certInitializer:
nameOverride: cert-initializer
createCertsCM: true
+ serviceAccount:
+ nameOverride: cert-initializer
\ No newline at end of file
- name: repositoryGenerator
version: ~13.x-0
repository: 'file://../repositoryGenerator'
+ - name: serviceAccount
+ version: ~13.x-0
+ repository: '@local'
volumeMounts: {{ include "common.certInitializer.volumeMount" (dict "dot" . "initRoot" .Values) | nindent 8 }}
- name: ingress-scripts
mountPath: /ingress
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" (dict "dot" . "initRoot" .Values) | nindent 6 }}
- name: localtime
hostPath:
# We had to move this CM to a separate chart to reduce the total size of our charts
# as it exceeds the default helm limits.
certsCMName: '{{ include "common.release" . }}-cert-wrapper-certs'
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: certinitializer
+ roles:
+ - read
\ No newline at end of file
apiVersion: v2
description: Common templates for inclusion in other charts
name: common
-version: 13.0.0
+version: 13.0.1
{{/*
################################################################################
# Copyright (C) 2021 Nordix Foundation. #
-# Copyright (c) 2022 J. F. Lucas. All rights reserved. #
+# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved. #
# #
# Licensed under the Apache License, Version 2.0 (the "License"); #
# you may not use this file except in compliance with the License. #
{{/*
This template generates a Kubernetes init containers common template to enable applications to provision
- DMaaP feeds (on Data Router), with associated authorization.
- DMaap Bus Controller endpoints are used to provision:
-
- - Feed on DR, with associated user authentication.
+ DMaaP feeds (on Data Router) for DCAE microservices, with associated authorization.
+ DMaap Data Router (DR) endpoints are used to provision:
+ - Feeds on DR, with associated user authentication.
+ - Subscribers to feeds on DR, to provide DR with username, password, and URL needed to deliver
+ files to subscribers.
common.dmaap.provisioning.initContainer:
- This template make use of Dmaap Bus Controller docker image to create resources on Dmaap Data Router
- microservice, with the help of dbc-client.sh script it makes use of Bus Controller API to create Feeds.
- If the resource creation is successful via script response is logged back at particular location with
- appropriate naming convention.
-
- More details can be found at :
- (https://wiki.onap.org/pages/viewpage.action?pageId=103417564)
+ This template creates an initContainer with some associated volumes. The initContainer
+ (oom/kubernetes/dmaap-datarouter/drprov-client) runs a script (drprov-client.sh) that uses the
+ DR provisioning API to create the feeds and subscribers needed by a microservice. The script
+ updates the microservice's configuration to supply information needed to access the feeds. The
+ configuration information comes from two volumes that are created by the dcaegen2-services-common
+ templates.
+ - app-config-input: comes from a configMap generated from the microservice's values.yaml file.
+ It may contain references to environment variables as placeholders for feed information that
+ will become available after feeds are provisioned.
+ - app-config: this template will copy the configuration file from the app-config-input volume,
+ replaced the environment variable references with the actual values for feed information, based
+ on data returned by the DR provisioning API.
The template directly references data in .Values, and indirectly (through its
use of templates from the ONAP "common" collection) references data in .Release.
- Parameter for _dmaapProvisioning to be defined in values.yaml
+ Parameters for _dmaapProvisioning to be defined in values.yaml:
+
# DataRouter Feed Configuration
+ # (Note that DR configures publishers as part of the feed.)
drFeedConfig:
- feedName: bulk_pm_feed
- owner: dcaecm
feedVersion: 0.0
- asprClassification: unclassified
+ classification: unclassified
feedDescription: DFC Feed Creation
-
- # DataRouter Publisher Configuration
- drPubConfig:
- - feedName: bulk_pm_feed
- dcaeLocationName: loc00
+ publisher:
+ username: xyz
+ password: xyz
# DataRouter Subscriber Configuration
drSubConfig:
- feedName: bulk_pm_feed
+ feedVersion: 0.0
decompress: True
- dcaeLocationName: loc00
privilegedSubscriber: True
deliveryURL: https://dcae-pm-mapper:8443/delivery
- # ConfigMap Configuration for DR Feed, Dr_Publisher, Dr_Subscriber
+ # ConfigMap Configuration for DR Feed, Dr_Subscriber
volumes:
- name: feeds-config
path: /opt/app/config/feeds
- - name: drpub-config
- path: /opt/app/config/dr_pubs
- name: drsub-config
path: /opt/app/config/dr_subs
{{- define "common.dmaap.provisioning._volumeMounts" -}}
{{- $dot := default . .dot -}}
-- mountPath: /opt/app/config/cache
- name: dbc-response-cache
+- mountPath: /config-input
+ name: app-config-input
+- mountPath: /config
+ name: app-config
{{- range $name, $volume := $dot.Values.volumes }}
- name: {{ $volume.name }}
mountPath: {{ $volume.path }}
{{- define "common.dmaap.provisioning._volumes" -}}
{{- $dot := default . .dot -}}
-- name: dbc-response-cache
- emptyDir: {}
{{- range $name, $volume := $dot.Values.volumes }}
- name: {{ $volume.name }}
configMap:
{{- define "common.dmaap.provisioning.initContainer" -}}
{{- $dot := default . .dot -}}
-{{- $drFeedConfig := default $dot.Values.drFeedConfig .drFeedConfig -}}
-{{- if $drFeedConfig -}}
+{{- $drNeedProvisioning := or $dot.Values.drFeedConfig $dot.Values.drSubConfig -}}
+{{- if $drNeedProvisioning -}}
- name: {{ include "common.name" $dot }}-init-dmaap-provisioning
- image: {{ include "repositoryGenerator.image.dbcClient" $dot }}
+ image: {{ include "repositoryGenerator.image.drProvClient" $dot }}
imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
env:
- - name: PROTO
- value: "http"
- - name: PORT
- value: "8080"
- - name: RESP_CACHE
- value: /opt/app/config/cache
- - name: REQUESTID
- value: "{{ include "common.name" $dot }}-dmaap-provisioning"
+ - name: ONBEHALFHDR
+ value: "X-DMAAP-DR-ON-BEHALF-OF: drprovcl"
{{- range $cred := $dot.Values.credentials }}
- name: {{ $cred.name }}
{{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" $cred.uid "key" $cred.key) | nindent 4 }}
volumeMounts:
{{- include "common.dmaap.provisioning._volumeMounts" $dot | trim | nindent 2 }}
resources: {{ include "common.resources" $dot | nindent 4 }}
-- name: {{ include "common.name" $dot }}-init-merge-config
- image: {{ include "repositoryGenerator.image.envsubst" $dot }}
- imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
- command:
- - /bin/sh
- args:
- - -c
- - |
- set -uex -o pipefail
- if [ -d /opt/app/config/cache ]; then
- cd /opt/app/config/cache
- for file in $(ls feed*); do
- NUM=$(echo "$file" | sed 's/feedConfig-\([0-9]\+\)-resp.json/\1/')
- export DR_LOG_URL_"$NUM"="$(grep -o '"logURL":"[^"]*' "$file" | grep -w "feedlog" | cut -d '"' -f4)"
- export DR_FILES_PUBLISHER_URL_"$NUM"="$(grep -o '"publishURL":"[^"]*' "$file" | cut -d '"' -f4)"
- done
- for file in $(ls drpub*); do
- NUM=$(echo "$file" | sed 's/drpubConfig-\([0-9]\+\)-resp.json/\1/')
- export DR_FILES_PUBLISHER_ID_"$NUM"="$(grep -o '"pubId":"[^"]*' "$file" | cut -d '"' -f4)"
- done
- for file in $(ls drsub*); do
- NUM=$(echo "$file" | sed 's/drsubConfig-\([0-9]\+\)-resp.json/\1/')
- export DR_FILES_SUBSCRIBER_ID_"$NUM"="$(grep -o '"subId":"[^"]*' "$file" | cut -d '"' -f4)"
- done
- for file in $(ls topics*); do
- NUM=$(echo "$file" | sed 's/topicsConfig-\([0-9]\+\)-resp.json/\1/')
- export MR_FILES_PUBLISHER_CLIENT_ID_"$NUM"="$(grep -o '"mrClientId":"[^"]*' "$file" | cut -d '"' -f4)"
- done
- else
- echo "No Response logged for Dmaap BusController Http POST Request..!"
- fi
- cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done
- env:
- {{- range $cred := $dot.Values.credentials }}
- - name: {{ $cred.name }}
- {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" $cred.uid "key" $cred.key) | nindent 4 }}
- {{- end }}
- volumeMounts:
- - mountPath: /opt/app/config/cache
- name: dbc-response-cache
- - mountPath: /config-input
- name: app-config-input
- - mountPath: /config
- name: app-config
- resources:
- limits:
- cpu: 200m
- memory: 250Mi
- requests:
- cpu: 100m
- memory: 200Mi
{{- end -}}
{{- end -}}
\ No newline at end of file
{{- end -}}
{{- end -}}
+{{/*
+ Helper function to check, if Ingress is enabled
+*/}}
+{{- define "common.ingress._enabled" -}}
+{{- $dot := default . .dot -}}
+{{- if $dot.Values.ingress -}}
+{{- if $dot.Values.global.ingress -}}
+{{- if (default false $dot.Values.global.ingress.enabled) -}}
+{{- if (default false $dot.Values.global.ingress.enable_all) -}}
+true
+{{- else -}}
+{{- if $dot.Values.ingress.enabled -}}
+true
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+ Helper function to check, if TLS redirect is enabled
+*/}}
+{{- define "common.ingress._tlsRedirect" -}}
+{{- $dot := default . .dot -}}
+{{- if $dot.Values.global.ingress.config }}
+{{- if $dot.Values.global.ingress.config.ssl }}
+{{- if eq $dot.Values.global.ingress.config.ssl "redirect" }}
+true
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+ Helper function to get the Ingress Provider (default is "ingress")
+*/}}
+{{- define "common.ingress._provider" -}}
+{{- $dot := default . .dot -}}
+{{- $provider := "ingress" -}}
+{{- if $dot.Values.global.ingress -}}
+{{- if $dot.Values.global.ingress.provider -}}
+{{- if ne $dot.Values.global.ingress.provider "" -}}
+{{ $provider = $dot.Values.global.ingress.provider }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- $provider -}}
+{{- end -}}
+
+{{/*
+ Helper function to get the Ingress Class (default is "nginx")
+*/}}
+{{- define "common.ingress._class" -}}
+{{- $dot := default . .dot -}}
+{{- $class := "nginx" -}}
+{{- if $dot.Values.global.ingress -}}
+{{- if $dot.Values.global.ingress.ingressClass -}}
+{{- if ne $dot.Values.global.ingress.ingressClass "" -}}
+{{ $class = $dot.Values.global.ingress.ingressClass }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- $class -}}
+{{- end -}}
+
+{{/*
+ Helper function to get the Ingress Selector (default is "ingress")
+*/}}
+{{- define "common.ingress._selector" -}}
+{{- $dot := default . .dot -}}
+{{- $selector := "ingress" -}}
+{{- if $dot.Values.global.ingress -}}
+{{- if $dot.Values.global.ingress.ingressSelector -}}
+{{- if ne $dot.Values.global.ingress.ingressSelector "" -}}
+{{ $selector = $dot.Values.global.ingress.ingressSelector }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- $selector -}}
+{{- end -}}
+
+{{/*
+ Helper function to get the common Gateway, if exists
+*/}}
+{{- define "common.ingress._commonGateway" -}}
+{{- $dot := default . .dot -}}
+{{- $gateway := "-" -}}
+{{- if $dot.Values.global.ingress -}}
+{{- if $dot.Values.global.ingress.commonGateway -}}
+{{- if $dot.Values.global.ingress.commonGateway.name -}}
+{{ $gateway = $dot.Values.global.ingress.commonGateway.name }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- $gateway -}}
+{{- end -}}
+
+{{/*
+ Helper function to get the common Gateway HTTP Listener name, if exists
+*/}}
+{{- define "common.ingress._gatewayHTTPListener" -}}
+{{- $dot := default . .dot -}}
+{{- $listener := "http-80" -}}
+{{- if $dot.Values.global.ingress -}}
+{{- if $dot.Values.global.ingress.commonGateway -}}
+{{- if $dot.Values.global.ingress.commonGateway.name -}}
+{{ $listener = $dot.Values.global.ingress.commonGateway.httpListener }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- $listener -}}
+{{- end -}}
+
+{{/*
+ Helper function to get the common Gateway HTTPS Listener name, if exists
+*/}}
+{{- define "common.ingress._gatewayHTTPSListener" -}}
+{{- $dot := default . .dot -}}
+{{- $listener := "https-443" -}}
+{{- if $dot.Values.global.ingress -}}
+{{- if $dot.Values.global.ingress.commonGateway -}}
+{{- if $dot.Values.global.ingress.commonGateway.name -}}
+{{ $listener = $dot.Values.global.ingress.commonGateway.httpsListener }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- $listener -}}
+{{- end -}}
+
+{{/*
+ Helper function to check the existance of an override value
+*/}}
+{{- define "common.ingress._overrideIfDefined" -}}
+ {{- $currValue := .currVal }}
+ {{- $parent := .parent }}
+ {{- $var := .var }}
+ {{- if $parent -}}
+ {{- if hasKey $parent $var }}
+ {{- default "" (index $parent $var) }}
+ {{- else -}}
+ {{- default "" $currValue -}}
+ {{- end -}}
+ {{- else -}}
+ {{- default "" $currValue }}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+ Helper function to get the protocol of the service
+*/}}
+{{- define "common.ingress._protocol" -}}
+{{- $dot := default . .dot -}}
+{{- $protocol := "http" -}}
+{{- if $dot.tcpRoutes }}
+{{- $protocol = "tcp" -}}
+{{- end -}}
+{{- if $dot.udpRoutes }}
+{{- $protocol = "tcp" -}}
+{{- end -}}
+{{- if $dot.protocol }}
+{{- $protocol = (lower $dot.protocol) -}}
+{{- end -}}
+{{- $protocol -}}
+{{- end -}}
{{/*
Create the hostname as concatination <baseaddr>.<baseurl>
{{- end -}}
{{- end -}}
+{{/*
+ Create Port entry in the Gateway resource
+*/}}
+{{- define "istio.config.gatewayPort" -}}
+{{- $dot := default . .dot -}}
+{{- $service := (required "'service' param, set to the specific service, is required." .service) -}}
+{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}}
+{{- $protocol := (required "'protocol' param, set to the specific port, is required." .protocol) -}}
+ - port:
+ {{- include "istio.config.port" (dict "dot" $service "baseaddr" $baseaddr "protocol" $protocol) }}
+ hosts:
+ - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
+ {{- include "istio.config.tls" (dict "dot" $dot "service" $service "baseaddr" $baseaddr) }}
+{{- end -}}
+
{{/*
Helper function to add the route to the service
*/}}
Helper function to add ssl annotations
*/}}
{{- define "ingress.config.annotations.ssl" -}}
+{{- $class := include "common.ingress._class" (dict "dot" .) }}
{{- if .Values.ingress.config -}}
{{- if .Values.ingress.config.ssl -}}
{{- if eq .Values.ingress.config.ssl "redirect" -}}
-kubernetes.io/ingress.class: nginx
-nginx.ingress.kubernetes.io/ssl-passthrough: "true"
-nginx.ingress.kubernetes.io/ssl-redirect: "true"
+kubernetes.io/ingress.class: {{ $class }}
+{{ $class }}.ingress.kubernetes.io/ssl-passthrough: "true"
+{{ $class }}.ingress.kubernetes.io/ssl-redirect: "true"
{{- else if eq .Values.ingress.config.ssl "native" -}}
-nginx.ingress.kubernetes.io/ssl-redirect: "true"
+{{ $class }}.ingress.kubernetes.io/ssl-redirect: "true"
{{- else if eq .Values.ingress.config.ssl "none" -}}
-nginx.ingress.kubernetes.io/ssl-redirect: "false"
+{{ $class }}.ingress.kubernetes.io/ssl-redirect: "false"
{{- end -}}
{{- end -}}
{{- end -}}
{{ include "ingress.config.annotations.ssl" . | indent 4 | trim }}
{{- end -}}
-{{/*
- Helper function to check the existance of an override value
-*/}}
-{{- define "common.ingress._overrideIfDefined" -}}
- {{- $currValue := .currVal }}
- {{- $parent := .parent }}
- {{- $var := .var }}
- {{- if $parent -}}
- {{- if hasKey $parent $var }}
- {{- default "" (index $parent $var) }}
- {{- else -}}
- {{- default "" $currValue -}}
- {{- end -}}
- {{- else -}}
- {{- default "" $currValue }}
- {{- end -}}
-{{- end -}}
-
-{{/*
- Helper function to check, if Ingress is enabled
-*/}}
-{{- define "common.ingress._enabled" -}}
-{{- $dot := default . .dot -}}
-{{- if $dot.Values.ingress -}}
-{{- if $dot.Values.global.ingress -}}
-{{- if (default false $dot.Values.global.ingress.enabled) -}}
-{{- if (default false $dot.Values.global.ingress.enable_all) -}}
-true
-{{- else -}}
-{{- if $dot.Values.ingress.enabled -}}
-true
-{{- end -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
- Create Port entry in the Gateway resource
-*/}}
-{{- define "istio.config.gatewayPort" -}}
-{{- $dot := default . .dot -}}
-{{- $service := (required "'service' param, set to the specific service, is required." .service) -}}
-{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}}
-{{- $protocol := (required "'protocol' param, set to the specific port, is required." .protocol) -}}
- - port:
- {{- include "istio.config.port" (dict "dot" $service "baseaddr" $baseaddr "protocol" $protocol) }}
- hosts:
- - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
- {{- include "istio.config.tls" (dict "dot" $dot "service" $service "baseaddr" $baseaddr) }}
-{{- end -}}
-
{{/*
Create Istio Ingress resources per defined service
*/}}
{{- define "common.istioIngress" -}}
{{- $dot := default . .dot -}}
+{{- $selector := include "common.ingress._selector" (dict "dot" $dot) }}
+{{- $gateway := include "common.ingress._commonGateway" (dict "dot" $dot) }}
{{ range $dot.Values.ingress.service }}
+{{ if or ( eq (include "common.ingress._protocol" (dict "dot" .)) "http" ) ( eq (include "common.ingress._protocol" (dict "dot" .)) "tcp" )}}
{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) }}
+{{- if eq $gateway "-" }}
---
apiVersion: networking.istio.io/v1beta1
kind: Gateway
name: {{ $baseaddr }}-gateway
spec:
selector:
- istio: ingress # use Istio default gateway implementation
+ istio: {{ $selector }}
servers:
-{{- if .tcpRoutes }}
-{{ range .tcpRoutes }}
+{{- if .tcpRoutes }}
+{{ range .tcpRoutes }}
{{ include "istio.config.gatewayPort" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" "tcp") | trim }}
-{{ end -}}
-{{- else }}
- {{- if .protocol }}
+{{ end -}}
+{{- else }}
+ {{- if .protocol }}
{{ include "istio.config.gatewayPort" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" .protocol) | trim }}
- {{- else }}
+ {{- else }}
{{ include "istio.config.gatewayPort" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" "http") | trim }}
- {{ end }}
-{{ end }}
+ {{ end }}
+{{ end }}
+{{ end }}
---
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
hosts:
- {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
gateways:
+{{- if eq $gateway "-" }}
- {{ $baseaddr }}-gateway
+{{- else }}
+ - {{ $gateway }}
+{{- end }}
{{- if .tcpRoutes }}
tcp:
{{ range .tcpRoutes }}
{{- else }}
http:
{{ include "istio.config.route" (dict "dot" . "protocol" "http") | trim }}
- {{ end }}
-{{ end }}
+ {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end -}}
+
+{{/*
+ GW-API Helper function to add the tls route
+*/}}
+{{- define "gwapi.config.tls_simple" -}}
+{{- $dot := default . .dot -}}
+ tls:
+{{- if $dot.Values.global.ingress.config }}
+{{- if $dot.Values.global.ingress.config.tls }}
+ certificateRefs:
+ - kind: Secret
+ group: ""
+ name: {{ default "ingress-tls-secret" $dot.Values.global.ingress.config.tls.secret }}
+{{- else }}
+ certificateRefs:
+ - kind: Secret
+ group: ""
+ name: "ingress-tls-secret"
+{{- end }}
+{{- else }}
+ certificateRefs:
+ - kind: Secret
+ group: ""
+ name: "ingress-tls-secret"
+{{- end }}
+ mode: Terminate
+{{- end -}}
+
+{{/*
+ GW-API Helper function to add the tls route
+*/}}
+{{- define "gwapi.config.tls" -}}
+{{- $dot := default . .dot -}}
+{{- $service := (required "'service' param, set to the specific service, is required." .service) -}}
+{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}}
+{{- if $service.exposedPort }}
+{{- if $service.exposedProtocol }}
+{{- if eq $service.exposedProtocol "TLS" }}
+ {{ include "gwapi.config.tls_simple" (dict "dot" $dot ) }}
+{{- end }}
+{{- end }}
+{{- else }}
+{{- if (include "common.ingress._tlsRedirect" (dict "dot" $dot)) }}
+ - name: HTTPS-443
+ port: 443
+ protocol: HTTPS
+ hostname: {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
+ {{ include "gwapi.config.tls_simple" (dict "dot" $dot ) }}
+{{- end }}
+{{- end }}
+{{- end -}}
+
+{{/*
+ Create Listener entry in the Gateway resource
+*/}}
+{{- define "gwapi.config.listener" -}}
+{{- $dot := default . .dot -}}
+{{- $service := (required "'service' param, set to the specific service, is required." .service) -}}
+{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}}
+{{- $protocol := (required "'protocol' param, set to the specific port, is required." .protocol) -}}
+{{- $port := default 80 $service.exposedPort -}}
+ - name: {{ $protocol }}-{{ $port }}
+ port: {{ $port }}
+{{- if $service.exposedProtocol }}
+ protocol: {{ upper $service.exposedProtocol }}
+{{- else }}
+ protocol: HTTP
+{{- end }}
+ hostname: {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
+ allowedRoutes:
+ namespaces:
+ from: All
+{{- if eq $service.protocol "tcp" }}
+ kinds:
+ - kind: TCPRoute
+{{- else if eq $service.protocol "tcp" }}
+ kinds:
+ - kind: UDPRoute
+{{- end }}
+ {{- include "gwapi.config.tls" (dict "dot" $dot "service" $service "baseaddr" $baseaddr) }}
+{{- end -}}
+
+{{/*
+ Create *Route entry for the Gateway-API
+*/}}
+{{- define "gwapi.config.route" -}}
+{{- $dot := default . .dot -}}
+{{- $service := (required "'service' param, set to the specific service, is required." .service) -}}
+{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}}
+{{- $protocol := (required "'protocol' param, set to the specific port, is required." .protocol) -}}
+{{- $gateway := include "common.ingress._commonGateway" (dict "dot" $dot) -}}
+{{- $namespace := default "istio-ingress" $dot.Values.global.ingress.namespace -}}
+{{- $path := default "/" $service.path -}}
+{{- if eq $protocol "udp" -}}
+---
+apiVersion: gateway.networking.k8s.io/v1alpha2
+kind: UDPRoute
+metadata:
+ name: {{ $baseaddr }}-{{ $service.exposedPort }}-route
+spec:
+ parentRefs:
+{{- if eq $gateway "-" }}
+ - name: {{ $baseaddr }}-gateway
+{{- else }}
+ - name: {{ $gateway }}
+{{- end }}
+ namespace: {{ $namespace }}
+ sectionName: udp-{{ $service.exposedPort }}
+ rules:
+ - backendRefs:
+ - name: {{ $service.name }}
+ port: {{ $service.port }}
+{{- else if eq $protocol "tcp" }}
+---
+apiVersion: gateway.networking.k8s.io/v1alpha2
+kind: TCPRoute
+metadata:
+ name: {{ $baseaddr }}-{{ $service.exposedPort }}-route
+spec:
+ parentRefs:
+{{- if eq $gateway "-" }}
+ - name: {{ $baseaddr }}-gateway
+{{- else }}
+ - name: {{ $gateway }}
+{{- end }}
+ namespace: {{ $namespace }}
+ sectionName: tcp-{{ $service.exposedPort }}
+ rules:
+ - backendRefs:
+ - name: {{ $service.name }}
+ port: {{ $service.port }}
+{{- else if eq $protocol "http" }}
+---
+apiVersion: gateway.networking.k8s.io/v1beta1
+kind: HTTPRoute
+metadata:
+ name: {{ $baseaddr }}-http-route
+spec:
+ parentRefs:
+{{- if eq $gateway "-" }}
+ - name: {{ $baseaddr }}-gateway
+{{- else }}
+ - name: {{ $gateway }}
+{{- end }}
+ namespace: {{ $namespace }}
+{{- if (include "common.ingress._tlsRedirect" (dict "dot" $dot)) }}
+ sectionName: {{ include "common.ingress._gatewayHTTPSListener" (dict "dot" $dot) }}
+{{- else }}
+ sectionName: {{ include "common.ingress._gatewayHTTPListener" (dict "dot" $dot) }}
+{{- end }}
+ hostnames:
+ - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
+ rules:
+ - backendRefs:
+ - name: {{ $service.name }}
+ port: {{ $service.port }}
+ matches:
+ - path:
+ type: PathPrefix
+ value: {{ $path }}
+{{- if (include "common.ingress._tlsRedirect" (dict "dot" $dot)) }}
+---
+apiVersion: gateway.networking.k8s.io/v1beta1
+kind: HTTPRoute
+metadata:
+ name: {{ $baseaddr }}-redirect-route
+spec:
+ parentRefs:
+{{- if eq $gateway "-" }}
+ - name: {{ $baseaddr }}-gateway
+{{- else }}
+ - name: {{ $gateway }}
+{{- end }}
+ namespace: {{ $namespace }}
+ sectionName: {{ include "common.ingress._gatewayHTTPListener" (dict "dot" $dot) }}
+ hostnames:
+ - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
+ rules:
+ - filters:
+ - type: RequestRedirect
+ requestRedirect:
+ scheme: https
+ statusCode: 301
+ port: 443
+ matches:
+ - path:
+ type: PathPrefix
+ value: {{ $path }}
+{{- end }}
+{{- end }}
{{- end -}}
+
+{{/*
+ Create GW-API Ingress resources per defined service
+*/}}
+{{- define "common.gwapiIngress" -}}
+{{- $dot := default . .dot -}}
+{{- $selector := include "common.ingress._selector" (dict "dot" $dot) }}
+{{- $gateway := include "common.ingress._commonGateway" (dict "dot" $dot) }}
+{{ range $dot.Values.ingress.service }}
+{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) }}
+{{- if eq $gateway "-" }}
+---
+apiVersion: gateway.networking.k8s.io/v1beta1
+kind: Gateway
+metadata:
+ name: {{ $baseaddr }}-gateway
+spec:
+ gatewayClassName: {{ $dot.Values.global.serviceMesh.engine }}
+ listeners:
+{{- if .tcpRoutes }}
+{{ range .tcpRoutes }}
+ {{ include "gwapi.config.listener" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" "tcp") | trim }}
+{{- end -}}
+{{- else if .udpRoutes }}
+{{ range .udpRoutes }}
+ {{ include "gwapi.config.listener" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" "udp") | trim }}
+{{- end -}}
+{{- else }}
+{{- if .protocol }}
+ {{ include "gwapi.config.listener" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" (lower .protocol)) | trim }}
+{{- else }}
+ {{ include "gwapi.config.listener" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" "http") | trim }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- if .tcpRoutes }}
+{{ range .tcpRoutes }}
+{{ include "gwapi.config.route" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" "tcp") | trim }}
+{{- end -}}
+{{- else if .udpRoutes }}
+{{ range .udpRoutes }}
+{{ include "gwapi.config.route" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" "udp") | trim }}
+{{- end -}}
+{{- else }}
+{{- if .protocol }}
+{{ include "gwapi.config.route" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" (lower .protocol)) | trim }}
+{{- else }}
+{{ include "gwapi.config.route" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" "http") | trim }}
+{{- end }}
+{{- end }}
+{{- end }}
{{- end -}}
{{/*
*/}}
{{- define "common.nginxIngress" -}}
{{- $dot := default . .dot -}}
+{{ range $dot.Values.ingress.service }}
+{{ if eq (include "common.ingress._protocol" (dict "dot" .)) "http" }}
+{{ $baseaddr := required "baseaddr" .baseaddr }}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
heritage: {{ $dot.Release.Service }}
spec:
rules:
- {{ include "ingress.config.port" $dot | trim }}
-{{- if $dot.Values.ingress.tls }}
+ {{ include "ingress.config.port" . | trim }}
+{{- if $dot.Values.ingress.tls }}
tls:
{{ toYaml $dot.Values.ingress.tls | indent 4 }}
-{{- end -}}
-{{- if $dot.Values.ingress.config -}}
-{{- if $dot.Values.ingress.config.tls }}
+{{- end -}}
+{{- if $dot.Values.ingress.config -}}
+{{- if $dot.Values.ingress.config.tls }}
tls:
- hosts:
- {{- range $dot.Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }}
- - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
- {{- end }}
+ - {{ include "ingress.config.host" (dict "dot" . "baseaddr" $baseaddr) }}
secretName: {{ required "secret" (tpl (default "" $dot.Values.ingress.config.tls.secret) $dot) }}
-{{- end -}}
-{{- end -}}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
{{- end -}}
{{/*
| true | true | any | ingress |
| true | false | true | ingress |
- If ServiceMesh (Istio) is enabled the respective resources are created:
- - Gateway
+ If ServiceMesh (Ingress-Provider: Istio) is enabled the respective resources
+ are created:
+ - Gateway (optional)
- VirtualService
+ If ServiceMesh (Ingress-Provider: GatewayAPI) is enabled the respective resources
+ are created:
+ - Gateway (optional)
+ - HTTPRoute, TCPRoute, UDPRoute (depending)
+
If ServiceMesh is disabled the standard Ingress resource is creates:
- Ingress
*/}}
{{- define "common.ingress" -}}
{{- $dot := default . .dot -}}
+{{- $provider := include "common.ingress._provider" (dict "dot" $dot) -}}
{{- if (include "common.ingress._enabled" (dict "dot" $dot)) }}
-{{- if (include "common.onServiceMesh" .) }}
-{{- if eq (default "istio" .Values.global.serviceMesh.engine) "istio" }}
-{{ include "common.istioIngress" (dict "dot" $dot) }}
-{{- end -}}
-{{- else -}}
+{{- if eq $provider "ingress" -}}
{{ include "common.nginxIngress" (dict "dot" $dot) }}
+{{- else if eq $provider "istio" -}}
+{{ include "common.istioIngress" (dict "dot" $dot) }}
+{{- else if eq $provider "gw-api" -}}
+{{ include "common.gwapiIngress" (dict "dot" $dot) }}
{{- end -}}
{{- end -}}
{{- end -}}
version: ~13.x-0
repository: 'file://components/curator'
condition: elasticsearch.curator.enabled,curator.enabled
- - name: certInitializer
- version: ~13.x-0
- repository: 'file://../certInitializer'
- name: repositoryGenerator
version: ~13.x-0
repository: 'file://../repositoryGenerator'
metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }}
data:
server-block.conf: |-
-{{ if .Values.global.aafEnabled }}
-{{ .Values.nginx.serverBlock.https | indent 4 }}
-{{ else }}
{{ .Values.nginx.serverBlock.http | indent 4 }}
-
-
-{{ end }}
{{- end -}}
securityContext:
privileged: true
{{- end }}
- {{ include "common.certInitializer.initContainer" . | nindent 8 }}
containers:
- name: {{ include "common.name" . }}-nginx
- name: nginx-server-block
mountPath: /opt/bitnami/nginx/conf/server_blocks
{{- end }}
- {{- include "common.certInitializer.volumeMount" . | nindent 10 }}
- name: {{ include "common.name" . }}-elasticsearch
image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
configMap:
name: {{ include "common.fullname" . }}-nginx-server-block
{{- end }}
- {{ include "common.certInitializer.volumes" . | nindent 8 }}
# Global configuration defaults.
#################################################################
global:
- aafEnabled: true
nodePortPrefix: 302
clusterName: cluster.local
## Provide functionality to use RBAC
##
-#################################################################
-# Certificate configuration
-#################################################################
-certInitializer:
- nameOverride: elasticsearch-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: "elastic"
- app_ns: "org.osaaf.aaf"
- fqi_namespace: "org.onap.elastic"
- fqi: "elastic@elastic.onap.org"
- public_fqdn: "aaf.osaaf.org"
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- credsPath: /opt/app/osaaf/local
- aaf_add_config: >
- cd {{ .Values.credsPath }};
- mkdir -p certs;
- keytool -exportcert -rfc -file certs/cacert.pem -keystore {{ .Values.fqi_namespace }}.trust.jks -alias ca_local_0 -storepass $cadi_truststore_password;
- openssl pkcs12 -in {{ .Values.fqi_namespace }}.p12 -out certs/cert.pem -passin pass:$cadi_keystore_password_p12 -passout pass:$cadi_keystore_password_p12;
- cp {{ .Values.fqi_namespace }}.key certs/key.pem;
- chmod -R 755 certs;
-
#################################################################
# subcharts configuration defaults.
#################################################################
repository: 'file://../common'
- name: repositoryGenerator
version: ~13.x-0
- repository: 'file://../repositoryGenerator'
\ No newline at end of file
+ repository: 'file://../repositoryGenerator'
+ - name: serviceAccount
+ version: ~13.x-0
+ repository: '@local'
\ No newline at end of file
{{- if .Values.affinity }}
affinity: {{ toYaml .Values.affinity | nindent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
memory: 20Mi
unlimited: {}
+#Pods Service Account
+serviceAccount:
+ nameOverride: etcd-init
+ roles:
+ - read
+
wait_for_job_container:
containers:
- '{{ include "common.name" . }}'
repository: 'file://../common'
- name: repositoryGenerator
version: ~13.x-0
- repository: 'file://../repositoryGenerator'
\ No newline at end of file
+ repository: 'file://../repositoryGenerator'
+ - name: serviceAccount
+ version: ~13.x-0
+ repository: '@local'
\ No newline at end of file
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
memory: 20Mi
unlimited: {}
+#Pods Service Account
+serviceAccount:
+ nameOverride: mariadb-init
+ roles:
+ - read
+
wait_for_job_container:
containers:
- '{{ include "common.name" . }}'
- name: mariadb-init\r
version: ~13.x-0\r
repository: 'file://../mariadb-init'\r
- condition: global.mariadbGalera.globalCluster
\ No newline at end of file
+ condition: global.mariadbGalera.globalCluster\r
+ - name: serviceAccount\r
+ version: ~13.x-0\r
+ repository: '@local'
\ No newline at end of file
{{ toYaml .Values.nodeSelector | indent 10 }}
{{- end -}}
{{- if .Values.affinity }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
userCredentialsExternalSecret: *dbUserSecretName
mysqlDatabase: *mysqlDbName
nameOverride: nengdb-init
+ serviceAccount:
+ nameOverride: nengdb-init
#################################################################
# Application configuration defaults.
repository: 'file://../common'
- name: repositoryGenerator
version: ~13.x-0
- repository: 'file://../repositoryGenerator'
\ No newline at end of file
+ repository: 'file://../repositoryGenerator'
+ - name: serviceAccount
+ version: ~13.x-0
+ repository: '@local'
\ No newline at end of file
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
memory: 2Gi
unlimited: {}
+#Pods Service Account
+serviceAccount:
+ nameOverride: postgres-init
+ roles:
+ - read
+
wait_for_job_container:
containers:
- '{{ include "common.name" . }}-update-config'
\ No newline at end of file
{{- include "repositoryGenerator.image._helper" (merge (dict "image" "readinessImage") .) }}
{{- end -}}
-{{- define "repositoryGenerator.image.dbcClient" -}}
- {{- include "repositoryGenerator.image._helper" (merge (dict "image" "dbcClientImage") .) }}
+{{- define "repositoryGenerator.image.drProvClient" -}}
+ {{- include "repositoryGenerator.image._helper" (merge (dict "image" "drProvClientImage") .) }}
{{- end -}}
{{- define "repositoryGenerator.image.quitQuit" -}}
postgresImage: crunchydata/crunchy-postgres:centos8-13.2-4.6.1
readinessImage: onap/oom/readiness:3.0.1
dcaePolicySyncImage: onap/org.onap.dcaegen2.deployments.dcae-services-policy-sync:1.0.1
- dbcClientImage: onap/dmaap/dbc-client:2.0.11
+ drProvClientImage: onap/dmaap/datarouter-prov-client:2.1.14
quitQuitImage: onap/oom/readiness:4.1.0
# Default credentials
postgresImage: dockerHubRepository
readinessImage: repository
dcaePolicySyncImage: repository
- dbcClientImage: repository
+ drProvClientImage: repository
quitQuitImage: repository
pgDatabase: cpsdb
pgDataPath: data
pgUserExternalSecret: *pgUserCredsSecretName
+ serviceAccount:
+ nameOverride: cps-postgres-init
# pgPrimaryPassword: password
# pgUserPassword: password
{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2019 AT&T
-# Copyright (c) 2021-2022 J. F. Lucas. All rights reserved.
+# Copyright (c) 2021-2023 J. F. Lucas. All rights reserved.
# Copyright (c) 2021 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
initial configuration data. (See the documentation for
dcaegen2-services-common.microserviceDeployment for more details.)
-If the microservice is using one or more Data Router (DR) feeds, the
+If the microservice is publishing to one or more Data Router (DR) feeds, the
template produces a configMap containing the information needed to
provision the feed(s). An init container performs the provisioning.
-If the microservice acts as a DR publisher for one or more feeds, the
-template produces a configMap containing the information needed to
-provision the publisher(s). An init container performs the provisioning.
-
If the microservice acts as a DR subscriber for one or more feeds, the
template produces a configMap containing the information needed to
provision the subscribeer(s). An init container performs the provisioning.
data:
{{- range $i, $feed := .Values.drFeedConfig }}
feedConfig-{{$i}}.json: |-
- {{ $feed | toJson | indent 2 }}
- {{- end }}
-{{- end }}
-
-{{- if .Values.drPubConfig }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-drpub-config
- namespace: {{ include "common.namespace" . }}
- labels: {{ include "common.labels" . | nindent 6 }}
-data:
- {{- range $i, $drpub := .Values.drPubConfig }}
- drpubConfig-{{$i}}.json: |-
- {{ $drpub | toJson | indent 2 }}
+ {
+ "name": {{ $feed.feedName | quote }},
+ "version": {{ $feed.feedVersion | quote }},
+ "description": {{ $feed.feedDescription | default "None" | quote }},
+ "authorization": {
+ "classification": {{ $feed.classification | quote }},
+ "endpoint_addrs": [
+ ],
+ "endpoint_ids": [
+ {
+ "id": {{ $feed.publisher.username | quote }},
+ "password": {{ $feed.publisher.password | quote }}
+ }
+ ]
+ }
+ }
{{- end }}
{{- end }}
data:
{{- range $i, $drsub := .Values.drSubConfig }}
drsubConfig-{{$i}}.json: |-
- {{ $drsub | toJson | indent 2 }}
+ {
+ "feed": {
+ "name": {{ $drsub.feedName | quote }},
+ "version": {{ $drsub.feedVersion | quote }}
+ },
+ "delivery": {
+ "url": {{ $drsub.deliveryURL | quote }},
+ "user": {{ $drsub.username | quote }},
+ "password": {{ $drsub.userpwd | quote }},
+ "use100": {{ $drsub.use100 | default false }}
+ },
+ "metadataOnly": {{ $drsub.metadataOnly | default false }},
+ "groupid": {{ $drsub.groupId | default 0 }},
+ "follow_redirect": {{ $drsub.followRedirect | default true }},
+ "privileged_subscriber": {{ $drsub.privilegedSubscriber | default false }},
+ "decompress": {{ $drsub.decompress | default false }}
+ }
{{- end }}
{{- end }}
{{- end }}
{{- $commonRelease := print (include "common.release" .) -}}
{{- $policy := default dict .Values.policies -}}
{{- $policyRls := default $commonRelease $policy.policyRelease -}}
-{{- $drFeedConfig := default "" .Values.drFeedConfig -}}
+{{- $drNeedProvisioning := or .Values.drFeedConfig .Values.drSubConfig -}}
{{- $dcaeName := print (include "common.fullname" .) }}
{{- $dcaeLabel := (dict "dcaeMicroserviceName" $dcaeName) -}}
{{- $dot := . -}}
resources: {{ include "common.resources" . | nindent 10 }}
volumeMounts:
- mountPath: /app-config
- name: {{ ternary "app-config-input" "app-config" (not $drFeedConfig) }}
+ name: {{ ternary "app-config-input" "app-config" (not $drNeedProvisioning) }}
- mountPath: /app-config-input
name: app-config-input
{{- if $logDir }}
create: true
# Dependencies
+# Waiting for dmaap-dr-node (which depends on dmaap-dr-prov)
+# to be sure that we can provision the DR feed that's needed
readinessCheck:
wait_for:
containers:
- - dmaap-bc
- - dmaap-provisioning-job
+ - dmaap-dr-node
- message-router
# Probe Configuration
streams_publishes:
PM_MEAS_FILES:
dmaap_info:
- publisher_id: ${DR_FILES_PUBLISHER_ID_0}
+ publisher_id: "dummy_id"
location: loc00
- log_url: ${DR_LOG_URL_0}
- publish_url: ${DR_FILES_PUBLISHER_URL_0}
+ log_url: ${DR_FEED_LOGURL_0}
+ publish_url: ${DR_FEED_PUBURL_0}
username: ${DR_USERNAME}
password: ${DR_PASSWORD}
type: data_router
# DataRouter Feed Configuration
drFeedConfig:
- feedName: bulk_pm_feed
- owner: dcaecm
feedVersion: "0.0"
- asprClassification: unclassified
+ classification: unclassified
feedDescription: DFC Feed Creation
-
-# DataRouter Publisher Configuration
-drPubConfig:
- - feedName: bulk_pm_feed
- username: ${DR_USERNAME}
- userpwd: ${DR_PASSWORD}
- dcaeLocationName: loc00
+ publisher:
+ username: ${DR_USERNAME}
+ password: ${DR_PASSWORD}
# ConfigMap Configuration for Feed, Dr_Publisher
volumes:
- name: feeds-config
path: /opt/app/config/feeds
- - name: drpub-config
- path: /opt/app/config/dr_pubs
# Resource Limit Flavor -By Default Using Small
flavor: small
logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
# Dependencies
+# Depend on the datafile-collector, which guarantees that
+# the DR feed that pm-mapper susbscribes to will be created
+# already by the datafile-collector DMaaP provisioning init
+# container. Also guarantees that DR provisioning will be
+# available for pm-mapper initContainter to create the
+# subscription to the feed.
readinessCheck:
wait_for:
containers:
- - dmaap-bc
- - dmaap-provisioning-job
- dcae-datafile-collector
- - message-router
# Probe Configuration
readiness:
dmaap_publisher:
type: message_router
dmaap_info:
- client_id: ${MR_FILES_PUBLISHER_CLIENT_ID_0}
+ client_id: "dummy_id"
location: san-francisco
client_role: org.onap.dcae.pmPublisher
topic_url: http://message-router:3904/events/unauthenticated.PERFORMANCE_MEASUREMENTS
dmaap_subscriber:
type: data_router
dmaap_info:
- subscriber_id: ${DR_FILES_SUBSCRIBER_ID_0}
+ subscriber_id: "dummy_id"
decompress: true
privileged: true
username: ${DR_USERNAME}
#Temporary Dummy CBS Port Value until internal SDK library is updated
CONFIG_BINDING_SERVICE_SERVICE_PORT: '0000'
-# DataRouter Feed Configuration
-drFeedConfig:
- - feedName: bulk_pm_feed
- owner: dcaecm
- feedVersion: "0.0"
- asprClassification: unclassified
- feedDescription: DFC Feed Creation
-
# DataRouter Subscriber Configuration
drSubConfig:
- feedName: bulk_pm_feed
+ feedVersion: "0.0"
decompress: true
username: ${DR_USERNAME}
userpwd: ${DR_PASSWORD}
- dcaeLocationName: loc00
privilegedSubscriber: true
deliveryURL: http://dcae-pm-mapper:8081/delivery
-# ConfigMap Configuration for Dr Feed, Subscriber, MR Topics
+# ConfigMap Configuration for DR Subscriber
volumes:
- - name: feeds-config
- path: /opt/app/config/feeds
- name: drsub-config
path: /opt/app/config/dr_subs
{{- if .Values.affinity }}
affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
# Application configuration defaults.
#################################################################
# application image
-image: onap/dmaap/datarouter-node:2.1.13
+image: onap/dmaap/datarouter-node:2.1.14
pullPolicy: Always
# default number of instances
# Application configuration defaults.
#################################################################
# application image
-image: onap/dmaap/datarouter-prov:2.1.13
+image: onap/dmaap/datarouter-prov:2.1.14
pullPolicy: Always
# default number of instances
userCredentialsExternalSecret: *dbUserSecretName
mysqlDatabase: *mysqlDbName
nameOverride: dmaap-dr-mariadb-init
+ serviceAccount:
+ nameOverride: dmaap-dr-mariadb-init
# Resource Limit flavor -By Default using small
flavor: small
repository: '@local'
- name: serviceAccount
version: ~13.x-0
- repository: '@local'
+ repository: '@local'
\ No newline at end of file
# pgPrimaryPassword: password
# pgUserPassword: password
# pgRootPassword: password
+ serviceAccount:
+ nameOverride: holmes-postgres-init
holmes-engine-mgmt:
config:
- {{ index .Values "mariadb-galera" "nameOverride" }}
{{- else }}
- --job-name
- - {{ include "common.release" . }}-{{ include "common.name" . }}-config-job
+ - {{ include "common.release" . }}-etsicatalog-db-config-job
{{- end }}
env:
- name: NAMESPACE
userCredentialsExternalSecret: *dbSecretName
mysqlDatabase: *mysqlDbName
# nameOverride should be the same with common.name
- nameOverride: modeling-etsicatalog
+ nameOverride: etsicatalog-db
+ serviceAccount:
+ nameOverride: etsicatalog-db
#################################################################
# Application configuration defaults.
- name: repositoryGenerator
version: ~13.x-0
repository: '@local'
- - name: certInitializer
- version: ~13.x-0
- repository: '@local'
- name: serviceAccount
version: ~13.x-0
repository: '@local'
+++ /dev/null
-{{/*
-#
-# Copyright (C) 2017-2018 ZTE, Inc. and others. All rights reserved. (ZTE)
-# Copyright © 2021 Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-*/}}
-server {
- listen 443 ssl;
- ssl_certificate {{ .Values.certInitializer.credsPath }}/certs/cert.crt;
- ssl_certificate_key {{ .Values.certInitializer.credsPath }}/certs/cert.key;
- ssl_protocols TLSv1.1 TLSv1.2;
- ssl_dhparam ../ssl/dh-pubkey/dhparams.pem;
- include ../msb-enabled/location-default/msblocations.conf;
- # Add below settings for making SDC to work
- underscores_in_headers on;
-}
\ No newline at end of file
namespace: {{ include "common.namespace" . }}
data:
{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-nginx
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/nginx/*").AsConfig . | indent 2 }}
+
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- {{ include "common.certInitializer.initContainer" . | indent 6 | trim }}
- command:
- /app/ready.py
args:
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
- port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end -}}
readinessProbe:
tcpSocket:
- port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- name: ROUTE_LABELS
value: {{ .Values.config.routeLabels }}
volumeMounts:
- {{ include "common.certInitializer.volumeMount" . | indent 10 | trim }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
- mountPath: /usr/local/apiroute-works/logs
name: {{ include "common.fullname" . }}-logs
- {{- if (include "common.needTLS" .) }}
- - mountPath: /usr/local/openresty/nginx/msb-enabled/msbhttps.conf
- name: {{ include "common.fullname" . }}-nginx-conf
- subPath: msbhttps.conf
- {{- end }}
resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ include "common.log.sidecar" . | nindent 8 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- {{ include "common.certInitializer.volumes" . | indent 8 | trim }}
- name: {{ include "common.fullname" . }}-log-conf
configMap:
name: {{ include "common.fullname" . }}-log
- {{- if (include "common.needTLS" .) }}
- - name: {{ include "common.fullname" . }}-nginx-conf
- configMap:
- name: {{ include "common.fullname" . }}-nginx
- {{- end }}
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix . )) | nindent 8 }}
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
global:
nodePortPrefix: 302
-#################################################################
-# AAF part
-#################################################################
-certInitializer:
- nameOverride: msb-eag-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: msb-eag
- fqi: msb-eag@msb-eag.onap.org
- fqi_namespace: org.onap.msb-eag
- public_fqdn: msb-eag.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- aaf_add_config: |
- mkdir -p {{ .Values.credsPath }}/certs
- echo "*** retrieve certificate from pkcs12"
- openssl pkcs12 -in {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.p12 \
- -out {{ .Values.credsPath }}/certs/cert.crt -nokeys \
- -passin pass:$cadi_keystore_password_p12 \
- -passout pass:$cadi_keystore_password_p12
- echo "*** copy key to relevant place"
- cp {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key {{ .Values.credsPath }}/certs/cert.key
- echo "*** change ownership and read/write attributes"
- chown -R 1000 {{ .Values.credsPath }}/certs
- chmod 600 {{ .Values.credsPath }}/certs/cert.crt
- chmod 600 {{ .Values.credsPath }}/certs/cert.key
-
#################################################################
# Application configuration defaults.
#################################################################
service:
type: NodePort
name: msb-eag
- both_tls_and_plain: true
# for liveness and readiness probe only
# internalPort:
- internalPort: 443
- internalPlainPort: 80
+ internalPort: 80
ports:
- name: msb-eag
- port: 443
- plain_port: 80
+ port: 80
port_protocol: http
nodePort: '84'
service:
- baseaddr: "msb-eag-ui"
name: "msb-eag"
- port: 443
- plain_port: 80
+ port: 80
config:
ssl: "redirect"
- name: repositoryGenerator
version: ~13.x-0
repository: '@local'
- - name: certInitializer
- version: ~13.x-0
- repository: '@local'
- name: serviceAccount
version: ~13.x-0
repository: '@local'
+++ /dev/null
-{{/*
-#
-# Copyright (C) 2017-2018 ZTE, Inc. and others. All rights reserved. (ZTE)
-# Copyright © 2021 Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-*/}}
-server {
- listen 443 ssl;
- ssl_certificate {{ .Values.certInitializer.credsPath }}/certs/cert.crt;
- ssl_certificate_key {{ .Values.certInitializer.credsPath }}/certs/cert.key;
- ssl_protocols TLSv1.1 TLSv1.2;
- ssl_dhparam ../ssl/dh-pubkey/dhparams.pem;
- include ../msb-enabled/location-default/msblocations.conf;
- # Add below settings for making SDC to work
- underscores_in_headers on;
-}
\ No newline at end of file
namespace: {{ include "common.namespace" . }}
data:
{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-nginx
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/nginx/*").AsConfig . | indent 2 }}
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- {{ include "common.certInitializer.initContainer" . | indent 6 | trim }}
- command:
- /app/ready.py
args:
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
- port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end -}}
readinessProbe:
tcpSocket:
- port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- name: ROUTE_LABELS
value: {{ .Values.config.routeLabels }}
volumeMounts:
- {{ include "common.certInitializer.volumeMount" . | indent 10 | trim }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
- mountPath: /usr/local/apiroute-works/logs
name: {{ include "common.fullname" . }}-logs
- {{- if (include "common.needTLS" .) }}
- - mountPath: /usr/local/openresty/nginx/msb-enabled/msbhttps.conf
- name: {{ include "common.fullname" . }}-nginx-conf
- subPath: msbhttps.conf
- {{- end }}
resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ include "common.log.sidecar" . | nindent 8 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- {{ include "common.certInitializer.volumes" . | indent 8 | trim }}
- name: {{ include "common.fullname" . }}-log-conf
configMap:
name: {{ include "common.fullname" . }}-log
- {{- if (include "common.needTLS" .) }}
- - name: {{ include "common.fullname" . }}-nginx-conf
- configMap:
- name: {{ include "common.fullname" . }}-nginx
- {{- end }}
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix . )) | nindent 8 }}
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
global:
nodePortPrefix: 302
-#################################################################
-# AAF part
-#################################################################
-certInitializer:
- nameOverride: msb-iag-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: msb-iag
- fqi: msb-iag@msb-iag.onap.org
- fqi_namespace: org.onap.msb-iag
- public_fqdn: msb-iag.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- aaf_add_config: |
- mkdir -p {{ .Values.credsPath }}/certs
- echo "*** retrieve certificate from pkcs12"
- openssl pkcs12 -in {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.p12 \
- -out {{ .Values.credsPath }}/certs/cert.crt -nokeys \
- -passin pass:$cadi_keystore_password_p12 \
- -passout pass:$cadi_keystore_password_p12
- echo "*** copy key to relevant place"
- cp {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key {{ .Values.credsPath }}/certs/cert.key
- echo "*** change ownership and read/write attributes"
- chown -R 1000 {{ .Values.credsPath }}/certs
- chmod 600 {{ .Values.credsPath }}/certs/cert.crt
- chmod 600 {{ .Values.credsPath }}/certs/cert.key
-
#################################################################
# Application configuration defaults.
#################################################################
service:
type: NodePort
name: msb-iag
- both_tls_and_plain: true
# for liveness and readiness probe only
# internalPort:
- internalPort: 443
- internalPlainPort: 80
+ internalPort: 80
ports:
- name: msb-iag
- port: 443
- plain_port: 80
+ port: 80
port_protocol: http
nodePort: '83'
service:
- baseaddr: "msb-iag-ui"
name: "msb-iag"
- port: 443
- plain_port: 80
+ port: 80
config:
ssl: "redirect"
userCredentialsExternalSecret: *dbUserSecretName
mysqlDatabase: *mysqlDbName
nameOverride: nbi-config
+ serviceAccount:
+ nameOverride: nbi-config
mongo:
nameOverride: nbi-mongo
# enable all component's Ingress interfaces
enable_all: true
# All http requests via ingress will be redirected
+
+ # Provider: ingress, istio, gw-api
+ provider: istio
+ # Ingress class (only for provider "ingress"): e.g. nginx, traefik
+ ingressClass:
+ # Ingress Selector (only for provider "istio") to match with the
+ # ingress pod label "istio=ingress"
+ ingressSelector: ingress
+ # optional: common used Gateway (for Istio, GW-API) and listener names
+ commonGateway:
+ name: ""
+ httpListener: ""
+ httpsListener: ""
+
virtualhost:
# Default Ingress base URL
# can be overwritten in component by setting ingress.baseurlOverride
ingress:
enabled: true
enable_all: true
+ # Provider: ingress, istio, gw-api
+ provider: ingress
+ # Ingress class (only for provider "ingress"): e.g. nginx, traefik
+ ingressClass: nginx
+ # Ingress Selector (only for provider "istio") to match with the
+ # ingress pod label "istio=ingress"
+ ingressSelector: ingress
+ # optional: common used Gateway (for Istio, GW-API) and listener names
+ commonGateway:
+ name: ""
+ httpListener: ""
+ httpsListener: ""
+
cassandra:
enabled: true
mariadb-galera:
# enable all component's Ingress interfaces
enable_all: false
+ # Provider: ingress, istio, gw-api
+ provider: istio
+ # Ingress class (only for provider "ingress"): e.g. nginx, traefik
+ ingressClass:
+ # Ingress Selector (only for provider "istio") to match with the
+ # ingress pod label "istio=ingress"
+ ingressSelector: ingress
+ # optional: common used Gateway (for Istio, GW-API) and listener names
+ commonGateway:
+ name: ""
+ httpListener: ""
+ httpsListener: ""
+
# default Ingress base URL and preAddr- and postAddr settings
# Ingress URLs result:
# <preaddr><component.ingress.service.baseaddr><postaddr>.<baseurl>
# tls:
# secret: 'my-ingress-cert'
- # optional: Namespace of the Istio IngressGateway
+ # optional: Namespace of the Istio IngressGateway or Gateway-API
# only valid for Istio Gateway (ServiceMesh enabled)
namespace: istio-ingress
keyPrefix: conductor
flavor: *etcd-flavor
resources: *etcd-resources
+ serviceAccount:
+ nameOverride: *job-name
# Python doesn't support well dollar sign in password
passwordStrengthOverride: basic
cpu: 200m
memory: 200Mi
{{ include "common.waitForJobContainer" . | indent 6 | trim }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: {{ include "common.fullname" . }}-environments
configMap:
cpu: 200m
memory: 200Mi
{{ include "common.waitForJobContainer" . | indent 6 | trim }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: {{ include "common.fullname" . }}-environments
configMap:
valueFrom: {secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_password}}
resources: {{ include "common.resources" . | nindent 10 }}
{{ include "common.waitForJobContainer" . | indent 6 | trim }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: {{ include "common.fullname" . }}-cqlshrc
configMap:
{{- if .Values.affinity }}
affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
{{- if .Values.affinity }}
affinity: {{ toYaml .Values.affinity | nindent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
# dependency / sub-chart configuration
network-name-gen:
enabled: true
+ serviceAccount:
+ nameOverride: sdnc-name-gen
mariadb-galera: &mariadbGalera
nameOverride: &sdnc-db sdnc-db
config: &mariadbGaleraConfig
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
{{ include "common.waitForJobContainer" . | indent 6 | trim }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: init-data
configMap:
cpu: 2
memory: 1Gi
unlimited: {}
+
{{ include "common.waitForJobContainer" . | indent 6 | trim }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: init-data
configMap: