell Canada
# Copyright © 2019 Samsung Electronics
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
global:
aafEnabled: true
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
busyboxRepository: registry.hub.docker.com
enabled: true
# application image
-image:
- imageName: bitnami/elasticsearch
- tag: 6.8.6-debian-9-r23
- ## Specify a imagePullPolicy
- ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
- ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
- ##
- pullPolicy: IfNotPresent
- ## Optionally specify an array of imagePullSecrets.
- ## Secrets must be manually created in the namespace.
- ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
- ##
- # pullSecrets:
- # - myRegistryKeySecretName
- ## Set to true if you would like to see extra information on logs
- ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
- ##
- debug: false
+image: bitnami/elasticsearch:7.6.1
+## Specify a imagePullPolicy
+## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+##
+pullPolicy: IfNotPresent
+## Optionally specify an array of imagePullSecrets.
+## Secrets must be manually created in the namespace.
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+##
+# pullSecrets:
+# - myRegistryKeySecretName
+## Set to true if you would like to see extra information on logs
+## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
+##
+debug: false
## String to partially override common.fullname template (will maintain the release name)
##
+{{/*
# Copyright © 2018 Amdocs, Bell Canada, AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{- $global := . }}
{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }}
+{{/*
# Copyright 2019 Intel Corporation Inc
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
+{{/*
# Copyright © 2019 Intel Corporation Inc
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: StatefulSet
metadata:
mysql_tzinfo_to_sql /usr/share/zoneinfo | sed 's/Local time zone must be set--see zic manual page/FCTY/' | "${mysql[@]}" mysql
fi
-function prepare_password {
- echo -n $1 | sed -e "s/'/''/g"
+prepare_password()
+{
+ echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g"
}
mysql_root_password=`prepare_password $MYSQL_ROOT_PASSWORD`
restartPolicy: Never
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- {{ include "common.name" . }}
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
- name: mariadb-galera-backup-init
volumeMounts:
- name: backup-dir
mountPath: /backup
+ - name: db-data
+ mountPath: /var/lib/mysql
containers:
- name: mariadb-backup-validate
image: "{{ include "common.repository" . }}/{{ .Values.backupImage }}"
- name: backup-dir
persistentVolumeClaim:
claimName: {{ include "common.fullname" . }}-backup-data
+ - name: db-data
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}-data-{{ include "common.fullname" . }}-{{ sub .Values.replicaCount 1 }}
{{- end }}
fsGroup: 1001
runAsUser: 0
initContainers:
- - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ - image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
name: mariadb-galera-upgrade-readiness
env:
- name: NAMESPACE
apiVersion: v1
fieldPath: metadata.namespace
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- mariadb-galera
repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
busyboxImage: busybox:1.30
busyboxRepository: docker.io
# kubeclt image
{{/*
# Copyright © 2019 Orange
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
{{- define "mariadbInit.mariadbClusterSecret" -}}
{{- include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (default "mariadb-galera" .Values.global.mariadbGalera.nameOverride)) -}}
{{- end -}}
+
+{{- define "mariadbInit._updateSecrets" -}}
+ {{- if not .Values.secretsUpdated }}
+ {{- $global := . }}
+ {{- range $db, $dbInfos := .Values.config.mysqlAdditionalDatabases }}
+ {{- $item := dict "uid" $db "type" "basicAuth" "externalSecret" (default "" $dbInfos.externalSecret) "login" (default "" $dbInfos.user) "password" (default "" $dbInfos.password) "passwordPolicy" "required" }}
+ {{- $newList := append $global.Values.secrets $item }}
+ {{- $_ := set $global.Values "secrets" $newList }}
+ {{- end -}}
+ {{ $_ := set $global.Values "secretsUpdated" true }}
+ {{- end -}}
+{{- end -}}
+{{/*
# Copyright © 2019 Orange
# Modifications Copyright © 2018 AT&T
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
+{{/*
# Copyright © 2019 Orange
# Copyright © 2020 Samsung Electronics
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
+
+{{ include "mariadbInit._updateSecrets" . -}}
apiVersion: batch/v1
kind: Job
initContainers:
- name: {{ include "common.name" . }}-readiness
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- - {{ .Values.global.mariadbGalera.nameOverride }}
+ - {{ default .Values.global.mariadbGalera.nameOverride .Values.mariadbGalera.containerName }}
env:
- name: NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
containers:
- name: {{ include "common.name" . }}
- /db_init/db_init.sh
env:
- name: DB_HOST
- value: "{{ .Values.global.mariadbGalera.nameOverride }}"
+ value: "{{ default .Values.global.mariadbGalera.nameOverride .Values.mariadbGalera.serviceName }}"
- name: DB_PORT
- value: "{{ .Values.global.mariadbGalera.servicePort }}"
+ value: "{{ default .Values.global.mariadbGalera.servicePort .Values.mariadbGalera.servicePort }}"
- name: MYSQL_ROOT_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "root-password" "key" (default "password" .Values.global.mariadbGalera.userRootSecretKey)) | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "root-password" "key" (default "password" .Values.global.mariadbGalera.userRootSecretKey)) | indent 10 }}
- name: {{ printf "MYSQL_USER_%s" .Values.config.mysqlDatabase | upper }}
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" .Values.config.mysqlDatabase "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" .Values.config.mysqlDatabase "key" "login") | indent 10 }}
- name: {{ printf "MYSQL_PASSWORD_%s" .Values.config.mysqlDatabase | upper }}
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" .Values.config.mysqlDatabase "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" .Values.config.mysqlDatabase "key" "password") | indent 10 }}
{{- $root := . }}
{{ range $db, $_values := .Values.config.mysqlAdditionalDatabases }}
- name: {{ printf "MYSQL_USER_%s" $db | upper }}
- {{- include "common.secret.envFromSecret" (dict "global" $root "uid" $db "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" $root "uid" $db "key" "login") | indent 10 }}
- name: {{ printf "MYSQL_PASSWORD_%s" $db | upper }}
- {{- include "common.secret.envFromSecret" (dict "global" $root "uid" $db "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" $root "uid" $db "key" "password") | indent 10 }}
{{ end }}
volumeMounts:
- mountPath: /etc/localtime
+{{/*
# Copyright © 2017 Amdocs, Bell Canada, Orange
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
-{{- define "mariadb-init._update-secrets" -}}
- {{ range $db, $dbInfos := .Values.config.mysqlAdditionalDatabases }}
-{{ printf "- uid: %s" $db }}
-{{ printf " type: basicAuth" }}
- {{- if $dbInfos.externalSecret }}
-{{ printf " externalSecret: %s" $dbInfos.externalSecret }}
- {{- end }}
-{{ printf " login: %s" $dbInfos.user }}
-{{ printf " password: %s" $dbInfos.password }}
-{{ printf " passwordPolicy: required" }}
- {{- end -}}
-{{- end -}}
+{{ include "mariadbInit._updateSecrets" . -}}
-{{ $global := . }}
-{{ $secretsString := .Values.secrets | toYaml | indent 2 }}
-{{ $additionalSecretsString := (include "mariadb-init._update-secrets" .) | indent 2 }}
-{{ $finalSecretsString := (cat "\nsecrets:\n" $secretsString $additionalSecretsString) | replace " -" " -" }}
-{{ $finalSecrets := ($finalSecretsString | fromYaml).secrets }}
-
-{{ $newValues := set $global.Values "secrets" $finalSecrets }}
-{{ $tmpGlobal := set $global "Values" $newValues }}
-
-{{ include "common.secret" $tmpGlobal }}
+{{ include "common.secretFast" . }}
content: mariadb-galera
- equal:
path: spec.template.spec.initContainers[0].image
- value: oomk8s/readiness-check:2.0.2
+ value: nexus3.onap.org:10001/onap/oom/readiness:3.0.1
- equal:
path: spec.template.spec.initContainers[0].imagePullPolicy
value: IfNotPresent
#################################################################
global:
repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
mariadbGalera:
nameOverride: mariadb-galera
servicePort: 3306
secrets:
- uid: root-password
type: password
- externalSecret: '{{ tpl (default (include "mariadbInit.mariadbClusterSecret" .) .Values.global.mariadbGalera.userRootSecret) . }}'
- password: '{{ tpl (default "" .global.mariadbGalera.userRootPassword) . }}'
+ externalSecret: '{{ tpl (ternary (default "" .Values.mariadbGalera.userRootSecret) (default (include "mariadbInit.mariadbClusterSecret" .) .Values.global.mariadbGalera.userRootSecret) (not (empty (default "" .Values.mariadbGalera.serviceName)))) . }}'
+ password: '{{ tpl (ternary (default "" .Values.mariadbGalera.userRootPassword) (default "" .Values.global.mariadbGalera.userRootPassword) (not (empty (default "" .Values.mariadbGalera.serviceName)))) . }}'
- uid: '{{ .Values.config.mysqlDatabase }}'
type: basicAuth
externalSecret: '{{ tpl (default "" .Values.config.userCredentialsExternalSecret) . }}'
# Set it if you want to change the name of the different components
# nameOverride:
+mariadbGalera: {}
+# serviceName: some-name
+# containerName: some-name
+# servicePort: 3306
+# userRootPassword: some-password
+# userRootSecret: some-secret-name
+# userRootSecretKey: password
+
+
config:
userPassword: Ci@shsOd3pky1Vji
userName: u5WZ1GMSIS1wHZF
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
+{{ include "common.podSecurityContext" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: "{{ .Values.dockerHubRepository }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - docker-entrypoint.sh
+ args:
+ - --nounixsocket
env:
- name: MONGO_INITDB_DATABASE
value: "{{ .Values.config.dbName }}"
mountPath: /var/lib/mongo
resources:
{{ include "common.resources" . | indent 12 }}
+{{ include "common.containerSecurityContext" . | indent 10 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
global:
nodePortPrefix: 302
persistence: {}
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
#################################################################
rpcbindPort: 111
rpcbindUdpPort: 111
+securityContext:
+ user_id: 999
+ group_id: 999
+
ingress:
enabled: false
restartPolicy: Never
initContainers:
- name: {{ include "common.name" . }}-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --timeout
- "{{ .Values.global.readinessTimeout }}"
repository: nexus3.onap.org:10001
# readiness check
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- # Set default to 4 hrs.
+ readinessImage: onap/oom/readiness:3.0.1
+ # Set default to 4 hrs.
# On slow environments dealys this long have been seen.
readinessTimeout: 240
# logging agent
job:
host: music-cassandra
port: 9042
- busybox:
+ busybox:
image: library/busybox:latest
- cassandra:
+ cassandra:
image: onap/music/cassandra_job:3.0.24
timeout: 30
delay: 120
replicationClass: "SimpleStrategy"
replicationFactor: 3
adminUser:
- username: nelson24
- password: nelson24
+ username: nelson24
+ password: nelson24
passwordReplace: A2C4E6G8I0J2L4O6Q8S0U2W4Y6
-
+
podManagementPolicy: OrderedReady
updateStrategy:
type: OnDelete
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
spec:
- podAntiAffinity:
- preferredDuringSchedulingIgnoredDuringExecution:
- - weight: 1
- podAffinityTerm:
- labelSelector:
- matchExpressions:
- - key: app
- operator: In
- values:
- - {{ .Chart.Name }}
- topologyKey: kubernetes.io/hostname
serviceName: {{ include "common.servicename" . }}
replicas: {{ .Values.replicaCount }}
selector:
requests:
storage: {{ .Values.persistence.size | quote }}
{{- end }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
repository: nexus3.onap.org:10001
# readiness check
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
# logging agent
loggingRepository: docker.elastic.co
+{{/*
# Copyright © 2017-2020 AT&T, Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
+{{/*
# Copyright © 2017-2020 AT&T, Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: Deployment
spec:
initContainers:
- name: {{ include "common.name" . }}-cassandra-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- -j
- "{{ include "common.release" . }}-music-cassandra-job-config"
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
resources:
-{{ toYaml .Values.resources | indent 12 }}
+{{ include "common.resources" . | indent 12 }}
env:
- name: SPRING_OPTS
value: "{{ .Values.springOpts }}"
+{{/*
# Copyright © 2020 AT&T, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2017-2020 AT&T, Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.service" . }}
envsubstImage: dibi/envsubst
# readiness check
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
# logging agent
loggingRepository: docker.elastic.co
nodePortPrefix: 302
repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
release: {{ include "common.release" . }}
spec:
initContainers:
-{{- if .Values.global.mariadbGalera.localCluster }}
- - command:
- - /root/ready.py
+ - name: {{ include "common.name" . }}-readiness
+ command:
+ - /app/ready.py
args:
+{{- if .Values.global.mariadbGalera.localCluster }}
- --container-name
- {{ index .Values "mariadb-galera" "nameOverride" }}
{{- else }}
- - command:
- - /root/job_complete.py
- args:
- --job-name
- {{ include "common.release" . }}-{{ index .Values "mariadb-init" "nameOverride" }}-config-job
{{- end }}
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
containers:
- name: {{ include "common.name" . }}
command:
# readiness check
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
# image pull policy
pullPolicy: IfNotPresent
heritage: {{ $dot.Release.Service }}
name: "{{ index $dot.Values "container" "name" $pgMode }}"
spec:
- serviceName: {{ $dot.Values.service.name }}
replicas: 1
selector:
matchLabels:
+{{/*
# Copyright © 2019 Amdocs, Bell Canada, Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
global:
nodePortPrefix: 302
persistence: {}
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
# envsusbt
envsubstImage: dibi/envsubst
{{- $containers := index (ternary (dict "containers" $wait_for) $wait_for (kindIs "slice" $wait_for)) "containers" -}}
{{- $namePart := index (ternary (dict) $wait_for (kindIs "slice" $wait_for)) "name" -}}
- name: {{ include "common.name" $dot }}{{ ternary "" (printf "-%s" $namePart) (empty $namePart) }}-readiness
- image: "{{ $subchartDot.Values.global.readinessRepository }}/{{ $subchartDot.Values.global.readinessImage }}"
+ image: "{{ include "common.repository" $subchartDot }}/{{ $subchartDot.Values.global.readinessImage }}"
imagePullPolicy: {{ $subchartDot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
{{- range $container := $containers }}
- --container-name
# limitations under the License.
global:
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.2.1
+ readinessImage: onap/oom/readiness:3.0.1
pullPolicy: Always
limits:
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
restartPolicy: Never
initContainers:
- name: {{ include "common.name" . }}-init-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- awx-postgres
initContainers:
- name: {{ include "common.name" . }}-init-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- {{ include "common.name" . }}-mgnt
global:
nodePortPrefixExt: 304
commonConfigPrefix: awx
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
#################################################################
# Application configuration defaults.
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<java version="1.8.0_242" class="java.beans.XMLDecoder">
+ <object class="java.util.LinkedHashMap">
+ <void method="put">
+ <string>version</string>
+ <float>46.0</float>
+ </void>
+ <void method="put">
+ <string>type</string>
+ <int>1</int>
+ </void>
+ <void method="put">
+ <string>certversion</string>
+ <string>X509v3</string>
+ </void>
+ <void method="put">
+ <string>encodedvalidity</string>
+ <string>2y</string>
+ </void>
+ <void method="put">
+ <string>usecertificatevalidityoffset</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>certificatevalidityoffset</string>
+ <string>-10m</string>
+ </void>
+ <void method="put">
+ <string>useexpirationrestrictionforweekdays</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>expirationrestrictionforweekdaysbefore</string>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <string>expirationrestrictionweekdays</string>
+ <object class="java.util.ArrayList">
+ <void method="add">
+ <boolean>true</boolean>
+ </void>
+ <void method="add">
+ <boolean>true</boolean>
+ </void>
+ <void method="add">
+ <boolean>false</boolean>
+ </void>
+ <void method="add">
+ <boolean>false</boolean>
+ </void>
+ <void method="add">
+ <boolean>false</boolean>
+ </void>
+ <void method="add">
+ <boolean>true</boolean>
+ </void>
+ <void method="add">
+ <boolean>true</boolean>
+ </void>
+ </object>
+ </void>
+ <void method="put">
+ <string>allowvalidityoverride</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>allowextensionoverride</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>allowdnoverride</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>allowdnoverridebyeei</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>allowbackdatedrevokation</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>usecertificatestorage</string>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <string>storecertificatedata</string>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <string>storesubjectaltname</string>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <string>usebasicconstrants</string>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <string>basicconstraintscritical</string>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <string>usesubjectkeyidentifier</string>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <string>subjectkeyidentifiercritical</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>useauthoritykeyidentifier</string>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <string>authoritykeyidentifiercritical</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>usesubjectalternativename</string>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <string>subjectalternativenamecritical</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>useissueralternativename</string>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <string>issueralternativenamecritical</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>usecrldistributionpoint</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>usedefaultcrldistributionpoint</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>crldistributionpointcritical</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>crldistributionpointuri</string>
+ <string></string>
+ </void>
+ <void method="put">
+ <string>usefreshestcrl</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>usecadefinedfreshestcrl</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>freshestcrluri</string>
+ <string></string>
+ </void>
+ <void method="put">
+ <string>crlissuer</string>
+ <string></string>
+ </void>
+ <void method="put">
+ <string>usecertificatepolicies</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>certificatepoliciescritical</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>certificatepolicies</string>
+ <object class="java.util.ArrayList"/>
+ </void>
+ <void method="put">
+ <string>availablekeyalgorithms</string>
+ <object class="java.util.ArrayList">
+ <void method="add">
+ <string>DSA</string>
+ </void>
+ <void method="add">
+ <string>ECDSA</string>
+ </void>
+ <void method="add">
+ <string>RSA</string>
+ </void>
+ </object>
+ </void>
+ <void method="put">
+ <string>availableeccurves</string>
+ <object class="java.util.ArrayList">
+ <void method="add">
+ <string>ANY_EC_CURVE</string>
+ </void>
+ </object>
+ </void>
+ <void method="put">
+ <string>availablebitlengths</string>
+ <object class="java.util.ArrayList">
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>192</int>
+ </void>
+ <void method="add">
+ <int>224</int>
+ </void>
+ <void method="add">
+ <int>239</int>
+ </void>
+ <void method="add">
+ <int>256</int>
+ </void>
+ <void method="add">
+ <int>384</int>
+ </void>
+ <void method="add">
+ <int>512</int>
+ </void>
+ <void method="add">
+ <int>521</int>
+ </void>
+ <void method="add">
+ <int>1024</int>
+ </void>
+ <void method="add">
+ <int>1536</int>
+ </void>
+ <void method="add">
+ <int>2048</int>
+ </void>
+ <void method="add">
+ <int>3072</int>
+ </void>
+ <void method="add">
+ <int>4096</int>
+ </void>
+ <void method="add">
+ <int>6144</int>
+ </void>
+ <void method="add">
+ <int>8192</int>
+ </void>
+ </object>
+ </void>
+ <void method="put">
+ <string>minimumavailablebitlength</string>
+ <int>0</int>
+ </void>
+ <void method="put">
+ <string>maximumavailablebitlength</string>
+ <int>8192</int>
+ </void>
+ <void method="put">
+ <string>signaturealgorithm</string>
+ <null/>
+ </void>
+ <void method="put">
+ <string>usekeyusage</string>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <string>keyusage</string>
+ <object class="java.util.ArrayList">
+ <void method="add">
+ <boolean>true</boolean>
+ </void>
+ <void method="add">
+ <boolean>true</boolean>
+ </void>
+ <void method="add">
+ <boolean>true</boolean>
+ </void>
+ <void method="add">
+ <boolean>false</boolean>
+ </void>
+ <void method="add">
+ <boolean>false</boolean>
+ </void>
+ <void method="add">
+ <boolean>false</boolean>
+ </void>
+ <void method="add">
+ <boolean>false</boolean>
+ </void>
+ <void method="add">
+ <boolean>false</boolean>
+ </void>
+ <void method="add">
+ <boolean>false</boolean>
+ </void>
+ </object>
+ </void>
+ <void method="put">
+ <string>allowkeyusageoverride</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>keyusagecritical</string>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <string>useextendedkeyusage</string>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <string>extendedkeyusage</string>
+ <object class="java.util.ArrayList">
+ <void method="add">
+ <string>1.3.6.1.5.5.7.3.2</string>
+ </void>
+ <void method="add">
+ <string>1.3.6.1.5.5.7.3.4</string>
+ </void>
+ <void method="add">
+ <string>1.3.6.1.5.5.7.3.1</string>
+ </void>
+ </object>
+ </void>
+ <void method="put">
+ <string>extendedkeyusagecritical</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>usedocumenttypelist</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>documenttypelistcritical</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>documenttypelist</string>
+ <object class="java.util.ArrayList"/>
+ </void>
+ <void method="put">
+ <string>availablecas</string>
+ <object class="java.util.ArrayList">
+ <void method="add">
+ <int>-1</int>
+ </void>
+ </object>
+ </void>
+ <void method="put">
+ <string>usedpublishers</string>
+ <object class="java.util.ArrayList"/>
+ </void>
+ <void method="put">
+ <string>useocspnocheck</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>useldapdnorder</string>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <string>usecustomdnorder</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>usemicrosofttemplate</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>microsofttemplate</string>
+ <string></string>
+ </void>
+ <void method="put">
+ <string>usecardnumber</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>usecnpostfix</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>cnpostfix</string>
+ <string></string>
+ </void>
+ <void method="put">
+ <string>usesubjectdnsubset</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>subjectdnsubset</string>
+ <object class="java.util.ArrayList"/>
+ </void>
+ <void method="put">
+ <string>usesubjectaltnamesubset</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>subjectaltnamesubset</string>
+ <object class="java.util.ArrayList"/>
+ </void>
+ <void method="put">
+ <string>usepathlengthconstraint</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>pathlengthconstraint</string>
+ <int>0</int>
+ </void>
+ <void method="put">
+ <string>useqcstatement</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>usepkixqcsyntaxv2</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>useqcstatementcritical</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>useqcstatementraname</string>
+ <string></string>
+ </void>
+ <void method="put">
+ <string>useqcsematicsid</string>
+ <string></string>
+ </void>
+ <void method="put">
+ <string>useqcetsiqccompliance</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>useqcetsisignaturedevice</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>useqcetsivaluelimit</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>qcetsivaluelimit</string>
+ <int>0</int>
+ </void>
+ <void method="put">
+ <string>qcetsivaluelimitexp</string>
+ <int>0</int>
+ </void>
+ <void method="put">
+ <string>qcetsivaluelimitcurrency</string>
+ <string></string>
+ </void>
+ <void method="put">
+ <string>useqcetsiretentionperiod</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>qcetsiretentionperiod</string>
+ <int>0</int>
+ </void>
+ <void method="put">
+ <string>useqccustomstring</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>qccustomstringoid</string>
+ <string></string>
+ </void>
+ <void method="put">
+ <string>qccustomstringtext</string>
+ <string></string>
+ </void>
+ <void method="put">
+ <string>qcetsipds</string>
+ <null/>
+ </void>
+ <void method="put">
+ <string>qcetsitype</string>
+ <null/>
+ </void>
+ <void method="put">
+ <string>usecertificatetransparencyincerts</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>usecertificatetransparencyinocsp</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>usecertificatetransparencyinpublisher</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>usesubjectdirattributes</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>usenameconstraints</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>useauthorityinformationaccess</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>caissuers</string>
+ <object class="java.util.ArrayList"/>
+ </void>
+ <void method="put">
+ <string>usedefaultcaissuer</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>usedefaultocspservicelocator</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>ocspservicelocatoruri</string>
+ <string></string>
+ </void>
+ <void method="put">
+ <string>cvcaccessrights</string>
+ <int>3</int>
+ </void>
+ <void method="put">
+ <string>usedcertificateextensions</string>
+ <object class="java.util.ArrayList"/>
+ </void>
+ <void method="put">
+ <string>approvals</string>
+ <object class="java.util.LinkedHashMap">
+ <void method="put">
+ <object class="java.lang.Enum" method="valueOf">
+ <class>org.cesecore.certificates.ca.ApprovalRequestType</class>
+ <string>REVOCATION</string>
+ </object>
+ <int>-1</int>
+ </void>
+ <void method="put">
+ <object class="java.lang.Enum" method="valueOf">
+ <class>org.cesecore.certificates.ca.ApprovalRequestType</class>
+ <string>KEYRECOVER</string>
+ </object>
+ <int>-1</int>
+ </void>
+ <void method="put">
+ <object class="java.lang.Enum" method="valueOf">
+ <class>org.cesecore.certificates.ca.ApprovalRequestType</class>
+ <string>ADDEDITENDENTITY</string>
+ </object>
+ <int>-1</int>
+ </void>
+ </object>
+ </void>
+ <void method="put">
+ <string>useprivkeyusageperiodnotbefore</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>useprivkeyusageperiod</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>useprivkeyusageperiodnotafter</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>privkeyusageperiodstartoffset</string>
+ <long>0</long>
+ </void>
+ <void method="put">
+ <string>privkeyusageperiodlength</string>
+ <long>63072000</long>
+ </void>
+ <void method="put">
+ <string>usesingleactivecertificateconstraint</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>overridableextensionoids</string>
+ <object class="java.util.LinkedHashSet"/>
+ </void>
+ <void method="put">
+ <string>nonoverridableextensionoids</string>
+ <object class="java.util.LinkedHashSet"/>
+ </void>
+ <void method="put">
+ <string>allowcertsnoverride</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>usecustomdnorderldap</string>
+ <boolean>false</boolean>
+ </void>
+ </object>
+</java>
ejbca.sh config cmp updatealias --alias cmpRA --key operationmode --value ra
ejbca.sh ca editca --caname ManagementCA --field cmpRaAuthSecret --value ${RA_IAK}
ejbca.sh config cmp updatealias --alias cmpRA --key responseprotection --value pbe
+ #Custom EJBCA cert profile and endentity are imported to allow issuing certificates with correct extended usage (containing serverAuth)
+ ejbca.sh ca importprofiles -d /opt/primekey/custom_profiles
+ #Profile name taken from certprofile filename (certprofile_<profile-name>-<id>.xml)
+ ejbca.sh config cmp updatealias --alias cmpRA --key ra.certificateprofile --value CUSTOM_ENDUSER
+ #ID taken from entityprofile filename (entityprofile_<profile-name>-<id>.xml)
+ ejbca.sh config cmp updatealias --alias cmpRA --key ra.endentityprofileid --value 1356531849
ejbca.sh config cmp dumpalias --alias cmpRA
ejbca.sh config cmp addalias --alias cmp
ejbca.sh config cmp updatealias --alias cmp --key allowautomatickeyupdate --value true
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<java version="1.8.0_242" class="java.beans.XMLDecoder">
+ <object class="java.util.LinkedHashMap">
+ <void method="put">
+ <string>version</string>
+ <float>14.0</float>
+ </void>
+ <void method="put">
+ <string>NUMBERARRAY</string>
+ <object class="java.util.ArrayList">
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>3</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ </object>
+ </void>
+ <void method="put">
+ <string>SUBJECTDNFIELDORDER</string>
+ <object class="java.util.ArrayList">
+ <void method="add">
+ <int>500</int>
+ </void>
+ <void method="add">
+ <int>1100</int>
+ </void>
+ <void method="add">
+ <int>1200</int>
+ </void>
+ <void method="add">
+ <int>1300</int>
+ </void>
+ <void method="add">
+ <int>1400</int>
+ </void>
+ <void method="add">
+ <int>1600</int>
+ </void>
+ </object>
+ </void>
+ <void method="put">
+ <string>SUBJECTALTNAMEFIELDORDER</string>
+ <object class="java.util.ArrayList">
+ <void method="add">
+ <int>1800</int>
+ </void>
+ <void method="add">
+ <int>1801</int>
+ </void>
+ <void method="add">
+ <int>1802</int>
+ </void>
+ </object>
+ </void>
+ <void method="put">
+ <string>SUBJECTDIRATTRFIELDORDER</string>
+ <object class="java.util.ArrayList"/>
+ </void>
+ <void method="put">
+ <int>0</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20000</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10000</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30000</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>1</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20001</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10001</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30001</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>95</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20095</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10095</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30095</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>96</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20096</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10096</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30096</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>5</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20005</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10005</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30005</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>26</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20026</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10026</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30026</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>29</int>
+ <string>1834889499</string>
+ </void>
+ <void method="put">
+ <int>20029</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10029</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30029</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30</int>
+ <string>1834889499</string>
+ </void>
+ <void method="put">
+ <int>20030</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10030</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30030</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>31</int>
+ <string>1</string>
+ </void>
+ <void method="put">
+ <int>20031</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10031</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30031</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>32</int>
+ <string>1;2;3;4</string>
+ </void>
+ <void method="put">
+ <int>20032</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10032</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30032</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>33</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20033</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10033</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30033</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>34</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20034</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10034</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>30034</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>38</int>
+ <string>1</string>
+ </void>
+ <void method="put">
+ <int>20038</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10038</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30038</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>37</int>
+ <string>-477565695</string>
+ </void>
+ <void method="put">
+ <int>20037</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10037</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30037</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>98</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20098</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10098</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>30098</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>99</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20099</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10099</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>30099</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>97</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20097</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10097</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>30097</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>91</int>
+ <string>false</string>
+ </void>
+ <void method="put">
+ <int>20091</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10091</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>30091</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>94</int>
+ <string>-1</string>
+ </void>
+ <void method="put">
+ <int>20094</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10094</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>30094</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>93</int>
+ <string>-1</string>
+ </void>
+ <void method="put">
+ <int>20093</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10093</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>30093</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>89</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20089</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10089</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>30089</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>88</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20088</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10088</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>30088</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <string>ALLOW_MERGEDN_WEBSERVICES</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>2</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20002</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10002</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10090</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>90</int>
+ <string>0</string>
+ </void>
+ <void method="put">
+ <string>REVERSEFFIELDCHECKS</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>28</int>
+ <string>false</string>
+ </void>
+ <void method="put">
+ <int>20028</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10028</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>REUSECERTIFICATE</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>35</int>
+ <string>false</string>
+ </void>
+ <void method="put">
+ <int>20035</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10035</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10092</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>USEEXTENSIONDATA</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>PRINTINGUSE</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>PRINTINGDEFAULT</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>PRINTINGREQUIRED</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>PRINTINGCOPIES</string>
+ <int>1</int>
+ </void>
+ <void method="put">
+ <string>PRINTINGPRINTERNAME</string>
+ <string></string>
+ </void>
+ <void method="put">
+ <string>PRINTINGSVGDATA</string>
+ <string></string>
+ </void>
+ <void method="put">
+ <string>PRINTINGSVGFILENAME</string>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>11</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20011</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10011</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30011</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>12</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20012</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10012</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30012</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>13</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20013</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10013</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30013</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>14</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20014</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10014</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30014</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>16</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20016</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10016</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30016</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>18</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20018</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10018</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30018</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>118</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20118</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10118</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30118</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>218</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20218</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10218</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30218</int>
+ <boolean>true</boolean>
+ </void>
+ </object>
+</java>
name: "{{ include "common.fullname" . }}-config-script"
data:
{{ tpl (.Files.Glob "resources/ejbca-config.sh").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: "{{ include "common.fullname" . }}-profiles"
+data:
+{{ tpl (.Files.Glob "resources/certprofile_CUSTOM_ENDUSER-1834889499.xml").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/entityprofile_Custom_EndEntity-1356531849.xml").AsConfig . | indent 2 }}
initContainers:
- name: {{ include "common.name" . }}-db-readiness
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
{{- if .Values.global.mariadbGalera.localCluster }}
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
containers:
- name: {{ include "common.name" . }}-ejbca
volumeMounts:
- name: "{{ include "common.fullname" . }}-volume"
mountPath: /opt/primekey/scripts/
+ - name: "{{ include "common.fullname" . }}-profiles-volume"
+ mountPath: /opt/primekey/custom_profiles/
ports: {{ include "common.containerPorts" . | nindent 10 }}
env:
- name: INITIAL_ADMIN
name: "{{ include "common.fullname" . }}-config-script"
defaultMode: 0755
name: "{{ include "common.fullname" . }}-volume"
+ - configMap:
+ name: "{{ include "common.fullname" . }}-profiles"
+ defaultMode: 0755
+ name: "{{ include "common.fullname" . }}-profiles-volume"
# See the License for the specific language governing permissions and
# limitations under the License.
global:
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.1
+ readinessImage: onap/oom/readiness:3.0.1
mariadbGalera: &mariadbGalera
#This flag allows EJBCA to instantiate its own mariadb-galera cluster
localCluster: false
restartPolicy: Never
initContainers:
- name: {{ include "common.name" . }}-init-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- netbox-app
global:
nodePortPrefixExt: 304
commonConfigPrefix: netbox
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
#################################################################
# Application configuration defaults.
},
"external_cert":
{
- "image_tag": "{{ .Values.global.tlsRepository }}/{{ .Values.cmpv2Config.global.aaf.certServiceClient.image }}",
- "request_url": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.requestURL }}",
- "timeout": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.requestTimeout }}",
- "country": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.cmpv2Country }}",
- "organization": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.cmpv2Organization }}",
- "state": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.cmpv2State }}",
- "organizational_unit": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.cmpv2OrganizationalUnit }}",
- "location": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.cmpv2Location }}",
- "keystore_password": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.keystorePassword }}",
- "truststore_password": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.truststorePassword }}"
+ "image_tag": "{{ .Values.global.tlsRepository }}/{{ .Values.cmpv2Config.global.platform.certServiceClient.image }}",
+ "request_url": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.requestURL }}",
+ "timeout": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.requestTimeout }}",
+ "country": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.cmpv2Country }}",
+ "organization": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.cmpv2Organization }}",
+ "state": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.cmpv2State }}",
+ "organizational_unit": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.cmpv2OrganizationalUnit }}",
+ "location": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.cmpv2Location }}",
+ "cert_secret_name": "{{ .Values.cmpv2Config.global.platform.certServiceClient.secretName }}",
+ "keystore_password": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.keystorePassword }}",
+ "truststore_password": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.truststorePassword }}"
+ },
+ "truststore_merger":
+ {
+ "image_tag": "{{ .Values.global.tlsRepository }}/{{ .Values.cmpv2Config.global.platform.certPostProcessor.image }}"
}
}
#============LICENSE_START========================================================
#=================================================================================
-# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2018-2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2020 Nokia. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
tag_version: {{ include "common.repository" . }}/{{ .Values.componentImages.hv_ves }}
{{ end }}
use_tls: true
-security_ssl_disable: false
\ No newline at end of file
+security_ssl_disable: false
+external_cert_ca_name: "RA"
+external_cert_common_name: "dcae-hv-ves-collector"
+external_cert_sans: "dcae-hv-ves-collector:hv-ves-collector:hv-ves"
+external_cert_cert_type: "JKS"
+external_cert_use_external_tls: false
tag_version: {{ include "common.repository" . }}/{{ .Values.componentImages.tcagen2 }}
{{ end }}
tca_handle_in_subscribe_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_MEASUREMENT_OUTPUT/"
-tca_handle_out_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.TCAGEN2_OUTPUT/"
+tca_handle_out_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.DCAE_CL_OUTPUT/"
ves_measurement_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_MEASUREMENT_OUTPUT/"
ves_pnfRegistration_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_PNFREG_OUTPUT/"
ves_notification_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_NOTIFICATION_OUTPUT/"
+ves_3gpp_fault_supervision_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_FAULTSUPERVISION_OUTPUT/"
+ves_3gpp_provisioning_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_PROVISIONING_OUTPUT/"
+ves_3gpp_hearbeat_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_HEARTBEAT_OUTPUT/"
+ves_3gpp_performance_assurance_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_PERFORMANCEASSURANCE_OUTPUT/"
user_list: "sample1,$2a$10$0buh.2WeYwN868YMwnNNEuNEAMNYVU9.FSMJGyIKV3dGET/7oGOi6|demouser,$2a$10$1cc.COcqV/d3iT2N7BjPG.S6ZKv2jpb9a5MV.o7lMih/GpjJRX.Ce"
+external_cert_ca_name: "RA"
+external_cert_common_name: "dcae-ves-collector"
+external_cert_sans: "dcae-ves-collector:ves-collector:ves"
+external_cert_cert_type: "JKS"
+external_cert_use_external_tls: false
ves_measurement_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_MEASUREMENT_OUTPUT/"
ves_pnfRegistration_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_PNFREG_OUTPUT/"
ves_notification_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_NOTIFICATION_OUTPUT/"
+ves_3gpp_fault_supervision_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_FAULTSUPERVISION_OUTPUT/"
+ves_3gpp_provisioning_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_PROVISIONING_OUTPUT/"
+ves_3gpp_hearbeat_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_HEARTBEAT_OUTPUT/"
+ves_3gpp_performance_assurance_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_PERFORMANCEASSURANCE_OUTPUT/"
\ No newline at end of file
#============LICENSE_START========================================================
# ================================================================================
-# Copyright (c) 2017-2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2017-2020 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2018 Amdocs, Bell Canada
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
name: {{ include "common.name" . }}-update-config
- name: {{ include "common.name" . }}-readiness
- image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+ image: {{ include "common.repository" . }}/{{ .Values.global.readinessImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- dcae-cloudify-manager
- name: CMADDR
value: {{ .Values.config.address.cm.host }}
- name: CMPASS
- valueFrom:
- secretKeyRef:
- name: {{ include "common.name" . }}-cmpass
- key: password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cm-pass" "key" "password") | indent 14}}
- name: CMPROTO
value: {{ .Values.config.address.cm.proto }}
- name: CMPORT
#============LICENSE_START========================================================
# ================================================================================
-# Copyright (c) 2017-2018 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2017-2020 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2018 Amdocs, Bell Canada
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# limitations under the License.
# ============LICENSE_END=========================================================
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.name" . }}-cmpass
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
- password: YWRtaW4=
----
{{ include "common.secretFast" . }}
global:
nodePortPrefix: 302
nodePortPrefixExt: 304
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
tlsRepository: nexus3.onap.org:10001
externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "dcae-bootstrap-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}'
password: '{{ .Values.postgres.config.pgRootpassword }}'
policy: generate
+ - uid: 'cm-pass'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}'
+ password: '{{ .Values.config.cloudifyManagerPassword }}'
config:
logstashServiceName: log-ls
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:2.0.4
+image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:2.1.6
default_k8s_location: central
# DCAE component images to be deployed via Cloudify Manager
holmes_rules: onap/holmes/rule-management:1.2.7
holmes_engine: onap/holmes/engine-management:1.2.6
tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.2.0
- ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.7.3
+ ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.7.6
snmptrap: onap/org.onap.dcaegen2.collectors.snmptrap:1.4.0
- prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.2
- hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.4.0
+ prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.4
+ hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.5.0
# Resource Limit flavor -By Default using small
flavor: small
#============LICENSE_START========================================================
# ================================================================================
-# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2018 Amdocs, Bell Canada
+# Copyright (c) 2020 J. F. Lucas. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- "dcae-cloudify-manager"
initContainers:
- name: {{ include "common.name" . }}-readiness
- image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+ image: {{ include "common.repository" . }}/{{ .Values.global.readinessImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- aaf-cm
- {{ include "common.namespace" . }}
- --configmap
- {{ .Values.multisiteConfigMapName }}
- restartPolicy: Never
- name: init-tls
env:
- name: POD_IP
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
+ timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
{{ end }}
readinessProbe:
exec:
- /scripts/readiness-check.sh
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
+ timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
volumeMounts:
- mountPath: /opt/onap/config.txt
subPath: config.txt
name: cm-persistent
- mountPath: /opt/onap/certs
name: tls-info
+ - mountPath: /opt/onap/cm-secrets
+ name: cm-secrets
+ readOnly: true
securityContext:
privileged: True
volumes:
{{- end }}
- emptyDir: {}
name: tls-info
+ - name: cm-secrets
+ secret:
+ secretName: {{ include "common.secret.getSecretNameFast" (dict "global" . "uid" "cm-pass") }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
+{{/*
#============LICENSE_START========================================================
# ================================================================================
# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
-
+*/}}
{{ if .Values.dcae_ns}}
# Create the namespace
apiVersion: v1
annotations:
kubernetes.io/service-account.name: default
type: kubernetes.io/service-account-token
+---
+{{ include "common.secretFast" . }}
#============LICENSE_START========================================================
# ================================================================================
-# Copyright (c) 2018-2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2018 Amdocs, Bell Canada
+# Copyright (c) 2020 J. F. Lucas. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
global:
nodePortPrefix: 302
persistence: {}
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
tlsRepository: nexus3.onap.org:10001
user: docker
password: docker
+secrets:
+ - uid: 'cm-pass'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}'
+ password: '{{ .Values.config.cloudifyManagerPassword }}'
+ policy: required
+
config:
+ cloudifyManagerPassword: "override me"
logstashServiceName: log-ls
logstashPort: 5044
# Addresses of other ONAP entities
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.cm-container:3.1.0
+image: onap/org.onap.dcaegen2.deployments.cm-container:3.3.3
pullPolicy: Always
# name of shared ConfigMap with kubeconfig for multiple clusters
liveness:
initialDelaySeconds: 10
periodSeconds: 10
+ timeoutSeconds: 5
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
# liveness not desirable for Cloudify Manager container
readiness:
initialDelaySeconds: 60
- periodSeconds: 10
+ # In some environments we see CM coming up
+ # properly but readiness probe timing out.
+ # Increasing the timeout and adjusting the
+ # period so it's longer than the timeout.
+ # (DCAEGEN2-2465)
+ periodSeconds: 30
+ timeoutSeconds: 10
service:
type: ClusterIP
spec:
initContainers:
- name: {{ include "common.name" . }}-readiness
- image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+ image: {{ include "common.repository" . }}/{{ .Values.global.readinessImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- consul-server
port: {{ .Values.service.secure.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
+ {{ end }}
readinessProbe:
httpGet:
scheme: "HTTPS"
port: {{ .Values.service.insecure.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
+ {{ end }}
readinessProbe:
httpGet:
scheme: "HTTP"
global:
nodePortPrefix: 302
nodePortPrefixExt: 304
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
tlsRepository: nexus3.onap.org:10001
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.configbinding:2.5.2
+image: onap/org.onap.dcaegen2.platform.configbinding:2.5.3
pullPolicy: Always
# probe configuration parameters
#============LICENSE_START========================================================
# ================================================================================
-# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
spec:
initContainers:
- name: {{ include "common.name" . }}-readiness
- image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+ image: {{ include "common.repository" . }}/{{ .Values.global.readinessImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- dcae-cloudify-manager
successThreshold: 1
timeoutSeconds: 1
volumeMounts:
- - mountPath: /usr/local/share/ca-certificates/
+ - mountPath: /opt/app/osaaf/
name: tls-info
- mountPath: /opt/logs/dcae/dashboard
name: component-log
- name: postgres_port
value: "{{ .Values.postgres.config.pgPort }}"
- name: cloudify_password
- value: admin
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cm-pass" "key" "password") | indent 14 }}
- name: dhandler_url
value: {{ .Values.config.dhandler_url }}
- name: cfy_url
{{/*
# Copyright © 2020 Samsung Electronics
-# #
-# # Licensed under the Apache License, Version 2.0 (the "License");
-# # you may not use this file except in compliance with the License.
-# # You may obtain a copy of the License at
-# #
-# # http://www.apache.org/licenses/LICENSE-2.0
-# #
-# # Unless required by applicable law or agreed to in writing, software
-# # distributed under the License is distributed on an "AS IS" BASIS,
-# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# # See the License for the specific language governing permissions and
-# # limitations under the License.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
*/}}
+
{{ include "common.secretFast" . }}
#################################################################
global:
nodePortPrefixExt: 304
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
tlsRepository: nexus3.onap.org:10001
login: '{{ .Values.postgres.config.pgUserName }}'
password: '{{ .Values.postgres.config.pgUserPassword }}'
passwordPolicy: generate
+ - uid: 'cm-pass'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}'
+ password: '{{ .Values.config.cloudifyManagerPassword }}'
+ policy: required
config:
+ cloudifyManagerPassword: "override me"
logstashServiceName: log-ls
logstashPort: 5044
dhandler_url: https://deployment-handler:8443
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.ccsdk.dashboard.ccsdk-app-os:1.3.2
+image: onap/org.onap.ccsdk.dashboard.ccsdk-app-os:1.4.0
pullPolicy: Always
# probe configuration parameters
#============LICENSE_START========================================================
# ================================================================================
-# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2020 Nokia
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
spec:
initContainers:
- name: {{ include "common.name" . }}-readiness
- image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+ image: {{ include "common.repository" . }}/{{ .Values.global.readinessImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- dcae-cloudify-manager
- name: CLOUDIFY_USER
value: admin
- name: CLOUDIFY_PASSWORD
- value: admin
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cm-pass" "key" "password") | indent 14 }}
- name: CONFIG_BINDING_SERVICE
value: config-binding-service
- name: NODE_EXTRA_CA_CERTS
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
tlsRepository: nexus3.onap.org:10001
user: docker
password: docker
+secrets:
+ - uid: 'cm-pass'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}'
+ password: '{{ .Values.config.cloudifyManagerPassword }}'
+ policy: required
+
config:
+ cloudifyManagerPassword: "override me"
logstashServiceName: log-ls
logstashPort: 5044
# Addresses of other ONAP entities
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.deployment-handler:4.3.0
+image: onap/org.onap.dcaegen2.platform.deployment-handler:4.4.1
pullPolicy: Always
# probe configuration parameters
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
name: {{ include "common.name" . }}-update-config
- name: {{ include "common.name" . }}-readiness
- image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+ image: {{ include "common.repository" . }}/{{ .Values.global.readinessImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- {{ .Values.postgres.nameOverride }}
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
tlsRepository: nexus3.onap.org:10001
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.inventory-api:3.4.1
+image: onap/org.onap.dcaegen2.platform.inventory-api:3.5.1
pullPolicy: Always
#============LICENSE_START========================================================
# ================================================================================
-# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
spec:
initContainers:
- name: {{ include "common.name" . }}-readiness
- image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+ image: {{ include "common.repository" . }}/{{ .Values.global.readinessImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- dcae-deployment-handler
- name: CLOUDIFY_USER
value: admin
- name: CLOUDIFY_PASSWORD
- value: admin
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cm-pass" "key" "password") | indent 14 }}
- name: CONFIG_BINDING_SERVICE
value: config-binding-service
- name: POD_IP
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
tlsRepository: nexus3.onap.org:10001
user: docker
password: docker
+secrets:
+ - uid: 'cm-pass'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}'
+ password: '{{ .Values.config.cloudifyManagerPassword }}'
+ policy: required
+
config:
+ cloudifyManagerPassword: "override me"
logstashServiceName: log-ls
logstashPort: 5044
# Addresses of other ONAP entities
spec:
initContainers:
- name: {{ include "common.name" . }}-readiness
- image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+ image: {{ include "common.repository" . }}/{{ .Values.global.readinessImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- "dcae-inventory-api"
- --container-name
- "message-router"
- --container-name
- - "sdc-dcae-be"
+ - "sdc-be"
- "-t"
- "45"
env:
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
tlsRepository: nexus3.onap.org:10001
# Copyright © 2018 Amdocs, Bell Canada
# Modifications Copyright © 2018-2019 AT&T
+# Modifications Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
busyboxRepository: docker.io
busyboxImage: library/busybox:1.30
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+- name: &cmPassSecretName '{{ include "common.release" . }}-dcaegen2-cm-pass'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}'
+ password: '{{ .Values.config.cloudifyManagerPassword }}'
+
+config: {}
+
+# To work around DCAEGEN2-2450, set password strength to "basic"
+# to ensure password contains only alphanumerics
+passwordStrengthOverride: basic
+
# Enable all DCAE components by default
dcae-bootstrap:
enabled: true
+ config:
+ cloudifyManagerPasswordExternalSecret: *cmPassSecretName
dcae-cloudify-manager:
enabled: true
+ config:
+ cloudifyManagerPasswordExternalSecret: *cmPassSecretName
dcae-config-binding-service:
enabled: true
dcae-dashboard:
enabled: true
+ config:
+ cloudifyManagerPasswordExternalSecret: *cmPassSecretName
dcae-deployment-handler:
enabled: true
+ config:
+ cloudifyManagerPasswordExternalSecret: *cmPassSecretName
dcae-healthcheck:
enabled: true
dcae-inventory-api:
enabled: true
dcae-policy-handler:
enabled: true
+ config:
+ cloudifyManagerPasswordExternalSecret: *cmPassSecretName
dcae-servicechange-handler:
enabled: true
spec:
initContainers:
- name: {{ include "common.name" . }}-readiness
- image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+ image: {{ include "common.repository" . }}/{{ .Values.global.readinessImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- dcaemod-genprocessor-http
persistence: {}
nodePortPrefix: 302
nodePortPrefixExt: 304
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
ingress:
enabled: true
spec:
initContainers:
- name: {{ include "common.name" . }}-readiness
- image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+ image: {{ include "common.repository" . }}/{{ .Values.global.readinessImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- dcaemod-runtime-api
persistence: {}
nodePortPrefix: 302
nodePortPrefixExt: 304
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
ingress:
enabled: true
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.mod.distributorapi:1.0.1
+image: onap/org.onap.dcaegen2.platform.mod.distributorapi:1.1.0
service:
type: ClusterIP
persistence: {}
nodePortPrefix: 302
nodePortPrefixExt: 304
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
ingress:
enabled: true
virtualhost:
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
- port: {{ ( index .Values.service.ports 0).port }}
+ port: {{ include "common.getPort" (dict "global" . "name" "http") }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end -}}
readinessProbe:
tcpSocket:
- port: {{ ( index .Values.service.ports 0).port }}
+ port: {{ include "common.getPort" (dict "global" . "name" "http") }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
service:
name: dcaemod-healthcheck
persistence: {}
nodePortPrefix: 302
nodePortPrefixExt: 304
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
config:
dbURL: jdbc:h2:./database/nifi-registry-primary
spec:
initContainers:
- name: {{ include "common.name" . }}-readiness
- image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+ image: {{ include "common.repository" . }}/{{ .Values.global.readinessImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- {{ .Values.postgres.nameOverride }}
global:
nodePortPrefix: 302
nodePortPrefixExt: 304
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
ingress:
enabled: true
virtualhost:
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.mod.onboardingapi:2.12.2
+image: onap/org.onap.dcaegen2.platform.mod.onboardingapi:2.12.3
# Resource Limit flavor -By Default using small
flavor: small
global:
nodePortPrefix: 302
nodePortPrefixExt: 304
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
config:
dashboardURL: https://inventory:8080/dcae-service-types
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.0.6
+image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.1.0
# Resource Limit flavor -By Default using small
flavor: small
args: [ "-c", "sed -i -e '/cadi_keystore_password=/d' -e '/cadi_keystore_password_jks/p' -e 's/cadi_keystore_password_jks/cadi_keystore_password/' -e 's/dmaap-bc.p12/dmaap-bc.jks/' /opt/app/osaaf/local/org.onap.dmaap-bc.cred.props" ]
- name: {{ include "common.name" . }}-postgres-readiness
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- {{ .Values.postgres.nameOverride }}
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
{{- end }}
containers:
restartPolicy: Never
initContainers:
- name: {{ include "common.name" . }}-init-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- dmaap-bc
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
envsubstImage: dibi/envsubst
<appender-ref ref="asyncDebug" />
<appender-ref ref="asyncError" />
<appender-ref ref="asyncJettyLog" />
+ <appender-ref ref="STDOUT" />
</root>
</configuration>
\ No newline at end of file
spec:
initContainers:
- name: {{ include "common.name" . }}-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- dmaap-dr-prov
# Application configuration defaults.
#################################################################
# application image
-image: onap/dmaap/datarouter-node:2.1.6
+image: onap/dmaap/datarouter-node:2.1.7
pullPolicy: Always
# flag to enable debugging - application support required
<appender-ref ref="asyncEELFError" />
<appender-ref ref="asyncEELFjettylog" />
<appender-ref ref="asyncEELFDebug" />
+ <appender-ref ref="STDOUT" />
</root>
</configuration>
\ No newline at end of file
hostname: {{ .Values.global.dmaapDrProvName }}
initContainers:
- name: {{ include "common.name" . }}-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- {{ .Values.config.dmaapDrDb.mariadbContName }}
apiVersion: v1
kind: Service
metadata:
- name: {{ .Values.global.dmaapDrProvName }}
+ name: {{ default "dmaap-dr-prov" .Values.global.dmaapDrProvName }}
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
# Application configuration defaults.
#################################################################
# application image
-image: onap/dmaap/datarouter-prov:2.1.6
+image: onap/dmaap/datarouter-prov:2.1.7
pullPolicy: Always
# flag to enable debugging - application support required
image: "{{ .Values.global.ubuntuInitRepository }}/{{ .Values.ubuntuInitImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- {{ .Values.zookeeper.name }}
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
- command:
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
persistence: {}
periodSeconds: {{ .Values.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
resources:
-{{ toYaml .Values.resources | indent 10 }}
+{{ include "common.resources" . | indent 10 }}
env:
- name : KAFKA_HEAP_OPTS
value: "{{ .Values.zkConfig.heapOptions }}"
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
ubuntuInitRepository: registry.hub.docker.com
<jmxConfigurator />
<property name="logDirectory" value="${AJSC_HOME}/log" />
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
- <filter class="ch.qos.logback.classic.filter.LevelFilter">
- <level>ERROR</level>
- <onMatch>ACCEPT</onMatch>
- <onMismatch>DENY</onMismatch>
- </filter>
<encoder>
<pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n
</pattern>
spec:
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- {{ .Values.kafka.name }}
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
global:
nodePortPrefix: 302
nodePortPrefixExt: 304
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
clientImage: onap/dmaap/dbc-client:1.0.9
# limitations under the License.
-->
-<configuration scan="false" debug="true">
- <property name="p_tim" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}"/>
- <property name="p_lvl" value="%level"/>
- <property name="p_log" value="%logger"/>
- <property name="p_mdc" value="%replace(%replace(%mdc){'\t','\\\\t'}){'\n', '\\\\n'}"/>
- <property name="p_msg" value="%replace(%replace(%msg){'\t', '\\\\t'}){'\n','\\\\n'}"/>
- <property name="p_exc" value="%replace(%replace(%rootException){'\t', '\\\\t'}){'\n','\\\\n'}"/>
- <property name="p_mak" value="%replace(%replace(%marker){'\t', '\\\\t'}){'\n','\\\\n'}"/>
- <property name="p_thr" value="%thread"/>
- <property name="pattern" value="%nopexception${p_tim}\t${p_thr}\t${p_lvl}\t${p_log}\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n"/>
-
- <property name="logDir" value="/var/log/onap" />
- <property name="debugDir" value="/var/log/onap" />
-
- <property name="componentName" value="esr"></property>
- <property name="subComponentName" value="esr-server"></property>
+<configuration scan="{{ .Values.log.scan.enabled }}" debug="{{ .Values.log.debug }}">
+
+ <property name="componentName" value='{{default "UNSET_COMPONENT" .Values.log.componentName}}'/>
+ <property name="subcomponentName" value='{{default "UNSET_SUBCOMPONENT" .Values.log.subcomponentName}}'/>
+
+ <property name="logDir" value="{{ .Values.log.logDir }}" />
+ <property name="queueSize" value="{{ .Values.log.queueSize }}"/>
+
+ <property name="p_tim" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}"/>
+ <property name="p_lvl" value="%level"/>
+ <property name="p_log" value="%logger"/>
+ <property name="p_mdc" value="%replace(%replace(%mdc){'\t','\\\\t'}){'\n', '\\\\n'}"/>
+ <property name="p_msg" value="%replace(%replace(%msg){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+ <property name="p_exc" value="%replace(%replace(%rootException){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+ <property name="p_mak" value="%replace(%replace(%marker){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+ <property name="p_thr" value="%thread"/>
+ <property name="pattern" value="%nopexception${p_tim}\t${p_thr}\t${p_lvl}\t${p_log}\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n"/>
<property name="errorLogName" value="error" />
<property name="metricsLogName" value="metrics" />
<property name="auditLogName" value="audit" />
<property name="debugLogName" value="debug" />
- <property name="errorPattern" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%.-5level|%X{ErrorCode}|%X{ErrorDesc}|%msg%n\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n" />
- <property name="debugPattern" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}|%X{RequestId}|%msg%n\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n" />
-
+ <property name="errorPattern" value="${p_tim}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%.-5level|%X{ErrorCode}|%X{ErrorDesc}|%msg%n\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n" />
+ <property name="debugPattern" value="${p_tim}|%X{RequestId}|%msg%n\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n" />
<property name="auditPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread||%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{RemoteHost}||||||||%msg%n" />
<property name="metricPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread||%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{RemoteHost}||||%X{TargetVirtualEntity}|||||%msg%n" />
+
<property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
- <property name="debugLogDirectory" value="${debugDir}/${componentName}/${subComponentName}" />
+
+ <!-- Console (human-readable) logging -->
+ <property name="consolePattern" value="%nopexception${p_log}\t${p_tim}\t${p_lvl}\t%message\t${p_mdc}\t%rootException\t${p_mak}\t${p_thr}%n"/>
<appender name="EELFAudit"
class="ch.qos.logback.core.rolling.RollingFileAppender">
</appender>
<appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize>
+ <queueSize>${queueSize}</queueSize>
<appender-ref ref="EELFAudit" />
</appender>
</appender>
<appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize>
+ <queueSize>${queueSize}</queueSize>
<appender-ref ref="EELFMetrics"/>
</appender>
</appender>
<appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize>
+ <queueSize>${queueSize}</queueSize>
<appender-ref ref="EELFError"/>
</appender>
<appender name="EELFDebug"
class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${debugLogDirectory}/${debugLogName}.log</file>
+ <file>${logDirectory}/${debugLogName}.log</file>
<rollingPolicy
class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${debugLogDirectory}/${debugLogName}.log.%d</fileNamePattern>
+ <fileNamePattern>${logDirectory}/${debugLogName}.log.%d</fileNamePattern>
</rollingPolicy>
<encoder>
<pattern>${debugPattern}</pattern>
</appender>
<appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize>
+ <queueSize>${queueSize}</queueSize>
<appender-ref ref="EELFDebug" />
<includeCallerData>true</includeCallerData>
</appender>
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <pattern>${consolePattern}</pattern>
+ </encoder>
+ </appender>
+
<logger name="com.att.eelf.audit" level="info" additivity="false">
<appender-ref ref="asyncEELFAudit" />
</logger>
<appender-ref ref="asyncEELFError" />
</logger>
- <root level="INFO">
+ <root level="{{ .Values.log.root.level }}">
<appender-ref ref="asyncEELFDebug" />
+ <appender-ref ref="STDOUT" />
</root>
-</configuration>
-
+</configuration>
\ No newline at end of file
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
ingress:
enabled: false
+log:
+ componentName: esr
+ subcomponentName: esr-server
+ debug: true
+ scan:
+ enabled: false
+ logDir: /var/log/onap
+ queueSize: 256
+ root:
+ level: INFO
+
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
initContainers:
#Example init container for dependency checking
# - command:
-# - /root/ready.py
+# - /app/ready.py
# args:
# - --container-name
# - mariadb
# fieldRef:
# apiVersion: v1
# fieldPath: metadata.namespace
-# image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+# image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
# imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
# name: {{ include "common.name" . }}-readiness
containers:
global:
nodePortPrefix: 302
repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
#################################################################
global:
nodePortPrefix: 302
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
persistence: {}
#################################################################
spec:
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- log-elasticsearch
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
- args:
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
persistence: {}
#################################################################
spec:
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- log-elasticsearch
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
persistence: {}
#################################################################
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
+ readinessImage: onap/oom/readiness:3.0.1
- name: mariadb-galera
version: ~6.x-0
repository: '@local'
+ condition: global.mariadbGalera.localCluster
+ - name: mariadb-init
+ version: ~6.x-0
+ repository: '@local'
+ condition: not global.mariadbGalera.localCluster
+ - name: readinessCheck
+ version: ~6.x-0
+ repository: '@local'
spec:
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- - --container-name
- - modeling-mariadb
+ - -j
+ - "{{ include "common.release" . }}-{{ include "common.name" . }}-config-job"
env:
- name: NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
+ name: {{ include "common.name" . }}-job-readiness
+ {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for.msb ) | indent 6 | trim }}
- command:
- /bin/sh
- -c
mountPath: /service/modeling/etsicatalog/static
containers:
- name: {{ include "common.name" . }}
- command:
- - bash
- args:
- - -c
- - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh'
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- name: MSB_PROTO
- value: "{{ .Values.global.config.msbProtocol }}"
+ value: "{{ .Values.config.msbProtocol }}"
- name: SSL_ENABLED
- value: "{{ .Values.global.config.ssl_enabled }}"
+ value: "{{ .Values.config.ssl_enabled }}"
- name: MSB_ADDR
- value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- - name: MYSQL_ADDR
- value: {{ (index .Values "mariadb-galera" "service" "name") }}:{{ (index .Values "mariadb-galera" "service" "internalPort") }}
- - name: MYSQL_ROOT_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 12}}
+ value: "{{ .Values.config.msbServiceName }}:{{ .Values.config.msbPort }}"
+ - name: DB_IP
+ value: "{{ include "common.mariadbService" . }}"
+ - name: DB_PORT
+ value: "{{ include "common.mariadbPort" . }}"
+ - name: DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "modeling-db-secret" "key" "login") | indent 12 }}
+ - name: DB_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "modeling-db-secret" "key" "password") | indent 12 }}
volumeMounts:
- name: {{ include "common.fullname" . }}-etsicatalog
mountPath: /service/modeling/etsicatalog/static
-# Copyright (c) 2020 Samsung Electronics
+{{/*# Copyright (c) 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.secretFast" . }}
"url": "/api/parser/v1",
"protocol": "REST",
"port": "{{.Values.service.externalPort}}",
- "enable_ssl": {{ .Values.global.config.ssl_enabled }},
+ "enable_ssl": {{ .Values.config.ssl_enabled }},
"visualRange":"1"
},
{
"url": "/api/catalog/v1",
"protocol": "REST",
"port": "{{.Values.service.externalPort}}",
- "enable_ssl": {{ .Values.global.config.ssl_enabled }},
+ "enable_ssl": {{ .Values.config.ssl_enabled }},
"visualRange":"1"
},
{
"url": "/api/nsd/v1",
"protocol": "REST",
"port": "{{.Values.service.externalPort}}",
- "enable_ssl": {{ .Values.global.config.ssl_enabled }},
+ "enable_ssl": {{ .Values.config.ssl_enabled }},
"visualRange":"1"
},
{
"url": "/api/vnfpkgm/v1",
"protocol": "REST",
"port": "{{.Values.service.externalPort}}",
- "enable_ssl": {{ .Values.global.config.ssl_enabled }},
+ "enable_ssl": {{ .Values.config.ssl_enabled }},
"visualRange":"1"
}
]'
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
- config:
- ssl_enabled: false
- msbProtocol: https
- msbServiceName: msb-iag
- msbPort: 443
-
persistence:
mountPath: /dockerdata-nfs
+ mariadbGalera:
+ #This flag allows Modeling to instantiate its own mariadb-galera cluster
+ localCluster: false
+ service: mariadb-galera
+ internalPort: 3306
+ nameOverride: mariadb-galera
+
+readinessCheck:
+ wait_for:
+ msb:
+ name: msb
+ containers:
+ - msb-iag
+
#################################################################
# Secrets metaconfig
#################################################################
secrets:
- - uid: "db-root-pass"
- externalSecret: '{{- include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (index .Values "mariadb-galera" "nameOverride")) }}'
- type: password
+ - uid: modeling-db-secret
+ name: &dbSecretName '{{ include "common.release" . }}-modeling-db-secret'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.db.userName }}'
+ password: '{{ .Values.config.db.userPassword }}'
#################################################################
# Dependencies configuration
#################################################################
mariadb-galera:
- nameOverride: modeling-mariadb
+ config: &mariadbConfig
+ userCredentialsExternalSecret: *dbSecretName
+ mysqlDatabase: etsicatalog
+ nameOverride: modeling-db
service:
name: modeling-db
portName: modeling-db
enabled: true
disableNfsProvisioner: true
+mariadb-init:
+ config: *mariadbConfig
+ # nameOverride should be the same with common.name
+ nameOverride: modeling-etsicatalog
+
#################################################################
# Application configuration defaults.
#################################################################
+config:
+ #application configuration about msb
+ ssl_enabled: false
+ msbProtocol: https
+ msbServiceName: msb-iag
+ msbPort: 443
+ #application configuration user password about mariadb
+ db:
+ userName: etsicatalog
+ # userPassword: password
+ # userCredentialsExternalSecret: some-secret
+
# application image
flavor: small
repository: nexus3.onap.org:10001
-image: onap/modeling/etsicatalog:1.0.6
+image: onap/modeling/etsicatalog:1.0.7
initImage: busybox:latest
pullPolicy: Always
serviceAccountName: msb
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- msb-discovery
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
#################################################################
# Application configuration defaults.
<property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
<property name="debugLogDirectory" value="${debugDir}/${componentName}/${subComponentName}" />
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <pattern>${errorPattern}</pattern>
+ </encoder>
+ </appender>
+
<appender name="EELFAudit"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${auditLogName}.log</file>
<root level="INFO">
<appender-ref ref="asyncEELFDebug" />
+ <appender-ref ref="STDOUT" />
</root>
</configuration>
serviceAccountName: msb
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- msb-consul
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
#################################################################
# Application configuration defaults.
<property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
<property name="debugLogDirectory" value="${debugDir}/${componentName}/${subComponentName}" />
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <pattern>${errorPattern}</pattern>
+ </encoder>
+ </appender>
+
<appender name="EELFAudit"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${auditLogName}.log</file>
<root level="INFO">
<appender-ref ref="asyncEELFDebug" />
+ <appender-ref ref="STDOUT" />
</root>
</configuration>
serviceAccountName: msb
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- msb-discovery
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
#################################################################
# Application configuration defaults.
<property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
<property name="debugLogDirectory" value="${debugDir}/${componentName}/${subComponentName}" />
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <pattern>${errorPattern}</pattern>
+ </encoder>
+ </appender>
+
<appender name="EELFAudit"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${auditLogName}.log</file>
<root level="INFO">
<appender-ref ref="asyncEELFDebug" />
+ <appender-ref ref="STDOUT" />
</root>
</configuration>
serviceAccountName: msb
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- msb-discovery
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
#################################################################
# Application configuration defaults.
#################################################################
global:
nodePortPrefixExt: 304
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
persistence: {}
mountSubPath: multicloud-k8s/mongo/data
enabled: true
disableNfsProvisioner: true
+ flavor: &storage_flavor large
+ resources: &storage_resources
+ small:
+ limits:
+ cpu: 100m
+ memory: 300Mi
+ requests:
+ cpu: 10m
+ memory: 75Mi
+ large:
+ limits:
+ cpu: 200m
+ memory: 1Gi
+ requests:
+ cpu: 50m
+ memory: 300Mi
+ unlimited: {}
#etcd chart overrides for k8splugin
etcd:
persistence:
mountSubPath: multicloud-k8s/etcd/data
enabled: true
+ flavor: *storage_flavor
+ resources: *storage_resources
# No persistence right now as we rely on Mongo to handle that
persistence:
spec:
containers:
- env:
+ - name: MSB_PROTO
+ value: {{ .Values.config.msbprotocol }}
- name: MSB_ADDR
value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}"
- name: MSB_PORT
value: "{{ .Values.config.aai.username }}"
- name: AAI_PASSWORD
value: "{{ .Values.config.aai.password }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.config.ssl_enabled }}"
name: {{ include "common.name" . }}
volumeMounts:
- mountPath: /var/log/onap
# application configuration
config:
+ ssl_enabled: false
+ msbprotocol: https
msbgateway: msb-iag
- msbPort: 80
+ msbPort: 443
aai:
port: 8443
schemaVersion: v13
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
busyboxRepository: registry.hub.docker.com
nodePortPrefix: 302
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
- artifactImage: onap/multicloud/framework-artifactbroker:1.5.1
+ artifactImage: onap/multicloud/framework-artifactbroker:1.6.0
prometheus:
enabled: false
persistence: {}
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/multicloud/framework:1.5.1
+image: onap/multicloud/framework:1.6.0
pullPolicy: Always
#Istio sidecar injection policy
+{{/*
# Copyright © 2018 Orange
# Modifications Copyright © 2018 Amdocs, Bell Canada
# Modifications Copyright © 2020 Nokia
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: Deployment
+{{/*
# Copyright © 2020 Samsung, Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.ingress" . }}
+{{/*
# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2017 Amdocs, Bell Canada, Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
mariadbGalera: &mariadbGalera
# Copyright © 2019 Amdocs, Bell Canada
+# Copyright (c) 2020 Nordix Foundation, Modifications
+# Modifications Copyright © 2020 Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
version: ~6.x-0
repository: '@local'
condition: modeling.enabled
+ - name: platform
+ version: ~6.x-0
+ repository: '@local'
+ condition: platform.enabled
+ - name: a1policymanagement
+ version: ~6.x-0
+ repository: '@local'
+ condition: a1policymanagement.enabled
# any other repository that hosts images for ONAP components.
#repository: nexus3.onap.org:10001
- # readiness check - temporary repo until images migrated to nexus3
- readinessRepository: oomk8s
+ # readiness check
+ readinessImage: onap/oom/readiness:3.0.1
+
# logging agent - temporary repo until images migrated to nexus3
loggingRepository: docker.elastic.co
# Copyright © 2017 Amdocs, Bell Canada
+# Copyright (c) 2020 Nordix Foundation, Modifications
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
readiness:
initialDelaySeconds: 120
+a1policymanagement:
+ liveness:
+ initialDelaySeconds: 60
+ periodSeconds: 10
+ readiness:
+ initialDelaySeconds: 60
+ periodSeconds: 10
user: docker
password: docker
- # readiness check - temporary repo until images migrated to nexus3
- readinessRepository: oomk8s
+ # readiness check
+ readinessImage: onap/oom/readiness:3.0.1
+
# logging agent - temporary repo until images migrated to nexus3
loggingRepository: docker.elastic.co
# Copyright © 2019 Amdocs, Bell Canada
+# Copyright (c) 2020 Nordix Foundation, Modifications
+# Modifications Copyright © 2020 Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
enabled: true
modeling:
enabled: true
+platform:
+ enabled: true
+a1policymanagement:
+ enabled: true
\ No newline at end of file
# Copyright © 2020 Nordix Foundation
+# Modifications Copyright © 2020 Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#################################################################
global:
cmpv2Enabled: true
- aaf:
+ platform:
certServiceClient:
envVariables:
# Certificate related
# Copyright © 2019 Amdocs, Bell Canada
+# Copyright (c) 2020 Nordix Foundation, Modifications
+# Modifications Copyright © 2020 Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
password: docker
dockerHubRepository: docker.io
- # readiness check - temporary repo until images migrated to nexus3
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.2.2
+ # readiness check
+ readinessImage: onap/oom/readiness:3.0.1
# curl image
curlImage: curlimages/curl:7.69.1
# flag to enable debugging - application support required
debugEnabled: false
+ # default password complexity
+ # available options: phrase, name, pin, basic, short, medium, long, maximum security
+ # More datails: https://masterpassword.app/masterpassword-algorithm.pdf
+ passwordStrength: long
+
# configuration to set log level to all components (the one that are using
# "common.log.level" to set this)
# can be overrided per components by setting logConfiguration.logLevelOverride
ingress:
enabled: false
virtualhost:
- enabled: true
- baseurl: "simpledemo.onap.org"
+ enabled: true
+ baseurl: "simpledemo.onap.org"
# Global Service Mesh configuration
# POC Mode, don't use it in production
# Enabling CMPv2
cmpv2Enabled: true
- aaf:
+ platform:
certServiceClient:
- image: onap/org.onap.aaf.certservice.aaf-certservice-client:1.2.0
+ image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.0
secret:
- name: aaf-cert-service-client-tls-secret
- mountPath: /etc/onap/aaf/certservice/certs/
+ name: oom-cert-service-client-tls-secret
+ mountPath: /etc/onap/oom/certservice/certs/
envVariables:
# Certificate related
cmpv2Organization: "Linux-Foundation"
cmpv2Country: "US"
# Client configuration related
caName: "RA"
- requestURL: "https://aaf-cert-service:8443/v1/certificate/"
+ requestURL: "https://oom-cert-service:8443/v1/certificate/"
requestTimeout: "30000"
- keystorePath: "/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks"
+ keystorePath: "/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks"
+ outputType: "P12"
keystorePassword: "secret"
- truststorePath: "/etc/onap/aaf/certservice/certs/truststore.jks"
+ truststorePath: "/etc/onap/oom/certservice/certs/truststore.jks"
truststorePassword: "secret"
# TLS
# default
centralizedLoggingEnabled: ¢ralizedLogging false
-
-# Example of specific for the components where you want to disable TLS only for
-# it:
-# if set this element will force or not tls even if global.serviceMesh.tls and
-# global.tlsEnabled is set otherwise.
-# robot:
-# tlsOverride: false
+ # Example of specific for the components where you want to disable TLS only for
+ # it:
+ # if set this element will force or not tls even if global.serviceMesh.tls and
+ # global.tlsEnabled is set otherwise.
+ # robot:
+ # tlsOverride: false
# Global storage configuration
# Set to "-" for default, or with the name of the storage class
enabled: false
modeling:
enabled: false
+platform:
+ enabled: false
+a1policymanagement:
+ enabled: false
-# Copyright © 2017 Amdocs, AT&T, Bell Canada, VMware
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-make-has:
- cd charts && helm dep up oof-has
- cd charts && helm dep up oof-cmso
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts docker
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell helm version --template "{{.Version}}")
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+else
+ @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+endif
+
+ @helm repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
+++ /dev/null
- # -------------------------------------------------------------------------
- # Copyright (c) 2019 AT&T Intellectual Property
- #
- # Licensed under the Apache License, Version 2.0 (the "License");
- # you may not use this file except in compliance with the License.
- # You may obtain a copy of the License at
- #
- # http://www.apache.org/licenses/LICENSE-2.0
- #
- # Unless required by applicable law or agreed to in writing, software
- # distributed under the License is distributed on an "AS IS" BASIS,
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- # See the License for the specific language governing permissions and
- # limitations under the License.
- #
- # -------------------------------------------------------------------------
- #
-
-aaf_id=oof@oof.onap.org
-aaf_password=demo123456!
-cadi_keyfile=/share/etc/certs/org.onap.oof.keyfile
-cadi_truststore=/share/etc/certs//truststoreONAPall.jks
+++ /dev/null
-dX1X5XcwStbiOmKV2k-px6nukVP3Ucg3mB6Rx3IyAyAQOZx8nU-TBK9kOV635VI5559pLF6z7jGR
-BcBfEgQtiO93vGKsSfkiVjorFz5UDqqXvoW6kFz4yQHBYR8cfFIRQ4L6mitfrs6gsM0d7CBqBz29
-I5lyzeSzmaPmJDP92jw--y3cvGRYYNLGvl3U3IIeCFX9IkDY29OZazaQaihAZx2trjLZKEeuzLN1
-6JQGbKEqCCRzZ46TXnH1DKRPxxV2aNzb_3I8402XUmlGBPf0Ucyj2wlBWrSApVVaxKKIEgIjf7vs
-x2fEMD-ye--2MkalDZ6Tm_x75GFKiia7Uc2fBBb4xHGZZEmKTh4php1Gu3v1bVY8hjXXVTpF-WXm
-cm9T4uczm_CgnKE4PtqLnYQg87LI8ONbWIE5jkgu1D4lhWkzO8nMrQlnFT0HlB-CRGu_xRsIWvnc
-bTA8K4iKJMHm7IhRfrBFNRBSq8AH_9LoUfTQ62C-Nt8g6Wu7ox6fO_dus1S9H9ndNzos31IVrn1h
-5QHxuBCUORISWjGoEQSM6spz3pyvbNMgKpkkg2izwXzDwc3RbqOgiSY8WtpKXuWceU-Ltl_npFpO
-O1suykGF6fnuql87ERJ7mcEiNd8L2_GuxTr-0YbbWgCK2IBDyfNc6ayTcjN0huoF72umE0ODQ0aK
-0HUAWAV4W6cWXEj7iOpMx1jkDURbWEdPetlz-LZKv7aN3s65Cl4Nib7ltWrs9ilP5J-KUKTkUPpM
-poBWXVZf4IjNx3H2KFzdLeGSXO3kG46tQDeeloFuY2yk1FWeyS9xLS60H2komdIW6qRVVBzeJHRN
-7dYMK5AhAgOghhe5XBhH1yHVdjLJuOMXPRrXe8dTyNU6fD1rHuvGukwSLW9lXsQkJBENfsIxY-At
--j6Gm54G_Dz5k7tu7ThpCREVxNoBDMOBC_RemS0P-pqHSEpxEc0OjLQbVSPBQRa3eaRiqLMz_dop
-FGJt56UE73Qn0HWQw16lSdKSDtuSlByEwbQ8fRFN6e2f6DCHwW81kPpfJBcoPgO4RcoazNfbLXGI
-c3q9SSpOy6r33lPT8ZigURWiNqgO2NgWswAhaN1lllbXooQxhmTnokTxi8lbQ45ZMI0n5TKFJVAB
-TtEpi4VESECsda-Rlt2w-SE9QMSSxbdYcoMutupHoj2EuRcEDAW9ghLcfBqBkGapS_Vk-E7VYBqT
-mCzuKx5WdvNj9RFCIHq7U6axpddRd7XGgKhQwyLo075DLlpULcXjHegh2Dv_U-CgwMc7J4NfCNYL
-atLIkKAhxiaHt7nkhSVKsJK89-7_NQd-OubYnUNMREoEBJautCFfyiL5fooEb2Vdu1S-27fAYk3f
-9Zv4j_lwldSGBkNZg8vKGsSLgl9acdXld_zyUI9iGe-cj5eibI7LLpaxRL9UyBJWvElyDdTQvTZL
-DdpWmy3QF9GUGx0AwZixPixXdIHmmu2yOu1kFqNAjHqfVfoyNETlGrQRM5IPQ6RmBhWC3Iv5mSNA
-FZ0J95bvy9_HS718wAhlEiw4B6FGnTR8KZozfOtr2ihh8QybBgvvJrs-68RIB56gWyavbn-aAnXi
-zTI1YYCVzBDVv4XPzqK4itVl5gPb3KCHPUSlrVhkPLXAUix3b4-nu4pk8veAE1CYZCIy_GqPNUOT
-LqLl4-WMHodF7SLNzvPSqgolCC1TjnuO1ysOHlK86W7nZPyrpnideiLbGs6G51cG0pIcDIyWNm6d
-9TXQTiRx87cZxRxEEFz57ftjqy3qhg_sw2ziFWOeItEO6OaOgwfH2OtMToeBWiJepyfG1eB4n7jH
-OsTQLSvCt2gHI1zXyCtYBZKeZI2dxO6cOdh5ljIuS0rABHe1BP2ZkKmJIXoEPFstJlAz4GPaghL4
-8rCndhdyoW7CayzBAAe5balYq63qjqUD_eOIp-pHcEe0Mfbmzu4CDSK8-40Qia6ApskFsRCkzu1V
-Pf1fH6-3rvQZFqt6irr_7HWUFhGRcXw9kBOy8h24nTawv-L6eydW5iX0pwRMz_QfHo_Krm6O
\ No newline at end of file
+++ /dev/null
- # -------------------------------------------------------------------------
- # Copyright (c) 2019 AT&T Intellectual Property
- #
- # Licensed under the Apache License, Version 2.0 (the "License");
- # you may not use this file except in compliance with the License.
- # You may obtain a copy of the License at
- #
- # http://www.apache.org/licenses/LICENSE-2.0
- #
- # Unless required by applicable law or agreed to in writing, software
- # distributed under the License is distributed on an "AS IS" BASIS,
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- # See the License for the specific language governing permissions and
- # limitations under the License.
- #
- # -------------------------------------------------------------------------
- #
-
-cadi_latitude=0.00
-cadi_longitude=0.00
+++ /dev/null
- # -------------------------------------------------------------------------
- # Copyright (c) 2019 AT&T Intellectual Property
- #
- # Licensed under the Apache License, Version 2.0 (the "License");
- # you may not use this file except in compliance with the License.
- # You may obtain a copy of the License at
- #
- # http://www.apache.org/licenses/LICENSE-2.0
- #
- # Unless required by applicable law or agreed to in writing, software
- # distributed under the License is distributed on an "AS IS" BASIS,
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- # See the License for the specific language governing permissions and
- # limitations under the License.
- #
- # -------------------------------------------------------------------------
- #
-
-aaf_id=oof@oof.onap.org
-aaf_locate_url=https://aaf-locate:8095
-aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.1
-cadi_etc_dir=/share/etc/certs/
-cadi_latitude=0.00
-cadi_longitude=0.00
-cadi_prop_files=/share/etc/certs/org.onap.oof.location.props:/share/etc/certs/org.onap.oof.cred.props
-cm_url=https://AAF_LOCATE_URL/AAF_NS.cm:2.1
+++ /dev/null
-# Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: cmso-db-root-password
- name: '{{ include "common.release" . }}-cmso-db-root-password'
- type: password
- password: ''
- policy: generate
- - uid: cmso-db-secret
- name: '{{ include "common.release" . }}-cmso-db-secret'
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
- login: '{{ .Values.config.db.userName }}'
- password: '{{ .Values.config.db.userPassword }}'
- passwordPolicy: generate
-
-mariadb-galera:
- replicaCount: 1
- nameOverride: cmso-db
- service:
- type: ClusterIP
- name: oof-cmso-dbhost
- portName: cmso-dbhost
- nfsprovisionerPrefix: cmso
- sdnctlPrefix: cmso
- persistence:
- mountSubPath: cmso/data
- enabled: true
- disableNfsProvisioner: true
- config:
- mariadbRootPasswordExternalSecret: '{{ include "common.release" . }}-cmso-db-root-password'
- userCredentialsExternalSecret: '{{ include "common.release" . }}-cmso-db-secret'
- mysqlDatabase: cmso
- externalConfig: |
- [mysqld]
- lower_case_table_names = 1
-
-global:
- commonConfigPrefix: "oof-cmso"
- truststoreFile: "truststoreONAPall.jks"
- keystoreFile: "org.onap.oof.jks"
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- keystorePassword: OA7*y0PEGTma?$be2z#0$:L]
- truststorePassword:
- authentication: aaf-auth
- busyBoxImage: busybox:1.30
- busyBoxRepository: docker.io
-
-flavor: small
-
-config:
- log:
- logstashServiceName: log-ls
- logstashPort: 5044
- db:
- # userCredentialsExternalsecret: some secret
- userName: cmso-admin
- # userPassword: password
-
-oof-cmso-service:
- config:
- db:
- userCredentialsExternalSecret: '{{ include "common.release" . }}-cmso-db-secret'
- rootPasswordExternalSecret: '{{ include "common.release" . }}-cmso-db-root-password'
- host: oof-cmso-dbhost
- container: cmso-db
- mysqlDatabase: cmso
-
-oof-cmso-optimizer:
- config:
- db:
- userCredentialsExternalSecret: '{{ include "common.release" . }}-cmso-db-secret'
- rootPasswordExternalSecret: '{{ include "common.release" . }}-cmso-db-root-password'
- host: oof-cmso-dbhost
- container: cmso-db
- mysqlDatabase: optimizer
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIIFEDCCA/igAwIBAgIILW/fiLbps5cwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE
-BhMCVVMxDTALBgNVBAoMBE9OQVAxDjAMBgNVBAsMBU9TQUFGMRkwFwYDVQQDDBBp
-bnRlcm1lZGlhdGVDQV85MB4XDTIwMDQwNDE4NDMxNloXDTIxMDQwNDE4NDMxNlow
-XjERMA8GA1UEAwwIb29mLm9uYXAxHTAbBgNVBAsMFG9vZkBvb2Yub25hcC5vcmc6
-REVWMQ4wDAYDVQQLDAVPU0FBRjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMw
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv9ebvHIAgYYtJZDvxwDLR
-UlCLQutOCosckzgWIwCL9JCJcd+4vMhGnT/zoKckm3koTOV4rB4Cfnf+CLYpRbLQ
-IlLUopRs7ZQZNNyYm3l6ygi3IrW9MldUd2U1MnFZDpV4dEW67rDbCjz8MS2XrnxB
-HpCzyxXvm5Uzf/U5J48fdhlJU2U00D89lCy9dRLOg7Jk2R8cn8BG2bCKGUfEjKb+
-LL9EqdJrGXstZii2OLsByQIEZuL5fv2wLh9m6m55wA+wKOS3aEkqiHaHKfVxm1ZH
-hvP5zkkkex/hH1OEkTQCIzHuJnBZMr4bT1keLf4kBWrnM4zEQgGuxS2guGQUGsib
-AgMBAAGjggHnMIIB4zAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIF4DAgBgNVHSUB
-Af8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwVAYDVR0jBE0wS4AUgfeZWxC5yIze
-81Je6k5poEM+rN2hMKQuMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQ
-MQswCQYDVQQGEwJVU4IBBzAdBgNVHQ4EFgQUkjCndmbyBIsg2xtiFYgeONQa8Ysw
-ggEtBgNVHREEggEkMIIBIIEfbWFyay5kLm1hbmFnZXJAcGVvcGxlLm9zYWFmLmNv
-bYIIb29mLm9uYXCCCWNtc28tb25hcIIcY21zby5hcGkuc2ltcGxlZGVtby5vbmFw
-Lm9yZ4IJY21zby5vbmFwgghvb2YtY21zb4ISb29mLWNtc28tb3B0aW1pemVyghJv
-b2YtY21zby10aWNrZXRtZ3SCEW9vZi1jbXNvLXRvcG9sb2d5ggtvb2YtaGFzLWFw
-aYIQb29mLWhhcy1hcGkub25hcIIIb29mLW9uYXCCCm9vZi1vcHRlbmeCD29vZi1v
-cHRlbmcub25hcIIIb29mLW9zZGaCDW9vZi1vc2RmLm9uYXCCG29vZi5hcGkuc2lt
-cGxlZGVtby5vbmFwLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEAHoAD6tRvFPAtUfkU
-FsTO2p7lftMld0CzeAWfEln9vBXwr0ZGdNTP2TWJAcenIE1cwJavyQuDc3sZ4Z20
-/pOz1/oic9gnlVFe46/KRcwVUVXBU1EJlXB2UPU/v4MNrkWUcgqzEcxfKmBWl/My
-7OlQFc7zAeqZw6XtnaLzMipaXg98M7sWnfS4t116wfwmHIkP2RY7dAp1XAbzOW+X
-koFvfuj6MljxEzy8oc90SxhQHWNhWH73FxW0MuP+qf6x5PRciXIq6NJOrkG91Z0L
-mksGtWU58Y7uP9DzcxaOB4cv3UpK4rx//IUnAN4/aDxLq566A5qj21ftMhHlCFg5
-GsHFjQ==
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIEdTCCAl2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB
-RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMwHhcNMTgwODE3MTg1MTM3WhcN
-MjMwODE3MTg1MTM3WjBHMQswCQYDVQQGEwJVUzENMAsGA1UECgwET05BUDEOMAwG
-A1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVkaWF0ZUNBXzkwggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv0HHUkba3uNtNI3jPKimUcd6RNwmhSCJL
-neMWpnjqp5/A+HCKyNsEaT4y177hNLmCm/aMm1u2JIfikc+8wEqLCSBBPz+P0h+d
-o+sZ7U+4oeQizdYYpEdzHJ2SieHHa8vtu80rU3nO2NEIkuYC20HcKSEtl8fFKsk3
-nqlhY+tGfYJPTXcDOQAO40BTcgat3C3uIJHkWJJ4RivunE4LEuRv9QyKgAw7rkJV
-v+f7guqpZlXy6dzAkuU7XULWcgo55MkZlssoiErMvEZJad5aWKvRY3g7qUjaQ6wO
-15wOAUoRBW96eeZZbytgn8kybcBy++Ue49gPtgm1MF/KlAsp0MD5AgMBAAGjgYYw
-gYMwHQYDVR0OBBYEFIH3mVsQuciM3vNSXupOaaBDPqzdMB8GA1UdIwQYMBaAFFNV
-M/JL69BRscF4msEoMXvv6u1JMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/
-BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B
-AQsFAAOCAgEADxNymiCNr2e37iLReoaxKmZvwox0cTiNAaj7iafRzmwIoY3VXO8Q
-ix5IYcp4FaQ7fV1jyp/AmaSnyHf6Osl0sx8PxsQkO7ALttxKUrjfbvNSVUA2C/vl
-u5m7UVJLIUtFDZBWanzUSmkTsYLHpiANFQKd2c/cU1qXcyzgJVFEFVyyHNkF7Is+
-+pjG9M1hwQHOoTnEuU013P7X1mHek+RXEfhJWwe7UsZnBKZaZKbQZu7hEtqKWYp/
-QsHgnjoLYXsh0WD5rz/mBxdTdDLGpFqWDzDqb8rsYnqBzoowvsasV8X8OSkov0Ht
-8Yka0ckFH9yf8j1Cwmbl6ttuonOhky3N/gwLEozuhy7TPcZGVyzevF70kXy7g1CX
-kpFGJyEHXoprlNi8FR4I+NFzbDe6a2cFow1JN19AJ9Z5Rk5m7M0mQPaQ4RcikjB3
-aoLsASCJTm1OpOFHfxEKiBW4Lsp3Uc5/Rb9ZNbfLrwqWZRM7buW1e3ekLqntgbky
-uKKISHqVJuw/vXHl1jNibEo9+JuQ88VNuAcm7WpGUogeCa2iAlPTckPZei+MwZ8w
-tpvxTyYlZEC8DWzY1VC29+W2N5cvh01e2E3Ql08W1zL63dqrgdEZ3VWjzooYi4ep
-BmMXTvouW+Flyvcw/0oTcfN0biDIt0mCkZ5CQVjfGL9DTOYteR5hw+k=
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV
-BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx
-NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK
-DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
-ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7
-XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn
-H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM
-pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7
-NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg
-2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY
-wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd
-ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM
-P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6
-aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY
-PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G
-A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ
-UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN
-BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz
-L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9
-7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx
-c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf
-jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2
-RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h
-PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF
-CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+
-Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A
-cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR
-ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX
-dYY=
------END CERTIFICATE-----
-
-
+++ /dev/null
------BEGIN PRIVATE KEY-----
-MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCv9ebvHIAgYYtJ
-ZDvxwDLRUlCLQutOCosckzgWIwCL9JCJcd+4vMhGnT/zoKckm3koTOV4rB4Cfnf+
-CLYpRbLQIlLUopRs7ZQZNNyYm3l6ygi3IrW9MldUd2U1MnFZDpV4dEW67rDbCjz8
-MS2XrnxBHpCzyxXvm5Uzf/U5J48fdhlJU2U00D89lCy9dRLOg7Jk2R8cn8BG2bCK
-GUfEjKb+LL9EqdJrGXstZii2OLsByQIEZuL5fv2wLh9m6m55wA+wKOS3aEkqiHaH
-KfVxm1ZHhvP5zkkkex/hH1OEkTQCIzHuJnBZMr4bT1keLf4kBWrnM4zEQgGuxS2g
-uGQUGsibAgMBAAECggEAZFnZWoTmjZET3sdLaJQ0ZyyKwuFnURqyO5m6YuWTaj4Q
-MFLBRJplneAQmOEGcdo5PsKcHDYM5185D6foO6GEWS86Dgqqm3TjAX0kUeRZY63V
-SpyBCWWsaH+vOKeL/T5UAF5PZky6kDFGlo11cwwP0ROdcuxflkck0DopoG7vMQE0
-XvOWDn9z7WLu6hph7RnweW5Wou3VG2WSlE8i7gngAExxRFs2RxUr3UHooUX0pLOY
-Qk/ofsWB6AhMD02BAIgKEWZK33+uTHUchbm3zA1sAx8vXoA5G9uSh/E+YnXbt3D0
-0wrHIJy+BW3f4WfGc7tE3HpsnLsnUwBV48DvG/zAAQKBgQD4HshYjEkT4WAVnzbe
-FaivRh67sFqHvkpSA4gmNdot1Q4MeZ1I5u2lKBntbxyk72m/zA/7qw2h1PT2r430
-XA2/cV+YHCiTbPqfm0Lj+w0ht+RmF3VQB1uHWjsVvybPIeuwVLZ3hgu2Tl2oDCKd
-8bKLpvj4fwZRxbp3G5VjuQztiwKBgQC1jHYVaUHkekshHG0HFPBKAEU8urSeKzoD
-Y7SyrDLQwx3rqhY3v0VZntjnT47JEThECunl5Aun0YJyMs12Ex0zI7ciC9WIgbHx
-Qhs/46uhKPuiEHzBsET6CX7wDBJMBIN6HrNMsSdCTmWZu6LGJSlHasEXnmKsTngF
-nYdBeQATMQKBgGMvOvtaqOPPli9OhApnMhVOvH5e0vGsed0rGEPeByeHIaSPAPbh
-iWIaE7M8VYEBS46mLkV2bW6hyILMTry+B6jd007lArtcNxuSXzzvYKJ39k9xVS32
-ovoKcdARp5vpfWPxmTdSWGA6F2pT34qv0aXNy3zamlYZ6p4uYpuIn8hdAoGAKL5h
-MeTxeMlJWyD6BwDX/IObBkoQhv7EgkY6I28p6FghuuXtHo26jqZrn13neZB3xC1+
-2K0ZQIxwbhigq8MWZoe5bdaiEYSp3q8rVmdN+VktP+3bUcyxbjv7VPwgjxbkOt/w
-9WE8olDd1Gab3UQxw2ld9GMDWhAyN3BnDnaNYcECgYBFyc/maooUp2x1SEh3UisY
-vkpzYvUyHGiq2/gwm1htz8HQO75RuNY/YtxN1m9jrMArPBy6OgQ/Wk3Zi6S8HqYY
-ENTUUsIVr33nJT3rOWWJ2qdAmo6kAWt/J3LPNV01MWZ2cU4DcEDF1ZVkGFVgI0ZC
-h+G1ZXD4PyjI6KWhRC3JuA==
------END PRIVATE KEY-----
\ No newline at end of file
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES :=
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell helm version --template "{{.Version}}")
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+else
+ @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+endif
+ @helm repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts docker
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell helm version --template "{{.Version}}")
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+else
+ @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+endif
+ @helm repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES :=
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell helm version --template "{{.Version}}")
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+else
+ @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+endif
+ @helm repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
--- /dev/null
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
# Copyright (c) 2019 AT&T Intellectual Property.
# =======================================================================
# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain a
+# not use this file except in compliance with the License. You may obtain a
# copy of the License at
-#
+#
# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
-# or implied. See the License for the specific language governing
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+# or implied. See the License for the specific language governing
# permissions and limitations under the License.
# ============LICENSE_END=================================================
-#
+#
#-------------------------------------------------------------------------------
cadi_loglevel=DEBUG
-cadi_prop_files=/share/etc/certs/org.onap.oof.props
+cadi_prop_files=/share/etc/osaaf/local/org.onap.oof.props
aaf.namespace=org.onap.oof
cadi_loglevel=DEBUG
-cadi_prop_files=/share/etc/certs/org.onap.oof.props
+cadi_prop_files=/share/etc/osaaf/local/org.onap.oof.props
aaf.user.roles=/share/etc/certs/AAFUserRoles.properties
\ No newline at end of file
# Copyright © 2018 AT&T
+# Copyright (C) 2020 Wipro Limited.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
spec:
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- {{ .Values.config.db.container }}
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+ - name: {{ include "common.name" . }}-db-config-readiness
+ command:
+ - /app/ready.py
+ args:
+ - -j
+ - "{{ include "common.release" . }}-cmso-db-config-config-job"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-chown
command: ["/bin/sh", "-c", "chown -Rf 1000:1000 /share/"]
image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}"
- name: DB_PORT
value: {{ .Values.config.db.port | quote}}
- name: DB_USERNAME
- value: {{ .Values.config.db.root }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}}
- name: DB_SCHEMA
value: {{ .Values.config.db.mysqlDatabase }}
- name: DB_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}}
terminationMessagePolicy: File
volumeMounts:
- name: {{ include "common.fullname" . }}-config
mountPath: /share/etc/config
- name: {{ include "common.fullname" . }}-logs
mountPath: /share/logs
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- name: DB_PORT
value: {{ .Values.config.db.port | quote}}
- name: DB_USERNAME
- value: {{ .Values.config.db.root }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}}
- name: DB_SCHEMA
value: {{ .Values.config.db.mysqlDatabase }}
- name: DB_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}}
- name: JAVA_TRUSTSTORE
- value: /share/etc/certs/{{ .Values.global.truststoreFile }}
+ value: /share/etc/osaaf/local/{{ .Values.global.truststoreFile }}
- name: SSL_KEYSTORE
- value: /share/etc/certs/{{ .Values.global.keystoreFile }}
+ value: /share/etc/osaaf/local/{{ .Values.global.keystoreFile }}
- name: JAVA_TRUSTSTORE_PASSWORD
value: {{ .Values.global.truststorePassword }}
- - name: SSL_KEYSTORE_PASSWORD
- value: {{ .Values.global.keystorePassword }}
- name: AUTHENTICATION
value: {{ .Values.global.authentication }}
+ command:
+ - /bin/sh
+ args:
+ - "-c"
+ - |
+ export SSL_KEYSTORE_PASSWORD=$(cat /share/etc/osaaf/local/.pass)
+ ./startService.sh
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 8 }}
- name: {{ include "common.fullname" . }}-logs
mountPath: /share/logs
- name: {{ include "common.fullname" . }}-logs
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
volumes:
+ {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: {{ include "common.fullname" . }}-config
configMap:
name: {{ include "common.fullname" . }}
# Copyright © 2019 AT&T
+# Copyright (C) 2020 Wipro Limited.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#################################################################
global: # global defaults
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
subChartsOnly:
enabled: true
# application image
repository: nexus3.onap.org:10001
-image: onap/optf-cmso-optimizer:2.2.0
+image: onap/optf-cmso-optimizer:2.3.0
pullPolicy: Always
#init container image
dbinit:
- image: onap/optf-cmso-dbinit:2.2.0
+ image: onap/optf-cmso-dbinit:2.3.0
# flag to enable debugging - application support required
debugEnabled: false
# Secrets metaconfig
#################################################################
secrets:
- - uid: cmso-db-root-password
- type: password
- password: '{{ .Values.config.db.rootPassword }}'
- externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}'
- policy: required
- uid: cmso-db-user-secret
type: basicAuth
externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
config:
db:
port: 3306
- root: root
# rootPassword: pass
# rootPasswordExternalSecret: some secret
-# user: cmso-admin
-# password: pass
+ user: cmso-admin
+ password: pass
# userCredentialsExternalSecret: some-secret
# host: host
# container: container
--- /dev/null
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
# Copyright (c) 2019 AT&T Intellectual Property.
# =======================================================================
# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain a
+# not use this file except in compliance with the License. You may obtain a
# copy of the License at
-#
+#
# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
-# or implied. See the License for the specific language governing
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+# or implied. See the License for the specific language governing
# permissions and limitations under the License.
# ============LICENSE_END=================================================
-#
+#
#-------------------------------------------------------------------------------
cadi_loglevel=DEBUG
-cadi_prop_files=/share/etc/certs/org.onap.oof.props
+cadi_prop_files=/share/etc/osaaf/local/org.onap.oof.props
aaf.namespace=org.onap.oof
cadi_loglevel=DEBUG
-cadi_prop_files=/share/etc/certs/org.onap.oof.props
+cadi_prop_files=/share/etc/osaaf/local/org.onap.oof.props
aaf.user.roles=/share/etc/certs/AAFUserRoles.properties
# Copyright (c) 2018 AT&T
+# Copyright (C) 2020 Wipro Limited.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
spec:
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- {{ .Values.config.db.container }}
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+ - name: {{ include "common.name" . }}-db-config-readiness
+ command:
+ - /app/ready.py
+ args:
+ - -j
+ - "{{ include "common.release" . }}-cmso-db-config-config-job"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-chown
command: ["/bin/sh", "-c", "chown -Rf 1000:1000 /share/"]
image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}"
- name: DB_PORT
value: {{ .Values.config.db.port | quote}}
- name: DB_USERNAME
- value: {{ .Values.config.db.root }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}}
- name: DB_SCHEMA
value: {{ .Values.config.db.mysqlDatabase }}
- name: DB_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}}
terminationMessagePolicy: File
volumeMounts:
- name: {{ include "common.fullname" . }}-config
mountPath: /share/etc/config
- name: {{ include "common.fullname" . }}-logs
mountPath: /share/logs
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
# side car containers
- name: filebeat-onap
- name: DB_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}}
- name: JAVA_TRUSTSTORE
- value: /share/etc/certs/{{ .Values.global.truststoreFile }}
+ value: /share/etc/osaaf/local/{{ .Values.global.truststoreFile }}
- name: SSL_KEYSTORE
- value: /share/etc/certs/{{ .Values.global.keystoreFile }}
+ value: /share/etc/osaaf/local/{{ .Values.global.keystoreFile }}
- name: JAVA_TRUSTSTORE_PASSWORD
value: {{ .Values.global.truststorePassword }}
- - name: SSL_KEYSTORE_PASSWORD
- value: {{ .Values.global.keystorePassword }}
- name: AUTHENTICATION
value: {{ .Values.global.authentication }}
+ command:
+ - /bin/sh
+ args:
+ - "-c"
+ - |
+ export SSL_KEYSTORE_PASSWORD=$(cat /share/etc/osaaf/local/.pass)
+ ./startService.sh
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 8 }}
- name: {{ include "common.fullname" . }}-logs
mountPath: /share/logs
- name: {{ include "common.fullname" . }}-logs
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
volumes:
+ {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: {{ include "common.fullname" . }}-config
configMap:
name: {{ include "common.fullname" . }}
# Copyright © 2018-2019 AT&T
+# Copyright (C) 2020 Wipro Limited.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#################################################################
global: # global defaults
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
subChartsOnly:
enabled: true
# application image
repository: nexus3.onap.org:10001
-image: onap/optf-cmso-service:2.2.0
-robotimage: onap/optf-cmso-robot:2.2.0
+image: onap/optf-cmso-service:2.3.0
+robotimage: onap/optf-cmso-robot:2.3.0
pullPolicy: Always
#init container image
dbinit:
- image: onap/optf-cmso-dbinit:2.2.0
+ image: onap/optf-cmso-dbinit:2.3.0
# flag to enable debugging - application support required
debugEnabled: false
# Secrets metaconfig
#################################################################
secrets:
- - uid: cmso-db-root-password
- type: password
- password: '{{ .Values.config.db.rootPassword }}'
- externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}'
- policy: required
- uid: cmso-db-user-secret
type: basicAuth
externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
config:
db:
port: 3306
- root: root
# rootPassword: pass
# rootPasswordExternalSecret: some secret
-# user: cmso-admin
-# password: pass
+ user: cmso-admin
+ password: pass
# userCredentialsExternalSecret: some-secret
# host: host
# container: container
--- /dev/null
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
# Copyright (c) 2019 AT&T Intellectual Property.
# =======================================================================
# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain a
+# not use this file except in compliance with the License. You may obtain a
# copy of the License at
-#
+#
# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
-# or implied. See the License for the specific language governing
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+# or implied. See the License for the specific language governing
# permissions and limitations under the License.
# ============LICENSE_END=================================================
-#
+#
#-------------------------------------------------------------------------------
cadi_loglevel=DEBUG
-cadi_prop_files=/share/etc/certs/org.onap.oof.props
+cadi_prop_files=/share/etc/osaaf/local/org.onap.oof.props
#-------------------------------------------------------------------------------
# Copyright © 2017-2019 AT&T Intellectual Property.
# Modifications Copyright © 2018 IBM.
-#
+#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
-#
+#
# http://www.apache.org/licenses/LICENSE-2.0
-#
+#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-#
-#
+#
+#
# Unless otherwise specified, all documentation contained herein is licensed
# under the Creative Commons License, Attribution 4.0 Intl. (the â??Licenseâ?\9d);
# you may not use this documentation except in compliance with the License.
# You may obtain a copy of the License at
-#
+#
# https://creativecommons.org/licenses/by/4.0/
-#
+#
# Unless required by applicable law or agreed to in writing, documentation
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# limitations under the License.
#-------------------------------------------------------------------------------
cadi_loglevel=DEBUG
-cadi_prop_files=/share/etc/certs/org.onap.oof.props
+cadi_prop_files=/share/etc/osaaf/local/org.onap.oof.props
aaf.user.roles=/share/etc/certs/AAFUserRoles.properties
aaf.urls=https://aaf-locate:8095
aaf.user.role.properties=/share/etc/certs/AAFUserRoles.properties
aaf.enabled=true
-aaf.namespace=org.onap.oof
\ No newline at end of file
+aaf.namespace=org.onap.oof
volumeMounts:
- name: {{ include "common.fullname" . }}-logs
mountPath: /share/logs
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
- name: JAVA_TRUSTSTORE
- value: /share/etc/certs/{{ .Values.global.truststoreFile }}
+ value: /share/etc/osaaf/local/{{ .Values.global.truststoreFile }}
- name: SSL_KEYSTORE
- value: /share/etc/certs/{{ .Values.global.keystoreFile }}
+ value: /share/etc/osaaf/local/{{ .Values.global.keystoreFile }}
- name: JAVA_TRUSTSTORE_PASSWORD
value: {{ .Values.global.truststorePassword }}
- - name: SSL_KEYSTORE_PASSWORD
- value: {{ .Values.global.keystorePassword }}
- name: AUTHENTICATION
value: proprietary-auth
+ command:
+ - /bin/sh
+ args:
+ - "-c"
+ - |
+ export SSL_KEYSTORE_PASSWORD=$(cat /share/etc/osaaf/local/.pass)
+ ./startService.sh
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 8 }}
- name: {{ include "common.fullname" . }}-logs
mountPath: /share/logs
- name: {{ include "common.fullname" . }}-logs
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
volumes:
+ {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: {{ include "common.fullname" . }}-config
configMap:
name: {{ include "common.fullname" . }}
#################################################################
global: # global defaults
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
authentication: proprietary-auth
subChartsOnly:
enabled: true
# application image
repository: nexus3.onap.org:10001
-image: onap/optf-cmso-ticketmgt:2.2.0
+image: onap/optf-cmso-ticketmgt:2.3.0
pullPolicy: Always
--- /dev/null
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
# Copyright (c) 2019 AT&T Intellectual Property.
# =======================================================================
# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain a
+# not use this file except in compliance with the License. You may obtain a
# copy of the License at
-#
+#
# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
-# or implied. See the License for the specific language governing
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+# or implied. See the License for the specific language governing
# permissions and limitations under the License.
# ============LICENSE_END=================================================
-#
+#
#-------------------------------------------------------------------------------
cadi_loglevel=DEBUG
-cadi_prop_files=/share/etc/certs/org.onap.oof.props
+cadi_prop_files=/share/etc/osaaf/local/org.onap.oof.props
#-------------------------------------------------------------------------------
# Copyright © 2017-2019 AT&T Intellectual Property.
# Modifications Copyright © 2018 IBM.
-#
+#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
-#
+#
# http://www.apache.org/licenses/LICENSE-2.0
-#
+#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-#
-#
+#
+#
# Unless otherwise specified, all documentation contained herein is licensed
# under the Creative Commons License, Attribution 4.0 Intl. (the â??Licenseâ?\9d);
# you may not use this documentation except in compliance with the License.
# You may obtain a copy of the License at
-#
+#
# https://creativecommons.org/licenses/by/4.0/
-#
+#
# Unless required by applicable law or agreed to in writing, documentation
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# limitations under the License.
#-------------------------------------------------------------------------------
cadi_loglevel=DEBUG
-cadi_prop_files=/share/etc/certs/org.onap.oof.props
+cadi_prop_files=/share/etc/osaaf/local/org.onap.oof.props
aaf.user.roles=/share/etc/certs/AAFUserRoles.properties
aaf.urls=https://aaf-locate:8095
aaf.user.role.properties=/share/etc/certs/AAFUserRoles.properties
aaf.enabled=true
-aaf.namespace=org.onap.oof
\ No newline at end of file
+aaf.namespace=org.onap.oof
volumeMounts:
- name: {{ include "common.fullname" . }}-logs
mountPath: /share/logs
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
- name: JAVA_TRUSTSTORE
- value: /share/etc/certs/{{ .Values.global.truststoreFile }}
+ value: /share/etc/osaaf/local/{{ .Values.global.truststoreFile }}
- name: SSL_KEYSTORE
- value: /share/etc/certs/{{ .Values.global.keystoreFile }}
+ value: /share/etc/osaaf/local/{{ .Values.global.keystoreFile }}
- name: JAVA_TRUSTSTORE_PASSWORD
value: {{ .Values.global.truststorePassword }}
- - name: SSL_KEYSTORE_PASSWORD
- value: {{ .Values.global.keystorePassword }}
- name: AUTHENTICATION
value: {{ .Values.global.authentication }}
+ command:
+ - /bin/sh
+ args:
+ - "-c"
+ - |
+ export SSL_KEYSTORE_PASSWORD=$(cat /share/etc/osaaf/local/.pass)
+ ./startService.sh
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 8 }}
- name: {{ include "common.fullname" . }}-logs
mountPath: /share/logs
- name: {{ include "common.fullname" . }}-logs
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
volumes:
+ {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: {{ include "common.fullname" . }}-config
configMap:
name: {{ include "common.fullname" . }}
#################################################################
global: # global defaults
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
subChartsOnly:
enabled: true
# application image
repository: nexus3.onap.org:10001
-image: onap/optf-cmso-topology:2.2.0
+image: onap/optf-cmso-topology:2.3.0
pullPolicy: Always
# Copyright © 2018 AT&T
+# Copyright (C) 2020 Wipro Limited.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- name: mariadb-galera
version: ~6.x-0
repository: '@local'
+ - name: mariadb-init
+ version: ~6.x-0
+ repository: '@local'
+ - name: oof-cmso-optimizer
+ version: ~6.x-0
+ repository: 'file://components/oof-cmso-optimizer'
+ condition: oof-cmso-optimizer.enabled
+ - name: oof-cmso-service
+ version: ~6.x-0
+ repository: 'file://components/oof-cmso-service'
+ condition: oof-cmso-service.enabled
+ - name: oof-cmso-ticketmgt
+ version: ~6.x-0
+ repository: 'file://components/oof-cmso-ticketmgt'
+ condition: oof-cmso-ticketmgt.enabled
+ - name: oof-cmso-topology
+ version: ~6.x-0
+ repository: 'file://components/oof-cmso-topology'
+ condition: oof-cmso-topology.enabled
--- /dev/null
+# Copyright © 2018 AT&T
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: cmso-db-root-password
+ name: &rootPassword '{{ include "common.release" . }}-cmso-db-root-password'
+ type: password
+ password: ''
+ policy: generate
+ - uid: cmso-service-db-secret
+ name: &serviceDbCreds '{{ include "common.release" . }}-cmso-service-db-secret'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.db.service.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.db.service.userName }}'
+ password: '{{ .Values.config.db.service.userPassword }}'
+ passwordPolicy: generate
+ - uid: cmso-db-secret
+ name: &optimizerDbCreds '{{ include "common.release" . }}-cmso-optimizer-db-secret'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.db.optimizer.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.db.optimizer.userName }}'
+ password: '{{ .Values.config.db.optimizer.userPassword }}'
+ passwordPolicy: generate
+
+mariadb-galera:
+ replicaCount: 1
+ nameOverride: &containerName cmso-db
+ service:
+ type: ClusterIP
+ name: &serviceName oof-cmso-dbhost
+ portName: cmso-dbhost
+ nfsprovisionerPrefix: cmso
+ sdnctlPrefix: cmso
+ persistence:
+ mountSubPath: cmso/data
+ enabled: true
+ disableNfsProvisioner: true
+ config:
+ mariadbRootPasswordExternalSecret: *rootPassword
+ # userCredentialsExternalSecret: *dbCreds
+ # mysqlDatabase: cmso
+ externalConfig: |
+ [mysqld]
+ lower_case_table_names = 1
+
+global:
+ commonConfigPrefix: "oof-cmso"
+ truststoreFile: "truststoreONAPall.jks"
+ keystoreFile: "org.onap.oof.jks"
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+ truststorePassword:
+ authentication: aaf-auth
+ busyBoxImage: busybox:1.30
+ busyBoxRepository: docker.io
+
+mariadb-init:
+ mariadbGalera:
+ containerName: *containerName
+ serviceName: *serviceName
+ servicePort: 3306
+ userRootSecret: *rootPassword
+ config:
+ userCredentialsExternalSecret: *serviceDbCreds
+ mysqlDatabase: cmso
+ mysqlAdditionalDatabases:
+ optimizer:
+ externalSecret: *optimizerDbCreds
+ nameOverride: cmso-db-config
+
+flavor: small
+
+config:
+ log:
+ logstashServiceName: log-ls
+ logstashPort: 5044
+ db:
+ service:
+ # userCredentialsExternalsecret: some secret
+ userName: cmso-admin
+ # userPassword: password
+ optimizer:
+ userName: cmso-optimizer
+
+#sub-charts configuration
+certInitializer: &certInitConfig
+ fqdn: "oof.onap"
+ app_ns: "org.osaaf.aaf"
+ fqi: "oof@oof.onap.org"
+ fqi_namespace: org.onap.oof
+ public_fqdn: "oof.onap.org"
+ aafDeployFqi: "deployer@people.osaaf.org"
+ aafDeployPass: demo123456!
+ cadi_latitude: "0.0"
+ cadi_longitude: "0.0"
+ credsPath: /opt/app/osaaf/local
+ appMountPath: /share/etc/osaaf
+ aaf_add_config: >
+ cd {{ .Values.credsPath }};
+ /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} | grep cadi_keystore_password_jks= | cut -d= -f 2 > {{ .Values.credsPath }}/.pass 2>&1;
+ find ./ -type f -exec sed -i -e 's/\/opt\/app\/osaaf\/local/\/share\/etc\/osaaf\/local/g' {} \;
+
+oof-cmso-service:
+ enabled: true
+ certInitializer:
+ << : *certInitConfig
+ nameOverride: oof-cmso-service-cert-initializer
+ config:
+ db:
+ userCredentialsExternalSecret: *serviceDbCreds
+ host: oof-cmso-dbhost
+ container: cmso-db
+ mysqlDatabase: cmso
+
+oof-cmso-optimizer:
+ enabled: true
+ certInitializer:
+ << : *certInitConfig
+ nameOverride: oof-cmso-optimizer-cert-initializer
+ config:
+ enabled: true
+ db:
+ userCredentialsExternalSecret: *optimizerDbCreds
+ host: oof-cmso-dbhost
+ container: cmso-db
+ mysqlDatabase: optimizer
+
+oof-cmso-topology:
+ enabled: true
+ certInitializer:
+ << : *certInitConfig
+ nameOverride: oof-cmso-topology-cert-initializer
+
+oof-cmso-ticketmgt:
+ enabled: true
+ certInitializer:
+ << : *certInitConfig
+ nameOverride: oof-cmso-ticketmgt-cert-initializer
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts docker
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell helm version --template "{{.Version}}")
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+else
+ @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+endif
+ @helm repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES :=
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell helm version --template "{{.Version}}")
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+else
+ @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+endif
+ @helm repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
--- /dev/null
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
initContainers:
- name: {{ include "common.name" . }}-readiness
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- oof-has-controller
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-onboard-readiness
command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- -j
- "{{ include "common.release" . }}-oof-has-onboard"
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-has-sms-readiness
fieldPath: metadata.namespace
image: "{{ .Values.global.dockerHubRepository }}/{{ .Values.global.curlImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["/bin/bash","-c"]
- args: ["/usr/local/bin/uwsgi -s /run/conductor/uwsgi.sock --chmod-socket=777 --wsgi-file /etc/nginx/conductor.wsgi --callable application --set port={{ .Values.uwsgi.internalPort }} --die-on-term --exit-on-reload --logto /var/log/conductor/conductor-uwsgi.log --pidfile /run/conductor/conductor-uwsgi.pid --enable-threads --workers 6 --master --vacuum --single-interpreter --socket-timeout 10 --max-worker-lifetime 300 --max-requests 100 --no-defer-accept --logfile-chown --logfile-chmod 664 --protocol=uwsgi --socket 0.0.0.0:{{ .Values.uwsgi.internalPort }}"]
+ args: ["/usr/local/bin/uwsgi -s /run/conductor/uwsgi.sock --chmod-socket=777 --wsgi-file /etc/nginx/conductor.wsgi --callable application --set port={{ .Values.uwsgi.internalPort }} --die-on-term --exit-on-reload --pidfile /run/conductor/conductor-uwsgi.pid --enable-threads --workers 6 --master --vacuum --single-interpreter --socket-timeout 10 --max-worker-lifetime 300 --max-requests 100 --no-defer-accept --protocol=uwsgi --socket 0.0.0.0:{{ .Values.uwsgi.internalPort }}"]
ports:
- containerPort: {{ .Values.uwsgi.internalPort }}
# disable liveness probe when breakpoints set in debugger
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
- mountPath: /opt/bitnami/nginx/conf/nginx.conf
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: nginx.conf
- - mountPath: /opt/bitnami/nginx/ssl/org.onap.oof.crt
- name: {{ .Values.global.commonConfigPrefix }}-config
- subPath: org.onap.oof.crt
- - mountPath: /opt/bitnami/nginx/ssl/org.onap.oof.key
- name: {{ .Values.global.commonConfigPrefix }}-config
- subPath: org.onap.oof.key
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
volumes:
+ {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
path: log.conf
- key: AAF_RootCA.cer
path: AAF_RootCA.cer
- - key: org.onap.oof.key
- path: org.onap.oof.key
- - key: org.onap.oof.crt
- path: org.onap.oof.crt
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
-# Copyright © 2020 Samsung, Orange
+{{/*# Copyright © 2020 Samsung, Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.ingress" . }}
global: # global defaults
nodePortPrefix: 302
+ image:
+ optf_has: onap/optf-has:2.1.1
service:
type: NodePort
initialDelaySeconds: 10
periodSeconds: 10
+#sub-charts configuration
+certInitializer:
+ nameOverride: oof-has-cert-initializer
+ fqdn: "oof.onap"
+ app_ns: "org.osaaf.aaf"
+ fqi: "oof@oof.onap.org"
+ fqi_namespace: org.onap.oof
+ public_fqdn: "oof.onap.org"
+ aafDeployFqi: "deployer@people.osaaf.org"
+ aafDeployPass: demo123456!
+ cadi_latitude: "0.0"
+ cadi_longitude: "0.0"
+ credsPath: /opt/app/osaaf/local
+ appMountPath: /opt/bitnami/nginx/ssl
+ aaf_add_config: >
+ chmod 444 {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key;
+
ingress:
enabled: false
--- /dev/null
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
initContainers:
- name: {{ include "common.name" . }}-readiness
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- music-springboot
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-onboard-readiness
command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- -j
- "{{ include "common.release" . }}-oof-has-onboard"
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-cont-sms-readiness
# See the License for the specific language governing permissions and
# limitations under the License.
+global:
+ readinessImage: onap/oom/readiness:3.0.1
+ repository: nexus3.onap.org:10001
+ image:
+ optf_has: onap/optf-has:2.1.1
+
ingress:
enabled: false
replicaCount: 1
--- /dev/null
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
initContainers:
- name: {{ include "common.name" . }}-readiness
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- music-springboot
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-onboard-readiness
command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- -j
- "{{ include "common.release" . }}-oof-has-onboard"
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-health-readiness
command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- -j
- "{{ include "common.release" . }}-oof-has-healthcheck"
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-data-sms-readiness
# See the License for the specific language governing permissions and
# limitations under the License.
+global:
+ readinessImage: onap/oom/readiness:3.0.1
+ repository: nexus3.onap.org:10001
+ image:
+ optf_has: onap/optf-has:2.1.1
+
ingress:
enabled: false
replicaCount: 1
--- /dev/null
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
initContainers:
- name: {{ include "common.name" . }}-readiness
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- music-springboot
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-onboard-readiness
command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- -j
- "{{ include "common.release" . }}-oof-has-onboard"
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-health-readiness
command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- -j
- "{{ include "common.release" . }}-oof-has-healthcheck"
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-resrv-sms-readiness
# See the License for the specific language governing permissions and
# limitations under the License.
+global:
+ readinessImage: onap/oom/readiness:3.0.1
+ repository: nexus3.onap.org:10001
+ image:
+ optf_has: onap/optf-has:2.1.1
+
ingress:
enabled: false
replicaCount: 1
--- /dev/null
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
initContainers:
- name: {{ include "common.name" . }}-readiness
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- music-springboot
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-onboard-readiness
command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- -j
- "{{ include "common.release" . }}-oof-has-onboard"
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-health-readiness
command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- -j
- "{{ include "common.release" . }}-oof-has-healthcheck"
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-solvr-sms-readiness
# See the License for the specific language governing permissions and
# limitations under the License.
+global:
+ readinessImage: onap/oom/readiness:3.0.1
+ repository: nexus3.onap.org:10001
+ image:
+ optf_has: onap/optf-has:2.1.1
+
ingress:
enabled: false
replicaCount: 1
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T,VMware
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: music
+ version: ~6.x-0
+ repository: '@local'
+ - name: oof-has-api
+ version: ~6.x-0
+ repository: 'file://components/oof-has-api'
+ condition: oof-has-api.enabled
+ - name: oof-has-controller
+ version: ~6.x-0
+ repository: 'file://components/oof-has-controller'
+ condition: oof-has-controller.enabled
+ - name: oof-has-data
+ version: ~6.x-0
+ repository: 'file://components/oof-has-data'
+ condition: oof-has-data.enabled
+ - name: oof-has-reservation
+ version: ~6.x-0
+ repository: 'file://components/oof-has-reservation'
+ condition: oof-has-reservation.enabled
+ - name: oof-has-solver
+ version: ~6.x-0
+ repository: 'file://components/oof-has-solver'
+ condition: oof-has-solver.enabled
# Minimum value: 1
#max_translation_counter = 1
+# (string value)
+opt_schema_file = /opt/has/conductor/etc/conductor/opt_schema.json
[data]
#
# Extensions list to use (list value)
-#extensions = aai
+extensions = aai,generator
[messaging_server]
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T,VMware
+# Modifications Copyright (C) 2020 Wipro Limited.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
[handler_consoleHandler]
class=StreamHandler
-level=NOTSET
+level=INFO
formatter=generic
args=(sys.stdout,)
listen 8091 ssl;
server_name oof;
- ssl_certificate /opt/bitnami/nginx/ssl/org.onap.oof.crt;
- ssl_certificate_key /opt/bitnami/nginx/ssl/org.onap.oof.key;
+ ssl_certificate /opt/bitnami/nginx/ssl/local/org.onap.oof.crt;
+ ssl_certificate_key /opt/bitnami/nginx/ssl/local/org.onap.oof.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
release: {{ include "common.release" . }}
spec:
initContainers:
- - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ - image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- oof-has-api
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: healthcheck.json
resources:
-{{ toYaml .Values.resources | indent 10 }}
+{{ include "common.resources" . | indent 10 }}
nodeSelector:
{{- if .Values.nodeSelector }}
{{ toYaml .Values.nodeSelector | indent 8 }}
release: {{ include "common.release" . }}
spec:
initContainers:
- - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ - image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- "music-springboot"
apiVersion: v1
fieldPath: metadata.namespace
- command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- -j
- "{{ include "common.release" . }}-music-cassandra-job-config"
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-music-db-readiness
containers:
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: onboard.json
resources:
-{{ toYaml .Values.resources | indent 10 }}
+{{ include "common.resources" . | indent 10 }}
nodeSelector:
{{- if .Values.nodeSelector }}
{{ toYaml .Values.nodeSelector | indent 8 }}
# Global configuration defaults.
#################################################################
global:
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
repository: nexus3.onap.org:10001
commonConfigPrefix: onap-oof-has
image:
- readiness: oomk8s/readiness-check:2.0.0
- optf_has: onap/optf-has:2.0.4
+ optf_has: onap/optf-has:2.1.1
filebeat: docker.elastic.co/beats/filebeat:5.5.0
+ persistence:
+ enabled: true
pullPolicy: Always
nodePortPrefix: 302
cpu: 1000m
unlimited: {}
+#component overrides
+oof-has-api:
+ enabled: true
+oof-has-controller:
+ enabled: true
+oof-has-data:
+ enabled: true
+oof-has-reservation:
+ enabled: true
+oof-has-solver:
+ enabled: true
+
- name: common
version: ~6.x-0
repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
+ - name: oof-cmso
+ version: ~6.x-0
+ repository: 'file://components/oof-cmso'
+ condition: oof-cmso.enabled
+ - name: oof-has
+ version: ~6.x-0
+ repository: 'file://components/oof-has'
+ condition: oof-has.enabled
external: 8698 # clients use this port on DockerHost
osdf_ip_default: 0.0.0.0
# # Important Note: At deployment time, we need to ensure the port mapping is done
- ssl_context: ['/opt/app/ssl_cert/org.onap.oof.crt', '/opt/app/ssl_cert/org.onap.oof.key']
+ ssl_context: ['/opt/osdf/osaaf/local/org.onap.oof.crt', '/opt/osdf/osaaf/local/org.onap.oof.key']
osdf_temp: # special configuration required for "workarounds" or testing
local_policies:
- vnfPolicy_vPGN_TD.json
- affinity_vFW_TD.json
- QueryPolicy_vFW_TD.json
-
- slice_selection_policy_dir_urllc_1: "./test/policy-local-files/"
- slice_selection_policy_files_urllc_1:
- - vnfPolicy_URLLC_Core_1.json
- - thresholdPolicy_URLLC_Core_1.json
- - subscriber_policy_URLLC_1.json
+ slice_selection_policy_dir_embb-nst: "./test/policy-local-files/slice-selection-files/"
+ slice_selection_policy_files_embb-nst:
+ - query_policy_nsi.json
+ - threshold_policy_nsi.json
+ - vnf_policy_nsi_shared_case.json
service_info:
vCPE:
subscriber_role:
source: onap.policies.optimization.SubscriberPolicy
value: properties.properties.subscriberRole
+ resource_sharing_level:
+ source: request
+ value: serviceProfile.resourceSharingLevel
+ reuse_preference:
+ source: request
+ value: preferReuse
policy_info:
prioritization_attributes:
policy_scope:
-
scope:
- - OSDF_FRANKFURT
+ - get_param: resource_sharing_level
+ - get_param: reuse_preference
services:
- get_param: service_name
+ subnet_selection:
+ policy_fetch: by_scope
+ policy_scope:
+ - scope:
+ - OSDF_GUILIN
+ services:
+ - get_param: service_name
+
placement:
policy_fetch: by_scope
policy_scope:
default: # if no explicit service related information is needed
policy_fetch: by_name
policy_scope: none
+
+PCI:
+ ML:
+ average_ho_threshold: 10000
+ latest_ho_threshold: 500
+ DES:
+ service_id: ho_metric
+ filter:
+ interval: 10
+ ml_enabled: false
--- /dev/null
+version: 1
+disable_existing_loggers: True
+
+loggers:
+ error:
+ handlers: [error_handler, console_handler]
+ level: "WARN"
+ propagate: True
+ debug:
+ handlers: [debug_handler, console_handler]
+ level: "DEBUG"
+ propagate: True
+ metrics:
+ handlers: [metrics_handler, console_handler]
+ level: "INFO"
+ propagate: True
+ audit:
+ handlers: [audit_handler, console_handler]
+ level: "INFO"
+ propagate: True
+handlers:
+ debug_handler:
+ level: "DEBUG"
+ class: "logging.handlers.TimedRotatingFileHandler"
+ filename: "logs/debug.log"
+ formatter: "debugFormat"
+ when: midnight
+ interval: 1
+ utc: True
+ delay: False
+ backupCount: 10
+ error_handler:
+ level: "WARN"
+ class: "logging.handlers.TimedRotatingFileHandler"
+ filename: "logs/error.log"
+ formatter: "errorFormat"
+ when: midnight
+ interval: 1
+ utc: True
+ delay: False
+ backupCount: 10
+ metrics_handler:
+ level: "INFO"
+ class: "logging.handlers.TimedRotatingFileHandler"
+ filename: "logs/metrics.log"
+ formatter: "metricsFormat"
+ when: midnight
+ interval: 1
+ utc: True
+ delay: False
+ backupCount: 10
+ audit_handler:
+ level: "INFO"
+ class: "logging.handlers.TimedRotatingFileHandler"
+ filename: "logs/audit.log"
+ formatter: "auditFormat"
+ when: midnight
+ interval: 1
+ utc: True
+ delay: False
+ backupCount: 10
+ console_handler:
+ level: "DEBUG"
+ class: "logging.StreamHandler"
+ formatter: "metricsFormat"
+
+formatters:
+ standard:
+ format: "%(asctime)s|||||%(name)s||%(thread)||%(funcName)s||%(levelname)s||%(message)s"
+ debugFormat:
+ format: "%(mdc)s"
+ datefmt: "%Y-%m-%dT%H:%M:%S"
+ mdcfmt: "%(asctime)s.%(msecs)03d+00:00|{requestID}|%(threadName)s|{server}|%(levelname)s|%(message)s"
+ (): osdf.logging.oof_mdc_formatter.OOFMDCFormatter
+ errorFormat:
+ format: "%(mdc)s"
+ datefmt: "%Y-%m-%dT%H:%M:%S"
+ mdcfmt: "%(asctime)s.%(msecs)03d+00:00|{requestID}|%(threadName)s|{serviceName}|{partnerName}\
+ |{targetEntity}|{targetServiceName}|%(levelname)s|{errorCode}|{errorDescription}|%(message)s"
+ (): osdf.logging.oof_mdc_formatter.OOFMDCFormatter
+ auditFormat:
+ format: "%(mdc)s"
+ datefmt: "%Y-%m-%dT%H:%M:%S"
+ mdcfmt: "{entryTimestamp}+00:00|%(asctime)s.%(msecs)03d+00:00|{requestID}|{serviceInstanceID}\
+ |%(threadName)s|{server}|{serviceName}|{partnerName}|{statusCode}|{responseCode}|{responseDescription}\
+ |{instanceUUID}|%(levelname)s|{severity}|{serverIPAddress}|{timer}|{server}|{IPAddress}||{unused}\
+ |{processKey}|{customField1}|{customField2}|{customField3}|{customField4}|%(message)s"
+ (): osdf.logging.oof_mdc_formatter.OOFMDCFormatter
+ metricsFormat:
+ format: "%(mdc)s"
+ datefmt: "%Y-%m-%dT%H:%M:%S"
+ mdcfmt: "{entryTimestamp}+00:00|%(asctime)s.%(msecs)03d+00:00|{requestID}|{serviceInstanceID}\
+ |%(threadName)s|{server}|{serviceName}|{partnerName}|{targetEntity}|{targetServiceName}|{statusCode}|{responseCode}|{responseDescription}\
+ |{instanceUUID}|%(levelname)s|{severity}|{serverIPAddress}|{timer}|{server}|{IPAddress}||{unused}\
+ |{processKey}|{TargetVirtualEntity}|{customField1}|{customField2}|{customField3}|{customField4}|%(message)s"
+ (): osdf.logging.oof_mdc_formatter.OOFMDCFormatter
+ mdcFormat:
+ format: "%(asctime)s.%(msecs)03d+00:00|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s"
+ mdcfmt: "{requestID} {invocationID} {serviceName} {serverIPAddress}"
+ (): osdf.logging.oof_mdc_formatter.OOFMDCFormatter
+
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIIFEDCCA/igAwIBAgIILW/fiLbps5cwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE
-BhMCVVMxDTALBgNVBAoMBE9OQVAxDjAMBgNVBAsMBU9TQUFGMRkwFwYDVQQDDBBp
-bnRlcm1lZGlhdGVDQV85MB4XDTIwMDQwNDE4NDMxNloXDTIxMDQwNDE4NDMxNlow
-XjERMA8GA1UEAwwIb29mLm9uYXAxHTAbBgNVBAsMFG9vZkBvb2Yub25hcC5vcmc6
-REVWMQ4wDAYDVQQLDAVPU0FBRjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMw
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv9ebvHIAgYYtJZDvxwDLR
-UlCLQutOCosckzgWIwCL9JCJcd+4vMhGnT/zoKckm3koTOV4rB4Cfnf+CLYpRbLQ
-IlLUopRs7ZQZNNyYm3l6ygi3IrW9MldUd2U1MnFZDpV4dEW67rDbCjz8MS2XrnxB
-HpCzyxXvm5Uzf/U5J48fdhlJU2U00D89lCy9dRLOg7Jk2R8cn8BG2bCKGUfEjKb+
-LL9EqdJrGXstZii2OLsByQIEZuL5fv2wLh9m6m55wA+wKOS3aEkqiHaHKfVxm1ZH
-hvP5zkkkex/hH1OEkTQCIzHuJnBZMr4bT1keLf4kBWrnM4zEQgGuxS2guGQUGsib
-AgMBAAGjggHnMIIB4zAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIF4DAgBgNVHSUB
-Af8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwVAYDVR0jBE0wS4AUgfeZWxC5yIze
-81Je6k5poEM+rN2hMKQuMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQ
-MQswCQYDVQQGEwJVU4IBBzAdBgNVHQ4EFgQUkjCndmbyBIsg2xtiFYgeONQa8Ysw
-ggEtBgNVHREEggEkMIIBIIEfbWFyay5kLm1hbmFnZXJAcGVvcGxlLm9zYWFmLmNv
-bYIIb29mLm9uYXCCCWNtc28tb25hcIIcY21zby5hcGkuc2ltcGxlZGVtby5vbmFw
-Lm9yZ4IJY21zby5vbmFwgghvb2YtY21zb4ISb29mLWNtc28tb3B0aW1pemVyghJv
-b2YtY21zby10aWNrZXRtZ3SCEW9vZi1jbXNvLXRvcG9sb2d5ggtvb2YtaGFzLWFw
-aYIQb29mLWhhcy1hcGkub25hcIIIb29mLW9uYXCCCm9vZi1vcHRlbmeCD29vZi1v
-cHRlbmcub25hcIIIb29mLW9zZGaCDW9vZi1vc2RmLm9uYXCCG29vZi5hcGkuc2lt
-cGxlZGVtby5vbmFwLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEAHoAD6tRvFPAtUfkU
-FsTO2p7lftMld0CzeAWfEln9vBXwr0ZGdNTP2TWJAcenIE1cwJavyQuDc3sZ4Z20
-/pOz1/oic9gnlVFe46/KRcwVUVXBU1EJlXB2UPU/v4MNrkWUcgqzEcxfKmBWl/My
-7OlQFc7zAeqZw6XtnaLzMipaXg98M7sWnfS4t116wfwmHIkP2RY7dAp1XAbzOW+X
-koFvfuj6MljxEzy8oc90SxhQHWNhWH73FxW0MuP+qf6x5PRciXIq6NJOrkG91Z0L
-mksGtWU58Y7uP9DzcxaOB4cv3UpK4rx//IUnAN4/aDxLq566A5qj21ftMhHlCFg5
-GsHFjQ==
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIEdTCCAl2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB
-RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMwHhcNMTgwODE3MTg1MTM3WhcN
-MjMwODE3MTg1MTM3WjBHMQswCQYDVQQGEwJVUzENMAsGA1UECgwET05BUDEOMAwG
-A1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVkaWF0ZUNBXzkwggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv0HHUkba3uNtNI3jPKimUcd6RNwmhSCJL
-neMWpnjqp5/A+HCKyNsEaT4y177hNLmCm/aMm1u2JIfikc+8wEqLCSBBPz+P0h+d
-o+sZ7U+4oeQizdYYpEdzHJ2SieHHa8vtu80rU3nO2NEIkuYC20HcKSEtl8fFKsk3
-nqlhY+tGfYJPTXcDOQAO40BTcgat3C3uIJHkWJJ4RivunE4LEuRv9QyKgAw7rkJV
-v+f7guqpZlXy6dzAkuU7XULWcgo55MkZlssoiErMvEZJad5aWKvRY3g7qUjaQ6wO
-15wOAUoRBW96eeZZbytgn8kybcBy++Ue49gPtgm1MF/KlAsp0MD5AgMBAAGjgYYw
-gYMwHQYDVR0OBBYEFIH3mVsQuciM3vNSXupOaaBDPqzdMB8GA1UdIwQYMBaAFFNV
-M/JL69BRscF4msEoMXvv6u1JMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/
-BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B
-AQsFAAOCAgEADxNymiCNr2e37iLReoaxKmZvwox0cTiNAaj7iafRzmwIoY3VXO8Q
-ix5IYcp4FaQ7fV1jyp/AmaSnyHf6Osl0sx8PxsQkO7ALttxKUrjfbvNSVUA2C/vl
-u5m7UVJLIUtFDZBWanzUSmkTsYLHpiANFQKd2c/cU1qXcyzgJVFEFVyyHNkF7Is+
-+pjG9M1hwQHOoTnEuU013P7X1mHek+RXEfhJWwe7UsZnBKZaZKbQZu7hEtqKWYp/
-QsHgnjoLYXsh0WD5rz/mBxdTdDLGpFqWDzDqb8rsYnqBzoowvsasV8X8OSkov0Ht
-8Yka0ckFH9yf8j1Cwmbl6ttuonOhky3N/gwLEozuhy7TPcZGVyzevF70kXy7g1CX
-kpFGJyEHXoprlNi8FR4I+NFzbDe6a2cFow1JN19AJ9Z5Rk5m7M0mQPaQ4RcikjB3
-aoLsASCJTm1OpOFHfxEKiBW4Lsp3Uc5/Rb9ZNbfLrwqWZRM7buW1e3ekLqntgbky
-uKKISHqVJuw/vXHl1jNibEo9+JuQ88VNuAcm7WpGUogeCa2iAlPTckPZei+MwZ8w
-tpvxTyYlZEC8DWzY1VC29+W2N5cvh01e2E3Ql08W1zL63dqrgdEZ3VWjzooYi4ep
-BmMXTvouW+Flyvcw/0oTcfN0biDIt0mCkZ5CQVjfGL9DTOYteR5hw+k=
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV
-BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx
-NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK
-DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
-ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7
-XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn
-H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM
-pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7
-NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg
-2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY
-wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd
-ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM
-P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6
-aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY
-PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G
-A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ
-UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN
-BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz
-L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9
-7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx
-c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf
-jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2
-RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h
-PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF
-CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+
-Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A
-cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR
-ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX
-dYY=
------END CERTIFICATE-----
-
-
+++ /dev/null
------BEGIN PRIVATE KEY-----
-MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCv9ebvHIAgYYtJ
-ZDvxwDLRUlCLQutOCosckzgWIwCL9JCJcd+4vMhGnT/zoKckm3koTOV4rB4Cfnf+
-CLYpRbLQIlLUopRs7ZQZNNyYm3l6ygi3IrW9MldUd2U1MnFZDpV4dEW67rDbCjz8
-MS2XrnxBHpCzyxXvm5Uzf/U5J48fdhlJU2U00D89lCy9dRLOg7Jk2R8cn8BG2bCK
-GUfEjKb+LL9EqdJrGXstZii2OLsByQIEZuL5fv2wLh9m6m55wA+wKOS3aEkqiHaH
-KfVxm1ZHhvP5zkkkex/hH1OEkTQCIzHuJnBZMr4bT1keLf4kBWrnM4zEQgGuxS2g
-uGQUGsibAgMBAAECggEAZFnZWoTmjZET3sdLaJQ0ZyyKwuFnURqyO5m6YuWTaj4Q
-MFLBRJplneAQmOEGcdo5PsKcHDYM5185D6foO6GEWS86Dgqqm3TjAX0kUeRZY63V
-SpyBCWWsaH+vOKeL/T5UAF5PZky6kDFGlo11cwwP0ROdcuxflkck0DopoG7vMQE0
-XvOWDn9z7WLu6hph7RnweW5Wou3VG2WSlE8i7gngAExxRFs2RxUr3UHooUX0pLOY
-Qk/ofsWB6AhMD02BAIgKEWZK33+uTHUchbm3zA1sAx8vXoA5G9uSh/E+YnXbt3D0
-0wrHIJy+BW3f4WfGc7tE3HpsnLsnUwBV48DvG/zAAQKBgQD4HshYjEkT4WAVnzbe
-FaivRh67sFqHvkpSA4gmNdot1Q4MeZ1I5u2lKBntbxyk72m/zA/7qw2h1PT2r430
-XA2/cV+YHCiTbPqfm0Lj+w0ht+RmF3VQB1uHWjsVvybPIeuwVLZ3hgu2Tl2oDCKd
-8bKLpvj4fwZRxbp3G5VjuQztiwKBgQC1jHYVaUHkekshHG0HFPBKAEU8urSeKzoD
-Y7SyrDLQwx3rqhY3v0VZntjnT47JEThECunl5Aun0YJyMs12Ex0zI7ciC9WIgbHx
-Qhs/46uhKPuiEHzBsET6CX7wDBJMBIN6HrNMsSdCTmWZu6LGJSlHasEXnmKsTngF
-nYdBeQATMQKBgGMvOvtaqOPPli9OhApnMhVOvH5e0vGsed0rGEPeByeHIaSPAPbh
-iWIaE7M8VYEBS46mLkV2bW6hyILMTry+B6jd007lArtcNxuSXzzvYKJ39k9xVS32
-ovoKcdARp5vpfWPxmTdSWGA6F2pT34qv0aXNy3zamlYZ6p4uYpuIn8hdAoGAKL5h
-MeTxeMlJWyD6BwDX/IObBkoQhv7EgkY6I28p6FghuuXtHo26jqZrn13neZB3xC1+
-2K0ZQIxwbhigq8MWZoe5bdaiEYSp3q8rVmdN+VktP+3bUcyxbjv7VPwgjxbkOt/w
-9WE8olDd1Gab3UQxw2ld9GMDWhAyN3BnDnaNYcECgYBFyc/maooUp2x1SEh3UisY
-vkpzYvUyHGiq2/gwm1htz8HQO75RuNY/YtxN1m9jrMArPBy6OgQ/Wk3Zi6S8HqYY
-ENTUUsIVr33nJT3rOWWJ2qdAmo6kAWt/J3LPNV01MWZ2cU4DcEDF1ZVkGFVgI0ZC
-h+G1ZXD4PyjI6KWhRC3JuA==
------END PRIVATE KEY-----
\ No newline at end of file
configDbGetCellListUrl: {{ .Values.config.configDbGetCellListUrl }}
configDbGetNbrListUrl: {{ .Values.config.configDbGetNbrListUrl }}
+# AAI api
+aaiUrl: {{ .Values.config.aaiUrl }}
+aaiGetLinksUrl: {{ .Values.config.aaiGetLinksUrl }}
+aaiServiceInstanceUrl : {{ .Values.config.aaiServiceInstanceUrl }}
+aaiGetControllersUrl: {{ .Values.config.aaiGetControllersUrl }}
+controllerQueryUrl: {{ .Values.config.controllerQueryUrl }}
+aaiGetInterDomainLinksUrl: {{ .Values.config.aaiGetInterDomainLinksUrl }}
+
+#DES api
+desUrl: {{ .Values.config.desUrl }}
+desApiPath: {{ .Values.config.desApiPath }}
+desHeaders:
+ Accept: application/json
+ Content-Type: application/json
+
#key
appkey: ''
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T,VMware
+# Modifications Copyright (C) 2020 Wipro Limited.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
spec:
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- policy-xacml-pdp
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
- command:
image: "{{ .Values.global.dockerHubRepository }}/{{ .Values.global.curlImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-osdf-sms-readiness
-
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
- mountPath: /opt/app/ssl_cert/aaf_root_ca.cer
name: {{ include "common.fullname" . }}-config
subPath: aaf_root_ca.cer
- - mountPath: /opt/app/ssl_cert/org.onap.oof.crt
- name: {{ include "common.fullname" . }}-config
- subPath: org.onap.oof.crt
- - mountPath: /opt/app/ssl_cert/org.onap.oof.key
- name: {{ include "common.fullname" . }}-config
- subPath: org.onap.oof.key
- mountPath: /opt/osdf/config/common_config.yaml
name: {{ include "common.fullname" . }}-config
subPath: common_config.yaml
+ - mountPath: /opt/osdf/config/log.yml
+ name: {{ include "common.fullname" . }}-config
+ subPath: log.yml
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
{{- end }}
volumes:
+ {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
path: aaf_root_ca.cer
- key: common_config.yaml
path: common_config.yaml
- - key: org.onap.oof.crt
- path: org.onap.oof.crt
- - key: org.onap.oof.key
- path: org.onap.oof.key
+ - key: log.yml
+ path: log.yml
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
persistence: {}
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/optf-osdf:2.0.4
+image: onap/optf-osdf:3.0.0
pullPolicy: Always
# flag to enable debugging - application support required
configDbUrl: http://config.db.url:8080
configDbGetCellListUrl: 'SDNCConfigDBAPI/getCellList'
configDbGetNbrListUrl: 'SDNCConfigDBAPI/getNbrList'
+ #aai api
+ aaiUrl: https://aai:8443
+ aaiGetLinksUrl: /aai/v16/network/logical-links
+ aaiServiceInstanceUrl : /aai/v20/nodes/service-instances/service-instance/
+ aaiGetControllersUrl: /aai/v19/external-system/esr-thirdparty-sdnc-list
+ controllerQueryUrl: /aai/v19/query?format=resource
+ aaiGetInterDomainLinksUrl: /aai/v19/network/logical-links?link-type=inter-domain&operational-status=up
+ #des api
+ desUrl: https://des.url:9000
+ desApiPath: /datalake/v1/exposure/
+
# default number of instances
replicaCount: 1
nodeSelector: {}
affinity: {}
# Resource Limit flavor -By Default using small
flavor: small
+
+#sub-charts configuration
+certInitializer:
+ nameOverride: oof-osdf-cert-initializer
+ fqdn: "oof.onap"
+ app_ns: "org.osaaf.aaf"
+ fqi: "oof@oof.onap.org"
+ fqi_namespace: org.onap.oof
+ public_fqdn: "oof.onap.org"
+ aafDeployFqi: "deployer@people.osaaf.org"
+ aafDeployPass: demo123456!
+ cadi_latitude: "0.0"
+ cadi_longitude: "0.0"
+ credsPath: /opt/app/osaaf/local
+ appMountPath: /opt/osdf/osaaf
+ aaf_add_config: >
+ chmod 444 {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key;
+
# Segregation for Different environment (Small and Large)
resources:
small:
port: 8698
config:
ssl: "redirect"
+
+#component overrides
+
+oof-cmso:
+ enabled: true
+oof-has:
+ enabled: true
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
\ No newline at end of file
--- /dev/null
+# Copyright © 2018 ZTE
+# Modifications Copyright © 2018 AT&T, Amdocs, Bell Canada
+# Modifications Copyright © 2020 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP platform components
+name: platform
+version: 6.0.0
--- /dev/null
+# Copyright © 2020 Samsung Electronics, Orange, Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell helm version --template "{{.Version}}")
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+else
+ @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+endif
+ @helm repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+# Modifications Copyright © 2020 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES :=
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell helm version --template "{{.Version}}")
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+else
+ @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+endif
+ @helm repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
# limitations under the License.
apiVersion: v1
-description: ONAP AAF Cert Service
-name: aaf-cert-service
-version: 6.0.0
+description: ONAP Cert Service
+name: oom-cert-service
+version: 6.0.0
\ No newline at end of file
--- /dev/null
+CERTS_DIR = resources
+CURRENT_DIR := ${CURDIR}
+DOCKER_CONTAINER = generate-certs
+DOCKER_EXEC = docker exec ${DOCKER_CONTAINER}
+
+all: start_docker \
+ clear_all \
+ root_generate_keys \
+ root_create_certificate \
+ root_self_sign_certificate \
+ client_generate_keys \
+ client_generate_csr \
+ client_sign_certificate_by_root \
+ client_import_root_certificate \
+ client_convert_certificate_to_jks \
+ server_generate_keys \
+ server_generate_csr \
+ server_sign_certificate_by_root \
+ server_import_root_certificate \
+ server_convert_certificate_to_jks \
+ server_convert_certificate_to_p12 \
+ clear_unused_files \
+ stop_docker
+
+.PHONY: all
+
+# Starts docker container for generating certificates - deletes first, if already running
+start_docker:
+ @make stop_docker
+ docker run -d --rm --name ${DOCKER_CONTAINER} --mount type=bind,source=${CURRENT_DIR}/${CERTS_DIR},target=/certs -w /certs docker.io/openjdk:11-jre-slim tail -f /dev/null
+
+# Stops docker container for generating certificates. 'true' is used to return 0 status code, if container is already deleted
+stop_docker:
+ docker rm ${DOCKER_CONTAINER} -f 1>/dev/null || true
+
+#Clear all files related to certificates
+clear_all:
+ @make clear_existing_certificates
+ @make clear_unused_files
+
+#Clear certificates
+clear_existing_certificates:
+ @echo "Clear certificates"
+ ${DOCKER_EXEC} rm -f certServiceClient-keystore.jks certServiceServer-keystore.jks root.crt truststore.jks certServiceServer-keystore.p12
+ @echo "#####done#####"
+
+#Generate root private and public keys
+root_generate_keys:
+ @echo "Generate root private and public keys"
+ ${DOCKER_EXEC} keytool -genkeypair -v -alias root -keyalg RSA -keysize 4096 -validity 3650 -keystore root-keystore.jks \
+ -dname "CN=root.com, OU=Root Org, O=Root Company, L=Wroclaw, ST=Dolny Slask, C=PL" -keypass secret \
+ -storepass secret -ext BasicConstraints:critical="ca:true"
+ @echo "#####done#####"
+
+#Export public key as certificate
+root_create_certificate:
+ @echo "(Export public key as certificate)"
+ ${DOCKER_EXEC} keytool -exportcert -alias root -keystore root-keystore.jks -storepass secret -file root.crt -rfc
+ @echo "#####done#####"
+
+#Self-signed root (import root certificate into truststore)
+root_self_sign_certificate:
+ @echo "(Self-signed root (import root certificate into truststore))"
+ ${DOCKER_EXEC} keytool -importcert -alias root -keystore truststore.jks -file root.crt -storepass secret -noprompt
+ @echo "#####done#####"
+
+#Generate certService's client private and public keys
+client_generate_keys:
+ @echo "Generate certService's client private and public keys"
+ ${DOCKER_EXEC} keytool -genkeypair -v -alias certServiceClient -keyalg RSA -keysize 2048 -validity 365 \
+ -keystore certServiceClient-keystore.jks -storetype JKS \
+ -dname "CN=certServiceClient.com,OU=certServiceClient company,O=certServiceClient org,L=Wroclaw,ST=Dolny Slask,C=PL" \
+ -keypass secret -storepass secret
+ @echo "####done####"
+
+#Generate certificate signing request for certService's client
+client_generate_csr:
+ @echo "Generate certificate signing request for certService's client"
+ ${DOCKER_EXEC} keytool -certreq -keystore certServiceClient-keystore.jks -alias certServiceClient -storepass secret -file certServiceClient.csr
+ @echo "####done####"
+
+#Sign certService's client certificate by root CA
+client_sign_certificate_by_root:
+ @echo "Sign certService's client certificate by root CA"
+ ${DOCKER_EXEC} keytool -gencert -v -keystore root-keystore.jks -storepass secret -alias root -infile certServiceClient.csr \
+ -outfile certServiceClientByRoot.crt -rfc -ext bc=0 -ext ExtendedkeyUsage="serverAuth,clientAuth"
+ @echo "####done####"
+
+#Import root certificate into client
+client_import_root_certificate:
+ @echo "Import root certificate into intermediate"
+ ${DOCKER_EXEC} bash -c "cat root.crt >> certServiceClientByRoot.crt"
+ @echo "####done####"
+
+#Import signed certificate into certService's client
+client_convert_certificate_to_jks:
+ @echo "Import signed certificate into certService's client"
+ ${DOCKER_EXEC} keytool -importcert -file certServiceClientByRoot.crt -destkeystore certServiceClient-keystore.jks -alias certServiceClient -storepass secret -noprompt
+ @echo "####done####"
+
+#Generate certService private and public keys
+server_generate_keys:
+ @echo "Generate certService private and public keys"
+ ${DOCKER_EXEC} keytool -genkeypair -v -alias oom-cert-service -keyalg RSA -keysize 2048 -validity 365 \
+ -keystore certServiceServer-keystore.jks -storetype JKS \
+ -dname "CN=oom-cert-service,OU=certServiceServer company,O=certServiceServer org,L=Wroclaw,ST=Dolny Slask,C=PL" \
+ -keypass secret -storepass secret -ext BasicConstraints:critical="ca:false"
+ @echo "####done####"
+
+#Generate certificate signing request for certService
+server_generate_csr:
+ @echo "Generate certificate signing request for certService"
+ ${DOCKER_EXEC} keytool -certreq -keystore certServiceServer-keystore.jks -alias oom-cert-service -storepass secret -file certServiceServer.csr
+ @echo "####done####"
+
+#Sign certService certificate by root CA
+server_sign_certificate_by_root:
+ @echo "Sign certService certificate by root CA"
+ ${DOCKER_EXEC} keytool -gencert -v -keystore root-keystore.jks -storepass secret -alias root -infile certServiceServer.csr \
+ -outfile certServiceServerByRoot.crt -rfc -ext bc=0 -ext ExtendedkeyUsage="serverAuth,clientAuth" \
+ -ext SubjectAlternativeName:="DNS:oom-cert-service,DNS:localhost"
+ @echo "####done####"
+
+#Import root certificate into server
+server_import_root_certificate:
+ @echo "Import root certificate into intermediate(server)"
+ ${DOCKER_EXEC} bash -c "cat root.crt >> certServiceServerByRoot.crt"
+ @echo "####done####"
+
+#Import signed certificate into certService
+server_convert_certificate_to_jks:
+ @echo "Import signed certificate into certService"
+ ${DOCKER_EXEC} keytool -importcert -file certServiceServerByRoot.crt -destkeystore certServiceServer-keystore.jks -alias oom-cert-service \
+ -storepass secret -noprompt
+ @echo "####done####"
+
+#Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12)
+server_convert_certificate_to_p12:
+ @echo "Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12)"
+ ${DOCKER_EXEC} keytool -importkeystore -srckeystore certServiceServer-keystore.jks -srcstorepass secret \
+ -destkeystore certServiceServer-keystore.p12 -deststoretype PKCS12 -deststorepass secret
+ @echo "#####done#####"
+
+#Clear unused certificates
+clear_unused_files:
+ @echo "Clear unused certificates"
+ ${DOCKER_EXEC} rm -f certServiceClientByRoot.crt certServiceClient.csr root-keystore.jks certServiceServerByRoot.crt certServiceServer.csr
+ @echo "#####done#####"
-# Copyright © 2020, Nokia
+{{/*# Copyright © 2020, Nokia
# Modifications Copyright © 2020, Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
-# limitations under the License.
+# limitations under the License.*/}}
{{- if .Values.global.cmpv2Enabled }}
apiVersion: apps/v1
initContainers:
- name: wait-for-ejbca
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- ejbca-ejbca
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: subsitute-envs
image: "{{ .Values.global.envsubstImage }}"
-# Copyright © 2020, Nokia
+{{/*# Copyright © 2020, Nokia
# Modifications Copyright © 2020, Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
-# limitations under the License.
+# limitations under the License.*/}}
{{- if .Values.global.cmpv2Enabled }}
{{ include "common.secretFast" . }}
apiVersion: v1
kind: Secret
metadata:
- name: {{ .Values.global.aaf.certServiceClient.secret.name | default .Values.tls.client.secret.defaultName }}
+ name: {{ .Values.global.certService.certServiceClient.secret.name | default .Values.tls.client.secret.defaultName }}
type: Opaque
data:
certServiceClient-keystore.jks:
-# Copyright © 2020, Nokia
+{{/*# Copyright © 2020, Nokia
# Modifications Copyright © 2020, Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
-# limitations under the License.
+# limitations under the License.*/}}
{{- if .Values.global.cmpv2Enabled }}
{{ include "common.service" . }}
{{ end -}}
\ No newline at end of file
# Copyright © 2020, Nokia
# Modifications Copyright © 2020, Nordix Foundation, Orange
+# Modifications Copyright © 2020 Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
envsubstImage: dibi/envsubst
nodePortPrefix: 302
# Readiness image
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
# Ubuntu Init image
ubuntuInitRepository: registry.hub.docker.com
ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
# Deployment configuration
repository: nexus3.onap.org:10001
-image: onap/org.onap.aaf.certservice.aaf-certservice-api:1.2.0
+image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.1.0
pullPolicy: Always
replicaCount: 1
# Application configuration
cmpServers:
secret:
- name: aaf-cert-service-secret
+ name: oom-cert-service-secret
volume:
- name: aaf-cert-service-volume
- mountPath: /etc/onap/aaf/certservice
+ name: oom-cert-service-volume
+ mountPath: /etc/onap/oom/certservice
tls:
server:
secret:
- name: aaf-cert-service-server-tls-secret
+ name: oom-cert-service-server-tls-secret
volume:
- name: aaf-cert-service-server-tls-volume
- mountPath: /etc/onap/aaf/certservice/certs/
+ name: oom-cert-service-server-tls-volume
+ mountPath: /etc/onap/oom/certservice/certs/
client:
secret:
- defaultName: aaf-cert-service-client-tls-secret
+ defaultName: oom-cert-service-client-tls-secret
envs:
keystore:
#truststorePasswordExternalSecret:
# Below cmp values contain credentials for EJBCA test instance and are relevant only if global addTestingComponents flag is enabled
cmp:
- #clientIakExternalSecret:
+ # Used only if cmpv2 testing is enabled
+ clientIakExternalSecret: '{{ include "common.release" . }}-ejbca-client-iak'
#clientRvExternalSecret:
- #raIakExternalSecret:
+ raIakExternalSecret: '{{ include "common.release" . }}-ejbca-ra-iak'
#raRvExternalSecret:
client: {}
# iak: mypassword
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2020 Orange
+# Modifications Copyright © 2020 Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
dependencies:
- - name: common
+ - name: oom-cert-service
version: ~6.x-0
- # local reference to common chart, as it is
- # a part of this chart's package and will not
- # be published independently to a repo (at this point)
- repository: '@local'
+ repository: 'file://components/oom-cert-service'
\ No newline at end of file
# Copyright © 2017 Amdocs, Bell Canada
+# Modifications © 2020 AT&T
+# Modifications Copyright © 2020 Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#################################################################
# Global configuration defaults.
#################################################################
+
global:
nodePortPrefix: 302
+ # Readiness image
readinessRepository: oomk8s
readinessImage: readiness-check:2.0.2
+ # Ubuntu Init image
+ ubuntuInitRepository: registry.hub.docker.com
+ ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
+ # Logging image
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ # BusyBox image
+ busyboxRepository: registry.hub.docker.com
+ busyboxImage: library/busybox:1.31
+ persistence:
+ enabled: true
+ # Standard OOM
+ pullPolicy: "Always"
+ repository: "nexus3.onap.org:10001"
+
+ # Use Local
+ #pullPolicy: IfNotPresent
+ #repository: "nexus3.onap.org:10003"
+
+ cmpv2Enabled: true
+ addTestingComponents: false
+
+ certService:
+ certServiceClient:
+ secret:
+ name: oom-cert-service-client-tls-secret
#################################################################
# Application configuration defaults.
#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/dcae-tosca-app:1.3.3
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-config:
- javaOptions: -XX:MaxPermSize=256m -Xmx1024m
- cassandraSslEnabled: "false"
+flavor: small
# default number of instances
replicaCount: 1
# probe configuration parameters
liveness:
- initialDelaySeconds: 10
+ initialDelaySeconds: 350
periodSeconds: 10
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
- enabled: false
+ enabled: true
readiness:
- initialDelaySeconds: 10
+ initialDelaySeconds: 150
periodSeconds: 10
-service:
- type: ClusterIP
- name: sdc-dcae-tosca-lab
- portName: sdc-dcae-tosca-lab-8085
- externalPort: 8085
- internalPort: 8085
- portName2: sdc-dcae-tosca-lab-8445
- externalPort2: 8445
- internalPort2: 8445
+persistence: {}
-ingress:
- enabled: false
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1
- memory: 4Gi
- requests:
- cpu: 10m
- memory: 1Gi
- large:
- limits:
- cpu: 2
- memory: 8Gi
- requests:
- cpu: 20m
- memory: 2Gi
- unlimited: {}
+resources: {}
restartPolicy: Never
initContainers:
- name: {{ include "common.name" . }}-readiness
- image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+ image: {{ include "common.repository" . }}/{{ .Values.global.readinessImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- dcae-pnda-mirror
#################################################################
global:
nodePortPrefixExt: 304
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
persistence: {}
#################################################################
global:
nodePortPrefixExt: 304
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
persistence: {}
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
envsubstImage: dibi/envsubst
aafEnabled: true
persistence: {}
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-apex-pdp:2.4.0
+image: onap/policy-apex-pdp:2.4.1
pullPolicy: Always
# flag to enable debugging - application support required
"persistenceUnit": "PolicyMariaDb"
},
"preloadPolicyTypes": [
- "policytypes/onap.policies.monitoring.cdap.tca.hi.lo.app.yaml",
+ "policytypes/onap.policies.monitoring.tcagen2.yaml",
"policytypes/onap.policies.monitoring.dcaegen2.collectors.datafile.datafile-app-server.yaml",
"policytypes/onap.policies.Optimization.yaml",
"policytypes/onap.policies.optimization.Resource.yaml",
"policytypes/onap.policies.controlloop.guard.common.Blacklist.yaml",
"policytypes/onap.policies.controlloop.guard.common.FrequencyLimiter.yaml",
"policytypes/onap.policies.controlloop.guard.common.MinMax.yaml",
+ "policytypes/onap.policies.controlloop.guard.common.Filter.yaml",
"policytypes/onap.policies.controlloop.guard.coordination.FirstBlocksSecond.yaml",
- "policytypes/onap.policies.controlloop.Operational.yaml",
"policytypes/onap.policies.Naming.yaml",
+ "policytypes/onap.policies.Match.yaml",
"policytypes/onap.policies.native.Drools.yaml",
"policytypes/onap.policies.native.Xacml.yaml",
"policytypes/onap.policies.native.Apex.yaml",
spec:
initContainers:
- command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- --job-name
- {{ include "common.release" . }}-policy-galera-config
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
- command:
{{- if .Values.global.aafEnabled }}
command: ["bash","-c"]
args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
- cp {{ .Values.certInitializer.credsPath }}/org.onap.policy.p12 ${POLICY_HOME}/etc/ssl/policy-keystore;\
/opt/app/policy/api/bin/policy-api.sh /opt/app/policy/api/etc/mounted/config.json"]
{{- else }}
command: ["/opt/app/policy/api/bin/policy-api.sh"]
persistence: {}
envsubstImage: dibi/envsubst
aafEnabled: true
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
#################################################################
# Secrets metaconfig
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-api:2.3.0
+image: onap/policy-api:2.3.1
pullPolicy: Always
# flag to enable debugging - application support required
{{- if .Values.global.aafEnabled }}
command: ["bash","-c"]
args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
- cp {{ .Values.certInitializer.credsPath }}/org.onap.policy.p12 ${POLICY_HOME}/etc/ssl/policy-keystore;\
/opt/app/policy/distribution/bin/policy-dist.sh /opt/app/policy/distribution/etc/mounted/config.json"]
{{- else }}
command: ["/opt/app/policy/distribution/bin/policy-dist.sh"]
persistence: {}
envsubstImage: dibi/envsubst
aafEnabled: true
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
#################################################################
# Application configuration defaults.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-distribution:2.4.0
+image: onap/policy-distribution:2.4.1
pullPolicy: Always
# flag to enable debugging - application support required
POLICY_PDP_PAP_TOPIC=POLICY-PDP-PAP
POLICY_PDP_PAP_GROUP=defaultGroup
+POLICY_PDP_PAP_POLICYTYPES=onap.policies.controlloop.operational.common.Drools
# Symmetric Key for encoded sensitive data
# SPDX-License-Identifier: Apache-2.0
# ============LICENSE_END=========================================================
+{{- if not .Values.global.aafEnabled }}
KEYSTORE_PASSWD={{.Values.keystore.password}}
+{{- end }}
+
TRUSTSTORE_PASSWD={{.Values.truststore.password}}
TELEMETRY_USER={{.Values.telemetry.user}}
# See the License for the specific language governing permissions and
# limitations under the License.
-{{ include "common.secret" . }}
+{{ include "common.secretFast" . }}
---
apiVersion: v1
kind: Secret
spec:
initContainers:
- command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- --job-name
- {{ include "common.release" . }}-policy-galera-config
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-db-readiness
{{- if not .Values.nexus.offline }}
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- {{ .Values.nexus.name }}
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
{{- end }}
command: ["bash","-c"]
args: ["if [ -f {{ .Values.certInitializer.credsPath }}/.ci ]; then \
source {{ .Values.certInitializer.credsPath }}/.ci; fi;\
+ cp {{ .Values.certInitializer.credsPath }}/org.onap.policy.p12 ${POLICY_HOME}/etc/ssl/policy-keystore;\
/opt/app/policy/bin/pdpd-cl-entrypoint.sh boot"]
ports:
- containerPort: {{ .Values.service.externalPort }}
- name: REPLICAS
value: "{{ .Values.replicaCount }}"
- name: SQL_USER
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
- name: SQL_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
volumeMounts:
{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- envsubstImage: dibi/envsubst
- aafEnabled: true
+ readinessImage: onap/oom/readiness:3.0.1
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+ ubuntuImage: ubuntu:16.04
#################################################################
# Secrets metaconfig
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-pdpd-cl:1.7.0
+image: onap/policy-pdpd-cl:1.7.1
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
ubuntuInitRepository: oomk8s
ubuntuInitImage: ubuntu-init:1.0.0
persistence: {}
spec:
initContainers:
- command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- --job-name
- {{ include "common.release" . }}-policy-galera-config
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
- command:
{{- if .Values.global.aafEnabled }}
command: ["bash","-c"]
args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
- cp {{ .Values.certInitializer.credsPath }}/org.onap.policy.p12 ${POLICY_HOME}/etc/ssl/policy-keystore;\
/opt/app/policy/pap/bin/policy-pap.sh /opt/app/policy/pap/etc/mounted/config.json"]
{{- else }}
command: ["/opt/app/policy/pap/bin/policy-pap.sh"]
persistence: {}
envsubstImage: dibi/envsubst
aafEnabled: true
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
#################################################################
# Secrets metaconfig
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-pap:2.3.0
+image: onap/policy-pap:2.3.1
pullPolicy: Always
# flag to enable debugging - application support required
spec:
initContainers:
- command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- --job-name
- {{ include "common.release" . }}-policy-galera-config
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
- command:
{{- if .Values.global.aafEnabled }}
command: ["bash","-c"]
args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
- cp {{ .Values.certInitializer.credsPath }}/org.onap.policy.p12 ${POLICY_HOME}/etc/ssl/policy-keystore;\
/opt/app/policy/pdpx/bin/policy-pdpx.sh /opt/app/policy/pdpx/etc/mounted/config.json"]
{{- else }}
command: ["/opt/app/policy/pdpx/bin/policy-pdpx.sh"]
readOnly: true
- mountPath: /opt/app/policy/pdpx/etc/mounted
name: pdpxconfig-processed
- emptyDir:
- medium: Memory
resources:
{{ include "common.resources" . }}
{{- if .Values.nodeSelector }}
persistence: {}
envsubstImage: dibi/envsubst
aafEnabled: true
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
#################################################################
# Secrets metaconfig
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-xacml-pdp:2.3.0
+image: onap/policy-xacml-pdp:2.3.1
pullPolicy: Always
# flag to enable debugging - application support required
initContainers:
#This container checks that all galera instances are up before initializing it.
- name: {{ include "common.name" . }}-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
- --container-name
- {{ index .Values "mariadb-galera" "service" "name" }}
env:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- name: MYSQL_PORT
value: "{{ index .Values "mariadb-galera" "service" "internalPort" }}"
+ resources:
+{{ include "common.resources" . }}
restartPolicy: Never
volumes:
- name: {{ include "common.fullname" . }}-config
# Global configuration defaults.
#################################################################
global:
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
aafEnabled: true
mariadb:
# '&mariadbConfig' means we "store" the values for later use in the file
enabled: true
db: *dbSecretsHook
policy-nexus:
- enabled: true
+ enabled: false
#################################################################
# DB configuration defaults.
[mysqld]
lower_case_table_names = 1
+# Resource Limit flavor -By Default using small
+# Segregation for Different environment (small, large, or unlimited)
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 100m
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 8Gi
+ requests:
+ cpu: 200m
+ memory: 2Gi
+ unlimited: {}
+
#################################################################
global:
nodePortPrefix: 302
- repository: nexus3.onap.org:10001
+ readinessImage: onap/oom/readiness:3.0.1
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
+ login: '{{ .Values.db.user }}'
+ password: '{{ .Values.db.password }}'
+ passwordPolicy: required
+ - uid: pdp-http-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.pdp.pdpCredsExternalSecret) . }}'
+ login: '{{ .Values.pdp.pdphttpuserid }}'
+ password: '{{ .Values.pdp.pdphttppassword }}'
+ passwordPolicy: required
+ - uid: pap-http-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.pap.papCredsExternalSecret) . }}'
+ login: '{{ .Values.pap.pdppappdphttpuserid }}'
+ password: '{{ .Values.pap.pdppappdphttppassword }}'
+ passwordPolicy: required
#################################################################
# Application configuration defaults.
spec:
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- message-router
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
global:
nodePortPrefix: 302
repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
#################################################################
# Application configuration defaults.
spec:
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- pomba-search-data
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
- command:
global:
nodePortPrefix: 302
persistence: {}
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
# application image
repository: nexus3.onap.org:10001
spec:
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- pomba-elasticsearch
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
- args:
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
persistence: {}
#################################################################
global:
nodePortPrefix: 302
repository: nexus3.onap.org:10001
-# readinessRepository: oomk8s
-# readinessImage: readiness-check:2.0.0
# loggingRepository: docker.elastic.co
# loggingImage: beats/filebeat:5.5.0
<root>
<appender-ref ref="asyncEELF" />
+ <appender-ref ref="STDOUT" />
<!-- <appender-ref ref="asyncEELFDebug" /> -->
</root>
spec:
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- pomba-elasticsearch
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
# Declare variables to be passed into your templates.
global: # global defaults
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
# application image
global:
nodePortPrefix: 302
repository: nexus3.onap.org:10001
-# readinessRepository: oomk8s
-# readinessImage: readiness-check:2.0.0
# loggingRepository: docker.elastic.co
# loggingImage: beats/filebeat:5.5.0
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
repository: nexus3.onap.org:10001
config:
logstashServiceName: log-ls
logstashPort: 5044
-
EXCLUDES := dist resources templates charts docker
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell helm version --template "{{.Version}}")
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+else
@if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+endif
@helm repo index $(PACKAGE_DIR)
clean:
EXCLUDES :=
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell helm version --template "{{.Version}}")
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+else
@if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+endif
@helm repo index $(PACKAGE_DIR)
clean:
--- /dev/null
+# Encrypted Properties
+cipher.enc.key = ${CIPHER_ENC_KEY}
<!-- specify the component name -->\r
<property name="componentName" value="onapportal"></property>\r
\r
+ <!-- specify the application name -->\r
+ <property name="application_name" value="Portal"></property>\r
<!-- specify the base path of the log directory -->\r
<property name="logDirPrefix" value="/var/log/onap"></property>\r
\r
value="%X{MetricsLogBeginTimestamp}|%X{MetricsLogEndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{TargetVisualEntity}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}| %msg%n" />\r
\r
<property name="errorLoggerPattern"\r
- value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{ClassName}|%X{AlertSeverity}|%X{ErrorCode}|%X{ErrorDescription}| %msg%n" />\r
+ value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{AlertSeverity}|%X{ErrorCode}|%X{ErrorDescription}| %msg%n" />\r
\r
<property name="defaultLoggerPattern"\r
value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ClassName}| %msg%n" />\r
<appender-ref ref="asyncEELFServer" /> </logger> <logger name="com.att.eelf.policy"\r
level="info" additivity="false"> <appender-ref ref="asyncEELFPolicy" /> </logger> -->\r
\r
- <logger name="com.att.eelf.audit" level="info" additivity="false">\r
+ <logger name="EELFAudit" level="info" additivity="false">\r
<appender-ref ref="asyncEELFAudit" />\r
</logger>\r
\r
- <logger name="com.att.eelf.metrics" level="info" additivity="false">\r
+ <logger name="EELFMetrics" level="info" additivity="false">\r
<appender-ref ref="asyncEELFMetrics" />\r
</logger>\r
\r
- <logger name="com.att.eelf.error" level="info" additivity="false">\r
+ <logger name="EELFError" level="info" additivity="false">\r
<appender-ref ref="asyncEELFError" />\r
</logger>\r
\r
\r
<root level="INFO">\r
<appender-ref ref="asyncEELF" />\r
+ <appender-ref ref="STDOUT" />\r
</root>\r
\r
</configuration>\r
#By default it's eventual
music.atomic.get = false
-music.atomic.put = true
+music.atomic.put = false
cassandra.host={{.Values.cassandra.service.name}}
-zookeeper.host={{.Values.zookeeper.service.name}}
-cassandra.user={{.Values.cassandra.config.cassandraUsername}}
-cassandra.password={{.Values.cassandra.config.cassandraPassword}}
+cassandra.user=${CASSA_USER}
+cassandra.password=${CASSA_PASSWORD}
#mysql
db.driver = org.mariadb.jdbc.Driver
db.connectionURL = jdbc:mariadb:failover://portal-db:3306/portal
-db.userName =root
-db.password =Aa123456
+db.userName =${PORTAL_DB_USER}
+db.password =${PORTAL_DB_PASSWORD}
db.hib.dialect = org.hibernate.dialect.MySQLDialect
db.min_pool_size = 5
db.max_pool_size = 10
ext_central_access_user_name = aaf_admin@people.osaaf.org
ext_central_access_password = demo123456!
ext_central_access_url = {{.Values.aafURL}}
-ext_central_access_user_domain = @people.osaaf.org
\ No newline at end of file
+ext_central_access_user_domain = @people.osaaf.org
spec:
initContainers:
- name: {{ include "common.name" . }}-job-completion
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- --job-name
- {{ include "common.release" . }}-portal-db-config
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ - name: {{ include "common.name" . }}-portal-config
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - sh
+ args:
+ - "-c"
+ - |
+ cd /config-input && \
+ for PFILE in `ls -1 *.xml`
+ do
+ cp ${PFILE} /config
+ chmod 0755 /config/${PFILE}
+ done
+ cd /config-input && \
+ for PFILE in `ls -1 *.properties`
+ do
+ envsubst <${PFILE} >/config/${PFILE}
+ chmod 0755 /config/${PFILE}
+ done
+ env:
+ - name: CASSA_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-cass" "key" "login") | indent 12 }}
+ - name: CASSA_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-cass" "key" "password") | indent 12 }}
+ - name: CIPHER_ENC_KEY
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cipher-enc-key" "key" "password") | indent 12 }}
+ - name: PORTAL_DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "login") | indent 12 }}
+ - name: PORTAL_DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "password") | indent 12 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: properties-onapportal-scrubbed
+ - mountPath: /config
+ name: properties-onapportal
{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
- name: properties-onapportal
mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/classes/portal.properties"
subPath: portal.properties
+ - name: properties-onapportal
+ mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/classes/key.properties"
+ subPath: key.properties
- name: properties-onapportal
mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/classes/music.properties"
subPath: music.properties
- name: properties-onapportal
mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/web.xml"
subPath: web.xml
+ - name: properties-onapportal
+ mountPath: "{{ .Values.global.env.tomcatDir }}/temp"
- name: var-log-onap
mountPath: /var/log/onap
resources:
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
{{- end -}}
- {{- if .Values.affinity }}
+{{- if .Values.affinity }}
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
hostPath:
path: /etc/localtime
- name: properties-onapportal
+ emptyDir:
+ medium: Memory
+ - name: properties-onapportal-scrubbed
configMap:
name: {{ include "common.fullname" . }}-onapportal
defaultMode: 0755
env:
tomcatDir: "/usr/local/tomcat"
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ envsubstImage: dibi/envsubst
#AAF service
aafEnabled: true
+################################################################
+# Secrets metaconfig
+#################################################################
+
+secrets:
+ - uid: portal-cass
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.cassandra.config.cassandraExternalSecret) . }}'
+ login: '{{ .Values.cassandra.config.cassandraUsername }}'
+ password: '{{ .Values.cassandra.config.cassandraPassword }}'
+ passwordPolicy: required
+ - uid: cipher-enc-key
+ type: password
+ externalSecret: '{{ .Values.config.cipherEncKeyExternalSecret}}'
+ password: '{{ .Values.config.cipherEncKey }}'
+ passwordPolicy: required
+ - uid: portal-backend-db
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.mariadb.config.backendDbExternalSecret) . }}'
+ login: '{{ .Values.mariadb.config.backendUserName }}'
+ password: '{{ .Values.mariadb.config.backendPassword }}'
+ passwordPolicy: required
+
#################################################################
# Application configuration defaults.
#################################################################
image: onap/portal-app:3.2.3
pullPolicy: Always
+# application configuration
+config:
+ # cipherEncKeyExternalSecret: some secret
+ cipherEncKey: AGLDdG4D04BKm2IxIWEr8o==!
+
#AAF local config
aafURL: https://aaf-service:8100/authz/
mariadb:
service:
name: portal-db
+ config:
+ # backendDbExternalSecret: some secret
+ backendUserName: portal
+ backendPassword: portal
widget:
service:
name: portal-widget
service:
name: portal-cassandra
config:
+ # cassandraExternalSecret: some secret
cassandraUsername: root
cassandraPassword: Aa123456
-zookeeper:
- service:
- name: portal-zookeeper
messageRouter:
service:
name: message-router
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- name: CASSUSER
- value: "{{ .Values.config.cassandraUsername }}"
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 12}}
- name: CASSPASS
- value: "{{ .Values.config.cassandraPassword }}"
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "password") | indent 12}}
- name: JVM_OPTS
value: "{{ .Values.config.cassandraJvmOpts }}"
- name: POD_IP
--- /dev/null
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
image: onap/music/cassandra_music:3.0.0
pullPolicy: Always
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: 'db-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.cassandraExternalSecret) . }}'
+ login: '{{ .Values.config.cassandraUsername }}'
+ password: '{{ .Values.config.cassandraPassword }}'
+
# application configuration
config:
cassandraUsername: root
cassandraPassword: Aa123456
+# cassandraCredsExternalSecret: some secret
cassandraJvmOpts: -Xmx2536m -Xms2536m
# default number of instances
echo
done
+ file_env 'PORTAL_DB_TABLES'
+ for i in $(echo $PORTAL_DB_TABLES | sed "s/,/ /g")
+ do
+ echo "Granting portal user ALL PRIVILEGES for table $i"
+ echo "GRANT ALL ON \`$i\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}"
+ done
+
if ! kill -s TERM "$pid" || ! wait "$pid"; then
echo >&2 'MySQL init process failed.'
exit 1
fi
fi
-exec "$@"
\ No newline at end of file
+exec "$@"
*/
-- app_url is the FE, app_rest_endpoint is the BE
--portal-sdk => TODO: doesn't open a node port yet
-update fn_app set app_url = 'https://{{.Values.config.portalSdkHostName}}:{{.Values.config.portalSdkPort}}/ONAPPORTALSDK/welcome.htm', app_rest_endpoint = 'https://portal-sdk:8080/ONAPPORTALSDK/api/v3' where app_name = 'xDemo App';
+update fn_app set app_url = 'https://{{.Values.config.portalSdkHostName}}:{{.Values.config.portalSdkPort}}/ONAPPORTALSDK/welcome.htm', app_rest_endpoint = 'https://portal-sdk:8443/ONAPPORTALSDK/api/v3' where app_name = 'xDemo App';
--dmaap-bc => the dmaap-bc doesn't open a node port..
update fn_app set app_url = 'http://{{.Values.config.dmaapBcHostName}}:{{.Values.config.dmaapBcPort}}/ECOMPDBCAPP/dbc#/dmaap', app_rest_endpoint = 'http://dmaap-bc:8989/ECOMPDBCAPP/api/v2' where app_name = 'DMaaP Bus Ctrl';
--sdc-be => 8443:30204
-- aai sparky
update fn_app set app_username='aaiui', app_password='4LK69amiIFtuzcl6Gsv97Tt7MLhzo03aoOx7dTvdjKQ=', ueb_key='ueb_key_7' where app_id = 7;
+-- Disabled Policy APP
+UPDATE fn_app fa SET fa.enabled = 'N' WHERE app_name = 'Policy';
+
/*
Replace spaces with underscores for role names to match AAF role names
secretKeyRef:
name: {{ template "common.fullname" . }}
key: db-root-password
+ - name: MYSQL_USER
+ valueFrom:
+ secretKeyRef:
+ name: {{ template "common.fullname" . }}
+ key: backend-db-user
+ - name: MYSQL_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ template "common.fullname" . }}
+ key: backend-db-password
+ - name: PORTAL_DB_TABLES
+ value: {{ .Values.config.backend_portal_tables }}
volumeMounts:
- mountPath: /var/lib/mysql
name: mariadb-data
restartPolicy: Never
initContainers:
- name: {{ include "common.name" . }}-init-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- {{ include "common.name" . }}
fieldPath: metadata.namespace
containers:
- name: {{ include "common.name" . }}-job
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.mariadbInitImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.mariadbInitImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
- name: DB_HOST
- name: SQL_SRC_DIR
value: {{ .Values.config.sqlSourceDirectory }}
- name: {{ include "common.name" . }}-oom-update-job
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.mariadbInitImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.mariadbInitImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
- name: DB_HOST
value: "{{ .Values.service.internalPort }}"
- name: DB_PASS
valueFrom:
- secretKeyRef: {name: {{ include "common.fullname" . }}, key: db-root-password}
+ secretKeyRef:
+ name: {{ include "common.fullname" . }}
+ key: db-root-password
command:
- /bin/sh
- -x
type: Opaque
data:
db-root-password: {{ .Values.config.mariadbRootPassword | b64enc | quote }}
+stringData:
+ backend-db-user: {{ .Values.config.backendDbUser }}
+ backend-db-password: {{ .Values.config.backendDbPassword }}
global: # global defaults
nodePortPrefix: 302
persistence: {}
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
busyBoxImage: busybox:1.30
busyBoxRepository: docker.io
pullPolicy: Always
-mariadbInitImage: "mariadb-client-init:3.0.0"
+mariadbInitImage: "oomk8s/mariadb-client-init:3.0.0"
# application configuration
config:
mariadbUser: root
mariadbRootPassword: Aa123456
+ backendDbUser: portal
+ backendDbPassword: portal
+ #backend_portal_tables is a comma delimited string listing back-end tables
+ #that backendDbUser needs access to, such as to portal and ecomp_sdk tables
+ backend_portal_tables: portal,ecomp_sdk
#The directory where sql files are found in the projects gerrit repo.
sqlSourceDirectory: portal/deliveries
# sdc frontend assignment for port 9443
--- /dev/null
+###
+# ============LICENSE_START==========================================
+# ONAP Portal SDK
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+#
+###
+
+# Properties read by the ECOMP Framework library (epsdk-fw)
+cipher.enc.key = ${CIPHER_ENC_KEY}
<!--<jmxConfigurator /> -->\r
<!-- specify the component name -->\r
<property name="componentName" value="onapsdk"></property>\r
+ <!-- specify the application name -->\r
+ <property name="application_name" value="PortalSDK"></property>\r
<!-- specify the base path of the log directory -->\r
<property name="logDirPrefix" value="/var/log/onap"></property>\r
<!-- The directories where logs are written -->\r
<!-- 1610 Logging Fields Format Revisions -->\r
<property name="auditLoggerPattern" value="%X{AuditLogBeginTimestamp}|%X{AuditLogEndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}| %msg%n" />\r
<property name="metricsLoggerPattern" value="%X{MetricsLogBeginTimestamp}|%X{MetricsLogEndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{TargetVisualEntity}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}| %msg%n" />\r
- <property name="errorLoggerPattern" value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{ClassName}|%X{AlertSeverity}|%X{ErrorCode}|%X{ErrorDescription}| %msg%n" />\r
+ <property name="errorLoggerPattern" value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{AlertSeverity}|%X{ErrorCode}|%X{ErrorDescription}| %msg%n" />\r
<property name="defaultLoggerPattern" value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ClassName}| %msg%n" />\r
<!-- use %class so library logging calls yield their class name -->\r
<property name="applicationLoggerPattern" value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%class{36}| %msg%n" />\r
<logger name="org.onap.eelf" level="info" additivity="false">\r
<appender-ref ref="asyncEELF" />\r
</logger>\r
- <logger name="org.onap.eelf.audit" level="info" additivity="false">\r
+ <logger name="EELFAudit" level="info" additivity="false">\r
<appender-ref ref="asyncEELFAudit" />\r
</logger>\r
<logger name="org.onap.eelf.debug" level="debug" additivity="false">\r
<appender-ref ref="asyncEELFDebug" />\r
</logger>\r
- <logger name="org.onap.eelf.error" level="info" additivity="false">\r
+ <logger name="EELFError" level="info" additivity="false">\r
<appender-ref ref="asyncEELFError" />\r
</logger>\r
- <logger name="org.onap.eelf.metrics" level="info" additivity="false">\r
+ <logger name="EELFMetrics" level="info" additivity="false">\r
<appender-ref ref="asyncEELFMetrics" />\r
</logger>\r
<root level="DEBUG">\r
<appender-ref ref="asyncEELF" />\r
+ <appender-ref ref="STDOUT" />\r
</root>\r
</configuration>\r
#By default it's eventual
music.atomic.get = false
-music.atomic.put = true
+music.atomic.put = false
cassandra.host={{.Values.cassandra.service.name}}
-zookeeper.host={{.Values.zookeeper.service.name}}
-cassandra.user={{.Values.cassandra.config.cassandraUsername}}
-cassandra.password={{.Values.cassandra.config.cassandraPassword}}
+cassandra.user=${CASSA_USER}
+cassandra.password=${CASSA_PASSWORD}
db.driver = org.mariadb.jdbc.Driver
db.connectionURL = jdbc:mariadb://portal-db:3306/ecomp_sdk
-db.userName = root
-db.password = Aa123456
+db.userName =${PORTAL_DB_USER}
+db.password =${PORTAL_DB_PASSWORD}
db.min_pool_size = 5
db.max_pool_size = 10
hb.dialect = org.hibernate.dialect.MySQLDialect
ext_central_access_user_name = aaf_admin@people.osaaf.org
ext_central_access_password = demo123456!
ext_central_access_url = {{.Values.aafURL}}
-ext_central_access_user_domain = @people.osaaf.org
\ No newline at end of file
+ext_central_access_user_domain = @people.osaaf.org
spec:
initContainers:
- name: {{ include "common.name" . }}-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- "portal-db"
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ - name: {{ include "common.name" . }}-portalsdk-config
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - sh
+ args:
+ - "-c"
+ - |
+ cd /config-input && \
+ for PFILE in `ls -1 *.xml`
+ do
+ cp ${PFILE} /config
+ chmod 0755 /config/${PFILE}
+ done
+ cd /config-input && \
+ for PFILE in `ls -1 *.properties`
+ do
+ envsubst <${PFILE} >/config/${PFILE}
+ chmod 0755 /config/${PFILE}
+ done
+ env:
+ - name: CASSA_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-cass" "key" "login") | indent 12 }}
+ - name: CASSA_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-cass" "key" "password") | indent 12 }}
+ - name: CIPHER_ENC_KEY
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cipher-enc-key" "key" "password") | indent 12 }}
+ - name: PORTAL_DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "login") | indent 12 }}
+ - name: PORTAL_DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "password") | indent 12 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: properties-onapportalsdk-scrubbed
+ - mountPath: /config
+ name: properties-onapportalsdk
{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
- name: properties-onapportalsdk
mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTALSDK/WEB-INF/classes/portal.properties"
subPath: portal.properties
+ - name: properties-onapportalsdk
+ mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/classes/key.properties"
+ subPath: key.properties
- name: properties-onapportalsdk
mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTALSDK/WEB-INF/classes/music.properties"
subPath: music.properties
hostPath:
path: /etc/localtime
- name: properties-onapportalsdk
+ emptyDir:
+ medium: Memory
+ - name: properties-onapportalsdk-scrubbed
configMap:
name: {{ include "common.fullname" . }}-onapportalsdk
defaultMode: 0755
env:
tomcatDir: "/usr/local/tomcat"
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
persistence: {}
+ envsubstImage: dibi/envsubst
#AAF service
aafEnabled: true
+################################################################
+# Secrets metaconfig
+#################################################################
+
+secrets:
+ - uid: portal-cass
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.cassandra.config.cassandraExternalSecret) . }}'
+ login: '{{ .Values.cassandra.config.cassandraUsername }}'
+ password: '{{ .Values.cassandra.config.cassandraPassword }}'
+ passwordPolicy: required
+ - uid: portal-backend-db
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.mariadb.config.backendDbExternalSecret) . }}'
+ login: '{{ .Values.mariadb.config.backendUserName }}'
+ password: '{{ .Values.mariadb.config.backendPassword }}'
+ passwordPolicy: required
+ - uid: cipher-enc-key
+ type: password
+ externalSecret: '{{ .Values.config.cipherEncKeyExternalSecret}}'
+ password: '{{ .Values.config.cipherEncKey }}'
+ passwordPolicy: required
+
#################################################################
# Application configuration defaults.
#################################################################
image: onap/portal-sdk:3.2.0
pullPolicy: Always
+# application configuration
+config:
+ # cipherEncKeyExternalSecret: some secret
+ cipherEncKey: AGLDdG4D04BKm2IxIWEr8o==
+
+
#AAF local config
aafURL: https://aaf-service:8100/authz/
certInitializer:
mariadb:
service:
name: portal-db
+ config:
+ # backendDbExternalSecret: some secret
+ backendUserName: portal
+ backendPassword: portal
widget:
service:
name: portal-widget
service:
name: portal-cassandra
config:
+ # cassandraExternalSecret: some secret
cassandraUsername: root
cassandraPassword: Aa123456
-zookeeper:
- service:
- name: portal-zookeeper
messageRouter:
service:
name: message-router
spec:
initContainers:
- name: {{ include "common.name" . }}-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- "portal-db"
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
ubuntuInit: ubuntu-init:1.0.0
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: Zookeeper for ONAP Portal
-name: portal-zookeeper
-version: 6.0.0
+++ /dev/null
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.externalPort }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- {{- end}}
- name: {{ .Values.service.portName }}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# Default values for mariadb.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-global: # global defaults
- nodePortPrefix: 302
- persistence: {}
-
-
-# application image
-repository: nexus3.onap.org:10001
-image: zookeeper:3.4
-pullPolicy: Always
-
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-service:
- type: ClusterIP
- name: portal-zookeeper
- portName: portal-zk
- externalPort: 2181
- internalPort: 2181
-
-ingress:
- enabled: false
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 100m
- memory: 200Mi
- requests:
- cpu: 1m
- memory: 80Mi
- large:
- limits:
- cpu: 1
- memory: 1Gi
- requests:
- cpu: 500m
- memory: 600Mi
- unlimited: {}
- name: portal-widget
version: ~6.x-0
repository: 'file://components/portal-widget'
- - name: portal-zookeeper
- version: ~6.x-0
- repository: 'file://components/portal-zookeeper'
--- /dev/null
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
portalFEPort: "30225"
# application's front end hostname. Must be resolvable on the client side environment
portalHostName: "portal.api.simpledemo.onap.org"
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: portal-cass
+ name: &dbSecretName '{{ include "common.release" . }}-portal-cass-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.casandraCredsExternalSecret) . }}'
+ login: '{{ .Values.config.cassandraUsername }}'
+ password: '{{ .Values.config.cassandraPassword }}'
+ - uid: portal-backend-db
+ name: &backendDbSecretName '{{ include "common.release" . }}-portal-backend-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.mariadb.config.backendDbExternalSecret) . }}'
+ login: '{{ .Values.mariadb.config.backendUserName }}'
+ password: '{{ .Values.mariadb.config.backendPassword }}'
+ passwordPolicy: required
+
config:
logstashServiceName: log-ls
logstashPort: 5044
+ cassandraUsername: root
+ cassandraPassword: Aa123456
+# casandraCredsExternalSecret: some secret
+
portal-mariadb:
nameOverride: portal-db
mariadb:
service:
name: portal-db
+ config:
+# backendDbExternalSecret: some secret
+ backendUserName: portal
+ backendPassword: portal
+
widget:
service:
name: portal-widget
service:
name: portal-cassandra
config:
- cassandraUsername: root
- cassandraPassword: Aa123456
-zookeeper:
- service:
- name: portal-zookeeper
+ cassandraExternalSecret: *dbSecretName
+portal-app:
+ mariadb:
+ config:
+ backendDbExternalSecret: *backendDbSecretName
+ cassandra:
+ config:
+ cassandraExternalSecret: *dbSecretName
+portal-sdk:
+ mariadb:
+ config:
+ backendDbExternalSecret: *backendDbSecretName
+ cassandra:
+ config:
+ cassandraExternalSecret: *dbSecretName
messageRouter:
service:
name: message-router
ingress:
- enabled: false
\ No newline at end of file
+ enabled: false
+++ /dev/null
-# Eclipse
-.classpath
-.factorypath
-.project
-.pydevproject
-.settings/
-
-# IntelliJ
-.idea/*
-*.iml
-
-# Mac OS
-*DS_Store*
-
-/target
\ No newline at end of file
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- labels:
- app: healthy
- version: 1.0.0
- name: healthy
-spec:
- selector:
- matchLabels:
- app: healthy
- version: 1.0.0
- template:
- metadata:
- labels:
- app: healthy
- version: 1.0.0
- name: healthy
- spec:
- containers:
- - args:
- - --container-name
- - hbase
- command:
- - /root/ready.py
- image: oomk8s/readiness-check:2.0.0
- imagePullPolicy: Always
- name: healthy
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
+++ /dev/null
-<!--
-
- ============LICENSE_START=======================================================
- org.onap.aai
- ================================================================================
- Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved.
- ================================================================================
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- ============LICENSE_END=========================================================
-
--->
-<project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://maven.apache.org/POM/4.0.0" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
- <modelVersion>4.0.0</modelVersion>
- <parent>
- <groupId>org.onap.oparent</groupId>
- <artifactId>oparent</artifactId>
- <version>2.0.0</version>
- </parent>
-
- <groupId>org.onap.oom.readiness.check</groupId>
- <artifactId>readiness-check-docker</artifactId>
- <version>2.2.1-SNAPSHOT</version>
- <packaging>pom</packaging>
- <name>oom-readiness-check-image</name>
- <description>Contains dockerfiles and scrtipts for readiness-ckeck image.</description>
-
- <properties>
- <docker.fabric.version>0.31.0</docker.fabric.version>
- <oom.docker.namespace>onap</oom.docker.namespace>
- </properties>
-
- <build>
- <plugins>
- <plugin>
- <groupId>io.fabric8</groupId>
- <artifactId>docker-maven-plugin</artifactId>
- <version>${docker.fabric.version}</version>
- <configuration>
- <verbose>true</verbose>
- <apiVersion>1.23</apiVersion>
- <images>
- <image>
- <name>${docker.push.registry}/${oom.docker.namespace}/readiness-check:%l</name>
- <build>
- <filter>@</filter>
- <assembly>
- <mode>dir</mode>
- <inline xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.2" xsi:schemaLocation="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.2 http://maven.apache.org/xsd/assembly-1.1.2.xsd">
- <fileSets>
- <fileSet>
- <directory>${project.basedir}/src/main/scripts</directory>
- <outputDirectory>/</outputDirectory>
- <includes>
- <include>**/*</include>
- </includes>
- </fileSet>
- </fileSets>
- </inline>
- </assembly>
- <tags>
- <tag>latest</tag>
- <tag>latest-${project.version}</tag>
- </tags>
- <cleanup>try</cleanup>
- <dockerFileDir>${project.basedir}/src/main/docker</dockerFileDir>
- </build>
- </image>
- </images>
- </configuration>
- <executions>
- <execution>
- <id>clean-images</id>
- <phase>pre-clean</phase>
- <goals>
- <goal>remove</goal>
- </goals>
- <configuration>
- <removeAll>true</removeAll>
- </configuration>
- </execution>
- <execution>
- <id>generate-images</id>
- <phase>package</phase>
- <goals>
- <goal>build</goal>
- </goals>
- </execution>
- <execution>
- <id>push-images</id>
- <phase>deploy</phase>
- <goals>
- <goal>push</goal>
- </goals>
- </execution>
- </executions>
- </plugin>
- </plugins>
- </build>
-</project>
\ No newline at end of file
+++ /dev/null
-FROM python:3-alpine3.9
-
-ENV no_proxy "localhost,127.0.0.1,.cluster.local,$KUBERNETES_SERVICE_HOST"
-# Setup Corporate proxy
-ENV https_proxy ${HTTPS_PROXY}
-ENV http_proxy ${HTTP_PROXY}
-
-RUN pip install requests pyyaml kubernetes
-
-ENV CERT="/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
-ENV TOKEN="/var/run/secrets/kubernetes.io/serviceaccount/token"
-
-COPY maven/ /root/
-RUN chmod -R a+x /root/
-
-ENTRYPOINT ["/root/ready.py"]
-CMD [""]
\ No newline at end of file
+++ /dev/null
-#!/usr/bin/env python
-import getopt
-import logging
-import os
-import sys
-import time
-import random
-
-from kubernetes import client
-
-# extract env variables.
-namespace = os.environ['NAMESPACE']
-cert = os.environ['CERT']
-host = os.environ['KUBERNETES_SERVICE_HOST']
-token_path = os.environ['TOKEN']
-
-with open(token_path, 'r') as token_file:
- token = token_file.read().replace('\n', '')
-
-# setup logging
-log = logging.getLogger(__name__)
-handler = logging.StreamHandler(sys.stdout)
-formatter = logging.Formatter('%(asctime)s - %(levelname)s - %(message)s')
-handler.setFormatter(formatter)
-handler.setLevel(logging.INFO)
-log.addHandler(handler)
-log.setLevel(logging.INFO)
-
-configuration = client.Configuration()
-configuration.host = "https://" + host
-configuration.ssl_ca_cert = cert
-configuration.api_key['authorization'] = token
-configuration.api_key_prefix['authorization'] = 'Bearer'
-batchV1Api = client.BatchV1Api(client.ApiClient(configuration))
-
-
-def is_job_complete(job_name):
- complete = False
- log.info("Checking if " + job_name + " is complete")
- response = ""
- try:
- response = batchV1Api.read_namespaced_job_status(job_name, namespace)
- if response.status.succeeded == 1:
- job_status_type = response.status.conditions[0].type
- if job_status_type == "Complete":
- complete = True
- else:
- log.info(job_name + " is not complete")
- else:
- log.info(job_name + " has not succeeded yet")
- return complete
- except Exception as e:
- log.error("Exception when calling read_namespaced_job_status: %s\n" % e)
-
-
-DEF_TIMEOUT = 10
-DESCRIPTION = "Kubernetes container job complete check utility"
-USAGE = "Usage: job_complete.py [-t <timeout>] -j <job_name> " \
- "[-j <job_name> ...]\n" \
- "where\n" \
- "<timeout> - wait for container job complete timeout in min, " \
- "default is " + str(DEF_TIMEOUT) + "\n" \
- "<job_name> - name of the job to wait for\n"
-
-
-def main(argv):
- # args are a list of job names
- job_names = []
- timeout = DEF_TIMEOUT
- try:
- opts, args = getopt.getopt(argv, "hj:t:", ["job-name=",
- "timeout=",
- "help"])
- for opt, arg in opts:
- if opt in ("-h", "--help"):
- print("%s\n\n%s" % (DESCRIPTION, USAGE))
- sys.exit()
- elif opt in ("-j", "--job-name"):
- job_names.append(arg)
- elif opt in ("-t", "--timeout"):
- timeout = float(arg)
- except (getopt.GetoptError, ValueError) as e:
- print("Error parsing input parameters: %s\n" % e)
- print(USAGE)
- sys.exit(2)
- if job_names.__len__() == 0:
- print("Missing required input parameter(s)\n")
- print(USAGE)
- sys.exit(2)
-
- for job_name in job_names:
- timeout = time.time() + timeout * 60
- while True:
- complete = is_job_complete(job_name)
- if complete is True:
- break
- elif time.time() > timeout:
- log.warning("timed out waiting for '" + job_name +
- "' to be completed")
- exit(1)
- else:
- # spread in time potentially parallel execution in multiple
- # containers
- time.sleep(random.randint(5, 11))
-
-
-if __name__ == "__main__":
- main(sys.argv[1:])
+++ /dev/null
-#!/usr/bin/env python
-import getopt
-import logging
-import os
-import sys
-import time
-import random
-
-from kubernetes import client
-
-# extract env variables.
-namespace = os.environ['NAMESPACE']
-cert = os.environ['CERT']
-host = os.environ['KUBERNETES_SERVICE_HOST']
-token_path = os.environ['TOKEN']
-
-with open(token_path, 'r') as token_file:
- token = token_file.read().replace('\n', '')
-
-# setup logging
-log = logging.getLogger(__name__)
-handler = logging.StreamHandler(sys.stdout)
-formatter = logging.Formatter('%(asctime)s - %(levelname)s - %(message)s')
-handler.setFormatter(formatter)
-handler.setLevel(logging.INFO)
-log.addHandler(handler)
-log.setLevel(logging.INFO)
-
-configuration = client.Configuration()
-configuration.host = "https://" + host
-configuration.ssl_ca_cert = cert
-configuration.api_key['authorization'] = token
-configuration.api_key_prefix['authorization'] = 'Bearer'
-coreV1Api = client.CoreV1Api(client.ApiClient(configuration))
-api_instance = client.ExtensionsV1beta1Api(client.ApiClient(configuration))
-api = client.AppsV1beta1Api(client.ApiClient(configuration))
-batchV1Api = client.BatchV1Api(client.ApiClient(configuration))
-
-
-def is_job_complete(job_name):
- complete = False
- log.info("Checking if " + job_name + " is complete")
- try:
- response = batchV1Api.read_namespaced_job_status(job_name, namespace)
- if response.status.succeeded == 1:
- job_status_type = response.status.conditions[0].type
- if job_status_type == "Complete":
- complete = True
- log.info(job_name + " is complete")
- else:
- log.info(job_name + " is not complete")
- else:
- log.info(job_name + " has not succeeded yet")
- return complete
- except Exception as e:
- log.error("Exception when calling read_namespaced_job_status: %s\n" % e)
-
-
-def wait_for_statefulset_complete(statefulset_name):
- try:
- response = api.read_namespaced_stateful_set(statefulset_name, namespace)
- s = response.status
- if (s.replicas == response.spec.replicas and
- s.ready_replicas == response.spec.replicas and
- s.observed_generation == response.metadata.generation):
- log.info("Statefulset " + statefulset_name + " is ready")
- return True
- else:
- log.info("Statefulset " + statefulset_name + " is not ready")
- return False
- except Exception as e:
- log.error("Exception when waiting for Statefulset status: %s\n" % e)
-
-
-def wait_for_deployment_complete(deployment_name):
- try:
- response = api.read_namespaced_deployment(deployment_name, namespace)
- s = response.status
- if (s.unavailable_replicas is None and
- ( s.updated_replicas is None or s.updated_replicas == response.spec.replicas ) and
- s.replicas == response.spec.replicas and
- s.ready_replicas == response.spec.replicas and
- s.observed_generation == response.metadata.generation):
- log.info("Deployment " + deployment_name + " is ready")
- return True
- else:
- log.info("Deployment " + deployment_name + " is not ready")
- return False
- except Exception as e:
- log.error("Exception when waiting for deployment status: %s\n" % e)
-
-
-def wait_for_daemonset_complete(daemonset_name):
- try:
- response = api_instance.read_namespaced_daemon_set(daemonset_name, namespace)
- s = response.status
- if s.desired_number_scheduled == s.number_ready:
- log.info("DaemonSet: " + str(s.number_ready) + "/" + str(s.desired_number_scheduled) + " nodes ready --> " + daemonset_name + " is ready")
- return True
- else:
- log.info("DaemonSet: " + str(s.number_ready) + "/" + str(s.desired_number_scheduled) + " nodes ready --> " + daemonset_name + " is not ready")
- return False
- except Exception as e:
- log.error("Exception when waiting for DaemonSet status: %s\n" % e)
-
-
-def is_ready(container_name):
- ready = False
- log.info("Checking if " + container_name + " is ready")
- try:
- response = coreV1Api.list_namespaced_pod(namespace=namespace,
- watch=False)
- for i in response.items:
- # container_statuses can be None, which is non-iterable.
- if i.status.container_statuses is None:
- continue
- for s in i.status.container_statuses:
- if s.name == container_name:
- name = read_name(i)
- if i.metadata.owner_references[0].kind == "StatefulSet":
- ready = wait_for_statefulset_complete(name)
- elif i.metadata.owner_references[0].kind == "ReplicaSet":
- deployment_name = get_deployment_name(name)
- ready = wait_for_deployment_complete(deployment_name)
- elif i.metadata.owner_references[0].kind == "Job":
- ready = is_job_complete(name)
- elif i.metadata.owner_references[0].kind == "DaemonSet":
- ready = wait_for_daemonset_complete(i.metadata.owner_references[0].name)
-
- return ready
-
- else:
- continue
- return ready
- except Exception as e:
- log.error("Exception when calling list_namespaced_pod: %s\n" % e)
-
-
-def read_name(item):
- return item.metadata.owner_references[0].name
-
-
-def get_deployment_name(replicaset):
- api_response = api_instance.read_namespaced_replica_set_status(replicaset,
- namespace)
- deployment_name = read_name(api_response)
- return deployment_name
-
-
-DEF_TIMEOUT = 10
-DESCRIPTION = "Kubernetes container readiness check utility"
-USAGE = "Usage: ready.py [-t <timeout>] -c <container_name> " \
- "[-c <container_name> ...]\n" \
- "where\n" \
- "<timeout> - wait for container readiness timeout in min, " \
- "default is " + str(DEF_TIMEOUT) + "\n" \
- "<container_name> - name of the container to wait for\n"
-
-
-def main(argv):
- # args are a list of container names
- container_names = []
- timeout = DEF_TIMEOUT
- try:
- opts, args = getopt.getopt(argv, "hc:t:", ["container-name=",
- "timeout=",
- "help"])
- for opt, arg in opts:
- if opt in ("-h", "--help"):
- print("%s\n\n%s" % (DESCRIPTION, USAGE))
- sys.exit()
- elif opt in ("-c", "--container-name"):
- container_names.append(arg)
- elif opt in ("-t", "--timeout"):
- timeout = float(arg)
- except (getopt.GetoptError, ValueError) as e:
- print("Error parsing input parameters: %s\n" % e)
- print(USAGE)
- sys.exit(2)
- if container_names.__len__() == 0:
- print("Missing required input parameter(s)\n")
- print(USAGE)
- sys.exit(2)
-
- for container_name in container_names:
- timeout = time.time() + timeout * 60
- while True:
- ready = is_ready(container_name)
- if ready is True:
- break
- elif time.time() > timeout:
- log.warning("timed out waiting for '" + container_name +
- "' to be ready")
- exit(1)
- else:
- # spread in time potentially parallel execution in multiple
- # containers
- time.sleep(random.randint(5, 11))
-
-
-if __name__ == "__main__":
- main(sys.argv[1:])
-
-Subproject commit b093c77b4faa2c4f0bfc67e481f724b6d67c7229
+Subproject commit d4d20fe81e2fb4ee98e16c2b350b0981202f57d6
--- /dev/null
+# Copyright © 2020 Samsung Electronics, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts docker
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+HELM_VER := $(shell helm version --template "{{.Version}}")
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+else
+ @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+endif
+
+ @helm repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
+++ /dev/null
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: ONAP SDC DCAE Backend client of TOSCALAB and SDC
-name: sdc-dcae-be
-version: 6.0.0
+++ /dev/null
-<?xml version="1.0" encoding="utf-8"?>\r
-<!--\r
-================================================================================\r
-Copyright (C) 2018 AT&T Intellectual Property\r
-================================================================================\r
-Licensed under the Apache License, Version 2.0 (the "License");\r
-you may not use this file except in compliance with the License.\r
-You may obtain a copy of the License at\r
-\r
- http://www.apache.org/licenses/LICENSE-2.0\r
-\r
-Unless required by applicable law or agreed to in writing, software\r
-distributed under the License is distributed on an "AS IS" BASIS,\r
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
-See the License for the specific language governing permissions and\r
-limitations under the License.\r
-================================================================================\r
--->\r
-\r
-<configuration scan="true" scanPeriod="3 seconds">\r
- <property name="logDir" value="/var/log/onap" />\r
- <property name="componentName" scope="system" value="sdc"></property>\r
- <property name="subComponentName" scope="system" value="dcae-be"></property>\r
- <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />\r
- <property file="${config.home}/dcae-be/configuration.yaml" />\r
- <property name="enable-all-log" scope="context" value="false" />\r
- <!-- log file names -->\r
- <property name="errorLogName" value="error" />\r
- <property name="metricsLogName" value="metrics" />\r
- <property name="auditLogName" value="audit" />\r
- <property name="debugLogName" value="debug" />\r
- <property name="transactionLogName" value="transaction" />\r
- <property name="allLogName" value="all" />\r
- <property name="queueSize" value="256" />\r
- <property name="maxFileSize" value="50MB" />\r
- <property name="maxHistory" value="30" />\r
- <property name="totalSizeCap" value="10GB" />\r
- <property name="pattern" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" />\r
- <!-- All log -->\r
- <if condition='property("enable-all-log").equalsIgnoreCase("true")'>\r
- <then>\r
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="ALL_ROLLING">\r
- <file>${logDirectory}/${allLogName}.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <fileNamePattern>${logDirectory}/${allLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>\r
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">\r
- <maxFileSize>${maxFileSize}</maxFileSize>\r
- </timeBasedFileNamingAndTriggeringPolicy>\r
- <maxHistory>${maxHistory}</maxHistory>\r
- <totalSizeCap>${totalSizeCap}</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${pattern}</pattern>\r
- </encoder>\r
- </appender>\r
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_ALL">\r
- <appender-ref ref="ALL_ROLLING" />\r
- </appender>\r
- </then>\r
- </if>\r
- <!-- Error log -->\r
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="ERROR_ROLLING">\r
- <file>${logDirectory}/${errorLogName}.log</file>\r
- <!-- Audit messages filter - deny audit messages -->\r
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">\r
- <marker>AUDIT_MARKER</marker>\r
- </evaluator>\r
- <onMismatch>NEUTRAL</onMismatch>\r
- <onMatch>DENY</onMatch>\r
- </filter>\r
- <!-- Transaction messages filter - deny Transaction messages -->\r
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">\r
- <marker>TRANSACTION_MARKER</marker>\r
- </evaluator>\r
- <onMismatch>NEUTRAL</onMismatch>\r
- <onMatch>DENY</onMatch>\r
- </filter>\r
- <!-- deny all events with a level below INFO, that is TRACE and DEBUG -->\r
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">\r
- <level>INFO</level>\r
- </filter>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <fileNamePattern>${logDirectory}/${errorLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>\r
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">\r
- <maxFileSize>${maxFileSize}</maxFileSize>\r
- </timeBasedFileNamingAndTriggeringPolicy>\r
- <maxHistory>${maxHistory}</maxHistory>\r
- <totalSizeCap>${totalSizeCap}</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${pattern}</pattern>\r
- </encoder>\r
- </appender>\r
- <!-- Debug log -->\r
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="DEBUG_ROLLING">\r
- <file>${logDirectory}/${debugLogName}.log</file>\r
- <!-- No need to deny audit messages - they are INFO only, will be denied\r
- anyway -->\r
- <!-- Transaction messages filter - deny Transaction messages, there are\r
- some DEBUG level messages among them -->\r
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">\r
- <marker>TRANSACTION_MARKER</marker>\r
- </evaluator>\r
- <onMismatch>NEUTRAL</onMismatch>\r
- <onMatch>DENY</onMatch>\r
- </filter>\r
- <!-- accept DEBUG and TRACE level -->\r
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
- <evaluator class="ch.qos.logback.classic.boolex.GEventEvaluator">\r
- <expression>e.level.toInt() <= DEBUG.toInt()</expression>\r
- </evaluator>\r
- <OnMismatch>DENY</OnMismatch>\r
- <OnMatch>NEUTRAL</OnMatch>\r
- </filter>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>\r
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">\r
- <maxFileSize>${maxFileSize}</maxFileSize>\r
- </timeBasedFileNamingAndTriggeringPolicy>\r
- <maxHistory>${maxHistory}</maxHistory>\r
- <totalSizeCap>${totalSizeCap}</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${pattern}</pattern>\r
- </encoder>\r
- </appender>\r
- <!-- Audit log -->\r
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="AUDIT_ROLLING">\r
- <file>${logDirectory}/${auditLogName}.log</file>\r
- <!-- Audit messages filter - accept audit messages -->\r
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">\r
- <marker>AUDIT_MARKER</marker>\r
- </evaluator>\r
- <onMismatch>DENY</onMismatch>\r
- <onMatch>ACCEPT</onMatch>\r
- </filter>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>\r
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">\r
- <maxFileSize>${maxFileSize}</maxFileSize>\r
- </timeBasedFileNamingAndTriggeringPolicy>\r
- <maxHistory>${maxHistory}</maxHistory>\r
- <totalSizeCap>${totalSizeCap}</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${pattern}</pattern>\r
- </encoder>\r
- </appender>\r
- <!-- SdncTransaction log -->\r
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="TRANSACTION_ROLLING">\r
- <file>${logDirectory}/${transactionLogName}.log</file>\r
- <!-- Transaction messages filter - accept audit messages -->\r
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">\r
- <marker>TRANSACTION_MARKER</marker>\r
- </evaluator>\r
- <onMismatch>DENY</onMismatch>\r
- <onMatch>ACCEPT</onMatch>\r
- </filter>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <fileNamePattern>${logDirectory}/${transactionLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>\r
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">\r
- <maxFileSize>${maxFileSize}</maxFileSize>\r
- </timeBasedFileNamingAndTriggeringPolicy>\r
- <maxHistory>${maxHistory}</maxHistory>\r
- <totalSizeCap>${totalSizeCap}</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${pattern}</pattern>\r
- </encoder>\r
- </appender>\r
- <!-- Asynchronicity Configurations -->\r
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_DEBUG">\r
- <queueSize>${queueSize}</queueSize>\r
- <appender-ref ref="DEBUG_ROLLING" />\r
- </appender>\r
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_TRANSACTION">\r
- <queueSize>${queueSize}</queueSize>\r
- <appender-ref ref="TRANSACTION_ROLLING" />\r
- </appender>\r
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_ERROR">\r
- <queueSize>${queueSize}</queueSize>\r
- <appender-ref ref="ERROR_ROLLING" />\r
- </appender>\r
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_AUDIT">\r
- <queueSize>${queueSize}</queueSize>\r
- <appender-ref ref="AUDIT_ROLLING" />\r
- </appender>\r
- <root level="INFO">\r
- <appender-ref ref="ASYNC_ERROR" />\r
- <appender-ref ref="ASYNC_DEBUG" />\r
- <appender-ref ref="ASYNC_AUDIT" />\r
- <appender-ref ref="ASYNC_TRANSACTION" />\r
- <if condition='property("enable-all-log").equalsIgnoreCase("true")'>\r
- <then>\r
- <appender-ref ref="ALL_ROLLING" />\r
- </then>\r
- </if>\r
- </root>\r
- <logger level="INFO" name="org.openecomp.sdc" />\r
-</configuration>\r
+++ /dev/null
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-logging-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
\ No newline at end of file
+++ /dev/null
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - name: {{ include "common.name" . }}-readiness
- command:
- - /root/ready.py
- args:
- - --container-name
- - "sdc-be"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- - name: {{ include "common.name" . }}-job-completion
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
- command:
- - /root/job_complete.py
- args:
- - --job-name
- - {{ include "common.release" . }}-sdc-be-config-backend
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- - name: {{ include "common.name" . }}-update-config
- image: "{{ .Values.global.envsubstImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - sh
- args:
- - -c
- - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done"
- env:
- - name: KEYSTORE_PASS
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-sdc-cs-secrets
- key: keystore_password
- - name: TRUSTSTORE_PASS
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-sdc-cs-secrets
- key: truststore_password
- volumeMounts:
- - name: {{ include "common.fullname" . }}-environments
- mountPath: /config-input/
- - name: sdc-environments-output
- mountPath: /config-output/
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- - containerPort: {{ .Values.service.internalPort2 }}
- {{ if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort2 }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- readinessProbe:
- httpGet:
- path: /dcae/conf/composition
- port: {{ .Values.service.internalPort2 }}
- scheme: HTTPS
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: ENVNAME
- value: {{ .Values.global.env.name }}
- - name: JAVA_OPTIONS
- value: {{ .Values.config.javaOptions }}
- - name: HOST_IP
- valueFrom:
- fieldRef:
- fieldPath: status.podIP
- volumeMounts:
- - name: sdc-environments-output
- mountPath: /var/lib/jetty/chef-solo/environments/
- - name: sdc-cert
- mountPath: /var/lib/jetty/chef-solo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.p12
- subPath: org.onap.sdc.p12
- - name: sdc-cert
- mountPath: /var/lib/jetty/chef-solo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.trust.jks
- subPath: org.onap.sdc.trust.jks
- - name: {{ include "common.fullname" . }}-localtime
- mountPath: /etc/localtime
- readOnly: true
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/lib/jetty/logs
- - name: {{ include "common.fullname" . }}-logback
- mountPath: /tmp/logback.xml
- subPath: logback.xml
- lifecycle:
- postStart:
- exec:
- command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/var/lib/jetty/config/dcae-be/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"]
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
-
- # side car containers
- - name: {{ include "common.name" . }}-filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
- volumes:
- - name: {{ include "common.fullname" . }}-localtime
- hostPath:
- path: /etc/localtime
- - name: sdc-cert
- secret:
- secretName: sdc-cert
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ include "common.release" . }}-sdc-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-logback
- configMap:
- name : {{ include "common.fullname" . }}-logging-configmap
- - name: {{ include "common.fullname" . }}-environments
- configMap:
- name: {{ include "common.release" . }}-sdc-environments-configmap
- defaultMode: 0755
- - name: sdc-environments-output
- emptyDir: { medium: "Memory" }
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: batch/v1
-kind: Job
-metadata:
- name: {{ include "common.fullname" . }}-tools
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}-job
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- backoffLimit: 20
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}-job
- release: {{ include "common.release" . }}
- spec:
- restartPolicy: Never
- initContainers:
- - name: {{ include "common.name" . }}-init-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /root/ready.py
- args:
- - --container-name
- - {{ include "common.name" . }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- containers:
- - name: {{ include "common.name" . }}-job
- image: {{ include "common.repository" . }}/{{ .Values.backendInitImage }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-environments
- mountPath: /var/lib/jetty/chef-solo/environments
- env:
- - name: ENVNAME
- value: {{ .Values.global.env.name }}
- - name: HOST_IP
- valueFrom:
- fieldRef:
- fieldPath: status.podIP
- volumes:
- - name: {{ include "common.fullname" . }}-environments
- configMap:
- name: {{ include "common.release" . }}-sdc-environments-configmap
- defaultMode: 0755
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
- restartPolicy: Never
+++ /dev/null
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "sdc-dcae-be",
- "version": "v1",
- "url": "/dcae",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort2 }}",
- "visualRange": "1"
- }
- ]'
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- - port: {{ .Values.service.internalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.portName2 }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName2 }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/dcae-be:1.3.4
-pullPolicy: Always
-backendInitImage: onap/dcae-tools:1.3.4
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-config:
- javaOptions: -XX:MaxPermSize=256m -Xmx1024m -Dconfig.home=config -Dlog.home=/var/lib/jetty/logs/ -Dlogging.config=config/dcae-be/logback-spring.xml
- cassandraSslEnabled: "false"
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 240
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: false
-
-readiness:
- initialDelaySeconds: 240
- periodSeconds: 10
-
-service:
- type: ClusterIP
- name: sdc-dcae-be
- portName: sdc-dcae-be-8082
- externalPort: 8082
- internalPort: 8082
- portName2: sdc-dcae-be-8444
- externalPort2: 8444
- internalPort2: 8444
-
-ingress:
- enabled: false
- service:
- - baseaddr: "sdc.dcae.plugin"
- name: "sdc-dcae-be"
- port: 8282
- config:
- ssl: "none"
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1
- memory: 4Gi
- requests:
- cpu: 10m
- memory: 1Gi
- large:
- limits:
- cpu: 2
- memory: 8Gi
- requests:
- cpu: 20m
- memory: 2Gi
- unlimited: {}
+++ /dev/null
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: ONAP DCAE desiner composition tool for creating customized templates
-name: sdc-dcae-dt
-version: 6.0.0
+++ /dev/null
-<?xml version="1.0" encoding="utf-8"?>\r
-<!--\r
-================================================================================\r
-Copyright (C) 2018 AT&T Intellectual Property\r
-================================================================================\r
-Licensed under the Apache License, Version 2.0 (the "License");\r
-you may not use this file except in compliance with the License.\r
-You may obtain a copy of the License at\r
-\r
- http://www.apache.org/licenses/LICENSE-2.0\r
-\r
-Unless required by applicable law or agreed to in writing, software\r
-distributed under the License is distributed on an "AS IS" BASIS,\r
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
-See the License for the specific language governing permissions and\r
-limitations under the License.\r
-================================================================================\r
--->\r
-\r
-<configuration scan="true" scanPeriod="3 seconds">\r
- <property name="logDir" value="/var/log/onap" />\r
- <property name="componentName" scope="system" value="sdc"></property>\r
- <property name="subComponentName" scope="system" value="dcae-dt"></property>\r
- <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />\r
- <property file="${config.home}/dcae-dt/configuration.yaml" />\r
- <property name="enable-all-log" scope="context" value="false" />\r
- <!-- log file names -->\r
- <property name="errorLogName" value="error" />\r
- <property name="metricsLogName" value="metrics" />\r
- <property name="auditLogName" value="audit" />\r
- <property name="debugLogName" value="debug" />\r
- <property name="transactionLogName" value="transaction" />\r
- <property name="allLogName" value="all" />\r
- <property name="queueSize" value="256" />\r
- <property name="maxFileSize" value="50MB" />\r
- <property name="maxHistory" value="30" />\r
- <property name="totalSizeCap" value="10GB" />\r
- <property name="pattern" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" />\r
- <!-- All log -->\r
- <if condition='property("enable-all-log").equalsIgnoreCase("true")'>\r
- <then>\r
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="ALL_ROLLING">\r
- <file>${logDirectory}/${allLogName}.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <fileNamePattern>${logDirectory}/${allLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>\r
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">\r
- <maxFileSize>${maxFileSize}</maxFileSize>\r
- </timeBasedFileNamingAndTriggeringPolicy>\r
- <maxHistory>${maxHistory}</maxHistory>\r
- <totalSizeCap>${totalSizeCap}</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${pattern}</pattern>\r
- </encoder>\r
- </appender>\r
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_ALL">\r
- <appender-ref ref="ALL_ROLLING" />\r
- </appender>\r
- </then>\r
- </if>\r
- <!-- Error log -->\r
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="ERROR_ROLLING">\r
- <file>${logDirectory}/${errorLogName}.log</file>\r
- <!-- Audit messages filter - deny audit messages -->\r
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">\r
- <marker>AUDIT_MARKER</marker>\r
- </evaluator>\r
- <onMismatch>NEUTRAL</onMismatch>\r
- <onMatch>DENY</onMatch>\r
- </filter>\r
- <!-- Transaction messages filter - deny Transaction messages -->\r
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">\r
- <marker>TRANSACTION_MARKER</marker>\r
- </evaluator>\r
- <onMismatch>NEUTRAL</onMismatch>\r
- <onMatch>DENY</onMatch>\r
- </filter>\r
- <!-- deny all events with a level below INFO, that is TRACE and DEBUG -->\r
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">\r
- <level>INFO</level>\r
- </filter>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <fileNamePattern>${logDirectory}/${errorLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>\r
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">\r
- <maxFileSize>${maxFileSize}</maxFileSize>\r
- </timeBasedFileNamingAndTriggeringPolicy>\r
- <maxHistory>${maxHistory}</maxHistory>\r
- <totalSizeCap>${totalSizeCap}</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${pattern}</pattern>\r
- </encoder>\r
- </appender>\r
- <!-- Debug log -->\r
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="DEBUG_ROLLING">\r
- <file>${logDirectory}/${debugLogName}.log</file>\r
- <!-- No need to deny audit messages - they are INFO only, will be denied\r
- anyway -->\r
- <!-- Transaction messages filter - deny Transaction messages, there are\r
- some DEBUG level messages among them -->\r
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">\r
- <marker>TRANSACTION_MARKER</marker>\r
- </evaluator>\r
- <onMismatch>NEUTRAL</onMismatch>\r
- <onMatch>DENY</onMatch>\r
- </filter>\r
- <!-- accept DEBUG and TRACE level -->\r
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
- <evaluator class="ch.qos.logback.classic.boolex.GEventEvaluator">\r
- <expression>e.level.toInt() <= DEBUG.toInt()</expression>\r
- </evaluator>\r
- <OnMismatch>DENY</OnMismatch>\r
- <OnMatch>NEUTRAL</OnMatch>\r
- </filter>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>\r
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">\r
- <maxFileSize>${maxFileSize}</maxFileSize>\r
- </timeBasedFileNamingAndTriggeringPolicy>\r
- <maxHistory>${maxHistory}</maxHistory>\r
- <totalSizeCap>${totalSizeCap}</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${pattern}</pattern>\r
- </encoder>\r
- </appender>\r
- <!-- Audit log -->\r
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="AUDIT_ROLLING">\r
- <file>${logDirectory}/${auditLogName}.log</file>\r
- <!-- Audit messages filter - accept audit messages -->\r
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">\r
- <marker>AUDIT_MARKER</marker>\r
- </evaluator>\r
- <onMismatch>DENY</onMismatch>\r
- <onMatch>ACCEPT</onMatch>\r
- </filter>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>\r
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">\r
- <maxFileSize>${maxFileSize}</maxFileSize>\r
- </timeBasedFileNamingAndTriggeringPolicy>\r
- <maxHistory>${maxHistory}</maxHistory>\r
- <totalSizeCap>${totalSizeCap}</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${pattern}</pattern>\r
- </encoder>\r
- </appender>\r
- <!-- SdncTransaction log -->\r
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="TRANSACTION_ROLLING">\r
- <file>${logDirectory}/${transactionLogName}.log</file>\r
- <!-- Transaction messages filter - accept audit messages -->\r
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">\r
- <marker>TRANSACTION_MARKER</marker>\r
- </evaluator>\r
- <onMismatch>DENY</onMismatch>\r
- <onMatch>ACCEPT</onMatch>\r
- </filter>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <fileNamePattern>${logDirectory}/${transactionLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>\r
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">\r
- <maxFileSize>${maxFileSize}</maxFileSize>\r
- </timeBasedFileNamingAndTriggeringPolicy>\r
- <maxHistory>${maxHistory}</maxHistory>\r
- <totalSizeCap>${totalSizeCap}</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${pattern}</pattern>\r
- </encoder>\r
- </appender>\r
- <!-- Asynchronicity Configurations -->\r
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_DEBUG">\r
- <queueSize>${queueSize}</queueSize>\r
- <appender-ref ref="DEBUG_ROLLING" />\r
- </appender>\r
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_TRANSACTION">\r
- <queueSize>${queueSize}</queueSize>\r
- <appender-ref ref="TRANSACTION_ROLLING" />\r
- </appender>\r
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_ERROR">\r
- <queueSize>${queueSize}</queueSize>\r
- <appender-ref ref="ERROR_ROLLING" />\r
- </appender>\r
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_AUDIT">\r
- <queueSize>${queueSize}</queueSize>\r
- <appender-ref ref="AUDIT_ROLLING" />\r
- </appender>\r
- <root level="INFO">\r
- <appender-ref ref="ASYNC_ERROR" />\r
- <appender-ref ref="ASYNC_DEBUG" />\r
- <appender-ref ref="ASYNC_AUDIT" />\r
- <appender-ref ref="ASYNC_TRANSACTION" />\r
- <if condition='property("enable-all-log").equalsIgnoreCase("true")'>\r
- <then>\r
- <appender-ref ref="ALL_ROLLING" />\r
- </then>\r
- </if>\r
- </root>\r
- <logger level="INFO" name="org.openecomp.sdc" />\r
-</configuration>\r
+++ /dev/null
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.fullname" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-logging-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - name: {{ include "common.name" . }}-readiness
- command:
- - /root/ready.py
- args:
- - --container-name
- - sdc-dcae-be
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- - name: {{ include "common.name" . }}-job-completion
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
- command:
- - /root/job_complete.py
- args:
- - --job-name
- - {{ include "common.release" . }}-sdc-dcae-be-tools
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- - name: {{ include "common.name" . }}-update-config
- image: "{{ .Values.global.envsubstImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - sh
- args:
- - -c
- - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done"
- env:
- - name: KEYSTORE_PASS
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-sdc-cs-secrets
- key: keystore_password
- - name: TRUSTSTORE_PASS
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-sdc-cs-secrets
- key: truststore_password
- volumeMounts:
- - name: {{ include "common.fullname" . }}-environments
- mountPath: /config-input/
- - name: sdc-environments-output
- mountPath: /config-output/
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- {{ if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- readinessProbe:
- httpGet:
- path: /dcae/healthCheckOld
- port: {{ .Values.service.internalPort }}
- scheme: HTTPS
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: ENVNAME
- value: {{ .Values.global.env.name }}
- - name: JAVA_OPTIONS
- value: {{ .Values.config.javaOptions }}
- - name: HOST_IP
- valueFrom:
- fieldRef:
- fieldPath: status.podIP
- volumeMounts:
- - name: sdc-environments-output
- mountPath: /var/lib/jetty/chef-solo/environments/
- - name: sdc-cert
- mountPath: /var/lib/jetty/chef-solo/cookbooks/dcae-dt/files/default/org.onap.sdc.p12
- subPath: org.onap.sdc.p12
- - name: sdc-cert
- mountPath: /var/lib/jetty/chef-solo/cookbooks/dcae-dt/files/default/org.onap.sdc.trust.jks
- subPath: org.onap.sdc.trust.jks
- - name: {{ include "common.fullname" . }}-localtime
- mountPath: /etc/localtime
- readOnly: true
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/lib/jetty/logs
- - name: {{ include "common.fullname" . }}-logback
- mountPath: /tmp/logback.xml
- subPath: logback.xml
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
-
- # side car containers
- - name: {{ include "common.name" . }}-filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
- volumes:
- - name: {{ include "common.fullname" . }}-localtime
- hostPath:
- path: /etc/localtime
- - name: sdc-cert
- secret:
- secretName: sdc-cert
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ include "common.release" . }}-sdc-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-logback
- configMap:
- name : {{ include "common.fullname" . }}-logging-configmap
- - name: {{ include "common.fullname" . }}-environments
- configMap:
- name: {{ include "common.release" . }}-sdc-environments-configmap
- defaultMode: 0755
- - name: sdc-environments-output
- emptyDir: { medium: "Memory" }
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "sdc-dcae-dt",
- "version": "v1",
- "url": "/dcae",
- "protocol": "UI",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange": "0|1"
- }
- ]'
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/dcae-dt:1.3.4
-pullPolicy: IfNotPresent
-config:
- javaOptions: -XX:MaxPermSize=256m -Xmx1024m -Dconfig.home=config -Dlog.home=/var/lib/jetty/logs/ -Dlogging.config=config/dcae-dt/logback-spring.xml
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- enabled: false
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-service:
- type: NodePort
- name: sdc-dcae-dt
- portName: dcae-dt
- nodePort: "66"
- internalPort: 9446
-
-ingress:
- enabled: false
- service:
- - baseaddr: "dcaedt"
- name: "sdc-dcae-dt"
- port: 9446
- config:
- ssl: "redirect"
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1
- memory: 4Gi
- requests:
- cpu: 10m
- memory: 1Gi
- large:
- limits:
- cpu: 2
- memory: 8Gi
- requests:
- cpu: 20m
- memory: 2Gi
- unlimited: {}
+++ /dev/null
-# Copyright © 2013 Amdocs, AT&T,Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: ONAP SDC DCAE UI for service monitoring and MC create and configure
-name: sdc-dcae-fe
-version: 6.0.0
+++ /dev/null
-<?xml version="1.0" encoding="utf-8"?>\r
-<!--\r
-================================================================================\r
-Copyright (C) 2018 AT&T Intellectual Property\r
-================================================================================\r
-Licensed under the Apache License, Version 2.0 (the "License");\r
-you may not use this file except in compliance with the License.\r
-You may obtain a copy of the License at\r
-\r
- http://www.apache.org/licenses/LICENSE-2.0\r
-\r
-Unless required by applicable law or agreed to in writing, software\r
-distributed under the License is distributed on an "AS IS" BASIS,\r
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
-See the License for the specific language governing permissions and\r
-limitations under the License.\r
-================================================================================\r
--->\r
-<configuration scan="true" scanPeriod="3 seconds">\r
- <property name="logDir" value="/var/log/onap" />\r
- <property name="componentName" scope="system" value="sdc"></property>\r
- <property name="subComponentName" scope="system" value="dcae-fe"></property>\r
- <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />\r
- <property file="${config.home}/dcae-fe/configuration.yaml" />\r
- <property name="enable-all-log" scope="context" value="false" />\r
- <!-- log file names -->\r
- <property name="errorLogName" value="error" />\r
- <property name="metricsLogName" value="metrics" />\r
- <property name="auditLogName" value="audit" />\r
- <property name="debugLogName" value="debug" />\r
- <property name="transactionLogName" value="transaction" />\r
- <property name="allLogName" value="all" />\r
- <property name="queueSize" value="256" />\r
- <property name="maxFileSize" value="50MB" />\r
- <property name="maxHistory" value="30" />\r
- <property name="totalSizeCap" value="10GB" />\r
- <property name="pattern" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" />\r
- <!-- All log -->\r
- <if condition='property("enable-all-log").equalsIgnoreCase("true")'>\r
- <then>\r
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="ALL_ROLLING">\r
- <file>${logDirectory}/${allLogName}.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <fileNamePattern>${logDirectory}/${allLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>\r
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">\r
- <maxFileSize>${maxFileSize}</maxFileSize>\r
- </timeBasedFileNamingAndTriggeringPolicy>\r
- <maxHistory>${maxHistory}</maxHistory>\r
- <totalSizeCap>${totalSizeCap}</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${pattern}</pattern>\r
- </encoder>\r
- </appender>\r
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_ALL">\r
- <appender-ref ref="ALL_ROLLING" />\r
- </appender>\r
- </then>\r
- </if>\r
- <!-- Error log -->\r
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="ERROR_ROLLING">\r
- <file>${logDirectory}/${errorLogName}.log</file>\r
- <!-- Audit messages filter - deny audit messages -->\r
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">\r
- <marker>AUDIT_MARKER</marker>\r
- </evaluator>\r
- <onMismatch>NEUTRAL</onMismatch>\r
- <onMatch>DENY</onMatch>\r
- </filter>\r
- <!-- Transaction messages filter - deny Transaction messages -->\r
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">\r
- <marker>TRANSACTION_MARKER</marker>\r
- </evaluator>\r
- <onMismatch>NEUTRAL</onMismatch>\r
- <onMatch>DENY</onMatch>\r
- </filter>\r
- <!-- deny all events with a level below INFO, that is TRACE and DEBUG -->\r
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">\r
- <level>INFO</level>\r
- </filter>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <fileNamePattern>${logDirectory}/${errorLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>\r
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">\r
- <maxFileSize>${maxFileSize}</maxFileSize>\r
- </timeBasedFileNamingAndTriggeringPolicy>\r
- <maxHistory>${maxHistory}</maxHistory>\r
- <totalSizeCap>${totalSizeCap}</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${pattern}</pattern>\r
- </encoder>\r
- </appender>\r
- <!-- Debug log -->\r
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="DEBUG_ROLLING">\r
- <file>${logDirectory}/${debugLogName}.log</file>\r
- <!-- No need to deny audit messages - they are INFO only, will be denied\r
- anyway -->\r
- <!-- Transaction messages filter - deny Transaction messages, there are\r
- some DEBUG level messages among them -->\r
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">\r
- <marker>TRANSACTION_MARKER</marker>\r
- </evaluator>\r
- <onMismatch>NEUTRAL</onMismatch>\r
- <onMatch>DENY</onMatch>\r
- </filter>\r
- <!-- accept DEBUG and TRACE level -->\r
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
- <evaluator class="ch.qos.logback.classic.boolex.GEventEvaluator">\r
- <expression>e.level.toInt() <= DEBUG.toInt()</expression>\r
- </evaluator>\r
- <OnMismatch>DENY</OnMismatch>\r
- <OnMatch>NEUTRAL</OnMatch>\r
- </filter>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>\r
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">\r
- <maxFileSize>${maxFileSize}</maxFileSize>\r
- </timeBasedFileNamingAndTriggeringPolicy>\r
- <maxHistory>${maxHistory}</maxHistory>\r
- <totalSizeCap>${totalSizeCap}</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${pattern}</pattern>\r
- </encoder>\r
- </appender>\r
- <!-- Audit log -->\r
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="AUDIT_ROLLING">\r
- <file>${logDirectory}/${auditLogName}.log</file>\r
- <!-- Audit messages filter - accept audit messages -->\r
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">\r
- <marker>AUDIT_MARKER</marker>\r
- </evaluator>\r
- <onMismatch>DENY</onMismatch>\r
- <onMatch>ACCEPT</onMatch>\r
- </filter>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>\r
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">\r
- <maxFileSize>${maxFileSize}</maxFileSize>\r
- </timeBasedFileNamingAndTriggeringPolicy>\r
- <maxHistory>${maxHistory}</maxHistory>\r
- <totalSizeCap>${totalSizeCap}</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${pattern}</pattern>\r
- </encoder>\r
- </appender>\r
- <!-- SdncTransaction log -->\r
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="TRANSACTION_ROLLING">\r
- <file>${logDirectory}/${transactionLogName}.log</file>\r
- <!-- Transaction messages filter - accept audit messages -->\r
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">\r
- <marker>TRANSACTION_MARKER</marker>\r
- </evaluator>\r
- <onMismatch>DENY</onMismatch>\r
- <onMatch>ACCEPT</onMatch>\r
- </filter>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <fileNamePattern>${logDirectory}/${transactionLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>\r
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">\r
- <maxFileSize>${maxFileSize}</maxFileSize>\r
- </timeBasedFileNamingAndTriggeringPolicy>\r
- <maxHistory>${maxHistory}</maxHistory>\r
- <totalSizeCap>${totalSizeCap}</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${pattern}</pattern>\r
- </encoder>\r
- </appender>\r
- <!-- Asynchronicity Configurations -->\r
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_DEBUG">\r
- <queueSize>${queueSize}</queueSize>\r
- <appender-ref ref="DEBUG_ROLLING" />\r
- </appender>\r
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_TRANSACTION">\r
- <queueSize>${queueSize}</queueSize>\r
- <appender-ref ref="TRANSACTION_ROLLING" />\r
- </appender>\r
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_ERROR">\r
- <queueSize>${queueSize}</queueSize>\r
- <appender-ref ref="ERROR_ROLLING" />\r
- </appender>\r
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_AUDIT">\r
- <queueSize>${queueSize}</queueSize>\r
- <appender-ref ref="AUDIT_ROLLING" />\r
- </appender>\r
- <root level="INFO">\r
- <appender-ref ref="ASYNC_ERROR" />\r
- <appender-ref ref="ASYNC_DEBUG" />\r
- <appender-ref ref="ASYNC_AUDIT" />\r
- <appender-ref ref="ASYNC_TRANSACTION" />\r
- <if condition='property("enable-all-log").equalsIgnoreCase("true")'>\r
- <then>\r
- <appender-ref ref="ALL_ROLLING" />\r
- </then>\r
- </if>\r
- </root>\r
- <logger level="INFO" name="org.openecomp.sdc" />\r
-</configuration>\r
+++ /dev/null
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.fullname" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-logging-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
+++ /dev/null
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - name: {{ include "common.name" . }}-readiness
- command:
- - /root/ready.py
- args:
- - --container-name
- - sdc-dcae-be
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- - name: {{ include "common.name" . }}-job-completion
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
- command:
- - /root/job_complete.py
- args:
- - --job-name
- - {{ include "common.release" . }}-sdc-dcae-be-tools
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- - name: {{ include "common.name" . }}-update-config
- image: "{{ .Values.global.envsubstImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - sh
- args:
- - -c
- - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done"
- env:
- - name: KEYSTORE_PASS
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-sdc-cs-secrets
- key: keystore_password
- - name: TRUSTSTORE_PASS
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-sdc-cs-secrets
- key: truststore_password
- volumeMounts:
- - name: {{ include "common.fullname" . }}-environments
- mountPath: /config-input/
- - name: sdc-environments-output
- mountPath: /config-output/
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- {{ if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- readinessProbe:
- httpGet:
- path: /dcaed/healthCheck
- port: {{ .Values.service.internalPort }}
- scheme: HTTPS
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: ENVNAME
- value: {{ .Values.global.env.name }}
- - name: JAVA_OPTIONS
- value: {{ .Values.config.javaOptions }}
- - name: HOST_IP
- valueFrom:
- fieldRef:
- fieldPath: status.podIP
- volumeMounts:
- - name: sdc-environments-output
- mountPath: /var/lib/jetty/chef-solo/environments/
- - name: sdc-cert
- mountPath: /var/lib/jetty/chef-solo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.p12
- subPath: org.onap.sdc.p12
- - name: sdc-cert
- mountPath: /var/lib/jetty/chef-solo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.trust.jks
- subPath: org.onap.sdc.trust.jks
- - name: {{ include "common.fullname" . }}-localtime
- mountPath: /etc/localtime
- readOnly: true
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/lib/jetty/logs
- - name: {{ include "common.fullname" . }}-logback
- mountPath: /tmp/logback.xml
- subPath: logback.xml
- lifecycle:
- postStart:
- exec:
- command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/var/lib/jetty/config/dcae-fe/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"]
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
-
- # side car containers
- - name: {{ include "common.name" . }}-filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
- volumes:
- - name: {{ include "common.fullname" . }}-localtime
- hostPath:
- path: /etc/localtime
- - name: sdc-cert
- secret:
- secretName: sdc-cert
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ include "common.release" . }}-sdc-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-logback
- configMap:
- name : {{ include "common.fullname" . }}-logging-configmap
- - name: {{ include "common.fullname" . }}-environments
- configMap:
- name: {{ include "common.release" . }}-sdc-environments-configmap
- defaultMode: 0755
- - name: sdc-environments-output
- emptyDir: { medium: "Memory" }
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "dcae-gui",
- "version": "v1",
- "url": "/dcae",
- "protocol": "UI",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange": "0|1"
- }
- ]'
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/dcae-fe:1.3.4
-pullPolicy: Always
-config:
- javaOptions: -XX:MaxPermSize=256m -Xmx1024m -Dconfig.home=config -Dlog.home=/var/lib/jetty/logs/ -Dlogging.config=config/dcae-fe/logback-spring.xml
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: false
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-service:
- #Example service definition with external, internal and node ports.
- #Services may use any combination of ports depending on the 'type' of
- #service being defined.
- type: NodePort
- name: sdc-dcae-fe
- portName: dcae-fe
- nodePort: "64"
- internalPort: 9444
-
-ingress:
- enabled: false
- service:
- - baseaddr: "dcaedt"
- name: "sdc-dcae-fe"
- port: 9444
- config:
- ssl: "redirect"
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1
- memory: 4Gi
- requests:
- cpu: 10m
- memory: 1Gi
- large:
- limits:
- cpu: 2
- memory: 8Gi
- requests:
- cpu: 20m
- memory: 2Gi
- unlimited: {}
+++ /dev/null
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: ONAP Tosca model for component monitoring and descriptors deployment
-name: sdc-dcae-tosca-lab
-version: 6.0.0
+++ /dev/null
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-# Copyright © 2017 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - name: {{ include "common.name" . }}-readiness
- command:
- - /root/ready.py
- args:
- - --container-name
- - "sdc-dcae-be"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- - containerPort: {{ .Values.service.internalPort2 }}
- {{ if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort2 }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- readinessProbe:
- httpGet:
- path: /healthcheck
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: ENVNAME
- value: {{ .Values.global.env.name }}
- - name: JAVA_OPTIONS
- value: {{ .Values.config.javaOptions }}
- - name: HOST_IP
- valueFrom:
- fieldRef:
- fieldPath: status.podIP
- volumeMounts:
- - name: {{ include "common.fullname" . }}-environments
- mountPath: /var/lib/jetty/chef-solo/environments/
- - name: {{ include "common.fullname" . }}-localtime
- mountPath: /etc/localtime
- readOnly: true
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- # side car containers
- - name: {{ include "common.name" . }}-filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
- volumes:
- - name: {{ include "common.fullname" . }}-localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ include "common.release" . }}-sdc-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-environments
- configMap:
- name: {{ include "common.release" . }}-sdc-environments-configmap
- defaultMode: 0755
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "dcae-be",
- "version": "v1",
- "url": "/dcae",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort2 }}",
- "visualRange": "1"
- }
- ]'
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- - port: {{ .Values.service.internalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.portName2 }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName2 }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-pluginsList:
- - pluginId: DCAED
- pluginDiscoveryUrl: "{{ .Values.config.plugins.dcae_discovery_url }}"
- pluginSourceUrl: "{{ .Values.config.plugins.dcae_source_url }}"
- pluginStateUrl: "dcaed"
- pluginDisplayOptions:
- context:
- displayName: "Monitoring"
- displayContext: ["SERVICE"]
- displayRoles: ["DESIGNER"]
- - pluginId: DCAE-DS
- pluginDiscoveryUrl: "{{ .Values.config.plugins.dcae_dt_discovery_url }}"
- pluginSourceUrl: "{{ .Values.config.plugins.dcae_dt_source_url }}"
- pluginStateUrl: "dcae-ds"
- pluginDisplayOptions:
- tab:
- displayName: "DCAE-DS"
- displayRoles: ["DESIGNER"]
- - pluginId: WORKFLOW
- pluginDiscoveryUrl: "{{ .Values.config.plugins.workflow_discovery_url }}"
- pluginSourceUrl: "{{ .Values.config.plugins.workflow_source_url }}"
- pluginStateUrl: "workflowDesigner"
- pluginDisplayOptions:
- tab:
- displayName: "WORKFLOW"
- displayRoles: ["DESIGNER", "TESTER"]
-
-connectionTimeout: 1000
\ No newline at end of file
+++ /dev/null
-# Patterns to ignore when building packages.\r
-# This supports shell glob matching, relative path matching, and\r
-# negation (prefixed with !). Only one pattern per line.\r
-.DS_Store\r
-# Common VCS dirs\r
-.git/\r
-.gitignore\r
-.bzr/\r
-.bzrignore\r
-.hg/\r
-.hgignore\r
-.svn/\r
-# Common backup files\r
-*.swp\r
-*.bak\r
-*.tmp\r
-*~\r
-# Various IDEs\r
-.project\r
-.idea/\r
-*.tmproj\r
+++ /dev/null
-{{/*
-# ================================================================================
-# Copyright (C) 2019, Nordix Foundation. All rights reserved.
-# ================================================================================
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-{{- if and .Values.persistence.enabled (not .Values.cert.persistence.existingClaim) -}}
-{{- if eq "True" (include "common.needPV" .) -}}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- name: {{ include "common.fullname" . }}
-spec:
- capacity:
- storage: {{ .Values.cert.persistence.size}}
- accessModes:
- - {{ .Values.cert.persistence.accessMode }}
- persistentVolumeReclaimPolicy: {{ .Values.cert.persistence.volumeReclaimPolicy }}
- storageClassName: "{{ include "common.fullname" . }}-data"
- hostPath:
- path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.cert.persistence.mountSubPath }}
-{{- end -}}
-{{- end -}}
+++ /dev/null
-{{/*
-# ================================================================================
-# Copyright (C) 2019, Nordix Foundation. All rights reserved.
-# ================================================================================
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-{{- if and .Values.cert.persistence.enabled (not .Values.cert.persistence.existingClaim) -}}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}-cert
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
-{{- if .Values.cert.persistence.annotations }}
- annotations:
-{{ toYaml .Values.cert.persistence.annotations | indent 4 }}
-{{- end }}
-spec:
- accessModes:
- - {{ .Values.cert.persistence.accessMode }}
- storageClassName: {{ include "common.storageClass" . }}
- resources:
- requests:
- storage: {{ .Values.cert.persistence.size }}
-{{- end -}}
+++ /dev/null
-{{ include "common.ingress" . }}
+++ /dev/null
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
+++ /dev/null
-{{ include "common.ingress" . }}
--- /dev/null
+# Copyright © 2020 Samsung Electronics, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES :=
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell helm version --template "{{.Version}}")
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+else
+ @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+endif
+ @helm repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modifications Copyright © 2020 AT&T. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
\ No newline at end of file
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- initContainers:
+ initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
- name: {{ include "common.name" . }}-readiness
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- "sdc-onboarding-be"
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-job-completion
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- --job-name
- {{ include "common.release" . }}-sdc-onboarding-be-cassandra-init
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ {{- if .Values.global.aafEnabled }}
- name: {{ include "common.name" . }}-update-config
image: "{{ .Values.global.envsubstImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- sh
args:
- - -c
- - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done"
- env:
- - name: KEYSTORE_PASS
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-sdc-cs-secrets
- key: keystore_password
- - name: TRUSTSTORE_PASS
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-sdc-cs-secrets
- key: truststore_password
- volumeMounts:
+ - "-c"
+ - |
+ export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ export KEYSTORE_PASS=$cadi_keystore_password_p12
+ export KEYMANAGER_PASS=$cadi_keystore_password_p12
+ export TRUSTSTORE_PASS=$cadi_truststore_password
+ cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} /config-output
+ cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} /config-output
+ cd /config-input && \
+ for PFILE in `find . -not -type d | grep -v -F ..`
+ do
+ envsubst <${PFILE} >/config-output/${PFILE}
+ chmod 0755 /config-output/${PFILE}
+ done
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- name: {{ include "common.fullname" . }}-environments
mountPath: /config-input/
- name: sdc-environments-output
mountPath: /config-output/
+ {{- end }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- if .Values.global.aafEnabled }}
+ command:
+ - sh
+ args:
+ - "-c"
+ - |
+ sed -i '/trustStorePassword/d' ${JETTY_BASE}/startup.sh
+ ${JETTY_BASE}/startup.sh
+ {{- end }}
ports: {{ include "common.containerPorts" . | nindent 10 }}
{{ if eq .Values.liveness.enabled true }}
livenessProbe:
resources: {{ include "common.resources" . | nindent 12 }}
env:
- name: ENVNAME
- value: {{ .Values.global.env.name }}
+ value: {{ .Values.env.name }}
- name: JAVA_OPTIONS
value: {{ .Values.config.javaOptions }}
- name: cassandra_ssl_enabled
volumeMounts:
- name: sdc-environments-output
mountPath: /var/lib/jetty/chef-solo/environments/
- - name: sdc-cert
+ - name: sdc-environments-output
mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.p12
subPath: org.onap.sdc.p12
- - name: sdc-cert
+ - name: sdc-environments-output
mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.trust.jks
subPath: org.onap.sdc.trust.jks
- name: {{ include "common.fullname" . }}-localtime
mountPath: /var/log/onap
- name: {{ include "common.fullname" . }}-data-filebeat
mountPath: /usr/share/filebeat/data
- volumes:
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: {{ include "common.fullname" . }}-localtime
hostPath:
path: /etc/localtime
- - name: sdc-cert
- secret:
- secretName: sdc-cert
- name: {{ include "common.fullname" . }}-filebeat-conf
configMap:
name: {{ include "common.release" . }}-sdc-filebeat-configmap
restartPolicy: Never
initContainers:
- name: {{ include "common.name" . }}-init-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- sdc-be
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
- mountPath: /home/sdc/chef-solo/environments/
+ mountPath: /home/onap/chef-solo/environments/
- name: sdc-logs
mountPath: /var/lib/jetty/logs
env:
- name: ENVNAME
- value: {{ .Values.global.env.name }}
+ value: {{ .Values.env.name }}
- name: HOST_IP
valueFrom:
fieldRef:
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ aafEnabled: true
+ cassandra:
+ #This flag allows SDC to instantiate its own cluster, serviceName
+ #should be sdc-cs if this flag is enabled
+ localCluster: false
+ #The cassandra service name to connect to (default: shared cassandra service)
+ serviceName: cassandra
+ #Shared cassandra cluster replicaCount, should be changed if localCluster is enabled
+ #to match with its own cluster replica
+ replicaCount: 3
+ clusterName: cassandra
+ dataCenter: Pod
#################################################################
# Application configuration defaults.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-backend:1.6.7
-backendInitImage: onap/sdc-backend-init:1.6.7
+image: onap/sdc-backend-all-plugins:1.7.1
+backendInitImage: onap/sdc-backend-init:1.7.1
pullPolicy: Always
# flag to enable debugging - application support required
debugEnabled: false
+#environment file
+env:
+ name: AUTO
+
+certInitializer:
+ nameOverride: sdc-be-cert-init
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: sdc
+ fqi: sdc@sdc.onap.org
+ public_fqdn: sdc.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ addconfig: true
+ keystoreFile: "org.onap.sdc.p12"
+ truststoreFile: "org.onap.sdc.trust.jks"
+ permission_user: 352070
+ permission_group: 35953
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh local showpass
+ {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
+
+#################################################################
+# SDC Config part
+#################################################################
config:
javaOptions: "-Xmx1536m -Xms1536m"
cassandraSslEnabled: "false"
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modifications Copyright © 2020 AT&T. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
\ No newline at end of file
restartPolicy: Never
initContainers:
- name: {{ include "common.name" . }}-init-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
{{- if .Values.global.cassandra.localCluster }}
mountPath: /home/sdc/chef-solo/cache
env:
- name: ENVNAME
- value: {{ .Values.global.env.name }}
+ value: {{ .Values.env.name }}
- name: RELEASE
value: {{ .Values.config.release }}
- name: SDC_USER
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ cassandra:
+ #This flag allows SDC to instantiate its own cluster, serviceName
+ #should be sdc-cs if this flag is enabled
+ localCluster: false
+ #The cassandra service name to connect to (default: shared cassandra service)
+ serviceName: cassandra
+ #Shared cassandra cluster replicaCount, should be changed if localCluster is enabled
+ #to match with its own cluster replica
+ replicaCount: 3
+ clusterName: cassandra
+ dataCenter: Pod
#################################################################
# Application configuration defaults.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-cassandra:1.6.7
-cassandraInitImage: onap/sdc-cassandra-init:1.6.7
+image: onap/sdc-cassandra:1.7.1
+cassandraInitImage: onap/sdc-cassandra-init:1.7.1
pullPolicy: Always
maxHeapSize: "1536M"
heapNewSize: "512M"
+#environment file
+env:
+ name: AUTO
+
# default number of instances
replicaCount: 1
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modifications Copyright © 2020 AT&T. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
\ No newline at end of file
--- /dev/null
+pluginsList:
+ - pluginId: WORKFLOW
+ pluginDiscoveryUrl: "{{ .Values.config.plugins.workflow_discovery_url }}"
+ pluginSourceUrl: "{{ .Values.config.plugins.workflow_source_url }}"
+ pluginStateUrl: "workflowDesigner"
+ pluginDisplayOptions:
+ tab:
+ displayName: "WORKFLOW"
+ displayRoles: ["DESIGNER", "TESTER"]
+
+connectionTimeout: 1000
\ No newline at end of file
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers:
+ initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
- name: {{ include "common.name" . }}-job-completion
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- --job-name
- {{ include "common.release" . }}-sdc-be-config-backend
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ {{- if .Values.global.aafEnabled }}
- name: {{ include "common.name" . }}-update-config
image: "{{ .Values.global.envsubstImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - sh
+ - sh
args:
- - -c
- - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done"
- env:
- - name: KEYSTORE_PASS
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-sdc-cs-secrets
- key: keystore_password
- - name: TRUSTSTORE_PASS
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-sdc-cs-secrets
- key: truststore_password
- volumeMounts:
+ - "-c"
+ - |
+ export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ export KEYSTORE_PASS=$cadi_keystore_password_p12
+ export KEYMANAGER_PASS=$cadi_keystore_password_p12
+ export TRUSTSTORE_PASS=$cadi_truststore_password
+ cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} /config-output
+ cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} /config-output
+ cd /config-input && \
+ for PFILE in `find . -not -type d | grep -v -F ..`
+ do
+ envsubst <${PFILE} >/config-output/${PFILE}
+ chmod 0755 /config-output/${PFILE}
+ done
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- name: {{ include "common.fullname" . }}-environments
mountPath: /config-input/
- name: sdc-environments-output
mountPath: /config-output/
+ {{- end }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- if .Values.global.aafEnabled }}
+ command:
+ - sh
+ args:
+ - "-c"
+ - |
+ sed -i '/trustStorePassword/d' ${JETTY_BASE}/startup.sh
+ ${JETTY_BASE}/startup.sh
+ {{- end }}
ports:
- containerPort: {{ .Values.service.internalPort }}
- containerPort: {{ .Values.service.internalPort2 }}
{{ include "common.resources" . | indent 12 }}
env:
- name: ENVNAME
- value: {{ .Values.global.env.name }}
+ value: {{ .Values.env.name }}
- name: HOST_IP
valueFrom:
fieldRef:
volumeMounts:
- name: sdc-environments-output
mountPath: /var/lib/jetty/chef-solo/environments/
- - name: sdc-cert
+ - name: sdc-environments-output
mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.p12
subPath: org.onap.sdc.p12
- - name: sdc-cert
+ - name: sdc-environments-output
mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.trust.jks
subPath: org.onap.sdc.trust.jks
- name: {{ include "common.fullname" . }}-localtime
mountPath: /var/log/onap
- name: {{ include "common.fullname" . }}-data-filebeat
mountPath: /usr/share/filebeat/data
- volumes:
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: {{ include "common.fullname" . }}-localtime
hostPath:
path: /etc/localtime
- - name: sdc-cert
- secret:
- secretName: sdc-cert
- name: {{ include "common.fullname" . }}-filebeat-conf
configMap:
name: {{ include "common.release" . }}-sdc-filebeat-configmap
spec:
type: {{ .Values.service.type }}
ports:
- {{ if not .Values.global.security.disableHttp }}
+ {{ if not .Values.security.disableHttp }}
# setting http port only if enabled
{{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.internalPort }}
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ aafEnabled: true
+
+#################################################################
+# AAF Part
+#################################################################
+certInitializer:
+ nameOverride: sdc-fe-cert-init
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: sdc
+ fqi: sdc@sdc.onap.org
+ public_fqdn: sdc.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ addconfig: true
+ keystoreFile: "org.onap.sdc.p12"
+ truststoreFile: "org.onap.sdc.trust.jks"
+ permission_user: 352070
+ permission_group: 35953
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh local showpass
+ {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
#################################################################
# Application configuration defaults.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-frontend:1.6.7
+image: onap/sdc-frontend:1.7.1
pullPolicy: Always
config:
workflow_discovery_url: "https://sdc-wfd-fe:8443/workflows"
workflow_source_url: "https://sdc.workflow.plugin.simpledemo.onap.org:30256/workflows/"
+#environment file
+env:
+ name: AUTO
+
+security:
+ disableHttp: true
+
# default number of instances
replicaCount: 1
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modifications Copyright © 2020 AT&T. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers:
+ initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
- name: {{ include "common.name" . }}-job-completion
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- --job-name
- {{ include "common.release" . }}-sdc-onboarding-be-cassandra-init
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ {{- if .Values.global.aafEnabled }}
- name: {{ include "common.name" . }}-update-config
image: "{{ .Values.global.envsubstImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - sh
+ - sh
args:
- - -c
- - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done"
- env:
- - name: KEYSTORE_PASS
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-sdc-cs-secrets
- key: keystore_password
- - name: TRUSTSTORE_PASS
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-sdc-cs-secrets
- key: truststore_password
- volumeMounts:
+ - "-c"
+ - |
+ export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ export KEYSTORE_PASS=$cadi_keystore_password_p12
+ export KEYMANAGER_PASS=$cadi_keystore_password_p12
+ export TRUSTSTORE_PASS=$cadi_truststore_password
+ cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} /config-output
+ cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} /config-output
+ cd /config-input && \
+ for PFILE in `find . -not -type d | grep -v -F ..`
+ do
+ envsubst <${PFILE} >/config-output/${PFILE}
+ chmod 0755 /config-output/${PFILE}
+ done
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- name: {{ include "common.fullname" . }}-environments
mountPath: /config-input/
- name: sdc-environments-output
mountPath: /config-output/
- - name: volume-permissions
- image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /bin/sh
- - -c
- - |
- chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} //onboard/cert
- securityContext:
- runAsUser: 0
- volumeMounts:
- - name: {{ include "common.fullname" . }}-cert-storage
- mountPath: "/onboard/cert"
+ {{- end }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
{{ include "common.resources" . | indent 12 }}
env:
- name: ENVNAME
- value: {{ .Values.global.env.name }}
+ value: {{ .Values.env.name }}
- name: JAVA_OPTIONS
value: {{ .Values.config.javaOptions }}
- name: SDC_CLUSTER_NAME
- value: "SDC-CS-{{ .Values.global.env.name }}"
+ value: "SDC-CS-{{ .Values.env.name }}"
- name: cassandra_ssl_enabled
value: {{ .Values.config.cassandraSslEnabled | quote }}
- name: HOST_IP
volumeMounts:
- name: sdc-environments-output
mountPath: /var/lib/jetty/chef-solo/environments/
- - name: sdc-cert
+ - name: sdc-environments-output
mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.p12
subPath: org.onap.sdc.p12
- - name: sdc-cert
+ - name: sdc-environments-output
mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.trust.jks
subPath: org.onap.sdc.trust.jks
- name: {{ include "common.fullname" . }}-localtime
- name: {{ include "common.fullname" . }}-logback
mountPath: /tmp/logback.xml
subPath: logback.xml
- - name: {{ include "common.fullname" . }}-cert-storage
- mountPath: "{{ .Values.cert.certDir }}"
lifecycle:
postStart:
exec:
mountPath: /var/log/onap
- name: {{ include "common.fullname" . }}-data-filebeat
mountPath: /usr/share/filebeat/data
- volumes:
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: {{ include "common.fullname" . }}-localtime
hostPath:
path: /etc/localtime
- - name: sdc-cert
- secret:
- secretName: sdc-cert
- name: {{ include "common.fullname" . }}-filebeat-conf
configMap:
name: {{ include "common.release" . }}-sdc-filebeat-configmap
emptyDir: { medium: "Memory" }
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
- - name: {{ include "common.fullname" . }}-cert-storage
- persistentVolumeClaim:
- claimName: {{ include "common.fullname" . }}-cert
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
restartPolicy: Never
initContainers:
- name: {{ include "common.name" . }}-job-completion
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- --job-name
- {{ include "common.release" . }}-sdc-cs-config-cassandra
mountPath: /home/sdc/chef-solo/environments/
env:
- name: ENVNAME
- value: {{ .Values.global.env.name }}
+ value: {{ .Values.env.name }}
- name: HOST_IP
valueFrom:
fieldRef:
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ aafEnabled: true
+ persistence: {}
+ cassandra:
+ #This flag allows SDC to instantiate its own cluster, serviceName
+ #should be sdc-cs if this flag is enabled
+ localCluster: false
+ #The cassandra service name to connect to (default: shared cassandra service)
+ serviceName: cassandra
+ #Shared cassandra cluster replicaCount, should be changed if localCluster is enabled
+ #to match with its own cluster replica
+ replicaCount: 3
+ clusterName: cassandra
+ dataCenter: Pod
+
+#################################################################
+# AAF Part
+#################################################################
+certInitializer:
+ nameOverride: sdc-onboarding-be-cert-init
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: sdc
+ fqi: sdc@sdc.onap.org
+ public_fqdn: sdc.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ addconfig: true
+ keystoreFile: "org.onap.sdc.p12"
+ truststoreFile: "org.onap.sdc.trust.jks"
+ permission_user: 352070
+ permission_group: 35953
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh local showpass
+ {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
#################################################################
# Application configuration defaults.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-onboard-backend:1.6.7
-onboardingInitImage: onap/sdc-onboard-cassandra-init:1.6.7
+image: onap/sdc-onboard-backend:1.7.1
+onboardingInitImage: onap/sdc-onboard-cassandra-init:1.7.1
pullPolicy: Always
# flag to enable debugging - application support required
javaOptions: "-Xmx1g -Xms1g"
cassandraSslEnabled: "false"
+#environment file
+env:
+ name: AUTO
+
# default number of instances
replicaCount: 1
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modifications Copyright © 2020 AT&T. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
\ No newline at end of file
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers:
+ initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
{{- if .Values.initJob.enabled }}
- name: {{ include "common.name" . }}-job-completion
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- --job-name
- {{ include "common.fullname" . }}-workflow-init
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- if .Values.global.aafEnabled }}
+ command:
+ - sh
+ args:
+ - "-c"
+ - |
+ export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ export SERVER_SSL_KEY_PASSWORD=$cadi_keystore_password_p12
+ export KEYMANAGER_PASS=$cadi_keystore_password_p12
+ export SERVER_SSL_TRUST_PASSWORD=$cadi_truststore_password
+ export SERVER_SSL_KEYSTORE_PATH={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }}
+ export SERVER_SSL_TRUSTSTORE_PATH={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }}
+ ./startup.sh
+ {{- end }}
ports:
- containerPort: {{ template "wfd-be.internalPort" . }}
# disable liveness probe when breakpoints set in debugger
value: "{{ .Values.config.serverSSLEnabled }}"
- name: SERVER_SSL_KEYSTORE_TYPE
value: "{{ .Values.config.serverSSLKeyStoreType }}"
- - name: SERVER_SSL_KEYSTORE_PATH
- value: "{{ .Values.config.serverSSLKeyStorePath }}"
- - name: SERVER_SSL_KEY_PASSWORD
- valueFrom:
- secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: keystore_password}
- name: SERVER_SSL_TRUSTSTORE_TYPE
value: "{{ .Values.config.serverSSLTrustStoreType }}"
- - name: SERVER_SSL_TRUSTSTORE_PATH
- value: "{{ .Values.config.serverSSLTrustStorePath }}"
- - name: SERVER_SSL_TRUST_PASSWORD
- valueFrom:
- secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: truststore_password}
- volumeMounts:
- - name: sdc-cert
- mountPath: /keystore
- subPath: org.onap.sdc.p12
- - name: sdc-cert
- mountPath: /truststore
- subPath: org.onap.sdc.trust.jks
- volumes:
- - name: sdc-cert
- secret:
- secretName: sdc-cert
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
restartPolicy: Never
initContainers:
- name: {{ include "common.name" . }}-init-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- --job-name
- {{ include "common.release" . }}-sdc-cs-config-cassandra
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ aafEnabled: true
+ cassandra:
+ #This flag allows SDC to instantiate its own cluster, serviceName
+ #should be sdc-cs if this flag is enabled
+ localCluster: false
+ #The cassandra service name to connect to (default: shared cassandra service)
+ serviceName: cassandra
+ #Shared cassandra cluster replicaCount, should be changed if localCluster is enabled
+ #to match with its own cluster replica
+ replicaCount: 3
+ clusterName: cassandra
+ dataCenter: Pod
+
+#################################################################
+# AAF Part
+#################################################################
+certInitializer:
+ nameOverride: sdc-wfd-be-cert-init
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: sdc
+ fqi: sdc@sdc.onap.org
+ public_fqdn: sdc.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ addconfig: true
+ keystoreFile: "org.onap.sdc.p12"
+ truststoreFile: "org.onap.sdc.trust.jks"
+ permission_user: 352070
+ permission_group: 35953
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh local showpass
+ {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
#################################################################
# Application configuration defaults.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/workflow-backend:1.6.4
-configInitImage: onap/workflow-init:1.6.4
+image: onap/sdc-workflow-backend:1.7.0
+configInitImage: onap/sdc-workflow-init:1.7.0
pullPolicy: Always
initJob:
javaOptions: "-Xmx1536m -Xms1536m"
cassandraAuthenticationEnabled: true
cassandraClientPort: 9042
-
sdcProtocol: HTTPS
sdcEndpoint: sdc-be:8443
sdcExternalUser: workflow
-
serverSSLEnabled: true
-
serverSSLKeyStoreType: jks
- serverSSLKeyStorePath: /home/sdc/etc/keystore
-
serverSSLTrustStoreType: jks
- serverSSLTrustStorePath: /home/sdc/etc/truststore
-
cassandraSSLEnabled: false
cassandraTrustStorePath: /home/sdc/etc/truststore
+# environment file
+env:
+ name: AUTO
+
# default number of instances
replicaCount: 1
externalPort2: 8443
nodePort: "57" # only one node port. set to http or https port depending on isHttpsEnabled property
-
ingress:
enabled: false
service:
port: 8443
config:
ssl: "redirect"
-
+
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modifications Copyright © 2020 AT&T. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
\ No newline at end of file
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers:
+ initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
- name: {{ include "common.name" . }}-readiness
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- "sdc-wfd-be"
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- if .Values.global.aafEnabled }}
+ - name: {{ include "common.fullname" . }}-move-cert
+ command:
+ - /bin/sh
+ args:
+ - -c
+ - |
+ cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} /sdc-certs/{{ .Values.certInitializer.keystoreFile }}
+ cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} /sdc-certs/{{ .Values.certInitializer.truststoreFile }}
+ cp {{ .Values.certInitializer.credsPath }}/mycreds.prop /sdc-certs/mycreds.prop
+ image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
+ - name: sdc-certs
+ mountPath: /sdc-certs
+ {{- end }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- if .Values.global.aafEnabled }}
+ command:
+ - sh
+ args:
+ - "-c"
+ - |
+ export $(grep '^c' /sdc-certs/mycreds.prop | xargs -0)
+ export KEYSTORE_PASS=$cadi_keystore_password_p12
+ export TRUSTSTORE_PASS=$cadi_truststore_password
+ export KEYSTORE_PATH=/etc/{{ .Values.certInitializer.keystoreFile }}
+ export TRUSTSTORE_PATH=/etc/{{ .Values.certInitializer.truststoreFile }}
+ ./startup.sh
+ {{- end }}
ports:
- containerPort: {{ template "wfd-fe.internalPort" . }}
{{ if .Values.liveness.enabled }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- name: ENVNAME
- value: {{ .Values.global.env.name }}
+ value: {{ .Values.env.name }}
- name: JAVA_OPTIONS
value: {{ .Values.config.javaOptions }}
- name: BACKEND
- name: IS_HTTPS
value: "{{ .Values.config.isHttpsEnabled}}"
{{ if and .Values.config.isHttpsEnabled (eq .Values.security.isDefaultStore false) }}
- - name: KEYSTORE_PASS
- valueFrom:
- secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: keystore_password}
- - name: TRUSTSTORE_PASS
- valueFrom:
- secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: truststore_password}
- - name: TRUSTSTORE_PATH
- value: "{{ .Values.security.storePath }}/{{ .Values.security.truststoreFilename }}"
- - name: KEYSTORE_PATH
- value: "{{ .Values.security.storePath }}/{{ .Values.security.keystoreFilename }}"
- name: TRUST_ALL
value: "{{ .Values.config.isTrustAll}}"
{{ end }}
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
- - name: sdc-cert
- mountPath: /var/lib/jetty/etc/org.onap.sdc.p12
- subPath: org.onap.sdc.p12
- - name: sdc-cert
- mountPath: /var/lib/jetty/etc/org.onap.sdc.trust.jks
- subPath: org.onap.sdc.trust.jks
+ {{- if .Values.global.aafEnabled }}
+ - name: sdc-certs
+ mountPath: /sdc-certs/mycreds.prop
+ subPath: mycreds.prop
+ - name: sdc-certs
+ mountPath: /var/lib/jetty/etc/{{ .Values.certInitializer.keystoreFile }}
+ subPath: {{ .Values.certInitializer.keystoreFile }}
+ - name: sdc-certs
+ mountPath: /var/lib/jetty/etc/{{ .Values.certInitializer.truststoreFile }}
+ subPath: {{ .Values.certInitializer.truststoreFile }}
+ {{ end }}
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
mountPath: /var/log/onap
- name: {{ include "common.fullname" . }}-data-filebeat
mountPath: /usr/share/filebeat/data
- volumes:
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: {{ include "common.fullname" . }}-localtime
hostPath:
path: /etc/localtime
- - name: sdc-cert
- secret:
- secretName: sdc-cert
+ {{- if .Values.global.aafEnabled }}
+ - name: sdc-certs
+ emptyDir:
+ medium: "Memory"
+ {{- end }}
- name: {{ include "common.fullname" . }}-filebeat-conf
configMap:
name: {{ include "common.release" . }}-sdc-filebeat-configmap
global:
nodePortPrefix: 302
nodePortPrefixExt: 304
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ aafEnabled: true
+
+#################################################################
+# AAF Part
+#################################################################
+certInitializer:
+ nameOverride: sdc-wfd-fe-cert-init
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: sdc
+ fqi: sdc@sdc.onap.org
+ public_fqdn: sdc.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ addconfig: true
+ keystoreFile: "org.onap.sdc.p12"
+ truststoreFile: "org.onap.sdc.trust.jks"
+ permission_user: 352070
+ permission_group: 35953
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh local showpass
+ {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
#################################################################
# Application configuration defaults.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/workflow-frontend:1.6.4
+image: onap/sdc-workflow-frontend:1.7.0
pullPolicy: Always
# flag to enable debugging - application support required
# following flag decides whether to check the certificate on the outgoing proxy request or whether to trust all parties
isTrustAll: true
# https relevant settings. Change in case you have other trust files then default ones.
+
+#environment file
+env:
+ name: AUTO
+
security:
isDefaultStore: false
- truststoreFilename: "org.onap.sdc.trust.jks"
- keystoreFilename: "org.onap.sdc.p12"
- storePath: "etc"
# default number of instances
replicaCount: 1
# limitations under the License.
dependencies:
- - name: common
+ - name: sdc-be
version: ~6.x-0
- repository: '@local'
-
- - name: cassandra
+ repository: 'file://components/sdc-be'
+ - name: sdc-cs
version: ~6.x-0
- # local reference to common chart, as it is
- # a part of this chart's package and will not
- # be published independently to a repo (at this point)
- repository: '@local'
- condition: global.cassandra.localCluster
-
+ repository: 'file://components/sdc-cs'
+ - name: sdc-fe
+ version: ~6.x-0
+ repository: 'file://components/sdc-fe'
+ - name: sdc-onboarding-be
+ version: ~6.x-0
+ repository: 'file://components/sdc-onboarding-be'
+ - name: sdc-wfd-be
+ version: ~6.x-0
+ repository: 'file://components/sdc-wfd-be'
+ condition: sdc-wfd.enabled
+ - name: sdc-wfd-fe
+ version: ~6.x-0
+ repository: 'file://components/sdc-wfd-fe'
+ condition: sdc-wfd.enabled
\ No newline at end of file
{
- "name": "{{ .Values.global.env.name }}",
- "description": "OpenSource-{{ .Values.global.env.name }}",
+ "name": "{{ .Values.env.name }}",
+ "description": "OpenSource-{{ .Values.env.name }}",
"cookbook_versions": {
"Deploy-SDandC": "= 1.0.0"
},
"CS_VIP": "{{.Values.global.cassandra.serviceName}}.{{include "common.namespace" .}}",
"BE_VIP": "sdc-be.{{include "common.namespace" .}}",
"ONBOARDING_BE_VIP": "sdc-onboarding-be.{{include "common.namespace" .}}",
- "DCAE_BE_VIP": "sdc-dcae-be.{{include "common.namespace" .}}",
- "DCAE_FE_VIP": "sdc-dcae-fe.{{include "common.namespace" .}}",
- "DCAE_TOSCA_LAB_VIP": "sdc-dcae-tosca-lab.{{include "common.namespace" .}}",
"FE_VIP": "sdc-fe.{{include "common.namespace" .}}",
"interfaces": {
"application": "eth0",
},
"jetty": {
"keystore_pwd": "${KEYSTORE_PASS}",
- "truststore_pwd": "${TRUSTSTORE_PASS}"
+ "truststore_pwd": "${TRUSTSTORE_PASS}",
+ "keymanager_pwd": "${KEYMANAGER_PASS}"
}
}
}
keystore_password: "{{ .Values.global.secrets.keystore_password }}"
# workflow
wf_external_user_password: "{{ .Values.global.secrets.wf_external_user_password }}"
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: sdc-cert
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/cert/*").AsSecrets . | indent 2 }}
global:
persistence: {}
- env:
- name: AUTO
secrets:
sdc_user: YXNkY191c2Vy
sdc_password: QWExMjM0JV4h
ubuntuInitImage: ubuntu-init:1.0.0
busyboxRepository: registry.hub.docker.com
busyboxImage: library/busybox:latest
+ aafEnabled: true
cassandra:
#This flag allows SDC to instantiate its own cluster, serviceName
#should be sdc-cs if this flag is enabled
security:
disableHttp: true
envsubstImage: dibi/envsubst
+
+# Environment file
+env:
+ name: AUTO
+
config:
logstashServiceName: log-ls
logstashPort: 5044
persistence:
mountSubPath: sdc/sdc-cs/CS
enabled: true
+
+# dependency / sub-chart configuration
+sdc-wfd:
+ enabled: true
\ No newline at end of file
.project
.idea/
*.tmproj
+# avoid 1MB limit
+components/
EXCLUDES := dist resources templates charts
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell helm version --template "{{.Version}}")
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+else
@if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+endif
@helm repo index $(PACKAGE_DIR)
clean:
+++ /dev/null
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
EXCLUDES :=
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell helm version --template "{{.Version}}")
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+else
@if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+endif
@helm repo index $(PACKAGE_DIR)
clean:
--- /dev/null
+TransportType=HTTPNOAUTH
+Latitude =50.000000
+Longitude =-100.000000
+Version =1.0
+ServiceName=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}/events
+Environment =TEST
+Partner =
+routeOffer=MR1
+SubContextPath =/
+Protocol =http
+MethodType =GET
+username =UNUSED
+password =UNUSED
+contenttype =application/json
+authKey=UNUSED
+authDate=UNUSED
+host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}
+topic=RAN-Slice-Mgmt
+group=users
+id=sdnc1
+timeout=15000
+limit=1000
+filter=
+AFT_DME2_EXCHANGE_REQUEST_HANDLERS=com.att.nsa.test.PreferredRouteRequestHandler
+AFT_DME2_EXCHANGE_REPLY_HANDLERS=com.att.nsa.test.PreferredRouteReplyHandler
+AFT_DME2_REQ_TRACE_ON=true
+AFT_ENVIRONMENT=AFTUAT
+AFT_DME2_EP_CONN_TIMEOUT=15000
+AFT_DME2_ROUNDTRIP_TIMEOUT_MS=240000
+AFT_DME2_EP_READ_TIMEOUT_MS=50000
+sessionstickinessrequired=NO
+DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt
+sdnc.odl.user=${ODL_USER}
+sdnc.odl.password=${ODL_PASSWORD}
+sdnc.odl.url-base=http://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
selector:
matchLabels:
app: {{ include "common.name" . }}
replicas: {{ .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- command:
name: {{ include "common.name" . }}-update-config
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- {{ include "common.mariadbService" . }}
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
- mountPath: {{ .Values.config.configDir }}/dmaap-consumer-oofpcipoc.properties
name: properties
subPath: dmaap-consumer-oofpcipoc.properties
+ - mountPath: {{ .Values.config.configDir }}/dmaap-consumer-RANSlice.properties
+ name: properties
+ subPath: dmaap-consumer-RANSlice.properties
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
--- /dev/null
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
# envsusbt
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdnc-dmaap-listener-image:1.8.4
+image: onap/sdnc-dmaap-listener-image:2.0.1
pullPolicy: Always
# flag to enable debugging - application support required
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
selector:
matchLabels:
app: {{ include "common.name" . }}
replicas: {{ .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- command:
name: {{ include "common.name" . }}-update-config
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- {{ .Values.config.sdncChartName }}
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
--- /dev/null
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
targetPort: {{ .Values.service.internalPort }}
name: {{ .Values.service.name }}
selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ app.kubernetes.io/name: {{ include "common.name" . }}
+ app.kubernetes.io/instance: {{ include "common.release" . }}
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
# envsusbt
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdnc-ansible-server-image:1.8.4
+image: onap/sdnc-ansible-server-image:2.0.1
pullPolicy: Always
# flag to enable debugging - application support required
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
selector:
matchLabels:
app: {{ include "common.name" . }}
replicas: 1
+ selector: {{- include "common.selectors" . | nindent 4 }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- sdnc
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
global:
nodePortPrefix: 302
repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
persistence:
--- /dev/null
+# Copyright © 2020 highstreet technologies GmbH
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: SDN-C Web Server
+name: sdnc-web
+version: 6.0.0
--- /dev/null
+# Copyright © 2020 highstreet technologies GmbH
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
\ No newline at end of file
--- /dev/null
+# Copyright © 2020 highstreet technologies GmbH
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+nclude "common.repository" . }}apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ serviceName: "sdnc-web"
+ replicas: {{ .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ initContainers: {{ include "common.certInitializer.initContainer" . | indent 6 }}
+ - name: {{ include "common.name" . }}-readiness
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /app/ready.py
+ args:
+ - --container-name
+ - {{ .Values.config.sdncChartName }}
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports: {{- include "common.containerPorts" . | indent 10 }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{ if .Values.liveness.enabled }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ - name: WEBPROTOCOL
+ value: {{ .Values.config.webProtocol }}
+ - name: WEBPORT
+ value: {{ .Values.config.webPort | quote }}
+ - name: SDNRPROTOCOL
+ value: {{ .Values.config.sdnrProtocol }}
+ - name: SDNRHOST
+ value: {{ .Values.config.sdnrHost }}.{{ include "common.namespace" . }}
+ - name: SDNRPORT
+ value: {{ .Values.config.sdnrPort | quote }}
+ - name: SSL_CERT_DIR
+ value: {{ .Values.config.sslCertDir }}
+ - name: SSL_CERTIFICATE
+ value: {{ .Values.config.sslCertiticate }}
+ - name: SSL_CERTIFICATE_KEY
+ value: {{ .Values.config.sslCertKey }}
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+
+ resources: {{ include "common.resources" . | nindent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/* # Copyright © 2020 highstreet technologies GmbH
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{- include "common.service" . -}}
+
--- /dev/null
+# Copyright © 2020 highstreet technologies GmbH
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ aafEnabled: true
+ nodePortPrefix: 322
+ readinessImage: onap/oom/readiness:3.0.1
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+ k8scluster: svc.cluster.local
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: nexus3.onap.org:10001
+image: "onap/sdnc-web-image:2.0.1"
+pullPolicy: Always
+
+config:
+ sdncChartName: sdnc
+ webProtocol: HTTPS
+ webPort: 8443
+ #sdnrProtocol: HTTPS
+ sdnrProtocol: HTTPS
+ #sdnrHost: "sdnc.onap"
+ sdnrHost: "sdnc"
+ sdnrPort: "8443"
+ sslCertDir: "/opt/app/osaaf/local/certs"
+ sslCertiticate: "cert.pem"
+ sslCertKey: "key.pem"
+
+
+#################################################################
+# aaf configuration defaults.
+#################################################################
+certInitializer:
+ nameOverride: sdnc-web-cert-initializer
+ fqdn: "sdnc"
+ app_ns: "org.osaaf.aaf"
+ fqi: "sdnc@sdnc.onap.org"
+ fqi_namespace: "org.onap.sdnc"
+ public_fqdn: "sdnc.onap.org"
+ aafDeployFqi: "deployer@people.osaaf.org"
+ aafDeployPass: demo123456!
+ cadi_latitude: "38.0"
+ cadi_longitude: "-72.0"
+ credsPath: /opt/app/osaaf/local
+ aaf_add_config: >
+ cd /opt/app/osaaf/local;
+ mkdir -p certs;
+ export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0);
+ keytool -exportcert -rfc -file certs/cacert.pem -keystore {{ .Values.fqi_namespace }}.trust.jks -alias ca_local_0 -storepass $cadi_truststore_password;
+ openssl pkcs12 -in {{ .Values.fqi_namespace }}.p12 -out certs/cert.pem -passin pass:$cadi_keystore_password_p12 -passout pass:$cadi_keystore_password_p12;
+ cp {{ .Values.fqi_namespace }}.key certs/key.pem;
+ chmod -R 755 certs;
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 180
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 60
+ periodSeconds: 10
+
+service:
+ name: sdnc-web
+ suffix: service
+ type: NodePort
+ sessionAffinity: ClientIP
+ # for liveness and readiness probe only
+ # internalPort:
+ internalPort: 8443
+ ports:
+ - name: "sdnc-web"
+ port: "8443"
+ nodePort: "05"
+
+#ingress:
+# enabled: false
+
+#Resource limit flavor -By default using small
+flavor: small
+#segregation for different environment (small and large)
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 1Gi
+ requests:
+ cpu: 0.5
+ memory: 500Mi
+ large:
+ limits:
+ cpu: 2
+ memory: 2Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ unlimited: {}
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
selector:
matchLabels:
app: {{ include "common.name" . }}
replicas: {{ .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- command:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- {{ include "common.mariadbService" . }}
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
--- /dev/null
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
# envsusbt
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdnc-ueb-listener-image:1.8.4
+image: onap/sdnc-ueb-listener-image:2.0.1
pullPolicy: Always
# flag to enable debugging - application support required
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2017 Amdocs, Bell Canada,
+# Copyright © 2020 highstreet technologies GmbH
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- name: network-name-gen
version: ~6.x-0
repository: '@local'
+ condition: network-name-gen.enabled
- name: dgbuilder
version: ~6.x-0
repository: '@local'
+ condition: dgbuilder.enabled
- name: sdnc-prom
version: ~6.x-0
repository: '@local'
- name: elasticsearch
version: ~6.x-0
repository: '@local'
+ condition: config.sdnr.enabled
+ # conditions for sdnc-subcharts
+ - name: dmaap-listener
+ version: ~6.x-0
+ repository: 'file://components/dmaap-listener/'
+ condition: sdnc.dmaap-listener.enabled,dmaap-listener.enabled
+ - name: ueb-listener
+ version: ~6.x-0
+ repository: 'file://components/ueb-listener/'
+ condition: sdnc.ueb-listener.enabled,ueb-listener.enabled
+ - name: sdnc-ansible-server
+ version: ~6.x-0
+ repository: 'file://components/sdnc-ansible-server/'
+ condition: sdnc.sdnc-ansible-server.enabled,sdnc-ansible-server.enabled
+ - name: sdnc-web
+ version: ~6.x-0
+ repository: 'file://components/sdnc-web/'
+ condition: sdnc.sdnc-web.enabled,sdnc-web.enabled
+
+
+
--- /dev/null
+#!/bin/bash
+
+###
+# ============LICENSE_START=======================================================
+# SDNC
+# ================================================================================
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Update by Copyright (C) 2020 highstreet technologies GmbH. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+###
+
+# Install SDN-C platform components if not already installed and start container
+
+# List of used constants, that are provided during container initialization
+
+ODL_HOME=${ODL_HOME:-/opt/opendaylight/current}
+ODL_FEATURES_BOOT_FILE=$ODL_HOME/etc/org.apache.karaf.features.cfg
+#
+ODL_REMOVEIDMDB=${ODL_REMOVEIDMDB:-false}
+
+#ODL_CERT_DIR
+ODL_ADMIN_USERNAME=${ODL_ADMIN_USERNAME:-admin}
+if $ODL_REMOVEIDMDB ; then
+ echo "Remove odl idmdb"
+ rm $ODL_HOME/data/idmlight.db.mv.db
+ ODL_ADMIN_PASSWORD=${ODL_ADMIN_PASSWORD:-admin}
+else
+ ODL_ADMIN_PASSWORD=${ODL_ADMIN_PASSWORD:-Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U}
+fi
+
+export ODL_ADMIN_PASSWORD ODL_ADMIN_USERNAME
+
+SDNC_HOME=${SDNC_HOME:-/opt/onap/sdnc}
+SDNC_BIN=${SDNC_BIN:-/opt/onap/sdnc/bin}
+CCSDK_HOME=${CCSDK_HOME:-/opt/onap/ccsdk}
+
+#- ODL Cluster
+ENABLE_ODL_CLUSTER=${ENABLE_ODL_CLUSTER:-false}
+#SDNC_REPLICAS
+
+#- ODL GEO cluster
+GEO_ENABLED=${GEO_ENABLED:-false}
+#IS_PRIMARY_CLUSTER
+#MY_ODL_CLUSTER
+#PEER_ODL_CLUSTER
+
+#- AAF
+SDNC_AAF_ENABLED=${SDNC_AAF_ENABLED:-false}
+
+#- SDN-R
+SDNRWT=${SDNRWT:-false}
+SDNRWT_BOOTFEATURES=${SDNRWT_BOOTFEATURES:-sdnr-wt-feature-aggregator}
+SDNRDM=${SDNRDM:-false}
+# Add devicemanager base and specific repositories
+SDNRDM_BASE_REPO=${SDNRDM_BASE_REPO:-mvn:org.onap.ccsdk.features.sdnr.wt/sdnr-wt-feature-aggregator-devicemanager-base/$CCSDKFEATUREVERSION/xml/features}
+SDNRDM_ONF_REPO=${SDNRDM_ONF_REPO:-mvn:org.onap.ccsdk.features.sdnr.wt/sdnr-wt-devicemanager-onf-feature/$CCSDKFEATUREVERSION/xml/features}
+SDNRDM_ORAN_REPO=${SDNRDM_ORAN_REPO:-mvn:org.onap.ccsdk.features.sdnr.wt/sdnr-wt-devicemanager-oran-feature/$CCSDKFEATUREVERSION/xml/features}
+SDNRDM_GRAN_REPO=${SDNRDM_GRAN_REPO:-mvn:org.onap.ccsdk.features.sdnr.wt/sdnr-wt-devicemanager-gran-feature/$CCSDKFEATUREVERSION/xml/features}
+# Add devicemanager features
+SDNRDM_SDM_LIST=${SDNRDM_SDM_LIST:-sdnr-wt-devicemanager-onf-feature, sdnr-wt-devicemanager-oran-feature, sdnr-wt-devicemanager-gran-feature}
+SDNRDM_BOOTFEATURES=${SDNRDM_BOOTFEATURES:-sdnr-wt-feature-aggregator-devicemanager-base, ${SDNRDM_SDM_LIST}}
+SDNRINIT=${SDNRINIT:-false}
+SDNRONLY=${SDNRONLY:-false}
+SDNRDBURL=${SDNRDBURL:-http://sdnrdb:9200}
+#SDNRDBUSERNAME
+#SDNRDBPASSWORD
+#SDNRDBPARAMETER
+SDNRDBCOMMAND=${SDNRDBCOMMAND:--c init -db $SDNRDBURL -dbu $SDNRDBUSERNAME -dbp $SDNRDBPASSWORD $SDNRDBPARAMETER}
+
+SDNR_NORTHBOUND=${SDNR_NORTHBOUND:-false}
+SDNR_NORTHBOUND_BOOTFEATURES=${SDNR_NORTHBOUND_BOOTFEATURES:-sdnr-northbound-all}
+
+# Functions
+
+# Test if repository exists, like this mvn:org.onap.ccsdk.features.sdnr.wt/sdnr-wt-devicemanager-oran-feature/0.7.2/xml/features
+# $1 repository
+function isRepoExisting() {
+ REPO=$(echo $1 | sed -E "s#mvn:(.*)/xml/features\$#\1#")
+ OIFS="$IFS"
+ IFS='/' parts=($REPO)
+ IFS="$OIFS"
+ path="$ODL_HOME/system/"${parts[0]//./\/}"/"${parts[1]}"/"${parts[2]}
+ [ -d "$path" ]
+}
+
+# Add features repository to karaf featuresRepositories configuration
+# $1 repositories to be added
+function addRepository() {
+ CFG=$ODL_FEATURES_BOOT_FILE
+ ORIG=$CFG.orig
+ if isRepoExisting "$1" ; then
+ echo "Add repository: $1"
+ sed -i "\|featuresRepositories|s|$|, $1|" $CFG
+ else
+ echo "Repo does not exist: $1"
+ fi
+}
+
+# Append features to karaf boot feature configuration
+# $1 additional feature to be added
+# $2 repositories to be added (optional)
+function addToFeatureBoot() {
+ CFG=$ODL_FEATURES_BOOT_FILE
+ ORIG=$CFG.orig
+ if [ -n "$2" ] ; then
+ addRepository $2
+ fi
+ echo "Add boot feature: $1"
+ sed -i "\|featuresBoot *=|s|$|,$1|" $CFG
+}
+
+# Append features to karaf boot feature configuration
+# $1 search pattern
+# $2 replacement
+function replaceFeatureBoot() {
+ CFG=$ODL_FEATURES_BOOT_FILE
+ echo "Replace boot feature $1 with: $2"
+ sed -i "/featuresBoot/ s/$1/$2/g" $CFG
+}
+
+# Remove all sdnc specific features
+function cleanupFeatureBoot() {
+ echo "Remove northbound bootfeatures "
+ sed -i "/featuresBoot/ s/,ccsdk-sli-core-all.*$//g" $ODL_FEATURES_BOOT_FILE
+}
+
+function initialize_sdnr() {
+ echo "SDN-R Database Initialization"
+ INITCMD="$JAVA_HOME/bin/java -jar "
+ INITCMD+="$ODL_HOME/system/org/onap/ccsdk/features/sdnr/wt/sdnr-wt-data-provider-setup/$CCSDKFEATUREVERSION/sdnr-dmt.jar "
+ INITCMD+="$SDNRDBCOMMAND"
+ echo "Execute: $INITCMD"
+ n=0
+ until [ $n -ge 5 ] ; do
+ $INITCMD && break
+ n=$[$n+1]
+ sleep 15
+ done
+ return $?
+}
+
+function install_sdnrwt_features() {
+ # Repository setup provided via sdnc dockerfile
+ if $SDNRWT; then
+ addRepository $SDNRDM_BASE_REPO
+ addRepository $SDNRDM_ONF_REPO
+ addRepository $SDNRDM_ORAN_REPO
+ addRepository $SDNRDM_GRAN_REPO
+
+ if $SDNRONLY; then
+ cleanupFeatureBoot
+ fi
+ if $SDNRDM; then
+ addToFeatureBoot "$SDNRDM_BOOTFEATURES"
+ else
+ addToFeatureBoot "$SDNRWT_BOOTFEATURES"
+ fi
+ fi
+}
+
+
+function install_sdnr_northbound_features() {
+ # Repository setup provided via sdnc dockerfile
+ addToFeatureBoot "$SDNR_NORTHBOUND_BOOTFEATURES"
+}
+
+# Reconfigure ODL from default single node configuration to cluster
+
+function enable_odl_cluster(){
+ if [ -z $SDNC_REPLICAS ]; then
+ echo "SDNC_REPLICAS is not configured in Env field"
+ exit
+ fi
+
+ # ODL NETCONF setup
+ echo "Installing Opendaylight cluster features for mdsal and netconf"
+
+ #Be sure to remove feature odl-netconf-connector-all from list
+ replaceFeatureBoot "odl-netconf-connector-all,"
+ #Activate cluster
+ replaceFeatureBoot odl-netconf-topology odl-netconf-clustered-topology
+ replaceFeatureBoot odl-mdsal-all odl-mdsal-all,odl-mdsal-clustering
+ addToFeatureBoot odl-jolokia
+
+ # ODL Cluster or Geo cluster configuration
+
+ echo "Update cluster information statically"
+ fqdn=$(hostname -f)
+ echo "Get current fqdn ${fqdn}"
+
+ # Extract node index using first digit after "-"
+ # Example 2 from "sdnr-2.logo.ost.das.r32.com"
+ node_index=($(echo ${fqdn} | sed -r 's/.*-([0-9]).*/\1/g'))
+
+ if $GEO_ENABLED; then
+ echo "This is a Geo cluster"
+
+ if [ -z $IS_PRIMARY_CLUSTER ] || [ -z $MY_ODL_CLUSTER ] || [ -z $PEER_ODL_CLUSTER ]; then
+ echo "IS_PRIMARY_CLUSTER, MY_ODL_CLUSTER and PEER_ODL_CLUSTER must all be configured in Env field"
+ return
+ fi
+
+ member_offset=1
+ if $IS_PRIMARY_CLUSTER; then
+ PRIMARY_NODE=${MY_ODL_CLUSTER}
+ SECONDARY_NODE=${PEER_ODL_CLUSTER}
+ else
+ PRIMARY_NODE=${PEER_ODL_CLUSTER}
+ SECONDARY_NODE=${MY_ODL_CLUSTER}
+ member_offset=4
+ fi
+
+ node_list="${PRIMARY_NODE} ${SECONDARY_NODE}"
+ $SDNC_BIN/configure_geo_cluster.sh $((node_index+member_offset)) ${node_list}
+ else
+ echo "This is a local cluster"
+ for ((i=0;i<${SDNC_REPLICAS};i++)); do
+ #assemble node list by replaceing node-index in hostname with "i"
+ node_name=$(echo ${fqdn} | sed -r "s/-[0-9]/-$i/g")
+ node_list="${node_list} $node_name"
+ done
+ echo "Node index: $((node_index+1)) list: ${node_list[@]}"
+ $ODL_HOME/bin/configure_cluster.sh $((node_index+1)) ${node_list}
+ fi
+}
+
+# -----------------------
+# Main script starts here
+
+echo "Image path=${IMAGEPATH}"
+echo "Image names=${IMAGENAMES}"
+echo "Settings:"
+echo " USER=$(whoami)"
+echo " SDNC_BIN=$SDNC_BIN"
+echo " SDNC_HOME=$SDNC_HOME"
+echo " ODL_CERT_DIR=$ODL_CERT_DIR"
+echo " CCSDKFEATUREVERSION=$CCSDKFEATUREVERSION"
+echo " ENABLE_ODL_CLUSTER=$ENABLE_ODL_CLUSTER"
+echo " ODL_REMOVEIDMDB=$ODL_REMOVEIDMDB"
+echo " SDNC_REPLICAS=$SDNC_REPLICAS"
+echo " SDNRWT=$SDNRWT"
+echo " SDNRDM=$SDNRDM"
+echo " SDNRONLY=$SDNRONLY"
+echo " SDNRINIT=$SDNRINIT"
+echo " SDNRDBURL=$SDNRDBURL"
+echo " SDNRDBUSERNAME=$SDNRDBUSERNAME"
+echo " SDNRDBPASSWORD=$SDNRDBPASSWORD"
+echo " GEO_ENABLED=$GEO_ENABLED"
+echo " IS_PRIMARY_CLUSTER=$IS_PRIMARY_CLUSTER"
+echo " MY_ODL_CLUSTER=$MY_ODL_CLUSTER"
+echo " PEER_ODL_CLUSTER=$PEER_ODL_CLUSTER"
+echo " AAF_ENABLED=$SDNC_AAF_ENABLED"
+
+if $SDNC_AAF_ENABLED; then
+ export SDNC_AAF_STORE_DIR=/opt/app/osaaf/local
+ export SDNC_AAF_CONFIG_DIR=/opt/app/osaaf/local
+ export SDNC_KEYPASS=`cat /opt/app/osaaf/local/.pass`
+ export SDNC_KEYSTORE=org.onap.sdnc.p12
+ sed -i '/cadi_prop_files/d' $ODL_HOME/etc/system.properties
+ echo "cadi_prop_files=$SDNC_AAF_CONFIG_DIR/org.onap.sdnc.props" >> $ODL_HOME/etc/system.properties
+
+ sed -i '/org.ops4j.pax.web.ssl.keystore/d' $ODL_HOME/etc/custom.properties
+ sed -i '/org.ops4j.pax.web.ssl.password/d' $ODL_HOME/etc/custom.properties
+ sed -i '/org.ops4j.pax.web.ssl.keypassword/d' $ODL_HOME/etc/custom.properties
+ echo org.ops4j.pax.web.ssl.keystore=$SDNC_AAF_STORE_DIR/$SDNC_KEYSTORE >> $ODL_HOME/etc/custom.properties
+ echo org.ops4j.pax.web.ssl.password=$SDNC_KEYPASS >> $ODL_HOME/etc/custom.properties
+ echo org.ops4j.pax.web.ssl.keypassword=$SDNC_KEYPASS >> $ODL_HOME/etc/custom.properties
+fi
+
+if $SDNRINIT ; then
+ #One time intialization action
+ initialize_sdnr
+ init_result=$?
+ echo "Result of init script: $init_result"
+ if $SDNRWT ; then
+ echo "Proceed to initialize sdnr"
+ else
+ exit $init_result
+ fi
+fi
+
+if [ ! -f ${SDNC_HOME}/.installed ]
+then
+ echo "Installing SDN-C keyStore"
+ /bin/bash ${SDNC_HOME}/bin/addSdncKeyStore.sh
+
+ if $ENABLE_ODL_CLUSTER ; then enable_odl_cluster ; fi
+
+ if $SDNRWT ; then install_sdnrwt_features ; fi
+
+ if $SDNR_NORTHBOUND ; then install_sdnr_northbound_features ; fi
+
+ echo "Installed at `date`" > ${SDNC_HOME}/.installed
+fi
+
+# Odl configuration done
+ODL_FEATURES_BOOT=$(sed -n "/featuresBoot =/p" $ODL_FEATURES_BOOT_FILE)
+export ODL_FEATURES_BOOT
+
+if [ -z "$ODL_CERT_DIR" ] ; then
+ echo "No certs provided. Skip installation."
+else
+ echo "Start background cert installer"
+ nohup python ${SDNC_BIN}/installCerts.oom.py &
+fi
+
+echo "Startup opendaylight"
+echo $ODL_FEATURES_BOOT
+exec ${ODL_HOME}/bin/karaf server
fi
cp /opt/opendaylight/current/certs/* /tmp
+cp /var/custom-certs/* /tmp
nohup python ${SDNC_BIN}/installCerts.py &
--- /dev/null
+[general]
+dmaapEnabled={{.Values.config.sdnr.mountpointRegistrarEnabled | default "false"}}
+{{ if .Values.global.aafEnabled }}
+baseUrl=https://localhost:{{.Values.service.internalPort4}}
+{{- else }}
+baseUrl=http://localhost:{{.Values.service.internalPort}}
+{{- end }}
+sdnrUser=${ODL_ADMIN_USERNAME}
+sdnrPasswd=${ODL_ADMIN_PASSWORD}
+
+[fault]
+faultConsumerClass=org.onap.ccsdk.features.sdnr.wt.mountpointregistrar.impl.DMaaPFaultVESMsgConsumer
+TransportType=HTTPNOAUTH
+host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort | default "3904"}}
+topic=unauthenticated.SEC_FAULT_OUTPUT
+contenttype=application/json
+group=myG
+id=C1
+timeout=50000
+limit=10000
+
+[pnfRegistration]
+pnfRegConsumerClass=org.onap.ccsdk.features.sdnr.wt.mountpointregistrar.impl.DMaaPPNFRegVESMsgConsumer
+TransportType=HTTPNOAUTH
+host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort | default "3904"}}
+topic=unauthenticated.VES_PNFREG_OUTPUT
+contenttype=application/json
+group=myG
+id=C1
+timeout=50000
+limit=10000
--- /dev/null
+[general]
+dmaapEnabled={{.Values.config.sdnr.mountpointStateProviderEnabled | default "false"}}
+TransportType=HTTPNOAUTH
+host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort | default "3904"}}
+topic=unauthenticated.SDNR_MOUNTPOINT_STATE_INFO
+contenttype=application/json
+timeout=20000
+limit=10000
+maxBatchSize=100
+maxAgeMs=250
+MessageSentThreadOccurance=50
export JAVA_MAX_MEM="2048m"
fi
-EXTRA_JAVA_OPTS: "-XX:+UseG1GC -XX:MaxGCPauseMillis={{.Values.config.odl.javaOptions.maxGCPauseMillis}} \
- -XX:ParallelGCThreads={{.Values.config.odl.javaOptions.parallelGCThreads}} -XX:+ParallelRefProcEnabled \
- -XX:+UseStringDeduplication -XX:+PrintGC -XX:+PrintGCDateStamps -XX:+PrintGCDetails \
- -XX:+PrintGCTimeStamps -XX:+UseGCLogFileRotation \
- -XX:NumberOfGCLogFiles={{.Values.config.odl.javaOptions.numberGGLogFiles}} -Xloggc:/var/log/onap/sdnc/gc-%t.log"
+EXTRA_JAVA_OPTS=${EXTRA_JAVA_OPTS:-"-XX:+UseG1GC \
+ -XX:MaxGCPauseMillis={{.Values.config.odl.javaOptions.maxGCPauseMillis}} \
+ -XX:ParallelGCThreads={{.Values.config.odl.javaOptions.parallelGCThreads}} \
+ -XX:+ParallelRefProcEnabled \
+ -XX:+UseStringDeduplication {{.Values.config.odl.javaOptions.gcLogOptions}}"}
+{{- if .Values.dgbuilder.enabled -}}
{{/*
# Copyright © 2017 Amdocs, Bell Canada, AT&T
#
- name: {{ include "common.name" . }}-readiness
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- {{ include "common.mariadbService" . }}
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
containers:
- name: {{ include "common.name" . }}
restartPolicy: Never
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
+{{- end -}}
--- /dev/null
+# Copyright © 2020 highstreet technologies GmbH
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{ if .Values.config.sdnr.enabled -}}
+apiVersion: batch/v1
+kind: Job
+metadata: {{- include "common.resourceMetadata" (dict "suffix" "sdnrdb-init-job" "dot" . ) | nindent 2 }}
+spec:
+ backoffLimit: 20
+ template:
+ metadata: {{ include "common.templateMetadata" . | indent 6}}
+ spec:
+ initContainers:
+ {{ include "common.certInitializer.initContainer" . | indent 6 }}
+ {{ if .Values.global.aafEnabled }}
+ - name: {{ include "common.name" . }}-chown
+ image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
+ command: ["sh", "-c", "chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.certInitializer.credsPath }}"]
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
+ {{ end }}
+ - name: {{ include "common.name" . }}-readiness
+ command:
+ - /app/ready.py
+ args:
+ - --container-name
+ - {{.Values.elasticsearch.nameOverride}}-elasticsearch
+ - --container-name
+ - {{.Values.elasticsearch.nameOverride}}-nginx
+ - --container-name
+ - {{.Values.elasticsearch.nameOverride}}-master
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ containers:
+ - name: {{ include "common.name" . }}-sdnrdb-init-job
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command: ["/bin/bash"]
+ args: ["-c", "{{ .Values.config.binDir }}/startODL.oom.sh"]
+ env:
+ - name: SDNC_AAF_ENABLED
+ value: "{{ .Values.global.aafEnabled}}"
+ - name: SDNC_HOME
+ value: "{{.Values.config.sdncHome}}"
+ - name: ETC_DIR
+ value: "{{.Values.config.etcDir}}"
+ - name: BIN_DIR
+ value: "{{.Values.config.binDir}}"
+ ## start sdnrdb parameter
+ - name: SDNRINIT
+ value: "true"
+ - name: SDNRDBURL
+ {{ if .Values.global.aafEnabled -}}
+ value: "https://{{ .Values.elasticsearch.service.name | default "sdnrdb"}}.{{.Release.Namespace}}:{{.Values.elasticsearch.service.port | default "9200"}}"
+ {{- else -}}
+ value: "http://{{ .Values.elasticsearch.service.name | default "sdnrdb"}}.{{.Release.Namespace}}:{{.Values.elasticsearch.service.port | default "9200"}}"
+ {{- end }}
+ - name: SDNRDBPARAMETER
+ value: "-k"
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity: {{ toYaml .Values.affinity | nindent 10 }}
+ {{- end }}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: docker-entrypoint-initdb-d
+ emptyDir: {}
+ - name: bin
+ configMap:
+ name: {{ include "common.fullname" . }}-bin
+ defaultMode: 0755
+ - name: properties
+ configMap:
+ name: {{ include "common.fullname" . }}-properties
+ defaultMode: 0644
+{{ include "common.certInitializer.volumes" . | nindent 6 }}
+ restartPolicy: Never
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
+
+{{ end -}}
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-
{{ include "common.secretFast" . }}
{{/*
# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2020 highstreet technologies GmbH
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
targetPort: {{ .Values.service.internalPort4 }}
{{ end }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort4 }}
+ {{ if .Values.config.sdnr.enabled }}
+ sessionAffinity: ClientIP
+ {{ end }}
selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ app.kubernetes.io/name: {{ include "common.name" . }}
+ app.kubernetes.io/instance: {{ include "common.release" . }}
---
apiVersion: v1
kind: Service
port: {{ .Values.service.externalPort2 }}
targetPort: {{ .Values.service.internalPort2 }}
selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ app.kubernetes.io/name: {{ include "common.name" . }}
+ app.kubernetes.io/instance: {{ include "common.release" . }}
---
apiVersion: v1
kind: Service
port: {{ .Values.service.clusterPort }}
clusterIP: None
selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ app.kubernetes.io/name: {{ include "common.name" . }}
+ app.kubernetes.io/instance: {{ include "common.release" . }}
sessionAffinity: None
type: ClusterIP
apiVersion: apps/v1
kind: StatefulSet
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
selector:
matchLabels:
app: {{ include "common.name" . }}
serviceName: {{ include "common.servicename" . }}-cluster
replicas: {{ .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
podManagementPolicy: Parallel
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- command:
image: "{{ .Values.global.envsubstImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
-
+ {{ if .Values.dgbuilder.enabled -}}
- command:
- - /root/ready.py
+ - /app/ready.py
args:
+ {{ if or .Values.dgbuilder.enabled .Values.config.sdnr.enabled -}}
- --container-name
- {{ include "common.mariadbService" . }}
+ {{ end -}}
+ {{ if .Values.config.sdnr.enabled -}}
+ - --container-name
+ - {{ include "common.name" . }}-sdnrdb-init-job
+ {{ end -}}
env:
- name: NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
-
+ {{ end -}}
{{ include "common.certInitializer.initContainer" . | indent 6 }}
+ {{ if .Values.global.cmpv2Enabled }}
+ - name: certs-init
+ image: "{{ .Values.global.repository }}/{{ .Values.global.platform.certServiceClient.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: REQUEST_URL
+ value: {{ .Values.global.platform.certServiceClient.envVariables.requestURL }}
+ - name: REQUEST_TIMEOUT
+ value: "30000"
+ - name: OUTPUT_PATH
+ value: {{ .Values.global.platform.certServiceClient.envVariables.cert_path }}
+ - name: CA_NAME
+ value: {{ .Values.global.platform.certServiceClient.envVariables.caName }}
+ - name: COMMON_NAME
+ value: {{ .Values.global.platform.certServiceClient.envVariables.common_name }}
+ - name: ORGANIZATION
+ value: {{ .Values.global.platform.certServiceClient.envVariables.cmpv2Organization }}
+ - name: ORGANIZATION_UNIT
+ value: {{ .Values.global.platform.certServiceClient.envVariables.cmpv2OrganizationalUnit }}
+ - name: LOCATION
+ value: {{ .Values.global.platform.certServiceClient.envVariables.cmpv2Location }}
+ - name: STATE
+ value: {{ .Values.global.platform.certServiceClient.envVariables.cmpv2State }}
+ - name: COUNTRY
+ value: {{ .Values.global.platform.certServiceClient.envVariables.cmpv2Country }}
+ - name: KEYSTORE_PATH
+ value: {{ .Values.global.platform.certServiceClient.envVariables.keystorePath }}
+ - name: KEYSTORE_PASSWORD
+ value: {{ .Values.global.platform.certServiceClient.envVariables.keystorePassword }}
+ - name: TRUSTSTORE_PATH
+ value: {{ .Values.global.platform.certServiceClient.envVariables.truststorePath }}
+ - name: TRUSTSTORE_PASSWORD
+ value: {{ .Values.global.platform.certServiceClient.envVariables.truststorePassword }}
+ terminationMessagePath: /dev/termination-log
+ terminationMessagePolicy: File
+ volumeMounts:
+ - mountPath: {{ .Values.global.platform.certServiceClient.envVariables.cert_path }}
+ name: certs
+ - mountPath: {{ .Values.global.platform.certServiceClient.secret.mountPath }}
+ name: certservice-tls-volume
+ {{ end }}
+
- name: {{ include "common.name" . }}-chown
- image: "busybox"
+ image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
command:
- sh
args:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- if not .Values.config.sdnr.enabled }}
command: ["/bin/bash"]
args: ["-c", "/opt/onap/sdnc/bin/startODL.sh"]
+ {{ else }}
+ command: ["/bin/bash"]
+ args: ["-c", "{{ .Values.config.binDir }}/startODL.oom.sh"]
+ {{ end }}
ports:
- containerPort: {{ .Values.service.internalPort }}
- containerPort: {{ .Values.service.internalPort2 }}
value: {{ include "common.mariadbService" . }}
- name: JAVA_HOME
value: "{{ .Values.config.javaHome}}"
+ - name: JAVA_OPTS
+ value: "-Xms{{.Values.config.odl.javaOptions.minMemory}} -Xmx{{.Values.config.odl.javaOptions.maxMemory}}"
- name: KARAF_CONSOLE_LOG_LEVEL
value: "{{ include "common.log.level" . }}"
+ - name: SDNRWT
+ value: "{{ .Values.config.sdnr.enabled | default "false"}}"
+ {{- if eq .Values.config.sdnr.mode "web" }}
+ - name: SDNRDM
+ value: "true"
+ {{- end }}
+ - name: SDNRONLY
+ value: "{{ .Values.config.sdnr.sdnronly | default "false" }}"
+ - name: SDNRDBURL
+ {{- $prefix := ternary "https" "http" .Values.global.aafEnabled}}
+ value: "{{$prefix}}://{{ .Values.elasticsearch.service.name | default "sdnrdb"}}.{{.Release.Namespace}}:{{.Values.elasticsearch.service.port | default "9200"}}"
+ {{- if .Values.config.sdnr.sdnrdbTrustAllCerts }}
+ - name: SDNRDBTRUSTALLCERTS
+ value: "true"
+ {{ end }}
+
volumeMounts:
{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
- mountPath: {{ .Values.config.binDir }}/startODL.sh
name: bin
subPath: startODL.sh
+ - mountPath: {{ .Values.config.binDir }}/startODL.oom.sh
+ name: bin
+ subPath: startODL.oom.sh
- mountPath: {{ .Values.config.binDir }}/installSdncDb.sh
name: bin
subPath: installSdncDb.sh
- mountPath: {{ .Values.config.odl.binDir }}/setenv
name: properties
subPath: setenv
+ - mountPath: {{ .Values.config.odl.etcDir }}/mountpoint-registrar.properties
+ name: properties
+ subPath: mountpoint-registrar.properties
+ - mountPath: {{ .Values.config.odl.etcDir }}/mountpoint-state-provider.properties
+ name: properties
+ subPath: mountpoint-state-provider.properties
+ - mountPath: {{ .Values.global.platform.certServiceClient.envVariables.cert_path }}
+ name: certs
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
- name: properties
emptyDir:
medium: Memory
+ - name: certs
+ emptyDir:
+ medium: Memory
+ - name: certservice-tls-volume
+ secret:
+ secretName: {{ .Values.global.platform.certServiceClient.secret.name }}
{{ if not .Values.persistence.enabled }}
- name: {{ include "common.fullname" . }}-data
emptyDir: {}
-# Copyright © 2020 Samsung Electronics
+# Copyright © 2020 Samsung Electronics, highstreet technologies GmbH
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
nodePortPrefix: 302
nodePortPrefixExt: 304
repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
persistence:
service: mariadb-galera
internalPort: 3306
nameOverride: mariadb-galera
+ # Enabling CMPv2
+ cmpv2Enabled: true
+ platform:
+ certServiceClient:
+ image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.0.0
+ secret:
+ name: oom-cert-service-client-tls-secret
+ mountPath: /etc/onap/oom/certservice/certs/
+ envVariables:
+ # Certificate related
+ cert_path: /var/custom-certs
+ cmpv2Organization: "Linux-Foundation"
+ cmpv2OrganizationalUnit: "ONAP"
+ cmpv2Location: "San-Francisco"
+ cmpv2Country: "US"
+ # Client configuration related
+ caName: "RA"
+ common_name: "sdnc.simpledemo.onap.org"
+ requestURL: "https://oom-cert-service:8443/v1/certificate/"
+ requestTimeout: "30000"
+ keystorePath: "/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks"
+ outputType: "P12"
+ keystorePassword: "secret"
+ truststorePath: "/etc/onap/oom/certservice/certs/truststore.jks"
+ truststorePassword: "secret"
#################################################################
# Secrets metaconfig
login: '{{ .Values.config.scaleoutUser }}'
password: '{{ .Values.config.scaleoutPassword }}'
passwordPolicy: required
-
#################################################################
# Application configuration defaults.
#################################################################
# application images
repository: nexus3.onap.org:10001
pullPolicy: Always
-image: onap/sdnc-image:1.8.4
-
+image: onap/sdnc-image:2.0.1
+busyboxRepository: docker.io
+busyboxImage: busybox:1.30
# flag to enable debugging - application support required
debugEnabled: false
logstashPort: 5044
ansibleServiceName: sdnc-ansible-server
ansiblePort: 8000
- javaHome: /usr/lib/jvm/java-1.8-openjdk
+ javaHome: /opt/java/openjdk
odl:
etcDir: /opt/opendaylight/etc
binDir: /opt/opendaylight/bin
+ gcLogDir: /opt/opendaylight/data/log
salConfigDir: /opt/opendaylight/system/org/opendaylight/controller/sal-clustering-config
- salConfigVersion: 1.8.2
+ salConfigVersion: 1.9.1
akka:
seedNodeTimeout: 15s
circuitBreaker:
javaOptions:
maxGCPauseMillis: 100
parallelGCThreads : 3
- numberGGLogFiles: 10
+ numberGCLogFiles: 10
+ minMemory: 512m
+ maxMemory: 2048m
+ gcLogOptions: ""
+ # Next line enables gc logging
+ # gcLogOptions: "-Xlog:gc=trace:file={{.Values.config.odl.gcLogDir}}/gc-%t.log}:time,level,tags:filecount={{.Values.config.odl.javaOptions.numberGCLogFiles}}"
+ # enables sdnr functionality
+ sdnr:
+ enabled: true
+ # mode: web - SDNC contains device manager only plus dedicated webserver service for ODLUX (default),
+ # mode: dm - SDNC contains sdnr device manager + ODLUX components
+ mode: dm
+ # sdnronly: true starts sdnc container with odl and sdnrwt features only
+ sdnronly: false
+ sdnrdbTrustAllCerts: true
+ mountpointRegistrarEnabled: false
+ mountpointStateProviderEnabled: false
+
+
# dependency / sub-chart configuration
certInitializer:
cd /opt/app/osaaf/local;
/opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} | grep cadi_keystore_password= | cut -d= -f 2 > {{ .Values.credsPath }}/.pass 2>&1
+# dependency / sub-chart configuration
+network-name-gen:
+ enabled: true
mariadb-galera: &mariadbGalera
nameOverride: sdnc-db
config: &mariadbGaleraConfig
enabled: false
dmaap-listener:
+ enabled: true
nameOverride: sdnc-dmaap-listener
mariadb-galera:
<<: *mariadbGalera
odlCredsExternalSecret: *odlCredsSecretName
ueb-listener:
+ enabled: true
mariadb-galera:
<<: *mariadbGalera
config:
odlCredsExternalSecret: *odlCredsSecretName
sdnc-ansible-server:
+ enabled: true
config:
restCredsExternalSecret: *ansibleSecretName
mariadb-galera:
internalPort: 8000
dgbuilder:
+ enabled: true
nameOverride: sdnc-dgbuilder
+ certInitializer:
+ nameOverride: sdnc-dgbuilder-cert-initializer
config:
db:
dbName: *sdncDbName
- baseaddr: "sdnc-dgbuilder"
name: "sdnc-dgbuilder"
port: 3000
+ - baseaddr: "sdnc-web-service"
+ name: "sdnc-web-service"
+ port: 8443
config:
ssl: "redirect"
+
+
# local elasticsearch cluster
localElasticCluster: true
elasticsearch:
fqi: "sdnc@sdnc.onap.org"
service:
name: sdnrdb
-
master:
replicaCount: 3
# dedicatednode: "yes"
# handles master and data node functionality
dedicatednode: "no"
nameOverride: sdnrdb
-
- curator:
- enabled: true
- nameOverride: sdnrdb
- data:
- enabled: true
- replicaCount: 1
- nameOverride: sdnrdb
-
-
+# enable
+sdnc-web:
+ enabled: false
# default number of instances
replicaCount: 1
mountSubPath: sdnc/mdsal
mdsalPath: /opt/opendaylight/current/daexim
+certpersistence:
+ enabled: true
+
+ ## A manually managed Persistent Volume and Claim
+ ## Requires persistence.enabled: true
+ ## If defined, PVC must be created manually before volume will be bound
+ # existingClaim:
+
+ volumeReclaimPolicy: Retain
+ accessMode: ReadWriteOnce
+ size: 50Mi
+ mountPath: /dockerdata-nfs
+ mountSubPath: sdnc/certs
+ certPath: /opt/app/osaaf
+ ##storageClass: "manual"
+
ingress:
enabled: false
service:
nodePortPrefix: 302
nodePortPrefixExt: 304
repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
persistence:
mountPath: /dockerdata-nfs
htpasswdImage: xmartlabs/htpasswd
spec:
initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- --job-name
- {{ include "common.release" . }}-so-mariadb-config-job
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
nodePortPrefix: 302
nodePortPrefixExt: 304
repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
persistence:
mountPath: /dockerdata-nfs
#This configuration specifies Service and port for SDNC OAM interface
spec:
initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- --job-name
- {{ include "common.release" . }}-so-mariadb-config-job
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
nodePortPrefix: 302
nodePortPrefixExt: 304
repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
persistence:
mountPath: /dockerdata-nfs
--- /dev/null
+#!/bin/sh
+# ============LICENSE_START=======================================================
+# Copyright (C) 2020 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+echo "Creating nfvo database . . ." 1>/tmp/mariadb-nfvodb.log 2>&1
+
+prepare_password()
+{
+ echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g"
+}
+
+NFVO_DB_PASSWORD=`prepare_password $NFVO_DB_PASSWORD`
+
+mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1
+CREATE DATABASE /*!32312 IF NOT EXISTS*/ nfvo /*!40100 DEFAULT CHARACTER SET latin1 */;
+DROP USER IF EXISTS '${NFVO_DB_USER}';
+CREATE USER '${NFVO_DB_USER}';
+GRANT ALL on nfvo.* to '${NFVO_DB_USER}' identified by '${NFVO_DB_PASSWORD}' with GRANT OPTION;
+FLUSH PRIVILEGES;
+EOF
+
+echo "Created nfvo database . . ." 1>>/tmp/mariadb-nfvodb.log 2>&1
GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON requestdb.* TO '${DB_USER}'@'%';
GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON catalogdb.* TO '${DB_USER}'@'%';
GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON camundabpmn.* TO '${DB_USER}'@'%';
+GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON nfvo.* TO '${DB_USER}'@'%';
FLUSH PRIVILEGES;
EOF
GRANT ALL PRIVILEGES ON camundabpmn.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION;
GRANT ALL PRIVILEGES ON requestdb.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION;
GRANT ALL PRIVILEGES ON catalogdb.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION;
+GRANT ALL PRIVILEGES ON nfvo.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION;
FLUSH PRIVILEGES;
EOF
command:
- /bin/bash
- -c
- - mysqldump -vv --user=${DB_USER} --password=${DB_PASS} --host=${DB_HOST} --port=${DB_PORT} --databases --single-transaction --quick --lock-tables=false catalogdb requestdb > /var/data/mariadb/backup-`date +%s`.sql
+ - mysqldump -vv --user=${DB_USER} --password=${DB_PASS} --host=${DB_HOST} --port=${DB_PORT} --databases --single-transaction --quick --lock-tables=false catalogdb requestdb nfvo > /var/data/mariadb/backup-`date +%s`.sql
volumeMounts:
- mountPath: /etc/localtime
name: localtime
initContainers:
- name: {{ include "common.name" . }}-readiness
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- {{ .Values.global.mariadbGalera.nameOverride }}
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
containers:
- name: {{ include "common.name" . }}
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "catalog-db-creds" "key" "login") | indent 10 }}
- name: CATALOG_DB_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "catalog-db-creds" "key" "password") | indent 10 }}
+ - name: NFVO_DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nfvo-db-creds" "key" "login") | indent 10 }}
+ - name: NFVO_DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nfvo-db-creds" "key" "password") | indent 10 }}
volumeMounts:
- mountPath: /etc/localtime
name: localtime
nodePortPrefix: 302
nodePortPrefixExt: 304
repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
ubuntuInitRepository: registry.hub.docker.com
#################################################################
externalSecret: '{{ tpl (default "" .Values.db.catalog.dbCredsExternalSecret) . }}'
login: '{{ .Values.db.catalog.userName }}'
password: '{{ .Values.db.catalog.password }}'
-
-
+ - uid: nfvo-db-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.nfvo.dbCredsExternalSecret) . }}'
+ login: '{{ .Values.db.nfvo.userName }}'
+ password: '{{ .Values.db.nfvo.password }}'
#################################################################
# Application configuration defaults.
userName: cataloguser
password: catalog123
# dbCredsExternalSecret: some secret
+ nfvo:
+ userName: nfvouser
+ # dbCredsExternalSecret: some secret
# application configuration
config:
nodePortPrefix: 302
nodePortPrefixExt: 304
repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
persistence:
mountPath: /dockerdata-nfs
initContainers: {{ include "so.certificate.container_importer" . | nindent 8 }}
- name: {{ include "common.name" . }}-readiness
command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- --job-name
- {{ include "common.release" . }}-so-mariadb-config-job
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+ image: {{ include "common.repository" . }}/{{ .Values.global.readinessImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
containers:
- name: {{ include "common.name" . }}
nodePortPrefix: 302
nodePortPrefixExt: 304
repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
persistence:
mountPath: /dockerdata-nfs
spec:
initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- --job-name
- {{ include "common.release" . }}-so-mariadb-config-job
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
nodePortPrefix: 302
nodePortPrefixExt: 304
repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
persistence:
mountPath: /dockerdata-nfs
spec:
initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- --job-name
- {{ include "common.release" . }}-so-mariadb-config-job
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
nodePortPrefix: 302
nodePortPrefixExt: 304
repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
persistence:
mountPath: /dockerdata-nfs
spec:
initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- --job-name
- {{ include "common.release" . }}-so-mariadb-config-job
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
nodePortPrefix: 302
nodePortPrefixExt: 304
repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
persistence:
mountPath: /dockerdata-nfs
nodePortPrefix: 302
nodePortPrefixExt: 304
repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
persistence:
mountPath: /dockerdata-nfs
#This configuration specifies Service and port for SDNC OAM interface
# limitations under the License.
server:
- port: {{ (index .Values.service.ports 0).port }}
+ port: {{ include "common.getPort" (dict "global" . "name" "http") }}
vevnfmadapter:
endpoint: https://msb-iag:30283/api/{{ include "common.servicename" . }}/v1
initContainers: {{ include "so.certificate.container_importer" . | nindent 8 }}
- name: {{ include "common.name" . }}-readiness
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- aai
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+ image: {{ include "common.repository" . }}/{{ .Values.global.readinessImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
containers:
- name: {{ include "common.name" . }}
#################################################################
global:
repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
persistence:
mountPath: /dockerdata-nfs
"version": "v1",
"url": "/",
"protocol": "REST",
- "port": "{{ (index .Values.service.ports 0).port }}",
+ "port": "{{ include "common.getPort" (dict "global" . "name" "http") }}",
"visualRange": "1"
}
]{{ end }}
spec:
initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- --job-name
- {{ include "common.release" . }}-so-mariadb-config-job
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
nodePortPrefix: 302
nodePortPrefixExt: 304
repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
persistence:
mountPath: /dockerdata-nfs
readOnly: true
- name: {{ include "common.fullname" . }}-truststore
mountPath: /app/client
- readonly: true
+ readOnly: true
livenessProbe:
tcpSocket:
port: {{ index .Values.livenessProbe.port }}
global:
nodePortPrefixExt: 304
repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
persistence:
mountPath: /dockerdata-nfs
initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- name: {{ include "common.name" . }}-readiness
command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- --job-name
- {{ include "common.release" . }}-so-mariadb-config-job
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
# See the License for the specific language governing permissions and
# limitations under the License.
-{{ include "common.secret" . }}
+{{ include "common.secretFast" . }}
nodePortPrefix: 302
nodePortPrefixExt: 304
repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
soBaseImage: onap/so/base-image:1.0
# Declare variables to be passed into your templates.
global:
uuiPortPrefix: 303
- readinessRepository: oomk8s
+
subChartsOnly:
enabled: true
# Declare variables to be passed into your templates.
global:
uuiPortPrefix: 303
- readinessRepository: oomk8s
+ readinessImage: onap/oom/readiness:3.0.1
+
subChartsOnly:
enabled: true
level: "DEBUG"
propagate: False
handlers:
+ console:
+ class: "logging.StreamHandler"
+ formatter: "standard"
gvnfmdriverlocal_handler:
level: "DEBUG"
class:
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- - name: MSB_PROTO
- value: "{{ .Values.global.config.msbprotocol }}"
+ - name: MSB_HOST
+ value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: SSL_ENABLED
value: "{{ .Values.global.config.ssl_enabled }}"
- - name: MSB_ADDR
- value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: REG_TO_MSB_WHEN_START
value: "{{ .Values.global.config.reg_to_msb_when_start }}"
volumeMounts:
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/gvnfmdriver:1.3.9
+image: onap/vfc/gvnfmdriver:1.4.0
pullPolicy: Always
#Istio sidecar injection policy
initContainers:
#Example init container for dependency checking
# - command:
-# - /root/ready.py
+# - /app/ready.py
# args:
# - --container-name
# - mariadb
# fieldRef:
# apiVersion: v1
# fieldPath: metadata.namespace
-# image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+# image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
# imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
# name: {{ include "common.name" . }}-readiness
containers:
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
level: "DEBUG"
propagate: False
handlers:
+ console:
+ class: "logging.StreamHandler"
+ formatter: "standard"
nslcmlocal_handler:
level: "DEBUG"
class:
spec:
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- {{ .Values.config.mariadbService }}
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- - name: MSB_PROTO
- value: "{{ .Values.global.config.msbprotocol }}"
+ - name: MSB_HOST
+ value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: SSL_ENABLED
value: "{{ .Values.global.config.ssl_enabled }}"
- - name: MSB_ADDR
- value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: MYSQL_ADDR
value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
- name: MYSQL_ROOT_USER
value: "{{ .Values.global.config.mariadb_admin }}"
- name: MYSQL_ROOT_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}}
- - name: REDIS_ADDR
- value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
+ - name: REDIS_HOST
+ value: "{{ .Values.global.config.redisServiceName }}"
+ - name: REDIS_PORT
+ value: "{{ .Values.global.config.redisPort }}"
- name: REG_TO_MSB_WHEN_START
value: "{{ .Values.global.config.reg_to_msb_when_start }}"
volumeMounts:
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/nslcm:1.3.9
+image: onap/vfc/nslcm:1.4.0
pullPolicy: Always
#Istio sidecar injection policy
# limitations under the License.
apiVersion: v1
-description: ONAP VFC - DB
+description: ONAP VFC - REDIS
name: vfc-redis
version: 6.0.0
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
- containerPort: {{ .Values.service.internalPort }}
- - containerPort: {{ .Values.service.internalPort2 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{ if .Values.liveness.enabled }}
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: MSB_ADDR
- value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- - name: REG_TO_MSB_WHEN_START
- value: "{{ .Values.global.config.reg_to_msb_when_start }}"
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
targetPort: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
name: {{ .Values.service.portName }}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}2
-
{{- else -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
name: {{ .Values.service.portName }}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName }}2
-
{{- end}}
selector:
app: {{ include "common.name" . }}
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/db:1.3.3
+image: onap/vfc/db:1.3.4
pullPolicy: Always
# flag to enable debugging - application support required
type: ClusterIP
name: vfc-redis
portName: vfc-redis
- externalPort: 3306
- internalPort: 3306
- externalPort2: 6379
- internalPort2: 6379
+ externalPort: 6379
+ internalPort: 6379
ingress:
enabled: false
level: "DEBUG"
propagate: False
handlers:
+ console:
+ class: "logging.StreamHandler"
+ formatter: "standard"
vnfmgrlocal_handler:
level: "DEBUG"
class:
spec:
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- {{ .Values.config.mariadbService }}
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- - name: MSB_PROTO
- value: "{{ .Values.global.config.msbprotocol }}"
+ - name: MSB_HOST
+ value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: SSL_ENABLED
value: "{{ .Values.global.config.ssl_enabled }}"
- - name: MSB_ADDR
- value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: MYSQL_ADDR
value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
- name: MYSQL_ROOT_USER
value: "{{ .Values.global.config.mariadb_admin }}"
- name: MYSQL_ROOT_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}}
- - name: REDIS_ADDR
- value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
+ - name: REDIS_HOST
+ value: "{{ .Values.global.config.redisServiceName }}"
+ - name: REDIS_PORT
+ value: "{{ .Values.global.config.redisPort }}"
- name: REG_TO_MSB_WHEN_START
value: "{{ .Values.global.config.reg_to_msb_when_start }}"
volumeMounts:
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/vnflcm:1.3.9
+image: onap/vfc/vnflcm:1.4.0
pullPolicy: Always
#Istio sidecar injection policy
level: "DEBUG"
propagate: False
handlers:
+ console:
+ class: "logging.StreamHandler"
+ formatter: "standard"
vnfmgrlocal_handler:
level: "DEBUG"
class:
spec:
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- {{ .Values.config.mariadbService }}
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- - name: MSB_PROTO
- value: "{{ .Values.global.config.msbprotocol }}"
+ - name: MSB_HOST
+ value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: SSL_ENABLED
value: "{{ .Values.global.config.ssl_enabled }}"
- - name: MSB_ADDR
- value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: MYSQL_ADDR
value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
- - name: REDIS_ADDR
- value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
+ - name: REDIS_HOST
+ value: "{{ .Values.global.config.redisServiceName }}"
+ - name: REDIS_PORT
+ value: "{{ .Values.global.config.redisPort }}"
- name: MYSQL_ROOT_USER
value: "{{ .Values.global.config.mariadb_admin }}"
- name: MYSQL_ROOT_PASSWORD
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/vnfmgr:1.3.8
+image: onap/vfc/vnfmgr:1.3.9
pullPolicy: Always
#Istio sidecar injection policy
level: "DEBUG"
propagate: False
handlers:
+ console:
+ class: "logging.StreamHandler"
+ formatter: "standard"
vnflcmlocal_handler:
level: "DEBUG"
class:
spec:
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- {{ .Values.config.mariadbService }}
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- - name: MSB_PROTO
- value: "{{ .Values.global.config.msbprotocol }}"
+ - name: MSB_HOST
+ value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: SSL_ENABLED
value: "{{ .Values.global.config.ssl_enabled }}"
- - name: MSB_ADDR
- value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: MYSQL_ADDR
value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
- - name: REDIS_ADDR
- value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
+ - name: REDIS_HOST
+ value: "{{ .Values.global.config.redisServiceName }}"
+ - name: REDIS_PORT
+ value: "{{ .Values.global.config.redisPort }}"
- name: MYSQL_ROOT_USER
value: "{{ .Values.global.config.mariadb_admin }}"
- name: MYSQL_ROOT_PASSWORD
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/vnfres:1.3.7
+image: onap/vfc/vnfres:1.3.8
pullPolicy: Always
#Istio sidecar injection policy
level: "DEBUG"
propagate: False
handlers:
+ console:
+ class: "logging.StreamHandler"
+ formatter: "standard"
ztevnfmdriverlocal_handler:
level: "DEBUG"
class:
initContainers:
#Example init container for dependency checking
# - command:
-# - /root/ready.py
+# - /app/ready.py
# args:
# - --container-name
# - mariadb
# fieldRef:
# apiVersion: v1
# fieldPath: metadata.namespace
-# image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+# image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
# imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
# name: {{ include "common.name" . }}-readiness
containers:
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- - name: MSB_PROTO
- value: "{{ .Values.global.config.msbprotocol }}"
+ - name: MSB_HOST
+ value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: SSL_ENABLED
value: "{{ .Values.global.config.ssl_enabled }}"
- - name: MSB_ADDR
- value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: REG_TO_MSB_WHEN_START
value: "{{ .Values.global.config.reg_to_msb_when_start }}"
volumeMounts:
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/ztevnfmdriver:1.3.6
+image: onap/vfc/ztevnfmdriver:1.3.7
pullPolicy: Always
#Istio sidecar injection policy
spec:
initContainers:
- command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- --job-name
- {{ include "common.fullname" . }}-galera-config
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
initContainers:
#This container checks that all galera instances are up before initializing it.
- name: {{ include "common.name" . }}-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
- --container-name
- {{ index .Values "mariadb-galera" "service" "name" }}
env:
# Declare variables to be passed into your templates.
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
<transactionManager type="JDBC" />
<dataSource type="UNPOOLED">
<property name="driver" value="org.postgresql.Driver" />
- <property name="url" value="jdbc:postgresql://{{ .Values.postgres.service.name }}:{{ .Values.postgres.service.externalPort }}/marketplaceDB" />
+ <property name="url" value="jdbc:postgresql://{{.Values.postgres.service.name2}}:{{.Values.postgres.service.externalPort}}/marketplaceDB" />
<property name="username" value="${PG_USER}" />
<property name="password" value="${PG_PASSWORD}" />
</dataSource>
name: {{ include "common.name" . }}-update-config
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- "{{ .Values.postgres.nameOverride }}"
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
name: {{ include "common.name" . }}
resources:
{{ include "common.resources" . | indent 12 }}
- volumes:
+ volumeMounts:
- mountPath: /service/webapps/ROOT/WEB-INF/classes/mybatis/configuration/configuration.xml
name: init-data
subPath: configuration.xml
restartPolicy: Never
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- "{{ .Values.postgres.nameOverride }}"
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy}}
name: {{ include "common.name" . }}-readiness
containers:
global:
nodePortPrefix: 302
repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
envsubstImage: dibi/envsubst
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/vnfsdk/refrepo:1.5.2
+image: onap/vnfsdk/refrepo:1.6.0
postgresRepository: crunchydata
postgresImage: crunchy-postgres:centos7-10.3-1.8.2
pullPolicy: Always
Code Review / oom.git / commitdiff