Istanbul 1.19.11 3.6.3 1.19.11 19.03.x 1.5.4
============== =========== ======= ======== ======== ============
-.. note::
- Guilin version also supports Kubernetes up to version 1.19.x and should work
- with Helm with version up to 3.3.x but has not been thoroughly tested.
-
Minimum Hardware Configuration
==============================
.. _Kubernetes LoadBalancer: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer
.. _user-guide-label:
-OOM User Guide helm3 (experimental)
-###################################
+OOM User Guide
+##############
The ONAP Operations Manager (OOM) provide the ability to manage the entire
life-cycle of an ONAP installation, from the initial deployment to final
on other O/Ss), the Kubernetes command line interface used to manage a
Kubernetes cluster::
- > curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.15.11/bin/linux/amd64/kubectl
+ > curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.19.11/bin/linux/amd64/kubectl
> chmod +x ./kubectl
> sudo mv ./kubectl /usr/local/bin/kubectl
> mkdir ~/.kube
Helm is used by OOM for package and configuration management. To install Helm,
enter the following::
- > wget https://get.helm.sh/helm-v3.5.2-linux-amd64.tar.gz
- > tar -zxvf helm-v3.5.2-linux-amd64.tar.gz
+ > wget https://get.helm.sh/helm-v3.6.3-linux-amd64.tar.gz
+ > tar -zxvf helm-v3.6.3-linux-amd64.tar.gz
> sudo mv linux-amd64/helm /usr/local/bin/helm
Verify the Helm version with::
echo "*** change ownership of certificates to targeted user"
chown -R 1000 .
-image: onap/ccsdk-oran-a1policymanagementservice:1.2.1
+image: onap/ccsdk-oran-a1policymanagementservice:1.2.3
userID: 1000 #Should match with image-defined user ID
groupID: 999 #Should match with image-defined group ID
pullPolicy: IfNotPresent
subPath: babel-auth.properties
- mountPath: /opt/app/babel/config/auth
name: {{ include "common.fullname" . }}-secrets
- - mountPath: /var/log/onap
- name: {{ include "common.fullname" . }}-logs
+ - mountPath: {{ .Values.log.path }}
+ name: logs
- mountPath: /opt/app/babel/config/logback.xml
name: {{ include "common.fullname" . }}-config
subPath: logback.xml
{{- end }}
# side car containers
- - name: filebeat-onap
- image: {{ include "repositoryGenerator.image.logging" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- name: filebeat-conf
- - mountPath: /var/log/onap
- name: {{ include "common.fullname" . }}-logs
- - mountPath: /usr/share/filebeat/data
- name: aai-filebeat
+ {{ include "common.log.sidecar" . | nindent 8 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
- name: {{ include "common.fullname" . }}-secrets
secret:
secretName: {{ include "common.fullname" . }}-babel-secrets
- - name: filebeat-conf
- configMap:
- name: aai-filebeat
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- - name: aai-filebeat
+ - name: logs
emptyDir: {}
+ {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 8 }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
nameOverride: aai-babel
roles:
- read
+
+#Log configuration
+log:
+ path: /var/log/onap
+logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
name: {{ include "common.fullname" . }}-config
subPath: aaiconfig.properties
- mountPath: /opt/aai/logroot/AAI-RES
- name: {{ include "common.fullname" . }}-logs
+ name: logs
- mountPath: /opt/app/aai-graphadmin/resources/logback.xml
name: {{ include "common.fullname" . }}-config
subPath: logback.xml
{{- end }}
# side car containers
- - name: filebeat-onap
- image: {{ include "repositoryGenerator.image.logging" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- name: filebeat-conf
- - mountPath: /var/log/onap
- name: {{ include "common.fullname" . }}-logs
- - mountPath: /usr/share/filebeat/data
- name: {{ include "common.fullname" . }}-filebeat
+ {{ include "common.log.sidecar" . | nindent 6 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
path: /etc/localtime
- - name: filebeat-conf
- configMap:
- name: aai-filebeat
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-filebeat
+ - name: logs
emptyDir: {}
+ {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
- name: {{ include "common.fullname" . }}-config
configMap:
name: {{ include "common.fullname" . }}-configmap
- name: localtime
hostPath:
path: /etc/localtime
- - name: filebeat-conf
- configMap:
- name: aai-filebeat
+ {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
- name: {{ include "common.fullname" . }}-config
- name: localtime
hostPath:
path: /etc/localtime
- - name: filebeat-conf
- configMap:
- name: aai-filebeat
+ {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 8 }}
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
- name: {{ include "common.fullname" . }}-config
nameOverride: aai-graphadmin
roles:
- read
+#Log configuration
+log:
+ path: /var/log/onap
+logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
name: {{ include "common.fullname" . }}-prop-config
- mountPath: /opt/app/model-loader/config/auth/
name: {{ include "common.fullname" . }}-auth-config
- - mountPath: /var/log/onap
- name: {{ include "common.fullname" . }}-logs
+ - mountPath: {{ .Values.log.path }}
+ name: logs
- mountPath: /opt/app/model-loader/logback.xml
name: {{ include "common.fullname" . }}-log-conf
subPath: logback.xml
{{ include "common.resources" . }}
# side car containers
- - name: filebeat-onap
- image: {{ include "repositoryGenerator.image.logging" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- name: filebeat-conf
- - mountPath: /var/log/onap
- name: {{ include "common.fullname" . }}-logs
- - mountPath: /usr/share/filebeat/data
- name: aai-filebeat
- resources:
-{{ include "common.resources" . }}
+ {{ include "common.log.sidecar" . | nindent 6 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
- name: {{ include "common.fullname" . }}-auth-config
secret:
secretName: {{ include "common.fullname" . }}
- - name: filebeat-conf
- configMap:
- name: aai-filebeat
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- - name: aai-filebeat
+ - name: logs
emptyDir: {}
+ {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
- name: {{ include "common.fullname" . }}-log-conf
configMap:
name: {{ include "common.fullname" . }}-log
global: # global defaults
nodePortPrefix: 302
-
# application image
image: onap/model-loader:1.9.1
pullPolicy: Always
nameOverride: aai-modelloader
roles:
- read
+
+#Log configuration
+log:
+ path: /var/log/onap
+logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
name: {{ include "common.fullname" . }}-config
subPath: aaiconfig.properties
- mountPath: /opt/aai/logroot/AAI-RES
- name: {{ include "common.fullname" . }}-logs
+ name: logs
- mountPath: /opt/app/aai-resources/resources/logback.xml
name: {{ include "common.fullname" . }}-config
subPath: logback.xml
affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
# side car containers
- - name: filebeat-onap
- image: {{ include "repositoryGenerator.image.logging" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- name: filebeat-conf
- - mountPath: /var/log/onap
- name: {{ include "common.fullname" . }}-logs
- - mountPath: /usr/share/filebeat/data
- name: {{ include "common.fullname" . }}-filebeat
- resources: {{ include "common.resources" . | nindent 12 }}
+ {{ include "common.log.sidecar" . | nindent 6 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: localtime
hostPath:
path: /etc/localtime
- - name: filebeat-conf
- configMap:
- name: aai-filebeat
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-filebeat
+ - name: logs
emptyDir: {}
+ {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
- name: {{ include "common.fullname" . }}-config
configMap:
name: {{ include "common.fullname" . }}
nameOverride: aai-resources
roles:
- read
+
+#Log configuration
+log:
+ path: /var/log/onap
+logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
name: aaiconfig-conf
subPath: aaiconfig.properties
- mountPath: /opt/aai/logroot/AAI-SS
- name: {{ include "common.fullname" . }}-logs
+ name: logs
- mountPath: /opt/app/aai-schema-service/resources/logback.xml
name: {{ include "common.fullname" . }}-log-conf
subPath: logback.xml
{{- end }}
# side car containers
- - name: filebeat-onap
- image: {{ include "repositoryGenerator.image.logging" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- name: filebeat-conf
- - mountPath: /var/log/onap
- name: {{ include "common.fullname" . }}-logs
- - mountPath: /usr/share/filebeat/data
- name: {{ include "common.fullname" . }}-filebeat
+ {{ include "common.log.sidecar" . | nindent 6 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: aai-common-aai-auth-mount
- name: localtime
hostPath:
path: /etc/localtime
- - name: filebeat-conf
- configMap:
- name: aai-filebeat
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-filebeat
+ - name: logs
emptyDir: {}
+ {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
- name: {{ include "common.fullname" . }}-log-conf
configMap:
name: {{ include "common.fullname" . }}-log
nameOverride: aai-schema-service
roles:
- read
+
+#Log configuration
+log:
+ path: /var/log/onap
+logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
name: portal-config
- mountPath: /opt/app/sparky/config/portal/BOOT-INF/classes/
name: portal-config-props
- - mountPath: /var/log/onap
+ - mountPath: {{ .Values.log.path }}
name: logs
- mountPath: /opt/app/sparky/config/application.properties
name: config
{{- end }}
# side car containers
- - name: filebeat-onap
- image: {{ include "repositoryGenerator.image.logging" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- name: filebeat-conf
- - mountPath: /var/log/onap
- name: logs
- - mountPath: /usr/share/filebeat/data
- name: aai-sparky-filebeat
- resources:
-{{ include "common.resources" . }}
+ {{ include "common.log.sidecar" . | nindent 6 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: localtime
- name: auth-config
secret:
secretName: {{ include "common.fullname" . }}
- - name: filebeat-conf
- configMap:
- name: aai-filebeat
- name: logs
emptyDir: {}
- - name: aai-sparky-filebeat
- emptyDir: {}
+ {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
- name: modeldir
emptyDir: {}
restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }}
nameOverride: aai-sparky-be
roles:
- read
+
+#Log configuration
+log:
+ path: /var/log/onap
+logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
name: {{ include "common.fullname" . }}-config
subPath: aaiconfig.properties
- mountPath: /opt/aai/logroot/AAI-GQ
- name: {{ include "common.fullname" . }}-logs
+ name: logs
- mountPath: /opt/aai/logroot/AAI-GQ/misc
name: {{ include "common.fullname" . }}-logs-misc
- mountPath: /opt/app/aai-traversal/resources/logback.xml
{{- end }}
# side car containers
- - name: filebeat-onap
- image: {{ include "repositoryGenerator.image.logging" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- name: filebeat-conf
- - mountPath: /var/log/onap
- name: {{ include "common.fullname" . }}-logs
- - mountPath: /usr/share/filebeat/data
- name: {{ include "common.fullname" . }}-filebeat
- resources:
-{{ include "common.resources" . }}
+ {{ include "common.log.sidecar" . | nindent 6 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: localtime
hostPath:
path: /etc/localtime
- - name: filebeat-conf
- configMap:
- name: aai-filebeat
- - name: {{ include "common.fullname" . }}-logs
+ - name: logs
emptyDir: {}
- name: {{ include "common.fullname" . }}-logs-misc
emptyDir: {}
- - name: {{ include "common.fullname" . }}-filebeat
- emptyDir: {}
+ {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
- name: {{ include "common.fullname" . }}-config
configMap:
name: {{ include "common.fullname" . }}
- name: localtime
hostPath:
path: /etc/localtime
- - name: filebeat-conf
- configMap:
- name: aai-filebeat
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
- name: {{ include "common.fullname" . }}-logs-misc
emptyDir: {}
- - name: {{ include "common.fullname" . }}-filebeat
- emptyDir: {}
+ {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
- name: {{ include "common.fullname" . }}-config
configMap:
name: {{ include "common.fullname" . }}
nameOverride: aai-traversal
roles:
- read
+
+#Log configuration
+log:
+ path: /var/log/onap
+logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
# this is a shared resource for subcharts
*/}}
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: aai-filebeat
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/log/filebeat/*").AsConfig . | indent 2 }}
+{{ include "common.log.configMap" . }}
---
apiVersion: v1
kind: ConfigMap
type: Opaque
data:
{{ tpl (.Files.Glob "resources/config/rproxy/security/*").AsSecrets . | indent 2 }}
-{{ end }}
\ No newline at end of file
+{{ end }}
aafEnabled: true
msbEnabled: true
+ centralizedLoggingEnabled: true
cassandra:
#This will instantiate AAI cassandra cluster, default:shared cassandra.
# since when this is enabled, it prints a lot of information to console
enabled: false
+aai-babel:
+ logConfigMapNamePrefix: '{{ include "common.release" . }}-aai'
+aai-graphadmin:
+ logConfigMapNamePrefix: '{{ include "common.release" . }}-aai'
+aai-modelloader:
+ logConfigMapNamePrefix: '{{ include "common.release" . }}-aai'
+aai-resources:
+ logConfigMapNamePrefix: '{{ include "common.release" . }}-aai'
+aai-schema-service:
+ logConfigMapNamePrefix: '{{ include "common.release" . }}-aai'
+aai-sparky-be:
+ logConfigMapNamePrefix: '{{ include "common.release" . }}-aai'
+aai-traversal:
+ logConfigMapNamePrefix: '{{ include "common.release" . }}-aai'
+
#################################################################
# Certificate configuration
#################################################################
mountPath: {{ .Values.log.path }}
- name: filebeat-data
mountPath: /usr/share/filebeat/data
+ resources:
+ requests:
+ memory: "5Mi"
+ cpu: "10m"
+ limits:
+ memory: "20Mi"
+ cpu: "100m"
{{- end -}}
{{- end -}}
{{- define "common.log.volumes" -}}
-{{- if .Values.global.centralizedLoggingEnabled }}
+{{- $dot := default . .dot }}
+{{- if $dot.Values.global.centralizedLoggingEnabled }}
+{{- $configMapName := printf "%s-filebeat" (default (include "common.fullname" $dot) .configMapNamePrefix) }}
- name: filebeat-conf
configMap:
- name: {{ include "common.fullname" . }}-filebeat
+ name: {{ $configMapName }}
- name: filebeat-data
emptyDir: {}
{{- end -}}
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-dgbuilder-image:1.2.1
+image: onap/ccsdk-dgbuilder-image:1.2.2
pullPolicy: Always
# flag to enable debugging - application support required
value: "{{ .Values.config.aaiUri }}"
- name: AAI_AUTH
value: "{{ .Values.config.aaiAuth }}"
+ - name: DISABLE_HOST_VERIFICATION
+ value: "{{ .Values.config.disableHostVerification }}"
volumeMounts:
- name: certs
mountPath: /opt/etc/config/aai_keystore
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-apps-ms-neng:1.2.0
+image: onap/ccsdk-apps-ms-neng:1.2.1
pullPolicy: IfNotPresent
# application configuration
polUrl: https://policy-xacml-pdp:6969/policy/pdpx/v1/decision
polEnv: TEST
polReqId: xx
+ disableHostVerification: true
aaiCertPass: changeit
aaiCertPath: /opt/etc/config/aai_keystore
aaiAuth: QUFJOkFBSQ==
ports:
- name: &port http
port: *svc_port
- - name: management
+ - name: http-management
port: *mgt_port
targetPort: *mgt_port
metrics:
serviceMonitor:
enabled: true
- port: management
+ port: http-management
## specify target port if name is not given to the port in the service definition
##
# targetPort: 8080
- name: http
port: *svc_port
targetPort: *svc_port
- - name: management
+ - name: http-management
port: *mgt_port
targetPort: *mgt_port
metrics:
serviceMonitor:
enabled: true
- port: management
+ port: http-management
## specify target port if name is not given to the port in the service definition
##
# targetPort: 8080
dmi:
service:
- name: {{ .Values.config.dmiServiceName }}
+ url: {{ .Values.config.dmiServiceUrl }}
cps-core:
baseUrl: {{ .Values.config.cpsCore.url }}
virtualhost:
baseurl: "simpledemo.onap.org"
-image: onap/ncmp-dmi-plugin:1.0.0
+image: onap/ncmp-dmi-plugin:1.0.1
containerPort: &svc_port 8080
managementPort: &mgt_port 8081
ports:
- name: &port http
port: *svc_port
- - name: management
+ - name: http-management
port: *mgt_port
targetPort: *mgt_port
metrics:
serviceMonitor:
enabled: true
- port: management
+ port: http-management
## specify target port if name is not given to the port in the service definition
##
# targetPort: 8080
spring:
profile: helm
- dmiServiceName: http://*svc_name:*svc_port
+ dmiServiceUrl: http://*svc_name:*svc_port
sdnc:
url: http://sdnc:8181
username: admin
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.services.son-handler:2.1.4
+image: onap/org.onap.dcaegen2.services.son-handler:2.1.5
pullPolicy: Always
# Log directory where logging sidecar should look for log files
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
restartPolicy: Never
containers:
- name: dcae-cleanup
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.cleanupImage }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
\ No newline at end of file
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: repositoryGenerator
version: ~9.x-0
repository: '@local'
+
- name: repositoryGenerator
version: ~9.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~9.x-0
+ repository: '@local'
annotations:
sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
spec:
- serviceAccountName: msb
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
fsGroup: 1000
runAsUser: 100
runAsGroup: 1000
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: msb-consul
+ roles:
+ - read
- name: repositoryGenerator
version: ~9.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~9.x-0
+ repository: '@local'
annotations:
sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
spec:
- serviceAccountName: msb
initContainers:
- command:
- /app/ready.py
- mountPath: /opt/ajsc/etc/config/logback.xml
name: {{ include "common.fullname" . }}-log-conf
subPath: logback.xml
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: {{ include "common.fullname" . }}-log-conf
configMap:
cpu: 400m
memory: 400Mi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: msb-discovery
+ roles:
+ - read
- name: certInitializer
version: ~9.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~9.x-0
+ repository: '@local'
annotations:
sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
spec:
- serviceAccountName: msb
initContainers:
{{ include "common.certInitializer.initContainer" . | indent 6 | trim }}
- command:
- mountPath: /opt/ajsc/etc/config/logback.xml
name: {{ include "common.fullname" . }}-log-conf
subPath: logback.xml
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
{{ include "common.certInitializer.volumes" . | indent 8 | trim }}
- name: {{ include "common.fullname" . }}-log-conf
cpu: 200m
memory: 400Mi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: msb-eag
+ roles:
+ - read
- name: certInitializer
version: ~9.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~9.x-0
+ repository: '@local'
annotations:
sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
spec:
- serviceAccountName: msb
initContainers:
{{ include "common.certInitializer.initContainer" . | indent 6 | trim }}
- command:
- mountPath: /opt/ajsc/etc/config/logback.xml
name: {{ include "common.fullname" . }}-log-conf
subPath: logback.xml
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
{{ include "common.certInitializer.volumes" . | indent 8 | trim }}
- name: {{ include "common.fullname" . }}-log-conf
cpu: 100m
memory: 400Mi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: msb-iag
+ roles:
+ - read
level: "DEBUG"
class: "logging.handlers.RotatingFileHandler"
filename: "/var/log/onap/multicloud/openstack/fcaps/fcaps.log"
- formatter: "mdcFormat"
+ formatter: "standard"
maxBytes: 52428800
backupCount: 10
formatters:
standard:
format: "%(asctime)s|||||%(name)s||%(thread)||%(funcName)s||%(levelname)s||%(message)s"
- mdcFormat:
- format: "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t"
- mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}"
- datefmt: "%Y-%m-%d %H:%M:%S"
- (): onaplogging.mdcformatter.MDCFormatter
# Application configuration defaults.
#################################################################
# application image
-image: onap/multicloud/openstack-fcaps:1.5.5
+image: onap/multicloud/openstack-fcaps:1.5.6
pullPolicy: Always
#Istio sidecar injection policy
global:
nodePortPrefixExt: 304
persistence: {}
- artifactImage: onap/multicloud/framework-artifactbroker:1.7.0
+ artifactImage: onap/multicloud/framework-artifactbroker:1.7.1
#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/multicloud/k8s:0.9.1
+image: onap/multicloud/k8s:0.9.3
pullPolicy: Always
# flag to enable debugging - application support required
level: "DEBUG"
class: "logging.handlers.RotatingFileHandler"
filename: "/var/log/onap/multicloud/openstack/pike/pike.log"
- formatter: "mdcFormat"
+ formatter: "standard"
maxBytes: 52428800
backupCount: 10
formatters:
standard:
format: "%(asctime)s|||||%(name)s||%(thread)||%(funcName)s||%(levelname)s||%(message)s"
- mdcFormat:
- format: "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t"
- mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}"
- datefmt: "%Y-%m-%d %H:%M:%S"
- (): onaplogging.mdcformatter.MDCFormatter
{{ include "common.resources" . | indent 12 }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command: ["/bin/sh"]
+ args: ["-c", "/bin/sh /opt/pike/run.sh"]
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
# Application configuration defaults.
#################################################################
# application image
-image: onap/multicloud/openstack-pike:1.5.5
+image: onap/multicloud/openstack-pike:1.5.6
pullPolicy: Always
#Istio sidecar injection policy
level: "DEBUG"
class: "logging.handlers.RotatingFileHandler"
filename: "/var/log/onap/multicloud/openstack/starlingx/starlingx.log"
- formatter: "mdcFormat"
+ formatter: "standard"
maxBytes: 52428800
backupCount: 10
formatters:
standard:
format: "%(asctime)s|||||%(name)s||%(thread)||%(funcName)s||%(levelname)s||%(message)s"
- mdcFormat:
- format: "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t"
- mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}"
- datefmt: "%Y-%m-%d %H:%M:%S"
- (): onaplogging.mdcformatter.MDCFormatter
#################################################################
global:
nodePortPrefixExt: 304
- artifactImage: onap/multicloud/framework-artifactbroker:1.6.0
+ artifactImage: onap/multicloud/framework-artifactbroker:1.7.1
#################################################################
# Application configuration defaults.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/multicloud/openstack-starlingx:1.5.5
+image: onap/multicloud/openstack-starlingx:1.5.6
pullPolicy: Always
#Istio sidecar injection policy
level: "DEBUG"
class: "logging.handlers.RotatingFileHandler"
filename: "/var/log/onap/multicloud/openstack/windriver/titanium_cloud.log"
- formatter: "mdcFormat"
+ formatter: "standard"
maxBytes: 52428800
backupCount: 10
formatters:
standard:
format: "%(asctime)s|||||%(name)s||%(thread)||%(funcName)s||%(levelname)s||%(message)s"
- mdcFormat:
- format: "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t"
- mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}"
- datefmt: "%Y-%m-%d %H:%M:%S"
- (): onaplogging.mdcformatter.MDCFormatter
#################################################################
global:
nodePortPrefix: 302
- artifactImage: onap/multicloud/framework-artifactbroker:1.6.0
+ artifactImage: onap/multicloud/framework-artifactbroker:1.7.1
persistence: {}
#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/multicloud/openstack-windriver:1.5.5
+image: onap/multicloud/openstack-windriver:1.5.6
pullPolicy: Always
#Istio sidecar injection policy
level: "DEBUG"
class: "logging.handlers.RotatingFileHandler"
filename: "/var/log/onap/multicloud/multivimbroker/multivimbroker.log"
- formatter: "mdcFormat"
+ formatter: "standard"
maxBytes: 52428800
backupCount: 10
formatters:
standard:
format: "%(asctime)s|||||%(name)s||%(thread)||%(funcName)s||%(levelname)s||%(message)s"
- mdcFormat:
- format: "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t"
- mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}"
- datefmt: "%Y-%m-%d %H:%M:%S"
- (): onaplogging.mdcformatter.MDCFormatter
#################################################################
global:
nodePortPrefix: 302
- artifactImage: onap/multicloud/framework-artifactbroker:1.7.0
+ artifactImage: onap/multicloud/framework-artifactbroker:1.7.1
prometheus:
enabled: false
persistence: {}
# Application configuration defaults.
#################################################################
# application image
-image: onap/multicloud/framework:1.7.0
+image: onap/multicloud/framework:1.7.1
pullPolicy: Always
#Istio sidecar injection policy
- name: repositoryGenerator
version: ~9.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~9.x-0
+ repository: '@local'
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: localtime
hostPath:
cpu: 200m
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: nbi
+ roles:
+ - read
sources:
- https://gerrit.onap.org/r/#/admin/projects/
icon: https://wiki.onap.org/download/thumbnails/1015829/onap_704x271%20copy.png?version=1&modificationDate=1488326334000&api=v2
-kubeVersion: ">=1.19"
+kubeVersion: ">=1.19.0-0"
- name: repositoryGenerator
version: ~9.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~9.x-0
+ repository: '@local'
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
{{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: localtime
port: 8091
config:
ssl: "redirect"
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: oof-has-api
+ roles:
+ - read
- name: repositoryGenerator
version: ~9.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~9.x-0
+ repository: '@local'
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
readiness:
initialDelaySeconds: 10
periodSeconds: 10
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: oof-has-controller
+ roles:
+ - read
- name: repositoryGenerator
version: ~9.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~9.x-0
+ repository: '@local'
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
readiness:
initialDelaySeconds: 10
periodSeconds: 10
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: oof-has-data
+ roles:
+ - read
- name: repositoryGenerator
version: ~9.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~9.x-0
+ repository: '@local'
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
readiness:
initialDelaySeconds: 10
periodSeconds: 10
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: oof-has-reservation
+ roles:
+ - read
- name: repositoryGenerator
version: ~9.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~9.x-0
+ repository: '@local'
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
readiness:
initialDelaySeconds: 10
periodSeconds: 10
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: oof-has-solver
+ roles:
+ - read
- name: repositoryGenerator
version: ~9.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~9.x-0
+ repository: '@local'
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
-
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
{{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: localtime
oof-has:
enabled: true
certSecret: *oof-certs
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: oof
+ roles:
+ - read
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-apex-pdp:2.6.0
+image: onap/policy-apex-pdp:2.6.1
pullPolicy: Always
# flag to enable debugging - application support required
passwordPolicy: required
- uid: restserver-creds
type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}'
+ externalSecret: '{{ tpl (default "" .Values.restServer.apiUserExternalSecret) . }}'
login: '{{ .Values.restServer.user }}'
password: '{{ .Values.restServer.password }}'
passwordPolicy: required
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-api:2.5.0
+image: onap/policy-api:2.5.1
pullPolicy: Always
# flag to enable debugging - application support required
restServer:
user: healthcheck
- password: zb!XztG34
+ password: none
# default number of instances
replicaCount: 1
#AAF related parameters
clamp.config.cadi.aafLocateUrl=https://aaf-locate.{{ include "common.namespace" . }}:8095
+
+# Configuration settings for ControlLoop Runtime Rest API
+clamp.config.controlloop.runtime.url=http://policy-clamp-cl-runtime.{{ include "common.namespace" . }}:6969
+clamp.config.controlloop.runtime.userName=${RUNTIME_USER}
+clamp.config.controlloop.runtime.password=${RUNTIME_PASSWORD}
+
-
- create table dictionary (
- name varchar(255) not null,
- created_by varchar(255),
- created_timestamp datetime(6) not null,
- updated_by varchar(255),
- updated_timestamp datetime(6) not null,
- dictionary_second_level integer,
- dictionary_type varchar(255),
- primary key (name)
- ) engine=InnoDB;
-
- create table dictionary_elements (
- short_name varchar(255) not null,
- created_by varchar(255),
- created_timestamp datetime(6) not null,
- updated_by varchar(255),
- updated_timestamp datetime(6) not null,
- description varchar(255) not null,
- name varchar(255) not null,
- subdictionary_name varchar(255),
- type varchar(255) not null,
- primary key (short_name)
+/*
+ * ============LICENSE_START=======================================================
+ * Copyright (C) 2021 Nordix Foundation
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * ============LICENSE_END=========================================================
+ */
+
+create table if not exists dictionary (
+ name varchar(255) not null,
+ created_by varchar(255),
+ created_timestamp datetime(6) not null,
+ updated_by varchar(255),
+ updated_timestamp datetime(6) not null,
+ dictionary_second_level integer,
+ dictionary_type varchar(255),
+ primary key (name)
) engine=InnoDB;
- create table dictionary_to_dictionaryelements (
- dictionary_name varchar(255) not null,
- dictionary_element_short_name varchar(255) not null,
- primary key (dictionary_name, dictionary_element_short_name)
+create table if not exists dictionary_elements (
+ short_name varchar(255) not null,
+ created_by varchar(255),
+ created_timestamp datetime(6) not null,
+ updated_by varchar(255),
+ updated_timestamp datetime(6) not null,
+ description varchar(255) not null,
+ name varchar(255) not null,
+ subdictionary_name varchar(255),
+ type varchar(255) not null,
+ primary key (short_name)
) engine=InnoDB;
- create table hibernate_sequence (
- next_val bigint
+create table if not exists dictionary_to_dictionaryelements (
+ dictionary_name varchar(255) not null,
+ dictionary_element_short_name varchar(255) not null,
+ primary key (dictionary_name, dictionary_element_short_name)
) engine=InnoDB;
- insert into hibernate_sequence values ( 1 );
-
- create table loop_element_models (
- name varchar(255) not null,
- created_by varchar(255),
- created_timestamp datetime(6) not null,
- updated_by varchar(255),
- updated_timestamp datetime(6) not null,
- blueprint_yaml MEDIUMTEXT,
- dcae_blueprint_id varchar(255),
- loop_element_type varchar(255) not null,
- short_name varchar(255),
- primary key (name)
+create table if not exists hibernate_sequence (
+ next_val bigint
+) engine=InnoDB;
+
+insert into hibernate_sequence values ( 1 );
+
+create table if not exists loop_element_models (
+ name varchar(255) not null,
+ created_by varchar(255),
+ created_timestamp datetime(6) not null,
+ updated_by varchar(255),
+ updated_timestamp datetime(6) not null,
+ blueprint_yaml MEDIUMTEXT,
+ dcae_blueprint_id varchar(255),
+ loop_element_type varchar(255) not null,
+ short_name varchar(255),
+ primary key (name)
) engine=InnoDB;
- create table loop_logs (
- id bigint not null,
- log_component varchar(255) not null,
- log_instant datetime(6) not null,
- log_type varchar(255) not null,
- message MEDIUMTEXT not null,
- loop_id varchar(255) not null,
- primary key (id)
+create table if not exists loop_logs (
+ id bigint not null,
+ log_component varchar(255) not null,
+ log_instant datetime(6) not null,
+ log_type varchar(255) not null,
+ message MEDIUMTEXT not null,
+ loop_id varchar(255) not null,
+ primary key (id)
) engine=InnoDB;
- create table loop_templates (
- name varchar(255) not null,
- created_by varchar(255),
- created_timestamp datetime(6) not null,
- updated_by varchar(255),
- updated_timestamp datetime(6) not null,
- allowed_loop_type varchar(255),
- blueprint_yaml MEDIUMTEXT,
- dcae_blueprint_id varchar(255),
- maximum_instances_allowed integer,
- svg_representation MEDIUMTEXT,
- unique_blueprint boolean default false,
- service_uuid varchar(255),
- primary key (name)
+create table if not exists loop_templates (
+ name varchar(255) not null,
+ created_by varchar(255),
+ created_timestamp datetime(6) not null,
+ updated_by varchar(255),
+ updated_timestamp datetime(6) not null,
+ allowed_loop_type varchar(255),
+ blueprint_yaml MEDIUMTEXT,
+ dcae_blueprint_id varchar(255),
+ maximum_instances_allowed integer,
+ svg_representation MEDIUMTEXT,
+ unique_blueprint boolean default false,
+ service_uuid varchar(255),
+ primary key (name)
) engine=InnoDB;
- create table loopelementmodels_to_policymodels (
- loop_element_name varchar(255) not null,
- policy_model_type varchar(255) not null,
- policy_model_version varchar(255) not null,
- primary key (loop_element_name, policy_model_type, policy_model_version)
+create table if not exists loopelementmodels_to_policymodels (
+ loop_element_name varchar(255) not null,
+ policy_model_type varchar(255) not null,
+ policy_model_version varchar(255) not null,
+ primary key (loop_element_name, policy_model_type, policy_model_version)
) engine=InnoDB;
- create table loops (
- name varchar(255) not null,
- created_by varchar(255),
- created_timestamp datetime(6) not null,
- updated_by varchar(255),
- updated_timestamp datetime(6) not null,
- dcae_deployment_id varchar(255),
- dcae_deployment_status_url varchar(255),
- global_properties_json json,
- last_computed_state varchar(255) not null,
- svg_representation MEDIUMTEXT,
- loop_template_name varchar(255) not null,
- service_uuid varchar(255),
- primary key (name)
+create table if not exists loops (
+ name varchar(255) not null,
+ created_by varchar(255),
+ created_timestamp datetime(6) not null,
+ updated_by varchar(255),
+ updated_timestamp datetime(6) not null,
+ dcae_deployment_id varchar(255),
+ dcae_deployment_status_url varchar(255),
+ global_properties_json json,
+ last_computed_state varchar(255) not null,
+ svg_representation MEDIUMTEXT,
+ loop_template_name varchar(255) not null,
+ service_uuid varchar(255),
+ primary key (name)
) engine=InnoDB;
- create table loops_to_microservicepolicies (
- loop_name varchar(255) not null,
- microservicepolicy_name varchar(255) not null,
- primary key (loop_name, microservicepolicy_name)
+create table if not exists loops_to_microservicepolicies (
+ loop_name varchar(255) not null,
+ microservicepolicy_name varchar(255) not null,
+ primary key (loop_name, microservicepolicy_name)
) engine=InnoDB;
- create table looptemplates_to_loopelementmodels (
- loop_element_model_name varchar(255) not null,
- loop_template_name varchar(255) not null,
- flow_order integer not null,
- primary key (loop_element_model_name, loop_template_name)
+create table if not exists looptemplates_to_loopelementmodels (
+ loop_element_model_name varchar(255) not null,
+ loop_template_name varchar(255) not null,
+ flow_order integer not null,
+ primary key (loop_element_model_name, loop_template_name)
) engine=InnoDB;
- create table micro_service_policies (
- name varchar(255) not null,
- created_by varchar(255),
- created_timestamp datetime(6) not null,
- updated_by varchar(255),
- updated_timestamp datetime(6) not null,
- configurations_json json,
- json_representation json not null,
- pdp_group varchar(255),
- pdp_sub_group varchar(255),
- context varchar(255),
- dcae_blueprint_id varchar(255),
- dcae_deployment_id varchar(255),
- dcae_deployment_status_url varchar(255),
- device_type_scope varchar(255),
- shared bit not null,
- loop_element_model_id varchar(255),
- policy_model_type varchar(255),
- policy_model_version varchar(255),
- primary key (name)
+create table if not exists micro_service_policies (
+ name varchar(255) not null,
+ created_by varchar(255),
+ created_timestamp datetime(6) not null,
+ updated_by varchar(255),
+ updated_timestamp datetime(6) not null,
+ configurations_json json,
+ json_representation json not null,
+ pdp_group varchar(255),
+ pdp_sub_group varchar(255),
+ context varchar(255),
+ dcae_blueprint_id varchar(255),
+ dcae_deployment_id varchar(255),
+ dcae_deployment_status_url varchar(255),
+ device_type_scope varchar(255),
+ shared bit not null,
+ loop_element_model_id varchar(255),
+ policy_model_type varchar(255),
+ policy_model_version varchar(255),
+ primary key (name)
) engine=InnoDB;
- create table operational_policies (
- name varchar(255) not null,
- created_by varchar(255),
- created_timestamp datetime(6) not null,
- updated_by varchar(255),
- updated_timestamp datetime(6) not null,
- configurations_json json,
- json_representation json not null,
- pdp_group varchar(255),
- pdp_sub_group varchar(255),
- loop_element_model_id varchar(255),
- policy_model_type varchar(255),
- policy_model_version varchar(255),
- loop_id varchar(255) not null,
- primary key (name)
+create table if not exists operational_policies (
+ name varchar(255) not null,
+ created_by varchar(255),
+ created_timestamp datetime(6) not null,
+ updated_by varchar(255),
+ updated_timestamp datetime(6) not null,
+ configurations_json json,
+ json_representation json not null,
+ pdp_group varchar(255),
+ pdp_sub_group varchar(255),
+ loop_element_model_id varchar(255),
+ policy_model_type varchar(255),
+ policy_model_version varchar(255),
+ loop_id varchar(255) not null,
+ primary key (name)
) engine=InnoDB;
- create table policy_models (
- policy_model_type varchar(255) not null,
- version varchar(255) not null,
- created_by varchar(255),
- created_timestamp datetime(6) not null,
- updated_by varchar(255),
- updated_timestamp datetime(6) not null,
- policy_acronym varchar(255),
- policy_tosca MEDIUMTEXT,
- policy_pdp_group json,
- primary key (policy_model_type, version)
+create table if not exists policy_models (
+ policy_model_type varchar(255) not null,
+ version varchar(255) not null,
+ created_by varchar(255),
+ created_timestamp datetime(6) not null,
+ updated_by varchar(255),
+ updated_timestamp datetime(6) not null,
+ policy_acronym varchar(255),
+ policy_tosca MEDIUMTEXT,
+ policy_pdp_group json,
+ primary key (policy_model_type, version)
) engine=InnoDB;
- create table services (
- service_uuid varchar(255) not null,
- name varchar(255) not null,
- resource_details json,
- service_details json,
- version varchar(255),
- primary key (service_uuid)
+create table if not exists services (
+ service_uuid varchar(255) not null,
+ name varchar(255) not null,
+ resource_details json,
+ service_details json,
+ version varchar(255),
+ primary key (service_uuid)
) engine=InnoDB;
- alter table dictionary_to_dictionaryelements
- add constraint FK68hjjinnm8nte2owstd0xwp23
- foreign key (dictionary_element_short_name)
- references dictionary_elements (short_name);
-
- alter table dictionary_to_dictionaryelements
- add constraint FKtqfxg46gsxwlm2gkl6ne3cxfe
- foreign key (dictionary_name)
- references dictionary (name);
-
- alter table loop_logs
- add constraint FK1j0cda46aickcaoxqoo34khg2
- foreign key (loop_id)
- references loops (name);
-
- alter table loop_templates
- add constraint FKn692dk6281wvp1o95074uacn6
- foreign key (service_uuid)
- references services (service_uuid);
-
- alter table loopelementmodels_to_policymodels
- add constraint FK23j2q74v6kaexefy0tdabsnda
- foreign key (policy_model_type, policy_model_version)
- references policy_models (policy_model_type, version);
-
- alter table loopelementmodels_to_policymodels
- add constraint FKjag1iu0olojfwryfkvb5o0rk5
- foreign key (loop_element_name)
- references loop_element_models (name);
-
- alter table loops
- add constraint FK844uwy82wt0l66jljkjqembpj
- foreign key (loop_template_name)
- references loop_templates (name);
-
- alter table loops
- add constraint FK4b9wnqopxogwek014i1shqw7w
- foreign key (service_uuid)
- references services (service_uuid);
-
- alter table loops_to_microservicepolicies
- add constraint FKle255jmi7b065fwbvmwbiehtb
- foreign key (microservicepolicy_name)
- references micro_service_policies (name);
-
- alter table loops_to_microservicepolicies
- add constraint FK8avfqaf7xl71l7sn7a5eri68d
- foreign key (loop_name)
- references loops (name);
-
- alter table looptemplates_to_loopelementmodels
- add constraint FK1k7nbrbugvqa0xfxkq3cj1yn9
- foreign key (loop_element_model_name)
- references loop_element_models (name);
-
- alter table looptemplates_to_loopelementmodels
- add constraint FKj29yxyw0x7ue6mwgi6d3qg748
- foreign key (loop_template_name)
- references loop_templates (name);
-
- alter table micro_service_policies
- add constraint FKqvvdypacbww07fuv8xvlvdjgl
- foreign key (loop_element_model_id)
- references loop_element_models (name);
-
- alter table micro_service_policies
- add constraint FKn17j9ufmyhqicb6cvr1dbjvkt
- foreign key (policy_model_type, policy_model_version)
- references policy_models (policy_model_type, version);
-
- alter table operational_policies
- add constraint FKi9kh7my40737xeuaye9xwbnko
- foreign key (loop_element_model_id)
- references loop_element_models (name);
-
- alter table operational_policies
- add constraint FKlsyhfkoqvkwj78ofepxhoctip
- foreign key (policy_model_type, policy_model_version)
- references policy_models (policy_model_type, version);
-
- alter table operational_policies
- add constraint FK1ddoggk9ni2bnqighv6ecmuwu
- foreign key (loop_id)
- references loops (name);
+alter table dictionary_to_dictionaryelements
+ add constraint FK68hjjinnm8nte2owstd0xwp23
+ foreign key (dictionary_element_short_name)
+ references dictionary_elements (short_name);
+
+alter table dictionary_to_dictionaryelements
+ add constraint FKtqfxg46gsxwlm2gkl6ne3cxfe
+ foreign key (dictionary_name)
+ references dictionary (name);
+
+alter table loop_logs
+ add constraint FK1j0cda46aickcaoxqoo34khg2
+ foreign key (loop_id)
+ references loops (name);
+
+alter table loop_templates
+ add constraint FKn692dk6281wvp1o95074uacn6
+ foreign key (service_uuid)
+ references services (service_uuid);
+
+alter table loopelementmodels_to_policymodels
+ add constraint FK23j2q74v6kaexefy0tdabsnda
+ foreign key (policy_model_type, policy_model_version)
+ references policy_models (policy_model_type, version);
+
+alter table loopelementmodels_to_policymodels
+ add constraint FKjag1iu0olojfwryfkvb5o0rk5
+ foreign key (loop_element_name)
+ references loop_element_models (name);
+
+alter table loops
+ add constraint FK844uwy82wt0l66jljkjqembpj
+ foreign key (loop_template_name)
+ references loop_templates (name);
+
+alter table loops
+ add constraint FK4b9wnqopxogwek014i1shqw7w
+ foreign key (service_uuid)
+ references services (service_uuid);
+
+alter table loops_to_microservicepolicies
+ add constraint FKle255jmi7b065fwbvmwbiehtb
+ foreign key (microservicepolicy_name)
+ references micro_service_policies (name);
+
+alter table loops_to_microservicepolicies
+ add constraint FK8avfqaf7xl71l7sn7a5eri68d
+ foreign key (loop_name)
+ references loops (name);
+
+alter table looptemplates_to_loopelementmodels
+ add constraint FK1k7nbrbugvqa0xfxkq3cj1yn9
+ foreign key (loop_element_model_name)
+ references loop_element_models (name);
+
+alter table looptemplates_to_loopelementmodels
+ add constraint FKj29yxyw0x7ue6mwgi6d3qg748
+ foreign key (loop_template_name)
+ references loop_templates (name);
+
+alter table micro_service_policies
+ add constraint FKqvvdypacbww07fuv8xvlvdjgl
+ foreign key (loop_element_model_id)
+ references loop_element_models (name);
+
+alter table micro_service_policies
+ add constraint FKn17j9ufmyhqicb6cvr1dbjvkt
+ foreign key (policy_model_type, policy_model_version)
+ references policy_models (policy_model_type, version);
+
+alter table operational_policies
+ add constraint FKi9kh7my40737xeuaye9xwbnko
+ foreign key (loop_element_model_id)
+ references loop_element_models (name);
+
+alter table operational_policies
+ add constraint FKlsyhfkoqvkwj78ofepxhoctip
+ foreign key (policy_model_type, policy_model_version)
+ references policy_models (policy_model_type, version);
+
+alter table operational_policies
+ add constraint FK1ddoggk9ni2bnqighv6ecmuwu
+ foreign key (loop_id)
+ references loops (name);
export SDC_CLIENT_PASSWORD_ENC=`java -jar {{ .Values.certInitializer.credsPath }}/aaf-cadi-aaf-2.1.20-full.jar cadi digest ${SDC_CLIENT_PASSWORD} {{ .Values.certInitializer.credsPath }}/org.onap.clamp.keyfile`;
envsubst < "/opt/policy/clamp/sdc-controllers-config.json" > "/opt/policy/clamp/sdc-controllers-config-pass.json"
{{- end }}
- java -Djava.security.egd=file:/dev/./urandom ${JAVA_RAM_CONFIGURATION} -jar ./policy-clamp-backend.jar
+ java -Djava.security.egd=file:/dev/./urandom ${JAVA_RAM_CONFIGURATION} -jar ./policy-clamp-backend.jar --spring.config.location=optional:classpath:/,optional:classpath:/config/,optional:file:./,optional:file:./config/
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
name: {{ include "common.fullname" . }}-config
subPath: application.properties
env:
+ - name: RUNTIME_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-be-secret" "key" "login") | indent 12 }}
+ - name: RUNTIME_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-be-secret" "key" "password") | indent 12 }}
- name: MYSQL_USER
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 12 }}
- name: MYSQL_PASSWORD
externalSecret: '{{ tpl (default "" .Values.sdc.sdcClientExternalSecret) . }}'
password: '{{ .Values.sdc.clientPassword }}'
passwordPolicy: required
+ - uid: runtime-be-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.appUserExternalSecret) . }}'
+ login: '{{ .Values.config.policyAppUserName }}'
+ password: '{{ .Values.config.policyAppUserPassword }}'
+ passwordPolicy: required
flavor: small
# application image
-image: onap/policy-clamp-backend:6.1.1
+image: onap/policy-clamp-backend:6.1.3
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
#####dummy values for db user and password to pass lint!!!#######
-
sdc:
clientPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
internalPort: 3306
config:
+ policyAppUserName: runtimeUser
+ policyAppUserPassword: none
log:
logstashServiceName: log-ls
logstashPort: 5044
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+apiVersion: v1
+description: ONAP Policy Clamp Controlloop Http Participant
+name: policy-clamp-cl-http-ppnt
+version: 9.0.0
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: common
+ version: ~9.x-0
+ repository: '@local'
+ - name: certInitializer
+ version: ~9.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~9.x-0
+ repository: '@local'
+ - name: serviceAccount
+ version: ~9.x-0
+ repository: '@local'
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+participant:
+ intermediaryParameters:
+ reportingTimeIntervalMs: 120000
+ description: Participant Description
+ participantId:
+ name: HttpParticipant0
+ version: 1.0.0
+ participantType:
+ name: org.onap.k8s.controlloop.HttpControlLoopParticipant
+ version: 2.3.4
+ clampControlLoopTopics:
+ topicSources:
+ - topic: POLICY-CLRUNTIME-PARTICIPANT
+ servers:
+ - ${topicServer:message-router}
+ topicCommInfrastructure: dmaap
+ fetchTimeout: 15000
+ useHttps: true
+ topicSinks:
+ - topic: POLICY-CLRUNTIME-PARTICIPANT
+ servers:
+ - ${topicServer:message-router}
+ topicCommInfrastructure: dmaap
+ useHttps: true
--- /dev/null
+<!--
+ ============LICENSE_START=======================================================
+ Copyright (C) 2021 Nordix Foundation. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ SPDX-License-Identifier: Apache-2.0
+ ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+ <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/http-participant/error.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/http-participant/error.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="ErrorOut" />
+ </appender>
+
+ <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/http-participant/debug.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/http-participant/debug.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="DebugOut" />
+ </appender>
+
+ <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/http-participant/network.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/http-participant/network.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="NetworkOut" />
+ </appender>
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <Pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</Pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="STDOUT" />
+ </appender>
+
+ <logger name="network" level="INFO" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <root level="INFO">
+ <appender-ref ref="AsyncDebugOut" />
+ <appender-ref ref="AsyncErrorOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </root>
+
+</configuration>
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/*.{xml,yaml}").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ volumeMounts:
+ - mountPath: /config-input
+ name: cl-http-ppnt-config
+ - mountPath: /config
+ name: cl-http-ppnt-config-processed
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+{{- if .Values.global.aafEnabled }}
+ command: ["sh","-c"]
+ args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
+ /opt/app/policy/clamp/bin/http-participant.sh /opt/app/policy/clamp/etc/mounted/HttpParticipantParameters.yaml"]
+{{- else }}
+ command: ["/opt/app/policy/clamp/bin/http-participant.sh"]
+ args: ["/opt/app/policy/clamp/etc/mounted/HttpParticipantParameters.yaml"]
+ env:
+ - name: KEYSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
+ - name: TRUSTSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
+{{- end }}
+ volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 10 }}
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /opt/app/policy/clamp/etc/mounted
+ name: cl-http-ppnt-config-processed
+ resources:
+{{ include "common.resources" . }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
+ volumes:
+{{ include "common.certInitializer.volumes" . | indent 8 }}
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: cl-http-ppnt-config
+ configMap:
+ name: {{ include "common.fullname" . }}-configmap
+ defaultMode: 0755
+ - name: cl-http-ppnt-config-processed
+ emptyDir:
+ medium: Memory
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+#Copyright (C) 2021 Nordix Foundation. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ persistence: {}
+ aafEnabled: true
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: keystore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.keyStorePassword }}'
+ passwordPolicy: required
+ - uid: truststore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.trustStorePassword }}'
+ passwordPolicy: required
+
+certStores:
+ keyStorePassword: Pol1cy_0nap
+ trustStorePassword: Pol1cy_0nap
+
+certInitializer:
+ nameOverride: policy-clamp-cl-http-ppnt-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: policy
+ fqi: policy@policy.onap.org
+ public_fqdn: policy.onap.org
+ cadi_latitude: "0.0"
+ cadi_longitude: "0.0"
+ credsPath: /opt/app/osaaf/local
+ app_ns: org.osaaf.aaf
+ uid: 100
+ gid: 101
+ aaf_add_config: >
+ echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
+ echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
+ chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
+
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: onap/policy-clamp-cl-http-ppnt:6.1.3
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+ingress:
+ enabled: false
+
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 100m
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 8Gi
+ requests:
+ cpu: 200m
+ memory: 2Gi
+ unlimited: {}
+#Pods Service Account
+serviceAccount:
+ nameOverride: policy-clamp-cl-http-ppnt
+ roles:
+ - read
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-cl-k8s-ppnt:6.1.2
+image: onap/policy-clamp-cl-k8s-ppnt:6.1.3
pullPolicy: Always
# flag to enable debugging - application support required
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+apiVersion: v1
+description: ONAP Policy Clamp Controlloop Policy Participant
+name: policy-clamp-cl-pf-ppnt
+version: 9.0.0
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: common
+ version: ~9.x-0
+ repository: '@local'
+ - name: certInitializer
+ version: ~9.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~9.x-0
+ repository: '@local'
+ - name: serviceAccount
+ version: ~9.x-0
+ repository: '@local'
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+participant:
+ pdpGroup: defaultGroup
+ pdpType: apex
+ policyApiParameters:
+ clientName: api
+ hostname: policy-api
+ port: 6969
+ userName: ${API_USER}
+ password: ${API_PASSWORD}
+ https: true
+ allowSelfSignedCerts: true
+ policyPapParameters:
+ clientName: pap
+ hostname: policy-pap
+ port: 6969
+ userName: ${PAP_USER}
+ password: ${PAP_PASSWORD}
+ https: true
+ allowSelfSignedCerts: true
+ intermediaryParameters:
+ reportingTimeIntervalMs: 120000
+ description: Participant Description
+ participantId:
+ name: org.onap.PM_Policy
+ version: 1.0.0
+ participantType:
+ name: org.onap.policy.controlloop.PolicyControlLoopParticipant
+ version: 2.3.1
+ clampControlLoopTopics:
+ topicSources:
+ -
+ topic: POLICY-CLRUNTIME-PARTICIPANT
+ servers:
+ - ${topicServer:message-router}
+ topicCommInfrastructure: dmaap
+ fetchTimeout: 15000
+ useHttps: true
+ topicSinks:
+ -
+ topic: POLICY-CLRUNTIME-PARTICIPANT
+ servers:
+ - ${topicServer:message-router}
+ topicCommInfrastructure: dmaap
+ useHttps: true
--- /dev/null
+<!--
+ ============LICENSE_START=======================================================
+ Copyright (C) 2021 Nordix Foundation. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ SPDX-License-Identifier: Apache-2.0
+ ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+ <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pf-participant/error.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/pf-participant/error.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="ErrorOut" />
+ </appender>
+
+ <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pf-participant/debug.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/pf-participant/debug.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="DebugOut" />
+ </appender>
+
+ <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pf-participant/network.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/pf-participant/network.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="NetworkOut" />
+ </appender>
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <Pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</Pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="STDOUT" />
+ </appender>
+
+ <logger name="network" level="INFO" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <root level="INFO">
+ <appender-ref ref="AsyncDebugOut" />
+ <appender-ref ref="AsyncErrorOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </root>
+
+</configuration>
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/*.{xml,yaml}").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: API_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-secret" "key" "login") | indent 10 }}
+ - name: API_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-secret" "key" "password") | indent 10 }}
+ - name: PAP_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-secret" "key" "login") | indent 10 }}
+ - name: PAP_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-secret" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: cl-pf-ppnt-config
+ - mountPath: /config
+ name: cl-pf-ppnt-config-processed
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+{{- if .Values.global.aafEnabled }}
+ command: ["sh","-c"]
+ args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
+ /opt/app/policy/clamp/bin/policy-participant.sh /opt/app/policy/clamp/etc/mounted/PolicyParticipantParameters.yaml"]
+{{- else }}
+ command: ["/opt/app/policy/clamp/bin/policy-participant.sh"]
+ args: ["/opt/app/policy/clamp/etc/mounted/PolicyParticipantParameters.yaml"]
+ env:
+ - name: KEYSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
+ - name: TRUSTSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
+{{- end }}
+ volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 10 }}
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /opt/app/policy/clamp/etc/mounted
+ name: cl-pf-ppnt-config-processed
+ resources:
+{{ include "common.resources" . }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
+ volumes:
+{{ include "common.certInitializer.volumes" . | indent 8 }}
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: cl-pf-ppnt-config
+ configMap:
+ name: {{ include "common.fullname" . }}-configmap
+ defaultMode: 0755
+ - name: cl-pf-ppnt-config-processed
+ emptyDir:
+ medium: Memory
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ persistence: {}
+ aafEnabled: true
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: api-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.restServer.apiUserExternalSecret) . }}'
+ login: '{{ .Values.restServer.api.user }}'
+ password: '{{ .Values.restServer.api.password }}'
+ passwordPolicy: required
+ - uid: pap-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.restServer.papUserExternalSecret) . }}'
+ login: '{{ .Values.restServer.pap.user }}'
+ password: '{{ .Values.restServer.pap.password }}'
+ passwordPolicy: required
+ - uid: keystore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.keyStorePassword }}'
+ passwordPolicy: required
+ - uid: truststore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.trustStorePassword }}'
+ passwordPolicy: required
+
+certStores:
+ keyStorePassword: Pol1cy_0nap
+ trustStorePassword: Pol1cy_0nap
+
+certInitializer:
+ nameOverride: policy-clamp-cl-pf-ppnt-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: policy
+ fqi: policy@policy.onap.org
+ public_fqdn: policy.onap.org
+ cadi_latitude: "0.0"
+ cadi_longitude: "0.0"
+ credsPath: /opt/app/osaaf/local
+ app_ns: org.osaaf.aaf
+ uid: 100
+ gid: 101
+ aaf_add_config: >
+ echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
+ echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
+ chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
+
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: onap/policy-clamp-cl-pf-ppnt:6.1.3
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# default number of instances
+replicaCount: 1
+
+# application configuration
+restServer:
+ api:
+ user: healthcheck
+ password: none
+ pap:
+ user: healthcheck
+ password: none
+
+nodeSelector: {}
+
+affinity: {}
+ingress:
+ enabled: false
+
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 100m
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 8Gi
+ requests:
+ cpu: 200m
+ memory: 2Gi
+ unlimited: {}
+#Pods Service Account
+serviceAccount:
+ nameOverride: policy-clamp-cl-pf-ppnt
+ roles:
+ - read
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-cl-runtime:6.1.2
+image: onap/policy-clamp-cl-runtime:6.1.3
pullPolicy: Always
# flag to enable debugging - application support required
flavor: small
# application image
-image: onap/policy-clamp-frontend:6.1.2
+image: onap/policy-clamp-frontend:6.1.3
pullPolicy: Always
# flag to enable debugging - application support required
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-distribution:2.6.0
+image: onap/policy-distribution:2.6.1
pullPolicy: Always
# flag to enable debugging - application support required
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-pdpd-cl:1.9.0
+image: onap/policy-pdpd-cl:1.9.1
pullPolicy: Always
# flag to enable debugging - application support required
flavor: small
# application image
-image: onap/policy-gui:2.1.0
+image: onap/policy-gui:2.1.1
pullPolicy: Always
# flag to enable debugging - application support required
passwordPolicy: required
- uid: restserver-secret
type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}'
+ externalSecret: '{{ tpl (default "" .Values.restServer.papUserExternalSecret) . }}'
login: '{{ .Values.restServer.user }}'
password: '{{ .Values.restServer.password }}'
passwordPolicy: required
- uid: api-secret
type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.healthCheckRestClient.api.credsExternalSecret) . }}'
+ externalSecret: '{{ tpl (default "" .Values.restServer.apiUserExternalSecret) . }}'
login: '{{ .Values.healthCheckRestClient.api.user }}'
password: '{{ .Values.healthCheckRestClient.api.password }}'
passwordPolicy: required
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-pap:2.5.0
+image: onap/policy-pap:2.5.1
pullPolicy: Always
# flag to enable debugging - application support required
restServer:
user: healthcheck
- password: zb!XztG34
+ password: none
healthCheckRestClient:
api:
user: healthcheck
- password: zb!XztG34
+ password: none
distribution:
user: healthcheck
password: zb!XztG34
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-xacml-pdp:2.5.0
+image: onap/policy-xacml-pdp:2.5.1
pullPolicy: Always
# flag to enable debugging - application support required
version: ~9.x-0
repository: 'file://components/policy-gui'
condition: policy-gui.enabled
+ - name: policy-clamp-cl-pf-ppnt
+ version: ~9.x-0
+ repository: 'file://components/policy-clamp-cl-pf-ppnt'
+ condition: policy-clamp-cl-pf-ppnt.enabled
+ - name: policy-clamp-cl-http-ppnt
+ version: ~9.x-0
+ repository: 'file://components/policy-clamp-cl-http-ppnt'
+ condition: policy-clamp-cl-http-ppnt.enabled
- name: repositoryGenerator
version: ~9.x-0
repository: '@local'
login: '{{ .Values.config.policyAppUserName }}'
password: '{{ .Values.config.policyAppUserPassword }}'
passwordPolicy: generate
+ - uid: policy-pap-user-creds
+ name: &policyPapCredsSecret '{{ include "common.release" . }}-policy-pap-user-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.restServer.policyPapUserExternalSecret) . }}'
+ login: '{{ .Values.restServer.policyPapUserName }}'
+ password: '{{ .Values.restServer.policyPapUserPassword }}'
+ passwordPolicy: required
+ - uid: policy-api-user-creds
+ name: &policyApiCredsSecret '{{ include "common.release" . }}-policy-api-user-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.restServer.policyApiUserExternalSecret) . }}'
+ login: '{{ .Values.restServer.policyApiUserName }}'
+ password: '{{ .Values.restServer.policyApiUserPassword }}'
+ passwordPolicy: required
db: &dbSecretsHook
credsExternalSecret: *dbSecretName
policy-api:
enabled: true
db: *dbSecretsHook
+ restServer:
+ apiUserExternalSecret: *policyApiCredsSecret
policy-pap:
enabled: true
db: *dbSecretsHook
+ restServer:
+ papUserExternalSecret: *policyPapCredsSecret
+ apiUserExternalSecret: *policyApiCredsSecret
policy-xacml-pdp:
enabled: true
db: *dbSecretsHook
enabled: true
policy-clamp-cl-k8s-ppnt:
enabled: true
+policy-clamp-cl-pf-ppnt:
+ enabled: true
+ restServer:
+ apiUserExternalSecret: *policyApiCredsSecret
+ papUserExternalSecret: *policyPapCredsSecret
+policy-clamp-cl-http-ppnt:
+ enabled: true
policy-nexus:
enabled: false
policy-clamp-cl-runtime:
image: mariadb:10.5.8
dbmigrator:
- image: onap/policy-db-migrator:2.3.0
+ image: onap/policy-db-migrator:2.3.1
schema: policyadmin
policy_home: "/opt/app/policy"
serviceAccount:
nameOverride: *policy-mariadb
+restServer:
+ policyPapUserName: healthcheck
+ policyPapUserPassword: zb!XztG34
+ policyApiUserName: healthcheck
+ policyApiUserPassword: zb!XztG34
+
# Resource Limit flavor -By Default using small
# Segregation for Different environment (small, large, or unlimited)
flavor: small
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdc-backend-all-plugins:1.9.3
-backendInitImage: onap/sdc-backend-init:1.9.3
+image: onap/sdc-backend-all-plugins:1.9.4
+backendInitImage: onap/sdc-backend-init:1.9.4
pullPolicy: Always
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-cassandra:1.9.3
-cassandraInitImage: onap/sdc-cassandra-init:1.9.3
+image: onap/sdc-cassandra:1.9.4
+cassandraInitImage: onap/sdc-cassandra-init:1.9.4
pullPolicy: Always
config:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdc-frontend:1.9.3
+image: onap/sdc-frontend:1.9.4
pullPolicy: Always
config:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdc-onboard-backend:1.9.3
-onboardingInitImage: onap/sdc-onboard-cassandra-init:1.9.3
+image: onap/sdc-onboard-backend:1.9.4
+onboardingInitImage: onap/sdc-onboard-cassandra-init:1.9.4
pullPolicy: Always
# flag to enable debugging - application support required
"socket_read_timeout": "20000",
"socket_connect_timeout": "20000",
"janusgraph_connection_timeout": "10000",
- "replication_factor": "{{.Values.global.cassandra.replicaCount}}"
+ "replication_factor": "{{.Values.global.cassandra.replicaCount}}",
+ "db_cache": "{{.Values.global.cassandra.dbCache}}",
+ "read_consistency_level": "{{.Values.global.cassandra.readConsistencyLevel}}",
+ "write_consistency_level":"{{.Values.global.cassandra.writeConsistencyLevel}}"
},
"DMAAP": {
"consumer": {
#Shared cassandra cluster replicaCount, should be changed if localCluster is enabled
#to match with its own cluster replica
replicaCount: 3
+ dbCache: true
+ readConsistencyLevel: ONE
+ writeConsistencyLevel: ALL
clusterName: cassandra
dataCenter: Pod
security:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdnc-dmaap-listener-image:2.2.0
+image: onap/sdnc-dmaap-listener-image:2.2.1
pullPolicy: Always
# flag to enable debugging - application support required
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdnc-ansible-server-image:2.2.0
+image: onap/sdnc-ansible-server-image:2.2.1
pullPolicy: Always
# flag to enable debugging - application support required
# Application configuration defaults.
#################################################################
# application image
-image: "onap/sdnc-web-image:2.2.0"
+image: "onap/sdnc-web-image:2.2.1"
pullPolicy: Always
config:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdnc-ueb-listener-image:2.2.0
+image: onap/sdnc-ueb-listener-image:2.2.1
pullPolicy: Always
# flag to enable debugging - application support required
# application images
pullPolicy: Always
-image: onap/sdnc-image:2.2.0
+image: onap/sdnc-image:2.2.1
# flag to enable debugging - application support required
debugEnabled: false
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/so-cnf-adapter:1.9.1
+image: onap/so/so-cnf-adapter:1.9.2
pullPolicy: Always
readinessCheck:
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/so-nssmf-adapter:1.8.3
+image: onap/so/so-nssmf-adapter:1.9.1
pullPolicy: Always
db:
onap:
so:
adapters:
+ {{- if eq .Values.config.openStackKeystoneVersion "KEYSTONE_V3" }}
+ default_keystone_url_version: /v3
+ {{- else }}
default_keystone_url_version: /v2.0
+ {{- end }}
default_keystone_reg_ex: "/[vV][0-9]"
vnf:
bpelauth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.bpelauth )}}
retrylist: 408,429,500,502,503,504,900
encryptionKey: 07a7159d3bf51a0e53be7a8f89699be7
tenant:
+ {{- if eq .Values.config.openStackKeystoneVersion "KEYSTONE_V3" }}
+ default_keystone_url_version: /v3
+ {{- else }}
default_keystone_url_version: /v2.0
+ {{- end }}
default_keystone_reg_ex: "/[vV][0-9]"
default_tenant_description: Tenant
default_region_type: single
openStackServiceTenantName: "service"
openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e"
openStackTenantId: "d570c718cbc545029f40e50b75eb13df"
+ # "KEYSTONE" for keystone v2, "KEYSTONE_V3" for keystone v3
+ openStackKeystoneVersion: "KEYSTONE"
nodeSelector: {}
tolerations: []
affinity: {}
[
{
"dcp_clli": "DEFAULT_KEYSTONE",
+ {{- if eq .Values.config.openStackKeystoneVersion "KEYSTONE_V3" }}
+ "identity_url": "{{ .Values.config.openStackKeyStoneUrl }}/v3",
+ {{- else }}
"identity_url": "{{ .Values.config.openStackKeyStoneUrl }}/v2.0",
+ {{- end }}
"mso_id": "{{ .Values.config.openStackUserName }}",
"mso_pass": "{{ .Values.config.openStackEncryptedPasswordHere }}",
"admin_tenant":"{{ .Values.config.openStackServiceTenantName }}",
"member_role": "admin",
"tenant_metadata": "true",
- "identity_server_type": "KEYSTONE",
+ "identity_server_type": "{{ .Values.config.openStackKeystoneVersion }}",
"identity_authentication_type": "USERNAME_PASSWORD"
}
],
config:
logstashServiceName: log-ls
logstashPort: 5044
+ # "KEYSTONE" for keystone v2, "KEYSTONE_V3" for keystone v3
+ openStackKeystoneVersion: "KEYSTONE"
#Used only if localCluster is enabled. Instantiates SO's own cassandra cluster
#helm deploy demo local/onap --namespace onap --verbose --set so.enabled=true \
Code Review / oom.git / commitdiff