+------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
| APPC | Yes | No | No | kubernetes/appc/resources/config/certs/org.onap.appc.p12 |
+------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | MSB | Yes | No? | Yes | kubernetes/msb/resources/config/certificates |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | MUSIC | Yes | No? | No? | kubernetes/common/music/charts/music/resources/keys/ |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
| SDC | Yes | No? | No? | kubernetes/sdc/resources/cert |
+------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
| SO | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
name: "aaf-cm"
port: 8150
config:
- ssl: "none"
+ ssl: "redirect"
# Configure resource requests and limits
resources:
name: "aaf-gui"
port: 8200
config:
- ssl: "none"
+ ssl: "redirect"
# Configure resource requests and limits
resources:
{{ include "common.ingress" . }}
-
-
name: "aaf-locate"
port: 8095
config:
- ssl: "none"
+ ssl: "redirect"
# Configure resource requests and limits
resources:
--- /dev/null
+
+{{ include "common.ingress" . }}
name: "aaf-oauth"
port: 8140
config:
- ssl: "none"
+ ssl: "redirect"
# Configure resource requests and limits
resources:
name: "aaf-service"
port: 8100
config:
- ssl: "none"
+ ssl: "redirect"
# Configure resource requests and limits
resources:
name: "appc-cdt"
port: 18080
config:
- ssl: "none"
+ ssl: "redirect"
# Configure resource requests and limits
# ref: http://kubernetes.io/docs/user-guide/compute-resources/
service:
name: appc-dgbuilder
+ ingress:
+ enabled: false
+ service:
+ - baseaddr: "appc-dgbuilder"
+ name: "appc-dgbuilder"
+ port: 3000
+ config:
+ ssl: "redirect"
+
#passing value to cdt chart. value of nodePort3 will be same as appc.service.nodePort3.
appc-cdt:
nodePort3: 11
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+ - name: fix-permission
+ command:
+ - chown
+ - -R
+ - 100:101
+ - /opt/app/onap/blueprints/deploy
+ image: busybox:latest
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: {{ .Values.persistence.deployedBlueprint }}
+ name: {{ include "common.fullname" . }}-blueprints
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-blueprintsprocessor:0.7.1
+image: onap/ccsdk-blueprintsprocessor:0.7.2
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-commandexecutor:0.7.1
+image: onap/ccsdk-commandexecutor:0.7.2
pullPolicy: Always
# application configuration
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-sdclistener:0.7.1
+image: onap/ccsdk-sdclistener:0.7.2
name: sdc-listener
pullPolicy: Always
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
- # side car containers
- # - name: filebeat-onap
- # image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- # imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- # volumeMounts:
- # - mountPath: /usr/share/filebeat/filebeat.yml
- # name: filebeat-conf
- # subPath: filebeat.yml
- # - mountPath: /home/esr/works/logs
- # name: esr-server-logs
- # - mountPath: /usr/share/filebeat/data
- # name: esr-server-filebeat
volumes:
- name: localtime
hostPath:
path: /etc/localtime
- # - name: filebeat-conf
- # configMap:
- # name: {{ include "common.fullname" . }}-esr-filebeat
- # - name: esr-server-logs
- # emptyDir: {}
- # - name: esr-server-filebeat
- # emptyDir: {}
- # - name: esrserver-log
- # configMap:
- # name: {{ include "common.fullname" . }}-esr-esrserver-log
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-cds-ui-server:0.7.1
+image: onap/ccsdk-cds-ui-server:0.7.2
pullPolicy: Always
# application configuration
service:
- baseaddr: "cdsui"
name: "cds-ui"
- port: 8080
- config:
- ssl: "none"
+ port: 3000
+ config:
+ ssl: "redirect"
# Resource Limit flavor -By Default using small
flavor: small
name: {{ include "common.fullname" . }}-config
subPath: sdc-controllers-config.json
env:
- - name: SPRING_APPLICATION_JSON
- valueFrom:
- configMapKeyRef:
- name: {{ template "common.fullname" . }}
- key: spring_application_json
+ - name: MYSQL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
+ - name: MYSQL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
+ - name: MYSQL_DATABASE
+ value: {{ tpl .Values.db.databaseName .}}
+ - name: SPRING_APPLICATION_JSON
+ valueFrom:
+ configMapKeyRef:
+ name: {{ template "common.fullname" . }}
+ key: spring_application_json
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
readinessImage: readiness-check:2.0.0
persistence: {}
+secrets:
+ - uid: db-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.user }}'
+ password: '{{ .Values.db.password }}'
+ passwordPolicy: required
+
flavor: small
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-backend:5.0.4
+image: onap/clamp-backend:5.0.6
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# Application configuration defaults.
#################################################################
+
+db: {}
+
config:
log:
logstashServiceName: log-ls
mysqlPassword: strong_pitchou
dataRootDir: /dockerdata-nfs
springApplicationJson: >
- {
- "spring.datasource.cldsdb.url": "jdbc:mariadb:sequential://clampdb.{{ include "common.namespace" . }}:3306/cldsdb4?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3",
+ {
+ "spring.datasource.username": "${MYSQL_USER}",
+ "spring.datasource.password": "${MYSQL_PASSWORD}",
+ "spring.datasource.url": "jdbc:mariadb:sequential://clampdb.{{ include "common.namespace" . }}:3306/${MYSQL_DATABASE}?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3",
"spring.profiles.active": "clamp-default,clamp-aaf-authentication,clamp-sdc-controller,clamp-ssl-config,clamp-policy-controller,legacy-operational-policy,default-dictionary-elements",
"clamp.config.files.sdcController": "file:/opt/clamp/sdc-controllers-config.json",
"clamp.config.dcae.inventory.url": "https4://inventory.{{ include "common.namespace" . }}:8080",
"clamp.config.policy.pap.userName": "healthcheck",
"clamp.config.policy.pap.password": "zb!XztG34",
"clamp.config.cadi.aafLocateUrl": "https://aaf-locate.{{ include "common.namespace" . }}:8095"
- }
+ }
# default number of instances
replicaCount: 1
--- /dev/null
+# Copyright © 2020 Samsung, Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.ingress" . }}
nodePort: 90
ingress:
enabled: false
+ service:
+ - baseaddr: "cdash-kibana"
+ name: "cdash-kibana"
+ port: 5601
+ config:
+ ssl: "redirect"
#resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
+++ /dev/null
-#!/bin/sh
-
-###
-# ============LICENSE_START=======================================================
-# ONAP CLAMP
-# ================================================================================
-# Copyright (C) 2017 AT&T Intellectual Property. All rights
-# reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END============================================
-# ===================================================================
-#
-###
-
-mysql -uroot -p$MYSQL_ROOT_PASSWORD -f < /docker-entrypoint-initdb.d/bulkload/create-db.sql
-## New model creation
-mysql -uroot -p$MYSQL_ROOT_PASSWORD -f cldsdb4 < /docker-entrypoint-initdb.d/bulkload/create-tables.sql
+++ /dev/null
-#
-# Create CLDS database objects (tables, etc.)
-#
-#
-CREATE DATABASE `cldsdb4`;
-USE `cldsdb4`;
-DROP USER 'clds';
-CREATE USER 'clds';
-GRANT ALL on cldsdb4.* to 'clds' identified by 'sidnnd83K' with GRANT OPTION;
-FLUSH PRIVILEGES;
-
#{{ if not .Values.disableClampClampMariadb }}
apiVersion: v1
kind: ConfigMap
-metadata:
- name: clamp-entrypoint-initdb-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/mariadb/docker-entrypoint-initdb.d/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
metadata:
name: clamp-entrypoint-bulkload-configmap
namespace: {{ include "common.namespace" . }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
data:
-{{ tpl (.Files.Glob "resources/config/mariadb/docker-entrypoint-initdb.d/bulkload/*").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/mariadb/docker-entrypoint-initdb.d/*").AsConfig . | indent 2 }}
---
apiVersion: v1
kind: ConfigMap
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- - name: MYSQL_ROOT_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}
- key: db-root-password
+ - name: MYSQL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
+ - name: MYSQL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
+ - name: MYSQL_ROOT_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 12 }}
+ - name: MYSQL_DATABASE
+ value: {{ tpl .Values.db.databaseName .}}
volumeMounts:
- - mountPath: /docker-entrypoint-initdb.d/bootstrap-database.sh
- name: docker-entrypoint-initdb
- subPath: bootstrap-database.sh
- mountPath: /etc/localtime
name: localtime
readOnly: true
- - mountPath: /docker-entrypoint-initdb.d/bulkload/
+ - mountPath: /docker-entrypoint-initdb.d/
name: docker-entrypoint-bulkload
- mountPath: /etc/mysql/conf.d/conf1/
name: clamp-mariadb-conf
{{- else }}
emptyDir: {}
{{- end }}
- - name: docker-entrypoint-initdb
- configMap:
- name: clamp-entrypoint-initdb-configmap
- name: docker-entrypoint-bulkload
configMap:
name: clamp-entrypoint-bulkload-configmap
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
- db-root-password: {{ .Values.config.mysqlPassword | b64enc | quote }}
+{{ include "common.secretFast" . }}
nodePortPrefix: 302
persistence: {}
-
# application image
repository: nexus3.onap.org:10001
image: mariadb:10.3.12
pullPolicy: Always
flavor: small
-
#################################################################
-# Application configuration defaults.
+# Secrets metaconfig
#################################################################
-config:
- mysqlPassword: strong_pitchou
+secrets:
+ - uid: db-root-pass
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.db.rootCredsExternalSecret) . }}'
+ password: '{{ .Values.db.rootPass }}'
+ - uid: db-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.user }}'
+ password: '{{ .Values.db.password }}'
+
+# Application configuration
+db: {}
# default number of instances
replicaCount: 1
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
loggingImage: beats/filebeat:5.5.0
centralizedLoggingEnabled: false
+secrets:
+ - uid: db-root-pass
+ name: &dbRootPass '{{ include "common.release" . }}-clamp-db-root-pass'
+ type: password
+ password: '{{ .Values.db.rootPass }}'
+ - uid: db-secret
+ name: &dbUserPass '{{ include "common.release" . }}-clamp-db-user-pass'
+ type: basicAuth
+ login: '{{ .Values.db.user }}'
+ password: '{{ .Values.db.password }}'
+
+db:
+ user: clds
+# password: sidnnd83K
+ databaseName: &dbName cldsdb4
+# rootPass: emrys user: testos
+
+clamp-backend:
+ db:
+ userCredsExternalSecret: *dbUserPass
+ databaseName: *dbName
+mariadb:
+ db:
+ rootCredsExternalSecret: *dbRootPass
+ userCredsExternalSecret: *dbUserPass
+ databaseName: *dbName
+
subChartsOnly:
enabled: true
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-frontend:5.0.3
+image: onap/clamp-frontend:5.0.6
pullPolicy: Always
# flag to enable debugging - application support required
name: cli
port: 9090
config:
- ssl: "none"
+ ssl: "redirect"
# Configure resource requests and limits
# ref: http://kubernetes.io/docs/user-guide/compute-resources/
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: Template used to obtain certificates in onap
+name: certInitializer
+version: 6.0.0
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+# Copyright © 2018 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-
dependencies:
- name: common
version: ~6.x-0
- repository: '@local'
\ No newline at end of file
+ repository: 'file://../common'
--- /dev/null
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+
+
+{{- define "common.certInitializer._aafConfigVolumeName" -}}
+ {{ include "common.fullname" . }}-aaf-config
+{{- end -}}
+
+{{- define "common.certInitializer._aafAddConfigVolumeName" -}}
+ {{ print "aaf-add-config" }}
+{{- end -}}
+
+{{/*
+ common templates to enable cert initialization for applictaions
+
+ In deployments/jobs/stateful include:
+ initContainers:
+ {{ include "common.certInitializer.initContainer" . | nindent XX }}
+
+ containers:
+ volumeMounts:
+ {{- include "common.certInitializer.volumeMount" . | nindent XX }}
+ volumes:
+ {{- include "common.certInitializer.volume" . | nindent XX}}
+*/}}
+{{- define "common.certInitializer._initContainer" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.certInitializer .initRoot -}}
+{{- $initName := default "certInitializer" -}}
+{{/* Our version of helm doesn't support deepCopy so we need this nasty trick */}}
+{{- $subchartDot := mergeOverwrite (fromJson (toJson $dot)) (dict "Chart" (set (fromJson (toJson .Chart)) "Name" $initRoot.nameOverride) "Values" $initRoot) }}
+- name: {{ include "common.name" $dot }}-aaf-readiness
+ image: "{{ $dot.Values.global.readinessRepository }}/{{ $dot.Values.global.readinessImage }}"
+ imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
+ command:
+ - /root/ready.py
+ args:
+ - --container-name
+ - aaf-locate
+ - --container-name
+ - aaf-cm
+ - --container-name
+ - aaf-service
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+- name: {{ include "common.name" $dot }}-aaf-config
+ image: {{ (default $dot.Values.repository $dot.Values.global.repository) }}/{{ $dot.Values.global.aafAgentImage }}
+ imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: {{ $initRoot.mountPath }}
+ name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }}
+{{- if $initRoot.aaf_add_config }}
+ - name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }}
+ mountPath: /opt/app/aaf_config/bin/aaf-add-config.sh
+ subPath: aaf-add-config.sh
+{{- end }}
+ command:
+ - sh
+ - -c
+ - |
+ #!/usr/bin/env bash
+ /opt/app/aaf_config/bin/agent.sh
+{{- if $initRoot.aaf_add_config }}
+ /opt/app/aaf_config/bin/aaf-add-config.sh
+{{- end }}
+ env:
+ - name: APP_FQI
+ value: "{{ $initRoot.fqi }}"
+ - name: aaf_locate_url
+ value: "https://aaf-locate.{{ $dot.Release.Namespace}}:8095"
+ - name: aaf_locator_container
+ value: "oom"
+ - name: aaf_locator_container_ns
+ value: "{{ $dot.Release.Namespace }}"
+ - name: aaf_locator_fqdn
+ value: "{{ $initRoot.fqdn }}"
+ - name: aaf_locator_app_ns
+ value: "{{ $initRoot.app_ns }}"
+ - name: DEPLOY_FQI
+ {{- include "common.secret.envFromSecretFast" (dict "global" $subchartDot "uid" "deployer-creds" "key" "login") | indent 6 }}
+ - name: DEPLOY_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" $subchartDot "uid" "deployer-creds" "key" "password") | indent 6 }}
+ #Note: want to put this on Nodes, eventually
+ - name: cadi_longitude
+ value: "{{ default "52.3" $initRoot.cadi_longitude }}"
+ - name: cadi_latitude
+ value: "{{ default "13.2" $initRoot.cadi_latitude }}"
+ #Hello specific. Clients don't don't need this, unless Registering with AAF Locator
+ - name: aaf_locator_public_fqdn
+ value: "{{ $initRoot.public_fqdn | default "" }}"
+{{- end -}}
+
+{{- define "common.certInitializer._volumeMount" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.certInitializer .initRoot -}}
+- mountPath: {{ $initRoot.mountPath }}
+ name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }}
+{{- end -}}
+
+{{- define "common.certInitializer._volumes" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.certInitializer .initRoot -}}
+{{- $subchartDot := mergeOverwrite (fromJson (toJson $dot)) (dict "Chart" (set (fromJson (toJson .Chart)) "Name" $initRoot.nameOverride) "Values" $initRoot) }}
+- name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }}
+ emptyDir:
+ medium: Memory
+{{- if $initRoot.aaf_add_config }}
+- name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }}
+ configMap:
+ name: {{ include "common.fullname" $subchartDot }}-add-config
+ defaultMode: 0700
+{{- end -}}
+{{- end -}}
+
+{{- define "common.certInitializer.initContainer" -}}
+{{- $dot := default . .dot -}}
+ {{- if $dot.Values.global.aafEnabled }}
+ {{ include "common.certInitializer._initContainer" . }}
+ {{- end -}}
+{{- end -}}
+
+{{- define "common.certInitializer.volumeMount" -}}
+{{- $dot := default . .dot -}}
+ {{- if $dot.Values.global.aafEnabled }}
+ {{- include "common.certInitializer._volumeMount" . }}
+ {{- end -}}
+{{- end -}}
+
+{{- define "common.certInitializer.volumes" -}}
+{{- $dot := default . .dot -}}
+ {{- if $dot.Values.global.aafEnabled }}
+ {{- include "common.certInitializer._volumes" . }}
+ {{- end -}}
+{{- end -}}
-{{ if .Values.global.aafEnabled }}
{{/*
-# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies, Orange
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
*/}}
-{{- if .Values.aafConfig.addconfig -}}
+{{ if .Values.aaf_add_config }}
apiVersion: v1
kind: ConfigMap
-{{- $suffix := "aaf-add-config" }}
+{{- $suffix := "add-config" }}
metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }}
data:
- aaf-add-config.sh: |-
- /opt/app/aaf_config/bin/agent.sh;/opt/app/aaf_config/bin/agent.sh local showpass \
- {{.Values.aafConfig.fqi}} {{ .Values.aafConfig.fqdn }} > {{ .Values.aafConfig.credsPath }}/mycreds.prop
-{{- end -}}
+ aaf-add-config.sh: |
+ {{ tpl .Values.aaf_add_config . | indent 4 }}
{{- end -}}
--- /dev/null
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+global:
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.2
+ aafAgentImage: onap/aaf/aaf_agent:2.1.20
+ aafEnabled: true
+
+pullPolicy: Always
+
+secrets:
+ - uid: deployer-creds
+ type: basicAuth
+ externalSecret: '{{ ternary (tpl (default "" .Values.aafDeployCredsExternalSecret) .) "aafIsDisabled" .Values.global.aafEnabled }}'
+ login: '{{ .Values.aafDeployFqi }}'
+ password: '{{ .Values.aafDeployPass }}'
+ passwordPolicy: required
+
+aafDeployFqi: "changeme"
+fqdn: ""
+app_ns: "org.osaaf.aaf"
+fqi: ""
+fqi_namespace: ""
+public_fqdn: "aaf.osaaf.org"
+aafDeployFqi: "deployer@people.osaaf.org"
+aafDeployPass: demo123456!
+cadi_latitude: "38.0"
+cadi_longitude: "-72.0"
+aaf_add_config: ""
+mountPath: "/opt/app/osaaf"
{{- if eq $type "generic" }}
data:
{{- range $curFilePath := $secret.filePaths }}
- {{- fail (printf "%s" $curFilePath) }}
{{ tpl ($global.Files.Glob $curFilePath).AsSecrets $global | indent 2 }}
{{- end }}
{{- if $secret.filePath }}
--- /dev/null
+# Copyright © 2020 Samsung, Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.ingress" . }}
- uid: 'db-root-password'
type: password
externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}'
- password: '{{ .Values.config.dbRootPassword }}'
+ password: '{{ .Values.config.db.rootPassword }}'
- uid: 'db-user-creds'
type: basicAuth
externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
login: '{{ .Values.config.db.userName }}'
- password: '{{ .Values.config.dbSdnctlPassword }}'
+ password: '{{ .Values.config.db.userPassword }}'
- uid: 'http-user-creds'
type: basicAuth
externalSecret: '{{ tpl (default "" .Values.config.httpCredsExternalSecret) . }}'
restconfPassword: admin
# restconfCredsExternalSecret: some secret
- dbRootPassword: openECOMP1.0
- dbSdnctlPassword: gamma
dbPodName: mysql-db
dbServiceName: sdnc-dbhost
# MD5 hash of dguser password ( default: test123 )
ingress:
enabled: false
+ service:
+ - baseaddr: "dgbuilder"
+ name: "dgbuilder"
+ port: 3000
+ config:
+ ssl: "redirect"
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
--- /dev/null
+#!/bin/bash
+#
+# Adfinis SyGroup AG
+# openshift-mariadb-galera: mysql setup script
+#
+
+set -eox pipefail
+
+echo 'Running mysql_install_db ...'
+mysql_install_db --datadir=/var/lib/mysql
+echo 'Finished mysql_install_db'
+
+mysqld --skip-networking --socket=/var/lib/mysql/mysql-init.sock --wsrep_on=OFF &
+pid="$!"
+
+mysql=( mysql --protocol=socket -uroot -hlocalhost --socket=/var/lib/mysql/mysql-init.sock )
+
+for i in {30..0}; do
+ if echo 'SELECT 1' | "${mysql[@]}" &> /dev/null; then
+ break
+ fi
+ echo 'MySQL init process in progress...'
+ sleep 1
+done
+if [ "$i" = 0 ]; then
+ echo >&2 'MySQL init process failed.'
+ exit 1
+fi
+
+if [ -z "$MYSQL_INITDB_SKIP_TZINFO" ]; then
+ # sed is for https://bugs.mysql.com/bug.php?id=20545
+ mysql_tzinfo_to_sql /usr/share/zoneinfo | sed 's/Local time zone must be set--see zic manual page/FCTY/' | "${mysql[@]}" mysql
+fi
+
+function prepare_password {
+ echo -n $1 | sed -e "s/'/''/g"
+}
+
+mysql_root_password=`prepare_password $MYSQL_ROOT_PASSWORD`
+# add MariaDB root user
+"${mysql[@]}" <<-EOSQL
+-- What's done in this file shouldn't be replicated
+-- or products like mysql-fabric won't work
+SET @@SESSION.SQL_LOG_BIN=0;
+
+DELETE FROM mysql.user ;
+CREATE USER 'root'@'%' IDENTIFIED BY '${mysql_root_password}' ;
+GRANT ALL ON *.* TO 'root'@'%' WITH GRANT OPTION ;
+DROP DATABASE IF EXISTS test ;
+FLUSH PRIVILEGES ;
+EOSQL
+
+# add root password for subsequent calls to mysql
+if [ ! -z "$MYSQL_ROOT_PASSWORD" ]; then
+ mysql+=( -p"${MYSQL_ROOT_PASSWORD}" )
+fi
+
+# add users require for Galera
+# TODO: make them somehow configurable
+"${mysql[@]}" <<-EOSQL
+CREATE USER 'xtrabackup_sst'@'localhost' IDENTIFIED BY 'xtrabackup_sst' ;
+GRANT RELOAD, LOCK TABLES, REPLICATION CLIENT ON *.* TO 'xtrabackup_sst'@'localhost' ;
+CREATE USER 'readinessProbe'@'localhost' IDENTIFIED BY 'readinessProbe';
+EOSQL
+
+if [ "$MYSQL_DATABASE" ]; then
+ echo "CREATE DATABASE IF NOT EXISTS \`$MYSQL_DATABASE\` ;" | "${mysql[@]}"
+ mysql+=( "$MYSQL_DATABASE" )
+fi
+
+if [ "$MYSQL_USER" -a "$MYSQL_PASSWORD" ]; then
+ mysql_password=`prepare_password $MYSQL_PASSWORD`
+ echo "CREATE USER '$MYSQL_USER'@'%' IDENTIFIED BY '$mysql_password' ;" | "${mysql[@]}"
+
+ if [ "$MYSQL_DATABASE" ]; then
+ echo "GRANT ALL ON \`$MYSQL_DATABASE\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}"
+ fi
+
+ echo 'FLUSH PRIVILEGES ;' | "${mysql[@]}"
+fi
+
+if ! kill -s TERM "$pid" || ! wait "$pid"; then
+ echo >&2 'MySQL init process failed.'
+ exit 1
+fi
+
+echo
+echo 'MySQL init process done. Ready for start up.'
+echo
{{/*
# Copyright © 2018 Amdocs, Bell Canada
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
data:
my_extra.cnf: |
{{ .Values.externalConfig | indent 4 }}
-{{- end -}}
+{{- end }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
configMap:
name: {{ include "common.fullname" . }}-external-config
{{- end}}
+ - name: init-script
+ configMap:
+ name: {{ include "common.fullname" . }}
+ defaultMode: 0755
- name: localtime
hostPath:
path: /etc/localtime
- mountPath: /etc/localtime
name: localtime
readOnly: true
+ - mountPath: /usr/share/container-scripts/mysql/configure-mysql.sh
+ subPath: configure-mysql.sh
+ name: init-script
{{- if .Values.persistence.enabled }}
- mountPath: /var/lib/mysql
name: {{ include "common.fullname" . }}-data
+++ /dev/null
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-my.public.ip=localhost
-all.public.ips=localhost
-my.id=0
-all.ids=0
-### Host Info ###
-zookeeper.host={{.Values.properties.zookeeperHost}}
-cassandra.host={{.Values.properties.cassandraHost}}
-### User Info ###
-cassandra.user={{.Values.properties.cassandraUser}}
-cassandra.password={{.Values.properties.cassandraPassword}}
-### AAF Endpoint ###
-aaf.endpoint.url={{.Values.properties.aafEndpointUrl}}
-### Admin API ###
-# AAF UAT
-aaf.admin.url={{.Values.properties.aafAdminUrl}}
-# AAF PROD
-admin.aaf.role={{.Values.properties.adminAafRole}}
-music.namespace={{.Values.properties.musicNamespace}}
+++ /dev/null
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - name: {{ include "common.name" . }}-zookeeper-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /root/ready.py
- args:
- - --container-name
- - zookeeper
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- - name: {{ include "common.name" . }}-cassandra-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /root/job_complete.py
- args:
- - -j
- - "{{ include "common.release" . }}-music-cassandra-job-config"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
-# War Container
- - name: "{{ .Chart.Name }}-war"
- image: "{{ include "common.repository" . }}/{{ .Values.warImage }}"
- command: ["cp","/app/MUSIC.war","/webapps"]
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- volumeMounts:
- - mountPath: /webapps
- name: shared-data
- containers:
- # Tomcat Container
- - name: "{{ include "common.name" . }}"
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /usr/local/tomcat/webapps
- name: shared-data
- - name: properties-music
- mountPath: /opt/app/music/etc/music.properties
- subPath: music.properties
- resources:
-{{ include "common.resources" . | indent 12 }}
- volumes:
- - name: shared-data
- emptyDir: {}
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: properties-music
- configMap:
- name: {{ include "common.fullname" . }}-configmap
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- nodePortPrefixExt: 304
- repository: nexus3.onap.org:10001
-
- # readiness check
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
-
- # logging agent
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: library/tomcat:8.5
-pullPolicy: Always
-warImage: onap/music/music:3.0.24
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-config:
- usernameCassandra: cassandra1
- passwordCassandra: cassandra1
-
-# default number of instances
-replicaCount: 3
-
-job:
- host: cassandra
- port: 9042
- busybox:
- image: library/busybox:latest
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-service:
- type: NodePort
- name: music-tomcat
- externalPort: 8080
- internalPort: 8080
- nodePort: 76
- portName: tomcat
-ingress:
- enabled: false
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 900m
- memory: 460Mi
- requests:
- cpu: 550m
- memory: 360Mi
- large:
- limits:
- cpu: 4
- memory: 2Gi
- requests:
- cpu: 2
- memory: 1Gi
- unlimited: {}
-
-
-
-properties:
- zookeeperHost: zookeeper
- cassandraHost: music-cassandra
- cassandraUser: nelson24
- cassandraPassword: nelson24
-
- # Admin API
- # ONAP AAF
- aafAdminUrl:
# limitations under the License.
apiVersion: v1
-description: ONAP - MUSIC Tomcat Container
-name: music-tomcat
+description: MUSIC api as a Service API Spring boot container.
+name: music
version: 6.0.0
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ============LICENSE_START==========================================
+ org.onap.music
+ ===================================================================
+ Copyright (c) 2017 AT&T Intellectual Property
+ ===================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+ ============LICENSE_END=============================================
+ ====================================================================
+-->
+
+<configuration scan="true" scanPeriod="3 seconds">
+ <!--<jmxConfigurator /> -->
+ <!-- directory path for all other type logs -->
+ <property name="logDir" value="/opt/app/music/logs" />
+
+ <!-- directory path for debugging type logs -->
+ <property name="debugDir" value="debug-logs" />
+
+ <!-- specify the component name -->
+ <!-- <property name="componentName" value="EELF"></property> -->
+ <property name="componentName" value="MUSIC"></property>
+
+ <!-- log file names -->
+ <property name="generalLogName" value="music" />
+ <property name="securityLogName" value="security" />
+ <property name="errorLogName" value="error" />
+ <property name="metricsLogName" value="metrics" />
+ <property name="auditLogName" value="audit" />
+ <property name="debugLogName" value="debug" />
+ <property name="defaultPattern" value="%d{yyyy-MM-dd HH:mm:ss} [%thread] %-5level %logger{36} - %msg%n" />
+ <!-- <property name="applicationLoggerPattern" value="%d{yyyy-MM-dd HH:mm:ss} [%thread] %-5level %msg%n" /> -->
+ <property name="applicationLoggerPattern" value="%d{yyyy-MM-dd HH:mm:ss} %-5level %X{keyspace} [transactionId:%X{transactionId}] - %msg%n" />
+ <property name="auditLoggerPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}| %msg%n" />
+ <property name="metricsLoggerPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{TargetVirtualEntity}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}| %msg%n" />
+ <!-- <property name="errorLoggerPattern" value= "%d{yyyy-MM-dd HH:mm:ss} [%thread] %-5level %msg%n " /> -->
+ <property name="errorLoggerPattern" value="%d{yyyy-MM-dd HH:mm:ss} %-5level %X{keyspace} - %msg%n" />
+ <property name="debugLoggerPattern" value="%date{ISO8601,UTC}|%X{RequestId}| %msg%n" ></property>
+ <property name="logDirectory" value="${logDir}/${componentName}" />
+ <property name="debugLogDirectory" value="${debugDir}/${componentName}" />
+ <!-- Example evaluator filter applied against console appender -->
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <!-- <encoder>
+ <pattern>${defaultPattern}</pattern>
+ </encoder> -->
+ <!-- <filter class="org.onap.music.eelf.logging.CustomLoggingFilter" />-->
+ <encoder>
+ <pattern>%d{yyyy-MM-dd HH:mm:ss} [%thread] %-5level %logger{36} - %X{keyspace} %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <!-- ============================================================================ -->
+ <!-- EELF Appenders -->
+ <!-- ============================================================================ -->
+
+ <appender name="EELF" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${generalLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
+ <maxFileSize>1GB</maxFileSize>
+ <maxHistory>5</maxHistory>
+ <totalSizeCap>5GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${applicationLoggerPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncEELF" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <includeCallerData>true</includeCallerData>
+ <appender-ref ref="EELF" />
+ </appender>
+
+ <!-- Sift Appender -->
+ <appender name="KSEELF" class="ch.qos.logback.classic.sift.SiftingAppender">
+ <!-- <discriminator class="org.onap.music.eelf.logging.AuxDiscriminator"> -->
+ <discriminator>
+ <key>keyspace</key>
+ <defaultValue>unknown</defaultValue>
+ </discriminator>
+ <sift>
+ <appender name="EELFSift" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${generalLogName}-keyspace.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${generalLogName}-${keyspace}.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
+ <maxHistory>30</maxHistory>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${applicationLoggerPattern}</pattern>
+ </encoder>
+ </appender>
+ </sift>
+ </appender>
+
+ <appender name="asyncKSEELF" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <includeCallerData>true</includeCallerData>
+ <appender-ref ref="KSEELF" />
+ </appender>
+
+
+
+
+ <!-- <appender name="EELF" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${generalLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
+ <maxFileSize>1GB</maxFileSize>
+ <maxHistory>5</maxHistory>
+ <totalSizeCap>5GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${applicationLoggerPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncEELF" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <includeCallerData>true</includeCallerData>
+ <appender-ref ref="EELF" />
+ </appender> -->
+
+ <!-- EELF Security Appender. This appender is used to record security events
+ to the security log file. Security events are separate from other loggers
+ in EELF so that security log records can be captured and managed in a secure
+ way separate from the other logs. This appender is set to never discard any
+ events. -->
+ <appender name="EELFSecurity" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${securityLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <fileNamePattern>${logDirectory}/${securityLogName}.%i.log.zip</fileNamePattern>
+ <minIndex>1</minIndex>
+ <maxIndex>9</maxIndex>
+ </rollingPolicy>
+ <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>5MB</maxFileSize>
+ </triggeringPolicy>
+ <encoder>
+ <pattern>%d{yyyy-MM-dd HH:mm:ss} [%thread] %-5level %logger{36} - %msg%n </pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncEELFSecurity" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <discardingThreshold>0</discardingThreshold>
+ <appender-ref ref="EELFSecurity" />
+ </appender>
+
+
+
+
+ <!-- EELF Audit Appender. This appender is used to record audit engine
+ related logging events. The audit logger and appender are specializations
+ of the EELF application root logger and appender. This can be used to segregate
+ Policy engine events from other components, or it can be eliminated to record
+ these events as part of the application root log. -->
+
+ <appender name="EELFAudit" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${auditLogName}.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <fileNamePattern>${logDirectory}/${auditLogName}.%i.log.zip</fileNamePattern>
+ <minIndex>1</minIndex>
+ <maxIndex>9</maxIndex>
+ </rollingPolicy>
+ <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>5MB</maxFileSize>
+ </triggeringPolicy>
+ <encoder>
+ <pattern>${auditLoggerPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFAudit" />
+ </appender>
+
+ <appender name="EELFMetrics" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${metricsLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <fileNamePattern>${logDirectory}/${metricsLogName}.%i.log.zip
+ </fileNamePattern>
+ <minIndex>1</minIndex>
+ <maxIndex>9</maxIndex>
+ </rollingPolicy>
+ <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>5MB</maxFileSize>
+ </triggeringPolicy>
+ <encoder>
+ <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n"</pattern> -->
+ <pattern>${metricsLoggerPattern}</pattern>
+ </encoder>
+ </appender>
+
+
+ <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFMetrics"/>
+ </appender>
+
+ <appender name="EELFError" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${errorLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <fileNamePattern>${logDirectory}/${errorLogName}.%i.log.zip</fileNamePattern>
+ <minIndex>1</minIndex>
+ <maxIndex>9</maxIndex>
+ </rollingPolicy>
+ <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>5MB</maxFileSize>
+ </triggeringPolicy>
+ <encoder>
+ <pattern>${errorLoggerPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFError"/>
+ </appender>
+
+ <appender name="EELFDebug" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${debugLogDirectory}/${debugLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <fileNamePattern>${debugLogDirectory}/${debugLogName}.%i.log.zip</fileNamePattern>
+ <minIndex>1</minIndex>
+ <maxIndex>9</maxIndex>
+ </rollingPolicy>
+ <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>5MB</maxFileSize>
+ </triggeringPolicy>
+ <encoder>
+ <pattern>${debugLoggerPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFDebug" />
+ <includeCallerData>true</includeCallerData>
+ </appender>
+
+
+ <!-- ============================================================================ -->
+ <!-- EELF loggers -->
+ <!-- ============================================================================ -->
+ <logger name="com.att.eelf" level="{{.Values.logback.applicationLogLevel}}" additivity="false">
+ <appender-ref ref="asyncEELF" />
+ <appender-ref ref="asyncKSEELF" />
+ </logger>
+
+ <logger name="com.att.eelf.security" level="{{.Values.logback.securityLogLevel}}" additivity="false">
+ <appender-ref ref="asyncEELFSecurity" />
+ </logger>
+
+
+ <logger name="com.att.eelf.audit" level="{{.Values.logback.auditLogLevel}}" additivity="false">
+ <appender-ref ref="asyncEELFAudit" />
+ </logger>
+
+ <logger name="com.att.eelf.metrics" level="{{.Values.logback.metricsLogLevel}}" additivity="false">
+ <appender-ref ref="asyncEELFMetrics" />
+ </logger>
+
+
+ <logger name="com.att.eelf.error" level="{{.Values.logback.errorLogLevel}}" additivity="false">
+ <appender-ref ref="asyncEELFError" />
+ </logger>
+
+ <logger name="com.att.eelf.debug" level="debug" additivity="false">
+ <appender-ref ref="asyncEELFDebug" />
+
+ </logger>
+
+ <!-- Springboot??? -->
+ <!-- <logger name="org.springframework.web" level="DEBUG">
+ <appender-ref ref="asyncEELF" />
+ </logger> -->
+
+ <root level="{{.Values.logback.rootLogLevel}}">
+ <appender-ref ref="asyncEELF" />
+ <appender-ref ref="asyncKSEELF" />
+ <appender-ref ref="STDOUT" />
+ </root>
+
+ <!-- Conductor Specific additions to squash WARNING and INFO -->
+ <logger name="com.datastax.driver.core.Cluster" level="ERROR"/>
+ <logger name="org.onap.music.main.MusicCore" level="ERROR"/>
+</configuration>
+
--- /dev/null
+server.port=8443
+server.servlet.context-path=/MUSIC/rest
+spring.jackson.mapper.ACCEPT_CASE_INSENSITIVE_ENUMS=true
+#server.ssl.enabled=false
+server.tomcat.max-threads=100
+#logging.file=/opt/app/music/logs/MUSIC/music-app.log
+#logging.config=file:/opt/app/music/etc/logback.xml
+security.require-ssl=true
+server.ssl.key-store=/opt/app/aafcertman/org.onap.music.jks
+server.ssl.key-store-password=${KEYSTORE_PASSWORD}
+server.ssl.key-store-provider=SUN
+server.ssl.key-store-type=JKS
+
--- /dev/null
+lock.using={{.Values.properties.lockUsing}}
+cassandra.host={{.Values.properties.cassandraHost}}
+cassandra.port={{ .Values.properties.cassandraPort }}
+lock.lease.period={{.Values.properties.lockLeasePeriod}}
+cassandra.user=${CASSA_USER}
+cassandra.password=${CASSA_PASSWORD}
+cassandra.connecttimeoutms={{.Values.properties.cassandraConnecttimeoutms}}
+cassandra.readtimeoutms={{.Values.properties.cassandraReadtimeoutms}}
+cadi={{.Values.properties.cadi}}
+music.aaf.ns={{.Values.properties.musicAafNs}}
+keyspace.active={{.Values.properties.keyspaceActive}}
+transId.header.required={{.Values.properties.transIdRequired}}
+transId.header.prefix={{.Values.properties.transIdPrefix}}
+conversation.header.required={{.Values.properties.conversationRequired}}
+conversation.header.prefix={{.Values.properties.conversationPrefix}}
+clientId.header.required={{.Values.properties.clientIdRequired}}
+clientId.header.prefix={{.Values.properties.clientIdPrefix}}
+messageId.header.required={{.Values.properties.messageIdRequired}}
+messageId.header.prefix={{.Values.properties.messageIdPrefix}}
+retry.count={{.Values.properties.retryCount}}
+lock.daemon.sleeptime.ms={{.Values.properties.lockDaemonSleeptimeMs}}
+keyspaces.for.lock.cleanup={{.Values.properties.keyspaceForLockCleanup}}
+create.lock.wait.period.ms=0
+create.lock.wait.increment.ms=0
--- /dev/null
+#!/bin/bash
+#
+# ============LICENSE_START==========================================
+# org.onap.music
+# ===================================================================
+# Copyright (c) 2019 AT&T Intellectual Property
+# ===================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END=============================================
+# ====================================================================
+
+echo "Running startup script to get password from certman"
+PWFILE=/opt/app/aafcertman/.password
+LOGFILE=/opt/app/music/logs/MUSIC/music-sb.log
+PROPS=/opt/app/music/etc/music-sb.properties
+LOGBACK=/opt/app/music/etc/logback.xml
+LOGGING=
+DEBUG_PROP=
+# Debug Setup. Uses env variables
+# DEBUG and DEBUG_PORT
+# DEBUG=true/false | DEBUG_PORT=<Port valie must be integer>
+if [ "${DEBUG}" == "true" ]; then
+ if [ "${DEBUG_PORT}" == "" ]; then
+ DEBUG_PORT=8000
+ fi
+ echo "Debug mode on"
+ DEBUG_PROP="-Xdebug -Xrunjdwp:server=y,transport=dt_socket,address=${DEBUG_PORT},suspend=n"
+fi
+
+# LOGBACK file: if /opt/app/music/etc/logback.xml exists thenuse that.
+if [ -f $LOGBACK ]; then
+ LOGGING="--logging.config=file:${LOGBACK}"
+fi
+
+# Get Passwords from /opt/app/aafcertman
+if [ -f $PWFILE ]; then
+ echo "Found ${PWFILE}" >> $LOGFILE
+ PASSWORD=$(cat ${PWFILE})
+else
+ PASSWORD=changeit
+ echo "#### Using Default Password for Certs" >> ${LOGFILE}
+fi
+
+# If music-sb.properties exists in /opt/app/music/etc then use that to override the application.properties
+if [ -f $PROPS ]; then
+ # Run with different Property file
+ #echo "java ${DEBUG_PROP} -jar MUSIC.jar --spring.config.location=file:${PROPS} ${LOGGING} 2>&1 | tee ${LOGFILE}"
+ java ${DEBUG_PROP} ${JAVA_OPTS} -jar MUSIC-SB.jar ${SPRING_OPTS} --spring.config.location=file:${PROPS} ${LOGGING} 2>&1 | tee ${LOGFILE}
+else
+ #echo "java ${DEBUG_PROP} -jar MUSIC.jar --server.ssl.key-store-password=${PASSWORD} ${LOGGING} 2>&1 | tee ${LOGFILE}"
+ java ${DEBUG_PROP} ${JAVA_OPTS} -jar MUSIC-SB.jar ${SPRING_OPTS} --server.ssl.key-store-password="${PASSWORD}" ${LOGGING} 2>&1 | tee ${LOGFILE}
+fi
+
+
+
+
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+# Copyright © 2017-2020 AT&T, Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-*/}}
apiVersion: v1
kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-configmap
- namespace: {{ include "common.namespace" . }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
data:
{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
--- /dev/null
+# Copyright © 2017-2020 AT&T, Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ initContainers:
+ - name: {{ include "common.name" . }}-cassandra-readiness
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /root/job_complete.py
+ args:
+ - -j
+ - "{{ include "common.release" . }}-music-cassandra-job-config"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: KEYSTORE_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "music-keystore-pw" "key" "password") | indent 12}}
+ - name: CASSA_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cassa-secret" "key" "login") | indent 12 }}
+ - name: CASSA_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cassa-secret" "key" "password") | indent 12 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: properties-music-scrubbed
+ - mountPath: /config
+ name: properties-music
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+ containers:
+ # MUSIC Container
+ - name: "{{ include "common.name" . }}-springboot"
+ image: "{{ .Values.repository }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{ if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.liveness.port }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.readiness.port }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ resources:
+{{ toYaml .Values.resources | indent 12 }}
+ env:
+ - name: SPRING_OPTS
+ value: "{{ .Values.springOpts }}"
+ - name: JAVA_OPTS
+ value: "{{ .Values.javaOpts }}"
+ - name: DEBUG
+ value: "{{ .Values.debug }}"
+ volumeMounts:
+ - name: localtime
+ mountPath: /etc/localtime
+ readOnly: true
+ - name: properties-music
+ mountPath: /opt/app/music/etc/music.properties
+ subPath: music.properties
+ - name: properties-music
+ mountPath: /opt/app/music/etc/music-sb.properties
+ subPath: music-sb.properties
+ - name: properties-music-scrubbed
+ mountPath: /opt/app/music/etc/logback.xml
+ subPath: logback.xml
+ - name: certs-aaf
+ mountPath: /opt/app/aafcertman/
+ volumes:
+ - name: shared-data
+ emptyDir: {}
+ - name: certificate-vol
+ emptyDir: {}
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: properties-music-scrubbed
+ configMap:
+ name: {{ include "common.fullname" . }}
+ - name: properties-music
+ emptyDir:
+ medium: Memory
+ - name: certs-aaf
+ secret:
+ secretName: {{ include "common.secret.getSecretNameFast" (dict "global" . "uid" "music-certs") }}
--- /dev/null
+# Copyright © 2020 AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
--- /dev/null
+# Copyright © 2017-2020 AT&T, Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.service" . }}
--- /dev/null
+# Copyright © 2020 AT&T, Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+ repository: nexus3.onap.org:10001
+
+ envsubstImage: dibi/envsubst
+
+ # readiness check
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
+
+ # logging agent
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+
+ truststore: truststoreONAPall.jks
+
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: music-certs
+ name: keystore.jks
+ type: generic
+ filePaths:
+ - resources/keys/org.onap.music.jks
+ - uid: music-keystore-pw
+ name: keystore-pw
+ type: password
+ password: '{{ .Values.keystorePassword }}'
+ passwordPolicy: required
+ - uid: cassa-secret
+ type: basicAuth
+ login: '{{ .Values.properties.cassandraUser }}'
+ password: '{{ .Values.properties.cassandraPassword }}'
+ passwordPolicy: required
+
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: nexus3.onap.org:10001
+image: onap/music/music_sb:3.2.40
+pullPolicy: Always
+
+job:
+ host: cassandra
+ port: 9042
+ busybox:
+ image: library/busybox:latest
+
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 30
+ periodSeconds: 6
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: false
+ port: 8443
+
+
+# Java options that need to be passed to jave on CLI
+#javaOpts: -Xms256m -Xmx2048m
+javaOpts:
+# Options that need to be passed to CLI for Sprngboot, pw is a secret passed in through ENV
+springOpts: --spring.config.location=file:/opt/app/music/etc/music-sb.properties
+# Resource Limit flavor -By Default using small
+flavor: large
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 1000m
+ memory: 1G
+ requests:
+ cpu: 300m
+ memory: 512Mi
+ large:
+ limits:
+ cpu: 1500m
+ memory: 3Gi
+ requests:
+ cpu: 1000m
+ memory: 2Gi
+ unlimited: {}
+
+readiness:
+ initialDelaySeconds: 350
+ periodSeconds: 120
+ port: 8443
+
+service:
+ useNodePortExt: true
+ type: NodePort
+ name: music
+ ports:
+ - name: https-api
+ port: 8443
+ nodePort: '07'
+
+# Turn on Debugging true/false
+debug: false
+ingress:
+ enabled: false
+
+keystorePassword: "ysF9CVS+xvuXr0vf&fRa5lew"
+
+properties:
+ lockUsing: "cassandra"
+ # Comma dilimited list of hosts
+ cassandraHost: "music-cassandra"
+ cassandraUser: "nelson24"
+ cassandraPassword: "nelson24"
+ cassandraConnecttimeoutms: 12000
+ cassandraPort: 9042
+ # Connection Timeout for Cassandra in ms
+ # Read Timeout for Cassandra in ms
+ cassandraReadtimeoutms: 12000
+ keyspaceActive: true
+ # Enable CADI
+ cadi: false
+ # Special headers that may be passed and if they are required.
+ # With the ability to add a Prefix if required.
+ transIdRequired: false
+ transIdPrefix: X-ATT-
+ conversationRequired: false
+ conversationPrefix: X-CSI-
+ clientIdRequired: false
+ clientIdPrefix:
+ messageIdRequired: false
+ messageIdPrefix:
+
+ # sleep time for lock cleanup daemon, negative values turn off daemon
+##### Lock settings
+ retryCount: 3
+ lockLeasePeriod: 6000
+ # sleep time for lock cleanup daemon, negative values turn off daemon
+ lockDaemonSleeptimeMs: 30000
+ #comma separated list of keyspace names
+ keyspaceForLockCleanup:
+
+
+logback:
+ errorLogLevel: info
+ securityLogLevel: info
+ applicationLogLevel: info
+ metricsLogLevel: info
+ auditLogLevel: info
+ # Values must be uppercase: INFO, WARN, CRITICAL,DEBUG etc..
+ rootLogLevel: INFO
+
+++ /dev/null
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
+++ /dev/null
-name: zookeeper
-home: https://zookeeper.apache.org/
-version: 1.0.2
-appVersion: 3.4.10
-description: Centralized service for maintaining configuration information, naming,
- providing distributed synchronization, and providing group services.
-icon: https://zookeeper.apache.org/images/zookeeper_small.gif
-sources:
-- https://github.com/apache/zookeeper
-- https://github.com/kubernetes/contrib/tree/master/statefulsets/zookeeper
-maintainers:
-- name: lachie83
- email: lachlan.evenson@microsoft.com
-- name: kow3ns
- email: owensk@google.com
+++ /dev/null
-approvers:
-- lachie83
-- kow3ns
-reviewers:
-- lachie83
-- kow3ns
+++ /dev/null
-# incubator/zookeeper
-
-This helm chart provides an implementation of the ZooKeeper [StatefulSet](http://kubernetes.io/docs/concepts/abstractions/controllers/statefulsets/) found in Kubernetes Contrib [Zookeeper StatefulSet](https://github.com/kubernetes/contrib/tree/master/statefulsets/zookeeper).
-
-## Prerequisites
-* Kubernetes 1.6+
-* PersistentVolume support on the underlying infrastructure
-* A dynamic provisioner for the PersistentVolumes
-* A familiarity with [Apache ZooKeeper 3.4.x](https://zookeeper.apache.org/doc/current/)
-
-## Chart Components
-This chart will do the following:
-
-* Create a fixed size ZooKeeper ensemble using a [StatefulSet](http://kubernetes.io/docs/concepts/abstractions/controllers/statefulsets/).
-* Create a [PodDisruptionBudget](https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-disruption-budget/) so kubectl drain will respect the Quorum size of the ensemble.
-* Create a [Headless Service](https://kubernetes.io/docs/concepts/services-networking/service/) to control the domain of the ZooKeeper ensemble.
-* Create a Service configured to connect to the available ZooKeeper instance on the configured client port.
-* Optionally apply a [Pod Anti-Affinity](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity-beta-feature) to spread the ZooKeeper ensemble across nodes.
-* Optionally start JMX Exporter and Zookeeper Exporter containers inside Zookeeper pods.
-* Optionally create a job which creates Zookeeper chroots (e.g. `/kafka1`).
-
-## Installing the Chart
-You can install the chart with the release name `zookeeper` as below.
-
-```console
-$ helm repo add incubator http://storage.googleapis.com/kubernetes-charts-incubator
-$ helm install --name zookeeper incubator/zookeeper
-```
-
-If you do not specify a name, helm will select a name for you.
-
-### Installed Components
-You can use `kubectl get` to view all of the installed components.
-
-```console{%raw}
-$ kubectl get all -l app=zookeeper
-NAME: zookeeper
-LAST DEPLOYED: Wed Apr 11 17:09:48 2018
-NAMESPACE: default
-STATUS: DEPLOYED
-
-RESOURCES:
-==> v1beta1/PodDisruptionBudget
-NAME MIN AVAILABLE MAX UNAVAILABLE ALLOWED DISRUPTIONS AGE
-zookeeper N/A 1 1 2m
-
-==> v1/Service
-NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
-zookeeper-headless ClusterIP None <none> 2181/TCP,3888/TCP,2888/TCP 2m
-zookeeper ClusterIP 10.98.179.165 <none> 2181/TCP 2m
-
-==> v1beta1/StatefulSet
-NAME DESIRED CURRENT AGE
-zookeeper 3 3 2m
-```
-
-1. `statefulsets/zookeeper` is the StatefulSet created by the chart.
-1. `po/zookeeper-<0|1|2>` are the Pods created by the StatefulSet. Each Pod has a single container running a ZooKeeper server.
-1. `svc/zookeeper-headless` is the Headless Service used to control the network domain of the ZooKeeper ensemble.
-1. `svc/zookeeper` is a Service that can be used by clients to connect to an available ZooKeeper server.
-
-## Configuration
-You can specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
-
-Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
-
-```console
-$ helm install --name my-release -f values.yaml incubator/zookeeper
-```
-
-## Default Values
-
-- You can find all user-configurable settings, their defaults and commentary about them in [values.yaml](values.yaml).
-
-## Deep Dive
-
-## Image Details
-The image used for this chart is based on Ubuntu 16.04 LTS. This image is larger than Alpine or BusyBox, but it provides glibc, rather than ulibc or mucl, and a JVM release that is built against it. You can easily convert this chart to run against a smaller image with a JVM that is built against that image's libc. However, as far as we know, no Hadoop vendor supports, or has verified, ZooKeeper running on such a JVM.
-
-## JVM Details
-The Java Virtual Machine used for this chart is the OpenJDK JVM 8u111 JRE (headless).
-
-## ZooKeeper Details
-The ZooKeeper version is the latest stable version (3.4.10). The distribution is installed into /opt/zookeeper-3.4.10. This directory is symbolically linked to /opt/zookeeper. Symlinks are created to simulate a rpm installation into /usr.
-
-## Failover
-You can test failover by killing the leader. Insert a key:
-```console
-$ kubectl exec zookeeper-0 -- /opt/zookeeper/bin/zkCli.sh create /foo bar;
-$ kubectl exec zookeeper-2 -- /opt/zookeeper/bin/zkCli.sh get /foo;
-```
-
-Watch existing members:
-```console
-$ kubectl run --attach bbox --image=busybox --restart=Never -- sh -c 'while true; do for i in 0 1 2; do echo zk-${i} $(echo stats | nc <pod-name>-${i}.<headless-service-name>:2181 | grep Mode); sleep 1; done; done';
-
-zk-2 Mode: follower
-zk-0 Mode: follower
-zk-1 Mode: leader
-zk-2 Mode: follower
-```
-
-Delete Pods and wait for the StatefulSet controller to bring them back up:
-```console
-$ kubectl delete po -l app=zookeeper
-$ kubectl get po --watch-only
-NAME READY STATUS RESTARTS AGE
-zookeeper-0 0/1 Running 0 35s
-zookeeper-0 1/1 Running 0 50s
-zookeeper-1 0/1 Pending 0 0s
-zookeeper-1 0/1 Pending 0 0s
-zookeeper-1 0/1 ContainerCreating 0 0s
-zookeeper-1 0/1 Running 0 19s
-zookeeper-1 1/1 Running 0 40s
-zookeeper-2 0/1 Pending 0 0s
-zookeeper-2 0/1 Pending 0 0s
-zookeeper-2 0/1 ContainerCreating 0 0s
-zookeeper-2 0/1 Running 0 19s
-zookeeper-2 1/1 Running 0 41s
-```
-
-Check the previously inserted key:
-```console
-$ kubectl exec zookeeper-1 -- /opt/zookeeper/bin/zkCli.sh get /foo
-ionid = 0x354887858e80035, negotiated timeout = 30000
-
-WATCHER::
-
-WatchedEvent state:SyncConnected type:None path:null
-bar
-```
-
-## Scaling
-ZooKeeper can not be safely scaled in versions prior to 3.5.x. This chart currently uses 3.4.x. There are manual procedures for scaling a 3.4.x ensemble, but as noted in the [ZooKeeper 3.5.2 documentation](https://zookeeper.apache.org/doc/r3.5.2-alpha/zookeeperReconfig.html) these procedures require a rolling restart, are known to be error prone, and often result in a data loss.
-
-While ZooKeeper 3.5.x does allow for dynamic ensemble reconfiguration (including scaling membership), the current status of the release is still alpha, and 3.5.x is therefore not recommended for production use.
-
-## Limitations
-* StatefulSet and PodDisruptionBudget are beta resources.
-* Only supports storage options that have backends for persistent volume claims.
+++ /dev/null
-Thank you for installing ZooKeeper on your Kubernetes cluster. More information
-about ZooKeeper can be found at https://zookeeper.apache.org/doc/current/
-
-Your connection string should look like:
- {{ template "common.fullname" . }}-0.{{ template "common.fullname" . }}-headless:{{ .Values.service.ports.client.port }},{{ template "common.fullname" . }}-1.{{ template "common.fullname" . }}-headless:{{ .Values.service.ports.client.port }},...
-
-You can also use the client service {{ template "common.fullname" . }}:{{ .Values.service.ports.client.port }} to connect to an available ZooKeeper server.
+++ /dev/null
-{{- if .Values.exporters.jmx.enabled }}
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.release" . }}-jmx-exporter
- labels:
- app: {{ template "common.name" . }}
- chart: {{ .Chart.Name }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
- config.yml: |-
- hostPort: 127.0.0.1:{{ .Values.env.JMXPORT }}
- lowercaseOutputName: {{ .Values.exporters.jmx.config.lowercaseOutputName }}
- rules:
-{{ .Values.exporters.jmx.config.rules | toYaml | indent 6 }}
- ssl: false
- startDelaySeconds: {{ .Values.exporters.jmx.config.startDelaySeconds }}
-{{- end }}
+++ /dev/null
-{{- if .Values.jobs.chroots.enabled }}
-{{- $root := . }}
-{{- $job := .Values.jobs.chroots }}
-apiVersion: batch/v1
-kind: Job
-metadata:
- name: {{ template "common.fullname" . }}-chroots
- annotations:
- "helm.sh/hook": post-install,post-upgrade
- "helm.sh/hook-weight": "-5"
- "helm.sh/hook-delete-policy": hook-succeeded
- labels:
- app: {{ template "common.name" . }}
- chart: {{ .Chart.Name }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- component: jobs
- job: chroots
-spec:
- activeDeadlineSeconds: {{ $job.activeDeadlineSeconds }}
- backoffLimit: {{ $job.backoffLimit }}
- completions: {{ $job.completions }}
- parallelism: {{ $job.parallelism }}
- template:
- metadata:
- labels:
- app: {{ template "common.name" . }}
- release: {{ include "common.release" . }}
- component: jobs
- job: chroots
- spec:
- restartPolicy: {{ $job.restartPolicy }}
- containers:
- - name: main
- image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.image.pullPolicy }}
- command:
- - /bin/bash
- - -o
- - pipefail
- - -euc
- {{- $port := .Values.service.ports.client.port }}
- - >
- sleep 15;
- export SERVER={{ template "common.fullname" $root }}:{{ $port }};
- {{- range $job.config.create }}
- echo '==> {{ . }}';
- echo '====> Create chroot if does not exist.';
- zkCli.sh -server {{ template "common.fullname" $root }}:{{ $port }} get {{ . }} 2>&1 >/dev/null | grep 'cZxid'
- || zkCli.sh -server {{ template "common.fullname" $root }}:{{ $port }} create {{ . }} "";
- echo '====> Confirm chroot exists.';
- zkCli.sh -server {{ template "common.fullname" $root }}:{{ $port }} get {{ . }} 2>&1 >/dev/null | grep 'cZxid';
- echo '====> Chroot exists.';
- {{- end }}
- env:
- {{- range $key, $value := $job.env }}
- - name: {{ $key | upper | replace "." "_" }}
- value: {{ $value | quote }}
- {{- end }}
- resources:
-{{ toYaml $job.resources | indent 12 }}
-{{- end -}}
+++ /dev/null
-apiVersion: policy/v1beta1
-kind: PodDisruptionBudget
-metadata:
- name: {{ template "common.fullname" . }}
- labels:
- app: {{ template "common.name" . }}
- chart: {{ .Chart.Name }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- component: server
-spec:
- selector:
- matchLabels:
- app: {{ template "common.name" . }}
- release: {{ include "common.release" . }}
- component: server
-{{ toYaml .Values.podDisruptionBudget | indent 2 }}
+++ /dev/null
-{{/*
-# Copyright © 2019 Amdocs, Bell Canada, Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-{{- $global := . }}
-{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }}
-{{- if eq "True" (include "common.needPV" .) -}}
-{{- range $i := until (int $global.Values.replicaCount)}}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" $global }}-data-{{ $i }}
- namespace: {{ include "common.namespace" $global }}
- labels:
- app: {{ include "common.fullname" $global }}
- chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" $global }}"
- heritage: "{{ $global.Release.Service }}"
- name: {{ include "common.fullname" $global }}
-spec:
- capacity:
- storage: {{ $global.Values.persistence.size}}
- accessModes:
- - {{ $global.Values.persistence.accessMode }}
- persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }}
- storageClassName: "{{ include "common.fullname" $global }}-data"
- hostPath:
- path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.mountSubPath }}-{{$i}}
-{{if ne $i (int $global.Values.replicaCount) }}
----
-{{- end -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
+++ /dev/null
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ template "common.fullname" . }}-headless
- labels:
- app: {{ template "common.name" . }}
- chart: {{ .Chart.Name }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- clusterIP: None
- ports:
-{{- range $key, $port := .Values.ports }}
- - name: {{ $key }}
- port: {{ $port.containerPort }}
- targetPort: {{ $port.name }}
- protocol: {{ $port.protocol }}
-{{- end }}
- selector:
- app: {{ template "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Values.service.name }}
- labels:
- app: {{ template "common.name" . }}
- chart: {{ .Chart.Name }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-{{- with .Values.service.annotations }}
-{{ toYaml . | indent 4 }}
-{{- end }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{- range $key, $value := .Values.service.ports }}
- - name: {{ $key }}
-{{ toYaml $value | indent 6 }}
- {{- end }}
- selector:
- app: {{ template "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-apiVersion: apps/v1beta1
-kind: StatefulSet
-metadata:
- name: {{ template "common.fullname" . }}
- labels:
- app: {{ template "common.name" . }}
- chart: {{ .Chart.Name }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- component: server
-spec:
- podAntiAffinity:
- preferredDuringSchedulingIgnoredDuringExecution:
- - weight: 1
- podAffinityTerm:
- labelSelector:
- matchExpressions:
- - key: app
- operator: In
- values:
- - "{{ .Chart.Name }}"
- serviceName: {{ template "common.fullname" . }}-headless
- replicas: {{ .Values.replicaCount }}
- terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
- selector:
- matchLabels:
- app: {{ template "common.name" . }}
- release: {{ include "common.release" . }}
- component: server
- updateStrategy:
-{{ toYaml .Values.updateStrategy | indent 4 }}
- template:
- metadata:
- labels:
- app: {{ template "common.name" . }}
- release: {{ include "common.release" . }}
- component: server
- {{- if .Values.podLabels }}
- ## Custom pod labels
- {{- range $key, $value := .Values.podLabels }}
- {{ $key }}: {{ $value | quote }}
- {{- end }}
- {{- end }}
- annotations:
- {{- if .Values.podAnnotations }}
- ## Custom pod annotations
- {{- range $key, $value := .Values.podAnnotations }}
- {{ $key }}: {{ $value | quote }}
- {{- end }}
- {{- end }}
- spec:
-{{- if .Values.schedulerName }}
- schedulerName: "{{ .Values.schedulerName }}"
-{{- end }}
- securityContext:
-{{ toYaml .Values.securityContext | indent 8 }}
- containers:
-
- - name: zookeeper
- image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.image.pullPolicy }}
- command:
- - /bin/bash
- - -xec
- - zkGenConfig.sh && exec zkServer.sh start-foreground
- ports:
-{{- range $key, $port := .Values.ports }}
- - name: {{ $key }}
-{{ toYaml $port | indent 14 }}
-{{- end }}
- livenessProbe:
-{{ toYaml .Values.livenessProbe | indent 12 }}
- readinessProbe:
-{{ toYaml .Values.readinessProbe | indent 12 }}
- env:
- - name: ZK_REPLICAS
- value: {{ .Values.replicaCount | quote }}
- {{- range $key, $value := .Values.env }}
- - name: {{ $key | upper | replace "." "_" }}
- value: {{ $value | quote }}
- {{- end }}
- resources:
-{{ include "common.resources" . }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-data
- mountPath: /var/lib/zookeeper
-
-{{- if .Values.exporters.jmx.enabled }}
- - name: jmx-exporter
- image: "{{ .Values.exporters.jmx.image.repository }}:{{ .Values.exporters.jmx.image.tag }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.exporters.jmx.image.pullPolicy }}
- ports:
- {{- range $key, $port := .Values.exporters.jmx.ports }}
- - name: {{ $key }}
-{{ toYaml $port | indent 14 }}
- {{- end }}
- livenessProbe:
-{{ toYaml .Values.exporters.jmx.livenessProbe | indent 12 }}
- readinessProbe:
-{{ toYaml .Values.exporters.jmx.readinessProbe | indent 12 }}
- env:
- - name: SERVICE_PORT
- value: {{ .Values.exporters.jmx.ports.jmxxp.containerPort | quote }}
- {{- with .Values.exporters.jmx.env }}
- {{- range $key, $value := . }}
- - name: {{ $key | upper | replace "." "_" }}
- value: {{ $value | quote }}
- {{- end }}
- {{- end }}
- resources:
-{{ toYaml .Values.exporters.jmx.resources | indent 12 }}
- volumeMounts:
- - name: config-jmx-exporter
- mountPath: /opt/jmx_exporter/config.yml
- subPath: config.yml
-{{- end }}
-
-{{- if .Values.exporters.zookeeper.enabled }}
- - name: zookeeper-exporter
- image: "{{ .Values.exporters.zookeeper.image.repository }}:{{ .Values.exporters.zookeeper.image.tag }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.exporters.zookeeper.image.pullPolicy }}
- args:
- - -bind-addr=:{{ .Values.exporters.zookeeper.ports.zookeeperxp.containerPort }}
- - -metrics-path={{ .Values.exporters.zookeeper.path }}
- - -zookeeper=localhost:{{ .Values.ports.client.containerPort }}
- - -log-level={{ .Values.exporters.zookeeper.config.logLevel }}
- - -reset-on-scrape={{ .Values.exporters.zookeeper.config.resetOnScrape }}
- ports:
- {{- range $key, $port := .Values.exporters.zookeeper.ports }}
- - name: {{ $key }}
-{{ toYaml $port | indent 14 }}
- {{- end }}
- livenessProbe:
-{{ toYaml .Values.exporters.zookeeper.livenessProbe | indent 12 }}
- readinessProbe:
-{{ toYaml .Values.exporters.zookeeper.readinessProbe | indent 12 }}
- env:
- {{- range $key, $value := .Values.exporters.zookeeper.env }}
- - name: {{ $key | upper | replace "." "_" }}
- value: {{ $value | quote }}
- {{- end }}
- resources:
-{{ toYaml .Values.exporters.zookeeper.resources | indent 12 }}
-{{- end }}
-
- {{- with .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml . | indent 8 }}
- {{- end }}
- {{- with .Values.affinity }}
- affinity:
-{{ toYaml . | indent 8 }}
- {{- end }}
- {{- with .Values.tolerations }}
- tolerations:
-{{ toYaml . | indent 8 }}
- {{- end }}
- {{- if (or .Values.exporters.jmx.enabled (not .Values.persistence.enabled)) }}
- volumes:
- {{- if .Values.exporters.jmx.enabled }}
- - name: config-jmx-exporter
- configMap:
- name: {{ include "common.release" . }}-jmx-exporter
- {{- end }}
- {{- end }}
- {{- if .Values.persistence.enabled }}
- volumeClaimTemplates:
- - metadata:
- name: {{ include "common.fullname" . }}-data
- labels:
- name: {{ include "common.fullname" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- spec:
- accessModes:
- - {{ .Values.persistence.accessMode | quote }}
- storageClassName: {{ include "common.storageClass" . }}
- resources:
- requests:
- storage: {{ .Values.persistence.size | quote }}
- {{- end }}
+++ /dev/null
-## As weighted quorums are not supported, it is imperative that an odd number of replicas
-## be chosen. Moreover, the number of replicas should be either 1, 3, 5, or 7.
-##
-## ref: https://github.com/kubernetes/contrib/tree/master/statefulsets/zookeeper#stateful-set
-replicaCount: 3 # Desired quantity of ZooKeeper pods. This should always be (1,3,5, or 7)
-
-podDisruptionBudget:
- maxUnavailable: 1 # Limits how many Zokeeper pods may be unavailable due to voluntary disruptions.
-
-terminationGracePeriodSeconds: 1800 # Duration in seconds a Zokeeper pod needs to terminate gracefully.
-
-## OnDelete requires you to manually delete each pod when making updates.
-## This approach is at the moment safer than RollingUpdate because replication
-## may be incomplete when replication source pod is killed.
-##
-## ref: http://blog.kubernetes.io/2017/09/kubernetes-statefulsets-daemonsets.html
-updateStrategy:
- type: OnDelete # Pods will only be created when you manually delete old pods.
-
-## refs:
-## - https://github.com/kubernetes/contrib/tree/master/statefulsets/zookeeper
-## - https://github.com/kubernetes/contrib/blob/master/statefulsets/zookeeper/Makefile#L1
-image:
- #repository: nexus3.onap.org:10001/library/zookeeper
- #tag: 3.3
- repository: gcr.io/google_samples/k8szk # Container image repository for zookeeper container.
- tag: v3 # Container image tag for zookeeper container.
- pullPolicy: IfNotPresent # Image pull criteria for zookeeper container.
-
-service:
- name: zookeeper
- type: ClusterIP # Exposes zookeeper on a cluster-internal IP.
- annotations: {} # Arbitrary non-identifying metadata for zookeeper service.
- ## AWS example for use with LoadBalancer service type.
- # external-dns.alpha.kubernetes.io/hostname: zookeeper.cluster.local
- # service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true"
- # service.beta.kubernetes.io/aws-load-balancer-internal: "true"
- ports:
- client:
- port: 2181 # Service port number for client port.
- targetPort: client # Service target port for client port.
- protocol: TCP # Service port protocol for client port.
-
-
-ports:
- client:
- containerPort: 2181 # Port number for zookeeper container client port.
- protocol: TCP # Protocol for zookeeper container client port.
- election:
- containerPort: 3888 # Port number for zookeeper container election port.
- protocol: TCP # Protocol for zookeeper container election port.
- server:
- containerPort: 2888 # Port number for zookeeper container server port.
- protocol: TCP # Protocol for zookeeper container server port.
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 500m
- memory: 900Mi
- requests:
- cpu: 10m
- memory: 730Mi
- large:
- limits:
- cpu: 3
- memory: 2Gi
- requests:
- cpu: 2
- memory: 1Gi
- unlimited: {}
-
-nodeSelector: {} # Node label-values required to run zookeeper pods.
-
-tolerations: [] # Node taint overrides for zookeeper pods.
-
-affinity: {} # Criteria by which pod label-values influence scheduling for zookeeper pods.
-affinity:
- podAntiAffinity:
- requiredDuringSchedulingIgnoredDuringExecution:
- - topologyKey: "kubernetes.io/hostname"
- labelSelector:
- matchLabels:
- release: zookeeper
-
-podAnnotations: {} # Arbitrary non-identifying metadata for zookeeper pods.
-
-podLabels: {} # Key/value pairs that are attached to zookeeper pods.
-
-livenessProbe:
- exec:
- command:
- - zkOk.sh
- initialDelaySeconds: 20
-
-readinessProbe:
- exec:
- command:
- - zkOk.sh
- initialDelaySeconds: 20
-
-securityContext:
- fsGroup: 1000
- #runAsUser: 1000
-
-persistence:
- enabled: true
- ## zookeeper data Persistent Volume Storage Class
- ## If defined, storageClassName: <storageClass>
- ## If set to "-", storageClassName: "", which disables dynamic provisioning
- ## If undefined (the default) or set to null, no storageClassName spec is
- ## set, choosing the default provisioner. (gp2 on AWS, standard on
- ## GKE, AWS & OpenStack)
- ##
- volumeReclaimPolicy: Retain
- accessMode: ReadWriteOnce
- mountPath: /dockerdata-nfs
- mountSubPath: music/zookeeper
- size: 4Gi
-
-## Exporters query apps for metrics and make those metrics available for
-## Prometheus to scrape.
-exporters:
-
- jmx:
- enabled: false
- image:
- repository: sscaling/jmx-prometheus-exporter
- tag: 0.3.0
- pullPolicy: IfNotPresent
- config:
- lowercaseOutputName: false
- rules:
- - pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+)><>(\\w+)"
- name: "zookeeper_$2"
- - pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+), name1=replica.(\\d+)><>(\\w+)"
- name: "zookeeper_$3"
- labels:
- replicaId: "$2"
- - pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+), name1=replica.(\\d+), name2=(\\w+)><>(\\w+)"
- name: "zookeeper_$4"
- labels:
- replicaId: "$2"
- memberType: "$3"
- - pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+), name1=replica.(\\d+), name2=(\\w+), name3=(\\w+)><>(\\w+)"
- name: "zookeeper_$4_$5"
- labels:
- replicaId: "$2"
- memberType: "$3"
- startDelaySeconds: 30
- env: {}
- resources: {}
- path: /metrics
- ports:
- jmxxp:
- containerPort: 9404
- protocol: TCP
- livenessProbe:
- httpGet:
- path: /metrics
- port: jmxxp
- initialDelaySeconds: 30
- periodSeconds: 15
- timeoutSeconds: 60
- failureThreshold: 8
- successThreshold: 1
- readinessProbe:
- httpGet:
- path: /metrics
- port: jmxxp
- initialDelaySeconds: 30
- periodSeconds: 15
- timeoutSeconds: 60
- failureThreshold: 8
- successThreshold: 1
-
- zookeeper:
- enabled: false
- image:
- repository: josdotso/zookeeper-exporter
- tag: v1.1.2
- pullPolicy: IfNotPresent
- config:
- logLevel: info
- resetOnScrape: "true"
- env: {}
- resources: {}
- path: /metrics
- ports:
- zookeeperxp:
- containerPort: 9141
- protocol: TCP
- livenessProbe:
- httpGet:
- path: /metrics
- port: zookeeperxp
- initialDelaySeconds: 30
- periodSeconds: 15
- timeoutSeconds: 60
- failureThreshold: 8
- successThreshold: 1
- readinessProbe:
- httpGet:
- path: /metrics
- port: zookeeperxp
- initialDelaySeconds: 30
- periodSeconds: 15
- timeoutSeconds: 60
- failureThreshold: 8
- successThreshold: 1
-
-env:
-
- ## Options related to JMX exporter.
- JMXAUTH: "false"
- JMXDISABLE: "false"
- JMXPORT: 1099
- JMXSSL: "false"
-
- ## The port on which the server will accept client requests.
- ZK_CLIENT_PORT: 2181
-
- ## The port on which the ensemble performs leader election.
- ZK_ELECTION_PORT: 3888
-
- ## The JVM heap size.
- ZK_HEAP_SIZE: 2G
-
- ## The number of Ticks that an ensemble member is allowed to perform leader
- ## election.
- ZK_INIT_LIMIT: 5
-
- ## The Log Level that for the ZooKeeper processes logger.
- ## Choices are `TRACE,DEBUG,INFO,WARN,ERROR,FATAL`.
- ZK_LOG_LEVEL: INFO
-
- ## The maximum number of concurrent client connections that
- ## a server in the ensemble will accept.
- ZK_MAX_CLIENT_CNXNS: 60
-
- ## The maximum session timeout that the ensemble will allow a client to request.
- ## Upstream default is `20 * ZK_TICK_TIME`
- ZK_MAX_SESSION_TIMEOUT: 40000
-
- ## The minimum session timeout that the ensemble will allow a client to request.
- ## Upstream default is `2 * ZK_TICK_TIME`.
- ZK_MIN_SESSION_TIMEOUT: 4000
-
- ## The delay, in hours, between ZooKeeper log and snapshot cleanups.
- ZK_PURGE_INTERVAL: 0
-
- ## The port on which the leader will send events to followers.
- ZK_SERVER_PORT: 2888
-
- ## The number of snapshots that the ZooKeeper process will retain if
- ## `ZK_PURGE_INTERVAL` is set to a value greater than `0`.
- ZK_SNAP_RETAIN_COUNT: 3
-
- ## The number of Tick by which a follower may lag behind the ensembles leader.
- ZK_SYNC_LIMIT: 10
-
- ## The number of wall clock ms that corresponds to a Tick for the ensembles
- ## internal time.
- ZK_TICK_TIME: 2000
-
-jobs:
- chroots:
- enabled: false
- activeDeadlineSeconds: 300
- backoffLimit: 5
- completions: 1
- config:
- create: []
- # - /kafka
- # - /ureplicator
- env: []
- parallelism: 1
- resources: {}
- restartPolicy: Never
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+# Copyright © 2018-2020 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-apps-ms-neng:0.6.3
+image: onap/ccsdk-apps-ms-neng:0.7.1
pullPolicy: IfNotPresent
# application configuration
name: localtime
readOnly: true
- name: {{ include "common.fullname" . }}-data
- mountPath: /var/lib/postgresql/data
+ mountPath: /var/lib/postgresql/
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
name: localtime
readOnly: true
- name: {{ include "common.fullname" . }}-data
- mountPath: /var/lib/postgresql/data
+ mountPath: /var/lib/postgresql/
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
# ============LICENSE_END=========================================================
k8s_pgaas_instance_fqdn: {{ .Values.postgres.service.name2 }}.{{include "common.namespace" . }}
-k8s_initial_password: {{ .Values.postgres.config.pgRootPassword }}
+k8s_initial_password: $PG_ROOT_PASSWORD
-#============LICENSE_START========================================================\r
-# ================================================================================\r
-# Copyright (c) 2017-2019 AT&T Intellectual Property. All rights reserved.\r
-# Modifications Copyright © 2018 Amdocs, Bell Canada\r
-# ================================================================================\r
-# Licensed under the Apache License, Version 2.0 (the "License");\r
-# you may not use this file except in compliance with the License.\r
-# You may obtain a copy of the License at\r
-#\r
-# http://www.apache.org/licenses/LICENSE-2.0\r
-#\r
-# Unless required by applicable law or agreed to in writing, software\r
-# distributed under the License is distributed on an "AS IS" BASIS,\r
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
-# See the License for the specific language governing permissions and\r
-# limitations under the License.\r
-# ============LICENSE_END=========================================================\r
-\r
-apiVersion: extensions/v1beta1\r
-kind: Deployment\r
-metadata:\r
- name: {{ include "common.fullname" . }}\r
- namespace: {{ include "common.namespace" . }}\r
- labels:\r
- app: {{ include "common.name" . }}\r
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}\r
- release: {{ include "common.release" . }}\r
- heritage: {{ .Release.Service }}\r
-spec:\r
- replicas: 1\r
- template:\r
- metadata:\r
- labels:\r
- app: {{ include "common.name" . }}\r
- release: {{ include "common.release" . }}\r
- spec:\r
- initContainers:\r
- - name: {{ include "common.name" . }}-readiness\r
- image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}\r
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}\r
- command:\r
- - /root/ready.py\r
- args:\r
- - --container-name\r
- - dcae-cloudify-manager\r
- - --container-name\r
- - consul-server\r
- - --container-name\r
- - msb-discovery\r
- - --container-name\r
- - kube2msb\r
- - --container-name\r
- - dcae-config-binding-service\r
- - --container-name\r
- - dcae-db\r
- - --container-name\r
- - dcae-inventory-api\r
- - "-t"\r
- - "15"\r
-\r
- env:\r
- - name: NAMESPACE\r
- valueFrom:\r
- fieldRef:\r
- apiVersion: v1\r
- fieldPath: metadata.namespace\r
- - name: init-tls\r
- env:\r
- - name: POD_IP\r
- valueFrom:\r
- fieldRef:\r
- apiVersion: v1\r
- fieldPath: status.podIP\r
- - name: aaf_locator_fqdn\r
- value: dcae\r
- image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}\r
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}\r
- resources: {}\r
- volumeMounts:\r
- - mountPath: /opt/app/osaaf\r
- name: tls-info\r
- containers:\r
- - name: {{ include "common.name" . }}\r
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"\r
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}\r
- resources:\r
-{{ include "common.resources" . | indent 12 }}\r
- volumeMounts:\r
- - mountPath: /inputs\r
- name: {{ include "common.fullname" . }}-dcae-inputs\r
- - mountPath: /dcae-configs\r
- name: {{ include "common.fullname" . }}-dcae-config\r
- - mountPath: /etc/localtime\r
- name: localtime\r
- readOnly: true\r
- - mountPath: /certs\r
- name: tls-info\r
- readOnly: true\r
- env:\r
- - name: CMADDR\r
- value: {{ .Values.config.address.cm.host }}\r
- - name: CMPASS\r
- valueFrom:\r
- secretKeyRef:\r
- name: {{ include "common.name" . }}-cmpass\r
- key: password\r
- - name: CMPROTO\r
- value: {{ .Values.config.address.cm.proto }}\r
- - name: CMPORT\r
- value: !!string {{ .Values.config.address.cm.port }}\r
- - name: CONSUL\r
- value: {{ .Values.config.address.consul.host }}:{{ .Values.config.address.consul.port }}\r
- - name: DCAE_NAMESPACE\r
- value: {{ .Values.dcae_ns | default "" }}\r
- - name: ONAP_NAMESPACE\r
- value: {{ include "common.namespace" . }}\r
- volumes:\r
- - name: {{ include "common.fullname" . }}-dcae-inputs\r
- configMap:\r
- name: {{ include "common.fullname" . }}-dcae-inputs\r
- - name: {{ include "common.fullname" . }}-dcae-config\r
- configMap:\r
- name: {{ include "common.fullname" . }}-dcae-config\r
- - name: localtime\r
- hostPath:\r
- path: /etc/localtime\r
- - name: tls-info\r
- emptyDir: {}\r
- imagePullSecrets:\r
- - name: "{{ include "common.namespace" . }}-docker-registry-key"\r
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2017-2019 AT&T Intellectual Property. All rights reserved.
+# Modifications Copyright © 2018 Amdocs, Bell Canada
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: PG_ROOT_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-root-pass" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: {{ include "common.fullname" . }}-dcae-inputs-input
+ - mountPath: /config
+ name: {{ include "common.fullname" . }}-dcae-inputs
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+
+ - name: {{ include "common.name" . }}-readiness
+ image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /root/ready.py
+ args:
+ - --container-name
+ - dcae-cloudify-manager
+ - --container-name
+ - consul-server
+ - --container-name
+ - msb-discovery
+ - --container-name
+ - kube2msb
+ - --container-name
+ - dcae-config-binding-service
+ - --container-name
+ - dcae-db
+ - --container-name
+ - dcae-inventory-api
+ - "-t"
+ - "15"
+
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ - name: init-tls
+ env:
+ - name: POD_IP
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: status.podIP
+ - name: aaf_locator_fqdn
+ value: dcae
+ image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ resources: {}
+ volumeMounts:
+ - mountPath: /opt/app/osaaf
+ name: tls-info
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ volumeMounts:
+ - mountPath: /inputs
+ name: {{ include "common.fullname" . }}-dcae-inputs
+ - mountPath: /dcae-configs
+ name: {{ include "common.fullname" . }}-dcae-config
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /certs
+ name: tls-info
+ readOnly: true
+ env:
+ - name: CMADDR
+ value: {{ .Values.config.address.cm.host }}
+ - name: CMPASS
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-cmpass
+ key: password
+ - name: CMPROTO
+ value: {{ .Values.config.address.cm.proto }}
+ - name: CMPORT
+ value: !!string {{ .Values.config.address.cm.port }}
+ - name: CONSUL
+ value: {{ .Values.config.address.consul.host }}:{{ .Values.config.address.consul.port }}
+ - name: DCAE_NAMESPACE
+ value: {{ .Values.dcae_ns | default "" }}
+ - name: ONAP_NAMESPACE
+ value: {{ include "common.namespace" . }}
+ volumes:
+ - name: {{ include "common.fullname" . }}-dcae-inputs-input
+ configMap:
+ name: {{ include "common.fullname" . }}-dcae-inputs
+ - name: {{ include "common.fullname" . }}-dcae-inputs
+ emptyDir:
+ medium: Memory
+ - name: {{ include "common.fullname" . }}-dcae-config
+ configMap:
+ name: {{ include "common.fullname" . }}-dcae-config
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: tls-info
+ emptyDir: {}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
type: Opaque
data:
password: YWRtaW4=
+---
+{{ include "common.secretFast" . }}
loggingImage: beats/filebeat:5.5.0
tlsRepository: nexus3.onap.org:10001
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
+ envsubstImage: dibi/envsubst
+
+secrets:
+ - uid: pg-root-pass
+ name: &pgRootPassSecretName '{{ include "common.release" . }}-dcae-bootstrap-pg-root-pass'
+ type: password
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "dcae-bootstrap-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}'
+ password: '{{ .Values.postgres.config.pgRootpassword }}'
+ policy: generate
config:
logstashServiceName: log-ls
primary: dcae-pg-primary
replica: dcae-pg-replica
config:
- pgPrimaryPassword: onapdemodb
- pgRootPassword: onapdemodb
+ pgRootPasswordExternalSecret: *pgRootPassSecretName
persistence:
mountSubPath: dcae/data
mountInitPath: dcae
- pgpool:
- nameOverride: dcae-pgpool
- service:
- name: dcae-pgpool
- credentials:
- pgpassword: onapdemodb
- container:
- name:
- primary: dcae-pgpool-primary
- replica: dcae-pgpool-replica
mongo:
nameOverride: dcae-mongo
- name: consul_url
value: http://consul-server-ui:8500
- name: postgres_user_dashboard
- value: {{ .Values.postgres.config.pgUserName }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 14 }}
+ - name: postgres_password_dashboard
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 14 }}
- name: postgres_db_name
value: {{ .Values.postgres.config.pgDatabase }}
- - name: postgres_password_dashboard
- value: {{ .Values.postgres.config.pgUserPassword }}
- name: postgres_ip
value: {{ .Values.postgres.service.name2 }}
- name: POD_IP
name: tls-info
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
-
--- /dev/null
+{{/*
+# Copyright © 2020 Samsung Electronics
+# #
+# # Licensed under the Apache License, Version 2.0 (the "License");
+# # you may not use this file except in compliance with the License.
+# # You may obtain a copy of the License at
+# #
+# # http://www.apache.org/licenses/LICENSE-2.0
+# #
+# # Unless required by applicable law or agreed to in writing, software
+# # distributed under the License is distributed on an "AS IS" BASIS,
+# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# # See the License for the specific language governing permissions and
+# # limitations under the License.
+*/}}
+{{ include "common.secretFast" . }}
tlsRepository: nexus3.onap.org:10001
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
+secrets:
+ - uid: pg-user-creds
+ name: &pgUserCredsSecretName '{{ include "common.release" . }}-dcae-dashboard-pg-user-creds'
+ type: basicAuth
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "dcae-dashboard-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
+ login: '{{ .Values.postgres.config.pgUserName }}'
+ password: '{{ .Values.postgres.config.pgUserPassword }}'
+ passwordPolicy: generate
+
config:
logstashServiceName: log-ls
logstashPort: 5044
replica: dcae-dashboard-pg-replica
config:
pgUserName: dashboard_pg_admin
+ pgUserExternalSecret: *pgUserCredsSecretName
pgDatabase: dashboard_pg_db_common
- pgPrimaryPassword: onapdemodb
- pgUserPassword: onapdemodb
- pgRootPassword: onapdemodb
pgPort: "5432"
persistence:
mountSubPath: dcae-dashboard/data
{
"database": {
"driverClass": "org.postgresql.Driver",
- "user": "{{ .Values.postgres.config.pgUserName }}",
- "password": "{{ .Values.postgres.config.pgUserPassword }}",
+ "user": "${PG_USER}",
+ "password": "${PG_PASSWORD}",
"url": "jdbc:postgresql://{{ .Values.postgres.service.name2 }}:5432/{{ .Values.postgres.config.pgDatabase }}",
"properties": {
"charSet": "UTF-8"
release: {{ include "common.release" . }}
spec:
initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: PG_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 12 }}
+ - name: PG_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 12 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: {{ include "common.fullname" . }}-inv-config-input
+ - mountPath: /config
+ name: {{ include "common.fullname" . }}-inv-config
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+
- name: {{ include "common.name" . }}-readiness
image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
defaultMode: 420
name: {{ include "common.fullname" . }}-filebeat-configmap
name: filebeat-conf
- - name: {{ include "common.fullname" . }}-inv-config
+ - name: {{ include "common.fullname" . }}-inv-config-input
configMap:
name: {{ include "common.fullname" . }}-configmap
+ - name: {{ include "common.fullname" . }}-inv-config
+ emptyDir:
+ medium: Memory
- emptyDir: {}
name: tls-info
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
-
--- /dev/null
+{{/*
+# Copyright © 2020 Samsung Electronics
+# #
+# # Licensed under the Apache License, Version 2.0 (the "License");
+# # you may not use this file except in compliance with the License.
+# # You may obtain a copy of the License at
+# #
+# # http://www.apache.org/licenses/LICENSE-2.0
+# #
+# # Unless required by applicable law or agreed to in writing, software
+# # distributed under the License is distributed on an "AS IS" BASIS,
+# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# # See the License for the specific language governing permissions and
+# # limitations under the License.
+*/}}
+{{ include "common.secretFast" . }}
loggingImage: beats/filebeat:5.5.0
tlsRepository: nexus3.onap.org:10001
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
+ envsubstImage: dibi/envsubst
repositoryCred:
user: docker
password: docker
+secrets:
+ - uid: pg-user-creds
+ name: &pgUserCredsSecretName '{{ include "common.release" . }}-dcae-inventory-api-pg-user-creds'
+ type: basicAuth
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "dcae-inventory-api-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
+ login: '{{ .Values.postgres.config.pgUserName }}'
+ password: '{{ .Values.postgres.config.pgUserPassword }}'
+ passwordPolicy: generate
+
config:
logstashServiceName: log-ls
logstashPort: 5044
replica: dcae-inv-pg-replica
config:
pgUserName: dcae_inv
+ pgUserExternalSecret: *pgUserCredsSecretName
pgDatabase: dcae_inventory
- pgPrimaryPassword: onapdemodb
- pgUserPassword: onapdemodb
- pgRootPassword: onapdemodb
persistence:
mountSubPath: dcae-inv/data
mountInitPath: dcae-inv
- pgpool:
- nameOverride: dcae-inv-pgpool
- service:
- name: dcae-inv-pgpool
- credentials:
- pgusername: ddcae_inv
- pgpassword: onapdemodb
- container:
- name:
- primary: dcae-inv-pgpool-primary
- replica: dcae-inv-pgpool-replica
# Resource Limit flavor -By Default using small
flavor: small
name: "message-router"
port: 3905
config:
- ssl: "none"
+ ssl: "redirect"
# Resource Limit flavor -By Default using small
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/oom/kube2msb:1.1.0
+image: onap/oom/kube2msb:1.2.6
pullPolicy: Always
istioSidecar: true
requests:
cpu: 1
memory: 1Gi
- unlimited: {}
\ No newline at end of file
+ unlimited: {}
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/msb/msb_apigateway:1.2.6
+image: onap/msb/msb_apigateway:1.2.7
pullPolicy: Always
istioSidecar: true
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/msb/msb_apigateway:1.2.6
+image: onap/msb/msb_apigateway:1.2.7
pullPolicy: Always
istioSidecar: true
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIDkjCCAnoCCQCHtNgoWafiHzANBgkqhkiG9w0BAQsFADCBijELMAkGA1UEBhMC
+Q04xETAPBgNVBAgMCHNpY2h1YW5nMRAwDgYDVQQHDAdjaGVuZ2R1MQwwCgYDVQQK
+DAN6dGUxDjAMBgNVBAsMBXplbmFwMTgwNgYDVQQDDC9aVEUgT3BlblBhbGV0dGUg
+Um9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjAxNzAeFw0xNzAzMTcwMTU2MjBa
+Fw0yNzAzMTUwMTU2MjBaMIGKMQswCQYDVQQGEwJDTjERMA8GA1UECAwIc2ljaHVh
+bmcxEDAOBgNVBAcMB2NoZW5nZHUxDDAKBgNVBAoMA3p0ZTEOMAwGA1UECwwFemVu
+YXAxODA2BgNVBAMML1pURSBPcGVuUGFsZXR0ZSBSb290IENlcnRpZmljYXRlIEF1
+dGhvcml0eSAyMDE3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA23LK
+Eq56pVzsRbYJ6NMdk82QfLjnp+f7KzdQ46SfwldG3gmipasPwDXV9jT9FvUlX8s/
+mRphOyuZ7vDzL2QjlS/FBATTWrJ2VCJmBVlzVu4STZ6YrxpQrSAalGkiYd9uT2Yt
+2quNUPCsZSlJ8qJCYs098bJ2XTsK0JBby94j3nTdvNWhhErrheWdG/CHje32sKog
+6BxN4GzMeZ2fUd0vKsqBs89M0pApdjpRMqEGHg+Lri4iiE9kKa/Y8S3V6ggJZjbp
+7xs7N0miy/paeosjfFe5U6mhumUSZPFy8ueAgGxqBkwvLJwCY3HYcrsFGaXTu+c3
+p2q1Adygif1h43HrvQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAb/cgmsCxvQmvu
+5e4gpn5WEMo0k7F6IAghd8139i9vmtQ88reYZvfiVsp/5ZjNnNj75lLbjjexDkPA
+bdnAiJfRKOrMaPqY6Bem4v8lPu1B/kj1umn4BXOCC1kpcH/2JCmvI8uh49SSlT9J
+wUSKWw8Qhy9XKN692y02QZke9Xp2HoFvMUlntglmQUIRO5eBYLQCSWpfv/iyMs6w
+ar7Tk1p2rURpRh02P7WFQ5j5fxXEOrkMT7FX80EB3AddSthstj2iDlUcqfG3jXH/
+FA5r1q45kMUaMYxV9WIE67Vt0RaxrUJYWDR2kDSSox7LR5GpjWiSlPAfcLCeVuA3
+3lR7lW/J
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIDqjCCApKgAwIBAgIJAOQWcdss4Qu5MA0GCSqGSIb3DQEBCwUAMIGKMQswCQYD
+VQQGEwJDTjERMA8GA1UECAwIc2ljaHVhbmcxEDAOBgNVBAcMB2NoZW5nZHUxDDAK
+BgNVBAoMA3p0ZTEOMAwGA1UECwwFemVuYXAxODA2BgNVBAMML1pURSBPcGVuUGFs
+ZXR0ZSBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAyMDE3MB4XDTIwMDQyMjAy
+NTc1MFoXDTIyMDQyMjAyNTc1MFowYDELMAkGA1UEBhMCQ04xEDAOBgNVBAgMB1Np
+Y2h1YW4xEDAOBgNVBAcMB0NoZW5nZHUxDTALBgNVBAoMBE9OQVAxDDAKBgNVBAsM
+A01TQjEQMA4GA1UEAwwHbXNiLWlhZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAMa1YlTIL8APcmASbxrD7Q9BhWL9Hwi+FKO4HsIrSiJj/A/FLVe3kV2a
+xA7b5wdv44P0qQnh3pc0djlnZ47Fgli3lhEZ33+j5vrXHCjEFKiZZVeO+y/p+OcZ
+VMNiL+MPJNTNgMkPoaljs/U6fn6fFyAgMMIqqigxHJaNvz7IH+UpqbWWzZo7+JqC
+lBi8t5ZIDk18/3cPQWXIne+3MoYULdEayAS8/4wYoJANH1knmSG+J07f9uCXniiz
+4zFFngMGHm4kuKXJCAl5E6S5fPzsLKqtwbbn9kJNyWoNFDuc7zW5dPfqPVckHHQ8
+Dx0q2111UgrzrBZMW1RKmcwB+1YXip8CAwEAAaM8MDowCQYDVR0TBAIwADALBgNV
+HQ8EBAMCBeAwIAYDVR0RBBkwF4IVKi5zaW1wbGVkZW1vLm9uYXAub3JnMA0GCSqG
+SIb3DQEBCwUAA4IBAQCXSECDNzsg2MhVIVvviqxhpZWZ3sa7KxXlyd9iSmBzkneS
++XiyUC575ZM3lmh1Kme35bWgz5R/w76XLSMBPxIX6uZ4HVNQqwSPv63Nk9+ON3IN
+iCn6ehHKJgT0rpx/aB3sIcE1hEtIWLGaaKVEb3DOuDbkbBT9eJbIgHKkT80PKynK
+l35dQRMiGBQiD8cBUxTOJaj7QohZ/aUWArZCOl0uvddkrs/IOCMY3BDQ0WZ7RYp3
+LwpgZVPzkVRaSLSq3TS07Re+nZcaht69T6mdMY5V0gW20O4J2nWMaldSmlNqcddb
+Nl5Xn0lRMW651ZzxEkcaXNtR78yLYi2JXtyQBgVA
+-----END CERTIFICATE-----
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
- name: mongo
version: ~6.x-0
repository: '@local'
name: {{ include "common.fullname" . }}
spec:
{{- if .Values.global.aafEnabled }}
- initContainers: {{ include "common.aaf-config" . | nindent 6 }}
+ initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
{{- end }}
containers:
- name: {{ include "common.name" . }}
args:
- -c
- |
- export $(grep '^c' {{ .Values.aafConfig.credsPath }}/mycreds.prop | xargs -0)
+ export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
export JAVA_OPTS="-Djavax.net.ssl.trustStorePassword=$cadi_truststore_password \
- -Dserver.ssl.key-store={{ .Values.aafConfig.credsPath }}/org.onap.nbi.p12 \
+ -Dserver.ssl.key-store={{ .Values.certInitializer.credsPath }}/org.onap.nbi.p12 \
-Dserver.ssl.key-store-type=PKCS12 \
- -Djavax.net.ssl.trustStore={{ .Values.aafConfig.credsPath }}/org.onap.nbi.trust.jks \
+ -Djavax.net.ssl.trustStore={{ .Values.certInitializer.credsPath }}/org.onap.nbi.trust.jks \
-Dserver.ssl.key-store-password=$cadi_keystore_password_p12 \
-Djavax.net.ssl.trustStoreType=jks\
-Djava.security.egd=file:/dev/./urandom -Dserver.port=8443"
value: "msb-discovery.{{ include "common.namespace" . }}"
- name: MSB_DISCOVERY_PORT
value: "10081"
- volumeMounts: {{ include "common.aaf-config-volume-mountpath" . | nindent 12 }}
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 12 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
# name: esr-server-logs
# - mountPath: /usr/share/filebeat/data
# name: esr-server-filebeat
- volumes: {{ include "common.aaf-config-volumes" . | nindent 8 }}
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
--- /dev/null
+# Copyright © 2020 Samsung, Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.ingress" . }}
#################################################################
# AAF part
#################################################################
-aafConfig:
+certInitializer:
+ nameOverride: nbi-cert-initializer
aafDeployFqi: deployer@people.osaaf.org
aafDeployPass: demo123456!
# aafDeployCredsExternalSecret: some secret
public_fqdn: nbi.onap.org
cadi_longitude: "0.0"
cadi_latitude: "0.0"
- credsPath: /opt/app/osaaf/local
app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh;
+ /opt/app/aaf_config/bin/agent.sh local showpass
+ {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
+
+aafConfig:
permission_user: 1000
permission_group: 999
- addconfig: true
- secret_uid: &aaf_secret_uid nbi-aaf-deploy-creds
-
#################################################################
# Secrets metaconfig
externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
login: '{{ .Values.config.db.userName }}'
password: '{{ .Values.config.db.userPassword }}'
- - uid: *aaf_secret_uid
- type: basicAuth
- externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDisabled" .Values.global.aafEnabled }}'
- login: '{{ .Values.aafConfig.aafDeployFqi }}'
- password: '{{ .Values.aafConfig.aafDeployPass }}'
- passwordPolicy: required
subChartsOnly:
enabled: true
# to customize the ONAP deployment.
#################################################################
aaf:
- enabled: true
+ enabled: false
aai:
enabled: false
appc:
--- /dev/null
+# Copyright © 2020 Samsung, Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.ingress" . }}
readiness:
initialDelaySeconds: 10
periodSeconds: 10
+
+
+ingress:
+ enabled: false
+ service:
+ - baseaddr: "oof-has-api.onap"
+ name: "oof-has-api"
+ port: 8091
+ config:
+ ssl: "redirect"
- /root/ready.py
args:
- --container-name
- - music-tomcat
+ - music-springboot
- --container-name
- aaf-sms
env:
- /root/ready.py
args:
- --container-name
- - music-tomcat
+ - music-springboot
env:
- name: NAMESPACE
valueFrom:
- /root/ready.py
args:
- --container-name
- - music-tomcat
+ - music-springboot
env:
- name: NAMESPACE
valueFrom:
- /root/ready.py
args:
- --container-name
- - music-tomcat
+ - music-springboot
env:
- name: NAMESPACE
valueFrom:
# Base URL for Music REST API without a trailing slash. (string value)
#server_url = http://oof-has-music:8080/MUSIC/rest/v2
-server_url = http://{{.Values.config.music.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.music.port}}/MUSIC/rest/v2
+server_url = https://{{.Values.config.music.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.music.port}}/MUSIC/rest/v2
version = v2
# DEPRECATED: List of hostnames (round-robin access) (list value)
# for version (string value)
#music_version = <None>
-music_version = "3.0.21"
+music_version = "3.2.40"
# username value that used for creating basic authorization header (string
# value)
#aafns = <None>
aafns = conductor
+# Enabling HTTPs mode (boolean value)
+enable_https_mode = True
+
+# Certificate Authority Bundle file in pem format. Must contain the appropriate
+# trust chain for the Certificate file. (string value)
+certificate_authority_bundle_file = /usr/local/bin/AAF_RootCA.cer
+
[prometheus]
sleep 15;
resp="FAILURE";
until [ $resp = "200" ]; do
- resp=$(curl -s -o /dev/null --write-out %{http_code} -X POST http://{{.Values.config.music.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.music.port}}/MUSIC/rest/v2/keyspaces/conductor/tables/plans/rows?id=healthcheck \
+ resp=$(curl -k -s -o /dev/null --write-out %{http_code} -X POST https://{{.Values.config.music.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.music.port}}/MUSIC/rest/v2/keyspaces/conductor/tables/plans/rows?id=healthcheck \
-H "Content-Type: application/json" \
-H "ns: conductor" \
-H "Authorization: Basic Y29uZHVjdG9yOmMwbmR1Y3Qwcg==" \
- /root/ready.py
args:
- --container-name
- - "music-tomcat"
+ - "music-springboot"
- --container-name
- "music-cassandra"
env:
- "/bin/sh"
- "-c"
- |
- curl -X POST http://{{.Values.config.music.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.music.port}}/MUSIC/rest/v2/admin/onboardAppWithMusic \
- -H "Content-Type: application/json" \
- -H "Authorization: Basic Y29uZHVjdG9yOmMwbmR1Y3Qwcg==" \
- --data @onboard.json
+ echo "job-onboard"
workingDir: /has
volumeMounts:
- mountPath: /etc/localtime
commonConfigPrefix: onap-oof-has
image:
readiness: oomk8s/readiness-check:2.0.0
- optf_has: onap/optf-has:2.0.2
+ optf_has: onap/optf-has:2.0.3
filebeat: docker.elastic.co/beats/filebeat:5.5.0
pullPolicy: Always
serviceName: msb-iag
port: 80
music:
- serviceName: music-tomcat
- port: 8080
+ serviceName: music
+ port: 8443
sms:
serviceName: aaf-sms
port: 10443
name: "oof-osdf"
port: 8698
config:
- ssl: "none"
\ No newline at end of file
+ ssl: "redirect"
BRMS_UEB_API_SECRET=
#Dependency.json file version
-BRMS_DEPENDENCY_VERSION=1.6.0
-BRMS_MODELS_DEPENDENCY_VERSION=2.2.2
+BRMS_DEPENDENCY_VERSION=1.6.3
+BRMS_MODELS_DEPENDENCY_VERSION=2.2.5
- sh
args:
- -c
- - "cd /config-input && for PFILE in `ls -1 *.conf`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; chmod 0755 /config/${PFILE}; done"
env:
- name: JDBC_USER
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- name: REPOSITORY_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "password") | indent 10 }}
volumeMounts:
- - mountPath: /config-input
+ - mountPath: /config-input/pe
+ name: pe-input
+ - mountPath: /config-input/pe-brmsgw
+ name: pe-brmsgw-input
+ - mountPath: /config/pe
name: pe
- - mountPath: /config
- name: pe-processed
+ - mountPath: /config/pe-brmsgw
+ name: pe-brmsgw
image: "{{ .Values.global.envsubstImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "login") | indent 10 }}
- name: REPOSITORY_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "password") | indent 10 }}
- volumeMounts:
ports:
- containerPort: {{ .Values.service.externalPort }}
{{- if eq .Values.liveness.enabled true }}
name: pe-brmsgw
subPath: brmsgw.conf
- mountPath: /tmp/policy-install/config/base.conf
- name: pe-processed
+ name: pe
subPath: base.conf
- mountPath: /tmp/policy-install/do-start.sh
name: pe-scripts
- name: localtime
hostPath:
path: /etc/localtime
- - name: pe
+ - name: pe-input
configMap:
name: {{ include "common.release" . }}-pe-configmap
defaultMode: 0755
configMap:
name: {{ include "common.release" . }}-pe-scripts-configmap
defaultMode: 0777
- - name: pe-brmsgw
+ - name: pe-brmsgw-input
configMap:
name: {{ include "common.fullname" . }}-pe-configmap
defaultMode: 0755
- - name: pe-processed
+ - name: pe
+ emptyDir:
+ medium: Memory
+ - name: pe-brmsgw
emptyDir:
medium: Memory
imagePullSecrets:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-pe:1.6.2
+image: onap/policy-pe:1.6.3
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-pdpd-cl:1.6.1
+image: onap/policy-pdpd-cl:1.6.3
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-pap:2.2.1
+image: onap/policy-pap:2.2.2
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-pe:1.6.2
+image: onap/policy-pe:1.6.3
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-api:2.2.2
+image: onap/policy-api:2.2.3
pullPolicy: Always
# flag to enable debugging - application support required
+#!/bin/bash
+
# Copyright © 2017 Amdocs, Bell Canada, AT&T
+# Modifications Copyright © 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-#!/bin/bash
# Script to configure and start the Policy components that are to run in the designated container,
# It is intended to be used as the entrypoint in the Dockerfile, so the last statement of the
fi
if [[ -f config/policy-truststore ]]; then
- cp -f config/policy-truststore $[POLICY_HOME]/etc/ssl
+ cp -f config/policy-truststore $POLICY_HOME/etc/ssl
fi
if [[ -f config/$container-tweaks.sh ]] ; then
fi
policy.sh start
-
-# on pap, wait for pap, pdp, brmsgw, nexus and drools up,
-# then push the initial default policies
-if [[ $container == pap ]]; then
- # wait addional 1 minute for all processes to get fully initialized and synched up
- sleep 60
- bash -xv config/push-policies.sh
-fi
-
sleep 1000d
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-# Modifications Copyright © 2018-2019 AT&T. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#! /bin/bash
-
-# forked from https://gerrit.onap.org/r/gitweb?p=policy/docker.git;a=blob;f=config/pe/push-policies.sh;h=555ab357e6b4f54237bf07ef5e6777d782564bc0;hb=refs/heads/amsterdam and adapted for OOM
-
-#########################################Upload BRMS Param Template##########################################
-
-echo "Upload BRMS Param Template"
-
-sleep 2
-
-wget -O cl-amsterdam-template.drl https://git.onap.org/policy/drools-applications/plain/controlloop/templates/archetype-cl-amsterdam/src/main/resources/archetype-resources/src/main/resources/__closedLoopControlName__.drl
-
-sleep 2
-
-curl -k -v --silent -X POST --header 'Content-Type: multipart/form-data' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -F "file=@cl-amsterdam-template.drl" -F "importParametersJson={\"serviceName\":\"ClosedLoopControlName\",\"serviceType\":\"BRMSPARAM\"}" 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/policyEngineImport'
-
-echo "PRELOAD_POLICIES is $PRELOAD_POLICIES"
-
-if [ "$PRELOAD_POLICIES" == "false" ]; then
- exit 0
-fi
-
-#########################################Create BRMS Param policies##########################################
-
-echo "Create BRMSParam Operational Policies"
-
-sleep 2
-
-echo "Create BRMSParamvFirewall Policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/html' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "policyConfigType": "BRMS_PARAM",
- "policyName": "com.BRMSParamvFirewall",
- "policyDescription": "BRMS Param vFirewall policy",
- "policyScope": "com",
- "attributes": {
- "MATCHING": {
- "controller" : "amsterdam"
- },
- "RULE": {
- "templateName": "ClosedLoopControlName",
- "closedLoopControlName": "ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a",
- "controlLoopYaml": "controlLoop%3A%0D%0A++version%3A+2.0.0%0D%0A++controlLoopName%3A+ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a%0D%0A++trigger_policy%3A+unique-policy-id-1-modifyConfig%0D%0A++timeout%3A+1200%0D%0A++abatement%3A+false%0D%0A+%0D%0Apolicies%3A%0D%0A++-+id%3A+unique-policy-id-1-modifyConfig%0D%0A++++name%3A+modify+packet+gen+config%0D%0A++++description%3A%0D%0A++++actor%3A+APPC%0D%0A++++recipe%3A+ModifyConfig%0D%0A++++target%3A%0D%0A++++++%23+TBD+-+Cannot+be+known+until+instantiation+is+done%0D%0A++++++resourceID%3A+Eace933104d443b496b8.nodes.heat.vpg%0D%0A++++++type%3A+VNF%0D%0A++++retry%3A+0%0D%0A++++timeout%3A+300%0D%0A++++success%3A+final_success%0D%0A++++failure%3A+final_failure%0D%0A++++failure_timeout%3A+final_failure_timeout%0D%0A++++failure_retries%3A+final_failure_retries%0D%0A++++failure_exception%3A+final_failure_exception%0D%0A++++failure_guard%3A+final_failure_guard"
- }
- }
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-sleep 2
-
-echo "Create BRMSParamvDNS Policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/html' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "policyConfigType": "BRMS_PARAM",
- "policyName": "com.BRMSParamvDNS",
- "policyDescription": "BRMS Param vDNS policy",
- "policyScope": "com",
- "attributes": {
- "MATCHING": {
- "controller" : "amsterdam"
- },
- "RULE": {
- "templateName": "ClosedLoopControlName",
- "closedLoopControlName": "ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3",
- "controlLoopYaml": "controlLoop%3A%0A++version%3A+2.0.0%0A++controlLoopName%3A+ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3%0A++trigger_policy%3A+unique-policy-id-1-scale-up%0A++timeout%3A+1200%0A++abatement%3A+false%0Apolicies%3A%0A++-+id%3A+unique-policy-id-1-scale-up%0A++++name%3A+Create+a+new+VF+Module%0A++++description%3A%0A++++actor%3A+SO%0A++++recipe%3A+VF+Module+Create%0A++++target%3A%0A++++++type%3A+VNF%0A++++payload%3A%0A++++++requestParameters%3A+%27%7B%22usePreload%22%3Atrue%2C%22userParams%22%3A%5B%5D%7D%27%0A++++++configurationParameters%3A+%27%5B%7B%22ip-addr%22%3A%22%24.vf-module-topology.vf-module-parameters.param%5B9%5D%22%2C%22oam-ip-addr%22%3A%22%24.vf-module-topology.vf-module-parameters.param%5B16%5D%22%2C%22enabled%22%3A%22%24.vf-module-topology.vf-module-parameters.param%5B23%5D%22%7D%5D%27%0A++++retry%3A+0%0A++++timeout%3A+1200%0A++++success%3A+final_success%0A++++failure%3A+final_failure%0A++++failure_timeout%3A+final_failure_timeout%0A++++failure_retries%3A+final_failure_retries%0A++++failure_exception%3A+final_failure_exception%0A++++failure_guard%3A+final_failure_guard"
- }
- }
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-sleep 2
-
-echo "Create BRMSParamVOLTE Policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/html' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "policyConfigType": "BRMS_PARAM",
- "policyName": "com.BRMSParamVOLTE",
- "policyDescription": "BRMS Param VOLTE policy",
- "policyScope": "com",
- "attributes": {
- "MATCHING": {
- "controller" : "amsterdam"
- },
- "RULE": {
- "templateName": "ClosedLoopControlName",
- "closedLoopControlName": "ControlLoop-VOLTE-2179b738-fd36-4843-a71a-a8c24c70c55b",
- "controlLoopYaml": "controlLoop%3A%0D%0A++version%3A+2.0.0%0D%0A++controlLoopName%3A+ControlLoop-VOLTE-2179b738-fd36-4843-a71a-a8c24c70c55b%0D%0A++trigger_policy%3A+unique-policy-id-1-restart%0D%0A++timeout%3A+3600%0D%0A++abatement%3A+false%0D%0A+%0D%0Apolicies%3A%0D%0A++-+id%3A+unique-policy-id-1-restart%0D%0A++++name%3A+Restart+the+VM%0D%0A++++description%3A%0D%0A++++actor%3A+VFC%0D%0A++++recipe%3A+Restart%0D%0A++++target%3A%0D%0A++++++type%3A+VM%0D%0A++++retry%3A+3%0D%0A++++timeout%3A+1200%0D%0A++++success%3A+final_success%0D%0A++++failure%3A+final_failure%0D%0A++++failure_timeout%3A+final_failure_timeout%0D%0A++++failure_retries%3A+final_failure_retries%0D%0A++++failure_exception%3A+final_failure_exception%0D%0A++++failure_guard%3A+final_failure_guard"
- }
- }
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-sleep 2
-
-echo "Create BRMSParamvCPE Policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/html' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "policyConfigType": "BRMS_PARAM",
- "policyName": "com.BRMSParamvCPE",
- "policyDescription": "BRMS Param vCPE policy",
- "policyScope": "com",
- "attributes": {
- "MATCHING": {
- "controller" : "amsterdam"
- },
- "RULE": {
- "templateName": "ClosedLoopControlName",
- "closedLoopControlName": "ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e",
- "controlLoopYaml": "controlLoop%3A%0D%0A++version%3A+2.0.0%0D%0A++controlLoopName%3A+ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e%0D%0A++trigger_policy%3A+unique-policy-id-1-restart%0D%0A++timeout%3A+3600%0D%0A++abatement%3A+true%0D%0A+%0D%0Apolicies%3A%0D%0A++-+id%3A+unique-policy-id-1-restart%0D%0A++++name%3A+Restart+the+VM%0D%0A++++description%3A%0D%0A++++actor%3A+APPC%0D%0A++++recipe%3A+Restart%0D%0A++++target%3A%0D%0A++++++type%3A+VM%0D%0A++++retry%3A+3%0D%0A++++timeout%3A+1200%0D%0A++++success%3A+final_success%0D%0A++++failure%3A+final_failure%0D%0A++++failure_timeout%3A+final_failure_timeout%0D%0A++++failure_retries%3A+final_failure_retries%0D%0A++++failure_exception%3A+final_failure_exception%0D%0A++++failure_guard%3A+final_failure_guard"
- }
- }
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-sleep 2
-
-echo "Create BRMSParamvPCI Policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/html' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "policyConfigType": "BRMS_PARAM",
- "policyName": "com.BRMSParamvPCI",
- "policyDescription": "BRMS Param vPCI policy",
- "policyScope": "com",
- "attributes": {
- "MATCHING": {
- "controller" : "casablanca"
- },
- "RULE": {
- "templateName": "ClosedLoopControlName",
- "closedLoopControlName": "ControlLoop-vPCI-fb41f388-a5f2-11e8-98d0-529269fb1459",
- "controlLoopYaml": "controlLoop%3A%0D%0A++version%3A+3.0.0%0D%0A++controlLoopName%3A+ControlLoop-vPCI-fb41f388-a5f2-11e8-98d0-529269fb1459%0D%0A++trigger_policy%3A+unique-policy-id-123-modifyconfig%0D%0A++timeout%3A+1200%0D%0A++abatement%3A+false%0D%0A+%0D%0Apolicies%3A%0D%0A++-+id%3A+unique-policy-id-123-modifyconfig%0D%0A++++name%3A+modify+PCI+config%0D%0A++++description%3A%0D%0A++++actor%3A+SDNR%0D%0A++++recipe%3A+ModifyConfig%0D%0A++++target%3A%0D%0A++++++%23+These+fields+are+not+used%0D%0A++++++resourceID%3A+Eace933104d443b496b8.nodes.heat.vpg%0D%0A++++++type%3A+VNF%0D%0A++++retry%3A+0%0D%0A++++timeout%3A+300%0D%0A++++success%3A+final_success%0D%0A++++failure%3A+final_failure%0D%0A++++failure_timeout%3A+final_failure_timeout%0D%0A++++failure_retries%3A+final_failure_retries%0D%0A++++failure_exception%3A+final_failure_exception%0D%0A++++failure_guard%3A+final_failure_guard"
- }
- }
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-sleep 2
-
-echo "Create BRMSParamCCVPN Policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/html' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "policyConfigType": "BRMS_PARAM",
- "policyName": "com.BRMSParamCCVPN",
- "policyDescription": "BRMS Param CCVPN policy",
- "policyScope": "com",
- "attributes": {
- "MATCHING": {
- "controller" : "amsterdam"
- },
- "RULE": {
- "templateName": "ClosedLoopControlName",
- "closedLoopControlName": "ControlLoop-CCVPN-2179b738-fd36-4843-a71a-a8c24c70c66b",
- "controlLoopYaml": "controlLoop%3A%0D%0A++version%3A+2.0.0%0D%0A++controlLoopName%3A+ControlLoop-CCVPN-2179b738-fd36-4843-a71a-a8c24c70c66b%0D%0A++trigger_policy%3A+unique-policy-id-16-Reroute%0D%0A++timeout%3A+3600%0D%0A++abatement%3A+false%0D%0A+%0D%0Apolicies%3A%0D%0A++-+id%3A+unique-policy-id-16-Reroute%0D%0A++++name%3A+Connectivity Reroute%0D%0A++++description%3A%0D%0A++++actor%3A+SDNC%0D%0A++++recipe%3A+Reroute%0D%0A++++target%3A%0D%0A++++++type%3A+VM%0D%0A++++retry%3A+3%0D%0A++++timeout%3A+1200%0D%0A++++success%3A+final_success%0D%0A++++failure%3A+final_failure%0D%0A++++failure_timeout%3A+final_failure_timeout%0D%0A++++failure_retries%3A+final_failure_retries%0D%0A++++failure_exception%3A+final_failure_exception%0D%0A++++failure_guard%3A+final_failure_guard"
- }
- }
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-#########################################Create Micro Service Config policies##########################################
-
-echo "Create MicroService Config Policies"
-
-sleep 2
-
-echo "Create MicroServicevFirewall Policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "configBody": "{ \"service\": \"tca_policy\", \"location\": \"SampleServiceLocation\", \"uuid\": \"test\", \"policyName\": \"MicroServicevFirewall\", \"description\": \"MicroService vFirewall Policy\", \"configName\": \"SampleConfigName\", \"templateVersion\": \"OpenSource.version.1\", \"version\": \"1.1.0\", \"priority\": \"1\", \"policyScope\": \"resource=SampleResource,service=SampleService,type=SampleType,closedLoopControlName=ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a\", \"riskType\": \"SampleRiskType\", \"riskLevel\": \"1\", \"guard\": \"False\", \"content\": { \"tca_policy\": { \"domain\": \"measurementsForVfScaling\", \"metricsPerEventName\": [{ \"eventName\": \"vFirewallBroadcastPackets\", \"controlLoopSchemaType\": \"VNF\", \"policyScope\": \"DCAE\", \"policyName\": \"DCAE.Config_tca-hi-lo\", \"policyVersion\": \"v0.0.1\", \"thresholds\": [{ \"closedLoopControlName\": \"ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a\", \"version\": \"1.0.2\", \"fieldPath\": \"$.event.measurementsForVfScalingFields.vNicUsageArray[*].receivedTotalPacketsDelta\", \"thresholdValue\": 300, \"direction\": \"LESS_OR_EQUAL\", \"severity\": \"MAJOR\", \"closedLoopEventStatus\": \"ONSET\" }, { \"closedLoopControlName\": \"ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a\", \"version\": \"1.0.2\", \"fieldPath\": \"$.event.measurementsForVfScalingFields.vNicUsageArray[*].receivedTotalPacketsDelta\", \"thresholdValue\": 700, \"direction\": \"GREATER_OR_EQUAL\", \"severity\": \"CRITICAL\", \"closedLoopEventStatus\": \"ONSET\" } ] }] } } }",
- "policyConfigType": "MicroService",
- "policyName": "com.MicroServicevFirewall",
- "onapName": "DCAE"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-
-sleep 2
-
-echo "Create MicroServicevDNS Policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "configBody": "{ \"service\": \"tca_policy\", \"location\": \"SampleServiceLocation\", \"uuid\": \"test\", \"policyName\": \"MicroServicevDNS\", \"description\": \"MicroService vDNS Policy\", \"configName\": \"SampleConfigName\", \"templateVersion\": \"OpenSource.version.1\", \"version\": \"1.1.0\", \"priority\": \"1\", \"policyScope\": \"resource=SampleResource,service=SampleService,type=SampleType,closedLoopControlName=ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3\", \"riskType\": \"SampleRiskType\", \"riskLevel\": \"1\", \"guard\": \"False\", \"content\": { \"tca_policy\": { \"domain\": \"measurementsForVfScaling\", \"metricsPerEventName\": [{ \"eventName\": \"vLoadBalancer\", \"controlLoopSchemaType\": \"VM\", \"policyScope\": \"DCAE\", \"policyName\": \"DCAE.Config_tca-hi-lo\", \"policyVersion\": \"v0.0.1\", \"thresholds\": [{ \"closedLoopControlName\": \"ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3\", \"version\": \"1.0.2\", \"fieldPath\": \"$.event.measurementsForVfScalingFields.vNicUsageArray[*].receivedTotalPacketsDelta\", \"thresholdValue\": 300, \"direction\": \"GREATER_OR_EQUAL\", \"severity\": \"CRITICAL\", \"closedLoopEventStatus\": \"ONSET\" }] }] } } }",
- "policyConfigType": "MicroService",
- "policyName": "com.MicroServicevDNS",
- "onapName": "DCAE"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-
-sleep 2
-
-echo "Create MicroServicevCPE Policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "configBody": "{ \"service\": \"tca_policy\", \"location\": \"SampleServiceLocation\", \"uuid\": \"test\", \"policyName\": \"MicroServicevCPE\", \"description\": \"MicroService vCPE Policy\", \"configName\": \"SampleConfigName\", \"templateVersion\": \"OpenSource.version.1\", \"version\": \"1.1.0\", \"priority\": \"1\", \"policyScope\": \"resource=SampleResource,service=SampleService,type=SampleType,closedLoopControlName=ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e\", \"riskType\": \"SampleRiskType\", \"riskLevel\": \"1\", \"guard\": \"False\", \"content\": { \"tca_policy\": { \"domain\": \"measurementsForVfScaling\", \"metricsPerEventName\": [{ \"eventName\": \"Measurement_vGMUX\", \"controlLoopSchemaType\": \"VNF\", \"policyScope\": \"DCAE\", \"policyName\": \"DCAE.Config_tca-hi-lo\", \"policyVersion\": \"v0.0.1\", \"thresholds\": [{ \"closedLoopControlName\": \"ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e\", \"version\": \"1.0.2\", \"fieldPath\": \"$.event.measurementsForVfScalingFields.additionalMeasurements[*].arrayOfFields[0].value\", \"thresholdValue\": 0, \"direction\": \"EQUAL\", \"severity\": \"MAJOR\", \"closedLoopEventStatus\": \"ABATED\" }, { \"closedLoopControlName\": \"ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e\", \"version\": \"1.0.2\", \"fieldPath\": \"$.event.measurementsForVfScalingFields.additionalMeasurements[*].arrayOfFields[0].value\", \"thresholdValue\": 0, \"direction\": \"GREATER\", \"severity\": \"CRITICAL\", \"closedLoopEventStatus\": \"ONSET\" }] }] } } }",
- "policyConfigType": "MicroService",
- "policyName": "com.MicroServicevCPE",
- "onapName": "DCAE"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-#########################################Create SDNC Naming Policies##########################################
-
-echo "Create Generic SDNC Naming Policy for VNF"
-
-sleep 2
-
-echo "Create SDNC vFW Naming Policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "configBody": "{ \"service\": \"SDNC-GenerateName\", \"version\": \"CSIT\", \"content\": { \"policy-instance-name\": \"ONAP_VNF_NAMING_TIMESTAMP\", \"naming-models\": [ { \"naming-properties\": [ { \"property-name\": \"AIC_CLOUD_REGION\" }, { \"property-name\": \"CONSTANT\", \"property-value\": \"ONAP-NF\" }, { \"property-name\": \"TIMESTAMP\" }, { \"property-value\": \"_\", \"property-name\": \"DELIMITER\" } ], \"naming-type\": \"VNF\", \"naming-recipe\": \"AIC_CLOUD_REGION|DELIMITER|CONSTANT|DELIMITER|TIMESTAMP\" }, { \"naming-properties\": [ { \"property-name\": \"VNF_NAME\" }, { \"property-name\": \"SEQUENCE\", \"increment-sequence\": { \"max\": \"zzz\", \"scope\": \"ENTIRETY\", \"start-value\": \"001\", \"length\": \"3\", \"increment\": \"1\", \"sequence-type\": \"alpha-numeric\" } }, { \"property-name\": \"NFC_NAMING_CODE\" }, { \"property-value\": \"_\", \"property-name\": \"DELIMITER\" } ], \"naming-type\": \"VNFC\", \"naming-recipe\": \"VNF_NAME|DELIMITER|NFC_NAMING_CODE|DELIMITER|SEQUENCE\" }, { \"naming-properties\": [ { \"property-name\": \"VNF_NAME\" }, { \"property-value\": \"_\", \"property-name\": \"DELIMITER\" }, { \"property-name\": \"VF_MODULE_LABEL\" }, { \"property-name\": \"VF_MODULE_TYPE\" }, { \"property-name\": \"SEQUENCE\", \"increment-sequence\": { \"max\": \"zzz\", \"scope\": \"PRECEEDING\", \"start-value\": \"01\", \"length\": \"3\", \"increment\": \"1\", \"sequence-type\": \"alpha-numeric\" } } ], \"naming-type\": \"VF-MODULE\", \"naming-recipe\": \"VNF_NAME|DELIMITER|VF_MODULE_LABEL|DELIMITER|VF_MODULE_TYPE|DELIMITER|SEQUENCE\" } ] } }",
- "policyName": "SDNC_Policy.ONAP_VNF_NAMING_TIMESTAMP",
- "policyConfigType": "MicroService",
- "onapName": "SDNC",
- "riskLevel": "4",
- "riskType": "test",
- "guard": "false",
- "priority": "4",
- "description": "ONAP_VNF_NAMING_TIMESTAMP"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-#########################################Creating OOF PCI Policies##########################################
-sleep 2
-
-echo "Create MicroServicevPCI Policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "configBody": "{ \"service\": \"tca_policy\", \"location\": \"SampleServiceLocation_pci\", \"uuid\": \"test_pci\", \"policyName\": \"MicroServicevPCI\", \"description\": \"MicroService vPCI Policy\", \"configName\": \"SampleConfigName\", \"templateVersion\": \"OpenSource.version.1\", \"version\": \"1.1.0\", \"priority\": \"1\", \"policyScope\": \"resource=SampleResource,service=SampleService,type=SampleType,closedLoopControlName=ControlLoop-vPCI-fb41f388-a5f2-11e8-98d0-529269fb1459\", \"riskType\": \"SampleRiskType\", \"riskLevel\": \"1\", \"guard\": \"False\", \"content\": { \"tca_policy\": { \"domain\": \"measurementsForVfScaling\", \"metricsPerEventName\": [{ \"eventName\": \"vFirewallBroadcastPackets\", \"controlLoopSchemaType\": \"VNF\", \"policyScope\": \"DCAE\", \"policyName\": \"DCAE.Config_tca-hi-lo\", \"policyVersion\": \"v0.0.1\", \"thresholds\": [{ \"closedLoopControlName\": \"ControlLoop-vPCI-fb41f388-a5f2-11e8-98d0-529269fb1459\", \"version\": \"1.0.2\", \"fieldPath\": \"$.event.executePolicy\", \"thresholdValue\": 1, \"direction\": \"GREATER_OR_EQUAL\", \"severity\": \"MAJOR\", \"closedLoopEventStatus\": \"ONSET\" } ] }] } } }",
- "policyConfigType": "MicroService",
- "policyName": "com.MicroServicevPCI",
- "onapName": "DCAE"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-sleep 2
-
-echo "Create PCI MS Config Policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "policyName": "com.PCIMS_CONFIG_POLICY",
- "configBody": "{ \"PCI_NEIGHBOR_CHANGE_CLUSTER_TIMEOUT_IN_SECS\":60, \"PCI_MODCONFIG_POLICY_NAME\":\"ControlLoop-vPCI-fb41f388-a5f2-11e8-98d0-529269fb1459\", \"PCI_OPTMIZATION_ALGO_CATEGORY_IN_OOF\":\"OOF-PCI-OPTIMIZATION\", \"PCI_SDNR_TARGET_NAME\":\"SDNR\" }",
- "policyType": "Config",
- "attributes" : { "matching" : { "key1" : "value1" } },
- "policyConfigType": "Base",
- "onapName": "DCAE",
- "configName": "PCIMS_CONFIG_POLICY",
- "configBodyType": "JSON"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-sleep 2
-
-echo "Create OOF Config Policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "policyName": "com.OOF_PCI_CONFIG_POLICY",
- "configBody": "{ \"ALGO_CATEGORY\":\"OOF-PCI-OPTIMIZATION\", \"PCI_OPTMIZATION_ALGO_NAME\":\"OOF-PCI-OPTIMIZATION-LEVEL1\", \"PCI_OPTIMIZATION_NW_CONSTRAINT\":\"MAX5PCICHANGESONLY\", \"PCI_OPTIMIZATION_PRIORITY\": 2, \"PCI_OPTIMIZATION_TIME_CONSTRAINT\":\"ONLYATNIGHT\" }",
- "attributes" : { "matching" : { "key1" : "value1" } },
- "policyType": "Config",
- "policyConfigType": "Base",
- "onapName": "DCAE",
- "configName": "OOF_PCI_CONFIG_POLICY",
- "configBodyType": "JSON"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-#########################################Creating Decision Guard policies#########################################
-
-sleep 2
-
-echo "Creating Decision Guard policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "policyClass": "Decision",
- "policyName": "com.AllPermitGuard",
- "policyDescription": "Testing all Permit YAML Guard Policy",
- "onapName": "PDPD",
- "ruleProvider": "GUARD_YAML",
- "attributes": {
- "MATCHING": {
- "actor": ".*",
- "recipe": ".*",
- "targets": ".*",
- "clname": ".*",
- "limit": "10",
- "timeWindow": "1",
- "timeUnits": "minute",
- "guardActiveStart": "00:00:01-05:00",
- "guardActiveEnd": "23:59:59-05:00"
- }
- }
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-sleep 2
-
-echo "Creating Decision vDNS Guard - Frequency Limiter policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "policyClass": "Decision",
- "policyName": "com.vDNS_Frequency",
- "policyDescription": "Limit vDNS Scale Up over time period",
- "onapName": "PDPD",
- "ruleProvider": "GUARD_YAML",
- "attributes": {
- "MATCHING": {
- "actor": "SO",
- "recipe": "scaleOut",
- "targets": ".*",
- "clname": "ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3",
- "limit": "1",
- "timeWindow": "10",
- "timeUnits": "minute",
- "guardActiveStart": "00:00:01-05:00",
- "guardActiveEnd": "23:59:59-05:00"
- }
- }
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-sleep 2
-
-echo "Creating Decision vDNS Guard - Min/Max policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "policyClass": "Decision",
- "policyName": "com.vDNS_MinMax",
- "policyDescription": "Ensure number of instances within a range",
- "onapName": "SampleDemo",
- "ruleProvider": "GUARD_MIN_MAX",
- "attributes": {
- "MATCHING": {
- "actor": "SO",
- "recipe": "scaleOut",
- "targets": ".*",
- "clname": "ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3",
- "min": "1",
- "max": "5",
- "guardActiveStart": "00:00:01-05:00",
- "guardActiveEnd": "23:59:59-05:00"
- }
- }
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-#########################################Push Decision policy#########################################
-
-sleep 2
-
-echo "Push Decision policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "pdpGroup": "default",
- "policyName": "com.AllPermitGuard",
- "policyType": "DECISION"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
-
-sleep 2
-
-echo "Push Decision policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "pdpGroup": "default",
- "policyName": "com.vDNS_Frequency",
- "policyType": "DECISION"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
-
-sleep 2
-
-echo "Push Decision policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "pdpGroup": "default",
- "policyName": "com.vDNS_MinMax",
- "policyType": "DECISION"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
-
-#########################################Pushing BRMS Param policies##########################################
-
-echo "Pushing BRMSParam Operational policies"
-
-sleep 2
-
-echo "pushPolicy : PUT : com.BRMSParamvFirewall"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "pdpGroup": "default",
- "policyName": "com.BRMSParamvFirewall",
- "policyType": "BRMS_Param"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
-
-sleep 2
-
-echo "pushPolicy : PUT : com.BRMSParamvDNS"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "pdpGroup": "default",
- "policyName": "com.BRMSParamvDNS",
- "policyType": "BRMS_Param"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
-
-sleep 2
-
-echo "pushPolicy : PUT : com.BRMSParamVOLTE"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "pdpGroup": "default",
- "policyName": "com.BRMSParamVOLTE",
- "policyType": "BRMS_Param"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
-
-sleep 2
-
-echo "pushPolicy : PUT : com.BRMSParamvCPE"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "pdpGroup": "default",
- "policyName": "com.BRMSParamvCPE",
- "policyType": "BRMS_Param"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
-
-sleep 2
-
-echo "pushPolicy : PUT : com.BRMSParamvPCI"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "pdpGroup": "default",
- "policyName": "com.BRMSParamvPCI",
- "policyType": "BRMS_Param"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
-
-sleep 2
-
-echo "pushPolicy : PUT : com.BRMSParamCCVPN"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "pdpGroup": "default",
- "policyName": "com.BRMSParamCCVPN",
- "policyType": "BRMS_Param"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
-
-#########################################Pushing MicroService Config policies##########################################
-
-echo "Pushing MicroService Config policies"
-
-sleep 2
-
-echo "pushPolicy : PUT : com.MicroServicevFirewall"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "pdpGroup": "default",
- "policyName": "com.MicroServicevFirewall",
- "policyType": "MicroService"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
-
-sleep 10
-
-echo "pushPolicy : PUT : com.MicroServicevDNS"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "pdpGroup": "default",
- "policyName": "com.MicroServicevDNS",
- "policyType": "MicroService"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
-
-sleep 10
-
-echo "pushPolicy : PUT : com.MicroServicevCPE"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "pdpGroup": "default",
- "policyName": "com.MicroServicevCPE",
- "policyType": "MicroService"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
-
-#########################################Pushing SDNC Naming Policies##########################################
-echo "Pushing SDNC Naming Policies"
-
-sleep 2
-
-echo "pushPolicy : PUT : SDNC_Policy.ONAP_VNF_NAMING_TIMESTAMP"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "pdpGroup": "default",
- "policyName": "SDNC_Policy.ONAP_VNF_NAMING_TIMESTAMP",
- "policyType": "MicroService"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
-
-#########################################Pushing OOF PCI Policies##########################################
-sleep 10
-
-echo "pushPolicy : PUT : com.MicroServicevPCI"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "pdpGroup": "default",
- "policyName": "com.MicroServicevPCI",
- "policyType": "MicroService"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
-
-sleep 10
-
-echo "pushPolicy : PUT : com.PCIMS_CONFIG_POLICY"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "pdpGroup": "default",
- "policyName": "com.PCIMS_CONFIG_POLICY",
- "policyType": "Base"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
-
-sleep 10
-
-echo "pushPolicy : PUT : com.OOF_PCI_CONFIG_POLICY"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "pdpGroup": "default",
- "policyName": "com.OOF_PCI_CONFIG_POLICY",
- "policyType": "Base"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
- mountPath: /etc/localtime
name: localtime
readOnly: true
- - mountPath: /tmp/policy-install/config/push-policies.sh
- name: pe-pap
- subPath: push-policies.sh
- mountPath: /tmp/policy-install/config/pap-tweaks.sh
name: pe-pap
subPath: pap-tweaks.sh
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-pe:1.6.2
+image: onap/policy-pe:1.6.3
mariadb_image: library/mariadb:10
pullPolicy: Always
#cookie domain
cookie_domain = onap.org
-{{- if .Values.global.aafEnabled }}
-# External Access System Basic Auth Credentials & Rest endpoint(These credentials doesn't work as these are place holders for now)
-ext_central_access_user_name = aaf_admin@people.osaaf.org
-ext_central_access_password = thiswillbereplacedatruntime
-ext_central_access_url = {{ .Values.aafURL }}/authz/
-ext_central_access_user_domain = @people.osaaf.org
-
# External Central Auth system access
-remote_centralized_system_access = true
-{{- end }}
+remote_centralized_system_access = {{.Values.global.aafEnabled}}
+
+# External Access System Basic Auth Credentials & Rest endpoint
+# The credentials are placeholders as these are replaced by AAF X509 identity at runtime
+ext_central_access_user_name = portal@portal.onap.org
+ext_central_access_password = thisfakepasswordwillbereplacedbythex509cert
+ext_central_access_url = {{.Values.aafURL}}
+ext_central_access_user_domain = @people.osaaf.org
\ No newline at end of file
-Djavax.net.ssl.keyStorePassword=$cadi_keystore_password_p12\";\
/start-apache-tomcat.sh -i \"\" -n \"\" -b {{ .Values.global.env.tomcatDir }}"]
env:
- - name: _CATALINA_OPTS
+ - name: CATALINA_OPTS
value: >
-Djavax.net.ssl.keyStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.keystoreFile }}"
-Djavax.net.ssl.trustStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.truststoreFile }}"
#AAF local config
-aafURL: https://aaf-service:8100/
+aafURL: https://aaf-service:8100/authz/
aafConfig:
aafDeployFqi: deployer@people.osaaf.org
aafDeployPass: demo123456!
*/
-- app_url is the FE, app_rest_endpoint is the BE
--portal-sdk => TODO: doesn't open a node port yet
-update fn_app set app_url = 'http://{{.Values.config.portalSdkHostName}}:{{.Values.config.portalSdkPort}}/ONAPPORTALSDK/welcome.htm', app_rest_endpoint = 'http://portal-sdk:8080/ONAPPORTALSDK/api/v3' where app_name = 'xDemo App';
+update fn_app set app_url = 'https://{{.Values.config.portalSdkHostName}}:{{.Values.config.portalSdkPort}}/ONAPPORTALSDK/welcome.htm', app_rest_endpoint = 'https://portal-sdk:8080/ONAPPORTALSDK/api/v3' where app_name = 'xDemo App';
--dmaap-bc => the dmaap-bc doesn't open a node port..
update fn_app set app_url = 'http://{{.Values.config.dmaapBcHostName}}:{{.Values.config.dmaapBcPort}}/ECOMPDBCAPP/dbc#/dmaap', app_rest_endpoint = 'http://dmaap-bc:8989/ECOMPDBCAPP/api/v2' where app_name = 'DMaaP Bus Ctrl';
--sdc-be => 8443:30204
#cookie domain
cookie_domain = onap.org
-{{- if .Values.global.aafEnabled }}
-# External Access System Basic Auth Credentials & Rest endpoint(These credentials doesn't work as these are place holders for now)
-ext_central_access_user_name = aaf_admin@people.osaaf.org
-ext_central_access_password = thiswillbereplacedatruntime
-ext_central_access_url = {{ .Values.aafURL }}/authz/
-ext_central_access_user_domain = @people.osaaf.org
-
# External Central Auth system access
-remote_centralized_system_access = true
-{{- end }}
\ No newline at end of file
+remote_centralized_system_access = {{.Values.global.aafEnabled}}
+
+# External Access System Basic Auth Credentials & Rest endpoint
+# The credentials are placeholders as these are replaced by AAF X509 identity at runtime
+ext_central_access_user_name = portal@portal.onap.org
+ext_central_access_password = thisfakepasswordwillbereplacedbythex509cert
+ext_central_access_url = {{.Values.aafURL}}
+ext_central_access_user_domain = @people.osaaf.org
\ No newline at end of file
-Djavax.net.ssl.keyStorePassword=$cadi_keystore_password_p12\";\
/start-apache-tomcat.sh -b {{ .Values.global.env.tomcatDir }}"]
env:
- - name: _CATALINA_OPTS
+ - name: CATALINA_OPTS
value: >
-Djavax.net.ssl.keyStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.keystoreFile }}"
-Djavax.net.ssl.trustStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.truststoreFile }}"
pullPolicy: Always
#AAF local config
-aafURL: https://aaf-service:8100/
+aafURL: https://aaf-service:8100/authz/
aafConfig:
aafDeployFqi: deployer@people.osaaf.org
aafDeployPass: demo123456!
name: "portal-sdk"
port: 8443
config:
- ssl: "none"
+ ssl: "redirect"
# Resource Limit flavor -By Default using small
flavor: small
-Subproject commit b73d77ca2e9df3d7300ca85b5593d89a9271d13a
+Subproject commit c81062626b69160145baac5e6a5d670cb67211fa
enabled: false
service:
- baseaddr: "dcaedt"
- name: "sdc-dcae-dt"
- port: 8186
- - baseaddr: "dcaedt2"
name: "sdc-dcae-dt"
port: 9446
config:
- ssl: "none"
+ ssl: "redirect"
# Resource Limit flavor -By Default using small
flavor: small
name: "sdc-dcae-fe"
port: 9444
config:
- ssl: "none"
+ ssl: "redirect"
# Resource Limit flavor -By Default using small
flavor: small
# Segregation for Different environment (Small and Large)
mountPath: /config-input/
- name: sdc-environments-output
mountPath: /config-output/
+ - name: volume-permissions
+ image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /bin/sh
+ - -c
+ - |
+ chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} //onboard/cert
+ securityContext:
+ runAsUser: 0
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-cert-storage
+ mountPath: "/onboard/cert"
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
volumeReclaimPolicy: Retain
mountSubPath: /sdc/onbaording/cert
+securityContext:
+ fsGroup: 35953
+ runAsUser: 352070
ingress:
enabled: false
wf_external_user_password: S3A4Yko0U1hzek0wV1hsaGFrM2VIbGNzZTJnQXc4NHZhb0dHbUp2VXkyVQ==
ubuntuInitRepository: oomk8s
ubuntuInitImage: ubuntu-init:1.0.0
+ busyboxRepository: registry.hub.docker.com
+ busyboxImage: library/busybox:latest
cassandra:
#This flag allows SDC to instantiate its own cluster, serviceName
#should be sdc-cs if this flag is enabled
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdnc-dmaap-listener-image:1.8.1
+image: onap/sdnc-dmaap-listener-image:1.8.2
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdnc-ansible-server-image:1.8.1
+image: onap/sdnc-ansible-server-image:1.8.2
pullPolicy: Always
# flag to enable debugging - application support required
--- /dev/null
+# Copyright © 2020 Samsung, Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.ingress" . }}
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/admportal-sdnc-image:1.8.1
+image: onap/admportal-sdnc-image:1.8.2
config:
dbFabricDB: mysql
dbFabricUser: admin
ingress:
enabled: false
+ service:
+ - baseaddr: "sdnc-portal.api"
+ name: "sdnc-portal"
+ port: 8443
+ config:
+ ssl: "redirect"
#Resource limit flavor -By default using small
flavor: small
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdnc-ueb-listener-image:1.8.1
+image: onap/sdnc-ueb-listener-image:1.8.2
pullPolicy: Always
# flag to enable debugging - application support required
# application images
repository: nexus3.onap.org:10001
pullPolicy: Always
-image: onap/sdnc-image:1.8.1
+image: onap/sdnc-image:1.8.2
# flag to enable debugging - application support required
name: sdnc-dgbuilder
nodePort: "03"
+ ingress:
+ enabled: false
+ service:
+ - baseaddr: "sdnc-dgbuilder"
+ name: "sdnc-dgbuilder"
+ port: 3000
+ config:
+ ssl: "redirect"
+
# local elasticsearch cluster
localElasticCluster: true
elasticsearch:
--- /dev/null
+# Copyright © 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: v1
+appVersion: "1.0"
+description: A Helm chart for Kubernetes
+name: so-nssmf-adapter
+version: 6.0.0
\ No newline at end of file
--- /dev/null
+# Copyright © 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+aai:
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}}
+ endpoint: https://aai.{{ include "common.namespace" . }}:8443
+logging:
+ path: logs
+spring:
+ datasource:
+ jdbc-url: jdbc:mariadb://${DB_HOST}:${DB_PORT}/requestdb
+ username: ${DB_USERNAME}
+ password: ${DB_PASSWORD}
+ driver-class-name: org.mariadb.jdbc.Driver
+ jpa:
+ show-sql: false
+ hibernate:
+ dialect: org.hibernate.dialect.MySQL5Dialect
+ ddl-auto: validate
+ naming-strategy: org.hibernate.cfg.ImprovedNamingStrategy
+ enable-lazy-load-no-trans: true
+ security:
+ usercredentials:
+ - username: ${BPEL_USERNAME}
+ password: ${BPEL_PASSWORD}
+ role: BPEL-Client
+ - username: ${ACTUATOR_USERNAME}
+ password: ${ACTUATOR_PASSWORD}
+ role: ACTUATOR
+server:
+ port: {{ index .Values.containerPort }}
+ tomcat:
+ max-threads: 50
+
+mso:
+ site-name: localSite
+ logPath: ./logs/nssmf
+ msb-ip: msb-iag.{{ include "common.namespace" . }}
+ msb-port: 80
+ adapters:
+ requestDb:
+ endpoint: https://so-request-db-adapter.{{ include "common.namespace" . }}:8083
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
+#Actuator
+management:
+ endpoints:
+ web:
+ base-path: /manage
+ exposure:
+ include: "*"
+ metrics:
+ se-global-registry: false
+ export:
+ prometheus:
+ enabled: true # Whether exporting of metrics to Prometheus is enabled.
+ step: 1m # Step size (i.e. reporting frequency) to use.
--- /dev/null
+# Copyright © 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: v1
+kind: ConfigMap
+metadata: {{- include "common.resourceMetadata" (dict "dot" . "suffix" "env") | nindent 2 }}
+data:
+ LOG_PATH: {{ index .Values.logPath }}
+ APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+data:
+{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
--- /dev/null
+# Copyright © 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ index .Values.replicaCount }}
+ minReadySeconds: {{ index .Values.minReadySeconds }}
+ strategy:
+ type: {{ index .Values.updateStrategy.type }}
+ rollingUpdate:
+ maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ index .Values.updateStrategy.maxSurge }}
+ template:
+ metadata:
+ labels: {{- include "common.labels" . | nindent 8 }}
+ spec:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 8 }}
+ - name: {{ include "common.name" . }}-readiness
+ command:
+ - /root/job_complete.py
+ args:
+ - --job-name
+ - {{ include "common.release" . }}-so-mariadb-config-job
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ containers:
+ - name: {{ include "common.name" . }}
+ command:
+ - sh
+ args:
+ - -c
+ - export BPEL_PASSWORD=`htpasswd -bnBC 10 "" $BPEL_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'`; export ACTUATOR_PASSWORD=`htpasswd -bnBC 10 "" $ACTUATOR_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'`; ./start-app.sh
+ image: {{ include "common.repository" . }}/{{ .Values.image }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ ports: {{- include "common.containerPorts" . | nindent 12 }}
+ env:
+ - name: DB_HOST
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.release" . }}-so-db-secrets
+ key: mariadb.readwrite.host
+ - name: DB_PORT
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.release" . }}-so-db-secrets
+ key: mariadb.readwrite.port
+ - name: DB_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 14 }}
+ - name: DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 14 }}
+ - name: DB_ADMIN_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 14 }}
+ - name: DB_ADMIN_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 14 }}
+ - name: TRUSTSTORE
+ value: {{ .Values.global.client.certs.truststore }}
+ - name: TRUSTSTORE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: trustStorePassword
+ - name: BPEL_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-bpel-creds" "key" "login") | indent 14 }}
+ - name: BPEL_PASSWORD_INPUT
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-bpel-creds" "key" "password") | indent 14 }}
+ - name: ACTUATOR_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "login") | indent 14 }}
+ - name: ACTUATOR_PASSWORD_INPUT
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "password") | indent 14 }}
+ {{- if eq .Values.global.security.aaf.enabled true }}
+ - name: KEYSTORE
+ value: {{ .Values.global.client.certs.keystore }}
+ - name: KEYSTORE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: keyStorePassword
+ {{- end }}
+ envFrom:
+ - configMapRef:
+ name: {{ include "common.fullname" . }}-env
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 12 }}
+ - name: logs
+ mountPath: /app/logs
+ - name: config
+ mountPath: /app/config
+ readOnly: true
+ - name: {{ include "common.fullname" . }}-truststore
+ mountPath: /app/client
+ readOnly: true
+ livenessProbe:
+ httpGet:
+ path: {{ index .Values.livenessProbe.path}}
+ port: {{ index .Values.containerPort }}
+ scheme: {{ index .Values.livenessProbe.scheme}}
+ initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
+ periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
+ timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}}
+ successThreshold: {{ index .Values.livenessProbe.successThreshold}}
+ failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
+ volumes: {{ include "so.certificate.volumes" . | nindent 8 }}
+ - name: logs
+ emptyDir: {}
+ - name: config
+ configMap:
+ name: {{ include "common.fullname" . }}
+ - name: {{ include "common.fullname" . }}-truststore
+ secret:
+ secretName: {{ include "common.release" . }}-so-truststore-secret
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright © 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
--- /dev/null
+# Copyright © 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.service" . }}
--- /dev/null
+# Copyright © 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+ repository: nexus3.onap.org:10001
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.2
+ persistence:
+ mountPath: /dockerdata-nfs
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-user-creds
+ name: '{{ include "common.release" . }}-so-bpmn-infra-db-user-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ passwordPolicy: required
+ - uid: db-admin-creds
+ name: '{{ include "common.release" . }}-so-bpmn-infra-db-admin-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ passwordPolicy: required
+ - uid: "so-onap-certs"
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
+ - uid: server-bpel-creds
+ name: '{{ include "common.release" . }}-so-server-bpel-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.server.bpelCredsExternalSecret) . }}'
+ login: '{{ .Values.server.bpel.username }}'
+ password: '{{ .Values.server.bpel.password }}'
+ passwordPolicy: required
+ - uid: server-actuator-creds
+ name: '{{ include "common.release" . }}-so-server-actuator-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.server.actuatorCredsExternalSecret) . }}'
+ login: '{{ .Values.server.actuator.username }}'
+ password: '{{ .Values.server.actuator.password }}'
+ passwordPolicy: required
+
+
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+repository: nexus3.onap.org:10001
+image: onap/so/nssmf-adapter:1.6.0
+pullPolicy: Always
+
+db:
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
+server:
+ actuator:
+ username: mso_admin
+ password: password1$
+ bpel:
+ username: bpel
+ password: password1$
+
+replicaCount: 1
+minReadySeconds: 10
+containerPort: 8088
+logPath: ./logs/nssmf/
+app: nssmf-adapter
+service:
+ type: ClusterIP
+ ports:
+ - name: api
+ port: 8088
+updateStrategy:
+ type: RollingUpdate
+ maxUnavailable: 1
+ maxSurge: 1
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ memory: 4Gi
+ cpu: 2000m
+ requests:
+ memory: 1Gi
+ cpu: 500m
+ large:
+ limits:
+ memory: 8Gi
+ cpu: 4000m
+ requests:
+ memory: 2Gi
+ cpu: 1000m
+ unlimited: {}
+livenessProbe:
+ path: /manage/health
+ port: 8088
+ scheme: HTTP
+ initialDelaySeconds: 600
+ periodSeconds: 60
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+ingress:
+ enabled: false
+nodeSelector: {}
+tolerations: []
+affinity: {}
--- /dev/null
+<configuration scan="false" debug="true">
+ <!--<jmxConfigurator /> -->
+ <!-- directory path for all other type logs -->
+ <property name="logDir" value="/var/log/onap" />
+ <!-- directory path for debugging type logs -->
+ <property name="debugDir" value="/var/log/onap" />
+ <!-- specify the component name
+ <ECOMP-component-name>::= "MSO" | "DCAE" | "ASDC " | "AAI" |"Policy" | "SDNC" | "AC" -->
+ <property name="componentName" value="MSO"></property>
+ <property name="subComponentName" value="nssmfadapter"></property>
+ <!-- log file names -->
+ <property name="errorLogName" value="error" />
+ <property name="metricsLogName" value="metrics" />
+ <property name="auditLogName" value="audit" />
+ <property name="debugLogName" value="debug" />
+
+ <property name="errorPattern" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%.-5level|%X{ErrorCode}|%X{ErrorDesc}|%msg%n" />
+ <property name="debugPattern" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}|%X{RequestId}|%msg%n" />
+
+ <property name="auditPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread||%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{RemoteHost}||||||||%msg%n" />
+ <property name="metricPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread||%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{RemoteHost}||||%X{TargetVirtualEntity}|||||%msg%n" />
+ <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
+ <property name="debugLogDirectory" value="${debugDir}/${componentName}/${subComponentName}" />
+
+ <!-- ============================================================================ -->
+ <!-- EELF Appenders -->
+ <!-- ============================================================================ -->
+
+ <!-- The EELFAppender is used to record events to the general application
+ log -->
+ <!-- EELF Audit Appender. This appender is used to record audit engine
+ related logging events. The audit logger and appender are specializations
+ of the EELF application root logger and appender. This can be used to segregate
+ Policy engine events from other components, or it can be eliminated to record
+ these events as part of the application root log. -->
+ <appender name="EELFAudit"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${auditLogName}${jboss.server.name}.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${auditLogName}${jboss.server.name}.log.%d</fileNamePattern>
+ <!--<maxHistory>30</maxHistory>-->
+ </rollingPolicy>
+ <encoder>
+ <pattern>${auditPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFAudit" />
+ </appender>
+
+ <appender name="EELFMetrics"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${metricsLogName}${jboss.server.name}.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${metricsLogName}${jboss.server.name}.log.%d</fileNamePattern>
+ <!--<maxHistory>30</maxHistory>-->
+ </rollingPolicy>
+ <encoder>
+ <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} -
+ %msg%n"</pattern> -->
+ <pattern>${metricPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFMetrics"/>
+ </appender>
+
+ <appender name="EELFError"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${errorLogName}${jboss.server.name}.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${errorLogName}${jboss.server.name}.log.%d</fileNamePattern>
+ <!--<maxHistory>30</maxHistory>-->
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>INFO</level>
+ </filter>
+ <encoder>
+ <pattern>${errorPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFError"/>
+ </appender>
+
+ <appender name="EELFDebug"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${debugLogDirectory}/${debugLogName}${jboss.server.name}.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${debugLogDirectory}/${debugLogName}${jboss.server.name}.log.%d</fileNamePattern>
+ <!--<maxHistory>30</maxHistory>-->
+ </rollingPolicy>
+ <encoder>
+ <pattern>${debugPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFDebug" />
+ <includeCallerData>true</includeCallerData>
+ </appender>
+
+ <!-- ============================================================================ -->
+ <!-- EELF loggers -->
+ <!-- ============================================================================ -->
+
+ <logger name="com.att.eelf.audit" level="info" additivity="false">
+ <appender-ref ref="asyncEELFAudit" />
+ </logger>
+
+ <logger name="com.att.eelf.metrics" level="info" additivity="false">
+ <appender-ref ref="asyncEELFMetrics" />
+ </logger>
+
+ <logger name="com.att.eelf.error" level="debug" additivity="false">
+ <appender-ref ref="asyncEELFError" />
+ </logger>
+ <root level="INFO">
+ <appender-ref ref="asyncEELFDebug" />
+ </root>
+
+</configuration>
requestDb:
auth: Basic YnBlbDpwYXNzd29yZDEk
+so-nssmf-adapter:
+ certSecret: *so-certs
+ db:
+ <<: *dbSecrets
+ aaf:
+ auth:
+ username: so@so.onap.org
+ password: 8DB1C939BFC6A35C3832D0E52E452D0E05AE2537AF142CECD125FF827C05A972FDD0F4700547DA
+ aai:
+ auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
+ mso:
+ key: 07a7159d3bf51a0e53be7a8f89699be7
+ config:
+ cadi:
+ aafId: so@so.onap.org
+ aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
+ apiEnforcement: org.onap.so.nssmfAdapterPerm
+ noAuthn: /manage/health
+ adapters:
+ requestDb:
+ auth: Basic YnBlbDpwYXNzd29yZDEk
+
so-vnfm-adapter:
certSecret: *so-certs
aaf:
name: "uui-server"
port: 8082
config:
- ssl: "none"
+ ssl: "redirect"
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
name: "uui"
port: 8443
config:
- ssl: "none"
+ ssl: "redirect"
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
service:
- baseaddr: "vid.api"
name: "vid-http"
- port: 8080
+ port: 8443
config:
- ssl: "none"
+ ssl: "redirect"
# Resource Limit flavor -By Default using small
flavor: small
service:
- baseaddr: "refrepo"
name: "refrepo"
- port: 97
+ port: 8703
config:
- ssl: "none"
+ ssl: "redirect"