strimzi-cluster-operator-7f7d6b46cf-mnpjr 1/1 Running 0 2m
+.. _oom_base_setup_cert_manager:
+
Install Cert-Manager
********************
.. _Istio best practices: https://docs.solo.io/gloo-mesh-enterprise/latest/setup/prod/namespaces/
.. _Istio setup guide: https://istio.io/latest/docs/setup/install/helm/
.. _Kiali setup guide: https://kiali.io/docs/installation/installation-guide/example-install/
+.. _Kserve setup guide: https://kserve.github.io/website/0.10/admin/kubernetes_deployment/
.. _oom_base_optional_addons:
Therefor the following instructions describe the setup of Istio and required tools.
Used `Istio best practices`_ and `Istio setup guide`_
+.. _oom_base_optional_addons_istio_installation:
+
Istio Platform Installation
===========================
Jaeger Installation
===================
-To be done...
\ No newline at end of file
+To be done...
+
+
+Kserve Installation
+********************
+
+KServe is a standard Model Inference Platform on Kubernetes. It supports RawDeployment mode to enable InferenceService deployment with Kubernetes resources. Comparing to serverless deployment it unlocks Knative limitations such as mounting multiple volumes, on the other hand Scale down and from Zero is not supported in RawDeployment mode.
+
+This installation is necessary for the ML models to be deployed as inference service. Once deployed, the inference services can be queried for the prediction.
+
+**Kserve participant component in Policy ACM requires this installation. Kserve participant deploy/undeploy inference services in Kserve.**
+
+Dependent component version compatibility details and installation instructions can be found at `Kserve setup guide`_
+
+Kserve installation requires the following components:
+
+- Istio. Its installation instructions can be found at :ref:`oom_base_optional_addons_istio_installation`
+
+- Cert-Manager. Its installation instructions can be found at :ref:`oom_base_setup_cert_manager`
+
+Installation instructions as follows,
+
+- Create kserve namespace::
+
+ > kubectl create namespace kserve
+
+- Install Kserve::
+
+ > kubectl apply -f https://github.com/kserve/kserve/releases/download/v<recommended-kserve-version>/kserve.yaml
+
+- Install Kserve default serving runtimes::
+
+ > kubectl apply -f https://github.com/kserve/kserve/releases/download/v<recommended-kserve-version>/kserve-runtimes.yaml
+
+- Patch ConfigMap inferenceservice-config as follows::
+
+ > kubectl patch configmap/inferenceservice-config -n kserve --type=strategic -p '{"data": {"deploy": "{\"defaultDeploymentMode\": \"RawDeployment\"}"}}'
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
+{{/*
+ Helper function to check, if Ingress is globally enabled
+*/}}
+{{- define "common.ingressEnabled" -}}
+{{- $dot := default . .dot -}}
+{{- if $dot.Values.ingress -}}
+{{- if $dot.Values.global.ingress -}}
+{{- if (default false $dot.Values.global.ingress.enabled) -}}
+true
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+
{{/*
Create the hostname as concatination <baseaddr>.<baseurl>
- baseaddr: from component values: ingress.service.baseaddr
{{- $both_tls_and_plain:= default false $dot.Values.service.both_tls_and_plain }}
{{- $labels := default (dict) .labels -}}
{{- $matchLabels := default (dict) .matchLabels -}}
-{{- if and (include "common.onServiceMesh" $dot) (eq $serviceType "NodePort") }}
+{{- if and (include "common.ingressEnabled" $dot) (eq $serviceType "NodePort") -}}
{{- $serviceType = "ClusterIP" }}
{{- end }}
{{/*
#============LICENSE_START========================================================
# ================================================================================
-# Copyright (c) 2021-2022 J. F. Lucas. All rights reserved.
+# Copyright (c) 2021-2023 J. F. Lucas. All rights reserved.
# Copyright (c) 2021 AT&T Intellectual Property. All rights reserved.
# Copyright (c) 2021 Nokia. All rights reserved.
# Copyright (c) 2021 Nordix Foundation.
the common DMaaP provisioning template
(oom/kubernetes/common/common/templates/_dmaapProvisioning.tpl).
-If the microservice acts as a TLS client or server, the Deployment will
-include an initContainer that retrieves certificate information from
-the AAF certificate manager. The information is mounted at the
-mount point specified in .Values.certDirectory. If the microservice is
-a TLS server (indicated by setting .Values.tlsServer to true), the
-certificate information will include a server cert and key, in various
-formats. It will also include the AAF CA cert. If the microservice is
-a TLS client only (indicated by setting .Values.tlsServer to false), the
-certificate information includes only the AAF CA cert.
-
If the microservice uses certificates from an external CMPv2 provider,
the Deployment will include an initContainer that performs certificate
post-processing.
{{- $log := default dict .Values.log -}}
{{- $logDir := default "" $log.path -}}
{{- $certDir := (eq "true" (include "common.needTLS" .)) | ternary (default "" .Values.certDirectory . ) "" -}}
-{{- $tlsServer := default "" .Values.tlsServer -}}
{{- $commonRelease := print (include "common.release" .) -}}
{{- $policy := default dict .Values.policies -}}
{{- $policyRls := default $commonRelease $policy.policyRelease -}}
{{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
{{- end }}
{{- include "common.dmaap.provisioning.initContainer" . | nindent 6 }}
- {{- if $certDir }}
- - name: {{ include "common.name" . }}-aaf-init-readiness
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /app/ready.py
- args:
- - --container-name
- - aaf-cm
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- resources:
- limits:
- cpu: 100m
- memory: 100Mi
- requests:
- cpu: 3m
- memory: 20Mi
- - name: init-tls
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.tlsImage }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: TLS_SERVER
- value: {{ $tlsServer | quote }}
- - name: POD_IP
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: status.podIP
- resources: {{ include "common.resources" . | nindent 10 }}
- volumeMounts:
- - mountPath: /opt/app/osaaf
- name: tls-info
- {{- end }}
{{ include "dcaegen2-services-common._certPostProcessor" . | nindent 4 }}
containers:
- image: {{ default ( include "repositoryGenerator.repository" . ) .Values.imageRepositoryOverride }}/{{ .Values.image }}
volumeMounts:
- mountPath: /etc/policies
name: policy-shared
- {{- if $certDir }}
- - mountPath: /opt/ca-certificates/
- name: tls-info
- {{- end }}
{{- end }}
hostname: {{ include "common.name" . }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
# =========================================================================
# Copyright (c) 2021 Nordix Foundation.
# Copyright (c) 2022 Nokia. All rights reserved.
-# Copyright (c) 2022 J. F. Lucas. All rights reserved.
+# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved.
# =========================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#################################################################
# InitContainer Images.
#################################################################
-tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
certPostProcessorImage: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.5.0
#################################################################
# if absent, no certs will be retrieved and stored
certDirectory: /opt/app/datafile/etc/cert
-# TLS role -- set to true if microservice acts as server
-# If true, an init container will retrieve a server cert
-# and key from AAF and mount them in certDirectory.
-tlsServer: false
-
# CMPv2 certificate
# It is used only when:
# - certDirectory is set
# ============= LICENSE_START ================================================
# ============================================================================
# Copyright (C) 2021 Wipro Limited.
-# Copyright (c) 2022 J. F. Lucas. All rights reserved.
+# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved.
# ============================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
logstashServiceName: log-ls
logstashPort: 5044
-#################################################################
-# Secrets Configuration.
-#################################################################
-secrets:
- - uid: &aafCredsUID aafcreds
- type: basicAuth
- login: '{{ .Values.aafCreds.identity }}'
- password: '{{ .Values.aafCreds.password }}'
- passwordPolicy: required
-
-################################aafcreds#################################
-# InitContainer Images.
-#################################################################
-tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
-
#################################################################
# Application Configuration Defaults.
#################################################################
path: /var/log/ONAP/dcaegen2/services/datalake-admin-ui
logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
-# Directory where TLS certs should be stored
-# if absent, no certs will be retrieved and stored
-certDirectory: /opt/app/datalake-admin-ui/etc/cert/
-
-# TLS role -- set to true if microservice acts as server
-# If true, an init container will retrieve a server cert
-# and key from AAF and mount them in certDirectory.
-tlsServer: false
-
# Dependencies
readinessCheck:
wait_for:
port: 8088
port_protocol: http
-# AAF Credentials
-aafCreds:
- identity: dcae@dcae.onap.org
- password: demo123456!
-
# Initial Application Configuration
applicationConfig:
FEEDER_ADDR: dl-feeder
# ============= LICENSE_START ================================================
# ============================================================================
# Copyright (C) 2021 Wipro Limited.
-# Copyright (c) 2022 J. F. Lucas. All rights reserved.
+# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved.
# ============================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# Secrets Configuration.
#################################################################
secrets:
- - uid: &aafCredsUID aafcreds
- type: basicAuth
- login: '{{ .Values.aafCreds.identity }}'
- password: '{{ .Values.aafCreds.password }}'
- passwordPolicy: required
- uid: &pgUserCredsSecretUid pg-user-creds
externalSecret: '{{ include "common.release" . }}-datalake-pg-user-creds'
type: basicAuth
login: '{{ .Values.postgres.config.pgUserName }}'
passwordPolicy: required
-################################aafcreds#################################
-# InitContainer Images.
-#################################################################
-tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
-
#################################################################
# Application Configuration Defaults.
#################################################################
path: /var/log/ONAP/dcaegen2/services/datalake
logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
-# Directory where TLS certs should be stored
-# if absent, no certs will be retrieved and stored
-certDirectory: /opt/app/datalake/etc/cert/
-
-# TLS role -- set to true if microservice acts as server
-# If true, an init container will retrieve a server cert
-# and key from AAF and mount them in certDirectory.
-tlsServer: false
-
# Dependencies
readinessCheck:
wait_for:
port: 1681
port_protocol: http
-# AAF Credentials
-aafCreds:
- identity: dcae@dcae.onap.org
- password: demo123456!
-
#postgres configuration
postgres:
config:
# ================================ LICENSE_START =============================
# ============================================================================
# Copyright (C) 2021 Wipro Limited.
-# Copyright (c) 2022 J. F. Lucas. All rights reserved.
+# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved.
# ============================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# Secrets Configuration.
#################################################################
secrets:
- - uid: &aafCredsUID aafcreds
- type: basicAuth
- login: '{{ .Values.aafCreds.identity }}'
- password: '{{ .Values.aafCreds.password }}'
- passwordPolicy: required
- uid: &pgUserCredsSecretUid pg-user-creds
name: &pgUserCredsSecretName '{{ include "common.release" . }}-datalake-pg-user-creds'
type: basicAuth
password: '{{ .Values.postgres.config.pgUserPassword }}'
passwordPolicy: generate
-#################################################################
-# InitContainer Images.
-#################################################################
-tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
-
#################################################################
# Application Configuration Defaults.
#################################################################
path: /var/log/ONAP/dcaegen2/services/datalake
logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
-# Directory where TLS certs should be stored
-# if absent, no certs will be retrieved and stored
-certDirectory: /opt/app/datalake/etc/certs
-
-# TLS role -- set to true if microservice acts as server
-# If true, an init container will retrieve a server cert
-# and key from AAF and mount them in certDirectory.
-tlsServer: false
-
# Dependencies
readinessCheck:
wait_for:
port: 1680
port_protocol: http
-# AAF Credentials
-aafCreds:
- identity: dcae@dcae.onap.org
- password: demo123456!
-
credentials:
- name: PG_USER
uid: *pgUserCredsSecretUid
# ================================ LICENSE_START =============================
# ============================================================================
# Copyright (c) 2021-2023 AT&T Intellectual Property. All rights reserved.
-# Copyright (c) 2022 J. F. Lucas. All rights reserved.
+# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved.
# ============================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# Secrets Configuration.
#################################################################
secrets:
- - uid: &aafCredsUID aafcreds
- type: basicAuth
- login: '{{ .Values.aafCreds.identity }}'
- password: '{{ .Values.aafCreds.password }}'
- passwordPolicy: required
- uid: &pgUserCredsSecretUid pg-user-creds
name: &pgUserCredsSecretName '{{ include "common.release" . }}-heartbeat-pg-user-creds'
type: basicAuth
password: '{{ .Values.postgres.config.pgUserPassword }}'
passwordPolicy: generate
-#################################################################
-# InitContainer Images.
-#################################################################
-tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
-
#################################################################
# Application Configuration Defaults.
#################################################################
path: /var/log/ONAP/dcaegen2/services/heartbeat
logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
-# Directory where TLS certs should be stored
-# if absent, no certs will be retrieved and stored
-certDirectory: /opt/app/heartbeat/etc/certs
-
-# TLS role -- set to true if microservice acts as server
-# If true, an init container will retrieve a server cert
-# and key from AAF and mount them in certDirectory.
-tlsServer: false
-
# Dependencies
readinessCheck:
wait_for:
port: 10002
port_protocol: http
-# AAF Credentials
-aafCreds:
- identity: dcae@dcae.onap.org
- password: demo123456!
-
credentials:
-- name: AAF_IDENTITY
- uid: *aafCredsUID
- key: login
-- name: AAF_PASSWORD
- uid: *aafCredsUID
- key: password
- name: HEARTBEAT_PG_USERNAME
uid: *pgUserCredsSecretUid
key: login
#============LICENSE_START========================================================
# ================================================================================
-# Copyright (c) 2021-2022 J. F. Lucas. All rights reserved.
+# Copyright (c) 2021-2023 J. F. Lucas. All rights reserved.
# Copyright (c) 2021-2022 Nokia. All rights reserved.
# Modifications Copyright (C) 2022-2023 Nordix Foundation.
# ================================================================================
#################################################################
# initContainer images.
#################################################################
-tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
certPostProcessorImage: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.5.0
#################################################################
# if absent, no certs will be retrieved and stored
certDirectory: /etc/ves-hv/ssl
-# TLS role -- set to true if microservice acts as server
-# If true, an init container will retrieve a server cert
-# and key from AAF and mount them in certDirectory.
-tlsServer: false
-
# CMPv2 certificate
# It is used only when:
# - certDirectory is set
# ============= LICENSE_START ================================================
# ============================================================================
# Copyright (C) 2021-2022 Wipro Limited.
-# Copyright (c) 2022 J. F. Lucas. All rights reserved.
+# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved.
# ============================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
logstashServiceName: log-ls
logstashPort: 5044
-#################################################################
-# Secrets Configuration.
-#################################################################
-secrets:
- - uid: &aafCredsUID aafcreds
- type: basicAuth
- login: '{{ .Values.aafCreds.identity }}'
- password: '{{ .Values.aafCreds.password }}'
- passwordPolicy: required
-
-#################################################################
-# InitContainer Images.
-#################################################################
-tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
-
#################################################################
# Application Configuration Defaults.
#################################################################
path: /var/log/ONAP/dcaegen2/services/kpims
logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
-# Directory where TLS certs should be stored
-# if absent, no certs will be retrieved and stored
-certDirectory: /opt/app/kpims/etc/cert/
-
-# TLS role -- set to true if microservice acts as server
-# If true, an init container will retrieve a server cert
-# and key from AAF and mount them in certDirectory.
-tlsServer: false
-enable_tls: false
-
# Optional Policy configuration properties
# if present, policy-sync side car will be deployed
#dcaePolicySyncImage: onap/org.onap.dcaegen2.deployments.dcae-services-policy-sync:1.0.1
port: 8080
port_protocol: http
-# AAF Credentials
-aafCreds:
- identity: dcae@dcae.onap.org
- password: demo123456!
-
-credentials:
-- name: AAF_IDENTITY
- uid: *aafCredsUID
- key: login
-- name: AAF_PASSWORD
- uid: *aafCredsUID
- key: password
-
# Initial Application Configuration
applicationConfig:
trust_store_path: '/opt/app/kpims/etc/cert/trust.jks'
# =========================================================================
# Copyright (C) 2021 Nordix Foundation.
# Copyright (c) 2022 Nokia. All rights reserved.
-# Copyright (c) 2022 J. F. Lucas. All rights reserved.
+# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved.
# =========================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# Secrets Configuration.
#################################################################
secrets:
- - uid: &aafCredsUID aafcreds
- type: basicAuth
- login: '{{ .Values.aafCreds.identity }}'
- password: '{{ .Values.aafCreds.password }}'
- passwordPolicy: required
- uid: &drSubCredsUID drsubcreds
type: basicAuth
login: '{{ .Values.drSubscriberCreds.username }}'
password: '{{ .Values.drSubscriberCreds.password }}'
passwordPolicy: required
-#################################################################
-# InitContainer Images.
-#################################################################
-tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
-
#################################################################
# Application Configuration Defaults.
#################################################################
path: /var/log/ONAP/dcaegen2/services/pm-mapper
logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
-# Directory where TLS certs should be stored
-# if absent, no certs will be retrieved and stored
-certDirectory: /opt/app/pm-mapper/etc/cert
-
-# TLS role -- set to true if microservice acts as server
-# If true, an init container will retrieve a server cert
-# and key from AAF and mount them in certDirectory.
-tlsServer: false
-
# Dependencies
readinessCheck:
wait_for:
plain_port: 8081
port_protocol: http
-# AAF Credentials
-aafCreds:
- identity: dcae@dcae.onap.org
- password: demo123456!
-
# Data Router Subscriber Credentials
drSubscriberCreds:
username: username
password: password
credentials:
-- name: AAF_IDENTITY
- uid: *aafCredsUID
- key: login
-- name: AAF_PASSWORD
- uid: *aafCredsUID
- key: password
- name: DR_USERNAME
uid: *drSubCredsUID
key: login
# ================================ LICENSE_START =============================
# ============================================================================
# Copyright (C) 2021 Nordix Foundation.
-# Copyright (c) 2022 J. F. Lucas. All rights reserved.
+# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved.
# ============================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# Secrets Configuration.
#################################################################
secrets:
- - uid: &aafCredsUID aafcreds
- type: basicAuth
- login: '{{ .Values.aafCreds.identity }}'
- password: '{{ .Values.aafCreds.password }}'
- passwordPolicy: required
- uid: &pgUserCredsSecretUid pg-user-creds
name: &pgUserCredsSecretName '{{ include "common.release" . }}-pmsh-pg-user-creds'
type: basicAuth
password: '{{ .Values.postgres.config.pgUserPassword }}'
passwordPolicy: generate
-#################################################################
-# InitContainer Images.
-#################################################################
-tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
-
#################################################################
# Application Configuration Defaults.
#################################################################
path: /var/log/ONAP/dcaegen2/services/pmsh
logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
-# Directory where TLS certs should be stored
-# if absent, no certs will be retrieved and stored
-certDirectory: /opt/app/pmsh/etc/certs
-
-# TLS role -- set to true if microservice acts as server
-# If true, an init container will retrieve a server cert
-# and key from AAF and mount them in certDirectory.
-tlsServer: false
-
# Dependencies
readinessCheck:
wait_for:
plain_port: 8080
port_protocol: http
-# AAF Credentials
-aafCreds:
- identity: dcae@dcae.onap.org
- password: demo123456!
-
-credentials:
-- name: AAF_IDENTITY
- uid: *aafCredsUID
- key: login
-- name: AAF_PASSWORD
- uid: *aafCredsUID
- key: password
-
# Initial Application Configuration
applicationConfig:
enable_tls: false
- aaf_identity: ${AAF_IDENTITY}
- aaf_password: ${AAF_PASSWORD}
+ aaf_identity: dummy_value
+ aaf_password: dummy_value
key_path: /opt/app/pmsh/etc/certs/key.pem
cert_path: /opt/app/pmsh/etc/certs/cert.pem
ca_cert_path: /opt/app/pmsh/etc/certs/cacert.pem
#============LICENSE_START========================================================
# ================================================================================
-# Copyright (c) 2021-2022 J. F. Lucas. All rights reserved.
+# Copyright (c) 2021-2023 J. F. Lucas. All rights reserved.
# Copyright (c) 2022 Nokia. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
logstashServiceName: log-ls
logstashPort: 5044
-#################################################################
-# initContainer images.
-#################################################################
-tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
-
#################################################################
# Application configuration defaults.
#################################################################
path: /opt/app/prh/logs
logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
-# directory where TLS certs should be stored
-# if absent, no certs will be retrieved and stored
-certDirectory: /opt/app/prh/etc/cert
-
-# TLS role -- set to true if microservice acts as server
-# If true, an init container will retrieve a server cert
-# and key from AAF and mount them in certDirectory.
-tlsServer: false
-
secrets:
- uid: &aaiCredsUID aaicreds
type: basicAuth
# ================================ LICENSE_START =============================
# ============================================================================
# Copyright (c) 2021-2022 AT&T Intellectual Property. All rights reserved.
-# Copyright (c) 2022 J. F. Lucas. All rights reserved.
+# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved.
# ============================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
password: '{{ .Values.controllerCreds.password }}'
passwordPolicy: required
-
-#################################################################
-# InitContainer Images.
-#################################################################
-tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
-
#################################################################
# Application Configuration Defaults.
#################################################################
path: null # /opt/app/restconfcollector/logs
logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
-# Directory where TLS certs should be stored
-# if absent, no certs will be retrieved and stored
-certDirectory: /opt/app/dcae-certificate
-
-# TLS role -- set to true if microservice acts as server
-# If true, an init container will retrieve a server cert
-# and key from AAF and mount them in certDirectory.
-tlsServer: false
-
# Dependencies
readinessCheck:
wait_for:
# ============= LICENSE_START ================================================
# ============================================================================
# Copyright (C) 2021-2022 Wipro Limited.
-# Copyright (c) 2022 J. F. Lucas. All rights reserved.
+# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved.
# Copyright (C) 2022 Huawei Canada Limited.
# ============================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# Secrets Configuration.
#################################################################
secrets:
- - uid: &aafCredsUID aafcreds
- type: basicAuth
- login: '{{ .Values.aafCreds.identity }}'
- password: '{{ .Values.aafCreds.password }}'
- passwordPolicy: required
- uid: &pgUserCredsSecretUid pg-user-creds
name: &pgUserCredsSecretName '{{ include "common.release" . }}-sliceanalysisms-pg-user-creds'
type: basicAuth
password: '{{ .Values.postgres.config.pgUserPassword }}'
passwordPolicy: generate
-################################aafcreds#################################
-# InitContainer Image
-#################################################################
-tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
-
#################################################################
# Application Configuration Defaults.
#################################################################
path: /var/log/ONAP/dcaegen2/services/sliceanalysisms
logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
-# Directory where TLS certs should be stored
-# if absent, no certs will be retrieved and stored
-certDirectory: /opt/app/sliceanalysisms/etc/cert/
-
-# TLS role -- set to true if microservice acts as server
-# If true, an init container will retrieve a server cert
-# and key from AAF and mount them in certDirectory.
-tlsServer: false
-
# Dependencies
readinessCheck:
wait_for:
port: 8080
port_protocol: http
-# AAF Credentials
-aafCreds:
- identity: dcae@dcae.onap.org
- password: demo123456!
-
credentials:
-- name: AAF_IDENTITY
- uid: *aafCredsUID
- key: login
-- name: AAF_PASSWORD
- uid: *aafCredsUID
- key: password
- name: PG_USERNAME
uid: *pgUserCredsSecretUid
key: login
# ================================ LICENSE_START =============================
# ============================================================================
# Copyright (c) 2021 AT&T Intellectual Property. All rights reserved.
-# Copyright (c) 2022 J. F. Lucas. All rights reserved.
+# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved.
# ============================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
logstashServiceName: log-ls
logstashPort: 5044
-
-#################################################################
-# InitContainer Images.
-#################################################################
-tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
-
#################################################################
# Application Configuration Defaults.
#################################################################
path: /opt/app/snmptrap/logs
logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
-
-# TLS role -- set to true if microservice acts as server
-# If true, an init container will retrieve a server cert
-# and key from AAF and mount them in certDirectory.
-tlsServer: false
-
-
# Dependencies
readinessCheck:
wait_for:
# ============= LICENSE_START ================================================
# ============================================================================
# Copyright (C) 2021-2022 Wipro Limited.
-# Copyright (c) 2022 J. F. Lucas. All rights reserved.
+# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved.
# ============================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# Secrets Configuration.
#################################################################
secrets:
- - uid: &aafCredsUID aafcreds
- type: basicAuth
- login: '{{ .Values.aafCreds.identity }}'
- password: '{{ .Values.aafCreds.password }}'
- passwordPolicy: required
- uid: &cpsCredsUID cpscreds
type: basicAuth
login: '{{ .Values.cpsCreds.identity }}'
password: '{{ .Values.postgres.config.pgUserPassword }}'
passwordPolicy: generate
-#################################################################
-# InitContainer Images.
-#################################################################
-tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
-
#################################################################
# Application Configuration Defaults.
#################################################################
path: /var/log/ONAP/dcaegen2/services/sonhms
logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
-# Directory where TLS certs should be stored
-# if absent, no certs will be retrieved and stored
-certDirectory: /opt/app/sonhms/etc/certs
-
-# TLS role -- set to true if microservice acts as server
-# If true, an init container will retrieve a server cert
-# and key from AAF and mount them in certDirectory.
-tlsServer: false
-
# Optional Policy configuration properties
# if present, policy-sync side car will be deployed
#dcaePolicySyncImage: onap/org.onap.dcaegen2.deployments.dcae-services-policy-sync:1.0.1
port: 8080
port_protocol: http
-# AAF Credentials
-aafCreds:
- identity: dcae@dcae.onap.org
- password: demo123456!
+# Credentials
cpsCreds:
identity: cps
password: cpsr0cks!
credentials:
-- name: AAF_IDENTITY
- uid: *aafCredsUID
- key: login
-- name: AAF_PASSWORD
- uid: *aafCredsUID
- key: password
- name: CPS_IDENTITY
uid: *cpsCredsUID
key: login
#============LICENSE_START========================================================
# ================================================================================
-# Copyright (c) 2021-2022 J. F. Lucas. All rights reserved.
+# Copyright (c) 2021-2023 J. F. Lucas. All rights reserved.
# Copyright (c) 2021 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
logstashServiceName: log-ls
logstashPort: 5044
-#################################################################
-# initContainer images.
-#################################################################
-tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
-
#################################################################
# Application configuration defaults.
#################################################################
path: /opt/logs/dcae-analytics-tca
logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
-# directory where TLS certs should be stored
-# if absent, no certs will be retrieved and stored
-certDirectory: /etc/tca-gen2/ssl
-
-# TLS role -- set to true if microservice acts as server
-# If true, an init container will retrieve a server cert
-# and key from AAF and mount them in certDirectory.
-tlsServer: false
-
secrets:
- uid: &aaiCredsUID aaicreds
type: basicAuth
#============LICENSE_START========================================================
# ================================================================================
# Copyright (c) 2021-2022 Nokia. All rights reserved.
-# Copyright (c) 2021-2022 J. F. Lucas. All rights reserved.
+# Copyright (c) 2021-2023 J. F. Lucas. All rights reserved.
# Copyright (c) 2022 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
#################################################################
# initContainer images.
#################################################################
-tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
certPostProcessorImage: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.5.0
#################################################################
# if absent, no certs will be retrieved and stored
certDirectory: /opt/app/dcae-certificate
-# TLS role -- set to true if microservice acts as server
-# If true, an init container will retrieve a server cert
-# and key from AAF and mount them in certDirectory.
-tlsServer: false
-
# CMPv2 certificate
# It is used only when:
# - certDirectory is set
# ================================ LICENSE_START =============================
# ============================================================================
# Copyright (c) 2021-2022 AT&T Intellectual Property. All rights reserved.
-# Copyright (c) 2022 J. F. Lucas. All rights reserved.
+# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved.
# ============================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
logstashServiceName: log-ls
logstashPort: 5044
-#################################################################
-# InitContainer Images.
-#################################################################
-tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
-
#################################################################
# Application Configuration Defaults.
#################################################################
path: /opt/app/VESAdapter/logs
logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
-# Directory where TLS certs should be stored
-# if absent, no certs will be retrieved and stored
-#certDirectory: /opt/app/ves-mapper/etc/certs
-
-# TLS role -- set to true if microservice acts as server
-# If true, an init container will retrieve a server cert
-# and key from AAF and mount them in certDirectory.
-#tlsServer: false
-
# Dependencies
readinessCheck:
wait_for:
--- /dev/null
+{{/*
+# Copyright © 2023 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.ingress" . }}
#============LICENSE_START========================================================
# ================================================================================
# Copyright (c) 2021 ZTE Corporation Intellectual Property. All rights reserved.
+# Modifications 2023 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
port: 9104
nodePort: 93
+ingress:
+ enabled: false
+ service:
+ - baseaddr: 'holmes-api'
+ name: 'holmes-rule-mgmt'
+ port: 9101
+ - baseaddr: 'holmes-ui'
+ name: 'holmes-rule-mgmt'
+ port: 9104
+
# probe configuration parameters
liveness:
initialDelaySeconds: 10
--- /dev/null
+{{/*
+# Copyright © 2023 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.ingress" . }}
type: tls
- name: external
port: 9094
- type: nodeport
+ type: {{ if (include "common.ingressEnabled" .) }}cluster-ip{{ else }}nodeport{{ end }}
tls: true
authentication:
type: tls
configuration:
+ {{- if not (include "common.ingressEnabled" .) }}
bootstrap:
nodePort: {{ .Values.global.nodePortPrefixExt }}93
+ {{- end }}
brokers:
- broker: 0
+ advertisedHost: {{ .Values.config.advertisedHost }}
+ advertisedPort: {{ .Values.config.advertizedPortBroker0 }}
+ {{- if not (include "common.ingressEnabled" .) }}
nodePort: {{ .Values.global.nodePortPrefixExt }}90
+ {{- end }}
- broker: 1
+ advertisedHost: {{ .Values.config.advertisedHost }}
+ advertisedPort: {{ .Values.config.advertizedPortBroker1 }}
+ {{- if not (include "common.ingressEnabled" .) }}
nodePort: {{ .Values.global.nodePortPrefixExt }}91
+ {{- end }}
- broker: 2
+ advertisedHost: {{ .Values.config.advertisedHost }}
+ advertisedPort: {{ .Values.config.advertizedPortBroker2 }}
+ {{- if not (include "common.ingressEnabled" .) }}
nodePort: {{ .Values.global.nodePortPrefixExt }}92
+ {{- end }}
authorization:
type: {{ .Values.config.authType }}
superUsers:
saslMechanism: &saslMech scram-sha-512
kafkaInternalPort: &plainPort 9092
strimziKafkaAdminUser: &adminUser strimzi-kafka-admin
+ advertisedHost: kafka-api.simpledemo.onap.org
+ advertizedPortBroker0: &advertizedPortBroker0 9000
+ advertizedPortBroker1: &advertizedPortBroker1 9001
+ advertizedPortBroker2: &advertizedPortBroker2 9002
persistence:
enabled: &pvenabled true
roles:
- read
+ingress:
+ enabled: false
+ service:
+ - baseaddr: "kafka-bootstrap-api"
+ name: "onap-strimzi-kafka-external-bootstrap"
+ port: 9094
+ exposedPort: 9010
+ exposedProtocol: TLS
+ - baseaddr: "kafka-0-api"
+ name: "onap-strimzi-kafka-0"
+ port: 9094
+ exposedPort: *advertizedPortBroker0
+ exposedProtocol: TLS
+ - baseaddr: "kafka-1-api"
+ name: "onap-strimzi-kafka-1"
+ port: 9094
+ exposedPort: *advertizedPortBroker1
+ exposedProtocol: TLS
+ - baseaddr: "kafka-2-api"
+ name: "onap-strimzi-kafka-2"
+ port: 9094
+ exposedPort: *advertizedPortBroker2
+ exposedProtocol: TLS
+
######################
# Component overrides
######################