SECRET_DIR := $(OUTPUT_DIR)/secrets
HELM_BIN := helm
HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
+# use this if you would like to push onap charts to repo with other name
+# WARNING: Helm v3+ only
+# WARNING: Make sure to edit also requirements files
+HELM_REPO := local
ifneq ($(SKIP_LINT),TRUE)
HELM_LINT_CMD := $(HELM_BIN) lint
EXCLUDES := config oneclick readiness test dist helm $(PARENT_CHART) dcae $(SUBMODS)
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) $(PARENT_CHART)
-.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+.PHONY: $(EXCLUDES) $(HELM_CHARTS) check-for-staging-images
-all: $(COMMON_CHARTS_DIR) $(SUBMODS) $(HELM_CHARTS) plugins
+all: $(COMMON_CHARTS_DIR) $(SUBMODS) $(HELM_CHARTS) helm-repo-update plugins
$(COMMON_CHARTS):
@echo "\n[$@]"
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
ifeq "$(findstring v3,$(HELM_VER))" "v3"
- @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME $(HELM_REPO); fi
else
@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
-endif
-
@$(HELM_BIN) repo index $(PACKAGE_DIR)
+endif
clean:
@rm -f */requirements.lock
@cp -R $(HELM_BIN) $(PACKAGE_DIR)/
# start up a local helm repo to serve up helm chart packages
+# WARNING: Only helm < v3 supported
repo:
@mkdir -p $(PACKAGE_DIR)
@$(HELM_BIN) serve --repo-path $(PACKAGE_DIR) &
@$(HELM_BIN) repo add local http://127.0.0.1:8879
# stop local helm repo
+# WARNING: Only helm < v3 supported
repo-stop:
@pkill $(HELM_BIN)
@$(HELM_BIN) repo remove local
+
+check-for-staging-images:
+ $(ROOT_DIR)/contrib/tools/check-for-staging-images.sh
+
+helm-repo-update:
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @$(HELM_BIN) repo update $(HELM_REPO)
+endif
+
%:
@:
-# Copyright © 2017 Amdocs, Bell Canada
+#!/bin/sh
+{{/*
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-dependencies:
- - name: common
- version: ~6.x-0
- # local reference to common chart, as it is
- # a part of this chart's package and will not
- # be published independently to a repo (at this point)
- repository: '@local'
+*/}}
+
+terminate() {
+ echo "$(date) | INFO | Terminating child processes"
+ pids="$(jobs -p)"
+ if [ "$pids" != "" ]; then
+ kill -TERM $pids >/dev/null 2>/dev/null
+ fi
+ wait
+}
+
+trap terminate TERM
+echo "$(date) | INFO | Started monitoring /config-input/ directory"
+inotifyd /tmp/scripts/update_files /config-input/ &
+wait
-# Copyright (c) 2020 Orange
+#!/bin/sh
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- client:
- certs:
- trustStorePassword: LHN4Iy5DKlcpXXdWZ0pDNmNjRkhJIzpI
+if [ "$1" == "y" ] && [ "$3" == "..data" ]; then
+ echo "$(date) | INFO | Configmap has been reloaded"
+ cd /config-input
+ for file in $(ls -1); do
+ if [ "$file" -nt "/config/$file" ]; then
+ echo "$(date) | INFO | Templating /config/$file"
+ envsubst <$file >/config/$file
+ fi
+ done
+fi
{{/*
################################################################################
# Copyright (c) 2020 Nordix Foundation. #
+# Copyright © 2020 Samsung Electronics, Modifications #
# #
# Licensed under the Apache License, Version 2.0 (the "License"); #
# you may not use this file except in compliance with the License. #
labels: {{- include "common.labels" . | nindent 8 }}
spec:
initContainers:
- - name: {{ include "common.name" . }}-update-config
+ - name: {{ include "common.name" . }}-bootstrap-config
image: "{{ .Values.global.envsubstImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- sh
args:
- -c
- - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; chmod o+w /config/${PFILE}; done"
env:
- name: A1CONTROLLER_USER
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "login") | indent 10 }}
- mountPath: /config
name: config
containers:
+ - name: {{ include "common.name" . }}-update-config
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ securityContext:
+ runAsGroup: {{ .Values.groupID }}
+ runAsUser: {{ .Values.userID }}
+ runAsNonRoot: true
+ command:
+ - sh
+ args:
+ - /tmp/scripts/daemon.sh
+ env:
+ - name: A1CONTROLLER_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "login") | indent 10 }}
+ - name: A1CONTROLLER_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /tmp/scripts
+ name: {{ include "common.fullname" . }}-envsubst-scripts
+ - mountPath: /config-input
+ name: {{ include "common.fullname" . }}-policy-conf-input
+ - mountPath: /config
+ name: config
- name: {{ include "common.name" . }}
image: {{ include "common.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.fullname" . }}-policy-conf-input
configMap:
name: {{ include "common.fullname" . }}-policy-conf
+ defaultMode: 0555
+ - name: {{ include "common.fullname" . }}-envsubst-scripts
+ configMap:
+ name: {{ include "common.fullname" . }}-envsubst-scripts
- name: config
emptyDir:
medium: Memory
--- /dev/null
+{{/*
+################################################################################
+# Copyright © 2020 Samsung Electronics #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+*/}}
+apiVersion: v1
+kind: ConfigMap
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+ name: {{ include "common.fullname" . }}-envsubst-scripts
+data:
+{{ tpl (.Files.Glob "resources/envsubst/*").AsConfig . | indent 2 }}
################################################################################
# Copyright (c) 2020 Nordix Foundation. #
+# Copyright © 2020 Samsung Electronics, Modifications #
# #
# Licensed under the Apache License, Version 2.0 (the "License"); #
# you may not use this file except in compliance with the License. #
global:
nodePortPrefix: 300
- envsubstImage: dibi/envsubst
+ envsubstImage: dibi/envsubst:1
secrets:
- uid: controller-secret
passwordPolicy: required
repository: nexus3.onap.org:10001
-image: onap/ccsdk-oran-a1policymanagementservice:1.1.0
+image: onap/ccsdk-oran-a1policymanagementservice:1.0.1
+userID: 1000 #Should match with image-defined user ID
+groupID: 999 #Should match with image-defined group ID
pullPolicy: IfNotPresent
replicaCount: 1
-# Patterns to ignore when building packages.\r
-# This supports shell glob matching, relative path matching, and\r
-# negation (prefixed with !). Only one pattern per line.\r
-.DS_Store\r
-# Common VCS dirs\r
-.git/\r
-.gitignore\r
-.bzr/\r
-.bzrignore\r
-.hg/\r
-.hgignore\r
-.svn/\r
-# Common backup files\r
-*.swp\r
-*.bak\r
-*.tmp\r
-*~\r
-# Various IDEs\r
-.project\r
-.idea/\r
-*.tmproj
\ No newline at end of file
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+components/
-Subproject commit a8c4e701f9c26038a9ac9f22d5dd95fd54ebc1ca
+Subproject commit 9eef36ac7a12292e749104dd5a7fa17e35bdfecc
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-blueprintsprocessor:1.0.0
+image: onap/ccsdk-blueprintsprocessor:1.0.1
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-commandexecutor:1.0.0
+image: onap/ccsdk-commandexecutor:1.0.1
pullPolicy: Always
# application configuration
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-py-executor:1.0.0
+image: onap/ccsdk-py-executor:1.0.1
pullPolicy: Always
# default number of instances
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-sdclistener:1.0.0
+image: onap/ccsdk-sdclistener:1.0.1
name: sdc-listener
pullPolicy: Always
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-cds-ui-server:1.0.0
+image: onap/ccsdk-cds-ui-server:1.0.1
pullPolicy: Always
# application configuration
--- /dev/null
+components/
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- {{- if .Values.global.aafEnabled }}
command:
- sh
workingDir: "/opt/clamp/"
args:
- -c
- |
+ {{- if .Values.global.aafEnabled }}
export $(grep '^cadi_' {{ .Values.certInitializer.credsPath }}/org.onap.clamp.cred.props | xargs -0)
- java -Djava.security.egd=file:/dev/./urandom -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=75 -jar ./app.jar
- {{- else }}
- args:
- - ""
{{- end }}
+ java -Djava.security.egd=file:/dev/./urandom ${JAVA_RAM_CONFIGURATION} -jar ./app.jar
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
- name: MYSQL_DATABASE
value: {{ tpl .Values.db.databaseName .}}
- resources:
-{{ include "common.resources" . | indent 12 }}
+ {{- if ne "unlimited" (include "common.flavor" .) }}
+ - name: JAVA_RAM_CONFIGURATION
+ value: -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=75
+ {{- end }}
+ resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
{{- end -}}
{{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
+ affinity: {{ toYaml .Values.affinity | nindent 10 }}
{{- end }}
volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: {{ include "common.fullname" . }}-config
certInitializer:
permission_user: 1000
permission_group: 999
- keystoreFile: "org.onap.clamp.p12"
- truststoreFile: "org.onap.clamp.trust.jks"
- keyFile: "org.onap.clamp.keyfile"
- truststoreFileONAP: "truststoreONAPall.jks"
+ keystoreFile: 'org.onap.clamp.p12'
+ truststoreFile: 'org.onap.clamp.trust.jks'
+ keyFile: 'org.onap.clamp.keyfile'
+ truststoreFileONAP: 'truststoreONAPall.jks'
nameOverride: clamp-backend-cert-initializer
aafDeployFqi: deployer@people.osaaf.org
aafDeployPass: demo123456!
fqdn: clamp
fqi: clamp@clamp.onap.org
public_fqdn: clamp.onap.org
- cadi_longitude: "-72.0"
- cadi_latitude: "38.0"
+ cadi_longitude: '-72.0'
+ cadi_latitude: '38.0'
app_ns: org.osaaf.aaf
credsPath: /opt/app/osaaf/local
aaf_add_config: >
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-backend:5.1.3
+image: onap/clamp-backend:5.1.4
pullPolicy: Always
# flag to enable debugging - application support required
enabled: false
#resources: {}
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- #
- # Example:
- # Configure resource requests and limits
- # ref: http://kubernetes.io/docs/user-guide/compute-resources/
- # Minimum memory for development is 2 CPU cores and 4GB memory
- # Minimum memory for production is 4 CPU cores and 8GB memory
+# We usually recommend not to specify default resources and to leave this as a conscious
+# choice for the user. This also increases chances charts run on environments with little
+# resources, such as Minikube. If you do want to specify resources, uncomment the following
+# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+#
+# Example:
+# Configure resource requests and limits
+# ref: http://kubernetes.io/docs/user-guide/compute-resources/
+# Minimum memory for development is 2 CPU cores and 4GB memory
+# Minimum memory for production is 4 CPU cores and 8GB memory
resources:
small:
limits:
cpu: 1
memory: 1Gi
requests:
- cpu: 10m
+ cpu: 1m
memory: 1Gi
large:
limits:
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-frontend:5.1.3
+image: onap/clamp-frontend:5.1.4
pullPolicy: Always
# flag to enable debugging - application support required
cpu: 1
memory: 200Mi
requests:
- cpu: 10m
+ cpu: 1m
memory: 50Mi
large:
limits:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/cli:5.0.4
+image: onap/cli:6.0.0
pullPolicy: Always
flavor: small
subPath: exec.py
containers:
- name: cassandra-backup-validate
- image: "{{ .Values.image }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- /bin/bash
{{- else }}
command: ["/bin/sh", "-c", "PID=$(pidof java) && kill $PID && while ps -p $PID > /dev/null; do sleep 1; done"]
{{- end }}
- resources:
-{{ toYaml .Values.resources | indent 10 }}
+ resources: {{ toYaml .Values.resources | nindent 10 }}
{{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 8 }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
{{- end -}}
{{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 8 }}
+ affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
volumes:
- name: localtime
configOverrides: {}
-resources: {}
+# resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# ref: http://kubernetes.io/docs/user-guide/compute-resources/
# Minimum memory for development is 2 CPU cores and 4GB memory
# Minimum memory for production is 4 CPU cores and 8GB memory
-#resources:
-# limits:
-# cpu: 2
-# memory: 4Gi
-# requests:
-# cpu: 2
-# memory: 4Gi
+resources:
+ limits:
+ cpu: 0.8
+ memory: 4Gi
+ requests:
+ cpu: 0.2
+ memory: 2.5Gi
backup:
enabled: false
cron: "00 00 * * *"
#!/bin/bash
+{{/*
# Copyright © 2020 Bell Canada
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
CERTS_DIR=${CERTS_DIR:-/certs}
WORK_DIR=${WORK_DIR:-/updatedTruststore}
metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }}
data:
aaf-add-config.sh: |
- {{ tpl .Values.aaf_add_config . | indent 4 }}
+ {{ tpl .Values.aaf_add_config . | indent 4 | trim }}
{{- end }}
+{{- define "ingress.config.host" -}}
+{{- $dot := default . .dot -}}
+{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}}
+{{- $burl := (required "'baseurl' param, set to the generic part of the fqdn, is required." $dot.Values.global.ingress.virtualhost.baseurl) -}}
+{{ printf "%s.%s" $baseaddr $burl }}
+{{- end -}}
+
{{- define "ingress.config.port" -}}
+{{- $dot := default . .dot -}}
{{- if .Values.ingress -}}
{{- if .Values.global.ingress -}}
{{- if or (not .Values.global.ingress.virtualhost) (not .Values.global.ingress.virtualhost.enabled) -}}
- http:
paths:
{{- range .Values.ingress.service }}
- - path: {{ printf "/%s" (required "baseaddr" .baseaddr) }}
+{{ $baseaddr := required "baseaddr" .baseaddr }}
+ - path: {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
backend:
serviceName: {{ .name }}
servicePort: {{ .port }}
{{- end -}}
{{- else if .Values.ingress.service -}}
-{{- $burl := (required "baseurl" .Values.global.ingress.virtualhost.baseurl) -}}
{{ range .Values.ingress.service }}
- - host: {{ printf "%s.%s" (required "baseaddr" .baseaddr) $burl }}
+{{ $baseaddr := required "baseaddr" .baseaddr }}
+ - host: {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
http:
paths:
- backend:
{{- if .Values.ingress.tls }}
tls:
{{ toYaml .Values.ingress.tls | indent 4 }}
- {{- end -}}
+{{- end -}}
+{{- if .Values.ingress.config -}}
+{{- if .Values.ingress.config.tls -}}
+{{- $dot := default . .dot -}}
+ tls:
+ - hosts:
+ {{- range .Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }}
+ - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
+ {{- end }}
+ secretName: {{ required "secret" (tpl (default "" .Values.ingress.config.tls.secret) $dot) }}
+{{- end -}}
+{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
+{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
org.onap.ccsdk.sli.dbtype=jdbc
org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.dbServiceName}}.{{ include "common.namespace" . }}:3306/{{.Values.config.db.dbName}}
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-dgbuilder-image:1.0.1
+image: onap/ccsdk-dgbuilder-image:1.0.2
pullPolicy: Always
# flag to enable debugging - application support required
--- /dev/null
+components/
# See the License for the specific language governing permissions and
# limitations under the License.
-
#################################################################
# Global configuration defaults.
#################################################################
##
replicaCount: 3
## master acts as master only node, choose 'no' if no further data nodes are deployed)
-dedicatednode: "yes"
+dedicatednode: 'yes'
## dedicatednode: "no"
image: bitnami/elasticsearch:7.6.1
## Specify a imagePullPolicy
## We usually recommend not to specify default resources and to leave this as a conscious
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube.
- limits: {}
+ limits:
+ cpu: 250m
+ memory: 1536Mi
# cpu: 100m
# memory: 128Mi
requests:
- cpu: 25m
- memory: 256Mi
+ cpu: 5m
+ memory: 310Mi
## Elasticsearch master-eligible container's liveness and readiness probes
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
##
## Service parameters for master-eligible node(s)
##
service:
- suffix: "service"
- name: ""
+ suffix: 'service'
+ name: ''
## list of ports for "common.containerPorts"
## Elasticsearch transport port
ports:
- - name: http-transport
- port: 9300
+ - name: http-transport
+ port: 9300
## master-eligible service type
##
type: ClusterIP
## If not set and create is true, a name is generated using the fullname template
# name:
-
## Elasticsearch cluster name
##
clusterName: elastic-cluster
-
-
-
#!/bin/bash
+{{/*
#
# Adfinis SyGroup AG
# openshift-mariadb-galera: mysql setup script
#
+*/}}
set -eox pipefail
#!/bin/bash
+{{/*
# Copyright © 2019 Orange
# Copyright © 2020 Samsung Electronics
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
# make sure the script fails if any of commands failed
set -e
#!/bin/bash
+{{/*
#
# ============LICENSE_START==========================================
# org.onap.music
#
# ============LICENSE_END=============================================
# ====================================================================
+*/}}
echo "Running startup script to get password from certman"
PWFILE=/opt/app/aafcertman/.password
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-apps-ms-neng:0.7.1
+image: onap/ccsdk-apps-ms-neng:1.0.2
pullPolicy: IfNotPresent
# application configuration
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
+ resources: {{ include "common.resources" . | nindent 10 }}
ingress:
enabled: false
-resources: {}
+#resources: {}
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ #
+ # Example:
+ # Configure resource requests and limits
+ # ref: http://kubernetes.io/docs/user-guide/compute-resources/
+ # Minimum memory for development is 2 CPU cores and 4GB memory
+ # Minimum memory for production is 4 CPU cores and 8GB memory
+resources:
+ small:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 30m
+ memory: 25Mi
+ large:
+ limits:
+ cpu: 2
+ memory: 4Gi
+ requests:
+ cpu: 1
+ memory: 2Gi
+ unlimited: {}
spec:
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
+ initContainers:
+ - name: {{ include "common.name" . }}-chown
+ image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
+ command:
+ - sh
+ args:
+ - -c
+ - |
+ cp -r -L /tmp/consul/config/* /consul/config/
+ chown -R {{ .Values.consulUID }}:{{ .Values.consulGID }} /consul/config
+ ls -la /consul/config
+ volumeMounts:
+ - mountPath: /tmp/consul/config
+ name: consul-agent-config
+ - mountPath: /consul/config
+ name: consul-agent-config-dir
containers:
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
command:
- - /bin/sh
- - "-c"
- - |
- apk update && apk add jq
- cp /tmp/consul/config/* /consul/config
- /usr/local/bin/docker-entrypoint.sh agent -client 0.0.0.0 -enable-script-checks -retry-join {{ .Values.consulServer.nameOverride }}
+ - sh
+ args:
+ - /usr/local/bin/docker-entrypoint.sh
+ - agent
+ - -client
+ - 0.0.0.0
+ - -enable-script-checks
+ - -retry-join
+ - {{ .Values.consulServer.nameOverride }}
name: {{ include "common.name" . }}
env:
- name: SDNC_ODL_COUNT
- name: SDNC_IS_PRIMARY_CLUSTER
value: "{{ .Values.sdnc.config.isPrimaryCluster }}"
volumeMounts:
- - mountPath: /tmp/consul/config
- name: consul-agent-config
+ - mountPath: /consul/config
+ name: consul-agent-config-dir
- mountPath: /consul/scripts
name: consul-agent-scripts-config
- mountPath: /consul/certs
name: consul-agent-certs-config
+ resources: {{ include "common.resources" . | nindent 10 }}
volumes:
+ - name: consul-agent-config-dir
+ emptyDir: {}
- configMap:
name: {{ include "common.fullname" . }}-configmap
name: consul-agent-config
readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ busyboxRepository: registry.hub.docker.com
+ busyboxImage: library/busybox:latest
#################################################################
# Application configuration defaults.
#################################################################
# application image
repository: docker.io
-image: oomk8s/consul:1.0.0
+image: oomk8s/consul:2.0.0
pullPolicy: Always
#subchart name
consulServer:
nameOverride: consul-server
+consulUID: 100
+consulGID: 1000
+
# flag to enable debugging - application support required
debugEnabled: false
port: 8800
config:
ssl: "none"
-
-resources: {}
+
+#resources: {}
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ #
+ # Example:
+ # Configure resource requests and limits
+ # ref: http://kubernetes.io/docs/user-guide/compute-resources/
+ # Minimum memory for development is 2 CPU cores and 4GB memory
+ # Minimum memory for production is 4 CPU cores and 8GB memory
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 1500Mi
+ requests:
+ cpu: 650m
+ memory: 530Mi
+ large:
+ limits:
+ cpu: 2
+ memory: 4Gi
+ requests:
+ cpu: 1
+ memory: 2Gi
+ unlimited: {}
odl:
jolokia:
--- /dev/null
+components/
--- /dev/null
+#!/bin/bash
+
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+BASE_URL="https://nexus3.onap.org/repository/docker.release"
+
+if [ "$GERRIT_BRANCH" == "staging" ]; then
+ exit 0
+fi
+
+USED_IMAGES=$(grep -r -E -o -h ':\s*onap/.*:.*' | sed -e 's/^: //' -e 's/^ //' | sort | uniq)
+REPO_IMAGES=$(curl -s $BASE_URL/v2/_catalog | jq -r '.repositories[]')
+NOT_AVAILABLE_IMAGES=$(echo "$USED_IMAGES" | grep -vE "$(echo "$REPO_IMAGES" | tr "\n" "|" | sed 's/|$//')")
+USED_IMAGES=$(echo "$USED_IMAGES" | grep -E "$(echo "$REPO_IMAGES" | tr "\n" "|" | sed 's/|$//')")
+for i in $USED_IMAGES; do
+ TMP_IMG=$(echo "$i" | cut -d ":" -f1)
+ TMP_TAG=$(echo "$i" | cut -d ":" -f2)
+ if [ "$LAST_IMG" != "$TMP_IMG" ]; then
+ AVAILABLE_TAGS=$(curl -s $BASE_URL/v2/$TMP_IMG/tags/list | jq -r '.tags[]')
+ fi
+ if ! echo "$AVAILABLE_TAGS" | grep "$TMP_TAG" > /dev/null; then
+ NOT_AVAILABLE_IMAGES="$NOT_AVAILABLE_IMAGES\n$i"
+ fi
+ LAST_IMG="$TMP_IMG"
+ printf "."
+done
+printf "\n"
+if [ -n "$NOT_AVAILABLE_IMAGES" ]; then
+ echo "[ERROR] Only release images are allowed in helm charts."
+ echo "[ERROR] Images not found in release repo:"
+ echo -e "$NOT_AVAILABLE_IMAGES"
+ exit 1
+fi
+exit 0
\ No newline at end of file
.project
.idea/
*.tmproj
+components/
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:2.1.7
+image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:2.1.8
default_k8s_location: central
# DCAE component images to be deployed via Cloudify Manager
# Use to override default setting in blueprints
componentImages:
- holmes_rules: onap/holmes/rule-management:1.2.8
- holmes_engine: onap/holmes/engine-management:1.2.8
+ holmes_rules: onap/holmes/rule-management:1.2.9
+ holmes_engine: onap/holmes/engine-management:1.2.9
tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.2.1
- ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.7.8
+ ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.7.9
snmptrap: onap/org.onap.dcaegen2.collectors.snmptrap:1.4.0
prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.4
hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.5.0
.project
.idea/
*.tmproj
+components/
.project
.idea/
*.tmproj
+components/
+{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
# Environment settings for starting a container
DMAAPBC_WAIT_TO_EXIT=Y
+{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
#####################################################
+{{/*
# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2018 Amdocs,Bell Canada
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
data:
-{{ tpl (.Files.Glob "resources/topics/*.json").AsConfig . | indent 2 }}
\ No newline at end of file
+{{ tpl (.Files.Glob "resources/topics/*.json").AsConfig . | indent 2 }}
+{{/*
# Modifications Copyright © 2018 Amdocs,Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: Deployment
+{{/*
# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2018 Amdocs, Bell Canada
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.service" . }}
+{{/*
# ============LICENSE_START=======================================================
# Copyright (C) 2019 The Nordix Foundation. All rights reserved.
# ================================================================================
#
# SPDX-License-Identifier: Apache-2.0
# ============LICENSE_END=========================================================
+*/}}
# dmaap-dr-node filebeat.yml
filebeat.prospectors:
+{{/*
#-------------------------------------------------------------------------------
# ============LICENSE_START==================================================
# * org.onap.dmaap
# URL to retrieve dynamic configuration
#
#ProvisioningURL: ${DRTR_PROV_INTURL}
+*/}}
ProvisioningURL=https://{{ .Values.global.dmaapDrProvName }}:{{ .Values.global.dmaapDrProvExtPort2 }}/internal/prov
#
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
+{{/*
# Copyright © 2020 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.service" . }}
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: StatefulSet
metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+{{/*
# ============LICENSE_START=======================================================
# Copyright (C) 2019 The Nordix Foundation. All rights reserved.
# ================================================================================
#
# SPDX-License-Identifier: Apache-2.0
# ============LICENSE_END=========================================================
+*/}}
# dmaap-dr-prov filebeat.yml
filebeat.prospectors:
#ssl.key: $ssl.key
#The passphrase used to decrypt an encrypted key stored in the configured key file
- #ssl.key_passphrase: $ssl.key_passphrase
\ No newline at end of file
+ #ssl.key_passphrase: $ssl.key_passphrase
+{{/*
#-------------------------------------------------------------------------------
# ============LICENSE_START==================================================
# * org.onap.dmaap
# * ECOMP is a trademark and service mark of AT&T Intellectual Property.
# *
#-------------------------------------------------------------------------------
+*/}}
#Jetty Server properties
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: Deployment
metadata:
+{{/*
# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
{{- end}}
selector:
app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
\ No newline at end of file
+ release: {{ include "common.release" . }}
+{{/*
# Copyright © 2019 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{- if .Values.global.aafEnabled }}
apiVersion: v1
data:
{{ tpl (.Files.Glob "resources/config/jmx-kafka-prometheus.yml").AsConfig . | indent 2 }}
---
-{{- end }}
\ No newline at end of file
+{{- end }}
+{{/*
# Copyright © 2018 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
+{{/*
# Copyright © 2018 Amdocs, Bell Canada, AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{- $global := . -}}
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
+{{/*
# Copyright © 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
+{{/*
# Copyright © 2019 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{- $root := . -}}
{{ range $i, $e := until (atoi (quote $root.Values.replicaCount) | default 3) }}
+{{/*
# Modifications Copyright © 2018 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: StatefulSet
+{{/*
# Copyright © 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{- if .Values.prometheus.jmx.enabled }}
apiVersion: v1
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
data:
-{{ (.Files.Glob "resources/config/zk_server_jaas.conf").AsConfig | indent 2 }}
\ No newline at end of file
+{{ (.Files.Glob "resources/config/zk_server_jaas.conf").AsConfig | indent 2 }}
+{{/*
# Copyright © 2018 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
+{{/*
# Copyright © 2018 Amdocs, Bell Canada, AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{- $global := . -}}
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
+{{/*
# Copyright © 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2018 Amdocs, AT&T, Bell Canada
# Modifications Copyright © 2018 AT&T
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
clusterIP: None
selector:
app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
\ No newline at end of file
+ release: {{ include "common.release" . }}
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: StatefulSet
+{{/*
# LICENSE_START=======================================================
# org.onap.dmaap
# ================================================================================
##
#config.zk.servers=172.18.1.1
#config.zk.servers={{.Values.zookeeper.name}}:{{.Values.zookeeper.port}}
+*/}}
config.zk.servers={{include "common.release" .}}-{{.Values.zookeeper.name}}-0.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}},{{include "common.release" .}}-{{.Values.zookeeper.name}}-1.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}},{{include "common.release" .}}-{{.Values.zookeeper.name}}-2.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}}
#config.zk.root=/fe3c/cambria/config
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
metadata:
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Secret
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.service" . }}
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: StatefulSet
+{{/*
# ============LICENSE_START=======================================================
# Copyright (C) 2019 The Nordix Foundation. All rights reserved.
# ================================================================================
#
# SPDX-License-Identifier: Apache-2.0
# ============LICENSE_END=========================================================
+*/}}
filebeat.prospectors:
#it is mandatory, in our case it's log
+{{/*
#
# ============LICENSE_START=======================================================
# Copyright (C) 2019 Nordix Foundation.
# SPDX-License-Identifier: Apache-2.0
# ============LICENSE_END=========================================================
#
+*/}}
apiVersion: v1
kind: ConfigMap
metadata:
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- - name: MSB_ADDR
- value: "{{ .Values.config.msbProtocol }}://{{ .Values.config.msbServiceName }}:{{ .Values.config.msbPort }}"
- name: SSL_ENABLED
value: "{{ .Values.config.ssl_enabled }}"
- name: MSB_ENABLED
value: "{{ .Values.config.msb_enabled }}"
+ - name: MSB_ADDR
+ value: "{{ .Values.config.msbProtocol }}://{{ .Values.config.msbServiceName }}:{{ .Values.config.msbPort }}"
+ - name: SDC_ADDR
+ value: "{{ .Values.config.sdcProtocol }}://{{ .Values.config.sdcServiceName }}:{{ .Values.config.sdcPort }}"
+ - name: DMAAP_ENABLED
+ value: "{{ .Values.config.dmaap_enabled }}"
+ - name: DMAAP_ADDR
+ value: "{{ .Values.config.dmaapProtocol }}://{{ .Values.config.dmaapServiceName }}:{{ .Values.config.dmaapPort }}"
- name: DB_IP
value: "{{ include "common.mariadbService" . }}"
- name: DB_PORT
config:
#application configuration about msb
ssl_enabled: false
+ msb_enabled: false
msbProtocol: https
msbServiceName: msb-iag
msbPort: 443
- msb_enabled: true
+ sdcProtocol: https
+ sdcServiceName: sdc-be
+ sdcPort: 8443
+ dmaap_enabled: false
+ dmaapProtocol: https
+ dmaapServiceName: message-router-external
+ dmaapPort: 3905
+
#application configuration user password about mariadb
db:
userName: etsicatalog
flavor: small
repository: nexus3.onap.org:10001
-image: onap/modeling/etsicatalog:1.0.7
+image: onap/modeling/etsicatalog:1.0.8
initImage: busybox:latest
pullPolicy: Always
+{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
version: 1
disable_existing_loggers: False
+{{/*
# Copyright (c) 2019, CMCC Technologies Co., Ltd.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
version: 1
disable_existing_loggers: False
+{{/*
# Copyright (c) 2018 Intel Corporation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
version: 1
disable_existing_loggers: False
+{{/*
# Copyright (c) 2019 Intel Corporation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
version: 1
disable_existing_loggers: False
+{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
version: 1
disable_existing_loggers: False
+{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
version: 1
disable_existing_loggers: False
+{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
filebeat.prospectors:
#it is mandatory, in our case it's log
- input_type: log
+{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
version: 1
disable_existing_loggers: False
version: ~6.x-0
repository: '@local'
condition: nbi.enabled
- - name: pnda
- version: ~6.x-0
- repository: '@local'
- condition: pnda.enabled
- name: policy
version: ~6.x-0
repository: '@local'
-{{/*
# Copyright 2020 Samsung Electronics Co., Ltd.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-*/}}
# This override file is used to deploy a core configuration. It is based on
-{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-*/}}
#################################################################
# Global configuration overrides.
-{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-*/}}
# This override file is useful to test one or more subcharts.
-{{/*
# Copyright © 2017 Amdocs, Bell Canada, Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-*/}}
# This override file is used to deploy a minimal configuration to
-{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Copyright (c) 2020 Nordix Foundation, Modifications
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-*/}}
#################################################################
# Global configuration overrides.
enabled: false
dcaegen2:
enabled: false
-pnda:
- enabled: false
dmaap:
enabled: true
esr:
enabled: false
dcaemod:
enabled: false
-pnda:
- enabled: false
dmaap:
enabled: false
esr:
openStackServiceTenantName: "service"
openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e"
+ # in order to enable static password for so-monitoring uncomment:
+ # so-monitoring:
+ # server:
+ # monitoring:
+ # password: demo123456!
+
# configure embedded mariadb
mariadb:
config:
desHeaders:
Accept: application/json
Content-Type: application/json
+desUsername: {{ .Values.config.desUsername }}
+desPassword: {{ .Values.config.desPassword }}
#key
appkey: ''
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/optf-osdf:3.0.1
+image: onap/optf-osdf:3.0.2
pullPolicy: Always
# flag to enable debugging - application support required
#des api
desUrl: https://des.url:9000
desApiPath: /datalake/v1/exposure/
-
+ desUsername: ''
+ desPassword: ''
# default number of instances
replicaCount: 1
nodeSelector: {}
# Various IDEs
.project
.idea/
-*.tmproj
\ No newline at end of file
+*.tmproj
+components/
+++ /dev/null
-# ================================================================================
-# Copyright (c) 2018 Cisco Systems. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-apiVersion: v1
-description: ONAP DCAE PNDA Bootstrap
-name: dcae-pnda-bootstrap
-version: 6.0.0
+++ /dev/null
-# ================================================================================
-# Copyright (c) 2018 Cisco Systems. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-dependencies:
- - name: common
- version: ~6.x-0
- repository: '@local'
+++ /dev/null
-{{/*
-# ================================================================================
-# Copyright (c) 2018 Cisco Systems. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-*/}}
-
-infrastructure :
- # infrastructure used for pnda deployment
- # Valid Values are:
- # - aws
- # - openstack
- # - existing-machines
- # - terraform
- INFRASTRUCTURE_TYPE: openstack
-
- # The user name to use when logging into the instances
- # For aws target user-name allowed :
- # Target AWS Openstack
- #
- # Distro Redhat: ec2-user cloud-user
- # CentOS: centos cloud-user
- OS_USER: {{ .Values.pnda.osUser }}
-
- # CIDR specifying the address range for the network containing all PNDA instances
- networkCidr: {{ .Values.pnda.networkCidr }}
-
-openstack_parameters:
- # KEYSTONE_USER: Username for the openstack clients to use
- KEYSTONE_USER: {{ .Values.openstack.keystoneUser }}
-
- # KEYSTONE_PASSWORD: Password for the openstack clients to use
- KEYSTONE_PASSWORD: {{ .Values.openstack.keystonePassword }}
-
- # KEYSTONE_TENANT: Name of the tenant / project in the openstack environment. The
- # PNDA stack will be created in this project.
- KEYSTONE_TENANT: {{ .Values.openstack.keystoneTenant }}
-
- # KEYSTONE_AUTH_URL: Keystone authentication URL. The Openstack console provides this
- # under the Access & Security section.
- KEYSTONE_AUTH_URL: {{ .Values.openstack.keystoneAuthUrl }}
-
- # KEYSTONE_AUTH_VERSION: Keystone authentication version. The Openstack console provides this
- # under the Access & Security section.
- KEYSTONE_AUTH_VERSION: '2'
-
- # KEYSTONE_REGION_NAME: Keystone region. The Openstack console provides this
- # under the Access & Security section.
- KEYSTONE_REGION_NAME: {{ .Values.openstack.keystoneRegion }}
-
- # imageId: Base image to use for the created instances. It should be created by
- # following the guide in https://github.com/pndaproject/pnda-dib-elements
- #
- imageId: {{ .Values.openstack.imageId }}
-
- # CIDR specifying the address range that may access the created PNDA instances
- whitelistSshAccess: {{ .Values.openstack.whitelistSshAccess }}
-
- # UUID of the public network in openstack to use
- externalPublicNetworkId: {{ .Values.openstack.publicNetworkId }}
-
- useExistingNetwork: {{ .Values.openstack.useExistingNetwork }}
-
- existingNetworkId: {{ .Values.openstack.existingNetworkId }}
-
- existingSubnetId: {{ .Values.openstack.existingSubnetId }}
-
- # CIDR specifying the address range for the public subnet (bastion access)
- publicSubnetCidr: {{ .Values.openstack.publicSubnetCidr }}
-
-platform_salt:
- # Use either PLATFORM_GIT_REPO_URI + PLATFORM_GIT_BRANCH or PLATFORM_SALT_LOCAL
- PLATFORM_SALT_LOCAL: /platform-salt
-
-pnda_application_repo:
- # Type of storage to use for PNDA application packages
- # s3 - AWS S3. Also set PNDA_APPS_CONTAINER, PNDA_APPS_FOLDER, PNDA_APPS_REGION, PNDA_APPS_ACCESS_KEY_ID, PNDA_APPS_SECRET_ACCESS_KEY
- # sshfs - standard file system. Also set PR_FS_LOCATION_PATH, PR_SSHFS_USER, PR_SSHFS_HOST, PR_SSHFS_PATH and PR_SSHFS_KEY
- # local - local filesystem on the package repository service server. Also set PR_FS_LOCATION_PATH.
- # swift - Openstack swift. Also set PNDA_APPS_CONTAINER and PNDA_APPS_FOLDER
- PR_FS_TYPE: {{ .Values.pnda.apps.fsType }}
-
- # S3 container to use for PNDA application packages
- PNDA_APPS_CONTAINER: {{ .Values.pnda.apps.s3container }}
-
- # Name of folder within PNDA_APPS_CONTAINER that contains the PNDA application packages
- PNDA_APPS_FOLDER: {{ .Values.pnda.apps.s3folder }}
-
- # AWS region that contains the PNDA_APPS_CONTAINER bucket
- PNDA_APPS_REGION: {{ .Values.pnda.apps.s3region }}
-
- # API key for s3 access to PNDA_APPS_CONTAINER. These keys are stored on the cloud instances so should be restricted
- # only allow access to the PNDA_APPS_CONTAINER bucket
- PNDA_APPS_ACCESS_KEY_ID: {{ .Values.pnda.apps.s3keyid }}
- PNDA_APPS_SECRET_ACCESS_KEY: {{ .Values.pnda.apps.s3secret }}
-
- # Path on file system if PR_FS_TYPE is 'local' or 'sshfs'
- PR_FS_LOCATION_PATH: {{ .Values.pnda.apps.fsLocation | print "/opt/pnda/packages" }}
-
- # SSH accessed file system to use for PNDA application packages
- PR_SSHFS_USER: centos
- PR_SSHFS_HOST: 127.0.0.1
- PR_SSHFS_PATH: /mnt/packages
- PR_SSHFS_KEY: key.pem
-
-pnda_data_archive:
- # S3 container to use for archiving PNDA datasets
- PNDA_ARCHIVE_CONTAINER: pnda-archive
-
- # AWS region that contains the PNDA_ARCHIVE_CONTAINER bucket
- PNDA_ARCHIVE_REGION: eu-west-1
-
- # API key for s3 access to PNDA_ARCHIVE_CONTAINER. These keys are stored on the cloud instances so should be restricted
- # only allow access to the PNDA_ARCHIVE_CONTAINER bucket
- PNDA_ARCHIVE_ACCESS_KEY_ID: xxxx
- PNDA_ARCHIVE_SECRET_ACCESS_KEY: xxxx
-
-ntp:
- # Optional ntp servers. Use this if the standard NTP servers on the Internet cannot be reached
- # and a local NTP server has been configured. PNDA will not work without NTP.
- # example format: 'xxx.ntp.org'
- #For REJECT_OUTBOUND="YES" then NTP server/s must.
- NTP_SERVERS:
- - {{ .Values.pnda.ntp }}
-
-dns:
- # External DNS servers list
- nameServers:
- - {{ .Values.pnda.nameserver }}
-
-mirrors:
- # Mirror of resources required for provisioning PNDA, see PNDA guide for instructions on how to set this up
- PNDA_MIRROR:
-
-hadoop:
- # Hadoop distribution to install
- # Valid values are:
- # - HDP
- # - CDH
- HADOOP_DISTRO: HDP
- # Spark version to enable for oozie (HDP only)
- # Valid values are:
- # - 1
- # - 2
- OOZIE_SPARK_VERSION: 1
-
-connectivity:
- # The IP address of the client that created PNDA
- CLIENT_IP: {{ .Values.pnda.outboundCidr }}
- # Add online repositories for yum, apt-get, pip, etc alongside PNDA mirror
- ADD_ONLINE_REPOS: "YES"
- # RPM Extras repository to enable when ADD_ONLINE_REPOS=YES
- RPM_EXTRAS_REPO_NAME: rhui-REGION-rhel-server-optional
- # RPM Optional repository to enable when ADD_ONLINE_REPOS=YES
- RPM_OPTIONAL_REPO_NAME: rhui-REGION-rhel-server-extras
-
-network_interfaces:
- PNDA_INTERNAL_NETWORK: eth0
- PNDA_INGEST_NETWORK: eth0
-
-cli:
- # Maximum number of outbound connections that the CLI will attempt to open at once
- # Consider increasing this when creating clusters with more than 100 nodes to speed
- # up PNDA creation time.
- MAX_SIMULTANEOUS_OUTBOUND_CONNECTIONS: 100
-
-security:
- # The path were to find the security material (certificate/key).
- # The directory should be structured as defined in this' repo's directory structure with the same name.
- # The security material should conform to the guidelines defined in the README.md file in
- # the containing sub directory.
- SECURITY_MATERIAL_PATH: ./platform-certificates/
-
- # Address of LDAP server
- # All instances will have PAM configured to authenticate with this LDAP server if set
- # Leave blank to disable LDAP-PAM integration
- LDAP_SERVER: ''
-
- # Base DN for LDAP server to use when enabling client PAM integration with LDAP
- LDAP_BASE_DN: dc=nodomain
-
-features:
- # Include experimental features.
- # Set to "NO", omit setting or omit features section entirely to turn off experimental features
- EXPERIMENTAL_FEATURES: "NO"
-
-domain:
- # Top-level domain
- TOP_LEVEL_DOMAIN: pnda.local
-
- # Second-level domain
- SECOND_LEVEL_DOMAIN: dc1
-
-dataset_compaction:
- # Enable/Disable compaction on datasets.
- # "YES" to enable.
- # "NO" to disable.
- COMPACTION: "NO"
- # If compaction is enabled, PATTERN sets the frequency of compaction.
- # H - hourly compaction.
- # d - daily compaction.
- # M - monthly compaction.
- # Y - yearly compaction.
- PATTERN: d
-
-datanode:
- # DATANODE_VOLUME_COUNT sets the number of data volumes on each hadoop datanode
- DATA_VOLUME_COUNT: 1
- # DEVICE_ROOT sets the disk device root name
- DEVICE_ROOT: xvdb
-
-kafka:
- # DATA_DIRS sets the data dirs on kafka node
- KAFKA_DATA_DIRS:
- - /var/kafka-logs
- # DEVICE_ROOT sets the disk device root name
- KAFKA_DEVICE_ROOT: xvdb
-
-generic:
- #GENERIC_DEVICE_ROOT sets the disk device root name for generic instances.
- GENERIC_DEVICE_ROOT: xvdb
+++ /dev/null
-#!/bin/sh
-{{/*
-# ================================================================================
-# Copyright (c) 2018 Cisco Systems. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-*/}}
-
-# Install PNDA in Openstack with Heat templates
-# Expects:
-# Input files for components to be installed in /inputs
-
-if [ "z{{ .Values.enabled }}" != "ztrue" ]
-then
- echo
- echo "PNDA bootstrap is disabled - skipping pnda-cli launch"
- echo
- exit 0
-fi
-
-set -ex
-
-CLUSTER_PREFIX="{{ include "common.release" . }}-{{ include "common.namespace" . }}-pnda"
-DATANODES="{{ .Values.pnda.dataNodes }}"
-KAFKANODES="{{ .Values.pnda.kafkaNodes }}"
-VERSION="{{ .Values.pnda.version }}"
-KEYPAIR_NAME="{{ .Values.pnda_keypair_name }}"
-KEYFILE="$KEYPAIR_NAME.pem"
-
-cd /pnda-cli
-
-cp /inputs/pnda_env.yaml .
-cp /secrets/pnda.pem $KEYFILE
-chmod 600 $KEYFILE
-
-(cd tools && ./gen-certs.py)
-
-KUBE_API="https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_SERVICE_PORT_HTTPS/api/v1"
-KUBE_TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
-
-for i in 1 2 3 4 5 6 7 8 9
-do
- MIRROR_IP=$(curl -s $KUBE_API/namespaces/{{ include "common.namespace" . }}/pods \
- --header "Authorization: Bearer $KUBE_TOKEN" \
- --insecure | jq -r '.items[].status | select(.containerStatuses != null) | select(.containerStatuses[].ready and .containerStatuses[].name=="dcae-pnda-mirror") | .hostIP')
- MIRROR_PORT=$(curl -s $KUBE_API/namespaces/{{ include "common.namespace" . }}/services/dcae-pnda-mirror \
- --header "Authorization: Bearer $KUBE_TOKEN" \
- --insecure | jq -r '.spec.ports[] | select(.name=="dcae-pnda-mirror") | .nodePort')
-
- if [ "x${MIRROR_IP}" != "xnull" -a "x${MIRROR_PORT}" != "xnull" ]; then
- PNDA_MIRROR="http://$MIRROR_IP:$MIRROR_PORT"
- break
- fi
- sleep 5
-done
-
-[ -z "${PNDA_MIRROR}" ] && { echo "Unable to get PNDA mirror IP:PORT"; exit 1; }
-
-sed -i -e 's?CLIENT_IP/32?CLIENT_IP?' bootstrap-scripts/package-install.sh
-
-./cli/pnda-cli.py create -e $CLUSTER_PREFIX -f pico -n $DATANODES -k $KAFKANODES \
- -b $VERSION -s $KEYPAIR_NAME --set "mirrors.PNDA_MIRROR=$PNDA_MIRROR"
+++ /dev/null
-{{/*
-# ================================================================================
-# Copyright (c) 2018 Cisco Systems. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-*/}}
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-inputs
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/inputs/*").AsConfig . | indent 2 }}
-
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-scripts
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/scripts/*").AsConfig . | indent 2 }}
-
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-secrets
- namespace: {{ include "common.namespace" . }}
-data:
- pnda.pem: |
-{{ .Values.pnda_secret | indent 4 }}
-
+++ /dev/null
-{{/*
-#============LICENSE_START========================================================
-# ================================================================================
-# Copyright (c) 2018 Cisco Systems. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-*/}}
-
-apiVersion: batch/v1
-kind: Job
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- completions: 1
- backoffLimit: 0
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- restartPolicy: Never
- initContainers:
- - name: {{ include "common.name" . }}-readiness
- image: {{ include "common.repository" . }}/{{ .Values.global.readinessImage }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /app/ready.py
- args:
- - --container-name
- - dcae-pnda-mirror
- - "-t"
- - "75"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /inputs
- name: {{ include "common.fullname" . }}-inputs
- - mountPath: /scripts
- name: {{ include "common.fullname" . }}-scripts
- - mountPath: /secrets
- name: {{ include "common.fullname" . }}-secrets
- - mountPath: /pnda-cli/cli/logs
- name: {{ include "common.fullname" . }}-logs
- command:
- - "/scripts/bootstrap.sh"
- volumes:
- - name: {{ include "common.fullname" . }}-inputs
- configMap:
- name: {{ include "common.fullname" . }}-inputs
- - name: {{ include "common.fullname" . }}-scripts
- configMap:
- name: {{ include "common.fullname" . }}-scripts
- defaultMode: 0755
- - name: {{ include "common.fullname" . }}-secrets
- configMap:
- name: {{ include "common.fullname" . }}-secrets
- - name: {{ include "common.fullname" . }}-logs
- {{- if .Values.persistence.enabled }}
- persistentVolumeClaim:
- claimName: {{ include "common.fullname" . }}
- {{- else }}
- emptyDir: {}
- {{- end }}
+++ /dev/null
-# ================================================================================
-# Copyright (c) 2018 Cisco Systems. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefixExt: 304
- readinessImage: onap/oom/readiness:3.0.1
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- persistence: {}
-
-#################################################################
-# PNDA configuration defaults.
-#################################################################
-
-enabled: false
-
-pnda:
- version: release/5.0
- dataNodes: 2
- kafkaNodes: 1
- osUser: centos
- nameserver: 8.8.8.8
- ntp: pool.ntp.org
- apps:
- fsType: local
- networkCidr: 10.0.0.0/16
- outboundCidr: 0.0.0.0/0
-
-pnda_keypair_name: pnda
-pnda_secret: replace-me
-
-#################################################################
-# Openstack connection params.
-#################################################################
-
-openstack:
- keystoneUser: onap
- keystonePassword: onap
- keystoneTenant: onap
- keystoneAuthUrl: 'http://10.60.18.18:5000/v2.0/'
- keystoneRegion: regionOne
- imageId: id_of_image
- publicNetworkId: id_of_public_network
- useExistingNetwork: true
- existingNetworkId: id_of_onap_network
- existingSubnetId: id_of_onap_subnet
- whitelistSshAccess: 0.0.0.0/0
- publicSubnetCidr: 10.0.0.0/24
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-
-
-repository: pndareg.ctao6.net
-image: onap/org.onap.dcaegen2.deployments.pnda-bootstrap-container:6.0.0
-pullPolicy: Always
-
-## Persist data to a persitent volume
-persistence:
- enabled: true
-
- ## A manually managed Persistent Volume and Claim
- ## Requires persistence.enabled: true
- ## If defined, PVC must be created manually before volume will be bound
- # existingClaim:
- volumeReclaimPolicy: Retain
-
- ## database data Persistent Volume Storage Class
- ## If defined, storageClassName: <storageClass>
- ## If set to "-", storageClassName: "", which disables dynamic provisioning
- ## If undefined (the default) or set to null, no storageClassName spec is
- ## set, choosing the default provisioner. (gp2 on AWS, standard on
- ## GKE, AWS & OpenStack)
- accessMode: ReadWriteOnce
- size: 10Mi
- mountPath: /dockerdata-nfs
- mountSubPath: dcae-pnda-bootstrap/logs
+++ /dev/null
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
+++ /dev/null
-# ================================================================================
-# Copyright (c) 2018 Cisco Systems. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-apiVersion: v1
-description: ONAP DCAE PNDA Mirror
-name: dcae-pnda-mirror
-version: 6.0.0
+++ /dev/null
-# ================================================================================
-# Copyright (c) 2018 Cisco Systems. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-dependencies:
- - name: common
- version: ~6.x-0
- repository: '@local'
+++ /dev/null
-{{/*
-# ================================================================================
-# Copyright (c) 2018 Cisco Systems. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-*/}}
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: 1
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
+++ /dev/null
-{{/*
-# ================================================================================
-# Copyright (c) 2018 Cisco Systems. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-*/}}
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# ================================================================================
-# Copyright (c) 2018 Cisco Systems. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefixExt: 304
- readinessImage: onap/oom/readiness:3.0.1
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- persistence: {}
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-
-repository: pndareg.ctao6.net
-image: onap/org.onap.dcaegen2.deployments.pnda-mirror-container:6.0.0
-pullPolicy: Always
-
-# application configuration
-# Example:
-config: {}
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 60
- periodSeconds: 10
- timeoutSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 15
- periodSeconds: 10
-
-service:
- type: NodePort
- portName: dcae-pnda-mirror
- nodePort: "00"
- externalPort: 80
- internalPort: 80
-
-## Persist data to a persitent volume
-persistence:
- enabled: false
-
-ingress:
- enabled: false
-
-resources: {}
+++ /dev/null
-# ================================================================================
-# Copyright (c) 2018 Cisco Systems. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-dependencies:
- - name: common
- version: ~6.x-0
- repository: '@local'
.project
.idea/
*.tmproj
+components/
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-apex-pdp:2.4.2
+image: onap/policy-apex-pdp:2.4.3
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-api:2.3.2
+image: onap/policy-api:2.3.3
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-distribution:2.4.2
+image: onap/policy-distribution:2.4.3
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-pdpd-cl:1.7.3
+image: onap/policy-pdpd-cl:1.7.4
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-pap:2.3.2
+image: onap/policy-pap:2.3.3
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-xacml-pdp:2.3.2
+image: onap/policy-xacml-pdp:2.3.3
pullPolicy: Always
# flag to enable debugging - application support required
-# Patterns to ignore when building packages.\r
-# This supports shell glob matching, relative path matching, and\r
-# negation (prefixed with !). Only one pattern per line.\r
-.DS_Store\r
-# Common VCS dirs\r
-.git/\r
-.gitignore\r
-.bzr/\r
-.bzrignore\r
-.hg/\r
-.hgignore\r
-.svn/\r
-# Common backup files\r
-*.swp\r
-*.bak\r
-*.tmp\r
-*~\r
-# Various IDEs\r
-.project\r
-.idea/\r
-*.tmproj\r
-\r
-# docker folder\r
-docker/\r
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+components/
# application image
repository: nexus3.onap.org:10001
-image: onap/portal-app:3.4.1
+image: onap/portal-app:3.4.2
pullPolicy: Always
# application configuration
-- Disabled Policy APP
UPDATE fn_app fa SET fa.enabled = 'N' WHERE app_name = 'Policy';
-
-
+-- Disabled AAIUI APP
+UPDATE fn_app fa SET fa.enabled = 'N' WHERE app_name = 'A&AI UI';
/*
Replace spaces with underscores for role names to match AAF role names
*/
# application image
repository: nexus3.onap.org:10001
-image: onap/portal-sdk:3.4.1
+image: onap/portal-sdk:3.4.2
pullPolicy: Always
# application configuration
\r
## App DB Properties\r
spring.datasource.url=jdbc:mysql://portal-db:3306/portal\r
-spring.datasource.username=root\r
-spring.datasource.password=Aa123456\r
+spring.datasource.username=${PORTAL_DB_USER}\r
+spring.datasource.password=${PORTAL_DB_PASSWORD}\r
spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.MySQLDialect\r
spring.database.driver.classname=org.mariadb.jdbc.Driver\r
spring.jpa.show-sql=false\r
spring.jpa.properties.hibernate.format_sql=false\r
\r
## Basic Authentication Properties\r
-security.user.name=widget_user\r
-security.user.password=ENC(IjywcRnI9+nuVEh9+OFFiRWAjBT1n718)\r
+security.user.name=${WIDGET_USER}\r
+security.user.password=${WIDGET_PASSWORD}\r
\r
initialization.default.widgets=true\r
initialization.widgetData.url=http://portal-app:{{.Values.global.portalPort}}/ONAPPORTAL/commonWidgets\r
\r
## Account Basic Authentication Properties\r
-account.user.name=portal\r
-account.user.password=6APqvG4AU2rfLgCvMdySwQ==\r
+account.user.name=${ACC_USER}\r
+account.user.password=${ACC_PASSWORD}\r
\r
## Certificate Properties\r
#server.ssl.key-store=classpath:widget-keystore.p12\r
#server.ssl.key-store-password=ENC(DiIYnAMab4u7rEW2yKhF9zBL00uU55q8)\r
#server.ssl.keyStoreType=PKCS12\r
#server.ssl.keyAlias=widget-microservice\r
-\r
jasypt:
encryptor:
- password: EncryptionKey
+ password: ${JASYPT_ENC_KEY}
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ - name: {{ include "common.name" . }}-portal-widget-config
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - sh
+ args:
+ - "-c"
+ - |
+ cd /config-input && \
+ for PFILE in `ls -1 *.*`
+ do
+ envsubst <${PFILE} >/config/${PFILE}
+ chmod 0755 /config/${PFILE}
+ done
+ env:
+ - name: PORTAL_DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "login") | indent 12 }}
+ - name: PORTAL_DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "password") | indent 12 }}
+ - name: WIDGET_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-widget" "key" "login") | indent 12 }}
+ - name: WIDGET_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-widget" "key" "password") | indent 12 }}
+ - name: ACC_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-account" "key" "login") | indent 12 }}
+ - name: ACC_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-account" "key" "password") | indent 12 }}
+ - name: JASYPT_ENC_KEY
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "jasypt-enc-key" "key" "password") | indent 12 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: properties-onapwidgetms-scrubbed
+ - mountPath: /config
+ name: properties-onapwidgetms
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
hostPath:
path: /etc/localtime
- name: properties-onapwidgetms
+ emptyDir:
+ medium: Memory
+ - name: properties-onapwidgetms-scrubbed
configMap:
name: {{ include "common.fullname" . }}-onapwidgetms
defaultMode: 0755
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
+{{/*
+# Copyright © 2020 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
-apiVersion: v1
-description: ONAP DCAE PNDA
-name: pnda
-version: 6.0.0
+{{ include "common.secretFast" . }}
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
ubuntuInit: ubuntu-init:1.0.0
+ envsubstImage: dibi/envsubst
+
+################################################################
+# Secrets metaconfig
+#################################################################
+
+secrets:
+ - uid: portal-backend-db
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.mariadb.config.backendDbExternalSecret) . }}'
+ login: '{{ .Values.mariadb.config.backendUserName }}'
+ password: '{{ .Values.mariadb.config.backendPassword }}'
+ passwordPolicy: required
+ - uid: portal-widget
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.widgetCredsExternalSecret) . }}'
+ login: '{{ .Values.config.widgetUsername }}'
+ password: '{{ .Values.config.widgetPassword }}'
+ passwordPolicy: required
+ - uid: portal-account
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.accountCredsExternalSecret) . }}'
+ login: '{{ .Values.config.accountUsername }}'
+ password: '{{ .Values.config.accountPassword }}'
+ passwordPolicy: required
+ - uid: jasypt-enc-key
+ type: password
+ externalSecret: '{{ .Values.config.jasyptEncKeyExternalSecret}}'
+ password: '{{ .Values.config.jasyptEncKey }}'
+ passwordPolicy: required
+
+config:
+ widgetUsername: widget_user
+ widgetPassword: widget_pass
+# widgetCredsExternalSecret: some secret
+ accountUsername: portal
+ accountPassword: portal
+# accountCredsExternalSecret: some secret
+ jasyptEncKey: EncryptionKey
+ # jasyptEncKeyExternalSecret: some secret
#################################################################
# Application configuration defaults.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/portal-wms:3.4.1
+image: onap/portal-wms:3.4.2
pullPolicy: Always
# flag to enable debugging - application support required
mariadb:
service:
name: portal-db
+ config:
+ # backendDbExternalSecret: some secret
+ backendUserName: portal
+ backendPassword: portal
service:
type: ClusterIP
-Subproject commit da28d1cdc573a726d3fc8a19638ebc8b3679295f
+Subproject commit 4e61a1c981b7e00846c0ca2857cd32be027294e1
-# Patterns to ignore when building packages.\r
-# This supports shell glob matching, relative path matching, and\r
-# negation (prefixed with !). Only one pattern per line.\r
-.DS_Store\r
-# Common VCS dirs\r
-.git/\r
-.gitignore\r
-.bzr/\r
-.bzrignore\r
-.hg/\r
-.hgignore\r
-.svn/\r
-# Common backup files\r
-*.swp\r
-*.bak\r
-*.tmp\r
-*~\r
-# Various IDEs\r
-.project\r
-.idea/\r
-*.tmproj\r
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+components/
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-backend-all-plugins:1.7.1
-backendInitImage: onap/sdc-backend-init:1.7.1
+image: onap/sdc-backend-all-plugins:1.7.2
+backendInitImage: onap/sdc-backend-init:1.7.2
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-cassandra:1.7.1
-cassandraInitImage: onap/sdc-cassandra-init:1.7.1
+image: onap/sdc-cassandra:1.7.2
+cassandraInitImage: onap/sdc-cassandra-init:1.7.2
pullPolicy: Always
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-frontend:1.7.1
+image: onap/sdc-frontend:1.7.2
pullPolicy: Always
config:
readOnly: true
- name: {{ include "common.fullname" . }}-logs
mountPath: /var/log/onap
+ - name: {{ include "common.fullname" . }}-cert-storage
+ mountPath: "{{ .Values.cert.certDir }}"
- name: {{ include "common.fullname" . }}-logback
mountPath: /tmp/logback.xml
subPath: logback.xml
emptyDir: { medium: "Memory" }
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
+ - name: {{ include "common.fullname" . }}-cert-storage
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}-cert
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
{{/*
# ================================================================================
-# Copyright (c) 2018 Cisco Systems. All rights reserved.
+# Copyright (C) 2019, Nordix Foundation. All rights reserved.
# ================================================================================
+#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
-# http://www.apache.org/licenses/LICENSE-2.0
+# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-# ============LICENSE_END=========================================================
*/}}
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
+{{- if and .Values.persistence.enabled (not .Values.cert.persistence.existingClaim) -}}
+{{- if eq "True" (include "common.needPV" .) -}}
kind: PersistentVolume
apiVersion: v1
metadata:
heritage: "{{ .Release.Service }}"
name: {{ include "common.fullname" . }}
spec:
- storageClassName: manual
capacity:
- storage: {{ .Values.persistence.size }}
+ storage: {{ .Values.cert.persistence.size}}
accessModes:
- - {{ .Values.persistence.accessMode }}
- persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
+ - {{ .Values.cert.persistence.accessMode }}
+ persistentVolumeReclaimPolicy: {{ .Values.cert.persistence.volumeReclaimPolicy }}
storageClassName: "{{ include "common.fullname" . }}-data"
hostPath:
- path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }}
+ path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.cert.persistence.mountSubPath }}
+{{- end -}}
{{- end -}}
{{/*
-# Copyright © 2019 Amdocs, Bell Canada, Orange
+# ================================================================================
+# Copyright (C) 2019, Nordix Foundation. All rights reserved.
+# ================================================================================
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
+{{- if and .Values.cert.persistence.enabled (not .Values.cert.persistence.existingClaim) -}}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
- name: {{ include "common.fullname" . }}
+ name: {{ include "common.fullname" . }}-cert
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ include "common.release" . }}"
heritage: "{{ .Release.Service }}"
-{{- if .Values.persistence.annotations }}
+{{- if .Values.cert.persistence.annotations }}
annotations:
-{{ toYaml .Values.persistence.annotations | indent 4 }}
+{{ toYaml .Values.cert.persistence.annotations | indent 4 }}
{{- end }}
spec:
accessModes:
- - {{ .Values.persistence.accessMode }}
+ - {{ .Values.cert.persistence.accessMode }}
storageClassName: {{ include "common.storageClass" . }}
resources:
requests:
- storage: {{ .Values.persistence.size }}
+ storage: {{ .Values.cert.persistence.size }}
{{- end -}}
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-onboard-backend:1.7.1
-onboardingInitImage: onap/sdc-onboard-cassandra-init:1.7.1
+image: onap/sdc-onboard-backend:1.7.2
+onboardingInitImage: onap/sdc-onboard-cassandra-init:1.7.2
pullPolicy: Always
# flag to enable debugging - application support required
.project
.idea/
*.tmproj
-# avoid 1MB limit
components/
+{{/*
###
# ============LICENSE_START=======================================================
# Copyright (C) 2018 ONAP Intellectual Property. All rights reserved.
# limitations under the License.
# ============LICENSE_END=========================================================
###
+*/}}
org.onap.ccsdk.sli.dbtype=jdbc
org.onap.ccsdk.sli.jdbc.hosts=sdnctldb01
org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{include "common.mariadbService" $}}:{{include "common.mariadbPort" $}}/{{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdnc-dmaap-listener-image:2.0.2
+image: onap/sdnc-dmaap-listener-image:2.0.3
pullPolicy: Always
# flag to enable debugging - application support required
+{{/*
# Copyright © 2017 AT&T, Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
# Host definition
ip: 0.0.0.0
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdnc-ansible-server-image:2.0.2
+image: onap/sdnc-ansible-server-image:2.0.3
pullPolicy: Always
# flag to enable debugging - application support required
#!/bin/bash
+{{/*
# Copyright © 2018 Amdocs
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
debugLog(){
if [ "$enableDebugLogging" == true ]; then
#!/bin/bash
+{{/*
# Copyright © 2018 Amdocs
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
debugLog(){
if [ "$enableDebugLogging" == true ]; then
#!/bin/bash
+{{/*
# Copyright © 2018 Amdocs
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
if [ "${SDNC_IS_PRIMARY_CLUSTER:-true}" = "true" ];then
id=sdnc01
#!/bin/bash
+{{/*
# Copyright © 2018 Amdocs
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
# query ODL cluster state
USERNAME="{{.Values.odl.jolokia.username}}"
#! /bin/bash
+{{/*
# Copyright © 2018 Amdocs
#
####################################################################################################
# sdncDnsSwitchWrapper.bash: Wrapper script to invoke SDNC DNS Switch for domain: sdnc.example.com #
####################################################################################################
+*/}}
ssh -i {{.Values.coreDNS.sshKeyFile}} -o StrictHostKeyChecking=no {{.Values.coreDNS.sshUser}}@{{.Values.coreDNS.host}} "{{.Values.coreDNS.switchScript}} $SDNC_LOCAL_K8S_CLUSTER_MASTER {{.Values.config.deployment}}"
exit $?
#!/bin/bash
+{{/*
# Copyright © 2018 Amdocs
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
LOGFILE="/app/geo.log"
enableDebugLogging=true
#!/usr/bin/env python2
+{{/*
# encoding: utf-8
# Copyright © 2018 Amdocs
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
import sys
import os
+{{/*
#/bin/sh
# Copyright © 2018 Amdocs
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
set -e
primary=${SDNC_IS_PRIMARY_CLUSTER:-true}
+{{/*
# Copyright © 2020 highstreet technologies GmbH
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
-nclude "common.repository" . }}apiVersion: apps/v1
+apiVersion: apps/v1
kind: Deployment
metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
value: {{ .Values.config.sslCertiticate }}
- name: SSL_CERTIFICATE_KEY
value: {{ .Values.config.sslCertKey }}
+ {{ if .Values.config.transportpce.enabled }}
+ - name: TRPCEURL
+ value: {{ .Values.config.transportpce.transportpceUrl }}
+ {{ end }}
+ {{ if .Values.config.topologyserver.enabled }}
+ - name: TOPOURL
+ value: {{ .Values.config.topologyserver.topologyserverUrl }}
+ - name: TILEURL
+ value: {{ .Values.config.topologyserver.tileserverUrl }}
+ {{ end }}
+
volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- mountPath: /etc/localtime
name: localtime
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: "onap/sdnc-web-image:2.0.2"
+image: "onap/sdnc-web-image:2.0.3"
pullPolicy: Always
config:
sdncChartName: sdnc
webProtocol: HTTPS
webPort: 8443
- #sdnrProtocol: HTTPS
- sdnrProtocol: HTTPS
- #sdnrHost: "sdnc.onap"
+ sdnrProtocol: https
sdnrHost: "sdnc"
sdnrPort: "8443"
sslCertDir: "/opt/app/osaaf/local/certs"
sslCertiticate: "cert.pem"
sslCertKey: "key.pem"
+ transportpce:
+ enabled: false
+ transportpceUrl: http://transportpce.transportpce:8181
+ topologyserver:
+ enabled: false
+ topologyserverUrl: http://toplogy-api-service.topology:3001
+ tileserverUrl: https://tile.openstreetmap.org
#################################################################
+{{/*
###
# ============LICENSE_START=======================================================
# openECOMP : SDN-C
# limitations under the License.
# ============LICENSE_END=========================================================
###
+*/}}
# dblib.properties
org.onap.ccsdk.sli.dbtype=jdbc
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdnc-ueb-listener-image:2.0.2
+image: onap/sdnc-ueb-listener-image:2.0.3
pullPolicy: Always
# flag to enable debugging - application support required
#!/bin/bash
+{{/*
###
# ============LICENSE_START=======================================================
# limitations under the License.
# ============LICENSE_END=========================================================
###
+*/}}
SDNC_HOME=${SDNC_HOME:-/opt/onap/sdnc}
ETC_DIR=${ETC_DIR:-${SDNC_HOME}/data}
+++ /dev/null
-#!/bin/bash
-
-###
-# ============LICENSE_START=======================================================
-# SDNC
-# ================================================================================
-# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Update by Copyright (C) 2020 highstreet technologies GmbH. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-###
-
-# Install SDN-C platform components if not already installed and start container
-
-# List of used constants, that are provided during container initialization
-
-ODL_HOME=${ODL_HOME:-/opt/opendaylight/current}
-ODL_FEATURES_BOOT_FILE=$ODL_HOME/etc/org.apache.karaf.features.cfg
-#
-ODL_REMOVEIDMDB=${ODL_REMOVEIDMDB:-false}
-
-#ODL_CERT_DIR
-ODL_ADMIN_USERNAME=${ODL_ADMIN_USERNAME:-admin}
-if $ODL_REMOVEIDMDB ; then
- echo "Remove odl idmdb"
- rm $ODL_HOME/data/idmlight.db.mv.db
- ODL_ADMIN_PASSWORD=${ODL_ADMIN_PASSWORD:-admin}
-else
- ODL_ADMIN_PASSWORD=${ODL_ADMIN_PASSWORD:-Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U}
-fi
-
-export ODL_ADMIN_PASSWORD ODL_ADMIN_USERNAME
-
-SDNC_HOME=${SDNC_HOME:-/opt/onap/sdnc}
-SDNC_BIN=${SDNC_BIN:-/opt/onap/sdnc/bin}
-CCSDK_HOME=${CCSDK_HOME:-/opt/onap/ccsdk}
-
-#- ODL Cluster
-ENABLE_ODL_CLUSTER=${ENABLE_ODL_CLUSTER:-false}
-#SDNC_REPLICAS
-
-#- ODL GEO cluster
-GEO_ENABLED=${GEO_ENABLED:-false}
-#IS_PRIMARY_CLUSTER
-#MY_ODL_CLUSTER
-#PEER_ODL_CLUSTER
-
-#- AAF
-SDNC_AAF_ENABLED=${SDNC_AAF_ENABLED:-false}
-
-#- SDN-R
-SDNRWT=${SDNRWT:-false}
-SDNRWT_BOOTFEATURES=${SDNRWT_BOOTFEATURES:-sdnr-wt-feature-aggregator}
-SDNRDM=${SDNRDM:-false}
-# Add devicemanager base and specific repositories
-SDNRDM_BASE_REPO=${SDNRDM_BASE_REPO:-mvn:org.onap.ccsdk.features.sdnr.wt/sdnr-wt-feature-aggregator-devicemanager-base/$CCSDKFEATUREVERSION/xml/features}
-SDNRDM_ONF_REPO=${SDNRDM_ONF_REPO:-mvn:org.onap.ccsdk.features.sdnr.wt/sdnr-wt-devicemanager-onf-feature/$CCSDKFEATUREVERSION/xml/features}
-SDNRDM_ORAN_REPO=${SDNRDM_ORAN_REPO:-mvn:org.onap.ccsdk.features.sdnr.wt/sdnr-wt-devicemanager-oran-feature/$CCSDKFEATUREVERSION/xml/features}
-SDNRDM_GRAN_REPO=${SDNRDM_GRAN_REPO:-mvn:org.onap.ccsdk.features.sdnr.wt/sdnr-wt-devicemanager-gran-feature/$CCSDKFEATUREVERSION/xml/features}
-# Add devicemanager features
-SDNRDM_SDM_LIST=${SDNRDM_SDM_LIST:-sdnr-wt-devicemanager-onf-feature, sdnr-wt-devicemanager-oran-feature, sdnr-wt-devicemanager-gran-feature}
-SDNRDM_BOOTFEATURES=${SDNRDM_BOOTFEATURES:-sdnr-wt-feature-aggregator-devicemanager-base, ${SDNRDM_SDM_LIST}}
-SDNRINIT=${SDNRINIT:-false}
-SDNRONLY=${SDNRONLY:-false}
-SDNRDBURL=${SDNRDBURL:-http://sdnrdb:9200}
-#SDNRDBUSERNAME
-#SDNRDBPASSWORD
-#SDNRDBPARAMETER
-SDNRDBCOMMAND=${SDNRDBCOMMAND:--c init -db $SDNRDBURL -dbu $SDNRDBUSERNAME -dbp $SDNRDBPASSWORD $SDNRDBPARAMETER}
-
-SDNR_NORTHBOUND=${SDNR_NORTHBOUND:-false}
-SDNR_NORTHBOUND_BOOTFEATURES=${SDNR_NORTHBOUND_BOOTFEATURES:-sdnr-northbound-all}
-
-# Functions
-
-# Test if repository exists, like this mvn:org.onap.ccsdk.features.sdnr.wt/sdnr-wt-devicemanager-oran-feature/0.7.2/xml/features
-# $1 repository
-function isRepoExisting() {
- REPO=$(echo $1 | sed -E "s#mvn:(.*)/xml/features\$#\1#")
- OIFS="$IFS"
- IFS='/' parts=($REPO)
- IFS="$OIFS"
- path="$ODL_HOME/system/"${parts[0]//./\/}"/"${parts[1]}"/"${parts[2]}
- [ -d "$path" ]
-}
-
-# Add features repository to karaf featuresRepositories configuration
-# $1 repositories to be added
-function addRepository() {
- CFG=$ODL_FEATURES_BOOT_FILE
- ORIG=$CFG.orig
- if isRepoExisting "$1" ; then
- echo "Add repository: $1"
- sed -i "\|featuresRepositories|s|$|, $1|" $CFG
- else
- echo "Repo does not exist: $1"
- fi
-}
-
-# Append features to karaf boot feature configuration
-# $1 additional feature to be added
-# $2 repositories to be added (optional)
-function addToFeatureBoot() {
- CFG=$ODL_FEATURES_BOOT_FILE
- ORIG=$CFG.orig
- if [ -n "$2" ] ; then
- addRepository $2
- fi
- echo "Add boot feature: $1"
- sed -i "\|featuresBoot *=|s|$|,$1|" $CFG
-}
-
-# Append features to karaf boot feature configuration
-# $1 search pattern
-# $2 replacement
-function replaceFeatureBoot() {
- CFG=$ODL_FEATURES_BOOT_FILE
- echo "Replace boot feature $1 with: $2"
- sed -i "/featuresBoot/ s/$1/$2/g" $CFG
-}
-
-# Remove all sdnc specific features
-function cleanupFeatureBoot() {
- echo "Remove northbound bootfeatures "
- sed -i "/featuresBoot/ s/,ccsdk-sli-core-all.*$//g" $ODL_FEATURES_BOOT_FILE
-}
-
-function initialize_sdnr() {
- echo "SDN-R Database Initialization"
- INITCMD="$JAVA_HOME/bin/java -jar "
- INITCMD+="$ODL_HOME/system/org/onap/ccsdk/features/sdnr/wt/sdnr-wt-data-provider-setup/$CCSDKFEATUREVERSION/sdnr-dmt.jar "
- INITCMD+="$SDNRDBCOMMAND"
- echo "Execute: $INITCMD"
- n=0
- until [ $n -ge 5 ] ; do
- $INITCMD && break
- n=$[$n+1]
- sleep 15
- done
- return $?
-}
-
-function install_sdnrwt_features() {
- # Repository setup provided via sdnc dockerfile
- if $SDNRWT; then
- addRepository $SDNRDM_BASE_REPO
- addRepository $SDNRDM_ONF_REPO
- addRepository $SDNRDM_ORAN_REPO
- addRepository $SDNRDM_GRAN_REPO
-
- if $SDNRONLY; then
- cleanupFeatureBoot
- fi
- if $SDNRDM; then
- addToFeatureBoot "$SDNRDM_BOOTFEATURES"
- else
- addToFeatureBoot "$SDNRWT_BOOTFEATURES"
- fi
- fi
-}
-
-
-function install_sdnr_northbound_features() {
- # Repository setup provided via sdnc dockerfile
- addToFeatureBoot "$SDNR_NORTHBOUND_BOOTFEATURES"
-}
-
-# Reconfigure ODL from default single node configuration to cluster
-
-function enable_odl_cluster(){
- if [ -z $SDNC_REPLICAS ]; then
- echo "SDNC_REPLICAS is not configured in Env field"
- exit
- fi
-
- # ODL NETCONF setup
- echo "Installing Opendaylight cluster features for mdsal and netconf"
-
- #Be sure to remove feature odl-netconf-connector-all from list
- replaceFeatureBoot "odl-netconf-connector-all,"
- #Activate cluster
- replaceFeatureBoot odl-netconf-topology odl-netconf-clustered-topology
- replaceFeatureBoot odl-mdsal-all odl-mdsal-all,odl-mdsal-clustering
- addToFeatureBoot odl-jolokia
-
- # ODL Cluster or Geo cluster configuration
-
- echo "Update cluster information statically"
- fqdn=$(hostname -f)
- echo "Get current fqdn ${fqdn}"
-
- # Extract node index using first digit after "-"
- # Example 2 from "sdnr-2.logo.ost.das.r32.com"
- node_index=($(echo ${fqdn} | sed -r 's/.*-([0-9]).*/\1/g'))
-
- if $GEO_ENABLED; then
- echo "This is a Geo cluster"
-
- if [ -z $IS_PRIMARY_CLUSTER ] || [ -z $MY_ODL_CLUSTER ] || [ -z $PEER_ODL_CLUSTER ]; then
- echo "IS_PRIMARY_CLUSTER, MY_ODL_CLUSTER and PEER_ODL_CLUSTER must all be configured in Env field"
- return
- fi
-
- member_offset=1
- if $IS_PRIMARY_CLUSTER; then
- PRIMARY_NODE=${MY_ODL_CLUSTER}
- SECONDARY_NODE=${PEER_ODL_CLUSTER}
- else
- PRIMARY_NODE=${PEER_ODL_CLUSTER}
- SECONDARY_NODE=${MY_ODL_CLUSTER}
- member_offset=4
- fi
-
- node_list="${PRIMARY_NODE} ${SECONDARY_NODE}"
- $SDNC_BIN/configure_geo_cluster.sh $((node_index+member_offset)) ${node_list}
- else
- echo "This is a local cluster"
- for ((i=0;i<${SDNC_REPLICAS};i++)); do
- #assemble node list by replaceing node-index in hostname with "i"
- node_name=$(echo ${fqdn} | sed -r "s/-[0-9]/-$i/g")
- node_list="${node_list} $node_name"
- done
- echo "Node index: $((node_index+1)) list: ${node_list[@]}"
- $ODL_HOME/bin/configure_cluster.sh $((node_index+1)) ${node_list}
- fi
-}
-
-# -----------------------
-# Main script starts here
-
-echo "Image path=${IMAGEPATH}"
-echo "Image names=${IMAGENAMES}"
-echo "Settings:"
-echo " USER=$(whoami)"
-echo " SDNC_BIN=$SDNC_BIN"
-echo " SDNC_HOME=$SDNC_HOME"
-echo " ODL_CERT_DIR=$ODL_CERT_DIR"
-echo " CCSDKFEATUREVERSION=$CCSDKFEATUREVERSION"
-echo " ENABLE_ODL_CLUSTER=$ENABLE_ODL_CLUSTER"
-echo " ODL_REMOVEIDMDB=$ODL_REMOVEIDMDB"
-echo " SDNC_REPLICAS=$SDNC_REPLICAS"
-echo " SDNRWT=$SDNRWT"
-echo " SDNRDM=$SDNRDM"
-echo " SDNRONLY=$SDNRONLY"
-echo " SDNRINIT=$SDNRINIT"
-echo " SDNRDBURL=$SDNRDBURL"
-echo " SDNRDBUSERNAME=$SDNRDBUSERNAME"
-echo " SDNRDBPASSWORD=$SDNRDBPASSWORD"
-echo " GEO_ENABLED=$GEO_ENABLED"
-echo " IS_PRIMARY_CLUSTER=$IS_PRIMARY_CLUSTER"
-echo " MY_ODL_CLUSTER=$MY_ODL_CLUSTER"
-echo " PEER_ODL_CLUSTER=$PEER_ODL_CLUSTER"
-echo " AAF_ENABLED=$SDNC_AAF_ENABLED"
-
-if $SDNC_AAF_ENABLED; then
- export SDNC_AAF_STORE_DIR=/opt/app/osaaf/local
- export SDNC_AAF_CONFIG_DIR=/opt/app/osaaf/local
- export SDNC_KEYPASS=`cat /opt/app/osaaf/local/.pass`
- export SDNC_KEYSTORE=org.onap.sdnc.p12
- sed -i '/cadi_prop_files/d' $ODL_HOME/etc/system.properties
- echo "cadi_prop_files=$SDNC_AAF_CONFIG_DIR/org.onap.sdnc.props" >> $ODL_HOME/etc/system.properties
-
- sed -i '/org.ops4j.pax.web.ssl.keystore/d' $ODL_HOME/etc/custom.properties
- sed -i '/org.ops4j.pax.web.ssl.password/d' $ODL_HOME/etc/custom.properties
- sed -i '/org.ops4j.pax.web.ssl.keypassword/d' $ODL_HOME/etc/custom.properties
- echo org.ops4j.pax.web.ssl.keystore=$SDNC_AAF_STORE_DIR/$SDNC_KEYSTORE >> $ODL_HOME/etc/custom.properties
- echo org.ops4j.pax.web.ssl.password=$SDNC_KEYPASS >> $ODL_HOME/etc/custom.properties
- echo org.ops4j.pax.web.ssl.keypassword=$SDNC_KEYPASS >> $ODL_HOME/etc/custom.properties
-fi
-
-if $SDNRINIT ; then
- #One time intialization action
- initialize_sdnr
- init_result=$?
- echo "Result of init script: $init_result"
- if $SDNRWT ; then
- echo "Proceed to initialize sdnr"
- else
- exit $init_result
- fi
-fi
-
-if [ ! -f ${SDNC_HOME}/.installed ]
-then
- echo "Installing SDN-C keyStore"
- /bin/bash ${SDNC_HOME}/bin/addSdncKeyStore.sh
-
- if $ENABLE_ODL_CLUSTER ; then enable_odl_cluster ; fi
-
- if $SDNRWT ; then install_sdnrwt_features ; fi
-
- if $SDNR_NORTHBOUND ; then install_sdnr_northbound_features ; fi
-
- echo "Installed at `date`" > ${SDNC_HOME}/.installed
-fi
-
-# Odl configuration done
-ODL_FEATURES_BOOT=$(sed -n "/featuresBoot =/p" $ODL_FEATURES_BOOT_FILE)
-export ODL_FEATURES_BOOT
-
-if [ -z "$ODL_CERT_DIR" ] ; then
- echo "No certs provided. Skip installation."
-else
- echo "Start background cert installer"
- nohup python ${SDNC_BIN}/installCerts.oom.py &
-fi
-
-echo "Startup opendaylight"
-echo $ODL_FEATURES_BOOT
-exec ${ODL_HOME}/bin/karaf server
+++ /dev/null
-#!/bin/bash
-
-###
-# ============LICENSE_START=======================================================
-# SDNC
-# ================================================================================
-# Copyright © 2020 Samsung Electronics
-# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-###
-
-# Append features to karaf boot feature configuration
-# $1 additional feature to be added
-# $2 repositories to be added (optional)
-function addToFeatureBoot() {
- CFG=$ODL_HOME/etc/org.apache.karaf.features.cfg
- ORIG=$CFG.orig
- if [ -n "$2" ] ; then
- echo "Add repository: $2"
- mv $CFG $ORIG
- cat $ORIG | sed -e "\|featuresRepositories|s|$|,$2|" > $CFG
- fi
- echo "Add boot feature: $1"
- mv $CFG $ORIG
- cat $ORIG | sed -e "\|featuresBoot *=|s|$|,$1|" > $CFG
-}
-
-# Append features to karaf boot feature configuration
-# $1 search pattern
-# $2 replacement
-function replaceFeatureBoot() {
- CFG=$ODL_HOME/etc/org.apache.karaf.features.cfg
- ORIG=$CFG.orig
- echo "Replace boot feature $1 with: $2"
- sed -i "/featuresBoot/ s/$1/$2/g" $CFG
-}
-
-function install_sdnrwt_features() {
- addToFeatureBoot "$SDNRWT_BOOTFEATURES" $SDNRWT_REPOSITORY
-}
-
-function enable_odl_cluster(){
- if [ -z $SDNC_REPLICAS ]; then
- echo "SDNC_REPLICAS is not configured in Env field"
- exit
- fi
-
- #Be sure to remove feature odl-netconf-connector-all from list
- replaceFeatureBoot "odl-netconf-connector-all,"
-
- echo "Installing Opendaylight cluster features"
- replaceFeatureBoot odl-netconf-topology odl-netconf-clustered-topology
- replaceFeatureBoot odl-mdsal-all odl-mdsal-all,odl-mdsal-clustering
- addToFeatureBoot odl-jolokia
- #${ODL_HOME}/bin/client feature:install odl-mdsal-clustering
- #${ODL_HOME}/bin/client feature:install odl-jolokia
-
-
- echo "Update cluster information statically"
- hm=$(hostname)
- echo "Get current Hostname ${hm}"
-
- node=($(echo ${hm} | sed 's/-[0-9]*$//g'))
- node_index=($(echo ${hm} | awk -F"-" '{print $NF}'))
- member_offset=1
-
- if $GEO_ENABLED; then
- echo "This is a Geo cluster"
-
- if [ -z $IS_PRIMARY_CLUSTER ] || [ -z $MY_ODL_CLUSTER ] || [ -z $PEER_ODL_CLUSTER ]; then
- echo "IS_PRIMARY_CLUSTER, MY_ODL_CLUSTER and PEER_ODL_CLUSTER must all be configured in Env field"
- return
- fi
-
- if $IS_PRIMARY_CLUSTER; then
- PRIMARY_NODE=${MY_ODL_CLUSTER}
- SECONDARY_NODE=${PEER_ODL_CLUSTER}
- else
- PRIMARY_NODE=${PEER_ODL_CLUSTER}
- SECONDARY_NODE=${MY_ODL_CLUSTER}
- member_offset=4
- fi
-
- node_list="${PRIMARY_NODE} ${SECONDARY_NODE}"
-
- /opt/onap/sdnc/bin/configure_geo_cluster.sh $((node_index+member_offset)) ${node_list}
- else
- echo "This is a local cluster"
-
- node_list="${node}-0.{{.Values.service.name}}-cluster.{{.Release.Namespace}}";
-
- for ((i=1;i<${SDNC_REPLICAS};i++));
- do
- node_list="${node_list} ${node}-$i.{{.Values.service.name}}-cluster.{{.Release.Namespace}}"
- done
-
- /opt/opendaylight/current/bin/configure_cluster.sh $((node_index+1)) ${node_list}
- fi
-}
-
-
-# Install SDN-C platform components if not already installed and start container
-
-ODL_HOME=${ODL_HOME:-/opt/opendaylight/current}
-ODL_ADMIN_USERNAME=${ODL_ADMIN_USERNAME}
-ODL_ADMIN_PASSWORD=${ODL_ADMIN_PASSWORD}
-SDNC_HOME=${SDNC_HOME:-/opt/onap/sdnc}
-SDNC_BIN=${SDNC_BIN:-/opt/onap/sdnc/bin}
-CCSDK_HOME=${CCSDK_HOME:-/opt/onap/ccsdk}
-ENABLE_ODL_CLUSTER=${ENABLE_ODL_CLUSTER:-false}
-GEO_ENABLED=${GEO_ENABLED:-false}
-SDNC_AAF_ENABLED=${SDNC_AAF_ENABLED:-false}
-SDNRWT=${SDNRWT:-false}
-SDNRWT_BOOTFEATURES=${SDNRWT_BOOTFEATURES:-sdnr-wt-feature-aggregator}
-export ODL_ADMIN_PASSWORD ODL_ADMIN_USERNAME
-
-echo "Settings:"
-echo " ENABLE_ODL_CLUSTER=$ENABLE_ODL_CLUSTER"
-echo " SDNC_REPLICAS=$SDNC_REPLICAS"
-echo " SDNRWT=$SDNRWT"
-echo " AAF_ENABLED=$SDNC_AAF_ENABLED"
-
-
-if $SDNC_AAF_ENABLED; then
- export SDNC_AAF_STORE_DIR=/opt/app/osaaf/local
- export SDNC_AAF_CONFIG_DIR=/opt/app/osaaf/local
- export SDNC_KEYPASS=`cat /opt/app/osaaf/local/.pass`
- export SDNC_KEYSTORE=org.onap.sdnc.p12
- sed -i '/cadi_prop_files/d' $ODL_HOME/etc/system.properties
- echo "cadi_prop_files=$SDNC_AAF_CONFIG_DIR/org.onap.sdnc.props" >> $ODL_HOME/etc/system.properties
-
- sed -i '/org.ops4j.pax.web.ssl.keystore/d' $ODL_HOME/etc/custom.properties
- sed -i '/org.ops4j.pax.web.ssl.password/d' $ODL_HOME/etc/custom.properties
- sed -i '/org.ops4j.pax.web.ssl.keypassword/d' $ODL_HOME/etc/custom.properties
- echo org.ops4j.pax.web.ssl.keystore=$SDNC_AAF_STORE_DIR/$SDNC_KEYSTORE >> $ODL_HOME/etc/custom.properties
- echo org.ops4j.pax.web.ssl.password=$SDNC_KEYPASS >> $ODL_HOME/etc/custom.properties
- echo org.ops4j.pax.web.ssl.keypassword=$SDNC_KEYPASS >> $ODL_HOME/etc/custom.properties
-fi
-
-if [ ! -f ${SDNC_HOME}/.installed ]
-then
- echo "Installing SDN-C keyStore"
- ${SDNC_HOME}/bin/addSdncKeyStore.sh
-
- if $ENABLE_ODL_CLUSTER ; then enable_odl_cluster ; fi
-
- if $SDNRWT ; then install_sdnrwt_features ; fi
-
- echo "Installed at `date`" > ${SDNC_HOME}/.installed
-fi
-
-cp /opt/opendaylight/current/certs/* /tmp
-cp /var/custom-certs/* /tmp
-
-nohup python ${SDNC_BIN}/installCerts.py &
-
-
-exec ${ODL_HOME}/bin/karaf server
+{{/*
###
# ============LICENSE_START=======================================================
# openECOMP : SDN-C
# limitations under the License.
# ============LICENSE_END=========================================================
###
+*/}}
#
# Configuration file for A&AI Client
org.onap.ccsdk.sli.adaptors.aai.param.format=filter=%s:%s
org.onap.ccsdk.sli.adaptors.aai.param.vnf_type=vnf-type
org.onap.ccsdk.sli.adaptors.aai.param.physical.location.id=physical-location-id
-org.onap.ccsdk.sli.adaptors.aai.param.service.type=service-type
\ No newline at end of file
+org.onap.ccsdk.sli.adaptors.aai.param.service.type=service-type
+{{/*
###
# Copyright � 2017-2018 AT&T Intellectual Property.
# Modifications Copyright � 2018 IBM.
#
# Configuration file for SDNC Controller Module
#
+*/}}
org.onap.ccsdk.features.blueprints.adaptors.envtype=solo
+{{/*
###
# ============LICENSE_START=======================================================
# Copyright (C) 2018 AT&T Intellectual Property. All rights reserved.
# limitations under the License.
# ============LICENSE_END=========================================================
###
+*/}}
org.onap.ccsdk.sli.dbtype=jdbc
org.onap.ccsdk.sli.jdbc.hosts=sdnctldb01
org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{include "common.mariadbService" $}}:{{include "common.mariadbPort" $}}/{{$.Values.config.dbSdnctlDatabase}}
+{{/*
#
# Copyright (C) 2018 AT&T, Bell Canada.
#
# See the License for the specific language governing permissions and
# limitations under the License.
#
+*/}}
# Configuration file for Netbox client
org.onap.ccsdk.sli.adaptors.netbox.url=http://netbox-app.{{.Release.Namespace}}:8001
#!/bin/sh
+{{/*
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# export KARAF_DEBUG # Enable debug mode
# export KARAF_REDIRECT # Enable/set the std/err redirection when using bin/start
# export KARAF_NOROOT # Prevent execution as root if set to true
+*/}}
if [ "x$JAVA_MAX_MEM" = "x" ]; then
export JAVA_MAX_MEM="2048m"
fi
+{{/*
###
# ============LICENSE_START=======================================================
# openECOMP : SDN-C
# limitations under the License.
# ============LICENSE_END=========================================================
###
+*/}}
org.onap.ccsdk.sli.dbtype = jdbc
org.onap.ccsdk.sli.jdbc.url = jdbc:mysql://{{include "common.mariadbService" $}}:{{include "common.mariadbPort" $}}/{{$.Values.config.dbSdnctlDatabase}}
+{{/*
################################################################################
#
# Licensed to the Apache Software Foundation (ASF) under one or more
#
################################################################################
# Properties used as default values in MDC
+*/}}
log4j2.property.ServiceName = INTERNAL
log4j2.property.ErrorCode = 900
log4j2.property.ErrorDesc = UnknownError
+{{/*
# Copyright © 2018 Amdocs
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
SDNC_AAF_ENABLED: "{{ .Values.global.aafEnabled }}"
SDNC_GEO_ENABLED: "{{ .Values.config.geoEnabled }}"
#!/bin/bash
+{{/*
# Copyright © 2018 Amdocs
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
if ! [ "$(command -v jq)" ]; then
echo "Error: jq is not installed."
#!/bin/bash
+{{/*
# Copyright © 2018 Amdocs
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
dir=$( dirname $0 )
#!/bin/sh
+{{/*
# Copyright © 2018 Amdocs
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
if [ $# -lt 1 ];then
echo "Usage: makeactive <release> [namespace]"
#!/bin/sh
+{{/*
# Copyright © 2018 Amdocs
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
if [ $# -lt 1 ];then
echo "Usage: $(basename $0) [--debug] <release> [namespace]"
#!/bin/bash
+{{/*
# Copyright © 2018 Amdocs
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
function usage()
{
+{{/*
# Copyright © 2020 highstreet technologies GmbH
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ if .Values.config.sdnr.enabled -}}
apiVersion: batch/v1
kind: Job
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- name: SDNC_DB_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ - name: ODL_ADMIN_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "login") | indent 10 }}
+ - name: ODL_ADMIN_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "password") | indent 10 }}
+
volumeMounts:
- mountPath: /config-input
name: config-input
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- {{- if not .Values.config.sdnr.enabled }}
command: ["/bin/bash"]
args: ["-c", "/opt/onap/sdnc/bin/startODL.sh"]
- {{ else }}
- command: ["/bin/bash"]
- args: ["-c", "{{ .Values.config.binDir }}/startODL.oom.sh"]
- {{ end }}
ports:
- containerPort: {{ .Values.service.internalPort }}
- containerPort: {{ .Values.service.internalPort2 }}
- mountPath: /opt/opendaylight/current/etc/org.ops4j.pax.logging.cfg
name: sdnc-logging-cfg-config
subPath: org.ops4j.pax.logging.cfg
- - mountPath: {{ .Values.config.binDir }}/startODL.sh
- name: bin
- subPath: startODL.sh
- - mountPath: {{ .Values.config.binDir }}/startODL.oom.sh
- name: bin
- subPath: startODL.oom.sh
- mountPath: {{ .Values.config.binDir }}/installSdncDb.sh
name: bin
subPath: installSdncDb.sh
cmpv2Enabled: true
platform:
certServiceClient:
- image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.0.0
+ image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.0
secret:
name: oom-cert-service-client-tls-secret
mountPath: /etc/onap/oom/certservice/certs/
# Application configuration defaults.
#################################################################
# application images
+
repository: nexus3.onap.org:10001
pullPolicy: Always
-image: onap/sdnc-image:2.0.2
+image: onap/sdnc-image:2.0.3
busyboxRepository: docker.io
busyboxImage: busybox:1.30
nameOverride: sdnrdb
# enable
sdnc-web:
- enabled: false
+ enabled: true
# default number of instances
replicaCount: 1
.project
.idea/
*.tmproj
+components/
+{{/*
# Copyright © 2020 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
server:
port: {{ index .Values.containerPort }}
+{{/*
# Copyright © 2020 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
data:
+{{/*
# Copyright © 2020 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: Deployment
export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
{{- if .Values.global.security.aaf.enabled }}
- export KEYSTORE_PASSWORD="${cadi_keystore_password}"
+ export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
{{- end }}
/app/start-app.sh
+{{/*
# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2020 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.service" . }}
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
+ - name: readinessCheck
+ version: ~6.x-0
+ repository: '@local'
- name: soHelpers
version: ~6.x-0
repository: 'file://../soHelpers'
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
aai:
auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.aai.auth )}}
dme2:
vnf:
endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/services/VnfAdapter
rest:
- endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/services/rest/v1/vnfs
+ endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/services/rest/{{ .Values.vnf.api.version }}/vnfs
volume-groups:
rest:
endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/services/rest/v1/volume-groups
so:
vnfm:
adapter:
- url: https://so-vnfm-adapter.{{ include "common.namespace" . }}:9092/so/vnfm-adapter/v1/
+ url: http://so-vnfm-adapter.{{ include "common.namespace" . }}:9092/so/vnfm-adapter/v1/
auth: {{ .Values.so.vnfm.adapter.auth }}
org:
onap:
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
data:
LOG_PATH: {{ index .Values.logPath }}
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: Deployment
metadata:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- - command:
- - /app/ready.py
- args:
- - --job-name
- - {{ include "common.release" . }}-so-mariadb-config-job
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
+ initContainers:
+ {{ include "so.certificate.container_importer" . | indent 6 | trim }}
+ {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "common.repository" . }}/{{ .Values.image }}
export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
{{- if .Values.global.security.aaf.enabled }}
- export KEYSTORE_PASSWORD="${cadi_keystore_password}"
+ export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
/app/start-app.sh
{{- end }}
env:
- name: DB_HOST
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.host
+ value: {{ include "common.mariadbService" . }}
- name: DB_PORT
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.port
+ value: {{ include "common.mariadbPort" . | quote }}
- name: DB_USERNAME
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- name: DB_PASSWORD
+{{/*
# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
metadata:
aaf:
auth:
encrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
+ mariadbGalera:
+ serviceName: mariadb-galera
+ servicePort: '3306'
+
+readinessCheck:
+ wait_for:
+ - so-mariadb-config
#################################################################
# Secrets metaconfig
# - 'my file 1'
# - '{{ include "templateThatGeneratesFileName" . }}'
-
-
#################################################################
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/bpmn-infra:1.6.4
+image: onap/so/bpmn-infra:1.7.10
pullPolicy: Always
db:
sniro:
endpoint: http://replaceme:28090/optimizationInstance/V1/create
+vnf:
+ api:
+ version: v2
+
replicaCount: 1
minReadySeconds: 10
containerPort: &containerPort 8081
apiEnforcement: org.onap.so.bpmnPerm
containerPort: *containerPort
-
# Resource Limit flavor -By Default using small
flavor: large
# Segregation for Different environment (Small and Large)
cpu: 1000m
unlimited: {}
livenessProbe:
- path: /manage/health
- scheme: HTTP
- initialDelaySeconds: 600
- periodSeconds: 60
- timeoutSeconds: 10
- successThreshold: 1
- failureThreshold: 3
+ path: /manage/health
+ scheme: HTTP
+ initialDelaySeconds: 600
+ periodSeconds: 60
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
ingress:
enabled: false
nodeSelector: {}
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
+ - name: readinessCheck
+ version: ~6.x-0
+ repository: '@local'
- name: soHelpers
version: ~6.x-0
repository: 'file://../soHelpers'
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
server:
port: {{ index .Values.containerPort }}
tomcat:
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
data:
LOG_PATH: {{ index .Values.logPath }}
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: Deployment
metadata:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- - command:
- - /app/ready.py
- args:
- - --job-name
- - {{ include "common.release" . }}-so-mariadb-config-job
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
+ initContainers:
+ {{ include "so.certificate.container_importer" . | indent 6 | trim }}
+ {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "common.repository" . }}/{{ .Values.image }}
export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
{{- if .Values.global.security.aaf.enabled }}
- export KEYSTORE_PASSWORD="${cadi_keystore_password}"
+ export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
/app/start-app.sh
{{- end }}
env:
- name: DB_HOST
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.host
+ value: {{ include "common.mariadbService" . }}
- name: DB_PORT
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.port
+ value: {{ include "common.mariadbPort" . | quote }}
- name: DB_USERNAME
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- name: DB_PASSWORD
+{{/*
# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
metadata:
header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
app:
msoKey: 07a7159d3bf51a0e53be7a8f89699be7
+ mariadbGalera:
+ serviceName: mariadb-galera
+ servicePort: '3306'
+
+readinessCheck:
+ wait_for:
+ - so-mariadb-config
#################################################################
# Secrets metaconfig
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/catalog-db-adapter:1.6.4
+image: onap/so/catalog-db-adapter:1.7.10
pullPolicy: Always
db:
+++ /dev/null
-# Copyright © 2018 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-apiVersion: v1
-description: A Helm chart for DB secrets
-name: so-db-secrets
-version: 6.0.0
\ No newline at end of file
+++ /dev/null
-# Copyright © 2018 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.release" . }}-so-db-secrets
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
- mariadb.readwrite.host : {{ .Values.global.mariadbGalera.serviceName | b64enc | quote }}
- mariadb.readwrite.port : {{ .Values.global.mariadbGalera.servicePort | b64enc | quote }}
- mariadb.readwrite.rolename: {{ .Values.db_username | b64enc | quote }}
- mariadb.readwrite.password: {{ .Values.db_password | b64enc | quote }}
- mariadb.admin.rolename: {{ .Values.db_admin_username| b64enc | quote }}
- mariadb.admin.password: {{ .Values.db_admin_password | b64enc | quote }}
-type: Opaque
+++ /dev/null
-# Copyright © 2018 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-global:
- mariadbGalera:
- serviceName: mariadb-galera
- servicePort: "3306"
-db_admin_username: so_admin
-db_admin_password: so_Admin123
-db_username: so_user
-db_password: so_User123
+{{/*
# Copyright © 2020 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
aai:
auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}}
so:
adapters:
sol003-adapter:
- url: https://so-vnfm-adapter.{{ include "common.namespace" . }}:9092/so/vnfm-adapter/v1
+ url: http://so-vnfm-adapter.{{ include "common.namespace" . }}:9092/so/vnfm-adapter/v1
auth: {{ .Values.so.sol003.adapter.auth }}
etsi-catalog-manager:
base:
http:
client:
ssl:
- trust-store: ${TRUSTSTORE}
+ trust-store: file:${TRUSTSTORE}
trust-store-password: ${TRUSTSTORE_PASSWORD}
{{- else }}
endpoint: http://modeling-etsicatalog.{{ include "common.namespace" . }}:8806/api
{{- end }}
+camunda:
+ bpm:
+ history-level: full
+ job-execution:
+ max-pool-size: 30
+ core-pool-size: 3
+ deployment-aware: true
+{{/*
# Copyright © 2020 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
+{{/*
# Copyright © 2020 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: Deployment
export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
{{- if .Values.global.security.aaf.enabled }}
- export KEYSTORE_PASSWORD="${cadi_keystore_password}"
+ export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
{{- end }}
./start-app.sh
- name: ETSI_NFVO_PASSWORD_INPUT
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "etsi-nfvo-nslcm-creds" "key" "password") | indent 14 }}
- name: DB_HOST
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.host
+ value: {{ include "common.mariadbService" . }}
- name: DB_PORT
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.port
+ value: {{ include "common.mariadbPort" . | quote }}
- name: DB_USERNAME
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 14 }}
- name: DB_PASSWORD
- name: config
mountPath: /app/config
readOnly: true
- - name: {{ include "common.fullname" . }}-truststore
- mountPath: /app/client
- readOnly: true
livenessProbe:
tcpSocket:
port: {{ index .Values.livenessProbe.port }}
- name: config
configMap:
name: {{ include "common.fullname" . }}-app-configmap
- - name: {{ include "common.fullname" . }}-truststore
- secret:
- secretName: {{ include "common.release" . }}-so-truststore-secret
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
+{{/*
# Copyright © 2020 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.ingress" . }}
+{{/*
# Copyright © 2020 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2020 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.service" . }}
aaf:
auth:
header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
+ mariadbGalera:
+ serviceName: mariadb-galera
+ servicePort: '3306'
#################################################################
# Secrets metaconfig
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/so-etsi-nfvo-ns-lcm:1.7.4
+image: onap/so/so-etsi-nfvo-ns-lcm:1.7.7
pullPolicy: Always
aai:
annotations:
service.alpha.kubernetes.io/tolerate-unready-endpoints: 'true'
msb.onap.org/service-info: |
- {{ if not .Values.global.msbDisabled -}}[
+ {{ if .Values.global.msbEnabled -}}[
{
"serviceName": "{{ include "common.servicename" . }}",
"version": "v1",
"url": "/so/so-etsi-nfvo-ns-lcm/v1",
"protocol": "REST",
- "port": "{{ include "common.getPort" (dict "global" . "name" "nfvo-nslcm-port") }}",
+ "port": "{{ include "common.getPort" (dict "global" . "name" "http-api") }}",
"visualRange":"1"
}
]{{ end }}
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
+ - name: readinessCheck
+ version: ~6.x-0
+ repository: '@local'
#!/bin/sh
+{{/*
#
# ============LICENSE_START==========================================
# ===================================================================
# ECOMP and OpenECOMP are trademarks
# and service marks of AT&T Intellectual Property.
#
+*/}}
echo "Creating camundabpmn database . . ." 1>/tmp/mariadb-camundabpmn.log 2>&1
#!/bin/sh
+{{/*
#
# ============LICENSE_START==========================================
# ===================================================================
# ECOMP and OpenECOMP are trademarks
# and service marks of AT&T Intellectual Property.
#
+*/}}
echo "Creating requestdb database . . ." 1>/tmp/mariadb-requestdb.log 2>&1
#!/bin/sh
+{{/*
#
# ============LICENSE_START==========================================
# ===================================================================
# ECOMP and OpenECOMP are trademarks
# and service marks of AT&T Intellectual Property.
#
+*/}}
echo "Creating catalogdb database . . ." 1>/tmp/mariadb-catalogdb.log 2>&1
#!/bin/sh
+{{/*
# ============LICENSE_START=======================================================
# Copyright (C) 2020 Nordix Foundation.
# ================================================================================
#
# SPDX-License-Identifier: Apache-2.0
# ============LICENSE_END=========================================================
+*/}}
echo "Creating nfvo database . . ." 1>/tmp/mariadb-nfvodb.log 2>&1
#!/bin/sh
+{{/*
#
# ============LICENSE_START==========================================
# ===================================================================
# ECOMP and OpenECOMP are trademarks
# and service marks of AT&T Intellectual Property.
#
+*/}}
echo "Creating so user . . ." 1>/tmp/mariadb-so-user.log 2>&1
#!/bin/sh
+{{/*
#
# ============LICENSE_START==========================================
# ===================================================================
# ECOMP and OpenECOMP are trademarks
# and service marks of AT&T Intellectual Property.
#
+*/}}
echo "Creating so admin user . . ." 1>/tmp/mariadb-so-admin.log 2>&1
+{{/*
# Copyright 2018 © Samsung Electronics Co., Ltd.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{- if .Values.global.migration.enabled }}
apiVersion: batch/v1
kind: Job
release: {{ include "common.release" . }}
name: {{ include "common.name" . }}
spec:
- initContainers:
- - name: {{ include "common.name" . }}-readiness
- command:
- - /app/ready.py
- args:
- - --container-name
- - {{ .Values.global.mariadbGalera.nameOverride }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 6 }}
containers:
- - name: {{ include "common.name" . }}
+ - name: {{ include "common.name" . }}-config
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
{{- end }}
env:
- name: DB_HOST
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.host
+ value: {{ include "common.mariadbService" . }}
- name: DB_PORT
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.port
+ value: {{ include "common.mariadbPort" . | quote }}
- name: MYSQL_ROOT_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 10 }}
- name: DB_USER
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Copyright © 2020 Samsung Electronics
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.secretFast" . }}
readinessImage: onap/oom/readiness:3.0.1
ubuntuInitRepository: registry.hub.docker.com
mariadbGalera:
- nameOverride: mariadb-galera
+ nameOverride: &mariadbName mariadb-galera
serviceName: mariadb-galera
servicePort: "3306"
migration:
dbPort: 3306
dbUser: root
dbPassword: secretpassword
+
+readinessCheck:
+ wait_for:
+ - *mariadbName
+
#################################################################
# Secrets metaconfig
#################################################################
# Copyright © 2017 Amdocs, Bell Canada
+# Modifications © 2020 Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
+ - name: soHelpers
+ version: ~6.x-0
+ repository: 'file://../soHelpers'
server:
port: {{ index .Values.containerPort }}
+ {{- if .Values.global.aafEnabled }}
+ ssl:
+ keyStore: ${KEYSTORE}
+ keyStorePassword: ${KEYSTORE_PASSWORD}
+ trustStore: ${TRUSTSTORE}
+ trustStorePassword: ${TRUSTSTORE_PASSWORD}
+ {{- end }}
tomcat:
max-threads: 50
+ {{- if not .Values.global.aafEnabled }}
ssl-enable: false
+ {{- end }}
camunda:
rest:
api:
api:
url: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083/infraActiveRequests/
auth: Basic YnBlbDpwYXNzd29yZDEk
+spring:
+ main:
+ allow-bean-definition-overriding: true
+ security:
+ usercredentials:
+ -
+ username: ${SO_MONITORING_USERNAME}
+ password: ${SO_MONITORING_PASSWORD}
+ role: GUI-Client
+{{/*
# ============LICENSE_START=======================================================
# Copyright (C) 2018 Ericsson. All rights reserved.
# ================================================================================
# SPDX-License-Identifier: Apache-2.0
# ============LICENSE_END=========================================================
# @author: gareth.roper@ericsson.com
+*/}}
apiVersion: v1
data:
LOG_PATH: {{ index .Values.logPath }}
+{{/*
# ============LICENSE_START=======================================================
# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modifications Copyright © 2020 Nokia
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# SPDX-License-Identifier: Apache-2.0
# ============LICENSE_END=========================================================
# @author: gareth.roper@ericsson.com
+*/}}
apiVersion: apps/v1
kind: Deployment
metadata:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- name: so-chown
image: alpine:3.6
volumeMounts:
- name: {{ include "common.name" . }}
image: {{ include "common.repository" . }}/{{ .Values.image }}
resources: {{ include "common.resources" . | nindent 12 }}
+ command:
+ - /bin/sh
+ args:
+ - -c
+ - |
+ export SO_MONITORING_PASSWORD=`htpasswd -bnBC 10 "" $SO_MON_PASS | tr -d ':\n' | sed 's/\$2y/\$2a/'`
+ {{- if .Values.global.aafEnabled }}
+ export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/org.onap.so.cred.props | xargs -0)
+ export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ export KEYSTORE=file://$cadi_keystore
+ export KEYSTORE_PASSWORD=$cadi_keystore_password_p12
+ export TRUSTSTORE=file://$cadi_truststore
+ export TRUSTSTORE_PASSWORD=$cadi_truststore_password
+ {{- end }}
+ /app/start-app.sh
env:
- name: DB_HOST
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.host
+ value: {{ include "common.mariadbService" . }}
- name: DB_PORT
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.port
+ value: {{ include "common.mariadbPort" . | quote }}
- name: DB_USERNAME
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- name: DB_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- name: DB_ADMIN_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
+ - name: SO_MONITORING_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "login") | indent 10 }}
+ - name: SO_MON_PASS
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "password") | indent 10 }}
+
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
+ volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
- name: logs
mountPath: /app/logs
- name: config
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
protocol: TCP
- volumes:
+ volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
- name: config
+{{/*
# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.secretFast" . }}
+{{/*
# ============LICENSE_START=======================================================
# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modifications © 2020 Nokia
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# SPDX-License-Identifier: Apache-2.0
# ============LICENSE_END=========================================================
# @author: gareth.roper@ericsson.com
+*/}}
apiVersion: v1
kind: Service
metadata:
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
spec:
+ {{if .Values.global.aafEnabled -}}
type: {{ .Values.service.type }}
+ {{- else -}}
+ type: ClusterIP
+ {{- end }}
ports:
- {{if eq .Values.service.type "NodePort" -}}
+ {{if and (eq .Values.service.type "NodePort") (.Values.global.aafEnabled) -}}
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
name: {{ .Values.service.portName }}
# ============LICENSE_START=======================================================
# Copyright (C) 2018 Ericsson. All rights reserved.
# Copyright (C) 2020 Huawei
+# Modifications Copyright © 2020 Nokia
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
readinessImage: onap/oom/readiness:3.0.1
aafAgentImage: onap/aaf/aaf_agent:2.1.20
envsubstImage: dibi/envsubst
+ aafEnabled: true
persistence:
mountPath: /dockerdata-nfs
+ security:
+ aaf:
+ enabled: true
+ aaf:
+ auth:
+ header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
+ mariadbGalera:
+ serviceName: mariadb-galera
+ servicePort: '3306'
#################################################################
# Secrets metaconfig
login: '{{ .Values.db.adminName }}'
password: '{{ .Values.db.adminPassword }}'
passwordPolicy: required
+ - uid: app-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.server.monitoring.soMonitoringCredsExternalSecret) . }}'
+ login: '{{ .Values.server.monitoring.username }}'
+ password: '{{ .Values.server.monitoring.password }}'
#secretsFilePaths: |
# - 'my file 1'
# - '{{ include "templateThatGeneratesFileName" . }}'
-#################################################################
-# AAF part
-#################################################################
-soHelpers:
- nameOverride: so-monitoring-cert-init
- certInitializer:
- nameOverride: so-monitoring-cert-init
- credsPath: /opt/app/osaaf/local
-
#################################################################
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/so-monitoring:1.6.4
+image: onap/so/so-monitoring:1.7.7
pullPolicy: Always
db:
replicaCount: 1
minReadySeconds: 10
-containerPort: 9091
+containerPort: &containerPort 9091
logPath: app/logs/
app: so-monitoring
+
+#################################################################
+# soHelpers part
+#################################################################
+soHelpers:
+ nameOverride: so-monitoring-cert-init
+ certInitializer:
+ nameOverride: so-monitoring-cert-init
+ credsPath: /opt/app/osaaf/local
+ cadi:
+ apiEnforcement: org.onap.so.monitoringPerm
+ containerPort: *containerPort
+
+server:
+ monitoring:
+ username: demo
+ # password: demo123456!
+ # soMonitoringCredsExternalSecret: some secret
+
service:
#Since this is a feature for monitoring the service type is changed to internal, users can change it to NodePort on need basis...
- type: ClusterIP
+ type: NodePort
nodePort: 24
- internalPort: 9091
- externalPort: 9091
+ internalPort: *containerPort
+ externalPort: *containerPort
portName: so-monitor-port
updateStrategy:
type: RollingUpdate
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
+ - name: readinessCheck
+ version: ~6.x-0
+ repository: '@local'
- name: soHelpers
version: ~6.x-0
repository: 'file://../soHelpers'
+{{/*
# Copyright © 2020 Huawei Technologies Co., Ltd.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
aai:
auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}}
endpoint: https://aai.{{ include "common.namespace" . }}:8443
+{{/*
# Copyright © 2020 Huawei Technologies Co., Ltd.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
metadata: {{- include "common.resourceMetadata" (dict "dot" . "suffix" "env") | nindent 2 }}
+{{/*
# Copyright © 2020 Huawei Technologies Co., Ltd.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: Deployment
metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
metadata:
labels: {{- include "common.labels" . | nindent 8 }}
spec:
- initContainers: {{ include "so.certificate.container_importer" . | nindent 8 }}
- - name: {{ include "common.name" . }}-readiness
- command:
- - /app/ready.py
- args:
- - --job-name
- - {{ include "common.release" . }}-so-mariadb-config-job
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "common.repository" . }}/{{ .Values.global.readinessImage }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ initContainers:
+ {{ include "so.certificate.container_importer" . | indent 6 | trim }}
+ {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
containers:
- name: {{ include "common.name" . }}
command:
export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
{{- if .Values.global.security.aaf.enabled }}
- export KEYSTORE_PASSWORD="${cadi_keystore_password}"
+ export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
{{- end }}
./start-app.sh
ports: {{- include "common.containerPorts" . | nindent 12 }}
env:
- name: DB_HOST
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.host
+ value: {{ include "common.mariadbService" . }}
- name: DB_PORT
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.port
+ value: {{ include "common.mariadbPort" . | quote }}
- name: DB_USERNAME
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 14 }}
- name: DB_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "login") | indent 14 }}
- name: ACTUATOR_PASSWORD_INPUT
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "password") | indent 14 }}
- {{ include "so.certificates.env" . | indent 8 | trim }}
+ {{ include "so.certificates.env" . | nindent 12 }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-env
- name: config
mountPath: /app/config
readOnly: true
- - name: {{ include "common.fullname" . }}-truststore
- mountPath: /app/client
- readOnly: true
livenessProbe:
httpGet:
path: {{ index .Values.livenessProbe.path}}
- name: config
configMap:
name: {{ include "common.fullname" . }}
- - name: {{ include "common.fullname" . }}-truststore
- secret:
- secretName: {{ include "common.release" . }}-so-truststore-secret
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
+{{/*
# Copyright © 2020 Huawei Technologies Co., Ltd.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2020 Huawei Technologies Co., Ltd.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.service" . }}
aaf:
auth:
header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
+ mariadbGalera:
+ serviceName: mariadb-galera
+ servicePort: '3306'
+
+readinessCheck:
+ wait_for:
+ - so-mariadb-config
+
#################################################################
# Secrets metaconfig
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/nssmf-adapter:1.6.4
+image: onap/so/nssmf-adapter:1.7.10
pullPolicy: Always
db:
{{ include "common.resources" . | indent 10 }}
env:
- name: DB_HOST
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.host
+ value: {{ include "common.mariadbService" . }}
- name: DB_PORT
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.port
+ value: {{ include "common.mariadbPort" . | quote }}
- name: DB_USERNAME
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- name: DB_PASSWORD
aaf:
auth:
header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
+ mariadbGalera:
+ serviceName: mariadb-galera
+ servicePort: '3306'
+
# Secrets metaconfig
#################################################################
db:
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/so-oof-adapter:1.7.2
+image: onap/so/so-oof-adapter:1.7.4
pullPolicy: Always
mso:
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
+ - name: readinessCheck
+ version: ~6.x-0
+ repository: '@local'
- name: soHelpers
version: ~6.x-0
repository: 'file://../soHelpers'
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
aai:
auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.aai.auth )}}
endpoint: https://aai.{{ include "common.namespace" . }}:8443
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
data:
LOG_PATH: {{ index .Values.logPath }}
name: {{ include "common.fullname" . }}-log
namespace: {{ include "common.namespace" . }}
data:
-{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
\ No newline at end of file
+{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: Deployment
metadata:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- - command:
- - /app/ready.py
- args:
- - --job-name
- - {{ include "common.release" . }}-so-mariadb-config-job
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
+ initContainers:
+ {{ include "so.certificate.container_importer" . | indent 6 | trim }}
+ {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "common.repository" . }}/{{ .Values.image }}
export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
{{- if .Values.global.security.aaf.enabled }}
- export KEYSTORE_PASSWORD="${cadi_keystore_password}"
+ export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
/app/start-app.sh
{{- end }}
env:
- name: DB_HOST
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.host
+ value: {{ include "common.mariadbService" . }}
- name: DB_PORT
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.port
+ value: {{ include "common.mariadbPort" . | quote }}
- name: DB_USERNAME
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- name: DB_PASSWORD
+{{/*
# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
metadata:
aaf:
auth:
encrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
+ mariadbGalera:
+ serviceName: mariadb-galera
+ servicePort: '3306'
+
+readinessCheck:
+ wait_for:
+ - so-mariadb-config
#################################################################
# Secrets metaconfig
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/openstack-adapter:1.6.4
+image: onap/so/openstack-adapter:1.7.10
pullPolicy: Always
repository: nexus3.onap.org:10001
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
+ - name: readinessCheck
+ version: ~6.x-0
+ repository: '@local'
- name: soHelpers
version: ~6.x-0
repository: 'file://../soHelpers'
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# See the License for the specific language governing permissions and
# limitations under the License.
# will be used as entry in DB to say SITE OFF/ON for healthcheck
+*/}}
server:
port: {{ index .Values.containerPort }}
tomcat:
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
data:
LOG_PATH: {{ index .Values.logPath }}
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: Deployment
metadata:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- - command:
- - /app/ready.py
- args:
- - --job-name
- - {{ include "common.release" . }}-so-mariadb-config-job
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
+ initContainers:
+ {{ include "so.certificate.container_importer" . | indent 6 | trim }}
+ {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "common.repository" . }}/{{ .Values.image }}
export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
{{- if .Values.global.security.aaf.enabled }}
- export KEYSTORE_PASSWORD="${cadi_keystore_password}"
+ export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
/app/start-app.sh
{{- end }}
env:
- name: DB_HOST
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.host
+ value: {{ include "common.mariadbService" . }}
- name: DB_PORT
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.port
+ value: {{ include "common.mariadbPort" . | quote }}
- name: DB_USERNAME
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- name: DB_PASSWORD
+{{/*
# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
metadata:
aaf:
auth:
header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
+ mariadbGalera:
+ serviceName: mariadb-galera
+ servicePort: '3306'
+
+readinessCheck:
+ wait_for:
+ - so-mariadb-config
#################################################################
# Secrets metaconfig
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/request-db-adapter:1.6.4
+image: onap/so/request-db-adapter:1.7.10
pullPolicy: Always
db:
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
+ - name: readinessCheck
+ version: ~6.x-0
+ repository: '@local'
- name: soHelpers
version: ~6.x-0
repository: 'file://../soHelpers'
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
aai:
auth: {{.Values.aai.auth}}
server:
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
data:
LOG_PATH: {{ index .Values.logPath }}
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: Deployment
metadata:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- - command:
- - /app/ready.py
- args:
- - --job-name
- - {{ include "common.release" . }}-so-mariadb-config-job
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
+ initContainers:
+ {{ include "so.certificate.container_importer" . | indent 6 | trim }}
+ {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "common.repository" . }}/{{ .Values.image }}
export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
{{- if .Values.global.security.aaf.enabled }}
- export KEYSTORE_PASSWORD="${cadi_keystore_password}"
+ export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
/app/start-app.sh
{{- end }}
env:
- name: DB_HOST
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.host
+ value: {{ include "common.mariadbService" . }}
- name: DB_PORT
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.port
+ value: {{ include "common.mariadbPort" . | quote }}
- name: DB_USERNAME
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- name: DB_PASSWORD
+{{/*
# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
metadata:
aaf:
auth:
header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
+ mariadbGalera:
+ serviceName: mariadb-galera
+ servicePort: '3306'
+
+readinessCheck:
+ wait_for:
+ - so-mariadb-config
#################################################################
# Secrets metaconfig
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/sdc-controller:1.6.4
+image: onap/so/sdc-controller:1.7.10
pullPolicy: Always
db:
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
server:
port: {{ index .Values.containerPort }}
mso:
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
data:
LOG_PATH: {{ index .Values.logPath }}
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: Deployment
metadata:
export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
{{- if .Values.global.security.aaf.enabled }}
- export KEYSTORE_PASSWORD="${cadi_keystore_password}"
+ export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
/app/start-app.sh
{{- end }}
env:
- name: DB_HOST
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.host
+ value: {{ include "common.mariadbService" . }}
- name: DB_PORT
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.port
+ value: {{ include "common.mariadbPort" . | quote }}
- name: DB_USERNAME
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- name: DB_PASSWORD
+{{/*
# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
metadata:
aaf:
auth:
header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
+ mariadbGalera:
+ serviceName: mariadb-galera
+ servicePort: '3306'
#################################################################
# Secrets metaconfig
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/sdnc-adapter:1.6.4
+image: onap/so/sdnc-adapter:1.7.10
pullPolicy: Always
org:
+++ /dev/null
-# Copyright © 2018 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-apiVersion: v1
-description: A Helm chart for so secrets
-name: so-secrets
-version: 6.0.0
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-dependencies:
- - name: common
- version: ~6.x-0
- # local reference to common chart, as it is
- # a part of this chart's package and will not
- # be published independently to a repo (at this point)
- repository: '@local'
+++ /dev/null
-# Copyright © 2018 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ .Release.Name }}-so-client-certs-secret
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ .Release.Name }}
- heritage: {{ .Release.Service }}
-data:
- trustStorePassword: {{ .Values.global.client.certs.trustStorePassword }}
- keyStorePassword: {{ .Values.global.client.certs.keyStorePassword}}
-type: Opaque
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.release" . }}-so-truststore-secret
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ .Release.Name }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }}
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
+ - name: readinessCheck
+ version: ~6.x-0
+ repository: '@local'
- name: soHelpers
version: ~6.x-0
repository: 'file://../soHelpers'
+{{/*
# Copyright © 2020 Samsung# Copyright © 2020 Samsung
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
server:
port: {{ include "common.getPort" (dict "global" . "name" "http") }}
+{{/*
# Copyright © 2020 Samsung
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
+{{/*
# Copyright © 2020 Samsung
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: Deployment
metadata:
labels: {{- include "common.labels" . | nindent 8 }}
spec:
- initContainers: {{ include "so.certificate.container_importer" . | nindent 8 }}
- - name: {{ include "common.name" . }}-readiness
- command:
- - /app/ready.py
- args:
- - --container-name
- - aai
- - --container-name
- - message-router
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "common.repository" . }}/{{ .Values.global.readinessImage }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
+ {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
containers:
- name: {{ include "common.name" . }}
envFrom:
+{{/*
# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2020 Samsung
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.service" . }}
persistence:
mountPath: /dockerdata-nfs
+readinessCheck:
+ wait_for:
+ - aai
+ - message-router
+
#################################################################
# Application configuration defaults.
#################################################################
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
+ - name: readinessCheck
+ version: ~6.x-0
+ repository: '@local'
- name: soHelpers
version: ~6.x-0
repository: 'file://../soHelpers'
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
logging:
path: logs
spring:
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
data:
LOG_PATH: {{ index .Values.logPath }}
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: Deployment
metadata:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- - command:
- - /app/ready.py
- args:
- - --job-name
- - {{ include "common.release" . }}-so-mariadb-config-job
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
+ initContainers:
+ {{ include "so.certificate.container_importer" . | indent 6 | trim }}
+ {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "common.repository" . }}/{{ .Values.image }}
export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
{{- if .Values.global.security.aaf.enabled }}
- export KEYSTORE_PASSWORD="${cadi_keystore_password}"
+ export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
/app/start-app.sh
{{- end }}
env:
- name: DB_HOST
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.host
+ value: {{ include "common.mariadbService" . }}
- name: DB_PORT
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.port
+ value: {{ include "common.mariadbPort" . | quote }}
- name: DB_USERNAME
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- name: DB_PASSWORD
+{{/*
# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
metadata:
aaf:
auth:
header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
+ mariadbGalera:
+ serviceName: mariadb-galera
+ servicePort: '3306'
+
+readinessCheck:
+ wait_for:
+ - so-mariadb-config
#################################################################
# Secrets metaconfig
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/vfc-adapter:1.6.4
+image: onap/so/vfc-adapter:1.7.10
pullPolicy: Always
db:
+{{/*
# Copyright © 2019 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
aai:
auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}}
version: v15
server:
port: {{ index .Values.containerPort }}
ssl:
- key-alias: so@so.onap.org
- key--store-password: 'ywsqCy:EEo#j}HJHM7z^Rk[L'
- key-store: classpath:so-vnfm-adapter.p12
- key-store-type: PKCS12
-http:
- client:
- ssl:
- trust-store: classpath:org.onap.so.trust.jks
- trust-store-password: ',sx#.C*W)]wVgJC6ccFHI#:H'
+ enabled: false
mso:
key: {{ .Values.mso.key }}
site-name: localSite
key: {{ .Values.sdc.key }}
endpoint: https://sdc-be.{{ include "common.namespace" . }}:8443
vnfmadapter:
- endpoint: https://so-vnfm-adapter.{{ include "common.namespace" . }}:9092
+ endpoint: http://so-vnfm-adapter.{{ include "common.namespace" . }}:9092
etsi-catalog-manager:
vnfpkgm:
{{- if .Values.global.msbEnabled }}
http:
client:
ssl:
- trust-store: ${TRUSTSTORE}
+ trust-store: file:${TRUSTSTORE}
trust-store-password: ${TRUSTSTORE_PASSWORD}
{{- else }}
endpoint: http://modeling-etsicatalog.{{ include "common.namespace" . }}:8806/api/vnfpkgm/v1
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
data:
LOG_PATH: {{ index .Values.logPath }}
+{{/*
# Copyright © 2019 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: Deployment
metadata:
- |
export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
- {{- if .Values.global.security.aaf.enabled }}
- export KEYSTORE_PASSWORD="${cadi_keystore_password}"
- {{- end }}
+ export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
+ export KEYSTORE="{{ .Values.soHelpers.certInitializer.credsPath }}/org.onap.so.p12"
/app/start-app.sh
{{- end }}
env:
- name: config
mountPath: /app/config
readOnly: true
- - name: {{ include "common.fullname" . }}-truststore
- mountPath: /app/client
- readOnly: true
livenessProbe:
tcpSocket:
port: {{ index .Values.livenessProbe.port }}
- name: config
configMap:
name: {{ include "common.fullname" . }}-app-configmap
- - name: {{ include "common.fullname" . }}-truststore
- secret:
- secretName: {{ include "common.release" . }}-so-truststore-secret
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
+{{/*
# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2019 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
metadata:
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/vnfm-adapter:1.6.4
+image: onap/so/vnfm-adapter:1.7.10
pullPolicy: Always
aaf:
{{ include "common.certInitializer.initContainer" $subchartDot }}
{{- if $dot.Values.global.aafEnabled }}
- name: {{ include "common.name" $dot }}-msb-cert-importer
- image: "{{ include "common.repository" $dot }}/{{ $dot.Values.global.aafAgentImage }}"
+ image: "{{ include "common.repository" $subchartDot }}/{{ $dot.Values.global.aafAgentImage }}"
imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }}
command:
- "/bin/sh"
keytool -import -trustcacerts -alias msb_root -file \
/certificates/msb-ca.crt -keystore \
"{{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.aaf.trustore }}" \
- -keypass $cadi_truststore_password -noprompt
+ -storepass $cadi_truststore_password -noprompt
+ keytool -importkeystore -srckeystore "{{ $subchartDot.Values.certInitializer.credsPath }}/truststoreONAPall.jks" \
+ -srcstorepass {{ $subchartDot.Values.certInitializer.trustStoreAllPass }} \
+ -destkeystore "{{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.aaf.trustore }}" \
+ -deststorepass $cadi_truststore_password -noprompt
volumeMounts:
{{ include "common.certInitializer.volumeMount" $subchartDot | indent 2 | trim }}
- name: {{ include "common.name" $dot }}-msb-certificate
value: {{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.aaf.trustore }}
{{- if $dot.Values.global.security.aaf.enabled }}
- name: KEYSTORE
- value: {{ $subchartDot.Values.certInitializer.credsPath }}/org.onap.so.jks
+ value: {{ $subchartDot.Values.certInitializer.credsPath }}/org.onap.so.p12
{{- end }}
{{- end }}
{{- end -}}
# Secrets metaconfig
#################################################################
secrets:
- - uid: "so-onap-certs"
+ - uid: 'so-onap-certs'
name: '{{ include "common.release" . }}-so-certs'
externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
type: generic
fqdn: so
fqi: so@so.onap.org
public_fqdn: so.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
+ cadi_longitude: '0.0'
+ cadi_latitude: '0.0'
app_ns: org.osaaf.aaf
credsPath: /opt/app/osaaf/local
+ trustStoreAllPass: changeit
aaf_add_config: >
/opt/app/aaf_config/bin/agent.sh local showpass
{{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
+ - name: readinessCheck
+ version: ~6.x-0
+ repository: '@local'
- name: mariadb-galera
version: ~6.x-0
repository: '@local'
version: ~6.x-0
repository: 'file://components/so-catalog-db-adapter'
condition: so-catalog-db-adapter.enabled
- - name: so-db-secrets
- version: ~6.x-0
- repository: 'file://components/so-db-secrets'
- condition: so-etsi-nfvo-ns-lcm.enabled
- name: so-etsi-nfvo-ns-lcm
version: ~6.x-0
repository: 'file://components/so-etsi-nfvo-ns-lcm'
version: ~6.x-0
repository: 'file://components/so-sdnc-adapter'
condition: so-sdnc-adapter.enabled
- - name: so-secrets
- version: ~6.x-0
- repository: 'file://components/so-secrets'
- name: so-ve-vnfm-adapter
version: ~6.x-0
repository: 'file://components/so-ve-vnfm-adapter'
#!/bin/sh
+{{/*
# Copyright 2015 AT&T Intellectual Properties
##############################################################################
# Script to initialize the chef-repo branch and.chef
#
##############################################################################
+*/}}
# Copy the certificates
echo 'Copying the *.crt provided in /shared folder'
cp --verbose /shared/*.crt /usr/local/share/ca-certificates
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
data:
LOG_PATH: {{ index .Values.logPath }}
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: Deployment
metadata:
spec:
initContainers:
{{ include "so.certificate.container_importer" . | indent 6 | trim }}
- - name: {{ include "common.name" . }}-readiness
- command:
- - /app/ready.py
- args:
- - --job-name
- - {{ include "common.release" . }}-so-mariadb-config-job
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "common.repository" . }}/{{ .Values.image }}
export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
{{- if .Values.global.security.aaf.enabled }}
- export KEYSTORE_PASSWORD="${cadi_keystore_password}"
+ export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
/app/start-app.sh
{{- end }}
env:
- name: DB_HOST
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.host
+ value: {{ include "common.mariadbService" . }}
- name: DB_PORT
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.port
+ value: {{ include "common.mariadbPort" . | quote }}
- name: DB_USERNAME
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- name: DB_PASSWORD
+{{/*
# Copyright © 2020 Samsung Electronics
# Modifications Copyright © 2020 Orange
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
metadata:
nameOverride: mariadb-galera
serviceName: mariadb-galera
servicePort: '3306'
+ service: mariadb-galera
+ internalPort: '3306'
# mariadbRootPassword: secretpassword
# rootPasswordExternalSecret: some secret
#This flag allows SO to instantiate its own mariadb-galera cluster,
path: /etc/ssl/certs
share_path: /usr/local/share/ca-certificates/
+readinessCheck:
+ wait_for:
+ - so-mariadb-config
+
#################################################################
# Secrets metaconfig
#################################################################
adminName: so_admin
repository: nexus3.onap.org:10001
-image: onap/so/api-handler-infra:1.6.4
+image: onap/so/api-handler-infra:1.7.10
pullPolicy: Always
replicaCount: 1
minReadySeconds: 10
auth: basic bXNvX2FkbWlufHBhc3N3b3JkMSQ=
so-appc-orchestrator:
- enabled: true
+ enabled: false
db:
<<: *dbSecrets
<<: *dbSecrets
so-ve-vnfm-adapter:
- enabled: true
+ enabled: false
so-vfc-adapter:
enabled: true
"port": "{{.Values.service.externalPort}}",
"enable_ssl": {{ .Values.global.config.ssl_enabled }},
"visualRange":"1"
+ },
+ {
+ "serviceName": "nslcm",
+ "version": "v2",
+ "url": "/api/nslcm/v2",
+ "protocol": "REST",
+ "port": "{{.Values.service.externalPort}}",
+ "enable_ssl": {{ .Values.global.config.ssl_enabled }},
+ "visualRange":"1"
}
]'
spec:
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/nslcm:1.4.0
+image: onap/vfc/nslcm:1.4.1
pullPolicy: Always
#Istio sidecar injection policy
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: Deployment
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: batch/v1
kind: Job
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/vnfsdk/refrepo:1.6.0
+image: onap/vnfsdk/refrepo:1.6.2
postgresRepository: crunchydata
postgresImage: crunchy-postgres:centos7-10.3-1.8.2
pullPolicy: Always
Code Review / oom.git / commitdiff