authorization:
mode: rbac
ignore_docker_version: false
-kubernetes_version: "v1.13.5-rancher1-2"
+kubernetes_version: "v1.15.11-rancher1-2"
private_registries:
- url: nexus3.onap.org:10001
user: docker
oom_cloud_setup_guide.rst
release-notes.rst
oom_setup_kubernetes_rancher.rst
+ oom_setup_ingress_controller.rst
casablanca 1.11.5 2.9.1 1.11.5 17.03.x
dublin 1.13.5 2.12.3 1.13.5 18.09.5
el alto 1.15.2 2.14.2 1.15.2 18.09.x
- frankfurt 1.15.9 2.16.3 1.15.9 18.09.x
+ frankfurt 1.15.9 2.16.6 1.15.11 18.09.x
============== =========== ====== ======== ========
Minimum Hardware Configuration
+------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
| AAI/SEARCH-DATA | Yes | No | No | aai/oom/components/aai-search-data/resources/config/auth/tomcat_keystore |
+------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | AAI/SPARKY-BE | Yes | No | No | aai/oom/components/aai-spary-be/resources/config/auth/org.onap.aai.p12 |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
| AAI/BABEL | No | Yes | No | aai/oom/components/aai-babel/resources/config/auth/tomcat_keystore |
+------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
| AAI/MODEL-LOADER | Yes | Yes | No | aai/oom/components/aai-model-loaderresources/config/auth/tomcat_keystore |
+------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | APPC | Yes | No | No | kubernetes/appc/resources/config/certs/org.onap.appc.keyfile |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | APPC | Yes | No | No | kubernetes/appc/resources/config/certs/org.onap.appc.p12 |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | MSB | Yes | No? | Yes | kubernetes/msb/resources/config/certificates |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | MUSIC | Yes | No? | No? | kubernetes/common/music/charts/music/resources/keys/ |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
| SDC | Yes | No? | No? | kubernetes/sdc/resources/cert |
+------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
| SO | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
+------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
| OOF/OOF-OSDF | Yes | No | No | kubernetes/oof/resources/config |
+------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | CLI | No | Yes | No | kubernetes/cli/resources/certificates |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
where <BRANCH> can be an offical release tag, such as
4.0.0-ONAP for Dublin
5.0.1-ONAP for El Alto
+6.0.0-ONAP for Frankfurt
**Step 2.** Install Helm Plugins required to deploy ONAP::
d. Update the OpenStack parameters that will be used by robot, SO and APPC helm
charts or use an override file to replace them.
+ e. Add in the command line a value for the global master password (global.masterPassword).
c. Generating SO Encrypted Password:
The SO Encrypted Password uses a java based encryption utility since the
Java encryption library is not easy to integrate with openssl/python that
-ROBOT uses in Dublin.
+ROBOT uses in Dublin and upper versions.
.. note::
To generate SO ``openStackEncryptedPasswordHere`` and ``openStackSoEncryptedPassword``
d. Update the OpenStack parameters:
-There are assumptions in the demonstration VNF heat templates about the networking
-available in the environment. To get the most value out of these templates and the
-automation that can help confirm the setup is correct, please observe the following
+There are assumptions in the demonstration VNF heat templates about the networking
+available in the environment. To get the most value out of these templates and the
+automation that can help confirm the setup is correct, please observe the following
constraints.
+
``openStackPublicNetId:``
This network should allow heat templates to add interfaces.
This need not be an external network, floating IPs can be assigned to the ports on
setting but for the demonstration VNFs the ip asssignment strategy assumes 10.0 ip prefix.
-Example Keystone v2.0
+Example Keystone v2.0
.. literalinclude:: example-integration-override.yaml
:language: yaml
:language: yaml
-
**Step 4.** To setup a local Helm server to server up the ONAP charts::
> helm serve &
single command
.. note::
- The ``--timeout 900`` is currently required in Dublin to address long running initialization tasks
- for DMaaP and SO. Without this timeout value both applications may fail to deploy.
+ The ``--timeout 900`` is currently required in Dublin and up to address long
+ running initialization tasks for DMaaP and SO. Without this timeout value both
+ applications may fail to deploy.
+
+.. danger::
+ We've added the master password on the command line.
+ You shouldn't put it in a file for safety reason
+ please don't forget to change the value to something random
+
+ A space is also added in front of the command so "history" doesn't catch it.
+ This masterPassword is very sensitive, please be careful!
+
To deploy all ONAP applications use this command::
> cd oom/kubernetes
- > helm deploy dev local/onap --namespace onap -f onap/resources/overrides/onap-all.yaml -f onap/resources/overrides/environment.yaml -f onap/resources/overrides/openstack.yaml --timeout 900
+ > helm deploy dev local/onap --namespace onap --set global.masterPassword=myAwesomePasswordThatINeedToChange -f onap/resources/overrides/onap-all.yaml -f onap/resources/overrides/environment.yaml -f onap/resources/overrides/openstack.yaml --timeout 900
All override files may be customized (or replaced by other overrides) as per needs.
`onap-all.yaml`
Enables the modules in the ONAP deployment. As ONAP is very modular, it is possible to customize ONAP and disable some components through this configuration file.
+`onap-all-ingress-nginx-vhost.yaml`
+ Alternative version of the `onap-all.yaml` but with global ingress controller enabled. It requires the cluster configured with the nginx ingress controller and load balancer.
+ Please use this file instad `onap-all.yaml` if you want to use experimental ingress controller feature.
+
`environment.yaml`
Includes configuration values specific to the deployment environment.
--- /dev/null
+.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. http://creativecommons.org/licenses/by/4.0
+.. Copyright 2020, Samsung Electronics
+
+.. Links
+.. _HELM Best Practices Guide: https://docs.helm.sh/chart_best_practices/#requirements
+.. _kubectl Cheat Sheet: https://kubernetes.io/docs/reference/kubectl/cheatsheet/
+.. _Kubernetes documentation for emptyDir: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir
+.. _metallb Metal Load Balancer installation: https://metallb.universe.tf/installation/
+.. _http://cd.onap.info:30223/mso/logging/debug: http://cd.onap.info:30223/mso/logging/debug
+.. _Onboarding and Distributing a Vendor Software Product: https://wiki.onap.org/pages/viewpage.action?pageId=1018474
+.. _README.md: https://gerrit.onap.org/r/gitweb?p=oom.git;a=blob;f=kubernetes/README.md
+
+.. figure:: oomLogoV2-medium.png
+ :align: right
+
+.. _onap-on-kubernetes-with-rancher:
+
+
+Ingress controller setup on HA Kubernetes Cluster
+#################################################
+
+This guide provides instruction how to setup experimental ingress controller feature.
+For this, we are hosting our cluster on OpenStack VMs and using the Rancher Kubernetes Engine (RKE)
+to deploy and manage our Kubernetes Cluster and ingress controller
+
+.. contents::
+ :depth: 1
+ :local:
+..
+
+The result at the end of this tutorial will be:
+
+#. Customization of the cluster.yaml file for ingress controller support
+
+#. Installation and configuration test DNS server for ingress host resolution on testing machines
+
+#. Instalation and configuration MLB (Metal Load Balancer) required for exposing ingress service
+
+#. Instalation and configuration NGINX ingress controller
+
+#. Additional info howto deploy onap with services exposed via Ingress controller
+
+Customize cluster.yml file
+===========================
+Before setup cluster for ingress purposes DNS cluster IP and ingress provider should be configured and follwing:
+
+.. code-block:: yaml
+ <...>
+ restore:
+ restore: false
+ snapshot_name: ""
+ ingress:
+ provider: none
+ dns:
+ provider: coredns
+ upstreamnameservers:
+ - <custer_dns_ip>:31555
+
+Where the <cluster_dns_ip> should be set to the same IP as the CONTROLPANE node.
+
+For external load balacer purposes minimum one of the worker node should be configured with external IP
+address accessible outside the cluster. It can be done using the following example node configuration:
+
+.. code-block:: yaml
+ <...>
+ - address: <external_ip>
+ internal_address: <internal_ip>
+ port: "22"
+ role:
+ - worker
+ hostname_override: "onap-worker-0"
+ user: ubuntu
+ ssh_key_path: "~/.ssh/id_rsa"
+ <...>
+
+Where the <external_ip> is external worker node IP address, and <internal_ip> is internal node IP address if it is required
+
+
+
+DNS server configuration and instalation
+========================
+DNS server deployed on the Kubernetes cluster makes it easy to use services exposed through ingress controller because it
+resolves all subdomain related to the onap cluster to the load balancer IP.
+Testing ONAP cluster requires a lot of entries on the target machines in the /etc/hosts.
+Adding many entries into the configuration files on testing machines is quite problematic and error prone.
+The better wait is to create central DNS server with entries for all virtual host pointed to simpledemo.onap.org and add custom DNS server as a target DNS server for testing machines and/or as external DNS for kubernetes cluster.
+
+DNS server has automatic instalation and configuration script, so instalation is quite easy::
+
+ > cd kubernetes/contrib/dns-server-for-vhost-ingress-testing
+
+ > ./deploy\_dns.sh
+
+After DNS deploy you need to setup DNS entry on the target testing machine.
+Because DNS listen on non standard port configuration require iptables rules
+on the target machine. Please follow the configuation proposed by the deploy scripts
+Example output depends on the IP address and example output looks like bellow::
+
+
+ DNS server already deployed:
+ 1. You can add the DNS server to the target machine using following commands:
+ sudo iptables -t nat -A OUTPUT -p tcp -d 192.168.211.211 --dport 53 -j DNAT --to-destination 10.10.13.14:31555
+ sudo iptables -t nat -A OUTPUT -p udp -d 192.168.211.211 --dport 53 -j DNAT --to-destination 10.10.13.14:31555
+ sudo sysctl -w net.ipv4.conf.all.route_localnet=1
+ sudo sysctl -w net.ipv4.ip_forward=1
+ 2. Update /etc/resolv.conf file with nameserver 192.168.211.211 entry on your target machine
+
+
+MetalLB Load Balancer instalation and configuration
+====================================================
+
+By default pure Kubernetes cluster requires external load balancer if we want to expose
+external port using LoadBalancer settings. For this purpose MetalLB can be used.
+Before installing the MetalLB you need to ensure that at least one worker has assigned IP acessible outside the cluster.
+
+MetalLB Load balanancer can be easily installed using automatic install script::
+
+ > cd kubernetes/contrib/metallb-loadbalancer-inst
+
+ > ./install-metallb-on-cluster.sh
+
+
+Configuration NGINX ingress controller
+=======================================
+
+After installation DNS server and ingress controller we can install and configure ingress controller.
+It can be done using the following commands::
+
+ > cd kubernetes/contrib/ingress-nginx-post-inst
+
+ > kubectl apply -f nginx_ingress_cluster_config.yaml
+
+ > kubectl apply -f nginx_ingress_enable_optional_load_balacer_service.yaml
+
+After deploy NGINX ingress controller you can ensure that the ingress port is exposed as load balancer service
+with external IP address::
+
+ > kubectl get svc -n ingress-nginx
+ NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
+ default-http-backend ClusterIP 10.10.10.10 <none> 80/TCP 25h
+ ingress-nginx LoadBalancer 10.10.10.11 10.12.13.14 80:31308/TCP,443:30314/TCP 24h
+
+
+ONAP with ingress exposed services
+=====================================
+If you want to deploy onap with services exposed through ingress controller you can use full onap deploy script::
+ > onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml
+
+Ingress also can be enabled on any onap setup override using following code:
+
+.. code-block:: yaml
+ <...>
+ #ingress virtualhost based configuration
+ global:
+ <...>
+ ingress:
+ enabled: true
+
Install RKE
-----------
Download and install RKE on a VM, desktop or laptop.
-Binaries can be found here for Linux and Mac: https://github.com/rancher/rke/releases/tag/v0.2.1
+Binaries can be found here for Linux and Mac: https://github.com/rancher/rke/releases/tag/v1.0.6
RKE requires a *cluster.yml* as input. An example file is show below that
describes a Kubernetes cluster that will be mapped onto the OpenStack VMs
created earlier in this guide.
-Example: **cluster.yml**
-
-.. image:: images/rke/rke_1.png
-
Click :download:`cluster.yml <cluster.yml>` to download the
configuration file.
Download and install kubectl. Binaries can be found here for Linux and Mac:
-https://storage.googleapis.com/kubernetes-release/release/v1.15.2/bin/linux/amd64/kubectl
-https://storage.googleapis.com/kubernetes-release/release/v1.15.2/bin/darwin/amd64/kubectl
+https://storage.googleapis.com/kubernetes-release/release/v1.15.11/bin/linux/amd64/kubectl
+https://storage.googleapis.com/kubernetes-release/release/v1.15.11/bin/darwin/amd64/kubectl
You only need to install kubectl where you'll launch kubernetes command. This
can be any machines of the kubernetes cluster or a machine that has IP access
Example Helm client install on Linux::
- > wget http://storage.googleapis.com/kubernetes-helm/helm-v2.14.2-linux-amd64.tar.gz
+ > wget https://get.helm.sh/helm-v2.16.6-linux-amd64.tar.gz
- > tar -zxvf helm-v2.14.2-linux-amd64.tar.gz
+ > tar -zxvf helm-v2.16.6-linux-amd64.tar.gz
> sudo mv linux-amd64/helm /usr/local/bin/helm
10.12.6.155 msb.api.simpledemo.onap.org
10.12.6.155 clamp.api.simpledemo.onap.org
10.12.6.155 so.api.simpledemo.onap.org
+ 10.12.6.155 sdc.workflow.plugin.simpledemo.onap.org
Ensure you've disabled any proxy settings the browser you are using to access
the portal and then simply access now the new ssl-encrypted URL:
.. reserved.
.. _release_notes:
-.. Links
-.. _release-notes-label:
-
ONAP Operations Manager Release Notes
=====================================
+Version 6.0.0 (Frankfurt Release)
+---------------------------------
+
+:Release Date: 2020-xx-xx
+
+Summary
+-------
+
+The focus of this release is to strengthen the foundation of OOM installer.
+A list of issues resolved in this release can be found here: https://jira.onap.org/projects/OOM/versions/10826
+
+**Software Requirements**
+
+* Upgraded to Kubernetes 1.15.x and Helm 2.16.x
+
+**Hardcoded Password removal**
+
+* All mariadb galera password are not hardcoded
+
+**New Features**
+
+* Ingress deployment is getting more and more usable
+* Use of dynamic Persistent Volume is available
+
+**Bug Fixes**
+
+**Known Issues**
+
+The following known issues will be addressed in a future release:
+
+* [`OOM-2075 <https://jira.onap.org/browse/OOM-2075>`_] - https://jira.onap.org/browse/OOM-2075
+
+**Security Notes**
+
+*Fixed Security Issues*
+
+* In default deployment OOM (consul-server-ui) exposes HTTP port 30270 outside of cluster. [`OJSI-134 <https://jira.onap.org/browse/OJSI-134>`_]
+* CVE-2019-12127 - OOM exposes unprotected API/UI on port 30270 [`OJSI-202 <https://jira.onap.org/browse/OJSI-202>`_]
+
+*Known Security Issues*
+
+* Hard coded password used for all oom deployments [`OJSI-188 <https://jira.onap.org/browse/OJSI-188>`_]
+
+*Known Vulnerabilities in Used Modules*
+
+OOM code has been formally scanned during build time using NexusIQ and no
+Critical vulnerability was found.
+
+Quick Links:
+
+ - `OOM project page <https://wiki.onap.org/display/DW/ONAP+Operations+Manager+Project>`_
+
+ - `Passing Badge information for OOM <https://bestpractices.coreinfrastructure.org/en/projects/1631>`_
+
+
Version 5.0.1 (El Alto Release)
-----------------------------------
+-------------------------------
:Release Date: 2019-10-10
- `Passing Badge information for OOM <https://bestpractices.coreinfrastructure.org/en/projects/1631>`_
-Version 6.0.0 (Frankfurt)
-----------------------------------
-
-:Release Date: 2020-05-14
-
-Summary
--------
-
-**Software Requirements**
-
-* Upgraded to Kubernetes 1.15.x and Helm 2.16.x
-
-**Hardcoded Password removal**
-
-* All mariadb galera password are not hardcoded
-
Version 5.0.0 (El Alto Early Drop)
----------------------------------
name: "aaf-cm"
port: 8150
config:
- ssl: "none"
+ ssl: "redirect"
# Configure resource requests and limits
resources:
name: "aaf-gui"
port: 8200
config:
- ssl: "none"
+ ssl: "redirect"
# Configure resource requests and limits
resources:
{{ include "common.ingress" . }}
-
-
name: "aaf-locate"
port: 8095
config:
- ssl: "none"
+ ssl: "redirect"
# Configure resource requests and limits
resources:
--- /dev/null
+
+{{ include "common.ingress" . }}
name: "aaf-oauth"
port: 8140
config:
- ssl: "none"
+ ssl: "redirect"
# Configure resource requests and limits
resources:
name: "aaf-service"
port: 8100
config:
- ssl: "none"
+ ssl: "redirect"
# Configure resource requests and limits
resources:
{
"name": "aai",
"values": {
- "username": "oof@oof.onap.org",
- "password": "demo123456!"
+ "username": "${AAI_USER}",
+ "password": "${AAI_PASS}"
}
},
{
"name": "conductor_api",
"values": {
- "username": "admin1",
- "password": "plan.15"
+ "username": "${CONDUCTOR_USER}",
+ "password": "${CONDUCTOR_PASS}"
}
},
{
"name": "sdnc",
"values": {
- "username": "admin",
- "password": "Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U"
+ "username": "${SDNC_USER}",
+ "password": "${SDNC_PASS}"
}
},
{
"name": "music_api",
"values": {
- "aafuser": "conductor",
- "aafpass": "c0nduct0r",
+ "aafuser": "${MUSIC_USER}",
+ "aafpass": "${MUSIC_PASS}",
"aafns": "conductor"
}
},
{
"name": "aaf_api",
"values": {
- "username": "aaf_admin@people.osaaf.org",
- "password": "demo123456!",
+ "username": "${AAF_USER}",
+ "password": "${AAF_PASS}",
"aaf_conductor_user": "oof@oof.onap.org"
}
}
{
"name": "conductor",
"values": {
- "UserName": "admin1",
- "Password": "plan.15"
+ "UserName": "${CONDUCTOR_USER}",
+ "Password": "${CONDUCTOR_PASS}"
}
},
{
"name": "policyPlatform",
"values": {
- "UserName": "testpdp",
- "Password": "alpha123"
+ "UserName": "${POLICY_PLAT_USER}",
+ "Password": "${POLICY_PLAT_PASS}"
}
},
{
"name": "policyClient",
"values": {
- "UserName": "python",
- "Password": "test"
+ "UserName": "${POLICY_CLI_USER}",
+ "Password": "${POLICY_CLI_PASS}"
}
},
{
{
"name": "osdfPlacement",
"values": {
- "UserName": "test",
- "Password": "testpwd"
+ "UserName": "${OSDF_PLACEMENT_USER}",
+ "Password": "${OSDF_PLACEMENT_PASS}"
}
},
{
"name": "osdfPlacementSO",
"values": {
- "UserName": "so_test",
- "Password": "so_testpwd"
+ "UserName": "${OSDF_PLACEMENT_SO_USER}",
+ "Password": "${OSDF_PLACEMENT_SO_PASS}"
}
},
{
"name": "osdfPlacementVFC",
"values": {
- "UserName": "vfc_test",
- "Password": "vfc_testpwd"
+ "UserName": "${OSDF_PLACEMENT_VFC_USER}",
+ "Password": "${OSDF_PLACEMENT_VFC_PASS}"
}
},
{
"name": "osdfCMScheduler",
"values": {
- "UserName": "test1",
- "Password": "testpwd1"
+ "UserName": "${OSDF_CM_SCHEDULER_USER}",
+ "Password": "${OSDF_CM_SCHEDULER_PASS}"
}
},
{
"name": "configDb",
"values": {
- "UserName": "osdf",
- "Password": "passwd"
+ "UserName": "${CONFIG_DB_USER}",
+ "Password": "${CONFIG_DB_PASS}"
}
},
{
{
"name": "osdfPCIOpt",
"values": {
- "UserName": "pci_test",
- "Password": "pci_testpwd"
+ "UserName": "${OSDF_PCI_OPT_USER}",
+ "Password": "${OSDF_PCI_OPT_PASS}"
+ }
+ },
+ {
+ "name": "osdfOptEngine",
+ "values": {
+ "UserName": "${OSDF_OPT_ENGINE_USER}",
+ "Password": "${OSDF_OPT_ENGINE_PASS}"
}
}
]
}
-}
\ No newline at end of file
+}
release: {{ include "common.release" . }}
spec:
initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "export AAI_PASS=${AAI_PASS_PLAIN};
+ export CONDUCTOR_PASS=${CONDUCTOR_PASS_PLAIN};
+ export SDNC_PASS=${SDNC_PASS_PLAIN};
+ export MUSIC_PASS=${MUSIC_PASS_PLAIN};
+ export AAF_PASS=${AAF_PASS_PLAIN};
+ export POLICY_PLAT_PASS=${POLICY_PLAT_PASS_PLAIN};
+ export POLICY_CLI_PASS=${POLICY_CLI_PASS_PLAIN};
+ export OSDF_PLACEMENT_PASS=${OSDF_PLACEMENT_PASS_PLAIN};
+ export OSDF_PLACEMENT_SO_PASS=${OSDF_PLACEMENT_SO_PASS_PLAIN};
+ export OSDF_PLACMENET_VFC_PASS=${OSDF_PLACEMENT_VFC_PASS_PLAIN};
+ export OSDF_CM_SCHEDULER_PASS=${OSDF_CM_SCHEDULER_PASS_PLAIN};
+ export CONFIG_DB_PASS=${CONFIG_DB_PASS_PLAIN};
+ export OSDF_PCI_OPT_PASS=${OSDF_PCI_OPT_PASS_PLAIN};
+ export OSDF_OPT_ENGINE_PASS=${OSDF_OPT_ENGINE_PASS_PLAIN};
+ cd /config-input;
+ for PFILE in `find . -not -type d | grep -v -F ..`; do
+ envsubst <${PFILE} >/config/${PFILE};
+ done"
+ env:
+ - name: AAI_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aai-creds" "key" "login") | indent 10 }}
+ - name: AAI_PASS_PLAIN
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aai-creds" "key" "password") | indent 10 }}
+
+ - name: CONDUCTOR_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "conductor-creds" "key" "login") | indent 10 }}
+ - name: CONDUCTOR_PASS_PLAIN
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "conductor-creds" "key" "password") | indent 10 }}
+
+ - name: SDNC_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdnc-creds" "key" "login") | indent 10 }}
+ - name: SDNC_PASS_PLAIN
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdnc-creds" "key" "password") | indent 10 }}
+
+ - name: MUSIC_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "music-creds" "key" "login") | indent 10 }}
+ - name: MUSIC_PASS_PLAIN
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "music-creds" "key" "password") | indent 10 }}
+
+ - name: AAF_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aaf-creds" "key" "login") | indent 10 }}
+ - name: AAF_PASS_PLAIN
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aaf-creds" "key" "password") | indent 10 }}
+
+ - name: POLICY_PLAT_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-plat-creds" "key" "login") | indent 10 }}
+ - name: POLICY_PLAT_PASS_PLAIN
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-plat-creds" "key" "password") | indent 10 }}
+
+ - name: POLICY_CLI_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-cli-creds" "key" "login") | indent 10 }}
+ - name: POLICY_CLI_PASS_PLAIN
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-cli-creds" "key" "password") | indent 10 }}
+
+ - name: OSDF_PLACEMENT_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-placement-creds" "key" "login") | indent 10 }}
+ - name: OSDF_PLACEMENT_PASS_PLAIN
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-placement-creds" "key" "password") | indent 10 }}
+
+ - name: OSDF_PLACEMENT_SO_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-placement-so-creds" "key" "login") | indent 10 }}
+ - name: OSDF_PLACEMENT_SO_PASS_PLAIN
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-placement-so-creds" "key" "password") | indent 10 }}
+
+ - name: OSDF_PLACEMENT_VFC_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-placement-vfc-creds" "key" "login") | indent 10 }}
+ - name: OSDF_PLACEMENT_VFC_PASS_PLAIN
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-placement-vfc-creds" "key" "password") | indent 10 }}
+
+ - name: OSDF_CM_SCHEDULER_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-cm-scheduler-creds" "key" "login") | indent 10 }}
+ - name: OSDF_CM_SCHEDULER_PASS_PLAIN
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-cm-scheduler-creds" "key" "password") | indent 10 }}
+
+ - name: CONFIG_DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "config-db-creds" "key" "login") | indent 10 }}
+ - name: CONFIG_DB_PASS_PLAIN
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "config-db-creds" "key" "password") | indent 10 }}
+
+ - name: OSDF_PCI_OPT_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-pci-opt-creds" "key" "login") | indent 10 }}
+ - name: OSDF_PCI_OPT_PASS_PLAIN
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-pci-opt-creds" "key" "password") | indent 10 }}
+
+ - name: OSDF_OPT_ENGINE_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-opt-engine-creds" "key" "login") | indent 10 }}
+ - name: OSDF_OPT_ENGINE_PASS_PLAIN
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-opt-engine-creds" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: {{ include "common.name" . }}-preload-input
+ - mountPath: /config/
+ name: {{ include "common.name" . }}-preload
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
- name: localtime
hostPath:
path: /etc/localtime
- - name : {{ include "common.name" . }}-preload
+ - name: {{ include "common.name" . }}-preload-input
configMap:
name: {{ include "common.fullname" . }}-preload
+ - name: {{ include "common.name" . }}-preload
+ emptyDir:
+ medium: Memory
restartPolicy: OnFailure
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
persistence: {}
+ envsubstImage: dibi/envsubst
flavor: small
#################################################################
ingress:
enabled: false
+secrets:
+ - uid: aai-creds
+ type: basicAuth
+ login: '{{ .Values.oofCreds.aaiUsername }}'
+ password: '{{ .Values.oofCreds.aaiPassword }}'
+ passwordPolicy: required
+ - uid: conductor-creds
+ type: basicAuth
+ login: '{{ .Values.oofCreds.conductorUsername }}'
+ password: '{{ .Values.oofCreds.conductorPassword }}'
+ passwordPolicy: required
+ - uid: sdnc-creds
+ type: basicAuth
+ login: '{{ .Values.oofCreds.sdncUsername }}'
+ password: '{{ .Values.oofCreds.sdncPassword }}'
+ passwordPolicy: required
+ - uid: music-creds
+ type: basicAuth
+ login: '{{ .Values.oofCreds.musicUsername }}'
+ password: '{{ .Values.oofCreds.musicPassword }}'
+ passwordPolicy: required
+ - uid: aaf-creds
+ type: basicAuth
+ login: '{{ .Values.oofCreds.aafUsername }}'
+ password: '{{ .Values.oofCreds.aafPassword }}'
+ passwordPolicy: required
+ - uid: policy-plat-creds
+ type: basicAuth
+ login: '{{ .Values.oofCreds.policyPlatUsername }}'
+ password: '{{ .Values.oofCreds.policyPlatPassword }}'
+ passwordPolicy: required
+ - uid: policy-cli-creds
+ type: basicAuth
+ login: '{{ .Values.oofCreds.policyCliUsername }}'
+ password: '{{ .Values.oofCreds.policyCliPassword }}'
+ passwordPolicy: required
+ - uid: osdf-placement-creds
+ type: basicAuth
+ login: '{{ .Values.oofCreds.osdfPlacementUsername }}'
+ password: '{{ .Values.oofCreds.osdfPlacementPassword }}'
+ passwordPolicy: required
+ - uid: osdf-placement-so-creds
+ type: basicAuth
+ login: '{{ .Values.oofCreds.osdfPlacementSOUsername }}'
+ password: '{{ .Values.oofCreds.osdfPlacementSOPassword }}'
+ passwordPolicy: required
+ - uid: osdf-placement-vfc-creds
+ type: basicAuth
+ login: '{{ .Values.oofCreds.osdfPlacementVFCUsername }}'
+ password: '{{ .Values.oofCreds.osdfPlacementVFCPassword }}'
+ passwordPolicy: required
+ - uid: osdf-cm-scheduler-creds
+ type: basicAuth
+ login: '{{ .Values.oofCreds.osdfCMSchedulerUsername }}'
+ password: '{{ .Values.oofCreds.osdfCMSchedulerPassword }}'
+ passwordPolicy: required
+ - uid: config-db-creds
+ type: basicAuth
+ login: '{{ .Values.oofCreds.configDbUsername }}'
+ password: '{{ .Values.oofCreds.configDbPassword }}'
+ passwordPolicy: required
+ - uid: osdf-pci-opt-creds
+ type: basicAuth
+ login: '{{ .Values.oofCreds.osdfPCIOptUsername }}'
+ password: '{{ .Values.oofCreds.osdfPCIOptPassword }}'
+ passwordPolicy: required
+ - uid: osdf-opt-engine-creds
+ type: basicAuth
+ login: '{{ .Values.oofCreds.osdfOptEngineUsername }}'
+ password: '{{ .Values.oofCreds.osdfOptEnginePassword }}'
+ passwordPolicy: required
+
+oofCreds:
+ aaiUsername: oof@oof.onap.org
+ aaiPassword: demo123456!
+
+ conductorUsername: admin1
+ conductorPassword: plan.15
+
+ sdncUsername: admin
+ sdncPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+
+ musicUsername: conductor
+ musicPassword: c0nduct0r
+
+ aafUsername: aaf_admin@people.osaaf.org
+ aafPassword: demo123456!
+
+ policyPlatUsername: testpdp
+ policyPlatPassword: alpha123
+
+ policyCliUsername: python
+ policyCliPassword: test
+
+ osdfPlacementUsername: test
+ osdfPlacementPassword: testpwd
+
+ osdfPlacementSOUsername: so_test
+ osdfPlacementSOPassword: so_testpwd
+
+ osdfPlacementVFCUsername: vfc_test
+ osdfPlacementVFCPassword: vfc_testpwd
+
+ osdfCMSchedulerUsername: test1
+ osdfCMSchedulerPassword: testpwd1
+
+ configDbUsername: osdf
+ configDbPassword: passwd
+
+ osdfPCIOptUsername: pci_test
+ osdfPCIOptPassword: pci_testpwd
+
+ osdfOptEngineUsername: opt_test
+ osdfOptEnginePassword: opt_testpwd
+
# Configure resource requests and limits
resources:
small:
ingress:
enabled: false
+ service:
+ - baseaddr: "aaf.api"
+ name: "aaf-service"
+ port: 8100
+ config:
+ ssl: "none"
persistence: {}
-Subproject commit 9b27009ab70a2d4fccd43247f7dbb887cb944293
+Subproject commit 2d6141ab8bd7bfe58f5da0483e578032226e7ebb
name: "appc-cdt"
port: 18080
config:
- ssl: "none"
+ ssl: "redirect"
# Configure resource requests and limits
# ref: http://kubernetes.io/docs/user-guide/compute-resources/
---
apiVersion: v1
kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-filebeat
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/log/filebeat/log4j/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-logging-cfg
namespace: {{ include "common.namespace" . }}
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/log/*").AsConfig . | indent 2 }}
+
+{{ include "common.log.configMap" . }}
subPath: installSdncDb.sh
- mountPath: {{ .Values.persistence.mdsalPath }}
name: {{ include "common.fullname" . }}-data
- - mountPath: /var/log/onap
+ - mountPath: {{ .Values.log.path }}
name: logs
- mountPath: /opt/onap/appc/data/org.ops4j.pax.logging.cfg
name: log-config
{{- end }}
# side car containers
- - name: filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /usr/share/filebeat/filebeat.yml
- name: filebeat-conf
- subPath: filebeat.yml
- - mountPath: /var/log/onap
- name: logs
- - mountPath: /usr/share/filebeat/data
- name: data-filebeat
+ {{ include "common.log.sidecar" . | nindent 8 }}
volumes:
- name: keyfile-certs
secret:
- name: localtime
hostPath:
path: /etc/localtime
- - name: filebeat-conf
- configMap:
- name: {{ include "common.fullname" . }}-filebeat
- name: log-config
configMap:
name: {{ include "common.fullname" . }}-logging-cfg
- name: logs
emptyDir: {}
- - name: data-filebeat
- emptyDir: {}
+ {{ include "common.log.volumes" . | nindent 8 }}
- name: onap-appc-data-properties-input
configMap:
name: {{ include "common.fullname" . }}-onap-appc-data-properties
nodePortPrefix: 302
readinessRepository: oomk8s
readinessImage: readiness-check:2.0.0
+ centralizedLoggingEnabled: false
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
# envsusbt
# flag to enable debugging - application support required
debugEnabled: false
+# log configuration
+log:
+ path: /var/log/onap
+
# application configuration
config:
# dbRootPassExternalSecret: some secret
# It seems that the DB name is hardcoded.
dbName: appcctl
userName: appcctl
- password: appcctl
+ # password: appcctl
# userCredsExternalSecret: some secret
sdncdb:
# Warning: changing this config option may not work.
# It seems that the DB name is hardcoded.
dbName: sdnctl
userName: sdnctl
- password: gamma
+ # password: gamma
# userCredsExternalSecret: some secret
odlUid: 100
odlGid: 101
service:
name: appc-dgbuilder
+ ingress:
+ enabled: false
+ service:
+ - baseaddr: "appc-dgbuilder"
+ name: "appc-dgbuilder"
+ port: 3000
+ config:
+ ssl: "redirect"
+
#passing value to cdt chart. value of nodePort3 will be same as appc.service.nodePort3.
appc-cdt:
nodePort3: 11
ingress:
enabled: false
service:
- - baseaddr: appc
+ - baseaddr: "appc.api"
name: "appc"
port: 8443
config:
blueprintprocessor.netconfExecutor.enabled=true
blueprintprocessor.restConfExecutor.enabled=true
blueprintprocessor.remoteScriptCommand.enabled=true
+blueprintsprocessor.remote-script-command.response.log.enabled=false
# Command executor
blueprintsprocessor.grpcclient.remote-python.type=token-auth
# Self Service Response Kafka Message Producer
blueprintsprocessor.messageproducer.self-service-api.bootstrapServers=message-router-kafka:9092
+# Kafka Audit Service Configurations
+blueprintsprocessor.messageproducer.self-service-api.audit.kafkaEnable=false
+
# Executor Options
blueprintsprocessor.resourceResolution.enabled=true
blueprintsprocessor.netconfExecutor.enabled=true
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+ - name: fix-permission
+ command:
+ - chown
+ - -R
+ - 100:101
+ - /opt/app/onap/blueprints/deploy
+ image: busybox:latest
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: {{ .Values.persistence.deployedBlueprint }}
+ name: {{ include "common.fullname" . }}-blueprints
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-blueprintsprocessor:0.7.1
+image: onap/ccsdk-blueprintsprocessor:0.7.2
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-commandexecutor:0.7.1
+image: onap/ccsdk-commandexecutor:0.7.2
pullPolicy: Always
# application configuration
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-sdclistener:0.7.1
+image: onap/ccsdk-sdclistener:0.7.2
name: sdc-listener
pullPolicy: Always
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
- # side car containers
- # - name: filebeat-onap
- # image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- # imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- # volumeMounts:
- # - mountPath: /usr/share/filebeat/filebeat.yml
- # name: filebeat-conf
- # subPath: filebeat.yml
- # - mountPath: /home/esr/works/logs
- # name: esr-server-logs
- # - mountPath: /usr/share/filebeat/data
- # name: esr-server-filebeat
volumes:
- name: localtime
hostPath:
path: /etc/localtime
- # - name: filebeat-conf
- # configMap:
- # name: {{ include "common.fullname" . }}-esr-filebeat
- # - name: esr-server-logs
- # emptyDir: {}
- # - name: esr-server-filebeat
- # emptyDir: {}
- # - name: esrserver-log
- # configMap:
- # name: {{ include "common.fullname" . }}-esr-esrserver-log
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-cds-ui-server:0.7.1
+image: onap/ccsdk-cds-ui-server:0.7.2
pullPolicy: Always
# application configuration
service:
- baseaddr: "cdsui"
name: "cds-ui"
- port: 8080
- config:
- ssl: "none"
+ port: 3000
+ config:
+ ssl: "redirect"
# Resource Limit flavor -By Default using small
flavor: small
data:
{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
spring_application_json: {{ tpl .Values.config.springApplicationJson . | quote }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.release" . }}-clamp-filebeat-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/log/filebeat/*").AsConfig . | indent 2 }}
+
+{{ include "common.log.configMap" . }}
name: {{ include "common.name" . }}-readiness
containers:
# side car containers
- - name: {{ include "common.name" . }}-filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
+ {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.sidecar" . | nindent 8 }}{{ end }}
+ # main container
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
+ - name: logs
+ mountPath: {{ .Values.log.path }}
- mountPath: /opt/clamp/sdc-controllers-config.json
name: {{ include "common.fullname" . }}-config
subPath: sdc-controllers-config.json
env:
- - name: SPRING_APPLICATION_JSON
- valueFrom:
- configMapKeyRef:
- name: {{ template "common.fullname" . }}
- key: spring_application_json
+ - name: MYSQL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
+ - name: MYSQL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
+ - name: MYSQL_DATABASE
+ value: {{ tpl .Values.db.databaseName .}}
+ - name: SPRING_APPLICATION_JSON
+ valueFrom:
+ configMapKeyRef:
+ name: {{ template "common.fullname" . }}
+ key: spring_application_json
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
items:
- key: sdc-controllers-config.json
path: sdc-controllers-config.json
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ include "common.release" . }}-clamp-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-logs
+ - name: logs
emptyDir: {}
+ {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.volumes" . | nindent 8 }}{{ end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
readinessImage: readiness-check:2.0.0
persistence: {}
+secrets:
+ - uid: db-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.user }}'
+ password: '{{ .Values.db.password }}'
+ passwordPolicy: required
+
flavor: small
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-backend:5.0.3
+image: onap/clamp-backend:5.0.6
pullPolicy: Always
# flag to enable debugging - application support required
debugEnabled: false
+# log configuration
+log:
+ path: /var/log/onap
+
#################################################################
# Application configuration defaults.
#################################################################
+
+db: {}
+
config:
log:
logstashServiceName: log-ls
mysqlPassword: strong_pitchou
dataRootDir: /dockerdata-nfs
springApplicationJson: >
- {
- "spring.datasource.cldsdb.url": "jdbc:mariadb:sequential://clampdb.{{ include "common.namespace" . }}:3306/cldsdb4?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3",
+ {
+ "spring.datasource.username": "${MYSQL_USER}",
+ "spring.datasource.password": "${MYSQL_PASSWORD}",
+ "spring.datasource.url": "jdbc:mariadb:sequential://clampdb.{{ include "common.namespace" . }}:3306/${MYSQL_DATABASE}?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3",
"spring.profiles.active": "clamp-default,clamp-aaf-authentication,clamp-sdc-controller,clamp-ssl-config,clamp-policy-controller,legacy-operational-policy,default-dictionary-elements",
"clamp.config.files.sdcController": "file:/opt/clamp/sdc-controllers-config.json",
"clamp.config.dcae.inventory.url": "https4://inventory.{{ include "common.namespace" . }}:8080",
"clamp.config.policy.pap.userName": "healthcheck",
"clamp.config.policy.pap.password": "zb!XztG34",
"clamp.config.cadi.aafLocateUrl": "https://aaf-locate.{{ include "common.namespace" . }}:8095"
- }
+ }
# default number of instances
replicaCount: 1
discovery.seed_hosts: []
# # Breaking change in 7.0
# # https://www.elastic.co/guide/en/elasticsearch/reference/7.0/breaking-changes-7.0.html#breaking_70_discovery_changes
-cluster.initial_master_nodes:
+cluster.initial_master_nodes:
- cldash-es-node1
# - docker-test-node-1
# ---------------------------------- Various -----------------------------------
opendistro_security.restapi.roles_enabled: ["all_access", "security_rest_api_access"]
cluster.routing.allocation.disk.threshold_enabled: false
node.max_local_storage_nodes: 3
-######## End OpenDistro for Elasticsearch Security Demo Configuration ########
\ No newline at end of file
+######## End OpenDistro for Elasticsearch Security Demo Configuration ########
--- /dev/null
+# Copyright © 2020 Samsung, Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.ingress" . }}
nodePort: 90
ingress:
enabled: false
+ service:
+ - baseaddr: "cdash-kibana"
+ name: "cdash-kibana"
+ port: 5601
+ config:
+ ssl: "redirect"
#resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
if [http_request_failure] or [@metadata][code] != 200 {
mutate {
- add_tag => [ "error" ]
+ add_tag => [ "error" ]
}
}
clones => [ "event-cl-aggs" ]
add_tag => [ "event-cl-aggs" ]
}
-
+
if "event-cl-aggs" in [@metadata][request][tags]{
#
# we only need a few fields for aggregations; remove all fields from clone except :
prune {
whitelist_names => ["^@.*$","^topic$","^type$","^tags$","^flagFinalFailure$","^flagAbated$","^locationState$","^locationCity$","^vmName$","^vnfName$","^vnfType$","^requestID$","^closedLoopAlarmStart$","^closedLoopControlName$","^closedLoopAlarmEnd$","^target$","^target_type$","^triggerSourceName$","^policyScope$","^policyName$","^policyVersion$"]
}
-
+
}
}
}
+++ /dev/null
-#!/bin/sh
-
-###
-# ============LICENSE_START=======================================================
-# ONAP CLAMP
-# ================================================================================
-# Copyright (C) 2017 AT&T Intellectual Property. All rights
-# reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END============================================
-# ===================================================================
-#
-###
-
-mysql -uroot -p$MYSQL_ROOT_PASSWORD -f < /docker-entrypoint-initdb.d/bulkload/create-db.sql
-## New model creation
-mysql -uroot -p$MYSQL_ROOT_PASSWORD -f cldsdb4 < /docker-entrypoint-initdb.d/bulkload/create-tables.sql
+++ /dev/null
-#
-# Create CLDS database objects (tables, etc.)
-#
-#
-CREATE DATABASE `cldsdb4`;
-USE `cldsdb4`;
-DROP USER 'clds';
-CREATE USER 'clds';
-GRANT ALL on cldsdb4.* to 'clds' identified by 'sidnnd83K' with GRANT OPTION;
-FLUSH PRIVILEGES;
-
#{{ if not .Values.disableClampClampMariadb }}
apiVersion: v1
kind: ConfigMap
-metadata:
- name: clamp-entrypoint-initdb-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/mariadb/docker-entrypoint-initdb.d/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
metadata:
name: clamp-entrypoint-bulkload-configmap
namespace: {{ include "common.namespace" . }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
data:
-{{ tpl (.Files.Glob "resources/config/mariadb/docker-entrypoint-initdb.d/bulkload/*").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/mariadb/docker-entrypoint-initdb.d/*").AsConfig . | indent 2 }}
---
apiVersion: v1
kind: ConfigMap
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- - name: MYSQL_ROOT_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}
- key: db-root-password
+ - name: MYSQL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
+ - name: MYSQL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
+ - name: MYSQL_ROOT_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 12 }}
+ - name: MYSQL_DATABASE
+ value: {{ tpl .Values.db.databaseName .}}
volumeMounts:
- - mountPath: /docker-entrypoint-initdb.d/bootstrap-database.sh
- name: docker-entrypoint-initdb
- subPath: bootstrap-database.sh
- mountPath: /etc/localtime
name: localtime
readOnly: true
- - mountPath: /docker-entrypoint-initdb.d/bulkload/
+ - mountPath: /docker-entrypoint-initdb.d/
name: docker-entrypoint-bulkload
- mountPath: /etc/mysql/conf.d/conf1/
name: clamp-mariadb-conf
{{- else }}
emptyDir: {}
{{- end }}
- - name: docker-entrypoint-initdb
- configMap:
- name: clamp-entrypoint-initdb-configmap
- name: docker-entrypoint-bulkload
configMap:
name: clamp-entrypoint-bulkload-configmap
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
- db-root-password: {{ .Values.config.mysqlPassword | b64enc | quote }}
+{{ include "common.secretFast" . }}
nodePortPrefix: 302
persistence: {}
-
# application image
repository: nexus3.onap.org:10001
image: mariadb:10.3.12
pullPolicy: Always
flavor: small
-
#################################################################
-# Application configuration defaults.
+# Secrets metaconfig
#################################################################
-config:
- mysqlPassword: strong_pitchou
+secrets:
+ - uid: db-root-pass
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.db.rootCredsExternalSecret) . }}'
+ password: '{{ .Values.db.rootPass }}'
+ - uid: db-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.user }}'
+ password: '{{ .Values.db.password }}'
+
+# Application configuration
+db: {}
# default number of instances
replicaCount: 1
--- /dev/null
+# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+filebeat.prospectors:
+#it is mandatory, in our case it's log
+- input_type: log
+ #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory.
+ paths:
+ - /var/log/onap/*/*/*/*.log
+ - /var/log/onap/*/*/*.log
+ - /var/log/onap/*/*.log
+ #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive
+ ignore_older: 48h
+ # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit
+ clean_inactive: 96h
+
+# Name of the registry file. If a relative path is used, it is considered relative to the
+# data path. Else full qualified file name.
+#filebeat.registry_file: ${path.data}/registry
+
+
+output.logstash:
+ #List of logstash server ip addresses with port number.
+ #But, in our case, this will be the loadbalancer IP address.
+ #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately.
+ hosts: ["{{.Values.config.log.logstashServiceName}}:{{.Values.config.log.logstashPort}}"]
+ #If enable will do load balancing among availabe Logstash, automatically.
+ loadbalance: true
+
+ #The list of root certificates for server verifications.
+ #If certificate_authorities is empty or not set, the trusted
+ #certificate authorities of the host system are used.
+ #ssl.certificate_authorities: $ssl.certificate_authorities
+
+ #The path to the certificate for SSL client authentication. If the certificate is not specified,
+ #client authentication is not available.
+ #ssl.certificate: $ssl.certificate
+
+ #The client certificate key used for client authentication.
+ #ssl.key: $ssl.key
+
+ #The passphrase used to decrypt an encrypted key stored in the configured key file
+ #ssl.key_passphrase: $ssl.key_passphrase
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+
+{{ include "common.log.configMap" . }}
name: {{ include "common.name" . }}-readiness
containers:
# side car containers
- - name: {{ include "common.name" . }}-filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/nginx/
+ {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.sidecar" . | nindent 8 }}{{ end }}
+ # main container
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/nginx/
+ - name: logs
+ mountPath: {{ .Values.log.path }}
- mountPath: /etc/nginx/conf.d/default.conf
name: {{ include "common.fullname" . }}-config
subPath: default.conf
items:
- key: default.conf
path: default.conf
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ include "common.release" . }}-clamp-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-logs
+ - name: logs
emptyDir: {}
+ {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.volumes" . | nindent 8 }}{{ end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
-
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
readinessImage: readiness-check:2.0.0
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ centralizedLoggingEnabled: false
+
+secrets:
+ - uid: db-root-pass
+ name: &dbRootPass '{{ include "common.release" . }}-clamp-db-root-pass'
+ type: password
+ password: '{{ .Values.db.rootPass }}'
+ - uid: db-secret
+ name: &dbUserPass '{{ include "common.release" . }}-clamp-db-user-pass'
+ type: basicAuth
+ login: '{{ .Values.db.user }}'
+ password: '{{ .Values.db.password }}'
+
+db:
+ user: clds
+# password: sidnnd83K
+ databaseName: &dbName cldsdb4
+# rootPass: emrys user: testos
+
+clamp-backend:
+ db:
+ userCredsExternalSecret: *dbUserPass
+ databaseName: *dbName
+mariadb:
+ db:
+ rootCredsExternalSecret: *dbRootPass
+ userCredsExternalSecret: *dbUserPass
+ databaseName: *dbName
subChartsOnly:
enabled: true
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-frontend:5.0.3
+image: onap/clamp-frontend:5.0.6
pullPolicy: Always
# flag to enable debugging - application support required
debugEnabled: false
+# log configuration
+log:
+ path: /var/log/nginx/
+
#################################################################
# Application configuration defaults.
#################################################################
ingress:
enabled: false
service:
- - baseaddr: "clamp"
+ - baseaddr: "clamp.api"
name: "clamp"
port: 2443
config:
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDDIyIm/AvmgI0A
+DDVZb6pe8Qlh9YHoGnm5I3S3dvu1YBT6jLvP7N1v1BAx6+xxg4RQ2v+WAxUwKgy3
+gSo2mhmBwPZGlhLX+IdbT+sb7Cl/xfB7kkegLsnWhlM4YEtlAQW8FYi9gMqssBiO
+lk6zlWqVrShNC566vpEURQOjU1CanZWMhXtYzw4gbMBGlrC54EtRwmn6a7Gp/avA
+FZ05c/7BQyfFq/jc7ttmaeNtYdFwPkuljdE/0h4ZtmZjY5hxrBkCHUXtf/obhxep
+q5PzR16MA1zwis+OHoadqm4qP8w9Wo7KNQo62Sm6zB4gbQO+qA/ZwcSHlJNPAavt
+7KB3lIN1AgMBAAECggEAcXtgJC3WOeGunkV7TRzchsREgZyGRNYIzftpqDxg27UZ
+3i+0FZKZoKxCEtYyNj2W2HLTyojWbKE3rgxG4WQyyzvNvXUPVlwpU5ghkaaA59bU
+KPkEAIrVRJXvlcyibAXxMNWRJSveMhli3qFY+aU+S/dchZnpYI7szk3odLZCHPfd
+7KWMOlm3RYUGo4XIXY9nqAgsgg0ml3s5NUoLwVtxtZFocEiLTxTuvjsirE+IVYNx
+kgGJ5EYpfCkAPQkNF+L27BHrrQpGdmQnCft3iqkGJa8+oPE0DY+TPoY1VNoPmKKg
+CTDouuaJQHq62MvkSj2EauHBshzzrL6UhW5FpqybIQKBgQDl40/jhvZ3i64rXUB+
+3GXFnSJuhG6ys/bHQBP+rtHCdyYlfgEe3ZjSKq16HNFErgUBXiVjR+VvPS2m/r9R
+zYCD9jJ9YYfAdcyo58kZZrut8atu94G0Un9hNz5nQ+hy9YNOsI8woJdCfw41jGcx
+A1hP05fDxw5Ozi2uZBhwI39keQKBgQDZTVbuASj4tMgsHHgpqVt0j6nD3t4kG5h5
+333arMmklsWrX1nnEHE73S72JO/sz0GJtAu7EpjMNkZlTmZz+U5geuhfrTLEGrti
+MG8o9VakLbxdZBVbpHznoY+bb6o5pW6jKyOR9jPuX5AhgAj8eeP5OOU5nHh/2wOG
+HMZyDak/3QKBgFTBI5j9Dy0v4Dy4mqiq1RKwRht809sqolb/dt+00Dzj9Lpp5Dve
+8xK5DVAyA61QgyPn89zQivQiGAyzaxHbs//y6tZy+LuqMpQrMGcfCx6sNMoqkjVL
+HQ9YcLddv/tyLMD8My54Zovrj++KHhlh5FM57YAOiWXgedMLsD7Xt4XxAoGBAJk8
+X6vQp5rSqUHqBZajdfm5gWa9l/rwdtKilraJGFz3cYdK4zP9NUyYyhALtiFReg7o
+J0mRcKy5LWUtJzRrPyjsI0es9Fqz2yX/r7O7ZpC6K9XTyPfqA6a4GHPtB6ZFEcMA
+ncHFU5OqUhI9npikP+40f/jjbVoEEPUW/53YIl0FAoGAR7g3so9iKRttgfMTpA3G
+U480A8tTxZpP3agmvGvOw8HuLXzjGU5P6cntFGNxg1fDOOi8Qf+726gowMDij2nK
+ACewXgS8aix8l0U/kzoUL4yUuc4AwobOMyefhCJ89hFaLRZn1LNKZIuNKcWApekh
+kxMQk6Ent5/OF/yYOsIzlLs=
+-----END PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIDXTCCAkWgAwIBAgIJAITRlPCTLzArMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV
+BAYTAklOMQswCQYDVQQIDAJLQTEMMAoGA1UEBwwDQkxSMQwwCgYDVQQKDANDTEkx
+DTALBgNVBAMMBG9uYXAwHhcNMjAwMjIxMTAyOTM4WhcNNDcwNzA4MTAyOTM4WjBF
+MQswCQYDVQQGEwJJTjELMAkGA1UECAwCS0ExDDAKBgNVBAcMA0JMUjEMMAoGA1UE
+CgwDQ0xJMQ0wCwYDVQQDDARvbmFwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAwyMiJvwL5oCNAAw1WW+qXvEJYfWB6Bp5uSN0t3b7tWAU+oy7z+zdb9QQ
+MevscYOEUNr/lgMVMCoMt4EqNpoZgcD2RpYS1/iHW0/rG+wpf8Xwe5JHoC7J1oZT
+OGBLZQEFvBWIvYDKrLAYjpZOs5Vqla0oTQueur6RFEUDo1NQmp2VjIV7WM8OIGzA
+RpawueBLUcJp+muxqf2rwBWdOXP+wUMnxav43O7bZmnjbWHRcD5LpY3RP9IeGbZm
+Y2OYcawZAh1F7X/6G4cXqauT80dejANc8IrPjh6GnapuKj/MPVqOyjUKOtkpuswe
+IG0DvqgP2cHEh5STTwGr7eygd5SDdQIDAQABo1AwTjAdBgNVHQ4EFgQUP0Dxq/ZI
+TM5F62E87YD+09zk+7wwHwYDVR0jBBgwFoAUP0Dxq/ZITM5F62E87YD+09zk+7ww
+DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAqPlrvhP2ah4z5sDw/z31
+5v/20VKfQVDDeq3MHXRC2QCD3GR32aZYXSdtTKsBAS+jFzV42+T8ry0XBKPR0gtg
+O2oZzfUkTG3eyAmOE1PFUIf+JaQiYN1v5uFsIhDbMngzvB66F9SCD5zzsSVv++DG
+5YDqJFgHadp8BmTOkiA8u6YnnKF8UgBYwfuZFsSgzIDOjyLYULase+nqJVG841UN
+MMWQzqyhHmzIvXcY3kYBbtI7n0ryW0u1ZkomBZs/DbixZ2w6G1K3UONHgdIX6uf4
+hca+vTR3xZuPJ9dXhwNhZVfQZr3SfGW89Xmu/LOGx+lZoAxFXw5PdbA0LPi5k+wU
+xg==
+-----END CERTIFICATE-----
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
+ volumeMounts:
+ - name: ocomp-pem
+ mountPath: "/etc/lighttpd/ocomp.pem"
+ subPath: ocomp.pem
+ readOnly: true
env:
- name: OPEN_CLI_MODE
value: "{{ .Values.config.climode }}"
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ volumes:
+ - name: ocomp-pem
+ secret:
+ secretName: ocomp-pem
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: ocomp-pem
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+type: Opaque
+data:
+ ocomp.pem:
+{{ tpl (.Files.Glob "resources/certificates/ocomp.pem").AsSecrets . | indent 2 }}
+
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/cli:3.0.0
+image: onap/cli:5.0.4
pullPolicy: Always
flavor: small
service:
type: NodePort
name: cli
- externalPort: 8080
+ externalPort: 443
externalPort1: 9090
- internalPort: "80"
- internalPort1: 8080
+ internalPort: "443"
+ internalPort1: 9090
nodePort: "60"
nodePort1: "71"
ingress:
enabled: false
service:
- - baseaddr: "cli"
+ - baseaddr: "cli.api"
name: "cli"
- port: 8080
- - baseaddr: "cli2"
+ port: 443
+ - baseaddr: "cli2.api"
name: cli
port: 9090
config:
- ssl: "none"
+ ssl: "redirect"
# Configure resource requests and limits
# ref: http://kubernetes.io/docs/user-guide/compute-resources/
requests:
cpu: 2
memory: 4Gi
- unlimited: {}
\ No newline at end of file
+ unlimited: {}
hostNetwork: {{ .Values.hostNetwork }}
containers:
- name: {{ include "common.name" . }}
- image: {{ .Values.image }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports: {{ include "common.containerPorts" . | nindent 8 }}
volumeMounts:
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: Template used to obtain certificates in onap
+name: certInitializer
+version: 6.0.0
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+# Copyright © 2018 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-
dependencies:
- name: common
version: ~6.x-0
- repository: '@local'
\ No newline at end of file
+ repository: 'file://../common'
--- /dev/null
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+
+
+{{- define "common.certInitializer._aafConfigVolumeName" -}}
+ {{ include "common.fullname" . }}-aaf-config
+{{- end -}}
+
+{{- define "common.certInitializer._aafAddConfigVolumeName" -}}
+ {{ print "aaf-add-config" }}
+{{- end -}}
+
+{{/*
+ common templates to enable cert initialization for applictaions
+
+ In deployments/jobs/stateful include:
+ initContainers:
+ {{ include "common.certInitializer.initContainer" . | nindent XX }}
+
+ containers:
+ volumeMounts:
+ {{- include "common.certInitializer.volumeMount" . | nindent XX }}
+ volumes:
+ {{- include "common.certInitializer.volume" . | nindent XX}}
+*/}}
+{{- define "common.certInitializer._initContainer" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.certInitializer .initRoot -}}
+{{- $initName := default "certInitializer" -}}
+{{/* Our version of helm doesn't support deepCopy so we need this nasty trick */}}
+{{- $subchartDot := mergeOverwrite (fromJson (toJson $dot)) (dict "Chart" (set (fromJson (toJson .Chart)) "Name" $initRoot.nameOverride) "Values" $initRoot) }}
+- name: {{ include "common.name" $dot }}-aaf-readiness
+ image: "{{ $dot.Values.global.readinessRepository }}/{{ $dot.Values.global.readinessImage }}"
+ imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
+ command:
+ - /root/ready.py
+ args:
+ - --container-name
+ - aaf-locate
+ - --container-name
+ - aaf-cm
+ - --container-name
+ - aaf-service
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+- name: {{ include "common.name" $dot }}-aaf-config
+ image: {{ (default $dot.Values.repository $dot.Values.global.repository) }}/{{ $dot.Values.global.aafAgentImage }}
+ imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: {{ $initRoot.mountPath }}
+ name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }}
+{{- if $initRoot.aaf_add_config }}
+ - name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }}
+ mountPath: /opt/app/aaf_config/bin/aaf-add-config.sh
+ subPath: aaf-add-config.sh
+{{- end }}
+ command:
+ - sh
+ - -c
+ - |
+ #!/usr/bin/env bash
+ /opt/app/aaf_config/bin/agent.sh
+{{- if $initRoot.aaf_add_config }}
+ /opt/app/aaf_config/bin/aaf-add-config.sh
+{{- end }}
+ env:
+ - name: APP_FQI
+ value: "{{ $initRoot.fqi }}"
+ - name: aaf_locate_url
+ value: "https://aaf-locate.{{ $dot.Release.Namespace}}:8095"
+ - name: aaf_locator_container
+ value: "oom"
+ - name: aaf_locator_container_ns
+ value: "{{ $dot.Release.Namespace }}"
+ - name: aaf_locator_fqdn
+ value: "{{ $initRoot.fqdn }}"
+ - name: aaf_locator_app_ns
+ value: "{{ $initRoot.app_ns }}"
+ - name: DEPLOY_FQI
+ {{- include "common.secret.envFromSecretFast" (dict "global" $subchartDot "uid" "deployer-creds" "key" "login") | indent 6 }}
+ - name: DEPLOY_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" $subchartDot "uid" "deployer-creds" "key" "password") | indent 6 }}
+ #Note: want to put this on Nodes, eventually
+ - name: cadi_longitude
+ value: "{{ default "52.3" $initRoot.cadi_longitude }}"
+ - name: cadi_latitude
+ value: "{{ default "13.2" $initRoot.cadi_latitude }}"
+ #Hello specific. Clients don't don't need this, unless Registering with AAF Locator
+ - name: aaf_locator_public_fqdn
+ value: "{{ $initRoot.public_fqdn | default "" }}"
+{{- end -}}
+
+{{- define "common.certInitializer._volumeMount" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.certInitializer .initRoot -}}
+- mountPath: {{ $initRoot.mountPath }}
+ name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }}
+{{- end -}}
+
+{{- define "common.certInitializer._volumes" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.certInitializer .initRoot -}}
+{{- $subchartDot := mergeOverwrite (fromJson (toJson $dot)) (dict "Chart" (set (fromJson (toJson .Chart)) "Name" $initRoot.nameOverride) "Values" $initRoot) }}
+- name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }}
+ emptyDir:
+ medium: Memory
+{{- if $initRoot.aaf_add_config }}
+- name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }}
+ configMap:
+ name: {{ include "common.fullname" $subchartDot }}-add-config
+ defaultMode: 0700
+{{- end -}}
+{{- end -}}
+
+{{- define "common.certInitializer.initContainer" -}}
+{{- $dot := default . .dot -}}
+ {{- if $dot.Values.global.aafEnabled }}
+ {{ include "common.certInitializer._initContainer" . }}
+ {{- end -}}
+{{- end -}}
+
+{{- define "common.certInitializer.volumeMount" -}}
+{{- $dot := default . .dot -}}
+ {{- if $dot.Values.global.aafEnabled }}
+ {{- include "common.certInitializer._volumeMount" . }}
+ {{- end -}}
+{{- end -}}
+
+{{- define "common.certInitializer.volumes" -}}
+{{- $dot := default . .dot -}}
+ {{- if $dot.Values.global.aafEnabled }}
+ {{- include "common.certInitializer._volumes" . }}
+ {{- end -}}
+{{- end -}}
--- /dev/null
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ if .Values.aaf_add_config }}
+apiVersion: v1
+kind: ConfigMap
+{{- $suffix := "add-config" }}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }}
+data:
+ aaf-add-config.sh: |
+ {{ tpl .Values.aaf_add_config . | indent 4 }}
+{{- end -}}
--- /dev/null
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+global:
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.2
+ aafAgentImage: onap/aaf/aaf_agent:2.1.20
+ aafEnabled: true
+
+pullPolicy: Always
+
+secrets:
+ - uid: deployer-creds
+ type: basicAuth
+ externalSecret: '{{ ternary (tpl (default "" .Values.aafDeployCredsExternalSecret) .) "aafIsDisabled" .Values.global.aafEnabled }}'
+ login: '{{ .Values.aafDeployFqi }}'
+ password: '{{ .Values.aafDeployPass }}'
+ passwordPolicy: required
+
+aafDeployFqi: "changeme"
+fqdn: ""
+app_ns: "org.osaaf.aaf"
+fqi: ""
+fqi_namespace: ""
+public_fqdn: "aaf.osaaf.org"
+aafDeployFqi: "deployer@people.osaaf.org"
+aafDeployPass: demo123456!
+cadi_latitude: "38.0"
+cadi_longitude: "-72.0"
+aaf_add_config: ""
+mountPath: "/opt/app/osaaf"
--- /dev/null
+{{/*
+# Copyright © 2020 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- define "common.log.sidecar" -}}
+{{- if .Values.global.centralizedLoggingEnabled }}
+- name: {{ include "common.name" . }}-filebeat
+ image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: logs
+ mountPath: {{ .Values.log.path }}
+ - name: filebeat-data
+ mountPath: /usr/share/filebeat/data
+{{- end -}}
+{{- end -}}
+
+{{- define "common.log.volumes" -}}
+{{- if .Values.global.centralizedLoggingEnabled }}
+- name: filebeat-conf
+ configMap:
+ name: {{ include "common.fullname" . }}-filebeat
+- name: filebeat-data
+ emptyDir: {}
+{{- end -}}
+{{- end -}}
+
+{{- define "common.log.configMap" -}}
+{{- if .Values.global.centralizedLoggingEnabled }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata: {{- include "common.resourceMetadata" (dict "dot" . "suffix" "filebeat") | nindent 2 }}
+data:
+{{ tpl (.Files.Glob "resources/config/log/filebeat/*").AsConfig . | indent 2 }}
+{{- end }}
+{{- end -}}
+
{{- if eq $type "generic" }}
data:
{{- range $curFilePath := $secret.filePaths }}
- {{- fail (printf "%s" $curFilePath) }}
{{ tpl ($global.Files.Glob $curFilePath).AsSecrets $global | indent 2 }}
{{- end }}
{{- if $secret.filePath }}
{{- default $name .Values.service.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
+{{/*
+ Resolve the prefix node port to use. We look at these different values in
+ order of priority (first found, first chosen)
+ - .Values.service.nodePortPrefixOverride: override value for nodePort which
+ will be use locally;
+ - .Values.global.nodePortPrefix : global value for nodePort which will
+ be used for all charts (unless
+ previous one is used);
+ - .Values.global.nodePortPrefixExt : global value for nodePort which will
+ be used for all charts (unless
+ previous one is used) if
+ useNodePortExt is set to true in
+ service or on port;
+ - .Values.service.nodePortPrefix : value used on a pert chart basis if
+ no other version exists.
+
+ The function takes two arguments (inside a dictionary):
+ - .dot : environment (.)
+ - .useNodePortExt : does the port use the "extended" nodeport part or the
+ normal one?
+*/}}
+{{- define "common.nodePortPrefix" -}}
+{{- $dot := default . .dot -}}
+{{- $useNodePortExt := default false .useNodePortExt -}}
+{{- if or $useNodePortExt $dot.Values.service.useNodePortExt -}}
+{{ $dot.Values.service.nodePortPrefixOverride | default $dot.Values.global.nodePortPrefixExt | default $dot.Values.nodePortPrefix }}
+{{- else -}}
+{{ $dot.Values.service.nodePortPrefixOverride | default $dot.Values.global.nodePortPrefix | default $dot.Values.nodePortPrefix }}
+{{- end -}}
+{{- end -}}
+
{{/* Define the metadata of Service
The function takes from one to four arguments (inside a dictionary):
- .dot : environment (.)
name: {{ $port.name }}
{{- end }}
{{- if (eq $serviceType "NodePort") }}
- nodePort: {{ $dot.Values.global.nodePortPrefix | default $dot.Values.nodePortPrefix }}{{ $port.nodePort }}
+ nodePort: {{ include "common.nodePortPrefix" (dict "dot" $dot "portNodePortExt" $port.useNodePortExt) }}{{ $port.nodePort }}
{{- end }}
{{- else }}
- port: {{ default $port.port $port.plain_port }}
{{- $labels := default (dict) .labels -}}
{{- $matchLabels := default (dict) .matchLabels -}}
-{{- if (and (include "common.needTLS" .) $both_tls_and_plain) }}
-{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "msb_informations" $msb_informations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" "ClusterIP" "add_plain_port" true $labels "matchLabels" $matchLabels) }}
+{{- if (and (include "common.needTLS" $dot) $both_tls_and_plain) }}
+{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "msb_informations" $msb_informations "dot" $dot "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" "ClusterIP" "add_plain_port" true $labels "matchLabels" $matchLabels) }}
{{- if (ne $serviceType "ClusterIP") }}
---
{{- if $suffix }}
{{- else }}
{{- $suffix = "external" }}
{{- end }}
-{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" $serviceType $labels "matchLabels" $matchLabels) }}
+{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" $dot "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" $serviceType $labels "matchLabels" $matchLabels) }}
{{- end }}
{{- else }}
-{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" $serviceType $labels "matchLabels" $matchLabels) }}
+{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" $dot "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" $serviceType $labels "matchLabels" $matchLabels) }}
{{- end }}
{{- end -}}
{{- end }}
{{- end }}
{{- end -}}
+
+{{- define "common.port.buildCache" -}}
+ {{- $global := . }}
+ {{- if not $global.Values._DmaapDrNodePortsCache }}
+ {{- $portCache := dict }}
+ {{- range $port := .Values.service.ports }}
+ {{- $_ := set $portCache $port.name (dict "port" $port.port "plain_port" $port.plain_port) }}
+ {{- end }}
+ {{- $_ := set $global.Values "_DmaapDrNodePortsCache" $portCache }}
+ {{- end }}
+{{- end -}}
+
+{/*
+ Get Port value according to its name and if we want tls or plain port.
+ The template takes below arguments:
+ - .global: environment (.)
+ - .name: name of the port
+ - .getPlain: boolean allowing to choose between tls (false, default) or
+ plain (true)
+ If plain_port is not set and we ask for plain, it will return empty.
+*/}
+{{- define "common.getPort" -}}
+ {{- $global := .global }}
+ {{- $name := .name }}
+ {{- $getPlain := default false .getPlain }}
+ {{- include "common.port.buildCache" $global }}
+ {{- $portCache := $global.Values._DmaapDrNodePortsCache }}
+ {{- $port := index $portCache $name }}
+ {{- ternary $port.plain_port $port.port $getPlain }}
+{{- end -}}
--- /dev/null
+# Copyright © 2020 Samsung, Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.ingress" . }}
- uid: 'db-root-password'
type: password
externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}'
- password: '{{ .Values.config.dbRootPassword }}'
+ password: '{{ .Values.config.db.rootPassword }}'
- uid: 'db-user-creds'
type: basicAuth
externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
login: '{{ .Values.config.db.userName }}'
- password: '{{ .Values.config.dbSdnctlPassword }}'
+ password: '{{ .Values.config.db.userPassword }}'
- uid: 'http-user-creds'
type: basicAuth
externalSecret: '{{ tpl (default "" .Values.config.httpCredsExternalSecret) . }}'
restconfPassword: admin
# restconfCredsExternalSecret: some secret
- dbRootPassword: openECOMP1.0
- dbSdnctlPassword: gamma
dbPodName: mysql-db
dbServiceName: sdnc-dbhost
# MD5 hash of dguser password ( default: test123 )
ingress:
enabled: false
+ service:
+ - baseaddr: "dgbuilder"
+ name: "dgbuilder"
+ port: 3000
+ config:
+ ssl: "redirect"
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
--- /dev/null
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+apiVersion: v1
+description: ONAP elasticsearch
+name: elasticsearch
+version: 6.0.0
--- /dev/null
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+apiVersion: v1
+description: ONAP elasticsearch curator
+name: curator
+version: 6.0.0
--- /dev/null
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{- if .Values.enabled }}
+{{- range $kind, $enabled := .Values.hooks }}
+{{- if $enabled }}
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ include "common.fullname" . }}-curator-on-{{ $kind }}
+ namespace: {{ include "common.namespace" . }}
+ labels: {{- include "common.labels" . | nindent 2 }}
+ role: "curator"
+ annotations:
+ "helm.sh/hook": post-{{ $kind }}
+ "helm.sh/hook-weight": "1"
+{{- if $.Values.cronjob.annotations }}
+{{ toYaml $.Values.cronjob.annotations | indent 4 }}
+{{- end }}
+spec:
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ volumes:
+ - name: config-volume
+ configMap:
+ name: {{ template "common.fullname" (dict "suffix" "curator" "dot" .) }}
+{{- if $.Values.extraVolumes }}
+{{ toYaml $.Values.extraVolumes | indent 8 }}
+{{- end }}
+ restartPolicy: Never
+{{- if $.Values.priorityClassName }}
+ priorityClassName: "{{ $.Values.priorityClassName }}"
+{{- end }}
+ containers:
+ - name: {{ template "common.fullname" . }}-curator
+ image: {{printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: config-volume
+ mountPath: /etc/es-curator
+ {{- if $.Values.extraVolumeMounts }}
+{{ toYaml $.Values.extraVolumeMounts | indent 12 }}
+ {{- end }}
+ command: [ "curator" ]
+ args: [ "--config", "/etc/es-curator/config.yml", "/etc/es-curator/action_file.yml" ]
+ resources:
+{{ toYaml $.Values.resources | indent 12 }}
+ {{- with $.Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ {{- with $.Values.affinity }}
+ affinity:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ {{- with $.Values.tolerations }}
+ tolerations:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+{{- end -}}
+{{- end }}
+{{- end }}
--- /dev/null
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
\ No newline at end of file
--- /dev/null
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{- if .Values.enabled }}
+apiVersion: v1
+kind: ConfigMap
+{{ $role := "curator" -}}
+{{ $suffix := $role -}}
+{{ $labels := (dict "role" $role) -}}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }}
+data:
+ action_file.yml: {{ required "A valid .Values.configMaps.action_file_yml entry is required!" (toYaml .Values.configMaps.action_file_yml | indent 2) }}
+ config.yml: {{ required "A valid .Values.configMaps.config_yml entry is required!" (tpl (toYaml .Values.configMaps.config_yml | indent 2) $) }}
+{{- end }}
--- /dev/null
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{- if .Values.enabled }}
+{{ $role := "curator" -}}
+{{ $suffix := $role -}}
+{{ $labels := (dict "role" $role) -}}
+apiVersion: batch/v1beta1
+kind: CronJob
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }}
+ {{- if .Values.cronjob.annotations }}
+ annotations: {{- toYaml .Values.cronjob.annotations | indent 4 }}
+ {{- end }}
+spec:
+ schedule: "{{ .Values.cronjob.schedule }}"
+ {{- with .Values.cronjob.concurrencyPolicy }}
+ concurrencyPolicy: {{ . }}
+ {{- end }}
+ {{- with .Values.cronjob.failedJobsHistoryLimit }}
+ failedJobsHistoryLimit: {{ . }}
+ {{- end }}
+ {{- with .Values.cronjob.successfulJobsHistoryLimit }}
+ successfulJobsHistoryLimit: {{ . }}
+ {{- end }}
+ jobTemplate:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 10 }}
+ spec:
+ volumes:
+ - name: config-volume
+ configMap:
+ name: {{ template "common.fullname" . }}-curator
+ {{- if .Values.extraVolumes }}
+ {{- toYaml .Values.extraVolumes | nindent 12 }}
+ {{- end }}
+ restartPolicy: {{ .Values.global.restartPolicy | default .Values.cronjob.jobRestartPolicy }}
+ {{- if .Values.priorityClassName }}
+ priorityClassName: {{ .Values.priorityClassName | quote }}
+ {{- end }}
+{{- include "elasticsearch.imagePullSecrets" . | indent 10 }}
+ {{- if .Values.extraInitContainers }}
+ initContainers:
+ {{- range $key, $value := .Values.extraInitContainers }}
+ - name: "{{ $key }}"
+ {{- toYaml $value | nindent 14 }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.rbac.enabled }}
+ serviceAccountName: {{ include "elasticsearch.curator.serviceAccountName" . }}
+ {{- end }}
+ {{- if .Values.affinity }}
+ affinity: {{- include "common.tplValue" (dict "value" .Values.affinity "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector: {{- include "common.tplValue" (dict "value" .Values.nodeSelector "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.tolerations }}
+ tolerations: {{- include "common.tplValue" (dict "value" .Values.tolerations "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.securityContext }}
+ securityContext: {{- toYaml .Values.securityContext | nindent 12 }}
+ {{- end }}
+ containers:
+ - name: {{ template "common.fullname" . }}-curator
+ image: {{printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: config-volume
+ mountPath: /etc/es-curator
+ {{- if .Values.extraVolumeMounts }}
+ {{- toYaml .Values.extraVolumeMounts | nindent 16 }}
+ {{- end }}
+ {{ if .Values.command }}
+ command: {{ toYaml .Values.command | nindent 16 }}
+ {{- end }}
+ {{- if .Values.dryrun }}
+ args: [ "--dry-run", "--config", "/etc/es-curator/config.yml", "/etc/es-curator/action_file.yml" ]
+ {{- else }}
+ args: [ "--config", "/etc/es-curator/config.yml", "/etc/es-curator/action_file.yml" ]
+ {{- end }}
+ env:
+ {{- if .Values.env }}
+ {{- range $key,$value := .Values.env }}
+ - name: {{ $key | upper | quote}}
+ value: {{ $value | quote}}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.envFromSecrets }}
+ {{- range $key,$value := .Values.envFromSecrets }}
+ - name: {{ $key | upper | quote}}
+ valueFrom:
+ secretKeyRef:
+ name: {{ $value.from.secret | quote}}
+ key: {{ $value.from.key | quote}}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.resources }}
+ resources: {{- toYaml .Values.resources | nindent 16 }}
+ {{- end }}
+{{- end }}
--- /dev/null
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{- if and .Values.enabled .Values.psp.create }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+{{ $role := "curator" -}}
+{{ $suffix := $role -}}
+{{ $labels := (dict "role" $role) -}}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }}
+spec:
+ privileged: true
+ #requiredDropCapabilities:
+ volumes:
+ - 'configMap'
+ - 'secret'
+ hostNetwork: false
+ hostIPC: false
+ hostPID: false
+ runAsUser:
+ # Require the container to run without root privileges.
+ rule: 'MustRunAsNonRoot'
+ seLinux:
+ rule: 'RunAsAny'
+ supplementalGroups:
+ rule: 'MustRunAs'
+ ranges:
+ - min: 1
+ max: 65535
+ fsGroup:
+ rule: 'MustRunAs'
+ ranges:
+ - min: 1
+ max: 65535
+ readOnlyRootFilesystem: false
+{{- end }}
--- /dev/null
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{- if and .Values.enabled .Values.rbac.enabled }}
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+{{ $role := "curator" -}}
+{{ $suffix := $role -}}
+{{ $labels := (dict "role" $role "component" "elasticsearch-curator-configmap") -}}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }}
+rules:
+ - apiGroups: [""]
+ resources: ["configmaps"]
+ verbs: ["update", "patch"]
+ {{- if .Values.psp.create }}
+ - apiGroups: ["extensions"]
+ resources: ["podsecuritypolicies"]
+ verbs: ["use"]
+ resourceNames:
+ - {{ include "common.fullname" (dict "suffix" $suffix "dot" .) }}
+ {{- end }}
+{{- end }}
--- /dev/null
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{- if and .Values.enabled .Values.rbac.enabled }}
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+{{ $role := "curator" -}}
+{{ $suffix := $role -}}
+{{ $labels := (dict "role" $role "component" "elasticsearch-curator-configmap") -}}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }}
+roleRef:
+ kind: Role
+ name: {{ template "common.name" (dict "suffix" $suffix "dot" .) }}
+ apiGroup: rbac.authorization.k8s.io
+subjects:
+ - kind: ServiceAccount
+ name: {{ include "elasticsearch.curator.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace }}
+{{- end }}
--- /dev/null
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{- if and .Values.enabled .Values.serviceAccount.create .Values.rbac.enabled }}
+apiVersion: v1
+kind: ServiceAccount
+{{ $role := .Values.name -}}
+{{ $suffix := $role -}}
+{{ $labels := (dict "role" $role) -}}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }}
+{{- end }}
--- /dev/null
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ persistence:
+ mountPath: /dockerdata-nfs
+ backup:
+ mountPath: /dockerdata-nfs/backup
+ storageClass:
+ clusterName: cluster.local
+repositoryOverride: docker.io
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+## Elasticsearch curator parameters
+##
+enabled: false
+name: curator
+image:
+ imageName: bitnami/elasticsearch-curator
+ tag: 5.8.1-debian-9-r74
+ pullPolicy: IfNotPresent
+ ## Optionally specify an array of imagePullSecrets.
+ ## Secrets must be manually created in the namespace.
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+ ##
+ # pullSecrets:
+ # - myRegistryKeySecretName
+service:
+ port: 9200
+cronjob:
+ # At 01:00 every day
+ schedule: "0 1 * * *"
+ annotations: {}
+ concurrencyPolicy: ""
+ failedJobsHistoryLimit: ""
+ successfulJobsHistoryLimit: ""
+ jobRestartPolicy: Never
+podAnnotations: {}
+rbac:
+ # Specifies whether RBAC should be enabled
+ enabled: false
+serviceAccount:
+ # Specifies whether a ServiceAccount should be created
+ create: true
+ # The name of the ServiceAccount to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name:
+psp:
+ # Specifies whether a podsecuritypolicy should be created
+ create: false
+hooks:
+ install: false
+ upgrade: false
+# run curator in dry-run mode
+dryrun: false
+command: ["curator"]
+env: {}
+configMaps:
+ # Delete indices older than 90 days
+ action_file_yml: |-
+ ---
+ actions:
+ 1:
+ action: delete_indices
+ description: "Clean up ES by deleting old indices"
+ options:
+ timeout_override:
+ continue_if_exception: False
+ disable_action: False
+ ignore_empty_list: True
+ filters:
+ - filtertype: age
+ source: name
+ direction: older
+ timestring: '%Y.%m.%d'
+ unit: days
+ unit_count: 90
+ field:
+ stats_result:
+ epoch:
+ exclude: False
+ # Default config (this value is evaluated as a template)
+ config_yml: |-
+ ---
+ client:
+ hosts:
+ {{ template "common.fullname" . }}.{{ template "common.namespace" . }}.svc.{{ .Values.global.clusterName }}
+ port: {{ .Values.service.port }}
+ # url_prefix:
+ # use_ssl: True
+ # certificate:
+ # client_cert:
+ # client_key:
+ # ssl_no_validate: True
+ # http_auth:
+ # timeout: 30
+ # master_only: False
+ # logging:
+ # loglevel: INFO
+ # logfile:
+ # logformat: default
+ # blacklist: ['elasticsearch', 'urllib3']
+## Curator resources requests and limits
+## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+##
+resources:
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ limits: {}
+ # cpu: 100m
+ # memory: 128Mi
+ requests: {}
+ # cpu: 100m
+ # memory: 128Mi
+priorityClassName: ""
+# extraVolumes and extraVolumeMounts allows you to mount other volumes
+# Example Use Case: mount ssl certificates when elasticsearch has tls enabled
+# extraVolumes:
+# - name: es-certs
+# secret:
+# defaultMode: 420
+# secretName: es-certs
+# extraVolumeMounts:
+# - name: es-certs
+# mountPath: /certs
+# readOnly: true
+## Add your own init container or uncomment and modify the given example.
+##
+extraInitContainers: {}
+## Don't configure S3 repository till Elasticsearch is reachable.
+## Ensure that it is available at http://elasticsearch:9200
+##
+# elasticsearch-s3-repository:
+# image: bitnami/minideb:latest
+# imagePullPolicy: "IfNotPresent"
+# command:
+# - "/bin/bash"
+# - "-c"
+# args:
+# - |
+# ES_HOST=elasticsearch
+# ES_PORT=9200
+# ES_REPOSITORY=backup
+# S3_REGION=us-east-1
+# S3_BUCKET=bucket
+# S3_BASE_PATH=backup
+# S3_COMPRESS=true
+# S3_STORAGE_CLASS=standard
+# install_packages curl && \
+# ( counter=0; while (( counter++ < 120 )); do curl -s http://${ES_HOST}:${ES_PORT} >/dev/null 2>&1 && break; echo "Waiting for elasticsearch $counter/120"; sleep 1; done ) && \
+# cat <<EOF | curl -sS -XPUT -H "Content-Type: application/json" -d @- http://${ES_HOST}:${ES_PORT}/_snapshot/${ES_REPOSITORY} \
+# {
+# "type": "s3",
+# "settings": {
+# "bucket": "${S3_BUCKET}",
+# "base_path": "${S3_BASE_PATH}",
+# "region": "${S3_REGION}",
+# "compress": "${S3_COMPRESS}",
+# "storage_class": "${S3_STORAGE_CLASS}"
+# }
+# }
+
--- /dev/null
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+apiVersion: v1
+description: ONAP elasticsearch data
+name: data
+version: 6.0.0
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
\ No newline at end of file
--- /dev/null
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.replicaPV" (dict "dot" . "suffix" .Values.persistence.suffix )}}
--- /dev/null
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+{{ $role := .Values.name -}}
+{{ $suffix := $role -}}
+{{ $labels := (dict "role" $role) -}}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }}
+{{- end }}
--- /dev/null
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: apps/v1
+kind: StatefulSet
+{{ $role := "data" -}}
+{{ $suffix := $role -}}
+{{ $labels := (dict "role" $role "discovery" (include "elasticsearch.clustername" .)) -}}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }}
+spec:
+ updateStrategy:
+ type: {{ .Values.updateStrategy.type }}
+ {{- if (eq "OnDelete" .Values.updateStrategy.type) }}
+ rollingUpdate: null
+ {{- else if .Values.updateStrategy.rollingUpdatePartition }}
+ rollingUpdate:
+ partition: {{ .Values.updateStrategy.rollingUpdatePartition }}
+ {{- end }}
+ selector: {{- include "common.selectors" (dict "matchLabels" $labels "dot" .) | nindent 4 }}
+ serviceName: {{ include "common.fullname" . }}-data
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata: {{- include "common.templateMetadata" (dict "labels" $labels "dot" .) | nindent 6 }}
+ spec:
+{{- include "elasticsearch.imagePullSecrets" . | nindent 6 }}
+ {{- if .Values.affinity }}
+ affinity: {{- include "common.tplValue" (dict "value" .Values.affinity "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector: {{- include "common.tplValue" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.tolerations }}
+ tolerations: {{- include "common.tplValue" (dict "value" .Values.tolerations "context" $) | nindent 8 }}
+ {{- end }}
+ serviceAccountName: {{ template "elasticsearch.data.serviceAccountName" . }}
+ {{- if .Values.securityContext.enabled }}
+ securityContext:
+ fsGroup: {{ .Values.securityContext.fsGroup }}
+ {{- end }}
+ {{- if or .Values.sysctlImage.enabled (and .Values.volumePermissions.enabled .Values.persistence.enabled) }}
+ initContainers:
+ {{- if .Values.sysctlImage.enabled }}
+ ## Image that performs the sysctl operation to modify Kernel settings (needed sometimes to avoid boot errors)
+ - name: sysctl
+ image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /bin/sh
+ - -c
+ - |
+ set -o errexit
+ set -o pipefail
+ set -o nounset
+ sysctl -w vm.max_map_count=262144 && sysctl -w fs.file-max=65536
+ securityContext:
+ privileged: true
+ {{- end }}
+ {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }}
+ - name: volume-permissions
+ image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /bin/sh
+ - -c
+ - |
+ chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} //bitnami/elasticsearch/data
+ securityContext:
+ runAsUser: 0
+ {{- if .Values.volumePermissions.resource }}
+ resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
+ {{- end }}
+ volumeMounts:
+ - name: data
+ mountPath: "/bitnami/elasticsearch/data"
+ {{- end }}
+ {{- end }}
+ containers:
+ - name: {{ include "common.name" . }}-elasticsearch
+ image: {{ printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- if .Values.securityContext.enabled }}
+ securityContext:
+ runAsUser: {{ .Values.securityContext.runAsUser }}
+ {{- end }}
+ env:
+ - name: BITNAMI_DEBUG
+ value: {{ ternary "true" "false" .Values.image.debug | quote }}
+ - name: ELASTICSEARCH_CLUSTER_NAME
+ value: {{include "elasticsearch.clustername" .}}
+ - name: ELASTICSEARCH_CLUSTER_HOSTS
+ value: {{ include "common.name" . }}-discovery
+ {{- if .Values.plugins }}
+ - name: ELASTICSEARCH_PLUGINS
+ value: {{ .Values.plugins | quote }}
+ {{- end }}
+ - name: ELASTICSEARCH_HEAP_SIZE
+ value: {{ .Values.heapSize | quote }}
+ - name: ELASTICSEARCH_IS_DEDICATED_NODE
+ value: "yes"
+ - name: ELASTICSEARCH_NODE_TYPE
+ value: "data"
+ ports: {{- include "common.containerPorts" . |indent 12 }}
+ {{- if .Values.livenessProbe.enabled }}
+ livenessProbe:
+ initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.livenessProbe.successThreshold }}
+ failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
+ httpGet:
+ path: /_cluster/health?local=true
+ port: 9200
+ {{- end }}
+ {{- if .Values.readinessProbe.enabled }}
+ readinessProbe:
+ initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.livenessProbe.successThreshold }}
+ failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
+ httpGet:
+ path: /_cluster/health?local=true
+ port: 9200
+ {{- end }}
+ {{- if .Values.resources }}
+ resources: {{- toYaml .Values.resources | nindent 12 }}
+ {{- end }}
+ volumeMounts:
+ {{- if .Values.config }}
+ - mountPath: /opt/bitnami/elasticsearch/config/elasticsearch.yml
+ name: "config"
+ subPath: elasticsearch.yml
+ {{- end }}
+ - name: "data"
+ mountPath: "/bitnami/elasticsearch/data"
+ {{- if .Values.extraVolumeMounts }}
+ {{- toYaml .Values.extraVolumeMounts | nindent 12 }}
+ {{- end }}
+ volumes:
+ {{- if .Values.config }}
+ - name: "config"
+ configMap:
+ name: {{ template "common.fullname" . }}
+ {{- end }}
+ {{- if .Values.extraVolumes }}
+ {{- toYaml .Values.extraVolumes | nindent 8 }}
+ {{- end }}
+{{- if not .Values.persistence.enabled }}
+ - name: "data"
+ emptyDir: {}
+{{- else }}
+ volumeClaimTemplates:
+ - metadata:
+ name: "data"
+ {{- if .Values.persistence.annotations }}
+ annotations: {{- toYaml .Values.persistence.annotations | nindent 10 }}
+ {{- end }}
+ spec:
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ storageClassName: {{ include "common.storageClass" (dict "dot" . "suffix" .Values.persistence.suffix) }}
+ resources:
+ requests:
+ storage: {{ .Values.persistence.size | quote }}
+{{- end }}
--- /dev/null
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ persistence:
+ mountPath: /dockerdata-nfs
+ backup:
+ mountPath: /dockerdata-nfs/backup
+ storageClass:
+repositoryOverride: docker.io
+#################################################################
+# Application configuration defaults.
+#################################################################
+## Init containers parameters:
+sysctlImage:
+ enabled: true
+## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section.
+volumePermissions:
+ enabled: true
+# application image
+## Elasticsearch data node parameters
+##
+name: data
+## Number of data node(s) replicas to deploy
+##
+replicaCount: 0
+## required for "common.containerPorts"
+## no dedicated service for data nodes
+service:
+ ## list of ports for "common.containerPorts"
+ ports:
+ - name: http-transport
+ port: 9300
+
+image:
+ imageName: bitnami/elasticsearch
+ tag: 6.8.6-debian-9-r23
+ ## Specify a imagePullPolicy
+ ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+ ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+ ##
+ pullPolicy: IfNotPresent
+ ## Optionally specify an array of imagePullSecrets.
+ ## Secrets must be manually created in the namespace.
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+ ##
+ # pullSecrets:
+ # - myRegistryKeySecretName
+ ## Set to true if you would like to see extra information on logs
+ ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
+ ##
+ debug: false
+
+
+## updateStrategy for ElasticSearch Data statefulset
+## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+##
+updateStrategy:
+ type: RollingUpdate
+ # rollingUpdatePartition
+heapSize: 128m
+## Provide annotations for the data pods.
+##
+podAnnotations: {}
+## Pod Security Context for data pods.
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+##
+securityContext:
+ enabled: true
+ fsGroup: 1001
+ runAsUser: 1001
+## Affinity for pod assignment.
+## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+##
+affinity: {}
+## Node labels for pod assignment. Evaluated as a template.
+## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+##
+nodeSelector: {}
+## Tolerations for pod assignment. Evaluated as a template.
+## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+##
+tolerations: []
+## Elasticsearch data container's resource requests and limits
+## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+##
+resources:
+ ## We usually recommend not to specify default resources and to leave this as a conscious
+ ## choice for the user. This also increases chances charts run on environments with little
+ ## resources, such as Minikube.
+ limits: {}
+ # cpu: 100m
+ # memory: 128Mi
+ requests:
+ cpu: 25m
+ memory: 1152Mi
+## Elasticsearch data container's liveness and readiness probes
+## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
+##
+livenessProbe:
+ enabled: false
+# initialDelaySeconds: 90
+# periodSeconds: 10
+# timeoutSeconds: 5
+# successThreshold: 1
+# failureThreshold: 5
+readinessProbe:
+ enabled: false
+# initialDelaySeconds: 90
+# periodSeconds: 10
+# timeoutSeconds: 5
+# successThreshold: 1
+# failureThreshold: 5
+## Enable persistence using Persistent Volume Claims
+## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
+##
+persistence:
+ ## If true, use a Persistent Volume Claim, If false, use emptyDir
+ ##
+ enabled: true
+ ## suffix for pv
+ suffix: data-pv
+
+ ## Persistent Volume Storage Class
+ ## If defined, storageClassName: <storageClass>
+ ## If set to "-", storageClassName: "", which disables dynamic provisioning
+ ## If undefined (the default) or set to null, no storageClassName spec is
+ ## set, choosing the default provisioner. (gp2 on AWS, standard on
+ ## GKE, AWS & OpenStack)
+ ##
+ # storageClass: "-"
+ ## Persistent Volume Claim annotations
+ ##
+ annotations: {}
+ ## Persistent Volume Access Mode
+ ##
+ accessMode: ReadWriteOnce
+ ## Persistent Volume size
+ ##
+ size: 8Gi
+## Provide functionality to use RBAC
+##
+ # existingClaim:
+ volumeReclaimPolicy: Retain
+ mountSubPath: elastic-data
+ storageType: local
+ backup:
+ mountPath: /dockerdata-nfs/backup
+serviceAccount:
+ ## Specifies whether a ServiceAccount should be created for the data node
+ ##
+ create: false
+ ## The name of the ServiceAccount to use.
+ ## If not set and create is true, a name is generated using the fullname template
+ ##
+ # name:
--- /dev/null
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+
+apiVersion: v1
+description: ONAP elasticsearch master
+name: master
+version: 6.0.0
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
\ No newline at end of file
--- /dev/null
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.replicaPV" (dict "dot" . "suffix" .Values.persistence.suffix )}}
--- /dev/null
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+{{ $role := .Values.name -}}
+{{ $suffix := $role -}}
+{{ $labels := (dict "role" $role) -}}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }}
+{{- end }}
--- /dev/null
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: StatefulSet
+{{ $role := "master" -}}
+{{ $suffix := $role -}}
+{{ $labels := (dict "role" $role "discovery" (include "elasticsearch.clustername" .)) -}}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }}
+spec:
+ updateStrategy:
+ type: {{ .Values.updateStrategy.type }}
+ {{- if (eq "OnDelete" .Values.updateStrategy.type) }}
+ rollingUpdate: null
+ {{- end }}
+ selector: {{- include "common.selectors" (dict "matchLabels" $labels "dot" .)| nindent 4 }}
+ serviceName: {{ include "common.fullname" . }}-master
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata: {{- include "common.templateMetadata" (dict "labels" $labels "dot" .) | nindent 6 }}
+ spec:
+{{- include "elasticsearch.imagePullSecrets" . | nindent 6 }}
+ {{- if .Values.affinity }}
+ affinity: {{- include "common.tplValue" (dict "value" .Values.affinity "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector: {{- include "common.tplValue" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.tolerations }}
+ tolerations: {{- include "common.tplValue" (dict "value" .Values.tolerations "context" $) | nindent 8 }}
+ {{- end }}
+ serviceAccountName: {{ template "elasticsearch.serviceAccountName" . }}
+ {{- if .Values.securityContext.enabled }}
+ securityContext:
+ fsGroup: {{ .Values.securityContext.fsGroup }}
+ {{- end }}
+ {{- if or .Values.sysctlImage.enabled (and .Values.volumePermissions.enabled .Values.persistence.enabled) }}
+ initContainers:
+ {{- if .Values.sysctlImage.enabled }}
+ ## Image that performs the sysctl operation to modify Kernel settings (needed sometimes to avoid boot errors)
+ - name: sysctl
+ image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /bin/sh
+ - -c
+ - |
+ set -o errexit
+ set -o pipefail
+ set -o nounset
+ sysctl -w vm.max_map_count=262144 && sysctl -w fs.file-max=65536
+ securityContext:
+ privileged: true
+ {{- end }}
+ {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }}
+ - name: volume-permissions
+ image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /bin/sh
+ - -c
+ - |
+ chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} //bitnami/elasticsearch/data
+ securityContext:
+ runAsUser: 0
+ {{- if .Values.volumePermissions.resource }}
+ resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
+ {{- end }}
+ volumeMounts:
+ - name: data
+ mountPath: "/bitnami/elasticsearch/data"
+ {{- end }}
+ {{- end }}
+ containers:
+ - name: {{ include "common.name" . }}-elasticsearch
+ image: {{ printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- if .Values.securityContext.enabled }}
+ securityContext:
+ runAsUser: {{ .Values.securityContext.runAsUser }}
+ {{- end }}
+ env:
+ - name: BITNAMI_DEBUG
+ value: {{ ternary "true" "false" .Values.image.debug | quote }}
+ - name: ELASTICSEARCH_CLUSTER_NAME
+ value: {{ include "elasticsearch.clustername" . }}
+ - name: ELASTICSEARCH_CLUSTER_HOSTS
+ value: {{ include "common.name" . }}-discovery
+ - name: ELASTICSEARCH_CLUSTER_MASTER_HOSTS
+ {{- $elasticsearchMasterFullname := printf "%s-%s" (include "common.fullname" . ) "master" }}
+ {{- $replicas := int .Values.replicaCount }}
+ value: {{range $i, $e := until $replicas }}{{ $elasticsearchMasterFullname }}-{{ $e }} {{ end }}
+ - name: ELASTICSEARCH_MINIMUM_MASTER_NODES
+ value: {{ add (div .Values.replicaCount 2) 1 | quote }}
+ {{- if .Values.plugins }}
+ - name: ELASTICSEARCH_PLUGINS
+ value: {{ .Values.plugins | quote }}
+ {{- end }}
+ - name: ELASTICSEARCH_HEAP_SIZE
+ value: {{ .Values.heapSize | quote }}
+ - name: ELASTICSEARCH_IS_DEDICATED_NODE
+ value: {{ .Values.dedicatednode | quote }}
+ - name: ELASTICSEARCH_NODE_TYPE
+ value: "master"
+ ports: {{- include "common.containerPorts" . |indent 12 }}
+ {{- if .Values.livenessProbe.enabled }}
+ livenessProbe:
+ initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.livenessProbe.successThreshold }}
+ failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
+ httpGet:
+ path: /_cluster/health?local=true
+ port: 9200
+ {{- end }}
+ {{- if .Values.readinessProbe.enabled }}
+ readinessProbe:
+ initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.livenessProbe.successThreshold }}
+ failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
+ httpGet:
+ path: /_cluster/health?local=true
+ port: 9200
+ {{- end }}
+ {{- if .Values.resources }}
+ resources: {{- toYaml .Values.resources | nindent 12 }}
+ {{- end }}
+ volumeMounts:
+ {{- if .Values.config }}
+ - mountPath: /opt/bitnami/elasticsearch/config/elasticsearch.yml
+ name: config
+ subPath: elasticsearch.yml
+ {{- end }}
+ - name: data
+ mountPath: /bitnami/elasticsearch/data
+ {{- if .Values.extraVolumeMounts }}
+ {{- toYaml .Values.extraVolumeMounts | nindent 12 }}
+ {{- end }}
+ volumes:
+ {{- if .Values.config }}
+ - name: config
+ configMap:
+ name: {{ include "common.fullname" . }}
+ {{- end }}
+ {{- if .Values.extraVolumes }}
+ {{- toYaml .Values.extraVolumes | nindent 8 }}
+ {{- end }}
+{{- if not .Values.persistence.enabled }}
+ - name: "data"
+ emptyDir: {}
+{{- else }}
+ volumeClaimTemplates:
+ - metadata:
+ name: "data"
+ {{- if .Values.persistence.annotations }}
+ annotations: {{- toYaml .Values.persistence.annotations | nindent 10 }}
+ {{- end }}
+ spec:
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ storageClassName: {{ include "common.storageClass" (dict "dot" . "suffix" .Values.persistence.suffix) }}
+ resources:
+ requests:
+ storage: {{ .Values.persistence.size | quote }}
+{{- end }}
--- /dev/null
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+{{ $role := "master" -}}
+{{ $labels := (dict "role" $role) -}}
+{{ $matchLabels := (dict "role" $role) }}
+{{ include "common.service" (dict "labels" $labels "matchLabels" $matchLabels "dot" . ) }}
\ No newline at end of file
--- /dev/null
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ persistence:
+ mountPath: /dockerdata-nfs
+ backup:
+ mountPath: /dockerdata-nfs/backup
+ storageClass:
+repositoryOverride: docker.io
+#################################################################
+# Application configuration defaults.
+#################################################################
+## Init containers parameters:
+sysctlImage:
+ enabled: true
+## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section.
+volumePermissions:
+ enabled: true
+
+# application image
+## Elasticsearch master-eligible node parameters
+##
+name: master
+## Number of master-eligible node(s) replicas to deploy
+##
+replicaCount: 3
+## master acts as master only node, choose 'no' if no further data nodes are deployed)
+dedicatednode: "yes"
+## dedicatednode: "no"
+image:
+ imageName: bitnami/elasticsearch
+ tag: 6.8.6-debian-9-r23
+ ## Specify a imagePullPolicy
+ ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+ ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+ ##
+ pullPolicy: IfNotPresent
+ ## Optionally specify an array of imagePullSecrets.
+ ## Secrets must be manually created in the namespace.
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+ ##
+ # pullSecrets:
+ # - myRegistryKeySecretName
+ ## Set to true if you would like to see extra information on logs
+ ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
+ ##
+ debug: false
+
+## String to partially override common.fullname template (will maintain the release name)
+##
+# nameOverride:
+
+## String to fully override common.fullname template
+##
+# fullnameOverride:
+## updateStrategy for ElasticSearch master statefulset
+## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+##
+updateStrategy:
+ type: RollingUpdate
+heapSize: 128m
+## Provide annotations for master-eligible pods.
+##
+podAnnotations: {}
+## Pod Security Context for master-eligible pods.
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+##
+securityContext:
+ enabled: true
+ fsGroup: 1001
+ runAsUser: 1001
+## Affinity for pod assignment.
+## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+##
+affinity: {}
+## Node labels for pod assignment. Evaluated as a template.
+## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+##
+nodeSelector: {}
+## Tolerations for pod assignment. Evaluated as a template.
+## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+##
+tolerations: []
+## Elasticsearch master-eligible container's resource requests and limits
+## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+##
+resources:
+ ## We usually recommend not to specify default resources and to leave this as a conscious
+ ## choice for the user. This also increases chances charts run on environments with little
+ ## resources, such as Minikube.
+ limits: {}
+ # cpu: 100m
+ # memory: 128Mi
+ requests:
+ cpu: 25m
+ memory: 256Mi
+## Elasticsearch master-eligible container's liveness and readiness probes
+## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
+##
+livenessProbe:
+ enabled: false
+# initialDelaySeconds: 90
+# periodSeconds: 10
+# timeoutSeconds: 5
+# successThreshold: 1
+# failureThreshold: 5
+readinessProbe:
+ enabled: false
+# initialDelaySeconds: 90
+# periodSeconds: 10
+# timeoutSeconds: 5
+# successThreshold: 1
+# failureThreshold: 5
+## Enable persistence using Persistent Volume Claims
+## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
+##
+persistence:
+ ## If true, use a Persistent Volume Claim, If false, use emptyDir
+ ##
+ enabled: true
+ ## suffix for pv
+ suffix: master-pv
+ ## Persistent Volume Storage Class
+ ## If defined, storageClassName: <storageClass>
+ ## If set to "-", storageClassName: "", which disables dynamic provisioning
+ ## If undefined (the default) or set to null, no storageClassName spec is
+ ## set, choosing the default provisioner. (gp2 on AWS, standard on
+ ## GKE, AWS & OpenStack)
+ ##
+ # storageClass: "-"
+ ## Persistent Volume Claim annotations
+ ##
+ annotations: {}
+ ## Persistent Volume Access Mode
+ ##
+ accessMode: ReadWriteOnce
+ ## Persistent Volume size
+ ##
+ size: 8Gi
+ # existingClaim:
+ volumeReclaimPolicy: Retain
+ mountSubPath: elastic-master
+ storageType: local
+ backup:
+ mountPath: /dockerdata-nfs/backup
+## Service parameters for master-eligible node(s)
+##
+service:
+ suffix: "service"
+ name: ""
+ ## list of ports for "common.containerPorts"
+ ## Elasticsearch transport port
+ ports:
+ - name: http-transport
+ port: 9300
+ ## master-eligible service type
+ ##
+ type: ClusterIP
+ ## Specify the nodePort value for the LoadBalancer and NodePort service types.
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+ ##
+ # nodePort:
+ ## Provide any additional annotations which may be required. This can be used to
+ ## set the LoadBalancer service type to internal only.
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
+ ##
+ annotations: {}
+ ## Set the LoadBalancer service type to internal only.
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
+ ##
+ # loadBalancerIP:
+## Provide functionality to use RBAC
+##
+serviceAccount:
+ ## Specifies whether a ServiceAccount should be created for the master node
+ create: false
+ ## The name of the ServiceAccount to use.
+ ## If not set and create is true, a name is generated using the fullname template
+ # name:
+
+
+## Elasticsearch cluster name
+##
+clusterName: elastic-cluster
+
+
+
--- /dev/null
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: master
+ version: ~6.x-0
+ repository: 'file://components/master'
+ - name: data
+ version: ~6.x-0
+ repository: 'file://components/data'
+ condition: elasticsearch.data.enabled,data.enabled
+ - name: curator
+ version: ~6.x-0
+ repository: 'file://components/curator'
+ condition: elasticsearch.curator.enabled,curator.enabled
+
--- /dev/null
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+
+
+{{ define "elasticsearch.clustername"}}
+{{- printf "%s-%s" (include "common.name" .) "cluster" -}}
+{{- end -}}
+
+{{/*
+This define should be used instead of "common.fullname" to allow
+special handling of kibanaEnabled=true
+Create a default fully qualified coordinating name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "elasticsearch.coordinating.fullname" -}}
+{{- if .Values.global.kibanaEnabled -}}
+{{- printf "%s-%s" .Release.Name .Values.global.coordinating.name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" (include "common.fullname" .) .Values.global.coordinating.name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+ Create the name of the master service account to use
+ */}}
+{{- define "elasticsearch.master.serviceAccountName" -}}
+{{- if .Values.master.serviceAccount.create -}}
+ {{ default (include "common.fullname" (dict "suffix" "master" "dot" .)) .Values.master.serviceAccount.name }}
+{{- else -}}
+ {{ default "default" .Values.master.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+ Create the name of the coordinating-only service account to use
+ */}}
+{{- define "elasticsearch.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+ {{ default (include "common.fullname" . ) .Values.serviceAccount.name }}
+{{- else -}}
+ {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+ Create the name of the data service account to use
+ */}}
+{{- define "elasticsearch.data.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+ {{ default (include "common.fullname" (dict "suffix" "data" "dot" .)) .Values.data.serviceAccount.name }}
+{{- else -}}
+ {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+
+{{/*
+Return the proper Docker Image Registry Secret Names
+*/}}
+{{- define "elasticsearch.imagePullSecrets" -}}
+{{- if .Values.global }}
+{{- if .Values.global.imagePullSecrets }}
+imagePullSecrets:
+{{- range .Values.global.imagePullSecrets }}
+ - name: {{ . }}
+{{- end }}
+{{- end }}
+{{- else }}
+{{- $imagePullSecrets := coalesce .Values.image.pullSecrets .Values.metrics.image.pullSecrets .Values.curator.image.pullSecrets .Values.sysctlImage.pullSecrets .Values.volumePermissions.image.pullSecrets -}}
+{{- if $imagePullSecrets }}
+imagePullSecrets:
+{{- range $imagePullSecrets }}
+ - name: {{ . }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "elasticsearch.curator.serviceAccountName" -}}
+{{- if .Values.curator.serviceAccount.create -}}
+ {{ default (include "common.fullname" (dict "suffix" "currator" "dot" .)) .Values.curator.serviceAccount.name }}
+{{- else -}}
+ {{ default "default" .Values.curator.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
--- /dev/null
+
+{{ if .Values.global.aafEnabled }}
+{{/*
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{- if .Values.aafConfig.addconfig -}}
+apiVersion: v1
+kind: ConfigMap
+{{ $suffix := "aaf-add-config" -}}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }}
+data:
+ aaf-add-config.sh: |-
+ cd /opt/app/osaaf/local
+ mkdir -p certs
+ export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0)
+ keytool -exportcert -rfc -file certs/cacert.pem -keystore {{ .Values.aafConfig.fqi_namespace }}.trust.jks -alias ca_local_0 -storepass $cadi_truststore_password
+ openssl pkcs12 -in {{ .Values.aafConfig.fqi_namespace }}.p12 -out certs/cert.pem -passin pass:$cadi_keystore_password_p12 -passout pass:$cadi_keystore_password_p12
+ cp {{ .Values.aafConfig.fqi_namespace }}.key certs/key.pem
+ chmod -R 755 certs
+{{- end -}}
+{{- end -}}
--- /dev/null
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{- if .Values.config }}
+apiVersion: v1
+kind: ConfigMap
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+data:
+ elasticsearch.yml: |- {{- toYaml .Values.config | nindent 4 }}
+{{- end }}
-{{ if .Values.global.aafEnabled }}
{{/*
-# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies, Orange
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
+{{- if .Values.nginx.serverBlock -}}
-{{- if .Values.aafConfig.addconfig -}}
apiVersion: v1
kind: ConfigMap
-{{- $suffix := "aaf-add-config" }}
+{{ $suffix := "nginx-server-block" -}}
metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }}
data:
- aaf-add-config.sh: |-
- /opt/app/aaf_config/bin/agent.sh;/opt/app/aaf_config/bin/agent.sh local showpass \
- {{.Values.aafConfig.fqi}} {{ .Values.aafConfig.fqdn }} > {{ .Values.aafConfig.credsPath }}/mycreds.prop
-{{- end -}}
+ server-block.conf: |-
+{{ if .Values.global.aafEnabled }}
+{{ .Values.nginx.serverBlock.https | indent 4 }}
+{{ else }}
+{{ .Values.nginx.serverBlock.http | indent 4 }}
+
+
+{{ end }}
{{- end -}}
--- /dev/null
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: apps/v1
+kind: Deployment
+{{ $role := "coordinating-only" -}}
+{{ $suffix := $role -}}
+{{ $labels := (dict "role" $role "discovery" (include "elasticsearch.clustername" .)) -}}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }}
+spec:
+ strategy:
+ type: {{ .Values.updateStrategy.type }}
+ {{- if (eq "Recreate" .Values.updateStrategy.type) }}
+ rollingUpdate: null
+ {{- end }}
+ selector: {{- include "common.selectors" (dict "matchLabels" $labels "dot" .) | nindent 4 }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata: {{- include "common.templateMetadata" (dict "labels" $labels "dot" .) | nindent 6 }}
+ spec:
+{{- include "elasticsearch.imagePullSecrets" . | nindent 6 }}
+ {{- if .Values.affinity }}
+ affinity: {{- include "common.tplValue" (dict "value" .Values.affinity "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector: {{- include "common.tplValue" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.tolerations }}
+ tolerations: {{- include "common.tplValue" (dict "value" .Values.tolerations "context" $) | nindent 8 }}
+ {{- end }}
+ serviceAccountName: {{ template "elasticsearch.serviceAccountName" . }}
+ {{- if .Values.securityContext.enabled }}
+ securityContext:
+ fsGroup: {{ .Values.securityContext.fsGroup }}
+ {{- end }}
+
+ ## Image that performs the sysctl operation to modify Kernel settings (needed sometimes to avoid boot errors)
+ initContainers:
+ {{- if .Values.sysctlImage.enabled }}
+ - name: sysctl
+ image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /bin/sh
+ - -c
+ - |
+ set -o errexit
+ set -o pipefail
+ set -o nounset
+ sysctl -w vm.max_map_count=262144 && sysctl -w fs.file-max=65536
+ securityContext:
+ privileged: true
+ {{- end }}
+ {{ include "common.aaf-config" . | nindent 8}}
+
+ containers:
+ - name: {{ include "common.name" . }}-nginx
+ image: {{printf "%s/%s:%s" (include "common.repository" .) .Values.nginx.imageName .Values.nginx.tag }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.nginx.pullPolicy | quote }}
+ ports: {{- include "common.containerPorts" . | indent 12 -}}
+ {{- if .Values.nginx.livenessProbe }}
+ livenessProbe: {{- toYaml .Values.nginx.livenessProbe | nindent 12 }}
+ {{- end }}
+ {{- if .Values.nginx.readinessProbe }}
+ readinessProbe: {{- toYaml .Values.nginx.readinessProbe | nindent 12 }}
+ {{- end }}
+ {{- if .Values.nginx.resources }}
+ resources: {{- toYaml .Values.nginx.resources | nindent 12 }}
+ {{- end }}
+ volumeMounts:
+ {{- if .Values.nginx.serverBlock }}
+ - name: nginx-server-block
+ mountPath: /opt/bitnami/nginx/conf/server_blocks
+ {{- end }}
+ {{- include "common.aaf-config-volume-mountpath" . | nindent 10 }}
+
+ - name: {{ include "common.name" . }}-elasticsearch
+ image: {{ printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }}
+ {{- if .Values.securityContext.enabled }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ securityContext:
+ runAsUser: {{ .Values.securityContext.runAsUser }}
+ {{- end }}
+ env:
+ - name: BITNAMI_DEBUG
+ value: {{ ternary "true" "false" .Values.image.debug | quote }}
+ - name: ELASTICSEARCH_CLUSTER_NAME
+ value: {{ include "elasticsearch.clustername" .}}
+ - name: ELASTICSEARCH_CLUSTER_HOSTS
+ value: {{ include "common.name" . }}-discovery
+ {{- if .Values.plugins }}
+ - name: ELASTICSEARCH_PLUGINS
+ value: {{ .Values.plugins | quote }}
+ {{- end }}
+ - name: ELASTICSEARCH_HEAP_SIZE
+ value: {{ .Values.heapSize | quote }}
+ - name: ELASTICSEARCH_IS_DEDICATED_NODE
+ value: "yes"
+ - name: ELASTICSEARCH_NODE_TYPE
+ value: "coordinating"
+ - name: ELASTICSEARCH_PORT_NUMBER
+ value: "9000"
+ {{/*ports: {{- include "common.containerPorts" . | indent 12 -}} */}}
+ {{- if .Values.livenessProbe.enabled }}
+ livenessProbe:
+ initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.livenessProbe.successThreshold }}
+ failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
+ httpGet:
+ path: /_cluster/health?local=true
+ port: http
+ {{- end }}
+ {{- if .Values.readinessProbe.enabled}}
+ readinessProbe:
+ initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.readinessProbe.successThreshold }}
+ failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
+ httpGet:
+ path: /_cluster/health?local=true
+ port: http
+ {{- end }}
+ {{- if .Values.resources }}
+ resources: {{- toYaml .Values.resources | nindent 12 }}
+ {{- end}}
+ volumeMounts:
+ {{- if .Values.config }}
+ - mountPath: /opt/bitnami/elasticsearch/config/elasticsearch.yml
+ name: config
+ subPath: elasticsearch.yml
+ {{- end }}
+ - name: data
+ mountPath: "/bitnami/elasticsearch/data/"
+ {{- if .Values.extraVolumeMounts }}
+ {{- toYaml .Values.extraVolumeMounts | nindent 12 }}
+ {{- end }}
+ volumes:
+ {{- if .Values.config }}
+ - name: config
+ configMap:
+ name: {{ include "common.fullname" . }}
+ {{- end }}
+ - name: data
+ emptyDir: {}
+ {{- if .Values.extraVolumes }}
+ {{- toYaml .Values.extraVolumes | nindent 8 }}
+ {{- end }}
+ {{- if .Values.nginx.serverBlock }}
+ - name: nginx-server-block
+ configMap:
+ name: {{ include "common.fullname" . }}-nginx-server-block
+ {{- end }}
+ {{- include "common.aaf-config-volumes" . | nindent 8}}
+
--- /dev/null
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ $role := "coordinating-only" -}}
+{{ $labels := (dict "role" $role) -}}
+{{ $matchLabels := (dict "role" $role) }}
+{{ include "common.service" (dict "labels" $labels "matchLabels" $matchLabels "dot" . ) }}
--- /dev/null
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{- $matchLabels := (dict "discovery" (include "elasticsearch.clustername" .) "nameNoMatch" "useDiscoveryService") }}
+{{ include "common.headlessService" (dict "matchLabels" $matchLabels "dot" .) }}
--- /dev/null
+# Copyright © 2018 Amdocs, Bell Canada
+# Copyright © 2019 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{ include "common.secretFast" . }}
--- /dev/null
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+{{ $role := .Values.global.coordinating.name -}}
+{{ $suffix := $role -}}
+{{ $labels := (dict "role" $role) -}}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }}
+{{- end }}
--- /dev/null
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ aafEnabled: true
+ aafAgentImage: onap/aaf/aaf_agent:2.1.15
+ nodePortPrefix: 302
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.2
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+ busyboxRepository: registry.hub.docker.com
+ busyboxImage: library/busybox:latest
+ clusterName: cluster.local
+
+persistence:
+ mountPath: /dockerdata-nfs
+ backup:
+ mountPath: /dockerdata-nfs/backup
+ storageClass:
+repositoryOverride: docker.io
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+## Init containers parameters:
+sysctlImage:
+ enabled: true
+
+# application image
+image:
+ imageName: bitnami/elasticsearch
+ tag: 6.8.6-debian-9-r23
+ ## Specify a imagePullPolicy
+ ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+ ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+ ##
+ pullPolicy: IfNotPresent
+ ## Optionally specify an array of imagePullSecrets.
+ ## Secrets must be manually created in the namespace.
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+ ##
+ # pullSecrets:
+ # - myRegistryKeySecretName
+ ## Set to true if you would like to see extra information on logs
+ ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
+ ##
+ debug: false
+
+## String to partially override common.fullname template (will maintain the release name)
+##
+# nameOverride:
+
+## String to fully override common.fullname template
+##
+# fullnameOverride:
+## updateStrategy for ElasticSearch coordinating deployment
+## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
+##
+updateStrategy:
+ type: RollingUpdate
+heapSize: 128m
+## Provide annotations for the coordinating-only pods.
+##
+podAnnotations: {}
+## Pod Security Context for coordinating-only pods.
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+##
+securityContext:
+ enabled: true
+ fsGroup: 1001
+ runAsUser: 1001
+## Affinity for pod assignment.
+## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+##
+affinity: {}
+## Node labels for pod assignment. Evaluated as a template.
+## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+##
+nodeSelector: {}
+## Tolerations for pod assignment. Evaluated as a template.
+## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+##
+tolerations: []
+## Elasticsearch coordinating-only container's resource requests and limits
+## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+##
+resources:
+ ## We usually recommend not to specify default resources and to leave this as a conscious
+ ## choice for the user. This also increases chances charts run on environments with little
+ ## resources, such as Minikube.
+ limits: {}
+ # cpu: 100m
+ # memory: 128Mi
+ requests:
+ cpu: 25m
+ memory: 256Mi
+## Elasticsearch coordinating-only container's liveness and readiness probes
+## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
+##
+livenessProbe:
+ enabled: false
+# initialDelaySeconds: 90
+# periodSeconds: 10
+# timeoutSeconds: 5
+# successThreshold: 1
+# failureThreshold: 5
+readinessProbe:
+ enabled: false
+# initialDelaySeconds: 90
+# periodSeconds: 10
+# timeoutSeconds: 5
+# successThreshold: 1
+# failureThreshold: 5
+## Service parameters for coordinating-only node(s)
+##
+serviceAccount:
+ ## Specifies whether a ServiceAccount should be created for the coordinating node
+ ##
+ create: false
+ ## The name of the ServiceAccount to use.
+ ## If not set and create is true, a name is generated using the fullname template
+ ##
+ # name:
+
+## Bitnami Minideb image version
+## ref: https://hub.docker.com/r/bitnami/minideb/tags/
+##
+sysctlImage:
+ enabled: true
+ imageName: bitnami/minideb
+ tag: stretch
+ ## Specify a imagePullPolicy
+ ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+ ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+ ##
+ pullPolicy: Always
+ ## Optionally specify an array of imagePullSecrets.
+ ## Secrets must be manually created in the namespace.
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+ ##
+ # pullSecrets:
+ # - myRegistryKeySecretName
+
+# nginx image
+nginx:
+ imageName: bitnami/nginx
+ tag: 1.16-debian-9
+ pullPolicy: IfNotPresent
+ service:
+ name: nginx
+ ports:
+ - name: elasticsearch
+ port: 8080
+## Custom server block to be added to NGINX configuration
+## PHP-FPM example server block:
+ serverBlock:
+ https: |-
+ server {
+ listen 9200 ssl;
+ #server_name ;
+ # auth_basic "server auth";
+ # auth_basic_user_file /etc/nginx/passwords;
+ ssl_certificate /opt/app/osaaf/local/certs/cert.pem;
+ ssl_certificate_key /opt/app/osaaf/local/certs/key.pem;
+ location / {
+ # deny node shutdown api
+ if ($request_filename ~ "_shutdown") {
+ return 403;
+ break;
+ }
+
+ proxy_pass http://localhost:9000;
+ proxy_http_version 1.1;
+ proxy_set_header Connection "Keep-Alive";
+ proxy_set_header Proxy-Connection "Keep-Alive";
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header Host $http_host;
+ proxy_redirect off;
+ }
+
+ location = / {
+ proxy_pass http://localhost:9000;
+ proxy_http_version 1.1;
+ proxy_set_header Connection "Keep-Alive";
+ proxy_set_header Proxy-Connection "Keep-Alive";
+ proxy_redirect off;
+ auth_basic "off";
+ }
+ }
+ http: |-
+ server {
+ listen 9200 ;
+ #server_name ;
+ location / {
+ # deny node shutdown api
+ if ($request_filename ~ "_shutdown") {
+ return 403;
+ break;
+ }
+
+ proxy_pass http://localhost:9000;
+ proxy_http_version 1.1;
+ proxy_set_header Connection "Keep-Alive";
+ proxy_set_header Proxy-Connection "Keep-Alive";
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header Host $http_host;
+ proxy_redirect off;
+ }
+
+ location = / {
+ proxy_pass http://localhost:9000;
+ proxy_http_version 1.1;
+ proxy_set_header Connection "Keep-Alive";
+ proxy_set_header Proxy-Connection "Keep-Alive";
+ proxy_redirect off;
+ auth_basic "off";
+ }
+ }
+#################################################################
+# coordinating service configuration defaults.
+#################################################################
+
+service:
+ name: ""
+ suffix: ""
+ ## coordinating-only service type
+ ##
+ type: ClusterIP
+ headlessPorts:
+ - name: http-transport
+ port: 9300
+ headless:
+ suffix: discovery
+ annotations:
+ service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
+ publishNotReadyAddresses: true
+ ## Elasticsearch tREST API port
+ ##
+ ports:
+ - name: elasticsearch
+ port: 9200
+
+
+ ## Specify the nodePort value for the LoadBalancer and NodePort service types.
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+ ##
+ # nodePort:
+ ## Provide any additional annotations which may be required. This can be used to
+ ## set the LoadBalancer service type to internal only.
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
+ ##
+ annotations: {}
+ ## Set the LoadBalancer service type to internal only.
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
+ ##
+ # loadBalancerIP:
+ ## Provide functionality to use RBAC
+ ##
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: &aaf_secret_uid elasticsearch-aaf-deploy-creds
+ type: basicAuth
+ externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDisabled" .Values.global.aafEnabled }}'
+ login: '{{ .Values.aafConfig.aafDeployFqi }}'
+ password: '{{ .Values.aafConfig.aafDeployPass }}'
+ passwordPolicy: required
+#################################################################
+# aaf configuration defaults.
+#################################################################
+aafConfig:
+ addconfig: true
+ fqdn: "elastic"
+ image: onap/aaf/aaf_agent:2.1.15
+ app_ns: "org.osaaf.aaf"
+ fqi_namespace: org.onap.elastic
+ fqi: "elastic@elastic.onap.org"
+ public_fqdn: "aaf.osaaf.org"
+ deploy_fqi: "deployer@people.osaaf.org"
+ aafDeployFqi: "deployer@people.osaaf.org"
+ aafDeployPass: demo123456!
+ #aafDeployCredsExternalSecret: some secret
+ #cadi_latitude: "52.5"
+ #cadi_longitude: "13.4"
+ secret_uid: *aaf_secret_uid
+#################################################################
+# subcharts configuration defaults.
+#################################################################
+
+
+#data:
+# enabled: false
+
+#curator:
+# enabled: false
+
+## Change nameOverride to be consistent accross all elasticsearch (sub)-charts
+
+master:
+ replicaCount: 3
+ # dedicatednode: "yes"
+ # working as master node only, in this case increase replicaCount for elasticsearch-data
+ # dedicatednode: "no"
+ # handles master and data node functionality
+ dedicatednode: "no"
+data:
+ enabled: false
+curator:
+ enabled: false
--- /dev/null
+#!/bin/bash
+#
+# Adfinis SyGroup AG
+# openshift-mariadb-galera: mysql setup script
+#
+
+set -eox pipefail
+
+echo 'Running mysql_install_db ...'
+mysql_install_db --datadir=/var/lib/mysql
+echo 'Finished mysql_install_db'
+
+mysqld --skip-networking --socket=/var/lib/mysql/mysql-init.sock --wsrep_on=OFF &
+pid="$!"
+
+mysql=( mysql --protocol=socket -uroot -hlocalhost --socket=/var/lib/mysql/mysql-init.sock )
+
+for i in {30..0}; do
+ if echo 'SELECT 1' | "${mysql[@]}" &> /dev/null; then
+ break
+ fi
+ echo 'MySQL init process in progress...'
+ sleep 1
+done
+if [ "$i" = 0 ]; then
+ echo >&2 'MySQL init process failed.'
+ exit 1
+fi
+
+if [ -z "$MYSQL_INITDB_SKIP_TZINFO" ]; then
+ # sed is for https://bugs.mysql.com/bug.php?id=20545
+ mysql_tzinfo_to_sql /usr/share/zoneinfo | sed 's/Local time zone must be set--see zic manual page/FCTY/' | "${mysql[@]}" mysql
+fi
+
+function prepare_password {
+ echo -n $1 | sed -e "s/'/''/g"
+}
+
+mysql_root_password=`prepare_password $MYSQL_ROOT_PASSWORD`
+# add MariaDB root user
+"${mysql[@]}" <<-EOSQL
+-- What's done in this file shouldn't be replicated
+-- or products like mysql-fabric won't work
+SET @@SESSION.SQL_LOG_BIN=0;
+
+DELETE FROM mysql.user ;
+CREATE USER 'root'@'%' IDENTIFIED BY '${mysql_root_password}' ;
+GRANT ALL ON *.* TO 'root'@'%' WITH GRANT OPTION ;
+DROP DATABASE IF EXISTS test ;
+FLUSH PRIVILEGES ;
+EOSQL
+
+# add root password for subsequent calls to mysql
+if [ ! -z "$MYSQL_ROOT_PASSWORD" ]; then
+ mysql+=( -p"${MYSQL_ROOT_PASSWORD}" )
+fi
+
+# add users require for Galera
+# TODO: make them somehow configurable
+"${mysql[@]}" <<-EOSQL
+CREATE USER 'xtrabackup_sst'@'localhost' IDENTIFIED BY 'xtrabackup_sst' ;
+GRANT RELOAD, LOCK TABLES, REPLICATION CLIENT ON *.* TO 'xtrabackup_sst'@'localhost' ;
+CREATE USER 'readinessProbe'@'localhost' IDENTIFIED BY 'readinessProbe';
+EOSQL
+
+if [ "$MYSQL_DATABASE" ]; then
+ echo "CREATE DATABASE IF NOT EXISTS \`$MYSQL_DATABASE\` ;" | "${mysql[@]}"
+ mysql+=( "$MYSQL_DATABASE" )
+fi
+
+if [ "$MYSQL_USER" -a "$MYSQL_PASSWORD" ]; then
+ mysql_password=`prepare_password $MYSQL_PASSWORD`
+ echo "CREATE USER '$MYSQL_USER'@'%' IDENTIFIED BY '$mysql_password' ;" | "${mysql[@]}"
+
+ if [ "$MYSQL_DATABASE" ]; then
+ echo "GRANT ALL ON \`$MYSQL_DATABASE\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}"
+ fi
+
+ echo 'FLUSH PRIVILEGES ;' | "${mysql[@]}"
+fi
+
+if ! kill -s TERM "$pid" || ! wait "$pid"; then
+ echo >&2 'MySQL init process failed.'
+ exit 1
+fi
+
+echo
+echo 'MySQL init process done. Ready for start up.'
+echo
{{/*
# Copyright © 2018 Amdocs, Bell Canada
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
data:
my_extra.cnf: |
{{ .Values.externalConfig | indent 4 }}
-{{- end -}}
+{{- end }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
configMap:
name: {{ include "common.fullname" . }}-external-config
{{- end}}
+ - name: init-script
+ configMap:
+ name: {{ include "common.fullname" . }}
+ defaultMode: 0755
- name: localtime
hostPath:
path: /etc/localtime
- mountPath: /etc/localtime
name: localtime
readOnly: true
+ - mountPath: /usr/share/container-scripts/mysql/configure-mysql.sh
+ subPath: configure-mysql.sh
+ name: init-script
{{- if .Values.persistence.enabled }}
- mountPath: /var/lib/mysql
name: {{ include "common.fullname" . }}-data
# application configuration
config:
# .mariadbRootPasswordExternalSecret: 'some-external-secret'
- mariadbRootPassword: secretpassword
+ # mariadbRootPassword: secretpassword
# .userCredentialsExternalSecret: 'some-external-secret'
userName: my-user
# userPassword: my-password
+++ /dev/null
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-my.public.ip=localhost
-all.public.ips=localhost
-my.id=0
-all.ids=0
-### Host Info ###
-zookeeper.host={{.Values.properties.zookeeperHost}}
-cassandra.host={{.Values.properties.cassandraHost}}
-### User Info ###
-cassandra.user={{.Values.properties.cassandraUser}}
-cassandra.password={{.Values.properties.cassandraPassword}}
-### AAF Endpoint ###
-aaf.endpoint.url={{.Values.properties.aafEndpointUrl}}
-### Admin API ###
-# AAF UAT
-aaf.admin.url={{.Values.properties.aafAdminUrl}}
-# AAF PROD
-admin.aaf.role={{.Values.properties.adminAafRole}}
-music.namespace={{.Values.properties.musicNamespace}}
+++ /dev/null
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - name: {{ include "common.name" . }}-zookeeper-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /root/ready.py
- args:
- - --container-name
- - zookeeper
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- - name: {{ include "common.name" . }}-cassandra-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /root/job_complete.py
- args:
- - -j
- - "{{ include "common.release" . }}-music-cassandra-job-config"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
-# War Container
- - name: "{{ .Chart.Name }}-war"
- image: "{{ include "common.repository" . }}/{{ .Values.warImage }}"
- command: ["cp","/app/MUSIC.war","/webapps"]
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- volumeMounts:
- - mountPath: /webapps
- name: shared-data
- containers:
- # Tomcat Container
- - name: "{{ include "common.name" . }}"
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /usr/local/tomcat/webapps
- name: shared-data
- - name: properties-music
- mountPath: /opt/app/music/etc/music.properties
- subPath: music.properties
- resources:
-{{ include "common.resources" . | indent 12 }}
- volumes:
- - name: shared-data
- emptyDir: {}
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: properties-music
- configMap:
- name: {{ include "common.fullname" . }}-configmap
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- nodePortPrefixExt: 304
- repository: nexus3.onap.org:10001
-
- # readiness check
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
-
- # logging agent
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: library/tomcat:8.5
-pullPolicy: Always
-warImage: onap/music/music:3.0.24
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-config:
- usernameCassandra: cassandra1
- passwordCassandra: cassandra1
-
-# default number of instances
-replicaCount: 3
-
-job:
- host: cassandra
- port: 9042
- busybox:
- image: library/busybox:latest
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-service:
- type: NodePort
- name: music-tomcat
- externalPort: 8080
- internalPort: 8080
- nodePort: 76
- portName: tomcat
-ingress:
- enabled: false
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 900m
- memory: 460Mi
- requests:
- cpu: 550m
- memory: 360Mi
- large:
- limits:
- cpu: 4
- memory: 2Gi
- requests:
- cpu: 2
- memory: 1Gi
- unlimited: {}
-
-
-
-properties:
- zookeeperHost: zookeeper
- cassandraHost: music-cassandra
- cassandraUser: nelson24
- cassandraPassword: nelson24
-
- # Admin API
- # ONAP AAF
- aafAdminUrl:
# limitations under the License.
apiVersion: v1
-description: ONAP - MUSIC Tomcat Container
-name: music-tomcat
+description: MUSIC api as a Service API Spring boot container.
+name: music
version: 6.0.0
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ============LICENSE_START==========================================
+ org.onap.music
+ ===================================================================
+ Copyright (c) 2017 AT&T Intellectual Property
+ ===================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+ ============LICENSE_END=============================================
+ ====================================================================
+-->
+
+<configuration scan="true" scanPeriod="3 seconds">
+ <!--<jmxConfigurator /> -->
+ <!-- directory path for all other type logs -->
+ <property name="logDir" value="/opt/app/music/logs" />
+
+ <!-- directory path for debugging type logs -->
+ <property name="debugDir" value="debug-logs" />
+
+ <!-- specify the component name -->
+ <!-- <property name="componentName" value="EELF"></property> -->
+ <property name="componentName" value="MUSIC"></property>
+
+ <!-- log file names -->
+ <property name="generalLogName" value="music" />
+ <property name="securityLogName" value="security" />
+ <property name="errorLogName" value="error" />
+ <property name="metricsLogName" value="metrics" />
+ <property name="auditLogName" value="audit" />
+ <property name="debugLogName" value="debug" />
+ <property name="defaultPattern" value="%d{yyyy-MM-dd HH:mm:ss} [%thread] %-5level %logger{36} - %msg%n" />
+ <!-- <property name="applicationLoggerPattern" value="%d{yyyy-MM-dd HH:mm:ss} [%thread] %-5level %msg%n" /> -->
+ <property name="applicationLoggerPattern" value="%d{yyyy-MM-dd HH:mm:ss} %-5level %X{keyspace} [transactionId:%X{transactionId}] - %msg%n" />
+ <property name="auditLoggerPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}| %msg%n" />
+ <property name="metricsLoggerPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{TargetVirtualEntity}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}| %msg%n" />
+ <!-- <property name="errorLoggerPattern" value= "%d{yyyy-MM-dd HH:mm:ss} [%thread] %-5level %msg%n " /> -->
+ <property name="errorLoggerPattern" value="%d{yyyy-MM-dd HH:mm:ss} %-5level %X{keyspace} - %msg%n" />
+ <property name="debugLoggerPattern" value="%date{ISO8601,UTC}|%X{RequestId}| %msg%n" ></property>
+ <property name="logDirectory" value="${logDir}/${componentName}" />
+ <property name="debugLogDirectory" value="${debugDir}/${componentName}" />
+ <!-- Example evaluator filter applied against console appender -->
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <!-- <encoder>
+ <pattern>${defaultPattern}</pattern>
+ </encoder> -->
+ <!-- <filter class="org.onap.music.eelf.logging.CustomLoggingFilter" />-->
+ <encoder>
+ <pattern>%d{yyyy-MM-dd HH:mm:ss} [%thread] %-5level %logger{36} - %X{keyspace} %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <!-- ============================================================================ -->
+ <!-- EELF Appenders -->
+ <!-- ============================================================================ -->
+
+ <appender name="EELF" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${generalLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
+ <maxFileSize>1GB</maxFileSize>
+ <maxHistory>5</maxHistory>
+ <totalSizeCap>5GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${applicationLoggerPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncEELF" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <includeCallerData>true</includeCallerData>
+ <appender-ref ref="EELF" />
+ </appender>
+
+ <!-- Sift Appender -->
+ <appender name="KSEELF" class="ch.qos.logback.classic.sift.SiftingAppender">
+ <!-- <discriminator class="org.onap.music.eelf.logging.AuxDiscriminator"> -->
+ <discriminator>
+ <key>keyspace</key>
+ <defaultValue>unknown</defaultValue>
+ </discriminator>
+ <sift>
+ <appender name="EELFSift" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${generalLogName}-keyspace.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${generalLogName}-${keyspace}.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
+ <maxHistory>30</maxHistory>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${applicationLoggerPattern}</pattern>
+ </encoder>
+ </appender>
+ </sift>
+ </appender>
+
+ <appender name="asyncKSEELF" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <includeCallerData>true</includeCallerData>
+ <appender-ref ref="KSEELF" />
+ </appender>
+
+
+
+
+ <!-- <appender name="EELF" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${generalLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
+ <maxFileSize>1GB</maxFileSize>
+ <maxHistory>5</maxHistory>
+ <totalSizeCap>5GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${applicationLoggerPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncEELF" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <includeCallerData>true</includeCallerData>
+ <appender-ref ref="EELF" />
+ </appender> -->
+
+ <!-- EELF Security Appender. This appender is used to record security events
+ to the security log file. Security events are separate from other loggers
+ in EELF so that security log records can be captured and managed in a secure
+ way separate from the other logs. This appender is set to never discard any
+ events. -->
+ <appender name="EELFSecurity" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${securityLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <fileNamePattern>${logDirectory}/${securityLogName}.%i.log.zip</fileNamePattern>
+ <minIndex>1</minIndex>
+ <maxIndex>9</maxIndex>
+ </rollingPolicy>
+ <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>5MB</maxFileSize>
+ </triggeringPolicy>
+ <encoder>
+ <pattern>%d{yyyy-MM-dd HH:mm:ss} [%thread] %-5level %logger{36} - %msg%n </pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncEELFSecurity" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <discardingThreshold>0</discardingThreshold>
+ <appender-ref ref="EELFSecurity" />
+ </appender>
+
+
+
+
+ <!-- EELF Audit Appender. This appender is used to record audit engine
+ related logging events. The audit logger and appender are specializations
+ of the EELF application root logger and appender. This can be used to segregate
+ Policy engine events from other components, or it can be eliminated to record
+ these events as part of the application root log. -->
+
+ <appender name="EELFAudit" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${auditLogName}.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <fileNamePattern>${logDirectory}/${auditLogName}.%i.log.zip</fileNamePattern>
+ <minIndex>1</minIndex>
+ <maxIndex>9</maxIndex>
+ </rollingPolicy>
+ <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>5MB</maxFileSize>
+ </triggeringPolicy>
+ <encoder>
+ <pattern>${auditLoggerPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFAudit" />
+ </appender>
+
+ <appender name="EELFMetrics" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${metricsLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <fileNamePattern>${logDirectory}/${metricsLogName}.%i.log.zip
+ </fileNamePattern>
+ <minIndex>1</minIndex>
+ <maxIndex>9</maxIndex>
+ </rollingPolicy>
+ <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>5MB</maxFileSize>
+ </triggeringPolicy>
+ <encoder>
+ <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n"</pattern> -->
+ <pattern>${metricsLoggerPattern}</pattern>
+ </encoder>
+ </appender>
+
+
+ <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFMetrics"/>
+ </appender>
+
+ <appender name="EELFError" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${errorLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <fileNamePattern>${logDirectory}/${errorLogName}.%i.log.zip</fileNamePattern>
+ <minIndex>1</minIndex>
+ <maxIndex>9</maxIndex>
+ </rollingPolicy>
+ <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>5MB</maxFileSize>
+ </triggeringPolicy>
+ <encoder>
+ <pattern>${errorLoggerPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFError"/>
+ </appender>
+
+ <appender name="EELFDebug" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${debugLogDirectory}/${debugLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <fileNamePattern>${debugLogDirectory}/${debugLogName}.%i.log.zip</fileNamePattern>
+ <minIndex>1</minIndex>
+ <maxIndex>9</maxIndex>
+ </rollingPolicy>
+ <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>5MB</maxFileSize>
+ </triggeringPolicy>
+ <encoder>
+ <pattern>${debugLoggerPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFDebug" />
+ <includeCallerData>true</includeCallerData>
+ </appender>
+
+
+ <!-- ============================================================================ -->
+ <!-- EELF loggers -->
+ <!-- ============================================================================ -->
+ <logger name="com.att.eelf" level="{{.Values.logback.applicationLogLevel}}" additivity="false">
+ <appender-ref ref="asyncEELF" />
+ <appender-ref ref="asyncKSEELF" />
+ </logger>
+
+ <logger name="com.att.eelf.security" level="{{.Values.logback.securityLogLevel}}" additivity="false">
+ <appender-ref ref="asyncEELFSecurity" />
+ </logger>
+
+
+ <logger name="com.att.eelf.audit" level="{{.Values.logback.auditLogLevel}}" additivity="false">
+ <appender-ref ref="asyncEELFAudit" />
+ </logger>
+
+ <logger name="com.att.eelf.metrics" level="{{.Values.logback.metricsLogLevel}}" additivity="false">
+ <appender-ref ref="asyncEELFMetrics" />
+ </logger>
+
+
+ <logger name="com.att.eelf.error" level="{{.Values.logback.errorLogLevel}}" additivity="false">
+ <appender-ref ref="asyncEELFError" />
+ </logger>
+
+ <logger name="com.att.eelf.debug" level="debug" additivity="false">
+ <appender-ref ref="asyncEELFDebug" />
+
+ </logger>
+
+ <!-- Springboot??? -->
+ <!-- <logger name="org.springframework.web" level="DEBUG">
+ <appender-ref ref="asyncEELF" />
+ </logger> -->
+
+ <root level="{{.Values.logback.rootLogLevel}}">
+ <appender-ref ref="asyncEELF" />
+ <appender-ref ref="asyncKSEELF" />
+ <appender-ref ref="STDOUT" />
+ </root>
+
+ <!-- Conductor Specific additions to squash WARNING and INFO -->
+ <logger name="com.datastax.driver.core.Cluster" level="ERROR"/>
+ <logger name="org.onap.music.main.MusicCore" level="ERROR"/>
+</configuration>
+
--- /dev/null
+server.port=8443
+server.servlet.context-path=/MUSIC/rest
+spring.jackson.mapper.ACCEPT_CASE_INSENSITIVE_ENUMS=true
+#server.ssl.enabled=false
+server.tomcat.max-threads=100
+#logging.file=/opt/app/music/logs/MUSIC/music-app.log
+#logging.config=file:/opt/app/music/etc/logback.xml
+security.require-ssl=true
+server.ssl.key-store=/opt/app/aafcertman/org.onap.music.jks
+server.ssl.key-store-password=${KEYSTORE_PASSWORD}
+server.ssl.key-store-provider=SUN
+server.ssl.key-store-type=JKS
+
--- /dev/null
+lock.using={{.Values.properties.lockUsing}}
+cassandra.host={{.Values.properties.cassandraHost}}
+cassandra.port={{ .Values.properties.cassandraPort }}
+lock.lease.period={{.Values.properties.lockLeasePeriod}}
+cassandra.user=${CASSA_USER}
+cassandra.password=${CASSA_PASSWORD}
+cassandra.connecttimeoutms={{.Values.properties.cassandraConnecttimeoutms}}
+cassandra.readtimeoutms={{.Values.properties.cassandraReadtimeoutms}}
+cadi={{.Values.properties.cadi}}
+music.aaf.ns={{.Values.properties.musicAafNs}}
+keyspace.active={{.Values.properties.keyspaceActive}}
+transId.header.required={{.Values.properties.transIdRequired}}
+transId.header.prefix={{.Values.properties.transIdPrefix}}
+conversation.header.required={{.Values.properties.conversationRequired}}
+conversation.header.prefix={{.Values.properties.conversationPrefix}}
+clientId.header.required={{.Values.properties.clientIdRequired}}
+clientId.header.prefix={{.Values.properties.clientIdPrefix}}
+messageId.header.required={{.Values.properties.messageIdRequired}}
+messageId.header.prefix={{.Values.properties.messageIdPrefix}}
+retry.count={{.Values.properties.retryCount}}
+lock.daemon.sleeptime.ms={{.Values.properties.lockDaemonSleeptimeMs}}
+keyspaces.for.lock.cleanup={{.Values.properties.keyspaceForLockCleanup}}
+create.lock.wait.period.ms=0
+create.lock.wait.increment.ms=0
--- /dev/null
+#!/bin/bash
+#
+# ============LICENSE_START==========================================
+# org.onap.music
+# ===================================================================
+# Copyright (c) 2019 AT&T Intellectual Property
+# ===================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END=============================================
+# ====================================================================
+
+echo "Running startup script to get password from certman"
+PWFILE=/opt/app/aafcertman/.password
+LOGFILE=/opt/app/music/logs/MUSIC/music-sb.log
+PROPS=/opt/app/music/etc/music-sb.properties
+LOGBACK=/opt/app/music/etc/logback.xml
+LOGGING=
+DEBUG_PROP=
+# Debug Setup. Uses env variables
+# DEBUG and DEBUG_PORT
+# DEBUG=true/false | DEBUG_PORT=<Port valie must be integer>
+if [ "${DEBUG}" == "true" ]; then
+ if [ "${DEBUG_PORT}" == "" ]; then
+ DEBUG_PORT=8000
+ fi
+ echo "Debug mode on"
+ DEBUG_PROP="-Xdebug -Xrunjdwp:server=y,transport=dt_socket,address=${DEBUG_PORT},suspend=n"
+fi
+
+# LOGBACK file: if /opt/app/music/etc/logback.xml exists thenuse that.
+if [ -f $LOGBACK ]; then
+ LOGGING="--logging.config=file:${LOGBACK}"
+fi
+
+# Get Passwords from /opt/app/aafcertman
+if [ -f $PWFILE ]; then
+ echo "Found ${PWFILE}" >> $LOGFILE
+ PASSWORD=$(cat ${PWFILE})
+else
+ PASSWORD=changeit
+ echo "#### Using Default Password for Certs" >> ${LOGFILE}
+fi
+
+# If music-sb.properties exists in /opt/app/music/etc then use that to override the application.properties
+if [ -f $PROPS ]; then
+ # Run with different Property file
+ #echo "java ${DEBUG_PROP} -jar MUSIC.jar --spring.config.location=file:${PROPS} ${LOGGING} 2>&1 | tee ${LOGFILE}"
+ java ${DEBUG_PROP} ${JAVA_OPTS} -jar MUSIC-SB.jar ${SPRING_OPTS} --spring.config.location=file:${PROPS} ${LOGGING} 2>&1 | tee ${LOGFILE}
+else
+ #echo "java ${DEBUG_PROP} -jar MUSIC.jar --server.ssl.key-store-password=${PASSWORD} ${LOGGING} 2>&1 | tee ${LOGFILE}"
+ java ${DEBUG_PROP} ${JAVA_OPTS} -jar MUSIC-SB.jar ${SPRING_OPTS} --server.ssl.key-store-password="${PASSWORD}" ${LOGGING} 2>&1 | tee ${LOGFILE}
+fi
+
+
+
+
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+# Copyright © 2017-2020 AT&T, Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-*/}}
apiVersion: v1
kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-configmap
- namespace: {{ include "common.namespace" . }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
data:
{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
--- /dev/null
+# Copyright © 2017-2020 AT&T, Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ initContainers:
+ - name: {{ include "common.name" . }}-cassandra-readiness
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /root/job_complete.py
+ args:
+ - -j
+ - "{{ include "common.release" . }}-music-cassandra-job-config"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: KEYSTORE_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "music-keystore-pw" "key" "password") | indent 12}}
+ - name: CASSA_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cassa-secret" "key" "login") | indent 12 }}
+ - name: CASSA_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cassa-secret" "key" "password") | indent 12 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: properties-music-scrubbed
+ - mountPath: /config
+ name: properties-music
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+ containers:
+ # MUSIC Container
+ - name: "{{ include "common.name" . }}-springboot"
+ image: "{{ .Values.repository }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{ if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.liveness.port }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.readiness.port }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ resources:
+{{ toYaml .Values.resources | indent 12 }}
+ env:
+ - name: SPRING_OPTS
+ value: "{{ .Values.springOpts }}"
+ - name: JAVA_OPTS
+ value: "{{ .Values.javaOpts }}"
+ - name: DEBUG
+ value: "{{ .Values.debug }}"
+ volumeMounts:
+ - name: localtime
+ mountPath: /etc/localtime
+ readOnly: true
+ - name: properties-music
+ mountPath: /opt/app/music/etc/music.properties
+ subPath: music.properties
+ - name: properties-music
+ mountPath: /opt/app/music/etc/music-sb.properties
+ subPath: music-sb.properties
+ - name: properties-music-scrubbed
+ mountPath: /opt/app/music/etc/logback.xml
+ subPath: logback.xml
+ - name: certs-aaf
+ mountPath: /opt/app/aafcertman/
+ volumes:
+ - name: shared-data
+ emptyDir: {}
+ - name: certificate-vol
+ emptyDir: {}
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: properties-music-scrubbed
+ configMap:
+ name: {{ include "common.fullname" . }}
+ - name: properties-music
+ emptyDir:
+ medium: Memory
+ - name: certs-aaf
+ secret:
+ secretName: {{ include "common.secret.getSecretNameFast" (dict "global" . "uid" "music-certs") }}
--- /dev/null
+# Copyright © 2020 AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
--- /dev/null
+# Copyright © 2017-2020 AT&T, Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.service" . }}
--- /dev/null
+# Copyright © 2020 AT&T, Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+ repository: nexus3.onap.org:10001
+
+ envsubstImage: dibi/envsubst
+
+ # readiness check
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
+
+ # logging agent
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+
+ truststore: truststoreONAPall.jks
+
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: music-certs
+ name: keystore.jks
+ type: generic
+ filePaths:
+ - resources/keys/org.onap.music.jks
+ - uid: music-keystore-pw
+ name: keystore-pw
+ type: password
+ password: '{{ .Values.keystorePassword }}'
+ passwordPolicy: required
+ - uid: cassa-secret
+ type: basicAuth
+ login: '{{ .Values.properties.cassandraUser }}'
+ password: '{{ .Values.properties.cassandraPassword }}'
+ passwordPolicy: required
+
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: nexus3.onap.org:10001
+image: onap/music/music_sb:3.2.40
+pullPolicy: Always
+
+job:
+ host: cassandra
+ port: 9042
+ busybox:
+ image: library/busybox:latest
+
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 30
+ periodSeconds: 6
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: false
+ port: 8443
+
+
+# Java options that need to be passed to jave on CLI
+#javaOpts: -Xms256m -Xmx2048m
+javaOpts:
+# Options that need to be passed to CLI for Sprngboot, pw is a secret passed in through ENV
+springOpts: --spring.config.location=file:/opt/app/music/etc/music-sb.properties
+# Resource Limit flavor -By Default using small
+flavor: large
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 1000m
+ memory: 1G
+ requests:
+ cpu: 300m
+ memory: 512Mi
+ large:
+ limits:
+ cpu: 1500m
+ memory: 3Gi
+ requests:
+ cpu: 1000m
+ memory: 2Gi
+ unlimited: {}
+
+readiness:
+ initialDelaySeconds: 350
+ periodSeconds: 120
+ port: 8443
+
+service:
+ useNodePortExt: true
+ type: NodePort
+ name: music
+ ports:
+ - name: https-api
+ port: 8443
+ nodePort: '07'
+
+# Turn on Debugging true/false
+debug: false
+ingress:
+ enabled: false
+
+keystorePassword: "ysF9CVS+xvuXr0vf&fRa5lew"
+
+properties:
+ lockUsing: "cassandra"
+ # Comma dilimited list of hosts
+ cassandraHost: "music-cassandra"
+ cassandraUser: "nelson24"
+ cassandraPassword: "nelson24"
+ cassandraConnecttimeoutms: 12000
+ cassandraPort: 9042
+ # Connection Timeout for Cassandra in ms
+ # Read Timeout for Cassandra in ms
+ cassandraReadtimeoutms: 12000
+ keyspaceActive: true
+ # Enable CADI
+ cadi: false
+ # Special headers that may be passed and if they are required.
+ # With the ability to add a Prefix if required.
+ transIdRequired: false
+ transIdPrefix: X-ATT-
+ conversationRequired: false
+ conversationPrefix: X-CSI-
+ clientIdRequired: false
+ clientIdPrefix:
+ messageIdRequired: false
+ messageIdPrefix:
+
+ # sleep time for lock cleanup daemon, negative values turn off daemon
+##### Lock settings
+ retryCount: 3
+ lockLeasePeriod: 6000
+ # sleep time for lock cleanup daemon, negative values turn off daemon
+ lockDaemonSleeptimeMs: 30000
+ #comma separated list of keyspace names
+ keyspaceForLockCleanup:
+
+
+logback:
+ errorLogLevel: info
+ securityLogLevel: info
+ applicationLogLevel: info
+ metricsLogLevel: info
+ auditLogLevel: info
+ # Values must be uppercase: INFO, WARN, CRITICAL,DEBUG etc..
+ rootLogLevel: INFO
+
+++ /dev/null
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
+++ /dev/null
-name: zookeeper
-home: https://zookeeper.apache.org/
-version: 1.0.2
-appVersion: 3.4.10
-description: Centralized service for maintaining configuration information, naming,
- providing distributed synchronization, and providing group services.
-icon: https://zookeeper.apache.org/images/zookeeper_small.gif
-sources:
-- https://github.com/apache/zookeeper
-- https://github.com/kubernetes/contrib/tree/master/statefulsets/zookeeper
-maintainers:
-- name: lachie83
- email: lachlan.evenson@microsoft.com
-- name: kow3ns
- email: owensk@google.com
+++ /dev/null
-approvers:
-- lachie83
-- kow3ns
-reviewers:
-- lachie83
-- kow3ns
+++ /dev/null
-# incubator/zookeeper
-
-This helm chart provides an implementation of the ZooKeeper [StatefulSet](http://kubernetes.io/docs/concepts/abstractions/controllers/statefulsets/) found in Kubernetes Contrib [Zookeeper StatefulSet](https://github.com/kubernetes/contrib/tree/master/statefulsets/zookeeper).
-
-## Prerequisites
-* Kubernetes 1.6+
-* PersistentVolume support on the underlying infrastructure
-* A dynamic provisioner for the PersistentVolumes
-* A familiarity with [Apache ZooKeeper 3.4.x](https://zookeeper.apache.org/doc/current/)
-
-## Chart Components
-This chart will do the following:
-
-* Create a fixed size ZooKeeper ensemble using a [StatefulSet](http://kubernetes.io/docs/concepts/abstractions/controllers/statefulsets/).
-* Create a [PodDisruptionBudget](https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-disruption-budget/) so kubectl drain will respect the Quorum size of the ensemble.
-* Create a [Headless Service](https://kubernetes.io/docs/concepts/services-networking/service/) to control the domain of the ZooKeeper ensemble.
-* Create a Service configured to connect to the available ZooKeeper instance on the configured client port.
-* Optionally apply a [Pod Anti-Affinity](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity-beta-feature) to spread the ZooKeeper ensemble across nodes.
-* Optionally start JMX Exporter and Zookeeper Exporter containers inside Zookeeper pods.
-* Optionally create a job which creates Zookeeper chroots (e.g. `/kafka1`).
-
-## Installing the Chart
-You can install the chart with the release name `zookeeper` as below.
-
-```console
-$ helm repo add incubator http://storage.googleapis.com/kubernetes-charts-incubator
-$ helm install --name zookeeper incubator/zookeeper
-```
-
-If you do not specify a name, helm will select a name for you.
-
-### Installed Components
-You can use `kubectl get` to view all of the installed components.
-
-```console{%raw}
-$ kubectl get all -l app=zookeeper
-NAME: zookeeper
-LAST DEPLOYED: Wed Apr 11 17:09:48 2018
-NAMESPACE: default
-STATUS: DEPLOYED
-
-RESOURCES:
-==> v1beta1/PodDisruptionBudget
-NAME MIN AVAILABLE MAX UNAVAILABLE ALLOWED DISRUPTIONS AGE
-zookeeper N/A 1 1 2m
-
-==> v1/Service
-NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
-zookeeper-headless ClusterIP None <none> 2181/TCP,3888/TCP,2888/TCP 2m
-zookeeper ClusterIP 10.98.179.165 <none> 2181/TCP 2m
-
-==> v1beta1/StatefulSet
-NAME DESIRED CURRENT AGE
-zookeeper 3 3 2m
-```
-
-1. `statefulsets/zookeeper` is the StatefulSet created by the chart.
-1. `po/zookeeper-<0|1|2>` are the Pods created by the StatefulSet. Each Pod has a single container running a ZooKeeper server.
-1. `svc/zookeeper-headless` is the Headless Service used to control the network domain of the ZooKeeper ensemble.
-1. `svc/zookeeper` is a Service that can be used by clients to connect to an available ZooKeeper server.
-
-## Configuration
-You can specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
-
-Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
-
-```console
-$ helm install --name my-release -f values.yaml incubator/zookeeper
-```
-
-## Default Values
-
-- You can find all user-configurable settings, their defaults and commentary about them in [values.yaml](values.yaml).
-
-## Deep Dive
-
-## Image Details
-The image used for this chart is based on Ubuntu 16.04 LTS. This image is larger than Alpine or BusyBox, but it provides glibc, rather than ulibc or mucl, and a JVM release that is built against it. You can easily convert this chart to run against a smaller image with a JVM that is built against that image's libc. However, as far as we know, no Hadoop vendor supports, or has verified, ZooKeeper running on such a JVM.
-
-## JVM Details
-The Java Virtual Machine used for this chart is the OpenJDK JVM 8u111 JRE (headless).
-
-## ZooKeeper Details
-The ZooKeeper version is the latest stable version (3.4.10). The distribution is installed into /opt/zookeeper-3.4.10. This directory is symbolically linked to /opt/zookeeper. Symlinks are created to simulate a rpm installation into /usr.
-
-## Failover
-You can test failover by killing the leader. Insert a key:
-```console
-$ kubectl exec zookeeper-0 -- /opt/zookeeper/bin/zkCli.sh create /foo bar;
-$ kubectl exec zookeeper-2 -- /opt/zookeeper/bin/zkCli.sh get /foo;
-```
-
-Watch existing members:
-```console
-$ kubectl run --attach bbox --image=busybox --restart=Never -- sh -c 'while true; do for i in 0 1 2; do echo zk-${i} $(echo stats | nc <pod-name>-${i}.<headless-service-name>:2181 | grep Mode); sleep 1; done; done';
-
-zk-2 Mode: follower
-zk-0 Mode: follower
-zk-1 Mode: leader
-zk-2 Mode: follower
-```
-
-Delete Pods and wait for the StatefulSet controller to bring them back up:
-```console
-$ kubectl delete po -l app=zookeeper
-$ kubectl get po --watch-only
-NAME READY STATUS RESTARTS AGE
-zookeeper-0 0/1 Running 0 35s
-zookeeper-0 1/1 Running 0 50s
-zookeeper-1 0/1 Pending 0 0s
-zookeeper-1 0/1 Pending 0 0s
-zookeeper-1 0/1 ContainerCreating 0 0s
-zookeeper-1 0/1 Running 0 19s
-zookeeper-1 1/1 Running 0 40s
-zookeeper-2 0/1 Pending 0 0s
-zookeeper-2 0/1 Pending 0 0s
-zookeeper-2 0/1 ContainerCreating 0 0s
-zookeeper-2 0/1 Running 0 19s
-zookeeper-2 1/1 Running 0 41s
-```
-
-Check the previously inserted key:
-```console
-$ kubectl exec zookeeper-1 -- /opt/zookeeper/bin/zkCli.sh get /foo
-ionid = 0x354887858e80035, negotiated timeout = 30000
-
-WATCHER::
-
-WatchedEvent state:SyncConnected type:None path:null
-bar
-```
-
-## Scaling
-ZooKeeper can not be safely scaled in versions prior to 3.5.x. This chart currently uses 3.4.x. There are manual procedures for scaling a 3.4.x ensemble, but as noted in the [ZooKeeper 3.5.2 documentation](https://zookeeper.apache.org/doc/r3.5.2-alpha/zookeeperReconfig.html) these procedures require a rolling restart, are known to be error prone, and often result in a data loss.
-
-While ZooKeeper 3.5.x does allow for dynamic ensemble reconfiguration (including scaling membership), the current status of the release is still alpha, and 3.5.x is therefore not recommended for production use.
-
-## Limitations
-* StatefulSet and PodDisruptionBudget are beta resources.
-* Only supports storage options that have backends for persistent volume claims.
+++ /dev/null
-Thank you for installing ZooKeeper on your Kubernetes cluster. More information
-about ZooKeeper can be found at https://zookeeper.apache.org/doc/current/
-
-Your connection string should look like:
- {{ template "common.fullname" . }}-0.{{ template "common.fullname" . }}-headless:{{ .Values.service.ports.client.port }},{{ template "common.fullname" . }}-1.{{ template "common.fullname" . }}-headless:{{ .Values.service.ports.client.port }},...
-
-You can also use the client service {{ template "common.fullname" . }}:{{ .Values.service.ports.client.port }} to connect to an available ZooKeeper server.
+++ /dev/null
-{{- if .Values.exporters.jmx.enabled }}
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.release" . }}-jmx-exporter
- labels:
- app: {{ template "common.name" . }}
- chart: {{ .Chart.Name }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
- config.yml: |-
- hostPort: 127.0.0.1:{{ .Values.env.JMXPORT }}
- lowercaseOutputName: {{ .Values.exporters.jmx.config.lowercaseOutputName }}
- rules:
-{{ .Values.exporters.jmx.config.rules | toYaml | indent 6 }}
- ssl: false
- startDelaySeconds: {{ .Values.exporters.jmx.config.startDelaySeconds }}
-{{- end }}
+++ /dev/null
-{{- if .Values.jobs.chroots.enabled }}
-{{- $root := . }}
-{{- $job := .Values.jobs.chroots }}
-apiVersion: batch/v1
-kind: Job
-metadata:
- name: {{ template "common.fullname" . }}-chroots
- annotations:
- "helm.sh/hook": post-install,post-upgrade
- "helm.sh/hook-weight": "-5"
- "helm.sh/hook-delete-policy": hook-succeeded
- labels:
- app: {{ template "common.name" . }}
- chart: {{ .Chart.Name }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- component: jobs
- job: chroots
-spec:
- activeDeadlineSeconds: {{ $job.activeDeadlineSeconds }}
- backoffLimit: {{ $job.backoffLimit }}
- completions: {{ $job.completions }}
- parallelism: {{ $job.parallelism }}
- template:
- metadata:
- labels:
- app: {{ template "common.name" . }}
- release: {{ include "common.release" . }}
- component: jobs
- job: chroots
- spec:
- restartPolicy: {{ $job.restartPolicy }}
- containers:
- - name: main
- image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.image.pullPolicy }}
- command:
- - /bin/bash
- - -o
- - pipefail
- - -euc
- {{- $port := .Values.service.ports.client.port }}
- - >
- sleep 15;
- export SERVER={{ template "common.fullname" $root }}:{{ $port }};
- {{- range $job.config.create }}
- echo '==> {{ . }}';
- echo '====> Create chroot if does not exist.';
- zkCli.sh -server {{ template "common.fullname" $root }}:{{ $port }} get {{ . }} 2>&1 >/dev/null | grep 'cZxid'
- || zkCli.sh -server {{ template "common.fullname" $root }}:{{ $port }} create {{ . }} "";
- echo '====> Confirm chroot exists.';
- zkCli.sh -server {{ template "common.fullname" $root }}:{{ $port }} get {{ . }} 2>&1 >/dev/null | grep 'cZxid';
- echo '====> Chroot exists.';
- {{- end }}
- env:
- {{- range $key, $value := $job.env }}
- - name: {{ $key | upper | replace "." "_" }}
- value: {{ $value | quote }}
- {{- end }}
- resources:
-{{ toYaml $job.resources | indent 12 }}
-{{- end -}}
+++ /dev/null
-apiVersion: policy/v1beta1
-kind: PodDisruptionBudget
-metadata:
- name: {{ template "common.fullname" . }}
- labels:
- app: {{ template "common.name" . }}
- chart: {{ .Chart.Name }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- component: server
-spec:
- selector:
- matchLabels:
- app: {{ template "common.name" . }}
- release: {{ include "common.release" . }}
- component: server
-{{ toYaml .Values.podDisruptionBudget | indent 2 }}
+++ /dev/null
-{{/*
-# Copyright © 2019 Amdocs, Bell Canada, Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-{{- $global := . }}
-{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }}
-{{- if eq "True" (include "common.needPV" .) -}}
-{{- range $i := until (int $global.Values.replicaCount)}}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" $global }}-data-{{ $i }}
- namespace: {{ include "common.namespace" $global }}
- labels:
- app: {{ include "common.fullname" $global }}
- chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" $global }}"
- heritage: "{{ $global.Release.Service }}"
- name: {{ include "common.fullname" $global }}
-spec:
- capacity:
- storage: {{ $global.Values.persistence.size}}
- accessModes:
- - {{ $global.Values.persistence.accessMode }}
- persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }}
- storageClassName: "{{ include "common.fullname" $global }}-data"
- hostPath:
- path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.mountSubPath }}-{{$i}}
-{{if ne $i (int $global.Values.replicaCount) }}
----
-{{- end -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
+++ /dev/null
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ template "common.fullname" . }}-headless
- labels:
- app: {{ template "common.name" . }}
- chart: {{ .Chart.Name }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- clusterIP: None
- ports:
-{{- range $key, $port := .Values.ports }}
- - name: {{ $key }}
- port: {{ $port.containerPort }}
- targetPort: {{ $port.name }}
- protocol: {{ $port.protocol }}
-{{- end }}
- selector:
- app: {{ template "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Values.service.name }}
- labels:
- app: {{ template "common.name" . }}
- chart: {{ .Chart.Name }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-{{- with .Values.service.annotations }}
-{{ toYaml . | indent 4 }}
-{{- end }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{- range $key, $value := .Values.service.ports }}
- - name: {{ $key }}
-{{ toYaml $value | indent 6 }}
- {{- end }}
- selector:
- app: {{ template "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-apiVersion: apps/v1beta1
-kind: StatefulSet
-metadata:
- name: {{ template "common.fullname" . }}
- labels:
- app: {{ template "common.name" . }}
- chart: {{ .Chart.Name }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- component: server
-spec:
- podAntiAffinity:
- preferredDuringSchedulingIgnoredDuringExecution:
- - weight: 1
- podAffinityTerm:
- labelSelector:
- matchExpressions:
- - key: app
- operator: In
- values:
- - "{{ .Chart.Name }}"
- serviceName: {{ template "common.fullname" . }}-headless
- replicas: {{ .Values.replicaCount }}
- terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
- selector:
- matchLabels:
- app: {{ template "common.name" . }}
- release: {{ include "common.release" . }}
- component: server
- updateStrategy:
-{{ toYaml .Values.updateStrategy | indent 4 }}
- template:
- metadata:
- labels:
- app: {{ template "common.name" . }}
- release: {{ include "common.release" . }}
- component: server
- {{- if .Values.podLabels }}
- ## Custom pod labels
- {{- range $key, $value := .Values.podLabels }}
- {{ $key }}: {{ $value | quote }}
- {{- end }}
- {{- end }}
- annotations:
- {{- if .Values.podAnnotations }}
- ## Custom pod annotations
- {{- range $key, $value := .Values.podAnnotations }}
- {{ $key }}: {{ $value | quote }}
- {{- end }}
- {{- end }}
- spec:
-{{- if .Values.schedulerName }}
- schedulerName: "{{ .Values.schedulerName }}"
-{{- end }}
- securityContext:
-{{ toYaml .Values.securityContext | indent 8 }}
- containers:
-
- - name: zookeeper
- image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.image.pullPolicy }}
- command:
- - /bin/bash
- - -xec
- - zkGenConfig.sh && exec zkServer.sh start-foreground
- ports:
-{{- range $key, $port := .Values.ports }}
- - name: {{ $key }}
-{{ toYaml $port | indent 14 }}
-{{- end }}
- livenessProbe:
-{{ toYaml .Values.livenessProbe | indent 12 }}
- readinessProbe:
-{{ toYaml .Values.readinessProbe | indent 12 }}
- env:
- - name: ZK_REPLICAS
- value: {{ .Values.replicaCount | quote }}
- {{- range $key, $value := .Values.env }}
- - name: {{ $key | upper | replace "." "_" }}
- value: {{ $value | quote }}
- {{- end }}
- resources:
-{{ include "common.resources" . }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-data
- mountPath: /var/lib/zookeeper
-
-{{- if .Values.exporters.jmx.enabled }}
- - name: jmx-exporter
- image: "{{ .Values.exporters.jmx.image.repository }}:{{ .Values.exporters.jmx.image.tag }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.exporters.jmx.image.pullPolicy }}
- ports:
- {{- range $key, $port := .Values.exporters.jmx.ports }}
- - name: {{ $key }}
-{{ toYaml $port | indent 14 }}
- {{- end }}
- livenessProbe:
-{{ toYaml .Values.exporters.jmx.livenessProbe | indent 12 }}
- readinessProbe:
-{{ toYaml .Values.exporters.jmx.readinessProbe | indent 12 }}
- env:
- - name: SERVICE_PORT
- value: {{ .Values.exporters.jmx.ports.jmxxp.containerPort | quote }}
- {{- with .Values.exporters.jmx.env }}
- {{- range $key, $value := . }}
- - name: {{ $key | upper | replace "." "_" }}
- value: {{ $value | quote }}
- {{- end }}
- {{- end }}
- resources:
-{{ toYaml .Values.exporters.jmx.resources | indent 12 }}
- volumeMounts:
- - name: config-jmx-exporter
- mountPath: /opt/jmx_exporter/config.yml
- subPath: config.yml
-{{- end }}
-
-{{- if .Values.exporters.zookeeper.enabled }}
- - name: zookeeper-exporter
- image: "{{ .Values.exporters.zookeeper.image.repository }}:{{ .Values.exporters.zookeeper.image.tag }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.exporters.zookeeper.image.pullPolicy }}
- args:
- - -bind-addr=:{{ .Values.exporters.zookeeper.ports.zookeeperxp.containerPort }}
- - -metrics-path={{ .Values.exporters.zookeeper.path }}
- - -zookeeper=localhost:{{ .Values.ports.client.containerPort }}
- - -log-level={{ .Values.exporters.zookeeper.config.logLevel }}
- - -reset-on-scrape={{ .Values.exporters.zookeeper.config.resetOnScrape }}
- ports:
- {{- range $key, $port := .Values.exporters.zookeeper.ports }}
- - name: {{ $key }}
-{{ toYaml $port | indent 14 }}
- {{- end }}
- livenessProbe:
-{{ toYaml .Values.exporters.zookeeper.livenessProbe | indent 12 }}
- readinessProbe:
-{{ toYaml .Values.exporters.zookeeper.readinessProbe | indent 12 }}
- env:
- {{- range $key, $value := .Values.exporters.zookeeper.env }}
- - name: {{ $key | upper | replace "." "_" }}
- value: {{ $value | quote }}
- {{- end }}
- resources:
-{{ toYaml .Values.exporters.zookeeper.resources | indent 12 }}
-{{- end }}
-
- {{- with .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml . | indent 8 }}
- {{- end }}
- {{- with .Values.affinity }}
- affinity:
-{{ toYaml . | indent 8 }}
- {{- end }}
- {{- with .Values.tolerations }}
- tolerations:
-{{ toYaml . | indent 8 }}
- {{- end }}
- {{- if (or .Values.exporters.jmx.enabled (not .Values.persistence.enabled)) }}
- volumes:
- {{- if .Values.exporters.jmx.enabled }}
- - name: config-jmx-exporter
- configMap:
- name: {{ include "common.release" . }}-jmx-exporter
- {{- end }}
- {{- end }}
- {{- if .Values.persistence.enabled }}
- volumeClaimTemplates:
- - metadata:
- name: {{ include "common.fullname" . }}-data
- labels:
- name: {{ include "common.fullname" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- spec:
- accessModes:
- - {{ .Values.persistence.accessMode | quote }}
- storageClassName: {{ include "common.storageClass" . }}
- resources:
- requests:
- storage: {{ .Values.persistence.size | quote }}
- {{- end }}
+++ /dev/null
-## As weighted quorums are not supported, it is imperative that an odd number of replicas
-## be chosen. Moreover, the number of replicas should be either 1, 3, 5, or 7.
-##
-## ref: https://github.com/kubernetes/contrib/tree/master/statefulsets/zookeeper#stateful-set
-replicaCount: 3 # Desired quantity of ZooKeeper pods. This should always be (1,3,5, or 7)
-
-podDisruptionBudget:
- maxUnavailable: 1 # Limits how many Zokeeper pods may be unavailable due to voluntary disruptions.
-
-terminationGracePeriodSeconds: 1800 # Duration in seconds a Zokeeper pod needs to terminate gracefully.
-
-## OnDelete requires you to manually delete each pod when making updates.
-## This approach is at the moment safer than RollingUpdate because replication
-## may be incomplete when replication source pod is killed.
-##
-## ref: http://blog.kubernetes.io/2017/09/kubernetes-statefulsets-daemonsets.html
-updateStrategy:
- type: OnDelete # Pods will only be created when you manually delete old pods.
-
-## refs:
-## - https://github.com/kubernetes/contrib/tree/master/statefulsets/zookeeper
-## - https://github.com/kubernetes/contrib/blob/master/statefulsets/zookeeper/Makefile#L1
-image:
- #repository: nexus3.onap.org:10001/library/zookeeper
- #tag: 3.3
- repository: gcr.io/google_samples/k8szk # Container image repository for zookeeper container.
- tag: v3 # Container image tag for zookeeper container.
- pullPolicy: IfNotPresent # Image pull criteria for zookeeper container.
-
-service:
- name: zookeeper
- type: ClusterIP # Exposes zookeeper on a cluster-internal IP.
- annotations: {} # Arbitrary non-identifying metadata for zookeeper service.
- ## AWS example for use with LoadBalancer service type.
- # external-dns.alpha.kubernetes.io/hostname: zookeeper.cluster.local
- # service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true"
- # service.beta.kubernetes.io/aws-load-balancer-internal: "true"
- ports:
- client:
- port: 2181 # Service port number for client port.
- targetPort: client # Service target port for client port.
- protocol: TCP # Service port protocol for client port.
-
-
-ports:
- client:
- containerPort: 2181 # Port number for zookeeper container client port.
- protocol: TCP # Protocol for zookeeper container client port.
- election:
- containerPort: 3888 # Port number for zookeeper container election port.
- protocol: TCP # Protocol for zookeeper container election port.
- server:
- containerPort: 2888 # Port number for zookeeper container server port.
- protocol: TCP # Protocol for zookeeper container server port.
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 500m
- memory: 900Mi
- requests:
- cpu: 10m
- memory: 730Mi
- large:
- limits:
- cpu: 3
- memory: 2Gi
- requests:
- cpu: 2
- memory: 1Gi
- unlimited: {}
-
-nodeSelector: {} # Node label-values required to run zookeeper pods.
-
-tolerations: [] # Node taint overrides for zookeeper pods.
-
-affinity: {} # Criteria by which pod label-values influence scheduling for zookeeper pods.
-affinity:
- podAntiAffinity:
- requiredDuringSchedulingIgnoredDuringExecution:
- - topologyKey: "kubernetes.io/hostname"
- labelSelector:
- matchLabels:
- release: zookeeper
-
-podAnnotations: {} # Arbitrary non-identifying metadata for zookeeper pods.
-
-podLabels: {} # Key/value pairs that are attached to zookeeper pods.
-
-livenessProbe:
- exec:
- command:
- - zkOk.sh
- initialDelaySeconds: 20
-
-readinessProbe:
- exec:
- command:
- - zkOk.sh
- initialDelaySeconds: 20
-
-securityContext:
- fsGroup: 1000
- #runAsUser: 1000
-
-persistence:
- enabled: true
- ## zookeeper data Persistent Volume Storage Class
- ## If defined, storageClassName: <storageClass>
- ## If set to "-", storageClassName: "", which disables dynamic provisioning
- ## If undefined (the default) or set to null, no storageClassName spec is
- ## set, choosing the default provisioner. (gp2 on AWS, standard on
- ## GKE, AWS & OpenStack)
- ##
- volumeReclaimPolicy: Retain
- accessMode: ReadWriteOnce
- mountPath: /dockerdata-nfs
- mountSubPath: music/zookeeper
- size: 4Gi
-
-## Exporters query apps for metrics and make those metrics available for
-## Prometheus to scrape.
-exporters:
-
- jmx:
- enabled: false
- image:
- repository: sscaling/jmx-prometheus-exporter
- tag: 0.3.0
- pullPolicy: IfNotPresent
- config:
- lowercaseOutputName: false
- rules:
- - pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+)><>(\\w+)"
- name: "zookeeper_$2"
- - pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+), name1=replica.(\\d+)><>(\\w+)"
- name: "zookeeper_$3"
- labels:
- replicaId: "$2"
- - pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+), name1=replica.(\\d+), name2=(\\w+)><>(\\w+)"
- name: "zookeeper_$4"
- labels:
- replicaId: "$2"
- memberType: "$3"
- - pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+), name1=replica.(\\d+), name2=(\\w+), name3=(\\w+)><>(\\w+)"
- name: "zookeeper_$4_$5"
- labels:
- replicaId: "$2"
- memberType: "$3"
- startDelaySeconds: 30
- env: {}
- resources: {}
- path: /metrics
- ports:
- jmxxp:
- containerPort: 9404
- protocol: TCP
- livenessProbe:
- httpGet:
- path: /metrics
- port: jmxxp
- initialDelaySeconds: 30
- periodSeconds: 15
- timeoutSeconds: 60
- failureThreshold: 8
- successThreshold: 1
- readinessProbe:
- httpGet:
- path: /metrics
- port: jmxxp
- initialDelaySeconds: 30
- periodSeconds: 15
- timeoutSeconds: 60
- failureThreshold: 8
- successThreshold: 1
-
- zookeeper:
- enabled: false
- image:
- repository: josdotso/zookeeper-exporter
- tag: v1.1.2
- pullPolicy: IfNotPresent
- config:
- logLevel: info
- resetOnScrape: "true"
- env: {}
- resources: {}
- path: /metrics
- ports:
- zookeeperxp:
- containerPort: 9141
- protocol: TCP
- livenessProbe:
- httpGet:
- path: /metrics
- port: zookeeperxp
- initialDelaySeconds: 30
- periodSeconds: 15
- timeoutSeconds: 60
- failureThreshold: 8
- successThreshold: 1
- readinessProbe:
- httpGet:
- path: /metrics
- port: zookeeperxp
- initialDelaySeconds: 30
- periodSeconds: 15
- timeoutSeconds: 60
- failureThreshold: 8
- successThreshold: 1
-
-env:
-
- ## Options related to JMX exporter.
- JMXAUTH: "false"
- JMXDISABLE: "false"
- JMXPORT: 1099
- JMXSSL: "false"
-
- ## The port on which the server will accept client requests.
- ZK_CLIENT_PORT: 2181
-
- ## The port on which the ensemble performs leader election.
- ZK_ELECTION_PORT: 3888
-
- ## The JVM heap size.
- ZK_HEAP_SIZE: 2G
-
- ## The number of Ticks that an ensemble member is allowed to perform leader
- ## election.
- ZK_INIT_LIMIT: 5
-
- ## The Log Level that for the ZooKeeper processes logger.
- ## Choices are `TRACE,DEBUG,INFO,WARN,ERROR,FATAL`.
- ZK_LOG_LEVEL: INFO
-
- ## The maximum number of concurrent client connections that
- ## a server in the ensemble will accept.
- ZK_MAX_CLIENT_CNXNS: 60
-
- ## The maximum session timeout that the ensemble will allow a client to request.
- ## Upstream default is `20 * ZK_TICK_TIME`
- ZK_MAX_SESSION_TIMEOUT: 40000
-
- ## The minimum session timeout that the ensemble will allow a client to request.
- ## Upstream default is `2 * ZK_TICK_TIME`.
- ZK_MIN_SESSION_TIMEOUT: 4000
-
- ## The delay, in hours, between ZooKeeper log and snapshot cleanups.
- ZK_PURGE_INTERVAL: 0
-
- ## The port on which the leader will send events to followers.
- ZK_SERVER_PORT: 2888
-
- ## The number of snapshots that the ZooKeeper process will retain if
- ## `ZK_PURGE_INTERVAL` is set to a value greater than `0`.
- ZK_SNAP_RETAIN_COUNT: 3
-
- ## The number of Tick by which a follower may lag behind the ensembles leader.
- ZK_SYNC_LIMIT: 10
-
- ## The number of wall clock ms that corresponds to a Tick for the ensembles
- ## internal time.
- ZK_TICK_TIME: 2000
-
-jobs:
- chroots:
- enabled: false
- activeDeadlineSeconds: 300
- backoffLimit: 5
- completions: 1
- config:
- create: []
- # - /kafka
- # - /ureplicator
- env: []
- parallelism: 1
- resources: {}
- restartPolicy: Never
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+# Copyright © 2018-2020 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-apps-ms-neng:0.6.3
+image: onap/ccsdk-apps-ms-neng:0.7.1
pullPolicy: IfNotPresent
# application configuration
ingress:
enabled: false
service:
- - baseaddr: "consul-server"
+ - baseaddr: "consul.api"
name: "consul-server"
port: 8800
config:
# See the License for the specific language governing permissions and
# limitations under the License.
-make-contrib: make-contrib-awx make-contrib-netbox make-contrib-core
+make-contrib: make-contrib-awx make-contrib-netbox make-contrib-ejbca make-contrib-core
make-contrib-awx:
cd components && helm dep up awx && helm lint awx
+make-contrib-ejbca:
+ cd components && helm dep up ejbca && helm lint ejbca
+
make-contrib-netbox:
cd components && helm dep up netbox && helm lint netbox
name: localtime
readOnly: true
- name: {{ include "common.fullname" . }}-data
- mountPath: /var/lib/postgresql/data
+ mountPath: /var/lib/postgresql/
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
--- /dev/null
+# Copyright © 2020 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP EJBCA test server
+name: ejbca
+version: 6.0.0
--- /dev/null
+# Copyright © 2020 Orange, Ericsson
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: mariadb-galera
+ version: ~6.x-0
+ repository: '@local'
+ condition: global.mariadbGalera.localCluster
+ - name: mariadb-init
+ version: ~6.x-0
+ repository: '@local'
+ condition: not global.mariadbGalera.localCluster
--- /dev/null
+#!/bin/bash
+
+waitForEjbcaToStart() {
+ until $(curl -kI https://localhost:8443/ejbca/publicweb/healthcheck/ejbcahealth --output /dev/null --silent --head --fail)
+ do
+ sleep 5
+ done
+}
+
+configureEjbca() {
+ ejbca.sh config cmp addalias --alias cmpRA
+ ejbca.sh config cmp updatealias --alias cmpRA --key operationmode --value ra
+ ejbca.sh ca editca --caname ManagementCA --field cmpRaAuthSecret --value ${RA_IAK}
+ ejbca.sh config cmp updatealias --alias cmpRA --key responseprotection --value pbe
+ ejbca.sh config cmp dumpalias --alias cmpRA
+ ejbca.sh config cmp addalias --alias cmp
+ ejbca.sh config cmp updatealias --alias cmp --key allowautomatickeyupdate --value true
+ ejbca.sh config cmp updatealias --alias cmp --key responseprotection --value pbe
+ ejbca.sh ra addendentity --username Node123 --dn "CN=Node123" --caname ManagementCA --password ${CLIENT_IAK} --type 1 --token USERGENERATED
+ ejbca.sh ra setclearpwd --username Node123 --password ${CLIENT_IAK}
+ ejbca.sh config cmp updatealias --alias cmp --key extractusernamecomponent --value CN
+ ejbca.sh config cmp dumpalias --alias cmp
+ ejbca.sh ca getcacert --caname ManagementCA -f /dev/stdout > cacert.pem
+}
+
+
+waitForEjbcaToStart
+configureEjbca
--- /dev/null
+# Copyright © 2020, Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: "{{ include "common.fullname" . }}-config-script"
+data:
+{{ tpl (.Files.Glob "resources/ejbca-config.sh").AsConfig . | indent 2 }}
--- /dev/null
+# Copyright © 2020, Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ initContainers:
+ - name: {{ include "common.name" . }}-db-readiness
+ command:
+ - /root/ready.py
+ args:
+ - --container-name
+ {{- if .Values.global.mariadbGalera.localCluster }}
+ - ejbca-galera
+ {{- else }}
+ - ejbca-config
+ {{- end }}
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ containers:
+ - name: {{ include "common.name" . }}-ejbca
+ image: {{ .Values.ejbca.image }}
+ imagePullPolicy: {{ .Values.pullPolicy }}
+ lifecycle:
+ postStart:
+ exec:
+ command: ["/bin/sh", "-c", "/opt/primekey/scripts/ejbca-config.sh"]
+ volumeMounts:
+ - name: "{{ include "common.fullname" . }}-volume"
+ mountPath: /opt/primekey/scripts/
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
+ env:
+ - name: INITIAL_ADMIN
+ value: ";PublicAccessAuthenticationToken:TRANSPORT_ANY;"
+ - name: DATABASE_JDBC_URL
+ value: jdbc:mariadb://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{ .Values.mysqlDatabase }}
+ - name: DATABASE_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-db-secret" "key" "login") | indent 10 }}
+ - name: DATABASE_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-db-secret" "key" "password") | indent 10 }}
+ - name: RA_IAK
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-server-ra-iak" "key" "password") | indent 10 }}
+ - name: CLIENT_IAK
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-server-client-iak" "key" "password") | indent 10 }}
+ livenessProbe:
+ httpGet:
+ port: {{ .Values.liveness.port }}
+ path: {{ .Values.liveness.path }}
+ scheme: HTTPS
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ readinessProbe:
+ httpGet:
+ port: {{ .Values.readiness.port }}
+ path: {{ .Values.readiness.path }}
+ scheme: HTTPS
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity: {{ toYaml .Values.affinity | nindent 10 }}
+ {{- end }}
+ volumes:
+ - configMap:
+ name: "{{ include "common.fullname" . }}-config-script"
+ defaultMode: 0755
+ name: "{{ include "common.fullname" . }}-volume"
--- /dev/null
+# Copyright © 2020, Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
--- /dev/null
+# Copyright © 2020, Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.service" . }}
--- /dev/null
+# Copyright © 2020, Nordix Foundation, Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+global:
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.1
+ mariadbGalera: &mariadbGalera
+ #This flag allows EJBCA to instantiate its own mariadb-galera cluster
+ localCluster: false
+ service: mariadb-galera
+ internalPort: 3306
+ nameOverride: mariadb-galera
+
+secrets:
+ - uid: ejbca-db-secret
+ name: &ejbca-db-secret '{{ include "common.release" . }}-ejbca-db-secret'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.db.userName }}'
+ password: '{{ .Values.config.db.userPassword }}'
+ - uid: ejbca-server-ra-iak
+ name: '{{ include "common.release" . }}-ejbca-ra-iak'
+ type: password
+ password: '{{ .Values.config.ejbca.raIak }}'
+ - uid: ejbca-server-client-iak
+ name: '{{ include "common.release" . }}-ejbca-client-iak'
+ type: password
+ password: '{{ .Values.config.ejbca.clientIak }}'
+
+# application configuration
+config:
+ db:
+ userName: ejbca
+ # userPassword: password
+ # userCredentialsExternalSecret: some-secret
+ ejbca: {}
+ # raIak: mypassword
+ # clientIak: mypassword
+
+mysqlDatabase: &dbName ejbca
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application configuration
+replicaCount: 1
+
+ejbca:
+ image: primekey/ejbca-ce:6.15.2.5
+pullPolicy: Always
+
+mariadb-galera:
+ # '&mariadbConfig' means we "store" the values for later use in the file
+ # with '*mariadbConfig' pointer.
+ config: &mariadbConfig
+ userCredentialsExternalSecret: *ejbca-db-secret
+ mysqlDatabase: *dbName
+ nameOverride: ejbca-galera
+ service:
+ name: ejbca-galera
+ portName: ejbca-galera
+ internalPort: 3306
+ replicaCount: 1
+ persistence:
+ enabled: true
+ mountSubPath: ejbca/maria/data
+
+mariadb-init:
+ config: *mariadbConfig
+ nameOverride: ejbca-config
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ path: /ejbca/publicweb/healthcheck/ejbcahealth
+ port: api
+ initialDelaySeconds: 30
+ periodSeconds: 30
+
+readiness:
+ path: /ejbca/publicweb/healthcheck/ejbcahealth
+ port: api
+ initialDelaySeconds: 30
+ periodSeconds: 30
+
+service:
+ type: ClusterIP
+ ports:
+ - name: api
+ port: 8443
+ plain_port: 8080
+ port_protocol: http
name: localtime
readOnly: true
- name: {{ include "common.fullname" . }}-data
- mountPath: /var/lib/postgresql/data
+ mountPath: /var/lib/postgresql/
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
- name: common
version: ~6.x-0
repository: '@local'
- - name: netbox
- version: ~6.x-0
- repository: 'file://components/netbox'
- condition: netbox.enabled
- name: awx
version: ~6.x-0
repository: 'file://components/awx'
condition: awx.enabled
+ - name: ejbca
+ version: ~6.x-0
+ repository: 'file://components/ejbca'
+ condition: global.cmpv2Enabled
+ - name: netbox
+ version: ~6.x-0
+ repository: 'file://components/netbox'
+ condition: netbox.enabled
# See the License for the specific language governing permissions and
# limitations under the License.
+global:
+ cmpv2Enabled: true
+
awx:
enabled: true
netbox:
- enabled: true
\ No newline at end of file
+ enabled: true
# ============LICENSE_END=========================================================
k8s_pgaas_instance_fqdn: {{ .Values.postgres.service.name2 }}.{{include "common.namespace" . }}
-k8s_initial_password: {{ .Values.postgres.config.pgRootPassword }}
+k8s_initial_password: $PG_ROOT_PASSWORD
-#============LICENSE_START========================================================\r
-# ================================================================================\r
-# Copyright (c) 2017-2019 AT&T Intellectual Property. All rights reserved.\r
-# Modifications Copyright © 2018 Amdocs, Bell Canada\r
-# ================================================================================\r
-# Licensed under the Apache License, Version 2.0 (the "License");\r
-# you may not use this file except in compliance with the License.\r
-# You may obtain a copy of the License at\r
-#\r
-# http://www.apache.org/licenses/LICENSE-2.0\r
-#\r
-# Unless required by applicable law or agreed to in writing, software\r
-# distributed under the License is distributed on an "AS IS" BASIS,\r
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
-# See the License for the specific language governing permissions and\r
-# limitations under the License.\r
-# ============LICENSE_END=========================================================\r
-\r
-apiVersion: extensions/v1beta1\r
-kind: Deployment\r
-metadata:\r
- name: {{ include "common.fullname" . }}\r
- namespace: {{ include "common.namespace" . }}\r
- labels:\r
- app: {{ include "common.name" . }}\r
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}\r
- release: {{ include "common.release" . }}\r
- heritage: {{ .Release.Service }}\r
-spec:\r
- replicas: 1\r
- template:\r
- metadata:\r
- labels:\r
- app: {{ include "common.name" . }}\r
- release: {{ include "common.release" . }}\r
- spec:\r
- initContainers:\r
- - name: {{ include "common.name" . }}-readiness\r
- image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}\r
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}\r
- command:\r
- - /root/ready.py\r
- args:\r
- - --container-name\r
- - dcae-cloudify-manager\r
- - --container-name\r
- - consul-server\r
- - --container-name\r
- - msb-discovery\r
- - --container-name\r
- - kube2msb\r
- - --container-name\r
- - dcae-config-binding-service\r
- - --container-name\r
- - dcae-db\r
- - --container-name\r
- - dcae-inventory-api\r
- - "-t"\r
- - "15"\r
-\r
- env:\r
- - name: NAMESPACE\r
- valueFrom:\r
- fieldRef:\r
- apiVersion: v1\r
- fieldPath: metadata.namespace\r
- - name: init-tls\r
- env:\r
- - name: POD_IP\r
- valueFrom:\r
- fieldRef:\r
- apiVersion: v1\r
- fieldPath: status.podIP\r
- - name: aaf_locator_fqdn\r
- value: dcae\r
- image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}\r
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}\r
- resources: {}\r
- volumeMounts:\r
- - mountPath: /opt/app/osaaf\r
- name: tls-info\r
- containers:\r
- - name: {{ include "common.name" . }}\r
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"\r
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}\r
- resources:\r
-{{ include "common.resources" . | indent 12 }}\r
- volumeMounts:\r
- - mountPath: /inputs\r
- name: {{ include "common.fullname" . }}-dcae-inputs\r
- - mountPath: /dcae-configs\r
- name: {{ include "common.fullname" . }}-dcae-config\r
- - mountPath: /etc/localtime\r
- name: localtime\r
- readOnly: true\r
- - mountPath: /certs\r
- name: tls-info\r
- readOnly: true\r
- env:\r
- - name: CMADDR\r
- value: {{ .Values.config.address.cm.host }}\r
- - name: CMPASS\r
- valueFrom:\r
- secretKeyRef:\r
- name: {{ include "common.name" . }}-cmpass\r
- key: password\r
- - name: CMPROTO\r
- value: {{ .Values.config.address.cm.proto }}\r
- - name: CMPORT\r
- value: !!string {{ .Values.config.address.cm.port }}\r
- - name: CONSUL\r
- value: {{ .Values.config.address.consul.host }}:{{ .Values.config.address.consul.port }}\r
- - name: DCAE_NAMESPACE\r
- value: {{ .Values.dcae_ns | default "" }}\r
- - name: ONAP_NAMESPACE\r
- value: {{ include "common.namespace" . }}\r
- volumes:\r
- - name: {{ include "common.fullname" . }}-dcae-inputs\r
- configMap:\r
- name: {{ include "common.fullname" . }}-dcae-inputs\r
- - name: {{ include "common.fullname" . }}-dcae-config\r
- configMap:\r
- name: {{ include "common.fullname" . }}-dcae-config\r
- - name: localtime\r
- hostPath:\r
- path: /etc/localtime\r
- - name: tls-info\r
- emptyDir: {}\r
- imagePullSecrets:\r
- - name: "{{ include "common.namespace" . }}-docker-registry-key"\r
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2017-2019 AT&T Intellectual Property. All rights reserved.
+# Modifications Copyright © 2018 Amdocs, Bell Canada
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: PG_ROOT_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-root-pass" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: {{ include "common.fullname" . }}-dcae-inputs-input
+ - mountPath: /config
+ name: {{ include "common.fullname" . }}-dcae-inputs
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+
+ - name: {{ include "common.name" . }}-readiness
+ image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /root/ready.py
+ args:
+ - --container-name
+ - dcae-cloudify-manager
+ - --container-name
+ - consul-server
+ - --container-name
+ - msb-discovery
+ - --container-name
+ - kube2msb
+ - --container-name
+ - dcae-config-binding-service
+ - --container-name
+ - dcae-db
+ - --container-name
+ - dcae-inventory-api
+ - "-t"
+ - "15"
+
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ - name: init-tls
+ env:
+ - name: POD_IP
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: status.podIP
+ - name: aaf_locator_fqdn
+ value: dcae
+ image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ resources: {}
+ volumeMounts:
+ - mountPath: /opt/app/osaaf
+ name: tls-info
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ volumeMounts:
+ - mountPath: /inputs
+ name: {{ include "common.fullname" . }}-dcae-inputs
+ - mountPath: /dcae-configs
+ name: {{ include "common.fullname" . }}-dcae-config
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /certs
+ name: tls-info
+ readOnly: true
+ env:
+ - name: CMADDR
+ value: {{ .Values.config.address.cm.host }}
+ - name: CMPASS
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-cmpass
+ key: password
+ - name: CMPROTO
+ value: {{ .Values.config.address.cm.proto }}
+ - name: CMPORT
+ value: !!string {{ .Values.config.address.cm.port }}
+ - name: CONSUL
+ value: {{ .Values.config.address.consul.host }}:{{ .Values.config.address.consul.port }}
+ - name: DCAE_NAMESPACE
+ value: {{ .Values.dcae_ns | default "" }}
+ - name: ONAP_NAMESPACE
+ value: {{ include "common.namespace" . }}
+ volumes:
+ - name: {{ include "common.fullname" . }}-dcae-inputs-input
+ configMap:
+ name: {{ include "common.fullname" . }}-dcae-inputs
+ - name: {{ include "common.fullname" . }}-dcae-inputs
+ emptyDir:
+ medium: Memory
+ - name: {{ include "common.fullname" . }}-dcae-config
+ configMap:
+ name: {{ include "common.fullname" . }}-dcae-config
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: tls-info
+ emptyDir: {}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
type: Opaque
data:
password: YWRtaW4=
+---
+{{ include "common.secretFast" . }}
loggingImage: beats/filebeat:5.5.0
tlsRepository: nexus3.onap.org:10001
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
+ envsubstImage: dibi/envsubst
+
+secrets:
+ - uid: pg-root-pass
+ name: &pgRootPassSecretName '{{ include "common.release" . }}-dcae-bootstrap-pg-root-pass'
+ type: password
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "dcae-bootstrap-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}'
+ password: '{{ .Values.postgres.config.pgRootpassword }}'
+ policy: generate
config:
logstashServiceName: log-ls
primary: dcae-pg-primary
replica: dcae-pg-replica
config:
- pgPrimaryPassword: onapdemodb
- pgRootPassword: onapdemodb
+ pgRootPasswordExternalSecret: *pgRootPassSecretName
persistence:
mountSubPath: dcae/data
mountInitPath: dcae
- pgpool:
- nameOverride: dcae-pgpool
- service:
- name: dcae-pgpool
- credentials:
- pgpassword: onapdemodb
- container:
- name:
- primary: dcae-pgpool-primary
- replica: dcae-pgpool-replica
mongo:
nameOverride: dcae-mongo
- name: consul_url
value: http://consul-server-ui:8500
- name: postgres_user_dashboard
- value: {{ .Values.postgres.config.pgUserName }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 14 }}
+ - name: postgres_password_dashboard
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 14 }}
- name: postgres_db_name
value: {{ .Values.postgres.config.pgDatabase }}
- - name: postgres_password_dashboard
- value: {{ .Values.postgres.config.pgUserPassword }}
- name: postgres_ip
value: {{ .Values.postgres.service.name2 }}
- name: POD_IP
name: tls-info
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
-
--- /dev/null
+{{/*
+# Copyright © 2020 Samsung Electronics
+# #
+# # Licensed under the Apache License, Version 2.0 (the "License");
+# # you may not use this file except in compliance with the License.
+# # You may obtain a copy of the License at
+# #
+# # http://www.apache.org/licenses/LICENSE-2.0
+# #
+# # Unless required by applicable law or agreed to in writing, software
+# # distributed under the License is distributed on an "AS IS" BASIS,
+# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# # See the License for the specific language governing permissions and
+# # limitations under the License.
+*/}}
+{{ include "common.secretFast" . }}
tlsRepository: nexus3.onap.org:10001
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
+secrets:
+ - uid: pg-user-creds
+ name: &pgUserCredsSecretName '{{ include "common.release" . }}-dcae-dashboard-pg-user-creds'
+ type: basicAuth
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "dcae-dashboard-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
+ login: '{{ .Values.postgres.config.pgUserName }}'
+ password: '{{ .Values.postgres.config.pgUserPassword }}'
+ passwordPolicy: generate
+
config:
logstashServiceName: log-ls
logstashPort: 5044
replica: dcae-dashboard-pg-replica
config:
pgUserName: dashboard_pg_admin
+ pgUserExternalSecret: *pgUserCredsSecretName
pgDatabase: dashboard_pg_db_common
- pgPrimaryPassword: onapdemodb
- pgUserPassword: onapdemodb
- pgRootPassword: onapdemodb
pgPort: "5432"
persistence:
mountSubPath: dcae-dashboard/data
{
"database": {
"driverClass": "org.postgresql.Driver",
- "user": "{{ .Values.postgres.config.pgUserName }}",
- "password": "{{ .Values.postgres.config.pgUserPassword }}",
+ "user": "${PG_USER}",
+ "password": "${PG_PASSWORD}",
"url": "jdbc:postgresql://{{ .Values.postgres.service.name2 }}:5432/{{ .Values.postgres.config.pgDatabase }}",
"properties": {
"charSet": "UTF-8"
release: {{ include "common.release" . }}
spec:
initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: PG_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 12 }}
+ - name: PG_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 12 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: {{ include "common.fullname" . }}-inv-config-input
+ - mountPath: /config
+ name: {{ include "common.fullname" . }}-inv-config
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+
- name: {{ include "common.name" . }}-readiness
image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
defaultMode: 420
name: {{ include "common.fullname" . }}-filebeat-configmap
name: filebeat-conf
- - name: {{ include "common.fullname" . }}-inv-config
+ - name: {{ include "common.fullname" . }}-inv-config-input
configMap:
name: {{ include "common.fullname" . }}-configmap
+ - name: {{ include "common.fullname" . }}-inv-config
+ emptyDir:
+ medium: Memory
- emptyDir: {}
name: tls-info
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
-
--- /dev/null
+{{/*
+# Copyright © 2020 Samsung Electronics
+# #
+# # Licensed under the Apache License, Version 2.0 (the "License");
+# # you may not use this file except in compliance with the License.
+# # You may obtain a copy of the License at
+# #
+# # http://www.apache.org/licenses/LICENSE-2.0
+# #
+# # Unless required by applicable law or agreed to in writing, software
+# # distributed under the License is distributed on an "AS IS" BASIS,
+# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# # See the License for the specific language governing permissions and
+# # limitations under the License.
+*/}}
+{{ include "common.secretFast" . }}
loggingImage: beats/filebeat:5.5.0
tlsRepository: nexus3.onap.org:10001
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
+ envsubstImage: dibi/envsubst
repositoryCred:
user: docker
password: docker
+secrets:
+ - uid: pg-user-creds
+ name: &pgUserCredsSecretName '{{ include "common.release" . }}-dcae-inventory-api-pg-user-creds'
+ type: basicAuth
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "dcae-inventory-api-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
+ login: '{{ .Values.postgres.config.pgUserName }}'
+ password: '{{ .Values.postgres.config.pgUserPassword }}'
+ passwordPolicy: generate
+
config:
logstashServiceName: log-ls
logstashPort: 5044
replica: dcae-inv-pg-replica
config:
pgUserName: dcae_inv
+ pgUserExternalSecret: *pgUserCredsSecretName
pgDatabase: dcae_inventory
- pgPrimaryPassword: onapdemodb
- pgUserPassword: onapdemodb
- pgRootPassword: onapdemodb
persistence:
mountSubPath: dcae-inv/data
mountInitPath: dcae-inv
- pgpool:
- nameOverride: dcae-inv-pgpool
- service:
- name: dcae-inv-pgpool
- credentials:
- pgusername: ddcae_inv
- pgpassword: onapdemodb
- container:
- name:
- primary: dcae-inv-pgpool-primary
- replica: dcae-inv-pgpool-replica
# Resource Limit flavor -By Default using small
flavor: small
#ssl.key: $ssl.key
#The passphrase used to decrypt an encrypted key stored in the configured key file
- #ssl.key_passphrase: $ssl.key_passphrase
\ No newline at end of file
+ #ssl.key_passphrase: $ssl.key_passphrase
# The port number for http as seen within the server
#
#IntHttpPort: ${DRTR_NODE_INTHTTPPORT:-8080}
-IntHttpPort={{.Values.config.dmaapDrNode.internalPort}}
+IntHttpPort={{ include "common.getPort" (dict "global" . "name" "api" "getPlain" true) }}
#
# The port number for https as seen within the server
#
-IntHttpsPort={{.Values.config.dmaapDrNode.internalPort2}}
+IntHttpsPort={{ include "common.getPort" (dict "global" . "name" "api") }}
#
# The external port number for https taking port mapping into account
#
#
# The path to the directory where log files are stored
#
-LogDir=/opt/app/datartr/logs
+LogDir={{ .Values.persistence.event.path }}
#
# The retention interval (in days) for log files
#
#
# The path to the directories where data and meta data files are stored
#
-SpoolDir=/opt/app/datartr/spool
+SpoolDir={{ .Values.persistence.spool.path }}
#
# The path to the redirection data file
#
CadiEnabled = false
#
# AAF Props file path
-AAFPropsFilePath = /opt/app/osaaf/local/org.onap.dmaap-dr.props
-
+AAFPropsFilePath = {{ .Values.aafConfig.credsPath }}/org.onap.dmaap-dr.props
{{- range .Values.ingress.hosts }}
http://{{ . }}
{{- end }}
-{{- else if contains "NodePort" .Values.config.dmaapDrNode.servicetype }}
+{{- else if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.config.dmaapDrNode.servicetype }}
+{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo http://$SERVICE_IP:{{.Values.config.dmaapDrNode.externalPort}}
-{{- else if contains "ClusterIP" .Values.config.dmaapDrNode.servicetype }}
+{{- else if contains "ClusterIP" .Values.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{.Values.config.dmaapDrNode.internalPort}}
-{{- end }}
\ No newline at end of file
+ kubectl port-forward $POD_NAME 8080:{{ include "common.getPort" (dict "global" . "name" "api" "getPlain" true) }}
+{{- end }}
apiVersion: batch/v1
kind: Job
-metadata:
- name: {{ include "common.fullname" . }}-post-install
- labels:
- app.kubernetes.io/managed-by: {{.Release.Service | quote }}
- app.kubernetes.io/instance: {{include "common.release" . | quote }}
- helm.sh/chart: "{{.Chart.Name}}-{{.Chart.Version}}"
- release: {{ include "common.release" . }}
- annotations:
- # This is what defines this resource as a hook. Without this line, the
- # job is considered part of the release.
- "helm.sh/hook": post-install
- "helm.sh/hook-weight": "-2"
- "helm.sh/hook-delete-policy": hook-succeeded
+metadata: {{ include "common.resourceMetadata" (dict "dot" . "suffix" "post-install" "annotations" .Values.job.annotations) | nindent 2 }}
spec:
template:
- metadata:
- name: {{ include "common.fullname" . }}
- labels:
- app.kubernetes.io/managed-by: {{.Release.Service | quote }}
- app.kubernetes.io/instance: {{include "common.release" . | quote }}
- helm.sh/chart: "{{.Chart.Name}}-{{.Chart.Version}}"
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
restartPolicy: Never
containers:
# NOTE: the basename of the subdirectory is important - it matches the DBCL API URI
- name: {{ include "common.fullname" . }}-dbc-drnodes
mountPath: /opt/app/config/dr_nodes/
- resources:
-{{ include "common.resources" . | indent 10 }}
+ resources: {{ include "common.resources" . | nindent 10 }}
{{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 8 }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
{{- end -}}
{{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 8 }}
+ affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
volumes:
- name: localtime
+++ /dev/null
-{{/*
- # ============LICENSE_START=======================================================
- # Copyright (C) 2019 Nordix Foundation.
- # ================================================================================
- # Licensed under the Apache License, Version 2.0 (the "License");
- # you may not use this file except in compliance with the License.
- # You may obtain a copy of the License at
- #
- # http://www.apache.org/licenses/LICENSE-2.0
- #
- # Unless required by applicable law or agreed to in writing, software
- # distributed under the License is distributed on an "AS IS" BASIS,
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- # See the License for the specific language governing permissions and
- # limitations under the License.
- #
- # SPDX-License-Identifier: Apache-2.0
- # ============LICENSE_END=========================================================
-*/}}
-
-
-{{- if .Values.global.aafEnabled }}
-{{- $global := . }}
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
-{{- if (include "common.needPV" .) -}}
-{{- range $i := until (int $global.Values.replicaCount)}}
----
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" $global }}-aaf-props-{{ $i }}
- namespace: {{ include "common.namespace" $global }}
- labels:
- app: {{ include "common.name" $global }}
- chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" $global }}"
- heritage: "{{ $global.Release.Service }}"
- name: {{ include "common.fullname" $global }}-aaf-props
-spec:
- capacity:
- storage: {{ $global.Values.persistence.aafCredsSize }}
- accessModes:
- - {{ $global.Values.persistence.accessMode }}
- storageClassName: "{{ include "common.fullname" $global }}-data-aaf-props"
- persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }}
- hostPath:
- path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.aafCredsMountSubPath }}-{{$i}}
-{{if ne $i (int $global.Values.replicaCount) }}
----
-{{- end -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
{{/*
- # ============LICENSE_START=======================================================
- # Copyright (C) 2019 Nordix Foundation.
- # ================================================================================
+ # ============LICENSE_START===================================================
+ # Copyright (C) 2020 Nordix Foundation, Orange.
+ # ============================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# limitations under the License.
#
# SPDX-License-Identifier: Apache-2.0
- # ============LICENSE_END=========================================================
+ # ============LICENSE_END=====================================================
*/}}
----
-{{- $global := . }}
-{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }}
-{{- if (include "common.needPV" .) -}}
-{{- range $i := until (int $global.Values.replicaCount)}}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" $global }}-event-logs-{{ $i }}
- namespace: {{ include "common.namespace" $global }}
- labels:
- app: {{ include "common.fullname" $global }}
- chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" $global }}"
- heritage: "{{ $global.Release.Service }}"
- name: {{ include "common.fullname" $global }}-event-logs
-spec:
- capacity:
- storage: {{ $global.Values.persistence.eventLogSize}}
- accessModes:
- - {{ $global.Values.persistence.accessMode }}
- persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }}
- storageClassName: "{{ include "common.fullname" $global }}-data-event-logs"
- hostPath:
- path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.eventLogsMountSubPath }}-{{$i}}
-{{if ne $i (int $global.Values.replicaCount) }}
----
-{{- end -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
+{{ include "common.replicaPV" (dict "dot" . "suffix" "event-logs" "persistenceInfos" .Values.persistence.event) }}
{{/*
- # ============LICENSE_START=======================================================
- # Copyright (C) 2019 Nordix Foundation.
- # ================================================================================
+ # ============LICENSE_START===================================================
+ # Copyright (C) 2020 Nordix Foundation, Orange.
+ # ============================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# limitations under the License.
#
# SPDX-License-Identifier: Apache-2.0
- # ============LICENSE_END=========================================================
+ # ============LICENSE_END=====================================================
*/}}
-{{- $global := . }}
-{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }}
-{{- if (include "common.needPV" .) -}}
-{{- range $i := until (int $global.Values.replicaCount)}}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" $global }}-spool-data-{{$i}}
- namespace: {{ include "common.namespace" $global }}
- labels:
- app: {{ include "common.fullname" $global }}
- chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" $global }}"
- heritage: "{{ $global.Release.Service }}"
- name: {{ include "common.fullname" $global }}-spool-data
-spec:
- capacity:
- storage: {{ $global.Values.persistence.spoolSize}}
- accessModes:
- - {{ $global.Values.persistence.accessMode }}
- persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }}
- storageClassName: "{{ include "common.fullname" $global }}-data"
- hostPath:
- path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.spoolMountSubPath }}-{{$i}}
-{{if ne $i (int $global.Values.replicaCount) }}
----
-{{- end -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
+{{ include "common.replicaPV" (dict "dot" . "suffix" "spool" "persistenceInfos" .Values.persistence.spool) }}
--- /dev/null
+# Copyright © 2020 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: Service
-metadata:
- name: {{.Values.config.dmaapDrNode.name}}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
-spec:
- type: {{.Values.config.dmaapDrNode.servicetype}}
- ports:
- {{if eq .Values.config.dmaapDrNode.servicetype "NodePort" -}}
- {{- if .Values.global.allow_http }}
- - port: {{.Values.config.dmaapDrNode.externalPort}}
- targetPort: {{.Values.config.dmaapDrNode.internalPort}}
- nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{.Values.config.dmaapDrNode.nodePort}}
- name: {{.Values.config.dmaapDrNode.name}}
- {{- end}}
- - port: {{.Values.config.dmaapDrNode.externalPort2}}
- targetPort: {{.Values.config.dmaapDrNode.internalPort2}}
- nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{.Values.config.dmaapDrNode.nodePort2}}
- name: {{.Values.config.dmaapDrNode.name}}2
- {{- else -}}
- - port: {{.Values.config.dmaapDrNode.externalPort}}
- targetPort: {{.Values.config.dmaapDrNode.internalPort}}
- name: {{.Values.config.dmaapDrNode.name}}
- - port: {{.Values.config.dmaapDrNode.externalPort2}}
- targetPort: {{.Values.config.dmaapDrNode.internalPort2}}
- name: {{.Values.config.dmaapDrNode.name}}2
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
\ No newline at end of file
+{{ include "common.service" . }}
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: apps/v1beta1
+apiVersion: apps/v1
kind: StatefulSet
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ serviceName: {{ include "common.servicename" . }}
replicas: {{ .Values.replicaCount }}
- serviceName: {{ .Values.config.dmaapDrNode.name }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- name: {{ include "common.name" . }}-readiness
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- {{- if .Values.global.aafEnabled }}
- - name: {{ include "common.name" . }}-aaf-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /root/ready.py
- args:
- - --container-name
- - aaf-locate
- - --container-name
- - aaf-cm
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- - name: {{ include "common.name" . }}-dr-node-aaf-config
- image: "{{ include "common.repository" . }}/{{ .Values.global.aafAgentImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: {{ .Values.persistence.aafCredsPath }}
- name: {{ include "common.fullname" . }}-aaf-props
- command: ["bash","-c","exec /opt/app/aaf_config/bin/agent.sh"]
- env:
- - name: APP_FQI
- value: "{{ .Values.aafConfig.fqi }}"
- - name: aaf_locate_url
- value: "https://aaf-locate.{{ .Release.Namespace }}:8095"
- - name: aaf_locator_container
- value: "{{ .Values.global.aafLocatorContainer }}"
- - name: aaf_locator_container_ns
- value: "{{ .Release.Namespace }}"
- - name: aaf_locator_fqdn
- value: "{{ .Values.aafConfig.fqdn }}"
- - name: aaf_locator_public_fqdn
- value: "{{.Values.aafConfig.publicFqdn}}"
- - name: aaf_locator_app_ns
- value: "{{ .Values.global.aafAppNs }}"
- - name: DEPLOY_FQI
- value: "{{ .Values.aafConfig.aafDeployFqi }}"
- - name: DEPLOY_PASSWORD
- value: "{{ .Values.aafConfig.aafDeployPass }}"
- - name: cadi_longitude
- value: "{{ .Values.aafConfig.cadiLongitude }}"
- - name: cadi_latitude
- value: "{{ .Values.aafConfig.cadiLatitude }}"
- {{- end }}
+ {{- if .Values.global.aafEnabled }}{{ include "common.aaf-config" . | nindent 8 }}{{ end }}
- name: {{ include "common.name" . }}-permission-fixer
image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: {{ .Values.persistence.spoolPath }}
- name: {{ include "common.fullname" . }}-data
- - mountPath: {{ .Values.persistence.eventLogsPath }}
+ volumeMounts: {{- if .Values.global.aafEnabled }}{{ include "common.aaf-config-volume-mountpath" . | nindent 10 }}{{ end }}
+ - mountPath: {{ .Values.persistence.spool.path }}
+ name: {{ include "common.fullname" . }}-spool
+ - mountPath: {{ .Values.persistence.event.path }}
name: {{ include "common.fullname" . }}-event-logs
- {{- if .Values.global.aafEnabled }}
- - mountPath: {{ .Values.persistence.aafCredsPath }}
- name: {{ include "common.fullname" . }}-aaf-props
- {{- end }}
command: ["chown","-Rf","1000:1001", "/opt/app/"]
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{.Values.config.dmaapDrNode.externalPort}}
- - containerPort: {{.Values.config.dmaapDrNode.externalPort2}}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
- port: {{.Values.config.dmaapDrNode.internalPort}}
+ port: {{.Values.liveness.port}}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end -}}
readinessProbe:
tcpSocket:
- port: {{.Values.config.dmaapDrNode.internalPort}}
+ port: {{.Values.readiness.port}}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts:
- {{- if .Values.global.aafEnabled }}
- - mountPath: {{ .Values.persistence.aafCredsPath }}
- name: {{ include "common.fullname" . }}-aaf-props
- {{- end }}
- - mountPath: {{ .Values.persistence.spoolPath }}
- name: {{ include "common.fullname" . }}-data
- - mountPath: {{ .Values.persistence.eventLogsPath }}
+ volumeMounts: {{- if .Values.global.aafEnabled }}{{ include "common.aaf-config-volume-mountpath" . | nindent 10 }}{{ end }}
+ - mountPath: {{ .Values.persistence.spool.path }}
+ name: {{ include "common.fullname" . }}-spool
+ - mountPath: {{ .Values.persistence.event.path }}
name: {{ include "common.fullname" . }}-event-logs
- mountPath: /etc/localtime
name: localtime
subPath: logback.xml
- mountPath: {{ .Values.global.loggingDirectory }}
name: {{ include "common.fullname" . }}-logs
- resources:
-{{ include "common.resources" . }}
+ resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
{{- end -}}
{{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
+ affinity: {{ toYaml .Values.affinity | nindent 10 }}
{{- end -}}
# Filebeat sidecar container
- name: {{ include "common.name" . }}-filebeat-onap
mountPath: /var/log/onap/datarouter-node
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
- volumes:
+ volumes: {{ include "common.aaf-config-volumes" . | nindent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
{{- if not .Values.persistence.enabled }}
- name: {{ include "common.fullname" . }}-event-logs
emptyDir: {}
- - name: {{ include "common.fullname" . }}-data
- emptyDir: {}
- {{- if .Values.global.aafEnabled }}
- - name: {{ include "common.fullname" . }}-aaf-props
+ - name: {{ include "common.fullname" . }}-spool
emptyDir: {}
{{- end }}
- {{- end }}
{{- if .Values.persistence.enabled }}
volumeClaimTemplates:
- - metadata:
- name: {{ include "common.fullname" . }}-data
- labels:
- name: {{ include "common.fullname" . }}
- spec:
- accessModes:
- - {{ .Values.persistence.accessMode }}
- storageClassName: {{ include "common.storageClass" . }}
- resources:
- requests:
- storage: {{ .Values.persistence.spoolSize }}
- - metadata:
- name: {{ include "common.fullname" . }}-event-logs
- labels:
- name: {{ include "common.fullname" . }}
- spec:
- accessModes:
- - {{ .Values.persistence.accessMode }}
- {{- if eq "True" (include "common.needPV" .) }}
- storageClassName: "{{ include "common.fullname" . }}-data-event-logs"
- {{- else }}
- storageClassName: {{ include "common.storageClass" . }}
- {{- end }}
- resources:
- requests:
- storage: {{ .Values.persistence.eventLogSize }}
-{{- if .Values.global.aafEnabled }}
- - metadata:
- name: {{ include "common.fullname" . }}-aaf-props
- labels:
- name: {{ include "common.fullname" . }}
- spec:
- accessModes:
- - {{ .Values.persistence.accessMode }}
- {{- if eq "True" (include "common.needPV" .) }}
- storageClassName: "{{ include "common.fullname" . }}-data-aaf-props"
- {{- else }}
- storageClassName: {{ include "common.storageClass" . }}
- {{- end }}
- resources:
- requests:
- storage: {{ .Values.persistence.aafCredsSize }}
-{{- end }}
+ - {{ include "common.PVCTemplate" (dict "dot" . "suffix" "spool" "persistenceInfos" .Values.persistence.spool) | indent 4 | trim }}
+ - {{ include "common.PVCTemplate" (dict "dot" . "suffix" "event-logs" "persistenceInfos" .Values.persistence.event) | indent 4 | trim }}
{{- end }}
global:
loggingDirectory: /var/log/onap/datarouter
persistence: {}
+ aafEnabled: true
#################################################################
# Application configuration defaults.
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
+ port: api
readiness:
initialDelaySeconds: 30
periodSeconds: 10
+ port: api
## Persist data to a persitent volume
persistence:
enabled: true
- volumeReclaimPolicy: Retain
- accessMode: ReadWriteOnce
mountPath: /dockerdata-nfs
+ spool:
+ enabled: true
+ volumeReclaimPolicy: Retain
+ accessMode: ReadWriteOnce
+ mountSubPath: data-router/dr-node/spool-data
+ size: 2Gi
+ path: /opt/app/datartr/spool
+ labels:
+ app.kubernetes.io/component: spool
+
+ event:
+ enabled: true
+ volumeReclaimPolicy: Retain
+ accessMode: ReadWriteOnce
+ mountSubPath: data-router/dr-node/event-logs
+ path: /opt/app/datartr/logs
+ size: 2Gi
+ labels:
+ app.kubernetes.io/component: event-logs
+
+job:
+ annotations:
+ "helm.sh/hook": post-install
+ "helm.sh/hook-weight": "-2"
+ "helm.sh/hook-delete-policy": hook-succeeded
- spoolMountSubPath: data-router/dr-node/spool-data
- spoolSize: 2Gi
- spoolPath: /opt/app/datartr/spool
-
- eventLogsMountSubPath: data-router/dr-node/event-logs
- eventLogSize: 2Gi
- eventLogsPath: /opt/app/datartr/logs
-
- aafCredsMountSubPath: data-router/dr-node/aaf-props
- aafCredsSize: 10M
- aafCredsPath: /opt/app/osaaf/local
-
-#AAF local config
+#################################################################
+# AAF part
+#################################################################
aafConfig:
aafDeployFqi: deployer@people.osaaf.org
aafDeployPass: demo123456!
fqdn: dmaap-dr-node
fqi: dmaap-dr-node@dmaap-dr.onap.org
- publicFqdn: dmaap-dr.onap.org
- cadiLatitude: 0.0
- cadiLongitude: 0.0
+ public_fqdn: dmaap-dr.onap.org
+ cadi_longitude: 0.0
+ cadi_latitude: 0.0
+ app_ns: org.osaaf.aaf
+ permission_user: 1000
+ permission_group: 1001
+ secret_uid: &aaf_secret_uid dmaap-dr-node-aaf-deploy-creds
+ credsPath: /opt/app/osaaf/local
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: *aaf_secret_uid
+ type: basicAuth
+ externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDisabled" .Values.global.aafEnabled }}'
+ login: '{{ .Values.aafConfig.aafDeployFqi }}'
+ password: '{{ .Values.aafConfig.aafDeployPass }}'
+ passwordPolicy: required
ingress:
enabled: false
memory: 2Gi
unlimited: {}
+service:
+ type: NodePort
+ name: dmaap-dr-node
+ useNodePortExt: true
+ annotations:
+ service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
+ ports:
+ - name: api
+ port: 8443
+ plain_port: 8080
+ port_protocol: http
+ nodePort: 94
+
config:
# dr node server configuration
dmaapDrNode:
- servicetype: NodePort
- name: dmaap-dr-node
- externalPort: 8080
- externalPort2: 8443
- internalPort: 8080
- internalPort2: 8443
- portName: dr-node-port
- portName2: dr-node-port2
- nodePort: 93
- nodePort2: 94
# dr uses the EELF Logging framework https://github.com/att/EELF
# and supports the following log levels: TRACE, DEBUG, INFO, WARN, ERROR, OFF
logLevel: "INFO"
- sh
- -exec
- |
+ rm -rf '/var/lib/kafka/data/lost+found';
chown -R 1000:0 /var/lib/kafka/data;
image: "{{ .Values.busyBoxRepository }}/{{ .Values.busyBoxImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ingress:
enabled: false
+ service:
+ - baseaddr: "mr.api"
+ name: "message-router"
+ port: 3905
+ config:
+ ssl: "redirect"
+
# Resource Limit flavor -By Default using small
flavor: small
ingress:
enabled: false
service:
- - baseaddr: "logkibana"
+ - baseaddr: "kibana.api"
name: "log-kibana"
port: 5601
config:
requests:
cpu: 2
memory: 4Gi
- unlimited: {}
\ No newline at end of file
+ unlimited: {}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
+ - name: MSB_PROTO
+ value: "{{ .Values.global.config.msbProtocol }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.global.config.ssl_enabled }}"
- name: MSB_ADDR
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: MYSQL_ADDR
"url": "/api/parser/v1",
"protocol": "REST",
"port": "{{.Values.service.externalPort}}",
+ "enable_ssl": {{ .Values.global.config.ssl_enabled }},
"visualRange":"1"
},
{
- "serviceName": "etsicatalog",
+ "serviceName": "catalog",
"version": "v1",
"url": "/api/catalog/v1",
"protocol": "REST",
"port": "{{.Values.service.externalPort}}",
+ "enable_ssl": {{ .Values.global.config.ssl_enabled }},
"visualRange":"1"
},
{
"url": "/api/nsd/v1",
"protocol": "REST",
"port": "{{.Values.service.externalPort}}",
+ "enable_ssl": {{ .Values.global.config.ssl_enabled }},
"visualRange":"1"
},
{
"url": "/api/vnfpkgm/v1",
"protocol": "REST",
"port": "{{.Values.service.externalPort}}",
+ "enable_ssl": {{ .Values.global.config.ssl_enabled }},
"visualRange":"1"
}
]'
loggingImage: beats/filebeat:5.5.0
config:
+ ssl_enabled: false
+ msbProtocol: https
msbServiceName: msb-iag
msbPort: 443
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/oom/kube2msb:1.1.0
+image: onap/oom/kube2msb:1.2.6
pullPolicy: Always
istioSidecar: true
requests:
cpu: 1
memory: 1Gi
- unlimited: {}
\ No newline at end of file
+ unlimited: {}
ingress:
enabled: false
service:
- - baseaddr: "msbdiscovery"
+ - baseaddr: "msb.api.discovery"
name: "msb-discovery"
port: 10081
config:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/msb/msb_apigateway:1.2.6
+image: onap/msb/msb_apigateway:1.2.7
pullPolicy: Always
istioSidecar: true
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/msb/msb_apigateway:1.2.6
+image: onap/msb/msb_apigateway:1.2.7
pullPolicy: Always
istioSidecar: true
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIDkjCCAnoCCQCHtNgoWafiHzANBgkqhkiG9w0BAQsFADCBijELMAkGA1UEBhMC
+Q04xETAPBgNVBAgMCHNpY2h1YW5nMRAwDgYDVQQHDAdjaGVuZ2R1MQwwCgYDVQQK
+DAN6dGUxDjAMBgNVBAsMBXplbmFwMTgwNgYDVQQDDC9aVEUgT3BlblBhbGV0dGUg
+Um9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjAxNzAeFw0xNzAzMTcwMTU2MjBa
+Fw0yNzAzMTUwMTU2MjBaMIGKMQswCQYDVQQGEwJDTjERMA8GA1UECAwIc2ljaHVh
+bmcxEDAOBgNVBAcMB2NoZW5nZHUxDDAKBgNVBAoMA3p0ZTEOMAwGA1UECwwFemVu
+YXAxODA2BgNVBAMML1pURSBPcGVuUGFsZXR0ZSBSb290IENlcnRpZmljYXRlIEF1
+dGhvcml0eSAyMDE3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA23LK
+Eq56pVzsRbYJ6NMdk82QfLjnp+f7KzdQ46SfwldG3gmipasPwDXV9jT9FvUlX8s/
+mRphOyuZ7vDzL2QjlS/FBATTWrJ2VCJmBVlzVu4STZ6YrxpQrSAalGkiYd9uT2Yt
+2quNUPCsZSlJ8qJCYs098bJ2XTsK0JBby94j3nTdvNWhhErrheWdG/CHje32sKog
+6BxN4GzMeZ2fUd0vKsqBs89M0pApdjpRMqEGHg+Lri4iiE9kKa/Y8S3V6ggJZjbp
+7xs7N0miy/paeosjfFe5U6mhumUSZPFy8ueAgGxqBkwvLJwCY3HYcrsFGaXTu+c3
+p2q1Adygif1h43HrvQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAb/cgmsCxvQmvu
+5e4gpn5WEMo0k7F6IAghd8139i9vmtQ88reYZvfiVsp/5ZjNnNj75lLbjjexDkPA
+bdnAiJfRKOrMaPqY6Bem4v8lPu1B/kj1umn4BXOCC1kpcH/2JCmvI8uh49SSlT9J
+wUSKWw8Qhy9XKN692y02QZke9Xp2HoFvMUlntglmQUIRO5eBYLQCSWpfv/iyMs6w
+ar7Tk1p2rURpRh02P7WFQ5j5fxXEOrkMT7FX80EB3AddSthstj2iDlUcqfG3jXH/
+FA5r1q45kMUaMYxV9WIE67Vt0RaxrUJYWDR2kDSSox7LR5GpjWiSlPAfcLCeVuA3
+3lR7lW/J
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIDqjCCApKgAwIBAgIJAOQWcdss4Qu5MA0GCSqGSIb3DQEBCwUAMIGKMQswCQYD
+VQQGEwJDTjERMA8GA1UECAwIc2ljaHVhbmcxEDAOBgNVBAcMB2NoZW5nZHUxDDAK
+BgNVBAoMA3p0ZTEOMAwGA1UECwwFemVuYXAxODA2BgNVBAMML1pURSBPcGVuUGFs
+ZXR0ZSBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAyMDE3MB4XDTIwMDQyMjAy
+NTc1MFoXDTIyMDQyMjAyNTc1MFowYDELMAkGA1UEBhMCQ04xEDAOBgNVBAgMB1Np
+Y2h1YW4xEDAOBgNVBAcMB0NoZW5nZHUxDTALBgNVBAoMBE9OQVAxDDAKBgNVBAsM
+A01TQjEQMA4GA1UEAwwHbXNiLWlhZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAMa1YlTIL8APcmASbxrD7Q9BhWL9Hwi+FKO4HsIrSiJj/A/FLVe3kV2a
+xA7b5wdv44P0qQnh3pc0djlnZ47Fgli3lhEZ33+j5vrXHCjEFKiZZVeO+y/p+OcZ
+VMNiL+MPJNTNgMkPoaljs/U6fn6fFyAgMMIqqigxHJaNvz7IH+UpqbWWzZo7+JqC
+lBi8t5ZIDk18/3cPQWXIne+3MoYULdEayAS8/4wYoJANH1knmSG+J07f9uCXniiz
+4zFFngMGHm4kuKXJCAl5E6S5fPzsLKqtwbbn9kJNyWoNFDuc7zW5dPfqPVckHHQ8
+Dx0q2111UgrzrBZMW1RKmcwB+1YXip8CAwEAAaM8MDowCQYDVR0TBAIwADALBgNV
+HQ8EBAMCBeAwIAYDVR0RBBkwF4IVKi5zaW1wbGVkZW1vLm9uYXAub3JnMA0GCSqG
+SIb3DQEBCwUAA4IBAQCXSECDNzsg2MhVIVvviqxhpZWZ3sa7KxXlyd9iSmBzkneS
++XiyUC575ZM3lmh1Kme35bWgz5R/w76XLSMBPxIX6uZ4HVNQqwSPv63Nk9+ON3IN
+iCn6ehHKJgT0rpx/aB3sIcE1hEtIWLGaaKVEb3DOuDbkbBT9eJbIgHKkT80PKynK
+l35dQRMiGBQiD8cBUxTOJaj7QohZ/aUWArZCOl0uvddkrs/IOCMY3BDQ0WZ7RYp3
+LwpgZVPzkVRaSLSq3TS07Re+nZcaht69T6mdMY5V0gW20O4J2nWMaldSmlNqcddb
+Nl5Xn0lRMW651ZzxEkcaXNtR78yLYi2JXtyQBgVA
+-----END CERTIFICATE-----
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
- name: mongo
version: ~6.x-0
repository: '@local'
name: {{ include "common.fullname" . }}
spec:
{{- if .Values.global.aafEnabled }}
- initContainers: {{ include "common.aaf-config" . | nindent 6 }}
+ initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
{{- end }}
containers:
- name: {{ include "common.name" . }}
args:
- -c
- |
- export $(grep '^c' {{ .Values.aafConfig.credsPath }}/mycreds.prop | xargs -0)
+ export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
export JAVA_OPTS="-Djavax.net.ssl.trustStorePassword=$cadi_truststore_password \
- -Dserver.ssl.key-store={{ .Values.aafConfig.credsPath }}/org.onap.nbi.p12 \
+ -Dserver.ssl.key-store={{ .Values.certInitializer.credsPath }}/org.onap.nbi.p12 \
-Dserver.ssl.key-store-type=PKCS12 \
- -Djavax.net.ssl.trustStore={{ .Values.aafConfig.credsPath }}/org.onap.nbi.trust.jks \
+ -Djavax.net.ssl.trustStore={{ .Values.certInitializer.credsPath }}/org.onap.nbi.trust.jks \
-Dserver.ssl.key-store-password=$cadi_keystore_password_p12 \
-Djavax.net.ssl.trustStoreType=jks\
-Djava.security.egd=file:/dev/./urandom -Dserver.port=8443"
- {{- if eq "DEBUG" .Values.config.loglevel }}
- export JAVA_DEBUG="-Djavax.net.debug=all"
- {{- end }}
- exec java -XX:+UseContainerSupport $JAVA_DEBUG $JAVA_OPTS -jar /opt/onap/app.jar
+ exec java -XX:+UseContainerSupport $JAVA_OPTS -jar /opt/onap/app.jar
{{- end }}
{{ if .Values.liveness.enabled }}
livenessProbe:
value: {{ .Values.so_authorization }}
{{- end }}
- name: DMAAP_HOST
- value: "http://message-router.{{ include "common.namespace" . }}:3904"
+ value: "https://message-router.{{ include "common.namespace" . }}:3905"
- name: LOGGING_LEVEL_ORG_ONAP_NBI
value: {{ .Values.config.loglevel }}
- name: MSB_ENABLED
value: "msb-discovery.{{ include "common.namespace" . }}"
- name: MSB_DISCOVERY_PORT
value: "10081"
- volumeMounts: {{ include "common.aaf-config-volume-mountpath" . | nindent 12 }}
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 12 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
# name: esr-server-logs
# - mountPath: /usr/share/filebeat/data
# name: esr-server-filebeat
- volumes: {{ include "common.aaf-config-volumes" . | nindent 8 }}
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
--- /dev/null
+# Copyright © 2020 Samsung, Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.ingress" . }}
#################################################################
# AAF part
#################################################################
-aafConfig:
+certInitializer:
+ nameOverride: nbi-cert-initializer
aafDeployFqi: deployer@people.osaaf.org
aafDeployPass: demo123456!
# aafDeployCredsExternalSecret: some secret
public_fqdn: nbi.onap.org
cadi_longitude: "0.0"
cadi_latitude: "0.0"
- credsPath: /opt/app/osaaf/local
app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh;
+ /opt/app/aaf_config/bin/agent.sh local showpass
+ {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
+
+aafConfig:
permission_user: 1000
permission_group: 999
- addconfig: true
- secret_uid: &aaf_secret_uid nbi-aaf-deploy-creds
-
#################################################################
# Secrets metaconfig
externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
login: '{{ .Values.config.db.userName }}'
password: '{{ .Values.config.db.userPassword }}'
- - uid: *aaf_secret_uid
- type: basicAuth
- externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDisabled" .Values.global.aafEnabled }}'
- login: '{{ .Values.aafConfig.aafDeployFqi }}'
- password: '{{ .Values.aafConfig.aafDeployPass }}'
- passwordPolicy: required
subChartsOnly:
enabled: true
# application image
repository: nexus3.onap.org:10001
-image: onap/externalapi/nbi:6.0.1
+image: onap/externalapi/nbi:6.0.3
pullPolicy: IfNotPresent
sdc_authorization: Basic YWFpOktwOGJKNFNYc3pNMFdYbGhhazNlSGxjc2UyZ0F3ODR2YW9HR21KdlV5MlU=
aai_authorization: Basic QUFJOkFBSQ==
ingress:
enabled: false
+ service:
+ - baseaddr: "nbi.api"
+ name: "nbi"
+ port: 8443
+ config:
+ ssl: "redirect"
# Resource Limit flavor -By Default using small
flavor: small
# Segregation for Different environment (Small and Large)
- name: contrib
version: ~6.x-0
repository: '@local'
- condition: contrib.enabled
+ condition: global.addTestingComponents
- name: dcaegen2
version: ~6.x-0
repository: '@local'
portal:
enabled: true
robot:
- enabled: false
+ enabled: true
config:
# openStackEncryptedPasswordHere should match the encrypted string used in SO and APPC and overridden per environment
openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e"
enabled: true
esr:
enabled: true
-log:
- enabled: true
-sniro-emulator:
- enabled: true
oof:
enabled: true
msb:
enabled: true
policy:
enabled: true
-pomba:
- enabled: true
portal:
enabled: true
robot:
###################################################################
# This override file enables helm charts for all ONAP applications.
###################################################################
+global:
+ addTestingComponents: &testing true
+ centralizedLoggingEnabled: ¢ralizedLogging false
cassandra:
enabled: true
mariadb-galera:
enabled: true
-
aaf:
enabled: true
aai:
enabled: true
cli:
enabled: true
-consul:
- enabled: true
+# Today, "contrib" chart that hosting these components must also be enabled
+# in order to make it work. So `contrib.enabled` must have the same value than
+# addTestingComponents
contrib:
+ enabled: *testing
+consul:
enabled: true
dcaegen2:
enabled: true
enabled: true
esr:
enabled: true
-log:
- enabled: true
-sniro-emulator:
- enabled: true
oof:
enabled: true
msb:
enabled: true
policy:
enabled: true
-pomba:
- enabled: true
portal:
enabled: true
robot:
--- /dev/null
+# Copyright 2020 Samsung Electronics Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+# This override file is used to deploy a core configuration. It is based on
+# minimal-onap.yaml and Orange accomplishments [1][2][3].
+# It includes the following components:
+# AAI, DMAAP, SDC, SDNC, SO (+ Cassandra)
+#
+# Minimal resources are also reviewed for the various containers
+# AAI: no override => to be fixed
+# DMAAP: no override # SO: no override
+# SDC: new values
+# SDNC: no override
+#
+# Replicas are set to:
+# AAI Cassandra: 1
+# Cassandra: 3 (to allow reaching quorum)
+#
+# In addition, some parameters are set to limit the memory footprint.
+#
+# It overrides the default ONAP parent chart behaviour to deploy
+# all of ONAP.
+#
+# helm deploy core local/onap --namespace onap -f core-onap.yaml
+#
+# [1] https://gitlab.com/Orange-OpenSource/lfn/onap/onap_oom_automatic_installation
+# [2] https://wiki.lfnetworking.org/display/LN/Call%20for%20ONAP%20DDF%20Topics%20-%20Prague%202020#CallforONAPDDFTopics-Prague2020-OOM-IntroductionofServicemesh
+# [3] https://wiki.lfnetworking.org/download/attachments/25364127/OOM%20Service%20Mesh%20Prague.pptx
+
+#######################
+# Core ONAP deployment
+#######################
+global:
+ aafEnabled: false
+aai:
+ enabled: true
+ global:
+ cassandra:
+ replicas: 1
+ aai-cassandra:
+ replicaCount: 1
+aaf:
+ enabled: false
+appc:
+ enabled: false
+cassandra:
+ enabled: true
+ replicaCount: 3
+clamp:
+ enabled: false
+cli:
+ enabled: false
+consul:
+ enabled: false
+contrib:
+ enabled: false
+dcaegen2:
+ enabled: false
+dmaap:
+ enabled: true
+esr:
+ enabled: false
+log:
+ enabled: false
+mariadb-galera:
+ enabled: true
+msb:
+ enabled: false
+multicloud:
+ enabled: false
+nbi:
+ enabled: false
+oof:
+ enabled: false
+policy:
+ enabled: false
+pomba:
+ enabled: false
+portal:
+ enabled: false
+robot:
+ enabled: false
+sdc:
+ enabled: true
+ sdc-be:
+ config:
+ javaOptions: "-Xdebug -agentlib:jdwp=transport=dt_socket,address=4000,server=y,suspend=n -Xmx512m -Xms256m"
+ sdc-fe:
+ resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 2Gi
+ requests:
+ cpu: 10m
+ memory: 500Mi
+ sdc-cs:
+ config:
+ maxHeapSize: "512M"
+ heapNewSize: "256M"
+sdnc:
+ enabled: true
+sniro-emulator:
+ enabled: false
+so:
+ enabled: true
+ config:
+ # openstack configuration
+ openStackUserName: "$OPENSTACK_USER_NAME"
+ openStackRegion: "$OPENSTACK_REGION"
+ openStackKeyStoneUrl: "$OPENSTACK_KEYSTONE_URL"
+ openStackServiceTenantName: "$OPENSTACK_TENANT_NAME"
+ openStackEncryptedPasswordHere: "$OPENSTACK_ENCRYPTED_PASSWORD"
+uui:
+ enabled: false
+vid:
+ enabled: false
+vfc:
+ enabled: false
+vnfsdk:
+ enabled: false
+cds:
+ enabled: true
+dmaap:
+ enabled: true
+ dmaap-bc:
+ enabled: false
nodePortPrefix: 302
nodePortPrefixExt: 304
+
+ # Install test components
+ # test components are out of the scope of ONAP but allow to have a entire
+ # environment to test the different features of ONAP
+ # Current tests environments provided:
+ # - netbox (needed for CDS IPAM)
+ # - AWX (needed for XXX)
+ # - EJBCA Server (needed for CMPv2 tests)
+ # Today, "contrib" chart that hosting these components must also be enabled
+ # in order to make it work. So `contrib.enabled` must have the same value than
+ # addTestingComponents
+ addTestingComponents: &testing false
+
# ONAP Repository
# Uncomment the following to enable the use of a single docker
# repository but ONLY if your repository mirrors all ONAP
# readiness check - temporary repo until images migrated to nexus3
readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.2
# logging agent - temporary repo until images migrated to nexus3
loggingRepository: docker.elastic.co
# image pull policy
pullPolicy: Always
+ # default clusterName
+ # {{ template "common.fullname" . }}.{{ template "common.namespace" . }}.svc.{{ .Values.global.clusterName }}
+ clusterName: cluster.local
+
# default mount path root directory referenced
# by persistent volumes and log files
persistence:
aafEnabled: true
aafAgentImage: onap/aaf/aaf_agent:2.1.20
+ # Enabling CMPv2
+ cmpv2Enabled: true
+
# TLS
# Set to false if you want to disable TLS for NodePorts. Be aware that this
# will loosen your security.
# if set this element will force or not tls even if serviceMesh.tls is set.
# tlsEnabled: false
+ # Logging
+ # Currently, centralized logging is not in best shape so it's disabled by
+ # default
+ centralizedLoggingEnabled: ¢ralizedLogging false
+
# Example of specific for the components where you want to disable TLS only for
# it:
# to customize the ONAP deployment.
#################################################################
aaf:
- enabled: true
+ enabled: false
aai:
enabled: false
appc:
enabled: false
consul:
enabled: false
+# Today, "contrib" chart that hosting these components must also be enabled
+# in order to make it work. So `contrib.enabled` must have the same value than
+# addTestingComponents
contrib:
- enabled: false
+ enabled: *testing
dcaegen2:
enabled: false
dcaemod:
enabled: false
esr:
enabled: false
+# Today, "logging" chart that perform the central part of logging must also be
+# enabled in order to make it work. So `logging.enabled` must have the same
+# value than centralizedLoggingEnabled
log:
- enabled: false
+ enabled: *centralizedLogging
sniro-emulator:
enabled: false
oof:
release: {{ include "common.release" . }}
spec:
initContainers:
- - command:
+ - name: {{ include "common.name" . }}-readiness
+ command:
- /root/ready.py
args:
- --container-name
fieldPath: metadata.namespace
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- - command:
+
+ - name: {{ include "common.name" . }}-onboard-readiness
+ command:
- /root/job_complete.py
args:
- -j
fieldPath: metadata.namespace
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-onboard-readiness
- - command:
+
+ - name: {{ include "common.name" . }}-has-sms-readiness
+ command:
- sh
- -c
- resp="FAILURE";
fieldPath: metadata.namespace
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-has-sms-readiness
+
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["/bin/bash","-c"]
- args: ["nginx && /usr/local/bin/uwsgi -s /run/conductor/uwsgi.sock --chmod-socket=777 --wsgi-file /etc/nginx/conductor.wsgi --callable application --set port=80 --die-on-term --exit-on-reload --logto /var/log/conductor-uwsgi.log --pidfile /run/conductor/conductor-uwsgi.pid --enable-threads --workers 6 --master --vacuum --single-interpreter --socket-timeout 10 --max-worker-lifetime 300 --max-requests 100 --no-defer-accept --logfile-chown --logfile-chmod 664 --protocol=uwsgi --socket 0.0.0.0:80"]
+ args: ["nginx && /usr/local/bin/uwsgi -s /run/conductor/uwsgi.sock --chmod-socket=777 --wsgi-file /etc/nginx/conductor.wsgi --callable application --set port=8080 --die-on-term --exit-on-reload --logto /var/log/conductor/conductor-uwsgi.log --pidfile /run/conductor/conductor-uwsgi.pid --enable-threads --workers 6 --master --vacuum --single-interpreter --socket-timeout 10 --max-worker-lifetime 300 --max-requests 100 --no-defer-accept --logfile-chown --logfile-chmod 664 --protocol=uwsgi --socket 0.0.0.0:8080"]
ports:
- containerPort: {{ .Values.liveness.periodSeconds }}
# disable liveness probe when breakpoints set in debugger
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: nginx.conf
- mountPath: /usr/local/etc/conductor/conductor.conf
- name: {{ .Values.global.commonConfigPrefix }}-config
+ name: {{ .Values.global.commonConfigPrefix }}-config
subPath: conductor.conf
- mountPath: /usr/local/bin/log.conf
name: {{ .Values.global.commonConfigPrefix }}-config
--- /dev/null
+# Copyright © 2020 Samsung, Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.ingress" . }}
readiness:
initialDelaySeconds: 10
periodSeconds: 10
+
+
+ingress:
+ enabled: false
+ service:
+ - baseaddr: "oof-has-api.onap"
+ name: "oof-has-api"
+ port: 8091
+ config:
+ ssl: "redirect"
release: {{ include "common.release" . }}
spec:
initContainers:
- - command:
+ - name: {{ include "common.name" . }}-readiness
+ command:
- /root/ready.py
args:
- --container-name
- - music-tomcat
+ - music-springboot
- --container-name
- aaf-sms
env:
fieldPath: metadata.namespace
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- - command:
+
+ - name: {{ include "common.name" . }}-onboard-readiness
+ command:
- /root/job_complete.py
args:
- -j
fieldPath: metadata.namespace
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-onboard-readiness
- - command:
+
+ - name: {{ include "common.name" . }}-cont-sms-readiness
+ command:
- sh
- -c
- resp="FAILURE";
fieldPath: metadata.namespace
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-cont-sms-readiness
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}"
release: {{ include "common.release" . }}
spec:
initContainers:
- - command:
+ - name: {{ include "common.name" . }}-readiness
+ command:
- /root/ready.py
args:
- --container-name
- - music-tomcat
+ - music-springboot
env:
- name: NAMESPACE
valueFrom:
fieldPath: metadata.namespace
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- - command:
+
+ - name: {{ include "common.name" . }}-onboard-readiness
+ command:
- /root/job_complete.py
args:
- -j
fieldPath: metadata.namespace
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-onboard-readiness
- - command:
+
+ - name: {{ include "common.name" . }}-health-readiness
+ command:
- /root/job_complete.py
args:
- -j
fieldPath: metadata.namespace
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-health-readiness
- - command:
+
+ - name: {{ include "common.name" . }}-data-sms-readiness
+ command:
- sh
- -c
- resp="FAILURE";
fieldPath: metadata.namespace
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-data-sms-readiness
+
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}"
release: {{ include "common.release" . }}
spec:
initContainers:
- - command:
+ - name: {{ include "common.name" . }}-readiness
+ command:
- /root/ready.py
args:
- --container-name
- - music-tomcat
+ - music-springboot
env:
- name: NAMESPACE
valueFrom:
fieldPath: metadata.namespace
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- - command:
+
+ - name: {{ include "common.name" . }}-onboard-readiness
+ command:
- /root/job_complete.py
args:
- -j
fieldPath: metadata.namespace
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-onboard-readiness
- - command:
+
+ - name: {{ include "common.name" . }}-health-readiness
+ command:
- /root/job_complete.py
args:
- -j
fieldPath: metadata.namespace
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-health-readiness
- - command:
+
+ - name: {{ include "common.name" . }}-resrv-sms-readiness
+ command:
- sh
- -c
- resp="FAILURE";
fieldPath: metadata.namespace
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-resrv-sms-readiness
+
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}"
path: healthy.sh
- key: AAF_RootCA.cer
path: AAF_RootCA.cer
+
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
release: {{ include "common.release" . }}
spec:
initContainers:
- - command:
+ - name: {{ include "common.name" . }}-readiness
+ command:
- /root/ready.py
args:
- --container-name
- - music-tomcat
+ - music-springboot
env:
- name: NAMESPACE
valueFrom:
fieldPath: metadata.namespace
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- - command:
+
+ - name: {{ include "common.name" . }}-onboard-readiness
+ command:
- /root/job_complete.py
args:
- -j
fieldPath: metadata.namespace
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-onboard-readiness
- - command:
+
+ - name: {{ include "common.name" . }}-health-readiness
+ command:
- /root/job_complete.py
args:
- -j
fieldPath: metadata.namespace
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-health-readiness
- - command:
+
+ - name: {{ include "common.name" . }}-solvr-sms-readiness
+ command:
- sh
- -c
- resp="FAILURE";
fieldPath: metadata.namespace
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-solvr-sms-readiness
+
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}"
# Enables or disables fatal status of deprecations. (boolean value)
#fatal_deprecations = false
+[auth]
+appkey = ""
[aaf_api]
# Base URL for Music REST API without a trailing slash. (string value)
#server_url = http://oof-has-music:8080/MUSIC/rest/v2
-server_url = http://{{.Values.config.music.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.music.port}}/MUSIC/rest/v2
+server_url = https://{{.Values.config.music.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.music.port}}/MUSIC/rest/v2
version = v2
# DEPRECATED: List of hostnames (round-robin access) (list value)
# for version (string value)
#music_version = <None>
-music_version = "3.0.21"
+music_version = "3.2.40"
# username value that used for creating basic authorization header (string
# value)
#aafns = <None>
aafns = conductor
+# Enabling HTTPs mode (boolean value)
+enable_https_mode = True
+
+# Certificate Authority Bundle file in pem format. Must contain the appropriate
+# trust chain for the Certificate file. (string value)
+certificate_authority_bundle_file = /usr/local/bin/AAF_RootCA.cer
+
[prometheus]
class=handlers.TimedRotatingFileHandler
level=NOTSET
formatter=generic
-args=('/var/log/application.log','midnight', 1, 10)
+args=('/var/log/conductor/application.log','midnight', 1, 10)
[handler_audithand]
class=handlers.TimedRotatingFileHandler
level=INFO
formatter=audit
-args=('/var/log/audit.log', 'midnight', 1, 10)
+args=('/var/log/conductor/audit.log', 'midnight', 1, 10)
[handler_metrichand]
class=handlers.TimedRotatingFileHandler
level=INFO
formatter=metric
-args=('/var/log/metric.log','midnight', 1, 10)
+args=('/var/log/conductor/metric.log','midnight', 1, 10)
[handler_errhand]
class=handlers.TimedRotatingFileHandler
level=ERROR
formatter=error
-args=('/var/log/error.log','midnight', 1, 10)
+args=('/var/log/conductor/error.log','midnight', 1, 10)
[handler_debughand]
class=handlers.TimedRotatingFileHandler
level=DEBUG
formatter=generic
-args=('/var/log/debug.log','midnight', 1, 10)
+args=('/var/log/conductor/debug.log','midnight', 1, 10)
[formatters]
keys=generic,audit,metric,error
http {
# ...
upstream conductor_uwsgi {
- server 127.0.0.1:80;
+ server 127.0.0.1:8080;
}
server {
-----BEGIN CERTIFICATE-----
-MIIEqjCCA5KgAwIBAgIIfDQFJU4qiGcwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE
+MIIFEDCCA/igAwIBAgIILW/fiLbps5cwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE
BhMCVVMxDTALBgNVBAoMBE9OQVAxDjAMBgNVBAsMBU9TQUFGMRkwFwYDVQQDDBBp
-bnRlcm1lZGlhdGVDQV85MB4XDTE5MDUyMzAwMDAwOVoXDTIwMDUyMzAwMDAwOVow
-fjEkMCIGA1UEAwwbb29mLmFwaS5zaW1wbGVkZW1vLm9uYXAub3JnMQ8wDQYJKoZI
-hvcNAQkBFgAxGTAXBgNVBAsMEG9vZkBvb2Yub25hcC5vcmcxDjAMBgNVBAsMBU9T
-QUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEB
-BQADggEPADCCAQoCggEBANO9I1+i1syEv9DEX1lt9ioEYYRD5zvWqEktv6lc0sbs
-lljrNuGD1zuRIU3VCY1G0sdOa/lPuwUdoX5Z4YJtBmKqrQ0E3RWtAt1IVMTrVExS
-dnobP+MkSckI6T0/aeBL+lgZLV1O6z5gSqPi2xklXwgagA6zpLGuIPl7mM+Pm9cD
-YLX0lRSaVhTJxMeCvwxYIuUvP0SyDZe1ofIhp7x8xa9dDvJor0VldRxi8DbSneHf
-P8+JYAvIqsyudH31u4BlT0bv15kKDIQNaLmQtGeCYPoNJNbeod1itD5MR7k4g1oh
-PzgWKYM81n10+6yLR3g0NYDpke9VoJBWeoTL3oiA3AkCAwEAAaOCAWEwggFdMAkG
-A1UdEwQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMB
-BggrBgEFBQcDAjBUBgNVHSMETTBLgBSB95lbELnIjN7zUl7qTmmgQz6s3aEwpC4w
-LDEOMAwGA1UECwwFT1NBQUYxDTALBgNVBAoMBE9OQVAxCzAJBgNVBAYTAlVTggEH
-MB0GA1UdDgQWBBSknkh8g81RnBHm70u/Wk2gFNTlkDCBqAYDVR0RBIGgMIGdghtv
-b2YuYXBpLnNpbXBsZWRlbW8ub25hcC5vcmeCCWNtc28tb25hcIIcY21zby5hcGku
-c2ltcGxlZGVtby5vbmFwLm9yZ4IJY21zby5vbmFwggtvb2YtaGFzLWFwaYIQb29m
-LWhhcy1hcGkub25hcIIIb29mLW9uYXCCCG9vZi1vc2Rmgg1vb2Ytb3NkZi5vbmFw
-gghvb2Yub25hcDANBgkqhkiG9w0BAQsFAAOCAQEABBBLE4thQulELuL4uyfRadNz
-wycXjwXaxh9bj3e4QSIHwsRx/JZliYcNC1YKA066+230zdApzfDlFIRteJrYJkvh
-0O0l/7hpVQbl0/5rlzAipm9r14M1CF2VJ//L721CgnQDrMqT1iewiUvIdyoqGy/Z
-0a6/mWgwACpTJQQ7e/KBWNOVQUe1H39Bv1gNLM6iMl8kflMCyTDx5pJYocpvXzi+
-KF9u9YCCgOI8j1yvxLP4r7M0hCh2GpPzlbsSt0K0yD0d+L9eC0frgeTOJmV0l/kd
-P67jUbbRG4Nu1dS8+6RnvhXQD6pbFJo0bga2MldfDfpUPZCvmodgkPuSERTT7Q==
+bnRlcm1lZGlhdGVDQV85MB4XDTIwMDQwNDE4NDMxNloXDTIxMDQwNDE4NDMxNlow
+XjERMA8GA1UEAwwIb29mLm9uYXAxHTAbBgNVBAsMFG9vZkBvb2Yub25hcC5vcmc6
+REVWMQ4wDAYDVQQLDAVPU0FBRjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv9ebvHIAgYYtJZDvxwDLR
+UlCLQutOCosckzgWIwCL9JCJcd+4vMhGnT/zoKckm3koTOV4rB4Cfnf+CLYpRbLQ
+IlLUopRs7ZQZNNyYm3l6ygi3IrW9MldUd2U1MnFZDpV4dEW67rDbCjz8MS2XrnxB
+HpCzyxXvm5Uzf/U5J48fdhlJU2U00D89lCy9dRLOg7Jk2R8cn8BG2bCKGUfEjKb+
+LL9EqdJrGXstZii2OLsByQIEZuL5fv2wLh9m6m55wA+wKOS3aEkqiHaHKfVxm1ZH
+hvP5zkkkex/hH1OEkTQCIzHuJnBZMr4bT1keLf4kBWrnM4zEQgGuxS2guGQUGsib
+AgMBAAGjggHnMIIB4zAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIF4DAgBgNVHSUB
+Af8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwVAYDVR0jBE0wS4AUgfeZWxC5yIze
+81Je6k5poEM+rN2hMKQuMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQ
+MQswCQYDVQQGEwJVU4IBBzAdBgNVHQ4EFgQUkjCndmbyBIsg2xtiFYgeONQa8Ysw
+ggEtBgNVHREEggEkMIIBIIEfbWFyay5kLm1hbmFnZXJAcGVvcGxlLm9zYWFmLmNv
+bYIIb29mLm9uYXCCCWNtc28tb25hcIIcY21zby5hcGkuc2ltcGxlZGVtby5vbmFw
+Lm9yZ4IJY21zby5vbmFwgghvb2YtY21zb4ISb29mLWNtc28tb3B0aW1pemVyghJv
+b2YtY21zby10aWNrZXRtZ3SCEW9vZi1jbXNvLXRvcG9sb2d5ggtvb2YtaGFzLWFw
+aYIQb29mLWhhcy1hcGkub25hcIIIb29mLW9uYXCCCm9vZi1vcHRlbmeCD29vZi1v
+cHRlbmcub25hcIIIb29mLW9zZGaCDW9vZi1vc2RmLm9uYXCCG29vZi5hcGkuc2lt
+cGxlZGVtby5vbmFwLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEAHoAD6tRvFPAtUfkU
+FsTO2p7lftMld0CzeAWfEln9vBXwr0ZGdNTP2TWJAcenIE1cwJavyQuDc3sZ4Z20
+/pOz1/oic9gnlVFe46/KRcwVUVXBU1EJlXB2UPU/v4MNrkWUcgqzEcxfKmBWl/My
+7OlQFc7zAeqZw6XtnaLzMipaXg98M7sWnfS4t116wfwmHIkP2RY7dAp1XAbzOW+X
+koFvfuj6MljxEzy8oc90SxhQHWNhWH73FxW0MuP+qf6x5PRciXIq6NJOrkG91Z0L
+mksGtWU58Y7uP9DzcxaOB4cv3UpK4rx//IUnAN4/aDxLq566A5qj21ftMhHlCFg5
+GsHFjQ==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEdTCCAl2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB
-----BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDTvSNfotbMhL/Q
-xF9ZbfYqBGGEQ+c71qhJLb+pXNLG7JZY6zbhg9c7kSFN1QmNRtLHTmv5T7sFHaF+
-WeGCbQZiqq0NBN0VrQLdSFTE61RMUnZ6Gz/jJEnJCOk9P2ngS/pYGS1dTus+YEqj
-4tsZJV8IGoAOs6SxriD5e5jPj5vXA2C19JUUmlYUycTHgr8MWCLlLz9Esg2XtaHy
-Iae8fMWvXQ7yaK9FZXUcYvA20p3h3z/PiWALyKrMrnR99buAZU9G79eZCgyEDWi5
-kLRngmD6DSTW3qHdYrQ+TEe5OINaIT84FimDPNZ9dPusi0d4NDWA6ZHvVaCQVnqE
-y96IgNwJAgMBAAECggEBAJsOoi3x+OzytelzNQQvk5p3dNZAR8C5VKmqV/X15OEJ
-9pwNPDZvrxmPEV2HCiSsXcTYuBdt/N4lMdNujMdPgeKVbH7hNeoetb9IrdM7JpNx
-vBN1ixaSx3nyDaPtoWJBIYaMgX0YQwt9xos3oQ1MIci0Z1zcz1nS05D/ows09oHA
-QMzq/cMHi69Sce/4RJYmGVaHuMpcBBEzvj6cDR+sIqh9MlRuLwwcyTcWki8XTCBA
-0bb8YEFnPl/85s+q8qDnI5kSRQ5ZLhnTK8kAl2DnEFWXxOMLUAl/pGMdkN55QyBO
-6AYM+MoKOuzmH0sntjEXv5ACH0zF8yvkPjMG3gaIzgECgYEA+Cge4QicXTNOztax
-HNHSqsQHJbRyJ/j+kqccAC2/u0PhSyDAgPZENcPqTtOEyDfU7Qtbx5xfmpMvzdgE
-RsGoLU2QpGXFa65bGqrN6uxeb9HihVEokG+EKUPVqjyudNGBMNNy3MoLXhb0GtPn
-vXotC5efZrG1VVeynUc9hpKwKcECgYEA2m5anXTvCceq+L6Fv2dqOFMp4pQ62T5h
-zWCn2arthqic9yP0R7VkGR3fLr5gR2ETR4n/m9mnDr7tEXHbXE4SrFWhoV4huYrW
-DQXzx2ByNqgobv+3nrAoc/PKZe0ZWANr71J4TWKAz2CzHSsRGuvP88Fe9EzIy8jr
-lhDjSKC59EkCgYBQKRWgd5ma+aHxaqSXvKeiheQRJ/LgOqxxTw3aeOzAXzL9g7zr
-a6GpBHpBsE3qJy7ey5aAKmEvm3ALvEXVXWUoDTA2CrH1EMNZH+eYhXYUBOZ5Tjge
-QAefFMyGS0fHcI2c6hDmhVWatStxJxZqvHakkfvpvmnnAYcvCv4y5FuHgQKBgDlZ
-lhMXW5eOxBYRN96cUWg+dZXW42icl2MsCIX++eRMKwI8f2vAdWqezDViqLa1BzHW
-SrVpvRIDEQ1ufnDK0t5KkWhj5ajoifDbajkj2nj9R7h1DYntqIFhNffy+59/Lnyk
-g4+V2EoakoyK/S+7UFsonzy3WFUhCLHa90HfaVN5AoGBAIBoMOTZvt0vebJl3hT1
-SyruP8//nv+2iqvBrHYi62zw4guqE/o+gByPPKq3RvUGODWToN+7guDzpntCDI35
-Z8GQ5eXG+nHsnwu4hbmh8hubLujmhyegc6ztMoPnnBPr4a4IrLPg37NKmCt7eEO6
-MUrMTOf2romyJgABunEPTWo3
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCv9ebvHIAgYYtJ
+ZDvxwDLRUlCLQutOCosckzgWIwCL9JCJcd+4vMhGnT/zoKckm3koTOV4rB4Cfnf+
+CLYpRbLQIlLUopRs7ZQZNNyYm3l6ygi3IrW9MldUd2U1MnFZDpV4dEW67rDbCjz8
+MS2XrnxBHpCzyxXvm5Uzf/U5J48fdhlJU2U00D89lCy9dRLOg7Jk2R8cn8BG2bCK
+GUfEjKb+LL9EqdJrGXstZii2OLsByQIEZuL5fv2wLh9m6m55wA+wKOS3aEkqiHaH
+KfVxm1ZHhvP5zkkkex/hH1OEkTQCIzHuJnBZMr4bT1keLf4kBWrnM4zEQgGuxS2g
+uGQUGsibAgMBAAECggEAZFnZWoTmjZET3sdLaJQ0ZyyKwuFnURqyO5m6YuWTaj4Q
+MFLBRJplneAQmOEGcdo5PsKcHDYM5185D6foO6GEWS86Dgqqm3TjAX0kUeRZY63V
+SpyBCWWsaH+vOKeL/T5UAF5PZky6kDFGlo11cwwP0ROdcuxflkck0DopoG7vMQE0
+XvOWDn9z7WLu6hph7RnweW5Wou3VG2WSlE8i7gngAExxRFs2RxUr3UHooUX0pLOY
+Qk/ofsWB6AhMD02BAIgKEWZK33+uTHUchbm3zA1sAx8vXoA5G9uSh/E+YnXbt3D0
+0wrHIJy+BW3f4WfGc7tE3HpsnLsnUwBV48DvG/zAAQKBgQD4HshYjEkT4WAVnzbe
+FaivRh67sFqHvkpSA4gmNdot1Q4MeZ1I5u2lKBntbxyk72m/zA/7qw2h1PT2r430
+XA2/cV+YHCiTbPqfm0Lj+w0ht+RmF3VQB1uHWjsVvybPIeuwVLZ3hgu2Tl2oDCKd
+8bKLpvj4fwZRxbp3G5VjuQztiwKBgQC1jHYVaUHkekshHG0HFPBKAEU8urSeKzoD
+Y7SyrDLQwx3rqhY3v0VZntjnT47JEThECunl5Aun0YJyMs12Ex0zI7ciC9WIgbHx
+Qhs/46uhKPuiEHzBsET6CX7wDBJMBIN6HrNMsSdCTmWZu6LGJSlHasEXnmKsTngF
+nYdBeQATMQKBgGMvOvtaqOPPli9OhApnMhVOvH5e0vGsed0rGEPeByeHIaSPAPbh
+iWIaE7M8VYEBS46mLkV2bW6hyILMTry+B6jd007lArtcNxuSXzzvYKJ39k9xVS32
+ovoKcdARp5vpfWPxmTdSWGA6F2pT34qv0aXNy3zamlYZ6p4uYpuIn8hdAoGAKL5h
+MeTxeMlJWyD6BwDX/IObBkoQhv7EgkY6I28p6FghuuXtHo26jqZrn13neZB3xC1+
+2K0ZQIxwbhigq8MWZoe5bdaiEYSp3q8rVmdN+VktP+3bUcyxbjv7VPwgjxbkOt/w
+9WE8olDd1Gab3UQxw2ld9GMDWhAyN3BnDnaNYcECgYBFyc/maooUp2x1SEh3UisY
+vkpzYvUyHGiq2/gwm1htz8HQO75RuNY/YtxN1m9jrMArPBy6OgQ/Wk3Zi6S8HqYY
+ENTUUsIVr33nJT3rOWWJ2qdAmo6kAWt/J3LPNV01MWZ2cU4DcEDF1ZVkGFVgI0ZC
+h+G1ZXD4PyjI6KWhRC3JuA==
-----END PRIVATE KEY-----
\ No newline at end of file
sleep 15;
resp="FAILURE";
until [ $resp = "200" ]; do
- resp=$(curl -s -o /dev/null --write-out %{http_code} -X POST http://{{.Values.config.music.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.music.port}}/MUSIC/rest/v2/keyspaces/conductor/tables/plans/rows?id=healthcheck \
+ resp=$(curl -k -s -o /dev/null --write-out %{http_code} -X POST https://{{.Values.config.music.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.music.port}}/MUSIC/rest/v2/keyspaces/conductor/tables/plans/rows?id=healthcheck \
-H "Content-Type: application/json" \
-H "ns: conductor" \
-H "Authorization: Basic Y29uZHVjdG9yOmMwbmR1Y3Qwcg==" \
- /root/ready.py
args:
- --container-name
- - "music-tomcat"
+ - "music-springboot"
- --container-name
- "music-cassandra"
env:
- "/bin/sh"
- "-c"
- |
- curl -X POST http://{{.Values.config.music.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.music.port}}/MUSIC/rest/v2/admin/onboardAppWithMusic \
- -H "Content-Type: application/json" \
- -H "Authorization: Basic Y29uZHVjdG9yOmMwbmR1Y3Qwcg==" \
- --data @onboard.json
+ echo "job-onboard"
workingDir: /has
volumeMounts:
- mountPath: /etc/localtime
commonConfigPrefix: onap-oof-has
image:
readiness: oomk8s/readiness-check:2.0.0
- optf_has: onap/optf-has:1.3.3
+ optf_has: onap/optf-has:2.0.3
filebeat: docker.elastic.co/beats/filebeat:5.5.0
pullPolicy: Always
serviceName: msb-iag
port: 80
music:
- serviceName: music-tomcat
- port: 8080
+ serviceName: music
+ port: 8443
sms:
serviceName: aaf-sms
port: 10443
memory: 2Gi
cpu: 1000m
unlimited: {}
+
local_policies:
global_disabled: True
local_placement_policies_enabled: True
+ local_slice_selection_policies_enabled: True
placement_policy_dir_vcpe: "./test/policy-local-files/"
placement_policy_files_vcpe: # workaroud for policy platform glitches (or "work-arounds" for other components)
- Affinity_vCPE_1.json
+ - Attribute_vNS_1.json
#- Capacity_vGMuxInfra.json
#- Capacity_vG_1.json
- Distance_vG_1.json
- vnfPolicy_vPGN_TD.json
- affinity_vFW_TD.json
- QueryPolicy_vFW_TD.json
+
+ slice_selection_policy_dir_urllc_1: "./test/policy-local-files/"
+ slice_selection_policy_files_urllc_1:
+ - vnfPolicy_URLLC_Core_1.json
+ - thresholdPolicy_URLLC_Core_1_reliability.json
+ - thresholdPolicy_URLLC_Core_1_latency.json
+ - subscriber_policy_URLLC_1.json
+
service_info:
vCPE:
vcpeHostName: requestParameters.vcpeHostName
service_name:
source: request
value: serviceInfo.serviceName
+ resource:
+ source: request
+ value: placementInfo.placementDemands.resourceModuleName
subscriber_role:
- source: SubscriberPolicy
- value: content.properties.subscriberRole
+ source: onap.policies.optimization.SubscriberPolicy
+ value: properties.properties.subscriberRole
policy_info:
prioritization_attributes:
policy_type:
- - content.policyType
+ - type
resources:
- - content.resources
- - content.objectiveParameter.parameterAttributes.resources
+ - properties.resources
+ - properties.objectiveParameter.parameterAttributes.resources
service_name:
- - content.serviceName
+ - properties.services
- placement:
+ slice_selection:
policy_fetch: by_scope
policy_scope:
- default_scope: OSDF_DUBLIN
- vcpe_scope: OSDF_DUBLIN
- vfw_scope: OSDF_DUBLIN
- secondary_scopes:
- -
+ -
+ scope:
+ - OSDF_FRANKFURT
+ services:
- get_param: service_name
+
+ placement:
+ policy_fetch: by_scope
+ policy_scope:
+ -
+ scope:
+ - OSDF_FRANKFURT
+ geography:
- US
+ services:
+ - get_param: service_name
+ resources:
+ - get_param: resource
# -
# - get_param: service_name
# - get_param: subscriber_role
-----BEGIN CERTIFICATE-----
-MIIEqjCCA5KgAwIBAgIIfDQFJU4qiGcwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE
+MIIFEDCCA/igAwIBAgIILW/fiLbps5cwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE
BhMCVVMxDTALBgNVBAoMBE9OQVAxDjAMBgNVBAsMBU9TQUFGMRkwFwYDVQQDDBBp
-bnRlcm1lZGlhdGVDQV85MB4XDTE5MDUyMzAwMDAwOVoXDTIwMDUyMzAwMDAwOVow
-fjEkMCIGA1UEAwwbb29mLmFwaS5zaW1wbGVkZW1vLm9uYXAub3JnMQ8wDQYJKoZI
-hvcNAQkBFgAxGTAXBgNVBAsMEG9vZkBvb2Yub25hcC5vcmcxDjAMBgNVBAsMBU9T
-QUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEB
-BQADggEPADCCAQoCggEBANO9I1+i1syEv9DEX1lt9ioEYYRD5zvWqEktv6lc0sbs
-lljrNuGD1zuRIU3VCY1G0sdOa/lPuwUdoX5Z4YJtBmKqrQ0E3RWtAt1IVMTrVExS
-dnobP+MkSckI6T0/aeBL+lgZLV1O6z5gSqPi2xklXwgagA6zpLGuIPl7mM+Pm9cD
-YLX0lRSaVhTJxMeCvwxYIuUvP0SyDZe1ofIhp7x8xa9dDvJor0VldRxi8DbSneHf
-P8+JYAvIqsyudH31u4BlT0bv15kKDIQNaLmQtGeCYPoNJNbeod1itD5MR7k4g1oh
-PzgWKYM81n10+6yLR3g0NYDpke9VoJBWeoTL3oiA3AkCAwEAAaOCAWEwggFdMAkG
-A1UdEwQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMB
-BggrBgEFBQcDAjBUBgNVHSMETTBLgBSB95lbELnIjN7zUl7qTmmgQz6s3aEwpC4w
-LDEOMAwGA1UECwwFT1NBQUYxDTALBgNVBAoMBE9OQVAxCzAJBgNVBAYTAlVTggEH
-MB0GA1UdDgQWBBSknkh8g81RnBHm70u/Wk2gFNTlkDCBqAYDVR0RBIGgMIGdghtv
-b2YuYXBpLnNpbXBsZWRlbW8ub25hcC5vcmeCCWNtc28tb25hcIIcY21zby5hcGku
-c2ltcGxlZGVtby5vbmFwLm9yZ4IJY21zby5vbmFwggtvb2YtaGFzLWFwaYIQb29m
-LWhhcy1hcGkub25hcIIIb29mLW9uYXCCCG9vZi1vc2Rmgg1vb2Ytb3NkZi5vbmFw
-gghvb2Yub25hcDANBgkqhkiG9w0BAQsFAAOCAQEABBBLE4thQulELuL4uyfRadNz
-wycXjwXaxh9bj3e4QSIHwsRx/JZliYcNC1YKA066+230zdApzfDlFIRteJrYJkvh
-0O0l/7hpVQbl0/5rlzAipm9r14M1CF2VJ//L721CgnQDrMqT1iewiUvIdyoqGy/Z
-0a6/mWgwACpTJQQ7e/KBWNOVQUe1H39Bv1gNLM6iMl8kflMCyTDx5pJYocpvXzi+
-KF9u9YCCgOI8j1yvxLP4r7M0hCh2GpPzlbsSt0K0yD0d+L9eC0frgeTOJmV0l/kd
-P67jUbbRG4Nu1dS8+6RnvhXQD6pbFJo0bga2MldfDfpUPZCvmodgkPuSERTT7Q==
+bnRlcm1lZGlhdGVDQV85MB4XDTIwMDQwNDE4NDMxNloXDTIxMDQwNDE4NDMxNlow
+XjERMA8GA1UEAwwIb29mLm9uYXAxHTAbBgNVBAsMFG9vZkBvb2Yub25hcC5vcmc6
+REVWMQ4wDAYDVQQLDAVPU0FBRjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv9ebvHIAgYYtJZDvxwDLR
+UlCLQutOCosckzgWIwCL9JCJcd+4vMhGnT/zoKckm3koTOV4rB4Cfnf+CLYpRbLQ
+IlLUopRs7ZQZNNyYm3l6ygi3IrW9MldUd2U1MnFZDpV4dEW67rDbCjz8MS2XrnxB
+HpCzyxXvm5Uzf/U5J48fdhlJU2U00D89lCy9dRLOg7Jk2R8cn8BG2bCKGUfEjKb+
+LL9EqdJrGXstZii2OLsByQIEZuL5fv2wLh9m6m55wA+wKOS3aEkqiHaHKfVxm1ZH
+hvP5zkkkex/hH1OEkTQCIzHuJnBZMr4bT1keLf4kBWrnM4zEQgGuxS2guGQUGsib
+AgMBAAGjggHnMIIB4zAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIF4DAgBgNVHSUB
+Af8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwVAYDVR0jBE0wS4AUgfeZWxC5yIze
+81Je6k5poEM+rN2hMKQuMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQ
+MQswCQYDVQQGEwJVU4IBBzAdBgNVHQ4EFgQUkjCndmbyBIsg2xtiFYgeONQa8Ysw
+ggEtBgNVHREEggEkMIIBIIEfbWFyay5kLm1hbmFnZXJAcGVvcGxlLm9zYWFmLmNv
+bYIIb29mLm9uYXCCCWNtc28tb25hcIIcY21zby5hcGkuc2ltcGxlZGVtby5vbmFw
+Lm9yZ4IJY21zby5vbmFwgghvb2YtY21zb4ISb29mLWNtc28tb3B0aW1pemVyghJv
+b2YtY21zby10aWNrZXRtZ3SCEW9vZi1jbXNvLXRvcG9sb2d5ggtvb2YtaGFzLWFw
+aYIQb29mLWhhcy1hcGkub25hcIIIb29mLW9uYXCCCm9vZi1vcHRlbmeCD29vZi1v
+cHRlbmcub25hcIIIb29mLW9zZGaCDW9vZi1vc2RmLm9uYXCCG29vZi5hcGkuc2lt
+cGxlZGVtby5vbmFwLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEAHoAD6tRvFPAtUfkU
+FsTO2p7lftMld0CzeAWfEln9vBXwr0ZGdNTP2TWJAcenIE1cwJavyQuDc3sZ4Z20
+/pOz1/oic9gnlVFe46/KRcwVUVXBU1EJlXB2UPU/v4MNrkWUcgqzEcxfKmBWl/My
+7OlQFc7zAeqZw6XtnaLzMipaXg98M7sWnfS4t116wfwmHIkP2RY7dAp1XAbzOW+X
+koFvfuj6MljxEzy8oc90SxhQHWNhWH73FxW0MuP+qf6x5PRciXIq6NJOrkG91Z0L
+mksGtWU58Y7uP9DzcxaOB4cv3UpK4rx//IUnAN4/aDxLq566A5qj21ftMhHlCFg5
+GsHFjQ==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEdTCCAl2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB
-----BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDTvSNfotbMhL/Q
-xF9ZbfYqBGGEQ+c71qhJLb+pXNLG7JZY6zbhg9c7kSFN1QmNRtLHTmv5T7sFHaF+
-WeGCbQZiqq0NBN0VrQLdSFTE61RMUnZ6Gz/jJEnJCOk9P2ngS/pYGS1dTus+YEqj
-4tsZJV8IGoAOs6SxriD5e5jPj5vXA2C19JUUmlYUycTHgr8MWCLlLz9Esg2XtaHy
-Iae8fMWvXQ7yaK9FZXUcYvA20p3h3z/PiWALyKrMrnR99buAZU9G79eZCgyEDWi5
-kLRngmD6DSTW3qHdYrQ+TEe5OINaIT84FimDPNZ9dPusi0d4NDWA6ZHvVaCQVnqE
-y96IgNwJAgMBAAECggEBAJsOoi3x+OzytelzNQQvk5p3dNZAR8C5VKmqV/X15OEJ
-9pwNPDZvrxmPEV2HCiSsXcTYuBdt/N4lMdNujMdPgeKVbH7hNeoetb9IrdM7JpNx
-vBN1ixaSx3nyDaPtoWJBIYaMgX0YQwt9xos3oQ1MIci0Z1zcz1nS05D/ows09oHA
-QMzq/cMHi69Sce/4RJYmGVaHuMpcBBEzvj6cDR+sIqh9MlRuLwwcyTcWki8XTCBA
-0bb8YEFnPl/85s+q8qDnI5kSRQ5ZLhnTK8kAl2DnEFWXxOMLUAl/pGMdkN55QyBO
-6AYM+MoKOuzmH0sntjEXv5ACH0zF8yvkPjMG3gaIzgECgYEA+Cge4QicXTNOztax
-HNHSqsQHJbRyJ/j+kqccAC2/u0PhSyDAgPZENcPqTtOEyDfU7Qtbx5xfmpMvzdgE
-RsGoLU2QpGXFa65bGqrN6uxeb9HihVEokG+EKUPVqjyudNGBMNNy3MoLXhb0GtPn
-vXotC5efZrG1VVeynUc9hpKwKcECgYEA2m5anXTvCceq+L6Fv2dqOFMp4pQ62T5h
-zWCn2arthqic9yP0R7VkGR3fLr5gR2ETR4n/m9mnDr7tEXHbXE4SrFWhoV4huYrW
-DQXzx2ByNqgobv+3nrAoc/PKZe0ZWANr71J4TWKAz2CzHSsRGuvP88Fe9EzIy8jr
-lhDjSKC59EkCgYBQKRWgd5ma+aHxaqSXvKeiheQRJ/LgOqxxTw3aeOzAXzL9g7zr
-a6GpBHpBsE3qJy7ey5aAKmEvm3ALvEXVXWUoDTA2CrH1EMNZH+eYhXYUBOZ5Tjge
-QAefFMyGS0fHcI2c6hDmhVWatStxJxZqvHakkfvpvmnnAYcvCv4y5FuHgQKBgDlZ
-lhMXW5eOxBYRN96cUWg+dZXW42icl2MsCIX++eRMKwI8f2vAdWqezDViqLa1BzHW
-SrVpvRIDEQ1ufnDK0t5KkWhj5ajoifDbajkj2nj9R7h1DYntqIFhNffy+59/Lnyk
-g4+V2EoakoyK/S+7UFsonzy3WFUhCLHa90HfaVN5AoGBAIBoMOTZvt0vebJl3hT1
-SyruP8//nv+2iqvBrHYi62zw4guqE/o+gByPPKq3RvUGODWToN+7guDzpntCDI35
-Z8GQ5eXG+nHsnwu4hbmh8hubLujmhyegc6ztMoPnnBPr4a4IrLPg37NKmCt7eEO6
-MUrMTOf2romyJgABunEPTWo3
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCv9ebvHIAgYYtJ
+ZDvxwDLRUlCLQutOCosckzgWIwCL9JCJcd+4vMhGnT/zoKckm3koTOV4rB4Cfnf+
+CLYpRbLQIlLUopRs7ZQZNNyYm3l6ygi3IrW9MldUd2U1MnFZDpV4dEW67rDbCjz8
+MS2XrnxBHpCzyxXvm5Uzf/U5J48fdhlJU2U00D89lCy9dRLOg7Jk2R8cn8BG2bCK
+GUfEjKb+LL9EqdJrGXstZii2OLsByQIEZuL5fv2wLh9m6m55wA+wKOS3aEkqiHaH
+KfVxm1ZHhvP5zkkkex/hH1OEkTQCIzHuJnBZMr4bT1keLf4kBWrnM4zEQgGuxS2g
+uGQUGsibAgMBAAECggEAZFnZWoTmjZET3sdLaJQ0ZyyKwuFnURqyO5m6YuWTaj4Q
+MFLBRJplneAQmOEGcdo5PsKcHDYM5185D6foO6GEWS86Dgqqm3TjAX0kUeRZY63V
+SpyBCWWsaH+vOKeL/T5UAF5PZky6kDFGlo11cwwP0ROdcuxflkck0DopoG7vMQE0
+XvOWDn9z7WLu6hph7RnweW5Wou3VG2WSlE8i7gngAExxRFs2RxUr3UHooUX0pLOY
+Qk/ofsWB6AhMD02BAIgKEWZK33+uTHUchbm3zA1sAx8vXoA5G9uSh/E+YnXbt3D0
+0wrHIJy+BW3f4WfGc7tE3HpsnLsnUwBV48DvG/zAAQKBgQD4HshYjEkT4WAVnzbe
+FaivRh67sFqHvkpSA4gmNdot1Q4MeZ1I5u2lKBntbxyk72m/zA/7qw2h1PT2r430
+XA2/cV+YHCiTbPqfm0Lj+w0ht+RmF3VQB1uHWjsVvybPIeuwVLZ3hgu2Tl2oDCKd
+8bKLpvj4fwZRxbp3G5VjuQztiwKBgQC1jHYVaUHkekshHG0HFPBKAEU8urSeKzoD
+Y7SyrDLQwx3rqhY3v0VZntjnT47JEThECunl5Aun0YJyMs12Ex0zI7ciC9WIgbHx
+Qhs/46uhKPuiEHzBsET6CX7wDBJMBIN6HrNMsSdCTmWZu6LGJSlHasEXnmKsTngF
+nYdBeQATMQKBgGMvOvtaqOPPli9OhApnMhVOvH5e0vGsed0rGEPeByeHIaSPAPbh
+iWIaE7M8VYEBS46mLkV2bW6hyILMTry+B6jd007lArtcNxuSXzzvYKJ39k9xVS32
+ovoKcdARp5vpfWPxmTdSWGA6F2pT34qv0aXNy3zamlYZ6p4uYpuIn8hdAoGAKL5h
+MeTxeMlJWyD6BwDX/IObBkoQhv7EgkY6I28p6FghuuXtHo26jqZrn13neZB3xC1+
+2K0ZQIxwbhigq8MWZoe5bdaiEYSp3q8rVmdN+VktP+3bUcyxbjv7VPwgjxbkOt/w
+9WE8olDd1Gab3UQxw2ld9GMDWhAyN3BnDnaNYcECgYBFyc/maooUp2x1SEh3UisY
+vkpzYvUyHGiq2/gwm1htz8HQO75RuNY/YtxN1m9jrMArPBy6OgQ/Wk3Zi6S8HqYY
+ENTUUsIVr33nJT3rOWWJ2qdAmo6kAWt/J3LPNV01MWZ2cU4DcEDF1ZVkGFVgI0ZC
+h+G1ZXD4PyjI6KWhRC3JuA==
-----END PRIVATE KEY-----
\ No newline at end of file
placementDefaultMinorVersion: {{ .Values.config.placementDefaultMinorVersion }}
placementDefaultPatchVersion: {{ .Values.config.placementDefaultPatchVersion }}
-# Credentials for SO
-soUsername: {{ .Values.config.soUsername }}
-soPassword: {{ .Values.config.soPassword }}
-
# Credentials for Conductor
conductorUrl: {{ .Values.config.conductorUrl }}
-conductorUsername: {{ .Values.config.conductorUsername }}
-conductorPassword: {{ .Values.config.conductorPassword }}
conductorPingWaitTime: {{ .Values.config.conductorPingWaitTime }}
conductorMaxRetries: {{ .Values.config.conductorMaxRetries }}
# versions to be set in HTTP header
# Policy Platform -- requires ClientAuth, Authorization, and Environment
policyPlatformUrl: {{ .Values.config.policyPlatformUrl }}
policyPlatformEnv: {{ .Values.config.policyPlatformEnv }}
-policyPlatformUsername: {{ .Values.config.policyPlatformUsername }}
-policyPlatformPassword: {{ .Values.config.policyPlatformPassword }}
-policyClientUsername: {{ .Values.config.policyClientUsername }}
-policyClientPassword: {{ .Values.config.policyClientPassword }}
# Credentials for DMaaP
messageReaderHosts: {{ .Values.config.messageReaderHosts }}
messageReaderTopic: {{ .Values.config.messageReaderTopic }}
-messageReaderAafUserId: {{ .Values.config.messageReaderAafUserId }}
-messageReaderAafPassword: {{ .Values.config.messageReaderAafPassword }}
# Credentials for SDC
sdcUrl: {{ .Values.config.sdcUrl }}
-sdcUsername: {{ .Values.config.sdcUsername }}
-sdcPassword: {{ .Values.config.sdcPassword }}
sdcONAPInstanceID: {{ .Values.config.sdcONAPInstanceID }}
-# Credentials for the OOF placement service - Generic
-osdfPlacementUsername: {{ .Values.config.osdfPlacementUsername }}
-osdfPlacementPassword: {{ .Values.config.osdfPlacementPassword }}
-
-# Credentials for the OOF placement service - SO
-osdfPlacementSOUsername: {{ .Values.config.osdfPlacementSOUsername }}
-osdfPlacementSOPassword: {{ .Values.config.osdfPlacementSOPassword }}
-
-# Credentials for the OOF placement service - VFC
-osdfPlacementVFCUsername: {{ .Values.config.osdfPlacementVFCUsername }}
-osdfPlacementVFCPassword: {{ .Values.config.osdfPlacementVFCPassword }}
-
-# Credentials for the OOF CM scheduling service - Generic
-osdfCMSchedulerUsername: {{ .Values.config.osdfCMSchedulerUsername }}
-osdfCMSchedulerPassword: {{ .Values.config.osdfCMSchedulerPassword }}
-
is_aaf_enabled: {{ .Values.config.is_aaf_enabled }}
aaf_cache_expiry_mins: {{ .Values.config.aaf_cache_expiry_mins }}
aaf_url: {{ .Values.config.aaf_url }}
# config db api
configDbUrl: {{ .Values.config.configDbUrl }}
-configDbUserName: {{ .Values.config.configDbUserName }}
-configDbPassword: {{ .Values.config.configDbPassword }}
configDbGetCellListUrl: {{ .Values.config.configDbGetCellListUrl }}
configDbGetNbrListUrl: {{ .Values.config.configDbGetNbrListUrl }}
-# Credentials for PCIHandler
-pciHMSUsername: {{ .Values.config.pciHMSUsername }}
-pciHMSPassword: {{ .Values.config.pciHMSPassword }}
-
-# Credentials for the OOF PCI Opt service
-osdfPCIOptUsername: {{ .Values.config.osdfPCIOptUsername }}
-osdfPCIOptPassword: {{ .Values.config.osdfPCIOptPassword }}
+#key
+appkey: ''
- /root/ready.py
args:
- --container-name
- - pdp
+ - policy-xacml-pdp
env:
- name: NAMESPACE
valueFrom:
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-osdf-sms-readiness
+
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- mountPath: /etc/localtime
name: localtime
readOnly: true
- - mountPath: /opt/app/config/osdf_config.yaml
+ - mountPath: /opt/osdf/config/osdf_config.yaml
name: {{ include "common.fullname" . }}-config
subPath: osdf_config.yaml
- mountPath: /opt/app/ssl_cert/aaf_root_ca.cer
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/optf-osdf:1.3.4
+image: onap/optf-osdf:2.0.3
pullPolicy: Always
# flag to enable debugging - application support required
placementDefaultMajorVersion: "1"
placementDefaultMinorVersion: "0"
placementDefaultPatchVersion: "0"
- # Credentials of the callback url for SO.
- soUsername: "" # SO username for call back.
- soPassword: "" # SO password for call back.
+
# Url and credentials for Conductor.
conductorUrl: https://oof-has-api:8091/v1/plans/
- conductorUsername: admin1
- conductorPassword: plan.15
conductorPingWaitTime: 60
conductorMaxRetries: 30
# versions to be set in HTTP header
conductorMinorVersion: 0
# Url and credentials for the Policy Platform
- policyPlatformUrl: https://pdp:8081/pdp/api/getConfig # Policy Dev platform URL
+ policyPlatformUrl: https://policy-xacml-pdp:6969/policy/pdpx/v1/decision # Policy Dev platform URL
policyPlatformEnv: TEST # Environment for policy platform
- policyPlatformUsername: testpdp # Policy platform username.
- policyPlatformPassword: alpha123 # Policy platform password.
- policyClientUsername: python # For use with ClientAuth
- policyClientPassword: test # For use with ClientAuth
# Credentials for the message reader - A placeholder.
messageReaderHosts: NA
messageReaderTopic: NA
- messageReaderAafUserId: NA
- messageReaderAafPassword: NA
# Credentials for the SDC interface - A placeholder.
sdcUrl: NA
- sdcUsername: NA
- sdcPassword: NA
sdcONAPInstanceID: NA
- # Credentials for the placement service – Generic.
- osdfPlacementUsername: "test"
- osdfPlacementPassword: "testpwd"
- # Credentials for the OOF placement service – SO.
- osdfPlacementSOUsername: so_test
- osdfPlacementSOPassword: so_testpwd
- # Credentials for the OOF placement service - VFC
- osdfPlacementVFCUsername: vfc_test
- osdfPlacementVFCPassword: vfc_testpwd
- # Credentials for the OOF CM scheduling service – Generic.
- osdfCMSchedulerUsername: test1
- osdfCMSchedulerPassword: testpwd1
#AAF Authentication
is_aaf_enabled: False
aaf_cache_expiry_mins: 5
aaf_ca_certs: /opt/app/ssl_cert/aaf_root_ca.cer
# config db api
configDbUrl: http://config.db.url:8080
- configDbUserName: osdf
- configDbPassword: passwd
configDbGetCellListUrl: 'SDNCConfigDBAPI/getCellList'
configDbGetNbrListUrl: 'SDNCConfigDBAPI/getNbrList'
- # Credentials for PCIHandler
- pciHMSUsername: "" # pcihandler username for call back.
- pciHMSPassword: "" # pcihandler password for call back.
- # Credentials for the OOF PCI Opt service
- osdfPCIOptUsername: pci_test
- osdfPCIOptPassword: pci_testpwd
# default number of instances
replicaCount: 1
nodeSelector: {}
name: "oof-osdf"
port: 8698
config:
- ssl: "none"
\ No newline at end of file
+ ssl: "redirect"
REST_PAP_URL=https://{{ .Values.global.pap.nameOverride }}:{{.Values.config.papPort}}/pap/
REST_PDP_ID=https://{{ .Values.global.pdp.nameOverride }}:{{.Values.config.pdpPort}}/pdp/
-PDP_HTTP_USER_ID=testpdp
-PDP_HTTP_PASSWORD=alpha123
-PDP_PAP_PDP_HTTP_USER_ID=testpap
-PDP_PAP_PDP_HTTP_PASSWORD=alpha123
+PDP_HTTP_USER_ID=${PDP_HTTP_USER_ID}
+PDP_HTTP_PASSWORD=${PDP_HTTP_PASSWORD}
+PDP_PAP_PDP_HTTP_USER_ID=${PDP_PAP_PDP_HTTP_USER_ID}
+PDP_PAP_PDP_HTTP_PASSWORD=${PDP_PAP_PDP_HTTP_PASSWORD}
M2_HOME=/usr/share/java/maven-3
snapshotRepositoryID=policy-nexus-snapshots
releaseRepositoryID=policy-nexus-releases
releaseRepositoryName=Releases
releaseRepositoryURL=http://{{ .Values.global.nexus.nameOverride }}:{{.Values.config.nexusPort}}/nexus/content/repositories/releases
-repositoryUsername=admin
-repositoryPassword=admin123
+repositoryUsername=${REPOSITORY_USERNAME}
+repositoryPassword=${REPOSITORY_PASSWORD}
UEB_URL=message-router
UEB_TOPIC=PDPD-CONFIGURATION
UEB_API_KEY=
BRMS_UEB_API_SECRET=
#Dependency.json file version
-BRMS_DEPENDENCY_VERSION=1.6.0
-BRMS_MODELS_DEPENDENCY_VERSION=2.2.2
+BRMS_DEPENDENCY_VERSION=1.6.3
+BRMS_MODELS_DEPENDENCY_VERSION=2.2.5
release: {{ include "common.release" . }}
spec:
initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; chmod 0755 /config/${PFILE}; done"
+ env:
+ - name: JDBC_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ - name: JDBC_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ - name: PDP_HTTP_USER_ID
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "login") | indent 10 }}
+ - name: PDP_HTTP_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "password") | indent 10 }}
+ - name: PDP_PAP_PDP_HTTP_USER_ID
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "login") | indent 10 }}
+ - name: PDP_PAP_PDP_HTTP_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "password") | indent 10 }}
+ - name: REPOSITORY_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "login") | indent 10 }}
+ - name: REPOSITORY_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input/pe
+ name: pe-input
+ - mountPath: /config-input/pe-brmsgw
+ name: pe-brmsgw-input
+ - mountPath: /config/pe
+ name: pe
+ - mountPath: /config/pe-brmsgw
+ name: pe-brmsgw
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
- command:
- /root/ready.py
args:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- name: JDBC_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ - name: PDP_HTTP_USER_ID
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "login") | indent 10 }}
+ - name: PDP_HTTP_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "password") | indent 10 }}
+ - name: PDP_PAP_PDP_HTTP_USER_ID
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "login") | indent 10 }}
+ - name: PDP_PAP_PDP_HTTP_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "password") | indent 10 }}
+ - name: REPOSITORY_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "login") | indent 10 }}
+ - name: REPOSITORY_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "password") | indent 10 }}
ports:
- containerPort: {{ .Values.service.externalPort }}
{{- if eq .Values.liveness.enabled true }}
- name: localtime
hostPath:
path: /etc/localtime
- - name: pe
+ - name: pe-input
configMap:
name: {{ include "common.release" . }}-pe-configmap
defaultMode: 0755
configMap:
name: {{ include "common.release" . }}-pe-scripts-configmap
defaultMode: 0777
- - name: pe-brmsgw
+ - name: pe-brmsgw-input
configMap:
name: {{ include "common.fullname" . }}-pe-configmap
defaultMode: 0755
+ - name: pe
+ emptyDir:
+ medium: Memory
+ - name: pe-brmsgw
+ emptyDir:
+ medium: Memory
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
nodePortPrefix: 302
readinessRepository: oomk8s
readinessImage: readiness-check:2.0.2
+ envsubstImage: dibi/envsubst
#################################################################
# Secrets metaconfig
login: '{{ .Values.db.user }}'
password: '{{ .Values.db.password }}'
passwordPolicy: required
+ - uid: pdp-http-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.pdp.pdpCredsExternalSecret) . }}'
+ login: '{{ .Values.pdp.pdphttpuserid }}'
+ password: '{{ .Values.pdp.pdphttppassword }}'
+ passwordPolicy: required
+ - uid: pap-http-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.pap.papCredsExternalSecret) . }}'
+ login: '{{ .Values.pap.pdppappdphttpuserid }}'
+ password: '{{ .Values.pap.pdppappdphttppassword }}'
+ passwordPolicy: required
+ - uid: nexus-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.nexus.nexusCredsExternalSecret) . }}'
+ login: '{{ .Values.nexus.repositoryUsername }}'
+ password: '{{ .Values.nexus.repositoryPassword }}'
+ passwordPolicy: required
#################################################################
# Application configuration defaults.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-pe:1.6.1
+image: onap/policy-pe:1.6.3
pullPolicy: Always
# flag to enable debugging - application support required
db:
user: policy_user
password: policy_user
+pdp:
+ pdphttpuserid: testpdp
+ pdphttppassword: alpha123
+pap:
+ pdppappdphttpuserid: testpap
+ pdppappdphttppassword: alpha123
+nexus:
+ repositoryUsername: admin
+ repositoryPassword: admin123
# default number of instances
replicaCount: 1
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-pdpd-cl:1.6.0
+image: onap/policy-pdpd-cl:1.6.3
pullPolicy: Always
# flag to enable debugging - application support required
"restServerParameters":{
"host":"0.0.0.0",
"port":6969,
- "userName":"healthcheck",
- "password":"zb!XztG34",
+ "userName":"${RESTSERVER_USER}",
+ "password":"${RESTSERVER_PASSWORD}",
"https": true,
"aaf": false
},
"clientName": "api",
"hostname": "policy-api",
"port": 6969,
- "userName": "healthcheck",
- "password": "zb!XztG34",
+ "userName": "${API_USER}",
+ "password": "${API_PASSWORD}",
"useHttps": true,
"basePath": "policy/api/v1/healthcheck"
},
"clientName": "distribution",
"hostname": "policy-distribution",
"port": 6969,
- "userName": "healthcheck",
- "password": "zb!XztG34",
+ "userName": "${DISTRIBUTION_USER}",
+ "password": "${DISTRIBUTION_PASSWORD}",
"useHttps": true,
"basePath": "healthcheck"
}]
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- name: SQL_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ - name: RESTSERVER_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }}
+ - name: RESTSERVER_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }}
+ - name: API_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-secret" "key" "login") | indent 10 }}
+ - name: API_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-secret" "key" "password") | indent 10 }}
+ - name: DISTRIBUTION_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "distribution-secret" "key" "login") | indent 10 }}
+ - name: DISTRIBUTION_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "distribution-secret" "key" "password") | indent 10 }}
volumeMounts:
- mountPath: /config-input
name: papconfig
login: '{{ .Values.db.user }}'
password: '{{ .Values.db.password }}'
passwordPolicy: required
+ - uid: restserver-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}'
+ login: '{{ .Values.restServer.user }}'
+ password: '{{ .Values.restServer.password }}'
+ passwordPolicy: required
+ - uid: api-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.healthCheckRestClient.api.credsExternalSecret) . }}'
+ login: '{{ .Values.healthCheckRestClient.api.user }}'
+ password: '{{ .Values.healthCheckRestClient.api.password }}'
+ passwordPolicy: required
+ - uid: distribution-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.healthCheckRestClient.distribution.credsExternalSecret) . }}'
+ login: '{{ .Values.healthCheckRestClient.distribution.user }}'
+ password: '{{ .Values.healthCheckRestClient.distribution.password }}'
+ passwordPolicy: required
#################################################################
# Application configuration defaults.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-pap:2.2.0
+image: onap/policy-pap:2.2.2
pullPolicy: Always
# flag to enable debugging - application support required
db:
user: policy_user
password: policy_user
+restServer:
+ user: healthcheck
+ password: zb!XztG34
+healthCheckRestClient:
+ api:
+ user: healthcheck
+ password: zb!XztG34
+ distribution:
+ user: healthcheck
+ password: zb!XztG34
# default number of instances
replicaCount: 1
REST_PDP_MAXCONTENT=999999999
# PDP related properties
-PDP_HTTP_USER_ID=testpdp
-PDP_HTTP_PASSWORD=alpha123
-PDP_PAP_PDP_HTTP_USER_ID=testpap
-PDP_PAP_PDP_HTTP_PASSWORD=alpha123
+PDP_HTTP_USER_ID=${PDP_HTTP_USER_ID}
+PDP_HTTP_PASSWORD=${PDP_HTTP_PASSWORD}
+PDP_PAP_PDP_HTTP_USER_ID=${PDP_PAP_PDP_HTTP_USER_ID}
+PDP_PAP_PDP_HTTP_PASSWORD=${PDP_PAP_PDP_HTTP_PASSWORD}
node_type=pdp_xacml
resource_name=pdp_1
release: {{ include "common.release" . }}
spec:
initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; chmod 0755 /config/${PFILE}; done"
+ env:
+ - name: JDBC_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ - name: JDBC_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ - name: PDP_HTTP_USER_ID
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "login") | indent 10 }}
+ - name: PDP_HTTP_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "password") | indent 10 }}
+ - name: PDP_PAP_PDP_HTTP_USER_ID
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "login") | indent 10 }}
+ - name: PDP_PAP_PDP_HTTP_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input/pe
+ name: pe-input
+ - mountPath: /config-input/pe-pdp
+ name: pe-pdp-input
+ - mountPath: /config/pe
+ name: pe
+ - mountPath: /config/pe-pdp
+ name: pe-pdp
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
- command:
- /root/ready.py
args:
name: pe
subPath: base.conf
- mountPath: /tmp/policy-install/config/pdp-tweaks.sh
- name: pe-pdp
+ name: pe-pdp-input
subPath: pdp-tweaks.sh
- mountPath: /tmp/policy-install/config/pdplp.conf
name: pe-pdp
- name: policy-logback
configMap:
name: {{ include "common.fullname" . }}-log-configmap
- - name: pe
+ - name: pe-input
configMap:
name: {{ include "common.release" . }}-pe-configmap
defaultMode: 0755
configMap:
name: {{ include "common.release" . }}-pe-scripts-configmap
defaultMode: 0777
- - name: pe-pdp
+ - name: pe-pdp-input
configMap:
name: {{ include "common.fullname" . }}-pe-configmap
defaultMode: 0755
+ - name: pe
+ emptyDir:
+ medium: Memory
+ - name: pe-pdp
+ emptyDir:
+ medium: Memory
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
login: '{{ .Values.db.user }}'
password: '{{ .Values.db.password }}'
passwordPolicy: required
+ - uid: pdp-http-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.pdp.pdpCredsExternalSecret) . }}'
+ login: '{{ .Values.pdp.pdphttpuserid }}'
+ password: '{{ .Values.pdp.pdphttppassword }}'
+ passwordPolicy: required
+ - uid: pap-http-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.pap.papCredsExternalSecret) . }}'
+ login: '{{ .Values.pap.pdppappdphttpuserid }}'
+ password: '{{ .Values.pap.pdppappdphttppassword }}'
+ passwordPolicy: required
#################################################################
# Application configuration defaults.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-pe:1.6.1
+image: onap/policy-pe:1.6.3
pullPolicy: Always
# flag to enable debugging - application support required
db:
user: policy_user
password: policy_user
+pdp:
+ pdphttpuserid: testpdp
+ pdphttppassword: alpha123
+pap:
+ pdppappdphttpuserid: testpap
+ pdppappdphttppassword: alpha123
config:
papPort: 9091
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-apex-pdp:2.3.0
+image: onap/policy-apex-pdp:2.3.1
pullPolicy: Always
# flag to enable debugging - application support required
"restServerParameters":{
"host":"0.0.0.0",
"port":6969,
- "userName":"healthcheck",
- "password":"zb!XztG34",
+ "userName":"${RESTSERVER_USER}",
+ "password":"${RESTSERVER_PASSWORD}",
"https": true,
"aaf": false
},
- "export SQL_PASSWORD_BASE64=`echo -n ${SQL_PASSWORD} | base64`; cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
env:
- name: SQL_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 12 }}
- name: SQL_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "password") | indent 12 }}
+ - name: RESTSERVER_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 12 }}
+ - name: RESTSERVER_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "password") | indent 12 }}
volumeMounts:
- mountPath: /config-input
name: apiconfig
# Secrets metaconfig
#################################################################
secrets:
- - uid: db-secret
+ - uid: db-creds
type: basicAuth
externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
login: '{{ .Values.db.user }}'
password: '{{ .Values.db.password }}'
passwordPolicy: required
+ - uid: restserver-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}'
+ login: '{{ .Values.restServer.user }}'
+ password: '{{ .Values.restServer.password }}'
+ passwordPolicy: required
#################################################################
# Application configuration defaults.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-api:2.2.1
+image: onap/policy-api:2.2.3
pullPolicy: Always
# flag to enable debugging - application support required
db:
user: policy_user
password: policy_user
+restServer:
+ user: healthcheck
+ password: zb!XztG34
# default number of instances
replicaCount: 1
JDBC_DRIVER=org.mariadb.jdbc.Driver
JDBC_URL=jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/onap_sdk?connectTimeout=30000&socketTimeout=60000&log=true&sessionVariables=max_statement_time=30
JDBC_LOG_URL=jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/log?connectTimeout=30000&socketTimeout=60000&log=true&sessionVariables=max_statement_time=30
-JDBC_USER={{ .Values.global.mariadb.config.userName }}
-JDBC_PASSWORD={{ .Values.global.mariadb.config.userPassword }}
+
+JDBC_USER=${JDBC_USER}
+JDBC_PASSWORD=${JDBC_PASSWORD}
site_name=site_1
fp_monitor_interval=30
+#!/bin/bash
+
# Copyright © 2017 Amdocs, Bell Canada, AT&T
+# Modifications Copyright © 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-#!/bin/bash
# Script to configure and start the Policy components that are to run in the designated container,
# It is intended to be used as the entrypoint in the Dockerfile, so the last statement of the
fi
if [[ -f config/policy-truststore ]]; then
- cp -f config/policy-truststore $[POLICY_HOME]/etc/ssl
+ cp -f config/policy-truststore $POLICY_HOME/etc/ssl
fi
if [[ -f config/$container-tweaks.sh ]] ; then
fi
policy.sh start
-
-# on pap, wait for pap, pdp, brmsgw, nexus and drools up,
-# then push the initial default policies
-if [[ $container == pap ]]; then
- # wait addional 1 minute for all processes to get fully initialized and synched up
- sleep 60
- bash -xv config/push-policies.sh
-fi
-
sleep 1000d
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-distribution:2.3.0
+image: onap/policy-distribution:2.3.1
pullPolicy: Always
# flag to enable debugging - application support required
"restServerParameters": {
"host": "0.0.0.0",
"port": 6969,
- "userName": "healthcheck",
- "password": "zb!XztG34",
+ "userName": "${RESTSERVER_USER}",
+ "password": "${RESTSERVER_PASSWORD}",
"https": true,
"aaf": false
},
"policyApiParameters": {
"host": "policy-api",
"port": 6969,
- "userName": "healthcheck",
- "password": "zb!XztG34",
+ "userName": "${API_USER}",
+ "password": "${API_PASSWORD}",
"https": true,
"aaf": false
},
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: RESTSERVER_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }}
+ - name: RESTSERVER_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "password") | indent 10 }}
+ - name: API_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-creds" "key" "login") | indent 10 }}
+ - name: API_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-creds" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: pdpxconfig
+ - mountPath: /config
+ name: pdpxconfig-processed
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
name: localtime
readOnly: true
- mountPath: /opt/app/policy/pdpx/etc/mounted
- name: pdpxconfig
+ name: pdpxconfig-processed
+ emptyDir:
+ medium: Memory
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
configMap:
name: {{ include "common.fullname" . }}-configmap
defaultMode: 0755
+ - name: pdpxconfig-processed
+ emptyDir:
+ medium: Memory
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
#################################################################
global:
persistence: {}
+ envsubstImage: dibi/envsubst
#################################################################
# Secrets metaconfig
login: '{{ .Values.db.user }}'
password: '{{ .Values.db.password }}'
passwordPolicy: required
+ - uid: restserver-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}'
+ login: '{{ .Values.restServer.user }}'
+ password: '{{ .Values.restServer.password }}'
+ passwordPolicy: required
+ - uid: api-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.apiServer.credsExternalSecret) . }}'
+ login: '{{ .Values.apiServer.user }}'
+ password: '{{ .Values.apiServer.password }}'
+ passwordPolicy: required
#################################################################
# Application configuration defaults.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-xacml-pdp:2.2.0
+image: onap/policy-xacml-pdp:2.2.1
pullPolicy: Always
# flag to enable debugging - application support required
db:
user: policy_user
password: policy_user
+restServer:
+ user: healthcheck
+ password: zb!XztG34
+apiServer:
+ user: healthcheck
+ password: zb!XztG34
# default number of instances
replicaCount: 1
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-# Modifications Copyright © 2018-2019 AT&T. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#! /bin/bash
-
-# forked from https://gerrit.onap.org/r/gitweb?p=policy/docker.git;a=blob;f=config/pe/push-policies.sh;h=555ab357e6b4f54237bf07ef5e6777d782564bc0;hb=refs/heads/amsterdam and adapted for OOM
-
-#########################################Upload BRMS Param Template##########################################
-
-echo "Upload BRMS Param Template"
-
-sleep 2
-
-wget -O cl-amsterdam-template.drl https://git.onap.org/policy/drools-applications/plain/controlloop/templates/archetype-cl-amsterdam/src/main/resources/archetype-resources/src/main/resources/__closedLoopControlName__.drl
-
-sleep 2
-
-curl -k -v --silent -X POST --header 'Content-Type: multipart/form-data' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -F "file=@cl-amsterdam-template.drl" -F "importParametersJson={\"serviceName\":\"ClosedLoopControlName\",\"serviceType\":\"BRMSPARAM\"}" 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/policyEngineImport'
-
-echo "PRELOAD_POLICIES is $PRELOAD_POLICIES"
-
-if [ "$PRELOAD_POLICIES" == "false" ]; then
- exit 0
-fi
-
-#########################################Create BRMS Param policies##########################################
-
-echo "Create BRMSParam Operational Policies"
-
-sleep 2
-
-echo "Create BRMSParamvFirewall Policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/html' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "policyConfigType": "BRMS_PARAM",
- "policyName": "com.BRMSParamvFirewall",
- "policyDescription": "BRMS Param vFirewall policy",
- "policyScope": "com",
- "attributes": {
- "MATCHING": {
- "controller" : "amsterdam"
- },
- "RULE": {
- "templateName": "ClosedLoopControlName",
- "closedLoopControlName": "ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a",
- "controlLoopYaml": "controlLoop%3A%0D%0A++version%3A+2.0.0%0D%0A++controlLoopName%3A+ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a%0D%0A++trigger_policy%3A+unique-policy-id-1-modifyConfig%0D%0A++timeout%3A+1200%0D%0A++abatement%3A+false%0D%0A+%0D%0Apolicies%3A%0D%0A++-+id%3A+unique-policy-id-1-modifyConfig%0D%0A++++name%3A+modify+packet+gen+config%0D%0A++++description%3A%0D%0A++++actor%3A+APPC%0D%0A++++recipe%3A+ModifyConfig%0D%0A++++target%3A%0D%0A++++++%23+TBD+-+Cannot+be+known+until+instantiation+is+done%0D%0A++++++resourceID%3A+Eace933104d443b496b8.nodes.heat.vpg%0D%0A++++++type%3A+VNF%0D%0A++++retry%3A+0%0D%0A++++timeout%3A+300%0D%0A++++success%3A+final_success%0D%0A++++failure%3A+final_failure%0D%0A++++failure_timeout%3A+final_failure_timeout%0D%0A++++failure_retries%3A+final_failure_retries%0D%0A++++failure_exception%3A+final_failure_exception%0D%0A++++failure_guard%3A+final_failure_guard"
- }
- }
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-sleep 2
-
-echo "Create BRMSParamvDNS Policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/html' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "policyConfigType": "BRMS_PARAM",
- "policyName": "com.BRMSParamvDNS",
- "policyDescription": "BRMS Param vDNS policy",
- "policyScope": "com",
- "attributes": {
- "MATCHING": {
- "controller" : "amsterdam"
- },
- "RULE": {
- "templateName": "ClosedLoopControlName",
- "closedLoopControlName": "ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3",
- "controlLoopYaml": "controlLoop%3A%0A++version%3A+2.0.0%0A++controlLoopName%3A+ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3%0A++trigger_policy%3A+unique-policy-id-1-scale-up%0A++timeout%3A+1200%0A++abatement%3A+false%0Apolicies%3A%0A++-+id%3A+unique-policy-id-1-scale-up%0A++++name%3A+Create+a+new+VF+Module%0A++++description%3A%0A++++actor%3A+SO%0A++++recipe%3A+VF+Module+Create%0A++++target%3A%0A++++++type%3A+VNF%0A++++payload%3A%0A++++++requestParameters%3A+%27%7B%22usePreload%22%3Atrue%2C%22userParams%22%3A%5B%5D%7D%27%0A++++++configurationParameters%3A+%27%5B%7B%22ip-addr%22%3A%22%24.vf-module-topology.vf-module-parameters.param%5B9%5D%22%2C%22oam-ip-addr%22%3A%22%24.vf-module-topology.vf-module-parameters.param%5B16%5D%22%2C%22enabled%22%3A%22%24.vf-module-topology.vf-module-parameters.param%5B23%5D%22%7D%5D%27%0A++++retry%3A+0%0A++++timeout%3A+1200%0A++++success%3A+final_success%0A++++failure%3A+final_failure%0A++++failure_timeout%3A+final_failure_timeout%0A++++failure_retries%3A+final_failure_retries%0A++++failure_exception%3A+final_failure_exception%0A++++failure_guard%3A+final_failure_guard"
- }
- }
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-sleep 2
-
-echo "Create BRMSParamVOLTE Policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/html' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "policyConfigType": "BRMS_PARAM",
- "policyName": "com.BRMSParamVOLTE",
- "policyDescription": "BRMS Param VOLTE policy",
- "policyScope": "com",
- "attributes": {
- "MATCHING": {
- "controller" : "amsterdam"
- },
- "RULE": {
- "templateName": "ClosedLoopControlName",
- "closedLoopControlName": "ControlLoop-VOLTE-2179b738-fd36-4843-a71a-a8c24c70c55b",
- "controlLoopYaml": "controlLoop%3A%0D%0A++version%3A+2.0.0%0D%0A++controlLoopName%3A+ControlLoop-VOLTE-2179b738-fd36-4843-a71a-a8c24c70c55b%0D%0A++trigger_policy%3A+unique-policy-id-1-restart%0D%0A++timeout%3A+3600%0D%0A++abatement%3A+false%0D%0A+%0D%0Apolicies%3A%0D%0A++-+id%3A+unique-policy-id-1-restart%0D%0A++++name%3A+Restart+the+VM%0D%0A++++description%3A%0D%0A++++actor%3A+VFC%0D%0A++++recipe%3A+Restart%0D%0A++++target%3A%0D%0A++++++type%3A+VM%0D%0A++++retry%3A+3%0D%0A++++timeout%3A+1200%0D%0A++++success%3A+final_success%0D%0A++++failure%3A+final_failure%0D%0A++++failure_timeout%3A+final_failure_timeout%0D%0A++++failure_retries%3A+final_failure_retries%0D%0A++++failure_exception%3A+final_failure_exception%0D%0A++++failure_guard%3A+final_failure_guard"
- }
- }
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-sleep 2
-
-echo "Create BRMSParamvCPE Policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/html' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "policyConfigType": "BRMS_PARAM",
- "policyName": "com.BRMSParamvCPE",
- "policyDescription": "BRMS Param vCPE policy",
- "policyScope": "com",
- "attributes": {
- "MATCHING": {
- "controller" : "amsterdam"
- },
- "RULE": {
- "templateName": "ClosedLoopControlName",
- "closedLoopControlName": "ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e",
- "controlLoopYaml": "controlLoop%3A%0D%0A++version%3A+2.0.0%0D%0A++controlLoopName%3A+ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e%0D%0A++trigger_policy%3A+unique-policy-id-1-restart%0D%0A++timeout%3A+3600%0D%0A++abatement%3A+true%0D%0A+%0D%0Apolicies%3A%0D%0A++-+id%3A+unique-policy-id-1-restart%0D%0A++++name%3A+Restart+the+VM%0D%0A++++description%3A%0D%0A++++actor%3A+APPC%0D%0A++++recipe%3A+Restart%0D%0A++++target%3A%0D%0A++++++type%3A+VM%0D%0A++++retry%3A+3%0D%0A++++timeout%3A+1200%0D%0A++++success%3A+final_success%0D%0A++++failure%3A+final_failure%0D%0A++++failure_timeout%3A+final_failure_timeout%0D%0A++++failure_retries%3A+final_failure_retries%0D%0A++++failure_exception%3A+final_failure_exception%0D%0A++++failure_guard%3A+final_failure_guard"
- }
- }
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-sleep 2
-
-echo "Create BRMSParamvPCI Policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/html' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "policyConfigType": "BRMS_PARAM",
- "policyName": "com.BRMSParamvPCI",
- "policyDescription": "BRMS Param vPCI policy",
- "policyScope": "com",
- "attributes": {
- "MATCHING": {
- "controller" : "casablanca"
- },
- "RULE": {
- "templateName": "ClosedLoopControlName",
- "closedLoopControlName": "ControlLoop-vPCI-fb41f388-a5f2-11e8-98d0-529269fb1459",
- "controlLoopYaml": "controlLoop%3A%0D%0A++version%3A+3.0.0%0D%0A++controlLoopName%3A+ControlLoop-vPCI-fb41f388-a5f2-11e8-98d0-529269fb1459%0D%0A++trigger_policy%3A+unique-policy-id-123-modifyconfig%0D%0A++timeout%3A+1200%0D%0A++abatement%3A+false%0D%0A+%0D%0Apolicies%3A%0D%0A++-+id%3A+unique-policy-id-123-modifyconfig%0D%0A++++name%3A+modify+PCI+config%0D%0A++++description%3A%0D%0A++++actor%3A+SDNR%0D%0A++++recipe%3A+ModifyConfig%0D%0A++++target%3A%0D%0A++++++%23+These+fields+are+not+used%0D%0A++++++resourceID%3A+Eace933104d443b496b8.nodes.heat.vpg%0D%0A++++++type%3A+VNF%0D%0A++++retry%3A+0%0D%0A++++timeout%3A+300%0D%0A++++success%3A+final_success%0D%0A++++failure%3A+final_failure%0D%0A++++failure_timeout%3A+final_failure_timeout%0D%0A++++failure_retries%3A+final_failure_retries%0D%0A++++failure_exception%3A+final_failure_exception%0D%0A++++failure_guard%3A+final_failure_guard"
- }
- }
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-sleep 2
-
-echo "Create BRMSParamCCVPN Policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/html' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "policyConfigType": "BRMS_PARAM",
- "policyName": "com.BRMSParamCCVPN",
- "policyDescription": "BRMS Param CCVPN policy",
- "policyScope": "com",
- "attributes": {
- "MATCHING": {
- "controller" : "amsterdam"
- },
- "RULE": {
- "templateName": "ClosedLoopControlName",
- "closedLoopControlName": "ControlLoop-CCVPN-2179b738-fd36-4843-a71a-a8c24c70c66b",
- "controlLoopYaml": "controlLoop%3A%0D%0A++version%3A+2.0.0%0D%0A++controlLoopName%3A+ControlLoop-CCVPN-2179b738-fd36-4843-a71a-a8c24c70c66b%0D%0A++trigger_policy%3A+unique-policy-id-16-Reroute%0D%0A++timeout%3A+3600%0D%0A++abatement%3A+false%0D%0A+%0D%0Apolicies%3A%0D%0A++-+id%3A+unique-policy-id-16-Reroute%0D%0A++++name%3A+Connectivity Reroute%0D%0A++++description%3A%0D%0A++++actor%3A+SDNC%0D%0A++++recipe%3A+Reroute%0D%0A++++target%3A%0D%0A++++++type%3A+VM%0D%0A++++retry%3A+3%0D%0A++++timeout%3A+1200%0D%0A++++success%3A+final_success%0D%0A++++failure%3A+final_failure%0D%0A++++failure_timeout%3A+final_failure_timeout%0D%0A++++failure_retries%3A+final_failure_retries%0D%0A++++failure_exception%3A+final_failure_exception%0D%0A++++failure_guard%3A+final_failure_guard"
- }
- }
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-#########################################Create Micro Service Config policies##########################################
-
-echo "Create MicroService Config Policies"
-
-sleep 2
-
-echo "Create MicroServicevFirewall Policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "configBody": "{ \"service\": \"tca_policy\", \"location\": \"SampleServiceLocation\", \"uuid\": \"test\", \"policyName\": \"MicroServicevFirewall\", \"description\": \"MicroService vFirewall Policy\", \"configName\": \"SampleConfigName\", \"templateVersion\": \"OpenSource.version.1\", \"version\": \"1.1.0\", \"priority\": \"1\", \"policyScope\": \"resource=SampleResource,service=SampleService,type=SampleType,closedLoopControlName=ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a\", \"riskType\": \"SampleRiskType\", \"riskLevel\": \"1\", \"guard\": \"False\", \"content\": { \"tca_policy\": { \"domain\": \"measurementsForVfScaling\", \"metricsPerEventName\": [{ \"eventName\": \"vFirewallBroadcastPackets\", \"controlLoopSchemaType\": \"VNF\", \"policyScope\": \"DCAE\", \"policyName\": \"DCAE.Config_tca-hi-lo\", \"policyVersion\": \"v0.0.1\", \"thresholds\": [{ \"closedLoopControlName\": \"ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a\", \"version\": \"1.0.2\", \"fieldPath\": \"$.event.measurementsForVfScalingFields.vNicUsageArray[*].receivedTotalPacketsDelta\", \"thresholdValue\": 300, \"direction\": \"LESS_OR_EQUAL\", \"severity\": \"MAJOR\", \"closedLoopEventStatus\": \"ONSET\" }, { \"closedLoopControlName\": \"ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a\", \"version\": \"1.0.2\", \"fieldPath\": \"$.event.measurementsForVfScalingFields.vNicUsageArray[*].receivedTotalPacketsDelta\", \"thresholdValue\": 700, \"direction\": \"GREATER_OR_EQUAL\", \"severity\": \"CRITICAL\", \"closedLoopEventStatus\": \"ONSET\" } ] }] } } }",
- "policyConfigType": "MicroService",
- "policyName": "com.MicroServicevFirewall",
- "onapName": "DCAE"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-
-sleep 2
-
-echo "Create MicroServicevDNS Policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "configBody": "{ \"service\": \"tca_policy\", \"location\": \"SampleServiceLocation\", \"uuid\": \"test\", \"policyName\": \"MicroServicevDNS\", \"description\": \"MicroService vDNS Policy\", \"configName\": \"SampleConfigName\", \"templateVersion\": \"OpenSource.version.1\", \"version\": \"1.1.0\", \"priority\": \"1\", \"policyScope\": \"resource=SampleResource,service=SampleService,type=SampleType,closedLoopControlName=ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3\", \"riskType\": \"SampleRiskType\", \"riskLevel\": \"1\", \"guard\": \"False\", \"content\": { \"tca_policy\": { \"domain\": \"measurementsForVfScaling\", \"metricsPerEventName\": [{ \"eventName\": \"vLoadBalancer\", \"controlLoopSchemaType\": \"VM\", \"policyScope\": \"DCAE\", \"policyName\": \"DCAE.Config_tca-hi-lo\", \"policyVersion\": \"v0.0.1\", \"thresholds\": [{ \"closedLoopControlName\": \"ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3\", \"version\": \"1.0.2\", \"fieldPath\": \"$.event.measurementsForVfScalingFields.vNicUsageArray[*].receivedTotalPacketsDelta\", \"thresholdValue\": 300, \"direction\": \"GREATER_OR_EQUAL\", \"severity\": \"CRITICAL\", \"closedLoopEventStatus\": \"ONSET\" }] }] } } }",
- "policyConfigType": "MicroService",
- "policyName": "com.MicroServicevDNS",
- "onapName": "DCAE"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-
-sleep 2
-
-echo "Create MicroServicevCPE Policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "configBody": "{ \"service\": \"tca_policy\", \"location\": \"SampleServiceLocation\", \"uuid\": \"test\", \"policyName\": \"MicroServicevCPE\", \"description\": \"MicroService vCPE Policy\", \"configName\": \"SampleConfigName\", \"templateVersion\": \"OpenSource.version.1\", \"version\": \"1.1.0\", \"priority\": \"1\", \"policyScope\": \"resource=SampleResource,service=SampleService,type=SampleType,closedLoopControlName=ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e\", \"riskType\": \"SampleRiskType\", \"riskLevel\": \"1\", \"guard\": \"False\", \"content\": { \"tca_policy\": { \"domain\": \"measurementsForVfScaling\", \"metricsPerEventName\": [{ \"eventName\": \"Measurement_vGMUX\", \"controlLoopSchemaType\": \"VNF\", \"policyScope\": \"DCAE\", \"policyName\": \"DCAE.Config_tca-hi-lo\", \"policyVersion\": \"v0.0.1\", \"thresholds\": [{ \"closedLoopControlName\": \"ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e\", \"version\": \"1.0.2\", \"fieldPath\": \"$.event.measurementsForVfScalingFields.additionalMeasurements[*].arrayOfFields[0].value\", \"thresholdValue\": 0, \"direction\": \"EQUAL\", \"severity\": \"MAJOR\", \"closedLoopEventStatus\": \"ABATED\" }, { \"closedLoopControlName\": \"ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e\", \"version\": \"1.0.2\", \"fieldPath\": \"$.event.measurementsForVfScalingFields.additionalMeasurements[*].arrayOfFields[0].value\", \"thresholdValue\": 0, \"direction\": \"GREATER\", \"severity\": \"CRITICAL\", \"closedLoopEventStatus\": \"ONSET\" }] }] } } }",
- "policyConfigType": "MicroService",
- "policyName": "com.MicroServicevCPE",
- "onapName": "DCAE"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-#########################################Create SDNC Naming Policies##########################################
-
-echo "Create Generic SDNC Naming Policy for VNF"
-
-sleep 2
-
-echo "Create SDNC vFW Naming Policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "configBody": "{ \"service\": \"SDNC-GenerateName\", \"version\": \"CSIT\", \"content\": { \"policy-instance-name\": \"ONAP_VNF_NAMING_TIMESTAMP\", \"naming-models\": [ { \"naming-properties\": [ { \"property-name\": \"AIC_CLOUD_REGION\" }, { \"property-name\": \"CONSTANT\", \"property-value\": \"ONAP-NF\" }, { \"property-name\": \"TIMESTAMP\" }, { \"property-value\": \"_\", \"property-name\": \"DELIMITER\" } ], \"naming-type\": \"VNF\", \"naming-recipe\": \"AIC_CLOUD_REGION|DELIMITER|CONSTANT|DELIMITER|TIMESTAMP\" }, { \"naming-properties\": [ { \"property-name\": \"VNF_NAME\" }, { \"property-name\": \"SEQUENCE\", \"increment-sequence\": { \"max\": \"zzz\", \"scope\": \"ENTIRETY\", \"start-value\": \"001\", \"length\": \"3\", \"increment\": \"1\", \"sequence-type\": \"alpha-numeric\" } }, { \"property-name\": \"NFC_NAMING_CODE\" }, { \"property-value\": \"_\", \"property-name\": \"DELIMITER\" } ], \"naming-type\": \"VNFC\", \"naming-recipe\": \"VNF_NAME|DELIMITER|NFC_NAMING_CODE|DELIMITER|SEQUENCE\" }, { \"naming-properties\": [ { \"property-name\": \"VNF_NAME\" }, { \"property-value\": \"_\", \"property-name\": \"DELIMITER\" }, { \"property-name\": \"VF_MODULE_LABEL\" }, { \"property-name\": \"VF_MODULE_TYPE\" }, { \"property-name\": \"SEQUENCE\", \"increment-sequence\": { \"max\": \"zzz\", \"scope\": \"PRECEEDING\", \"start-value\": \"01\", \"length\": \"3\", \"increment\": \"1\", \"sequence-type\": \"alpha-numeric\" } } ], \"naming-type\": \"VF-MODULE\", \"naming-recipe\": \"VNF_NAME|DELIMITER|VF_MODULE_LABEL|DELIMITER|VF_MODULE_TYPE|DELIMITER|SEQUENCE\" } ] } }",
- "policyName": "SDNC_Policy.ONAP_VNF_NAMING_TIMESTAMP",
- "policyConfigType": "MicroService",
- "onapName": "SDNC",
- "riskLevel": "4",
- "riskType": "test",
- "guard": "false",
- "priority": "4",
- "description": "ONAP_VNF_NAMING_TIMESTAMP"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-#########################################Creating OOF PCI Policies##########################################
-sleep 2
-
-echo "Create MicroServicevPCI Policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "configBody": "{ \"service\": \"tca_policy\", \"location\": \"SampleServiceLocation_pci\", \"uuid\": \"test_pci\", \"policyName\": \"MicroServicevPCI\", \"description\": \"MicroService vPCI Policy\", \"configName\": \"SampleConfigName\", \"templateVersion\": \"OpenSource.version.1\", \"version\": \"1.1.0\", \"priority\": \"1\", \"policyScope\": \"resource=SampleResource,service=SampleService,type=SampleType,closedLoopControlName=ControlLoop-vPCI-fb41f388-a5f2-11e8-98d0-529269fb1459\", \"riskType\": \"SampleRiskType\", \"riskLevel\": \"1\", \"guard\": \"False\", \"content\": { \"tca_policy\": { \"domain\": \"measurementsForVfScaling\", \"metricsPerEventName\": [{ \"eventName\": \"vFirewallBroadcastPackets\", \"controlLoopSchemaType\": \"VNF\", \"policyScope\": \"DCAE\", \"policyName\": \"DCAE.Config_tca-hi-lo\", \"policyVersion\": \"v0.0.1\", \"thresholds\": [{ \"closedLoopControlName\": \"ControlLoop-vPCI-fb41f388-a5f2-11e8-98d0-529269fb1459\", \"version\": \"1.0.2\", \"fieldPath\": \"$.event.executePolicy\", \"thresholdValue\": 1, \"direction\": \"GREATER_OR_EQUAL\", \"severity\": \"MAJOR\", \"closedLoopEventStatus\": \"ONSET\" } ] }] } } }",
- "policyConfigType": "MicroService",
- "policyName": "com.MicroServicevPCI",
- "onapName": "DCAE"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-sleep 2
-
-echo "Create PCI MS Config Policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "policyName": "com.PCIMS_CONFIG_POLICY",
- "configBody": "{ \"PCI_NEIGHBOR_CHANGE_CLUSTER_TIMEOUT_IN_SECS\":60, \"PCI_MODCONFIG_POLICY_NAME\":\"ControlLoop-vPCI-fb41f388-a5f2-11e8-98d0-529269fb1459\", \"PCI_OPTMIZATION_ALGO_CATEGORY_IN_OOF\":\"OOF-PCI-OPTIMIZATION\", \"PCI_SDNR_TARGET_NAME\":\"SDNR\" }",
- "policyType": "Config",
- "attributes" : { "matching" : { "key1" : "value1" } },
- "policyConfigType": "Base",
- "onapName": "DCAE",
- "configName": "PCIMS_CONFIG_POLICY",
- "configBodyType": "JSON"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-sleep 2
-
-echo "Create OOF Config Policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "policyName": "com.OOF_PCI_CONFIG_POLICY",
- "configBody": "{ \"ALGO_CATEGORY\":\"OOF-PCI-OPTIMIZATION\", \"PCI_OPTMIZATION_ALGO_NAME\":\"OOF-PCI-OPTIMIZATION-LEVEL1\", \"PCI_OPTIMIZATION_NW_CONSTRAINT\":\"MAX5PCICHANGESONLY\", \"PCI_OPTIMIZATION_PRIORITY\": 2, \"PCI_OPTIMIZATION_TIME_CONSTRAINT\":\"ONLYATNIGHT\" }",
- "attributes" : { "matching" : { "key1" : "value1" } },
- "policyType": "Config",
- "policyConfigType": "Base",
- "onapName": "DCAE",
- "configName": "OOF_PCI_CONFIG_POLICY",
- "configBodyType": "JSON"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-#########################################Creating Decision Guard policies#########################################
-
-sleep 2
-
-echo "Creating Decision Guard policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "policyClass": "Decision",
- "policyName": "com.AllPermitGuard",
- "policyDescription": "Testing all Permit YAML Guard Policy",
- "onapName": "PDPD",
- "ruleProvider": "GUARD_YAML",
- "attributes": {
- "MATCHING": {
- "actor": ".*",
- "recipe": ".*",
- "targets": ".*",
- "clname": ".*",
- "limit": "10",
- "timeWindow": "1",
- "timeUnits": "minute",
- "guardActiveStart": "00:00:01-05:00",
- "guardActiveEnd": "23:59:59-05:00"
- }
- }
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-sleep 2
-
-echo "Creating Decision vDNS Guard - Frequency Limiter policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "policyClass": "Decision",
- "policyName": "com.vDNS_Frequency",
- "policyDescription": "Limit vDNS Scale Up over time period",
- "onapName": "PDPD",
- "ruleProvider": "GUARD_YAML",
- "attributes": {
- "MATCHING": {
- "actor": "SO",
- "recipe": "scaleOut",
- "targets": ".*",
- "clname": "ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3",
- "limit": "1",
- "timeWindow": "10",
- "timeUnits": "minute",
- "guardActiveStart": "00:00:01-05:00",
- "guardActiveEnd": "23:59:59-05:00"
- }
- }
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-sleep 2
-
-echo "Creating Decision vDNS Guard - Min/Max policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "policyClass": "Decision",
- "policyName": "com.vDNS_MinMax",
- "policyDescription": "Ensure number of instances within a range",
- "onapName": "SampleDemo",
- "ruleProvider": "GUARD_MIN_MAX",
- "attributes": {
- "MATCHING": {
- "actor": "SO",
- "recipe": "scaleOut",
- "targets": ".*",
- "clname": "ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3",
- "min": "1",
- "max": "5",
- "guardActiveStart": "00:00:01-05:00",
- "guardActiveEnd": "23:59:59-05:00"
- }
- }
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-#########################################Push Decision policy#########################################
-
-sleep 2
-
-echo "Push Decision policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "pdpGroup": "default",
- "policyName": "com.AllPermitGuard",
- "policyType": "DECISION"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
-
-sleep 2
-
-echo "Push Decision policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "pdpGroup": "default",
- "policyName": "com.vDNS_Frequency",
- "policyType": "DECISION"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
-
-sleep 2
-
-echo "Push Decision policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "pdpGroup": "default",
- "policyName": "com.vDNS_MinMax",
- "policyType": "DECISION"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
-
-#########################################Pushing BRMS Param policies##########################################
-
-echo "Pushing BRMSParam Operational policies"
-
-sleep 2
-
-echo "pushPolicy : PUT : com.BRMSParamvFirewall"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "pdpGroup": "default",
- "policyName": "com.BRMSParamvFirewall",
- "policyType": "BRMS_Param"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
-
-sleep 2
-
-echo "pushPolicy : PUT : com.BRMSParamvDNS"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "pdpGroup": "default",
- "policyName": "com.BRMSParamvDNS",
- "policyType": "BRMS_Param"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
-
-sleep 2
-
-echo "pushPolicy : PUT : com.BRMSParamVOLTE"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "pdpGroup": "default",
- "policyName": "com.BRMSParamVOLTE",
- "policyType": "BRMS_Param"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
-
-sleep 2
-
-echo "pushPolicy : PUT : com.BRMSParamvCPE"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "pdpGroup": "default",
- "policyName": "com.BRMSParamvCPE",
- "policyType": "BRMS_Param"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
-
-sleep 2
-
-echo "pushPolicy : PUT : com.BRMSParamvPCI"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "pdpGroup": "default",
- "policyName": "com.BRMSParamvPCI",
- "policyType": "BRMS_Param"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
-
-sleep 2
-
-echo "pushPolicy : PUT : com.BRMSParamCCVPN"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "pdpGroup": "default",
- "policyName": "com.BRMSParamCCVPN",
- "policyType": "BRMS_Param"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
-
-#########################################Pushing MicroService Config policies##########################################
-
-echo "Pushing MicroService Config policies"
-
-sleep 2
-
-echo "pushPolicy : PUT : com.MicroServicevFirewall"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "pdpGroup": "default",
- "policyName": "com.MicroServicevFirewall",
- "policyType": "MicroService"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
-
-sleep 10
-
-echo "pushPolicy : PUT : com.MicroServicevDNS"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "pdpGroup": "default",
- "policyName": "com.MicroServicevDNS",
- "policyType": "MicroService"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
-
-sleep 10
-
-echo "pushPolicy : PUT : com.MicroServicevCPE"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "pdpGroup": "default",
- "policyName": "com.MicroServicevCPE",
- "policyType": "MicroService"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
-
-#########################################Pushing SDNC Naming Policies##########################################
-echo "Pushing SDNC Naming Policies"
-
-sleep 2
-
-echo "pushPolicy : PUT : SDNC_Policy.ONAP_VNF_NAMING_TIMESTAMP"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "pdpGroup": "default",
- "policyName": "SDNC_Policy.ONAP_VNF_NAMING_TIMESTAMP",
- "policyType": "MicroService"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
-
-#########################################Pushing OOF PCI Policies##########################################
-sleep 10
-
-echo "pushPolicy : PUT : com.MicroServicevPCI"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "pdpGroup": "default",
- "policyName": "com.MicroServicevPCI",
- "policyType": "MicroService"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
-
-sleep 10
-
-echo "pushPolicy : PUT : com.PCIMS_CONFIG_POLICY"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "pdpGroup": "default",
- "policyName": "com.PCIMS_CONFIG_POLICY",
- "policyType": "Base"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
-
-sleep 10
-
-echo "pushPolicy : PUT : com.OOF_PCI_CONFIG_POLICY"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "pdpGroup": "default",
- "policyName": "com.OOF_PCI_CONFIG_POLICY",
- "policyType": "Base"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
release: {{ include "common.release" . }}
spec:
initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1 *.conf`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: JDBC_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ - name: JDBC_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: pe
+ - mountPath: /config
+ name: pe-processed
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
- command:
- /root/ready.py
args:
- mountPath: /etc/localtime
name: localtime
readOnly: true
- - mountPath: /tmp/policy-install/config/push-policies.sh
- name: pe-pap
- subPath: push-policies.sh
- mountPath: /tmp/policy-install/config/pap-tweaks.sh
name: pe-pap
subPath: pap-tweaks.sh
name: pe-pap
subPath: console.conf
- mountPath: /tmp/policy-install/config/base.conf
- name: pe
+ name: pe-processed
subPath: base.conf
- mountPath: /tmp/policy-install/do-start.sh
name: pe-scripts
configMap:
name: {{ include "common.fullname" . }}-pe-configmap
defaultMode: 0755
+ - name: pe-processed
+ emptyDir:
+ medium: Memory
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
- /dbcmd-config/db.sh
env:
- name: MYSQL_ROOT_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}-secret
- key: db-root-password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-password" "key" "password") | indent 10 }}
- name: MYSQL_HOST
value: "{{ index .Values "mariadb-galera" "service" "name" }}"
- name: MYSQL_USER
- value: "{{ index .Values "mariadb-galera" "config" "userName" }}"
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- name: MYSQL_PORT
value: "{{ index .Values "mariadb-galera" "service" "internalPort" }}"
restartPolicy: Never
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-secret
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
- db-user-password: {{ index .Values "mariadb-galera" "config" "userPassword" | b64enc | quote }}
- db-root-password: {{ index .Values "mariadb-galera" "config" "mariadbRootPassword" | b64enc | quote }}
+{{ include "common.secretFast" . }}
readinessImage: readiness-check:2.0.2
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ envsubstImage: dibi/envsubst
ubuntuImage: ubuntu:16.04
pdp:
nameOverride: pdp
# '&mariadbConfig' means we "store" the values for later use in the file
# with '*mariadbConfig' pointer.
config: &mariadbConfig
- userName: policy_user
- userPassword: policy_user
- mariadbRootPassword: secret
mysqlDatabase: policyadmin
service: &mariadbService
name: policy-mariadb
portName: mysql-policy
internalPort: 3306
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-root-password
+ name: &dbRootPassSecretName '{{ include "common.release" . }}-policy-db-root-password'
+ type: password
+ externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "mariadbRootPasswordExternalSecret")) .) (hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "config" "mariadbRootPasswordExternalSecret"))}}'
+ password: '{{ (index .Values "mariadb-galera" "config" "mariadbRootPassword") }}'
+ policy: generate
+ - uid: db-secret
+ name: &dbSecretName '{{ include "common.release" . }}-policy-db-secret'
+ type: basicAuth
+ externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "policy-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}'
+ login: '{{ index .Values "mariadb-galera" "config" "userName" }}'
+ password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}'
+ passwordPolicy: generate
+
#################################################################
# Application configuration defaults.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-pe:1.6.1
+image: onap/policy-pe:1.6.3
mariadb_image: library/mariadb:10
pullPolicy: Always
subChartsOnly:
enabled: true
+db: &dbSecretsHook
+ credsExternalSecret: *dbSecretName
+
pap:
nameOverride: pap
+ db: *dbSecretsHook
pdp:
nameOverride: pdp
+ db: *dbSecretsHook
drools:
nameOverride: drools
-brmwgw:
+ db: *dbSecretsHook
+brmsgw:
nameOverride: brmsgw
+ db: *dbSecretsHook
+policy-api:
+ db: *dbSecretsHook
+policy-xacml-pdp:
+ db: *dbSecretsHook
+
nexus:
nameOverride: nexus
ingress:
enabled: false
+ service:
+ - baseaddr: "policy.api"
+ name: "pap"
+ port: 8443
+ config:
+ ssl: "redirect"
mariadb-galera:
# mariadb-galera.config and global.mariadb.config must be equals
- config: *mariadbConfig
+ config:
+ <<: *mariadbConfig
+ userName: policy_user
+ mariadbRootPasswordExternalSecret: *dbRootPassSecretName
+ userCredentialsExternalSecret: *dbSecretName
nameOverride: policy-mariadb
# mariadb-galera.service and global.mariadb.service must be equals
service: *mariadbService
#cookie domain
cookie_domain = onap.org
-{{- if .Values.global.aafEnabled }}
-# External Access System Basic Auth Credentials & Rest endpoint(These credentials doesn't work as these are place holders for now)
-ext_central_access_user_name = aaf_admin@people.osaaf.org
-ext_central_access_password = thiswillbereplacedatruntime
-ext_central_access_url = {{ .Values.aafURL }}/authz/
-ext_central_access_user_domain = @people.osaaf.org
-
# External Central Auth system access
-remote_centralized_system_access = true
-{{- end }}
+remote_centralized_system_access = {{.Values.global.aafEnabled}}
+
+# External Access System Basic Auth Credentials & Rest endpoint
+# The credentials are placeholders as these are replaced by AAF X509 identity at runtime
+ext_central_access_user_name = portal@portal.onap.org
+ext_central_access_password = thisfakepasswordwillbereplacedbythex509cert
+ext_central_access_url = {{.Values.aafURL}}
+ext_central_access_user_domain = @people.osaaf.org
\ No newline at end of file
-Djavax.net.ssl.keyStorePassword=$cadi_keystore_password_p12\";\
/start-apache-tomcat.sh -i \"\" -n \"\" -b {{ .Values.global.env.tomcatDir }}"]
env:
- - name: _CATALINA_OPTS
+ - name: CATALINA_OPTS
value: >
-Djavax.net.ssl.keyStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.keystoreFile }}"
-Djavax.net.ssl.trustStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.truststoreFile }}"
# application image
repository: nexus3.onap.org:10001
-image: onap/portal-app:2.6.0
+image: onap/portal-app:3.2.0
pullPolicy: Always
#AAF local config
-aafURL: https://aaf-service:8100/
+aafURL: https://aaf-service:8100/authz/
aafConfig:
aafDeployFqi: deployer@people.osaaf.org
aafDeployPass: demo123456!
ingress:
enabled: false
service:
- - baseaddr: portalapp
+ - baseaddr: portal.api
name: "portal-app"
port: 8443
config:
*/
-- app_url is the FE, app_rest_endpoint is the BE
--portal-sdk => TODO: doesn't open a node port yet
-update fn_app set app_url = 'http://{{.Values.config.portalSdkHostName}}:{{.Values.config.portalSdkPort}}/ONAPPORTALSDK/welcome.htm', app_rest_endpoint = 'http://portal-sdk:8080/ONAPPORTALSDK/api/v3' where app_name = 'xDemo App';
+update fn_app set app_url = 'https://{{.Values.config.portalSdkHostName}}:{{.Values.config.portalSdkPort}}/ONAPPORTALSDK/welcome.htm', app_rest_endpoint = 'https://portal-sdk:8080/ONAPPORTALSDK/api/v3' where app_name = 'xDemo App';
--dmaap-bc => the dmaap-bc doesn't open a node port..
update fn_app set app_url = 'http://{{.Values.config.dmaapBcHostName}}:{{.Values.config.dmaapBcPort}}/ECOMPDBCAPP/dbc#/dmaap', app_rest_endpoint = 'http://dmaap-bc:8989/ECOMPDBCAPP/api/v2' where app_name = 'DMaaP Bus Ctrl';
--sdc-be => 8443:30204
--sparky => TODO: sparky doesn't open a node port yet
update fn_app set app_url = 'https://{{.Values.config.aaiSparkyHostName}}:{{.Values.config.aaiSparkyPort}}/services/aai/webapp/index.html#/viewInspect', app_rest_endpoint = 'https://aai-sparky-be.{{.Release.Namespace}}:8000/api/v2' where app_name = 'A&AI UI';
--cli => 8080:30260
-update fn_app set app_url = 'http://{{.Values.config.cliHostName}}:{{.Values.config.cliPort}}/', app_type = 1 where app_name = 'CLI';
+update fn_app set app_url = 'https://{{.Values.config.cliHostName}}:{{.Values.config.cliPort}}/', app_type = 1 where app_name = 'CLI';
--msb-iag => 80:30280
-update fn_app set app_url = 'http://{{.Values.config.msbHostName}}:{{.Values.config.msbPort}}/iui/microservices/default.html' where app_name = 'MSB';
+update fn_app set app_url = 'https://{{.Values.config.msbHostName}}:{{.Values.config.msbPort}}/iui/microservices/default.html' where app_name = 'MSB';
/*
INSERT IGNORE INTO `fn_app_contact_us` (app_id, contact_name, contact_email, url, active_yn, description) VALUES ( 10,"SO Team","so@lists.onap.org","https://wiki.onap.org/display/DW/Approved+Projects",NULL, "Service Orchestration (SO).");
/*
-Additionally, some more update statments; these should be refactored to another SQL file in future releases
+Additionally, some more update statments; these should be refactored to another SQL file in future releases
*/
-- portal
/*
Onboard LF Acumos App
*/
-INSERT IGNORE INTO `fn_app` (`app_id`, `app_name`, `app_image_url`, `app_description`, `app_notes`, `app_url`, `app_alternate_url`, `app_rest_endpoint`, `ml_app_name`, `ml_app_admin_id`, `mots_id`, `app_password`, `open`, `enabled`, `thumbnail`, `app_username`, `ueb_key`, `ueb_secret`, `ueb_topic_name`, `app_type`,`auth_central`,`auth_namespace`) VALUES
+INSERT IGNORE INTO `fn_app` (`app_id`, `app_name`, `app_image_url`, `app_description`, `app_notes`, `app_url`, `app_alternate_url`, `app_rest_endpoint`, `ml_app_name`, `ml_app_admin_id`, `mots_id`, `app_password`, `open`, `enabled`, `thumbnail`, `app_username`, `ueb_key`, `ueb_secret`, `ueb_topic_name`, `app_type`,`auth_central`,`auth_namespace`) VALUES
(11, 'LF Acumos Marketplace', 'images/cache/portal_907838932_26954.png', NULL, NULL, 'https://marketplace.acumos.org/#/home', NULL, NULL, '', '', NULL, '', 'Y', 'Y', NULL, '', '', '', '', 2,'N',NULL);
-- add Acumos thumbnail
UPDATE`fn_app`SET`thumbnail`=0x89504E470D0A1A0A0000000D494844520000010D0000004408060000009B326018000000017352474200AECE1CE90000000467414D410000B18F0BFC6105000000097048597300000EC400000EC401952B0E1B000051D749444154785EED7D07605555D6F54AEFBDF742120221F41E7A930E0A2A36D451B18E7DFC6C63EF3ACE388EBD6043054511A448EFBD844012D27BEFBD27FF5EFBBD28202558E67766B2E0E625EFB673CB5E67ED7DF639C7A443803F289A9BDB50515E8F152BE2B07A6D124C4C4DE0E06085871F9A0467672B242695A0ADDD048BBF3884E69676B8B8D962D8207F0C1FE887A8084F24A69600268087AB9D2CB63031913FBAD18D6EFC2AFC7F278DC2FC2AC41F2F4479692D2CADCD919F5B0D5F7F27F48EF6C5FAB509D8B93B0BA56575B077B4468B10C3002185E8DEDE58BE2A1E0E7696080E71C5965DE9B07790F56D406D630B5AE592AEBA241A3985B5D8B43713013E8E1814ED8388101739A329C2839CD13FD2D350806E74A31B1784FF6FA471707726962CDE8F92E21A2585BBFE321EC34787E2F18757A3674F2F9C482E415646194C2DCC6061618EC6D636F8783BE1A69B87E3B3250771F0483EEEBF672C3E5A72081DA6663033073ACC4CE507D0C2A5AD1D174F8BC489CC0A1C8C2B8095ADA5F085095ADADB10E2EB84293121F074B3C194E1C1C61275A31BDDE80AFEADA4D12A522023A504AFBFB811B107F2E02C465B5BDB8C19F3FBE1BE4726EB36CDB2CDE5733ED46D69E8266626686BEB40B390C05F1F9D821DBB32F0FDDA440C1D120467576BECDA93250AC502EDE27A989ACBB67239266666FA49A2B9624E1F1C4E2844625AB91CCF02AD72ACB0205704F9D8E3D3D589880872C193B78E44DF080F3D7F37BAD18D7343AAE6DF1759A92538B8331DFF7A76039EB9F73B3C74F357488E2F4280B8080162BC93A6F746700F77E3D6404E6639AAAB1B6069694E6140E180CAAA465CBB70308A44956CDB960A7B714B7CBCEC91935D095321156E632A3FDB4918F20779D054AECC4294C7722198FE3D3D1112E084E6A656D9B203365666B2AD097C3DEC515AD18067DFDF8BC389C5D87630475C20F171BAD18D6E9C15664F088CBFFF66686D6EC3C615C7F1CE4B9B4425B4E3BD57B6E2C89E0CE48991F78CF6C6806181E83F34182EEE7628CCADC4FEDD194200E5B016C5B0757332FAF4F545427C21CCC5E8EBEA5B3054B69F32B5279E7AEA079889AB626F6F891E611E481443178610C63085528709DD13611A3287280F33F9BEADBD0369D9559838320825E50DA8AC6D52F78401D29CC26A580939719BB6D60EFCE3B343D8775C084D088984D28D6E74E3E7F85D94464D5503CA4BAA111EE585CDDFC5C3D1C91A73AE1E827B9F9A0EDF405714E455E3DB2507B0EEDB38A48B12A14BB272D951EC1215B172591CEA6B9A71DB9DA34519B4C04388E5A2A99178F491756AE02489800017716B1A505BD748DB97A55D7F76B4B70B6F1874877E25DB9A8B5C696C6EC5EAADE9983C32183616E2CAC8AACADA46833221C7D0B591ED6C6DCC91955F855B9EDA886D877265AB6E74A31BA7E3778D6964A79562C95BBBE0EBE78CF8B83C242714C1CCDC1466A220CCADCDD121864AA36D1745D0DED20107676BF419E087E5CB6231624C18EEB8670C7C7D9CF0FE7B7BF1CD3747E1EC6A8792D25ADC7DCF587CF6C5117525CCCDCD657F03515068B4CBF13AC465818919AF4E8F4D57A54A148BAD9D05AE9E1D8DE89EEE2815D5F1F83BBB61696E8656F15AE64EEC818D7BB3515A590F37671B0CE8E981876E18063B1B0BC3C574A31BDD50FCA64AA3AEA6D1F89B01813DDC917EA2108BFFB90D19C9C5B013B7C2D6C61216E286988A410B65A82230E96817B7C314B9D915080C71839D9D158E1ECA868DAD052CACCC30615218EAEB5A9095550E7F21A0CCCC72545634A83A686B6B13C26947B3587E93B8450DCDED528E6654563608C1D4A1A0A81AC5A58D701542F2F3B4C7F4B1A1880EF7C0787179E68C0FD37D064779E2C68BFBE09EAB07E0A2114118D4CB03E5D54D4817D7A91BDDE8C6A9F8554AA3BDAD1DA50535D8BF351947F765236A4000D62F3F8A1B1F9D2CC6EF8A7D5B528420CC912A0AE3D8A11C5494D5A343C8C2C2C2523EDBD101337527DACD4415886BD1D8D486E8817EDAA272FC7821264C8D40AFDEBED8B02E11B32FE98BB008778486BAE39147D6E0E0915CB8B8DA6A1CC4D28A8B1C43140609C743C8C1DBD3019E1E767075B245634B2BF28A6B909255851BE747CB3A43BCE2D977F748194CB070566F04FA38EA77052535C8C8AB4589B85835428225423E61FECE18290AC84DDCAC6E74E37F1DBF9834F2324A11BB3303C7850C18836453C7F6EFE331686C0F210A4B34D43521490C7FD2DC3E6896DA9F6E4987FC4B4F2A467A6AA9A80E2B3172C377A6421A8C2FB4B677C02FD0052E1EF6D8B92D0DD3E74623E158018E1D2FC082AB07E3EE7BC7EAB95B455D3CF6F8063838580A5998CB37A259E4FC248DBAFA6694890A2912822A1157A356DC121373463D4C34DFE396AB07C2C949CE2D0AE799F7F68942E9C0B0BEDE78EECE51F866630A36EDCF4190B783B6CA3434B6C2CFCB1EF72F1CACE7ED4637BAF10B5B4FF2C43D483A9287A37BB3509A5F8D82AC0AA4C717C1D1CD0EA3A6F4C2F6B509E839C01F1525B5C84B2F478F282FA42516A140DC8F7E4383316058104E08193436B4AA719A98507188D10B5A5BDBE01BE08ADCCC32F41F1C80C2C26A3489F13258397D666FDD265548870961B1B105881342C9C8AC405A7A2952A55C39B955281375C0E42E4BB6B4385AC1C6CA12E6421C57CE89C2CE43F958B53515FE5E0EC82DAA858D28A176718F2AC5A5F97455BC0665738A6A905520D75552872BA74522C4CF49CF7B5814934F77AB4A37FEC771C1A4919F5186D59F1DC4CAC507909F5E863A632B04839AA3A7F5C291BD99A8AD6A847FB02B6A6B9A502D069C23063D767A14F2B24BB16753AAB8297598B770089CDCAC5155DE246E40931CD9A038D844EBE5EB888A8A460487B9232DA5144D0D2D98785124BEFD260E8D8D2D78E7ED3DEABE4C9A180E5F712B68E8241636B1527958989B69BC8344441DD5D8D48A9821816810923A9258289E503B22A47CCDADEDC828A8C2A59323B0799F2826E12D531353398E09A2C40D9A363A04EF7E7D0CF58D4DC82DAE45627A051EFEE72E38DA5B2032C4CD7043FECD484F4F47515109CA2BCA51525A8ABABA7A383B1B48AD1BDD381D35627F6952515695D6A1BCA0064599557016F5CCC688AE808E48E29E6C146654222FA904D6F69617E69E241ECEC1130B3F1735D00E7B91F8CC99606442BC0538B9DAA0F7D020ECDD9484E6A6360C1917266AA11C456294B4DC167103E6888B117F24178971F9AA307A0D0C44786F4F0D5A1E3D948B8AF23A315C33F41DE48FCAAA06F48EF6C1DAD509983AB30FF2F32AB17D7B3A1A8520DE7C6B3EEEB9F73B58D95868BE464888AB2809536489CA484A2B81B98519CC2CCDE59CEDA86F6E4564B827860DF4C7D2D5F13057774688A4A51DF75E3F148FBDB113B72D18802FD69D1032E980BBB30D068B32AAAD6FC57E51316CAE8D94E3975736C2CED60243FAF860E59654FCF5E6E188E9EFA7C7FA77A1AABA1AB7DF719794A54AAED70C2D52B6007F3FBCFBF6BF8C5B74A31BA762C9939BF1F1131BE1225E80982A8ACA2BB1F8E87D081197BC2B6066F69F7ABC8AAAE27A5434D5E2910F1674BDF5A4A2B806FFBCFF3B357647210833062F850C5833D78981470F0B46767231DA9A8546C4F8E84EB0C6679E9585F61F31C3FA15C7101EE58D9E7D7D5401A4C4E763CDD77128CAADC678511293448D58DB98225D8E13262A836C16DDD7175555F538723817F6F656183E2C5093BF7AF7F28295A5190A0A2AB1735726E2C4DD610BC96C513BE13DDC515FD3027F512C7D7A0A610CF0C39ACD295A16930EBA432668686A41AAB84B93C4553A72A244FE6EC55021A9182197A32965D829E446E5C126597B21272F775BA464552253C86BEAA810DCF7CA367CBE26D17073FE4D484FCF40756DAD90A2B9DE7F0B21C6CAEA2AE4648B4AEA4637CE80836B93606B632DCA9BFDB3E49D811992F6753D07898A9DEADD5AD4B5B5ECCD0AB9CBA4B14C6AE48AA23A58DB592963197E98A059DC054F7F6771356C912A866B2E86CC55861805C39C063010DA2A35E3C6157188EAEF8F3031FA56A9ED2D8484524F1461D5D223C813A39C3AA72FAEB969246EBD672C6EBC7524C27B7A61DBA614588B8190A7AEB86AB09245CCA8505538E6723318AFA8AA6EC4814379DA2BD65A2EF2963F0DC67BAFCEC11BCFCF10C337415E41B5121E6326CCEFA04B532F6ECF8BF78DC590686F5C3A25920D381AEF2816F7C9C64A6E2F133CE41A790D24391B6B33511F4568927D678DED81E73ED8872FD69CD0EBFB7720AFA040DD370B7323695858A05648242D33D3B84537BA712AF2922A602D0A99F6672A2E899D8D0DF67C7B21EFAC89DA0DED598EA079555D228DF48442EC58190F4B1BB28C9108E4477B7B1B3AE40833AF1A88AFDED90D3B472B35311EB8435E6EF57CD4E2E4D4F2BB419D9862F597471035C01F3DA37C34186A618C43241ECFC3CA2F631112E6AAB5285B3B7CFD1C515FDB2C46DE8AFEB24F546F2F9E1DE3C6F5808BB315DAC405A172A08B66656586868666ACDB90AC01CE4E8C1911848B64FB61E24E0CECE38D3E111E1810E98587160DD7F5D7CEEA8D84F412EC1275C1E0A9A5B02955462778CD3C07FFD94859576E4D839790E4D491C178FE83FD2828A9356EF9FB8171A3B4D474BDA72C0BC1CF367906054226DDE8C6E9488BCD47637DB3D8DD4F66CEE127B2C49E7F0DBA441A6B3E3E8086DA4635640365C84B2BFF5B5B3A10D9CF1FC70FE648ED4F16922FD53581760E63A733F15594343AC42DE0BE06C633C1C695C7111CEE8E883EBE68A8695426B31515D3D6DA8A7D3B33F4BC3C46B528883113C25059D1881917472361733ABE7C6E2B02029C1112EA8626512F3421AA045E0CF7099675B572B30A8A6BD1246EC8079FC7E2D0D13CA46694A1B8B4566E648B2A0DF639518821E617D769CCC2688FA7C2F825B7A65C73B4B5C4C7AB12B4235C94B851EF7F7B4CD7FF9E686C6840764E8E14C55066067309733373A4A6A58B826267BC5F86D2B2721C8F4F405CDC71A4A4A619BF3D376A6AEB909B9B2F845588A2A2626D81EA0A2A2A2A919F5F8002594A4B4B8DDF1A617C1C67425171313233B3905F58A0EE6F5751585884CCAC6C3DE7AF459DA8BAE494541C8D3BA69F3535BFAEB2A895FD4F2425EBBD4FCFC8D0BCA7DF12E9B185686E6E517BEB7C5F482035E50D28C9ADD2BF7F09BA14089DEEFD28BC825C55DEB00F28E3027CC2ACFD46CDE885C3DB33505FDF045331AE0E133331E416F4ECE7AB599EF187F345013065DCF0A2B38584BBD34D6017F68BE6F5D5CE6C69C92586B13398013AAD0F32334A515C5CA3B189B03E5E181113825917F7C513B33E959B51808F33EE475C6201EEB97B259C5D6DF5980CC07AFB3A62D28470AC589D48FEC29851C158B12E093636426062F0ADCC3597B25709A98C1E1288BBAE1BA22FE15FFEBE0D85A5F5E2FF9D9A36CE817FFAF52439B5235148874A8460F9A9662E9D128135DB33B1E485E9FAFDEF85FCC2423CF0E0C342A2B55A067D09E47EF3A5F0F1F6C2DF5F7E11F60E17D61CBC69F3567CBBE23B949697CBF3AB5715C3B47C6727470C1F3E14575F7105ECECEC8C5B9F8AE5DFACC0DBEF7F0027074778C9F99F7FFA49383A3A18D79E1D7FFBFB6BD8BE63973C810EF4EAD51B2F3EFBA4710DB0E09AEBE4FEDBA0AAAA0A77DE7E0B468F1A854F967C8E6DDB7748F91A9418593E2B2B4B840405E3F65B6F86A7E7CF8734A8936B79F783C5883B7A4C5CD07AC37EF2AED9D8DA62C4D0A1B8FCF2F9728D5D6F714A494DC5871F7E82ACDC6C51B28D72CF9BA542B494725821223C0CB7DF7233BCBCBA3EA8D3B1F8447CF8F147282E2CD6B2F259D2D5B4B1B6469F3E5172BC9BE020F7F5D7E2ADBB5663CD5BFBE1E06A2395B229DAE59DA50D971556E3E9D50B31647A4FE39667477B5B076E897A0DD5ECEC595287073E9D7F6EA5D12086F5C683AB60EF6CA3014FC801CC483152DBD5D736A1F7E0409497D6A1A2A446D7EB2A13210659DF202E859DAD35CF4A7A817C6DD88635921C877EB954F5F8F6A3FD881A148879D70CC6F5778CC6B44BFA234708E3C4B17CD456376B3F921D9B92111AE18E385119C7B6666A6C65F9ABBBD02FDA0F11F27D436D0B5AEA5BD1A7B73762860663F98A63A8AD6B4249592DECACE56188E2618F59AA040B59AC84CCE86A4489D2197BF5122CF93E01D7CE8ED2DEAD4CE8D20B3905244983DAE8045B2FAAEB5AB0646D12E64D0A47A5361BFF7E28CC93DAB9A0486B0A7B0707C4C4C4FC68E4256565C8931AB8ABC8CECDC51D77DD8FBF3CF81032B2B2D0D8D8A8C7B1104320A83C967CB10CD366CEC5DE7DFBF4BBD3D1D6D62A06D480C6A646DDBFD3653A1F9A5B9AE51E1BF669967D4F46BEB859C5A228D84AF4C3C64D983BEF727CF0E1C7A248CA757B1A575353132A2BABB067FF7E4C9F7B095E7BFD0D253C82EB972DFF0613264FC3AA55DFCB7594EAF6BA9F187A9990E3E7CB9661C6EC8BF1DDCAD57AFFCE052A89E75F7A190BAFBF09878FC66AF336AFD35A8C9B9FBCFE3DFBF663EEA597E39DF73F947B72EE6115CA45653DFEE4B3B8F6FA3F21E944326AEAEAF438DA7F4ACA585D5383F51B3763F28C3958FAF572E35EBF0C3C5EC2CE6CD8DA5BA2BAAC01F31F18A53DB9F96ED3ED4FDCFDCB83E767250DD6BE2FDFFE35B689013AB8D8A9AA2028723AE4E4D622D1C3A27D70786BAA30B8A53E00C37BC3D609533437081B4B4DCCDD648D128D6E4349201BF2A218CD6564F6E0F6345C77C718CC5D301033E645235E5C89BABA66D4892196145523BABF1FA2A27CF1BDB02607E4616067C757F168916D66CC8C4265553D2688E17A78D861D5DA04348BE133586A21ECCA1A8DA9EB94CFDA7222A4C1E65F17276B0D74BA3AD9606F5C81E68AF41577C35D58992ECF8FC4219FBC2EC3B59D0AC63758CE6FB6A42221B5144542A0BF1732A59663262CEF2163436347C7E82789902F7757E5774949291EFEEB13E2D2A4A0478F1EF2C25AA8D151FE17899AA9A8A8D04BF7F4F080938B339E7AF605AC5DFB8361E79340C94BD7882F3C09B9ABE0B6BA8F2CA7E70A58496DCB1A9C2A80AE9289AC670DCE6746A2A91405C2C06F9BBC3BF6A280820202F0FDDA75F8EB134FE9FEFF7AE36DBCFFFE62F8F9F9C2D5D555BFA3A1733FD6E87C193DDCDDE12ECBEB6FBD850F167FACDB9C0D4F3EFBBCAA315F5F1FD8DBDB0B41CAFB5852823CA36BC5BF1D85C0BDBDBCF09518F94B7FFB8771CF9F83E57FE6F917B06BCF6EBDEF241E920CCB5626A4CF67C867EB2AF7DCC7CB1B1F8852FAE8E34F8D7B5F38CAF36B64A916F56E8EA6D666F41E1988B0413E1AE360AA42AA7800BF14674DEE7A6CC12738BE37138ECEB654F5F222D1E06485B046A348E27173FB885B928646A9E5D90C43FFA3C354B7926DE4B593173A24D203A9C70B35B6C17C0E53715D94DDE580A6F2A9BD5CE54F4BB988590B06E879EDEDAD11D4C31DC347F5C0D09860F4EAE38BEB6F1B898AAC2ABC7AC7D770F370D2F3652617C23BD415D32FEF2F72DD547CC20AEC3B98A301513359CF7270F42E929BB5FC5D5ED5242445E33741ADB852F32E8AC4BA9DE92AD7AA453579BAD9A1ACAA01BD42DD902B6E115B584C29E984A4BC3D6C95344BCAEB7FF6A233685A2EFB6517D6A0A2BA51D3CE1DD8C2F41BE3BD0F3E16D96EE84047497CF5950BB062E52A91CAAD526337C1C5D909C3447A9F0F575F7B83D468D56A04AC29298BC78C1E2D527F11E6CE9E8D5E3D7B222B3B5B6B452B3160BA905BB76F47FF7E7DD5383A91909888FD070EC34A5E7E1AF094C993D46D381F76EFD9A33106C2C3C35DF7EB045D114AFECEDA97464E92701302183A7408264F1C0FFFA000A914C4784BCB94F429E9A950D6AD5F8FB8E3C7F5BA181C6E1077C64B5C9751A34662C2D831F0F1F4929ABD560D94C4642DE7D9272AC1598C3452AEF974BC4A376AD72EB9AFCEF22EB4A84B327CC810DC74D30D5878CD9518346080BA3D1999D9FA4ED8885B159F9080D696560C1CD0DF78949FF0F853CFE2C8915838CBF1E8BEB7C812E8EF8FF9975C82C99326C0C7C70BE5E5157ADFA90458C69DBB760B89B8213232C27894AEE3C09A64ECFE3651EE9189DC232B2C78740C9A4419EFFB3E09B68E56EA098CB9AC0F6CD89DE31C904780EFDFDC87A686568D05C65CD2FBCC4A63E5077B706C4F269CC490280CC8017439A8325A9ADBE017ECA646999F5AA63108AD8D4D459AB5B33A66CD2E062B37CFD2D2C2A8500CF91C1DF2309581A4A6903DE49FB8398DCDB0B631C7210EC493558E171F5E8D6D1B92B07CC9413CF9C04A1CDE9F096F4F47ACF8FB6E5881B2507615B8B838E0D34737CB31A05DEF776C4F959ACA4C5F24BD5259CC854CB2B32B85D9DD34206A2A17C3264B27B9515413F57213581C5B7161761CCA41CF6057EC3E928FE9A3427558C056B600C975B3A4C6D39E11DCFF84943D59CE157BA2CCF8ED6F8BD8B8A35A3B35CB0B1C121CA4DF458485C97535C2567CF5838762F5BB73E1F32FBE446945191CC4B0688CBD7AF5C45BFF7A0D0FDC77B71A419FA8DE98356B063E7AFF5D5C77F55572EC668D05D0C0FEFEFABF37818CB5708B18EAEC9933F0F187EFE1A1BFDC87CB2F9D8F3B6FB9056FFFEB9F78F2AF8FC8B336536366DC8535353F196B6240F1E6458BB058AEE39E3BFF8CCB64BFBBEFFE3316BFF70E16CA7551E5B2F2721445B3F893CF548D9C8CC38763B165C74E5511748B78DCA79F7C0C4F3CF608468F1C81F0D0508C17227AF2B147657958899704C2ED7FD8B0116969E9C62319B07BEF3EECD8B1038E8E8E5A5E1AF1C30FDE8FB7DFF827165C360F53A74CC6AD52DE8F3E7817375EBF50EF3B89D343D4DE3FFEF5CBEE7B6A6C3E5A44713339CB23C409F62EB6088CF65295C177B9AEBC1129877E99DAF8196964261661E5FB7BE12CB52B0FAE8BFC508540F690DFC3C52D39BE3F1B162C00BF5362309000C17DF467A7C1A9111BBEE3EFBC2134C60631DAB09E5E183ABA075E796C2D567C7608DB37266947B7F0080F5C76CD50F1170DAC3DED96A1B2B761842DC2D2DA0C1585B558FBEE014D275F70C540D48BABC0726A49F8299BB68A9131C78365D77F42062E4EB6A8956D35182BFC45366EA86F456E41B52671ED921B3E634CA8BA68243D5E3F8F792E38D858E2B0DCBBDDE25A192FF637035D8616216183F2694770908134FAF58BD60021C939F53CAD1ED5D5D5D82852DB450C852F2E7B1A3FFDC4E3521B9F3980B7E0F24B317BC674A9F92AB416E5F11910FC77A15E8C75EA9429B8E3B65BF4BA4FC730511E7F11B2A30A2009D070F91E9697970B09DE8B8B67CF306E792AAEBAE2725CB56081920CF761D075CBB6EDC6B506ACDFB4194D727E3E75BA7F2C0349F54C60396EF8D3427DB7E82E928C491227E34371833A039B54770FFDDF5F306AE448FDFB74CC9F7709AEBEEA0A7D5EBC6E12E3CA95DF1BD7761D25A2CCD95193EEBC5F989BAA73EF1017B87839C87B2DA421AA9895FE2FC1CF9EC6966F8EA2B2B816E63434351543FC81710AB624048A31338DBC30B35C5B4714F45BC44E9434E4C119BE6BD702F36FD11946E313C333AE673F10BF00174D375FF7F551B4092BDAD859C0D6CE5A7BC86E589388267123464F88C0076FED127FCC1753FE3408B5150DBA3FCF66EF6C8DE57FDB857629CF94291122A17D3536A18511B074626BAA2AACD9314DCAC37F9C07A5B8ACE1470223B998C90D8E4D2A45FF087764E456A348D6C70CF4937D0DC1ADCECB3A1B781C2A8E8DFBB2B16C7D8AF1DBDF06FB0F1E9617DC102C6300B957642FFD3EB26784948BD7C001884C909A7E76E2484E4ED5788685100C9B3D6FBDF90695F6E7C22D37DF68787EB2588A81B1D5E3DF01D6DA2E4E8E5824AEC0B9307CD8505C24C4525D5D23F700A815831C346800468B4B722E5C76E9251ADBE0794888DB4E228D969666ECD9BB57BF671075A8B82431230CF93C67C3B42917A17764A46E4F1C893DAACF8AA8A8AC404E7E9E1CCF5ACB396EDC580C1057EF5CB85208DBD3C35355A5B5EC177BEC9851B1770D65F9D5C84928D1CA84EF65483F43CAB8930801375F074365292E555EF26F401AC53995D8BD3A01760E56CA467C59D4E4E95AC817EDE287450D0F46DCAE74B918CA1C59ABEE0037960388FCEFBCB48E16832B63705FD8A2C24D643B395693280CBF00678C98148E355F1E5212222B32BB9379086672A1ACE5A7CCEA836C21A74FDED98D155FC7E2EA47C7C3C9D356FD4682637514A557206177365C84087A84BAA15F5F1F7978CCDD907F72523605B734B7C3D5C95A1E244B67026747A9618469D9BB5624882CE2CA48F92AAA1B50585287617D3DB1F560166CAD2C101DE681EA9A6634C98D56123C07D8FFC55AAE978AE3B704E3077413784F2CAD2DD5FF2502038244C2BA6A6D6B67678B6DDBCF6ED46C31696D6F55A5E2E4ECA43182AE60CCA81891EF75EA021D3B9E60FCF6F705DD8551725EBEF4E743CC88611A07E1B36D1675306FEE6CE39A7363FEFCB9DA4A43E24C3C9164FC562A98C616E4E6E4684C81EFFFC8E1C38C6BCE8DBE7DFB295170BFC2C242D4D51B82E2F1F189F23E1B62798C7D4C1A3F5EBF3F1FA65E344594739D3E77E69A5455767D402806414BB2AB74747E33331304F531BC2F768ED608161785E66A25B6937A300F7555A7B6607505A79046E2A16CD456366820B1D33C9406C48829FDFB8F0D436E7209AAA5B6A7B8A0612AC882FC9555B63C3CB23E13A7DAA586B79207CF422A64A7C6BA4678FA3961A4B8141BBE3D267FB3ED9DC3FD71F42ED9460ED1D0206E4BA427060E0BC28A2F63E5C19A61C907FBE01AEC8411737AA159540A37ACAF6AC2A069E1881CE10F6F0F7B79099A7464AF1E216E22C1DB34D8CA547533291753CB99A52AF7105E6EF6C6B472C335D018D98E6D29E5D87D341F23FBFA098199E2EB8DC9880872C64DF3FB625A4C885E42A9DC9FCA9A46540AE9742E0C80F2B35C1E4095289DEADA66DDF6B7006B85DCDC3C7D199BA416EC21FE742748141E6E547E2D2AB5D3334EF5A54F4683B1F5802D0FCE22959953D315D8D9DBA3B2AA5ADDA092B262E3B7BF2F5AE47AFC7C7C8C7F9D1B0E0EF64268361A0321B1D9D9762D57C5D7DB5B2B1FD6C4AD6DAD3FAA847A1A3B5F0C45071C1CBB962FC15C1955D282063916DD498284AB55AFDC7B4B2B4B25ECAE80DB65E7E46AAB566E5EBEC656BA8A8C6345FADEF09C76A2C67D420D2D490CFA07F47297EFDBD55D29CCA84055E9A9F19CAEE014D2387120076D2DA22CA486A6FD134A00626C6CC2ECD93F0087B7A569932779829B74928AFE4572503211C2905A9929DE6C52D56C41594D77C3D5C31113664561FD37C7502B8646C6E30BCC6DD984C7E1726A2A1BB170D1485494D661FBA6243839D92991FC202ECBC2C727C88368D45A9F893637BD320DFB572763EDBBFB70D32DC3F1AD10D184096172BA0E1D538342889DD148029CBA31C0D711F945D55A460E2DCA1B687CD61ADBE0A03D8744294C1D1D8A8AAA0684FA3962402F4FCC1A1B8AC76E1E81CBA7F4C49FE646E3964BFBE3D605FD71BB2C775C3E00B75D219FF2FB7D0B0763D2B04075E57E0B544A0D939797A7A4C09A67D8905307040A09095183A1FF5B595125EE598D71CD69A00AD440B53C1F7DEAC68B3E0F2E131FFBEF2FBF80179E7B1AF7DF738FF1DBDF0F343C4A71ED72D005E8BB6ABC14EE4BF2EF0AD8818BEF00F7E1313A732CA8167E245429C78F15E379C0B3D21E0883ED18FEB21322D3E3C8319988D7D0D0B566F9A183066AC21E03B0F7DF7B175C5C9C8D6BCE8F9443B91AFBA38DDA89C20E8AFA296EE51DEAA2F796EF404B633B724E9418D7741DA7DCE18C8442F179E526C9C90C2F9618BFBC68EC68367EDE006CFEFAB0484133BDA97A33C528F9A9FE96BC94FCCAB4DD38C0AFB0378D941314313FA2A9A1195E3ECE9830A70F562E39887AA9ADA942E404421386F8079B4E1BEADA30626C0F0C15A37DFD858D1ADF3097F7C7CAD214CB3EDE0F73776B4CBB7E08F28A4B31E78E91F00A71C66B37ADC0A78F6D85B3BD15AEBD76089E7F710B6EBF6504EC6C2CF502B3322BE1EFEF84DADA464C1EDD039B77640A9919A2C86C5161F9DAE5A5E1C3B61355B3FB709E267A3197C3C5591EBA11EEAED6281195B5431ECA27E2C6BDF6E921FC4B94D0BBDFC4E1BDAFE2F0CED771787F791C5EFA683F46DFB014B9856731E00B405A7ABA1099210988FD6F4EF7D7478E1CAEE3A3B28992E9DC59523B9D11BC58230CAF73D7C0969A91E2D30F1D3CE8BCBEF8FF179C7631AC2CBA02D6C23F816F89F1067512C685A2B3963D0D43878B1BA8F6C23398E09D7717D3AA0C2BCF011F1F6FCC9C310D93274C5017D1DADAC6B8E6FC48DE97AFEA9D15B157D0A9CAA6FFC41EB07660ACC3545CB166C46D3CBB3A3D1B4E218D9A8A7AED1B42A864978BA50FECEEE388C6FA46D494378A9F644898D25B4072E00DE08DD687209FFC2F44D32E4CD72612894A8299A5B6F6D61833B31776AC494093B83A1C8D9C7E0B9B67D97B8E8F9B29E6249149337BA3A2BC16FB76A58B3CB4963398889C3247B1B814EBBF4BC0C26726C0C5CA5EB3DC7EF8E020EA2AC43510F5B0E38B384C9FDD0B9EEE36F8528C79EA9408D8D858A0B4B4162E0EC2B801CE48CF2A975A9BE794F24A99D98AC3739BC9C568DC465D1513EC8DCDC7A8FE7E282EAFC396FDD9D8139B87A7DEDEAB4DC4D1E1EE9837310C574FEF8D20512E0DE2073343D456AE89FD57DC8468189C5DB7FBD7F73E4DCFCC56A5C71AD0CFD7578E7F6A5A3765B185B156A6FB525C7AE13547377E3F589A5B62A8A843B642D9DBDB69B0FAF1279E4195B87CBF07182FCC4B2D85A58DB9DA59FF2961C6350670D6421B3B4B7D9F989290117FE1F1B71F49E318FB7F70701C3118150DF283E4502F7E7ACF8101C817FF877E9A2637899D71ADEE2E864716FD31206A0447CBAA979ABD4E5C0D5B29E4DCEB0663EDD2232893DA9783F7980AB1F03CCA32240F35D876788B22183BB5173EFCC70E752998F04D22A1BAB1950B7EFBD5ED70F575C23F0FDD0A3731D88F1FD9A8AD288E2EB678EF8175F076B3C784F111484E29C521510C93C7856917782670B9CA368C653053B4336783B114CDD9901BDCC84C5271919CED2DE1EFE380C76F1B816F37A6E858A22BB7A7A14CAEE5586A197E103258B72B03C9B9E5983F290C8F2E1A0E2F371B1D098C933BD12D627F1B8ED3F16B9199912EB7A75D9B49434282B46FC6C9707674D20C48CA6B76F6CB48EBEE26FF47C3BD77DEAEA3ABD58A7BC96CD783878F60D16D7760F3D66DC62D7E3B146555C87B5AAD71C9BAB6460C9BF9F3C4B5DE314168A869520249FB0599A14A1A1C1323764B0AE6DC3412EE62904DA20C18372053B9FB39C1C5D316F1FB45D25B5BA87A205DD0255135220BA55EBB100AFD282693B00DD83FC405F3E478D73F380193E6F5C35AA9F91B6A9A6121F29F2D2406CA919F240C2106D6FD9C64E9D607262235B110077667E81406EA73CA5A06312D2C99CCD3847FBDBA4DFC342FBC7AFD724346AAA5B996ADAAB4012BFEB60B77DF351A33847838C87071492DA6882AE817ED8D0517472345589803F070D8401DB9DCCD4E7BAA4E1BDF03B3274660EA9810CC1A178E948C723C2BCAA257A8AB8E48EEED6AAF2D23D65206A6423736B7214988F4F9F70FE05D714BA68E0CC575B3A330634C0FF879D8C9353139ECDC7D11CE07F695C8C894FB6E69A81998CCD5D93FA413EE1E1CA13D5454468B3E07E652B0A9AE1B7F1C383939E31FAFBC02773737CDBF60C09681D7871E7D1CB7FDF96E6CDBB14353D27F0B6CFF2A1EB626563ACBA1B7872B3C835C8C6B7EC2F8ABFBA1BAA9415B368BCA2A50947D6153752869EC5A158F0DAA02AAD137A607265F31087D4784E0CFAFCCC5D34BAFC5C7CF6D109FCA122DA21E480C6D523B33D049D7857641DF89C1155B276BB8793B20A8A71716DE3701BD06FA638818A0871051694115CCA590745D0C1E5E2759C83F2111CAF946510403460663A39487C4C5E09E12926CC920255B66786E9F00839F66EF62A8753BFD53DE845DDF26A043882BBCA79BEC63AA599DE3C78661DAE49E18C39EB25323316E6408A68CEB81417DBC1115E1A199A4F12925D8272EC88A0DC958FCCD511D7478EBC11C8C18E0077B212492048FC773D17DE1EF9CF1CD5B08A249CAF4CED7B1F876530AF28A6A30B09717668E09C56C39C7D603BFBC6310D38AF30B0AF53E30101A1814605C732AD8078339272497DCDC5C7476E0EAC61F0741F2EC9E79F2714446466A65400406F823332B0B2FBCF8373CFED433DA09EFD722767D0A6C1CACD44DE931E0CC2D503DFAF9E8085E740C6C618D436B928D6BBA06531AFE916DA93A18F0814D4958FEC6766C5F1187BFBC7D29864B6DEDE6ED88EB1E9A8251337B63D2E5FD31FD9AC1987DE308CCBB3D0657DC331E57DD370E57DF3B1E178B441F3F371AFD4785C027D8552CD9780601ED9DC4221667F446D86221EA41B7216130FFC00C834787A24654CA66210D8EDD41462365304F84CA8663657096B57997F65797E28697A68A41B175C770322B31EE9423F9D8B5E204E6CCED8394B412AC597B420C4EB95131697C1876EFCBC61E21841DFBB2B079473A62138A5020245121F780238939DA5BA9A2609EC6BA1D9998333E140919A5F017426C6939E9C204BC060B7353383958A34E48EF6872093E5D2DC425DFD7335FBFE997AB8DA2E222D4371A92D94808BE3EBEFAFBE90813A541523113D78A636ED49E9616DD8D3F06820203F0F2F3CFE09A2BAF906754ABFD4CA83A98C075FC783C9E78F2193CF4C863F2DC7FB95B5B985E29B6648E5679EF7A0CF8A9AFD0C9B077B5416098A776ECB411577CEFAA9FF254BA025376712F2F96DA5164F54221873B5EB9180327448832F829505353598F0431B24352936E5A1E8B95EFEFC1672F6FC63B7FFD1E6F3FB2066F3DFA3D168B1AF9F2F5ED58FDD1416C5F790C6F3EB606B13BD3B1EA9383CA1F0347F740A3B827DAB4C51A5B3844DD0E59C7C2F71D168CC131A178FDC91FB4C544C7E0602C83D4411746544643631BFEFC9771422C0DB8FDFA2FD061698A2B1E9B809A52C3602854004C8679FFFEB5B0B630C7FD778FC30DD70FC3B7DFC5232BBB02B97955F87C692C6EB87A304244B63166C24E6DA41473EDB569D0403C17E3289C802921AD0C6EAEB64A003D7C1DB5A5E24C20A9B1BF8A839D05AE9D19A54DC45BF7E768B098B3D177AAA10BC1A1234785C4D853B8035EEE1E67CD5D0809098615631DBC4FB26D6CEC61E39A6EFCD1C044B43F5DB7102BBF5A863933A76B9C83791DAC141C1C1CE499C7E28AABAFC5D7DF7E6BDCA3EB483A90AB7147BE031636E6E815136C5CF373840AA1508D305C50927981EE495D7513FC42DC44DA5B60F3D24358F2D206EC5C791C2F2D5AAA999F6545D5F8FCD5ADA82AAB456579BD32189B73EC1DADE1222A84B9EC74495CDC1DE0EC6E0B7B7151189D8D1A1288951FEDC7472F6D4296487F374F7B8C12D78064A18381C8C9D54151FB6CC7F4F9FD34B6B26D5D229C5D6CB58F080D98A0BDB536B76B7F940917F5C292C5FB112B3768B3A888E9370D82AB9FA3BA4E848DA395104411F6AF4A44CC9860EC946BF8E18713D8BD374B5B4E366F4FC357E27E70D4F1A913C230415C155F2F3BED7BD2748A2A10BA1235C4806E49590382FD9C747473954AA741B311C5250A0B70C68C3161A811D2B3B1B1E421B06A5B1A0E8992F97194B00BC0891349DA94DA2244E5EEE90157D79FFBA704BF0FF0F3D52659F6F2DCBE73AF714D37FEA8B0B5B7C39D77DC867FBCF222A64C9CA041F9BADA3A1DC888CB3BEF7D88F73E586CDCBA6BC8385A8016A9586963D6527985449F7DC4F188C1FEE0F0066C8D600C3233AEEB43009A16A4976205E711D99381FADA16F1D54596DB5AA238BF123F2C398C6FDEDC8509F3FAE928E3E652B36B2F52A9D1D5748C06CF58039B2E69DCFC9B391001611EC816A9CE74F3CA925A241DCD07C79E9872991C4B24BEE6BF930C5ADAE1EC668721A274BE786B37EC8470D80CABAC42188D8DA9E131E37BE8EF5F7E7C4088C5068BDFDE0D07773B4CB8B29F0E61C6425125B8393AE3B3C736C3D9DE1AC1E22A31C18C6AA1A8B01691E11E62D4CD58BF350D1BB7A6A2A2A20183FBF9E1C605FDD4FD282EA9D332F1CEB37C74AD9233CB94102A850C1CE56118D2D10DA0A1322374CAF0204C1C1E28F7A70385A50D3ADEE8D1A462047A39A24E941453E32F046C2D292D2B53D260AB88CF394686622DC5E658068959932526FE7B4749EFC62F07BBE5DF7BD79FF1F4937F4540803F8AC535A1EBCEE106BE5CF6B528E365C62DCF8FA28C4AD99759C4EDDAC7C4DEEDECB91D3D870B6998339E086DA02848AF30AE393F4CD9D468C3E1C96D3962B1D81D9BFCE540AC299D4439FC20EEC584CB07E877ED5299B79BB2B615A391B39930218A2422166E224C492A61EE7EAF210128C828456D65A3924CA618CF00914ABBD726E2D8DE6C5C7CE3102513C628CA8BAB71FF0BB3502424B5ED87C41FBBEE1A5A650C6569935ADCDDDD1E975E33043B36A760E2E4484C9DD95B9487A7D4C6459871CB5078048A1210E324380072F689526CF9E408EEBB6F9C1CC29038969C528C90401725167BB95E2A8BA30985F86A550296AF49C298C101B87FD17084FA3B69AC84528F6549CAAC90BF4D10E0E928FB59A94B43E2600CC3C1D61A2FDC3D0AE181AE3896528A2FD625238E5339C87AE66E84C8B102BDEDD575BA10A4A6A7A3B4A44449835DA5274E9E685C73660CECD74F5B6BF8C23112CFDE9EDDF8CF41BFE868BCFBD6BF70E7ED37EBF3A68BE1E4E488D7DF780B79F9EC397D6ED063483B92AFF6D82236D86F620FED437636F845B88B7DDBFF58D1A7C7757DE43753361FAA0F6F30553A0CCA09CCA560B771CE7770684312A245C63333D4A49D244183E6468CC08A93A1BBCABE721CFAF011D17E38B63F5B0393661626282BA84695D4E8034787E284D4C0DBBE4BC084397DE1E5EB8C88BE7E88ECE78B4DDFC5EBCC6B8651A0581E39243FE43CEC421F332E14B93995080876C34D778FC6D5370CC3ED42081C04C725D809E3456D340A01B25C6C6DE0540AABDF3B085771A3E6CC8E467E7E2D32B32A101AE26A28BB94952D3296B29D9D101573393E581A8BAF57272042B699383C5849C4C3C55AC8A34DF335C60FF597ED9AB58F4B656D232EBB28024FDF3142DC8F627C2E84C8D6160645D9A396E5E6F1796CED9A7F81E0C8E324015E8B95B5158EC6C6E29B15DFE1ABE5CB65F9E6A7E5EBE558F9FDF7481192E1B817DC9E2FC1B1F87F4FE7B26EFCB6983F6F9E0E88545D53AB158093A323967DF58D71EDD951535E8FC2CC4A7539F8EEB3C3DA9A77F6E3DB5777FD6C59F18F5DD8F6459C0805434F769A5BE6B1628D2D7605A694EE6CC6645E01FF913668549A192AFF5970BA199E81CEFA1D5B334C384AB06CA3C627309A3838E3975F30272A6A5077A1B3431893BBB67D770C03C6F68083938D065E37AF8843589437FEFCF4547DC9BFFBE4006CAD2DF5B86421CDCC947F3CBA9DB8043BB7A4E1A15B97E1D13BBFC1BD8B96E1BE9B97E1DE5B64B9F56B2CFBEC10AE7C688C468D7F6C491125C131128F6E4AC14D8B862127AF123672FCA3C70A10DDDB5BBBBCB3FC1A8A95FF9672B399365E55DB84EFB7A462F7E15C1416D761D4403FDC7EE5202109A6B39BE1D93B47A177A80B5EBD7F9CB82C4EF8DBC787B0666786AE77B4B352A2E03D6339388A57567E159284AC2E14F1274E68649D65A454FDECF3A5F8F0A34FF0F1A79FCBB2E4A7E5B3CFF1EEFB8BB166ED3A1DA487E7668A704ECED99B7A0DF7B56BE0F81094CC1C8794A35E75827EF34FE8FAF10C3D8BFFC030BED3178E9FEEC12F3D4227664C9B8A9E11E1A238E49D13A599939BA7CFE15C28CDAD464D5983D4E326B0167B8BDD9C8EC5FFB71E4B9EDAF2B3E5B327B6E08BA7B7EA40C10C3990688A33CBD54BE80A4CFB8882182FEE0787FFD2F13B694672E3A812B42399D47625F2E2536A734224E10CD9C4D8642ABFAB3010A3E7AD62EFD369570FD6002883A1541DDC486B4BA971F74B6D3D6C4298BEB4D515F5483E96877031E0379F5A8FFABA4698B269942FBD1C8BC76F2741C93FC6591A1B9BD022EE446B738B2A1E76086BD79EACED58F9751C6A65DBB9778D447589B12545F6E7B066FFBC7535AC85EC82839CB5DFCC8103391832C01FEDA21E38D298216E21D7A9D740F210E5214CCD818953B2CA7532A42FD724E05F0F4D4044B00BA2C33DB0F8E969784FCEF9D06BBB74B268E67970391924A5882017A4E5566A30F54271F8D0E11FC7BBD0B89180B930675B884E12E7D81709423AECFDFA230C8F563FB4AF5017F1F77FBE81F1932FC28CD997E0C65B6F377E2BC791676AA8643ACBD7B56372F01B92DAAF35ACDF0B1C6782D765FCEBA4DFCF0DDE03DE0B425EA71FC151DBA3070DC5C0A131183966220A8BBA1670E4A8E91CB087A4C18E881C55FD5C483B9CA7E3E0680F7516597EB0572B33B8CFB4A87D69A7B60E4D6FC84FAD40614AD75C5A534EA9D8536A53CE92C64E657A93E4803459551642240C0C166494212CDA57FB91E8CD64A1C4C6F57D919BC40998A3470623E14096DE3C164A098672C558B0A29C72588A02E0A44AECBA3E536A709E6FD7BA24383A1A460AE3B979D19DF79D464DF2E09804ACC5C98A3AC51C2F5C162A25E698ACFDEE38163C3C46FBA8D09D20AC44A1E4A596E1E0EA645C76697FA9B90DA33B151454C1DBC7116D1D0CC692FC486C72CD525E9687F79C44C5291939C749B9B8565FAEFD6956AAACBC2A1C4F2B83A7AB8DBA477AADA7A15594928F9B1D0A4AEBE1E57EE66900CE869CBC3C343637C9359A89E1B78203F0B05584CAC3D6EE0C8B7CCFF51CA087DB731C8ABCBC7C1DF4A5133A7E279FAB2C8CD2333FA72B607ABF7F4000BCBD3C11141068FC167075711165D962385E5D9D066EBB8292B252AD80FEA8B0B3B5F98904E5B1F25E7505159595FADE12EC02CF1EDB849B9B1B02FDFC34B9CBCBDB531B00BA829A9A6A2566123C9FA799E9B95DDC13FB7235B99121022EECDD7AB6854998EC326FEB64C81CA51D5557D6212FFDB47968CE02531BF1F9930FE5E222510864A956AD15A50611A3616D4EB140D97F58247BDFD1A172435928F9928662346E1A1E47F10A087347F2913C0D721AEF1FDF3A250F1EA7A1AE1935158D70F77680A7AF232E12435EFAF61EA989D9E1CB50FBE8D080DC4DFE19F238A42C727C133929D790C4F82DB7D36EEDB295958D39562C3B8A7629C3FCFB63502F464E704B5B7B2B2C7D7EBBFC06EDE9CA099D2BAB9B0C83F2880B61A89D0DE7309CCB703D1A9F91752437C635DC9D6DB1F5500E12D2CBB0725B1AAE9ADE4B5D1236959D0E9EAB455E0E1F4F079455D623A6DF9993B2CE866371C775AC07AA3C1AE5FDF7DE83575E7C0E2F3DFF0C5E7AEE0C8B7CFFEACB2FE0964537FDE80B9F3E423913C3CC85184944CC484C4AE95A16E0AE3D7BB5BF0BC7D3080BFB692C8FE0C040796686347F9E335194CDF9C0E9127440602A23C363FEC3C1C2C20A9E9E46E3960779E4E851E39A73233E21514D82DDDF3DDCDD748E152258C8822A966A9BC316242777EDBEEF3F74489526DF2F573717D8D99FBBE239B42E453B85D6D73463C49C9E7879C78D787ADDC2332ECF70F9E15A3CB7E13AB8F9396843839585250EAFEBDA708E1AD31832B9273E7F79132EBD638CD6B0CDF5AD70F5B64779A1B01D6B76B9199C6D7DFBB7719830BF9F14CC3031924E0B205293FD51DCBD9D34A6515956A76A8037DCC0D7F276F0006280249F435B5310DADB1757DC3E4AB7FDE1AB233ACC5F3BEFB8323C771283E501480CF2A9E792DF4822BACE786E1D514CD650113088FAE9E27DB8445C144F7145D83243D83A5822F9601E762D3D8E5973FBA81B51284AC3CBD35E4981C76302998EF921903368994972754DCD70177299240AAAB4BC16474F94E0AB0DC9F8E0DBE33AD6C68D17B3AB78C78F430276822D2775A2DA4843574EEB85C1515D9BA1BB13CCEA646DC7C5D1C911D17DFAC0C7DB1B01FEFE675D38D667AFC8087848CD462264EDCF7E2B9D888C0C878BA883565122EC3CF5F2DFFE6E5C73762CF972A98E5942894C793C6ECC58E31AC0D3CB4B0726E67C2224EF4F3EFB5CC7DB3C17962FFF56D50F0DE88F0A2AB211C386E9FD638C68CBB66D421C71C6B567C6E123B13878E8883677F399F5EDD3D730AF8F20383858542087D86B5512F8F093CFF4FB7361EBB6EDC8C9310CBCD4228A93CDB20C729F0B59E5C53A921DFB8BF51D1FAA9D39D94272B6C537CC4D47F38F1CEEAF95B99DA88E1DCBE28D473B37F4E9C5CCEE83E1D322717C6F16864CE9A9BD533DFC9CB52F8A8EAA25352F3B6BA51E2BD06EF29438ECD36130E676D9BE19BD0607203BA9C4207B69D86230AA066886ACB5655B1A24E550716E39C6CF89C6AA4F0FEAC44794AB6C62E5365AC3CB86DC9FBF185E2F2A1EFE4697C8401C9AF7A0E7D1CDE026AEC277CBE26029AA20E6E2DEDAFCCA6311ECCCB6EADDFDF076B1434C4C30F272AB35B8AA2D353C8CA194FCC5B08FFCA72209957B103328003FECC84474B82736EFCD86AB8395CE4EBF715F0E9232CB7199DC2F3B5B73ED1E4FF0A5610AFAD5337A6340A40716CE8ED2EFBB8A26794972F3F38CAE491B0244DA1A5A94CE0F66147A7B7B8942E460BB1D48CFCC32AEA13BE18A0913C669976C1A0695C3934F3F7B4A70B313725BB16ACD1A2CFB6A39DCDD5C512B12BD57644FF489328C4D4AB09BF784F163B4C2E0580F59D93978F99557751CD2D34137E69F6FBEA5031B53FEFFD13169FC58706A0682D7F7AF37DE4262D29953AD3945E3ABAFBDAEC4C967EF24CF60A2DC979371D51597EA044F2495E2A2623CF5CCF3670D6C1E3A74186FBCF39EDE5F1E8FCF72F6AC99C6B567C6A1F529B083B855627BECDF151875E6F4F133217C903F9A1B9B6126EF6C517DD73243F56D64C0E4FAC7A78B4F648EF0817E08EDE32335B4853695AA918A66679E013B9115E757232852E41B7D211AB9487C4E6F10DAC70B2744BE33804AA353A3979F6A8CD4FC84F049B3B822A3C5A0483A3BD7246AEE3B41C3D7FD68C4F283718AD2C21A21AE2A9415F1B31A25F2C9EF4AE5B3443F6BF5772EE525F528CAAFC23B6FEEC482BF8ED3B66A553902BA4BC9FBF270684D126EBB7524B2732B35DF42E76311E3523747889165E6B93938F1005107FD7B7963F9FA2444043AA3A8B45ED58521B80B384AB90F1C2FC49E6385B8E2A2489D74A95ECE49CE614D7AF3BCBEF076BFB069120906BDF272F3953438C176787898F62BE90A6CC42003FCFDF4771DA13C2DED94CE6BD72DBC5A0CDC4A0983C3E9D3F5B8FFA147F0F5B72B703C3E5E0D63EFFE0378FCA9A7F0C69BEFE8C3A06A69696952D7E774CC9E3153550E87C82361ED97DAF69E071EC4A79F7FAE83F3EE93637DB362251E78F8117CBB6215382CDF1F59657482031B0DECDF4FE3191C60989D0639C114A73B88157785F795E9DE1F7CF4311E7BF269255E2A810A515A13268CD75EC72763EEEC590811C541F562B8EF7BF0E0238F61FD864DEA4272F024BA776FBFF73E9E78F6397068463E738EC171F97C4E2179EE2107F7AF4A82BDB85574339C3DEC11D4BBEB534486F6F796774D14BBBCB876B042E2DEF377B0FC31BAC2D60E670F3B1CDF9D89DB5E9C85C29C4A94FE7D3B9C7D1CC0742B1AA08D9D15920E6461D0A4089C607F0A21010ED9B7F0FF26E1CBBF6F3510006B7F1ABE18A1928DC18AF41C4CD5EED9DF1F638434BE7E772F8AC54D7072B553A3A5356A70553E2BCBEA3145DC20E66F68CC408EA5E6AF0C64000FCB2011D54E87B8C83C678B7824765206067AC65CDE073BBE4A80935C135D2C96FFAB9777E3852DD763EEDC286CD8948298618158B5EE84A6BE931B9BDBDAB483D99431A1DA0D7FE58624396E07FACB43D8B23F476A7C294A1B0D89E733D1795FD3B22B7440E22BA6F7C2AA2DA93A695249533D9E7E771F5EB96FAC3C90930ADD05B069939319A9DF2FF017A5D155D0B50C0D09C6D6ED3BF4A54B4FCB503F9A815282B4F8CA0BCFE3C147FFAA64C2F12FCB4ACBF0DEFB1FEAF36259194761F77BC31C22ADA8961AF1BA85D760C8A0817A8C93C111B6FFF6D2F39877D9023508D68E35D5D558F2F952AD25F97C34A02C04E6E6EAA25DF6CDF89D5C1B9FD71F1574B9FFFAC843B8EA9AEB9408D8E4CD7773E9B2AFF0E5D265EAAE711C535E1B49850BA7B21C36648890EBCF4750E7F11E79E87E3CF0D05F75A63706ADE982BEFCEA6B4AA40C74733065B531516D266295548423860DC5CD37FDC97894B32337A9545C130B6DB0F00CB1D5F86257D163901FAC39F1BA54FED61652117E9F845EC3CFDC9BBA13A71CFD4F8F4F4573430B5EFFCB4A78FA3A63E845BDE013E40A8EE8C52EF17CA94A447D70EED4E09E5EDA8E1C18E6AE69E295A575F2B21903A07293A828749C42F993B33355091188A7838B6FE4E8CE2658FAC64E4D19570B145E2068884C170FEAE18E9BEE1B8F11E3C231606810068E08C26059060DE7673006CA2753CA675ED2176326C93603033072540F8C1DD703FDFAF9A9AB70FB5B73B4F5847116C256DC8A235B5370786D326EBE79848E72CE4994B4CBBD180C035896F2325C3CAD9794B705AB44F2F1A58F08729732B523471416F98B1DE9D83242854270C0E2CAAA267CFC5D3CC60D0D44BF084F6DBD49CFA9405ED1858FCE94949CA44A802F2967E3EA9CE3A4AB080A0C82995C07F7E7485E1C9CF664F4E9D31BAFFFE35584F508155553A1D7C8DACFD1D15E89C2C9C949FD71CE2BCA87F7D003F76BAFCCB381FD24967EFE29060E1820954283BE139DC7E1EC641CF897E0E0C4ECC2EFE9E1AE711212C8E92D092C73E7A227EF0AE4F1F1BD3979E90A0CDB1A9A1ECF94ADCB9C9CCF3EF950E31B3A676D63A31A3B1515631D8E0E8E62F076DAE18CD73C67F64CEDC17A36848785E395979E5352E7B8AF8493B383D894A912B5AD9D0D1CE4BE3536362801733472CE4B73BE314F8B332B509455295E82A9A64D746552E793C1F003E743610308BB7F7465CCD09F4DCB386862381C9C6DF08F3BBF86BDB32D82C5151934210279A925282FAE5557860F2A6C801FE2F76469A6684176B9CE2A4D52A1BB4217A2471F6FF41B1D8AFD9B9231784218068D0B130272C1BC453158F6F62E1CDB9BA9FDFE69B0ACE6492F7C88ECE13AF38A81E83B2C08775CF2117E5811872DDF27602397EF8ECB673C36AC3A8ECD3F9C407A4A99B82CB53828C77AEDF94D58BFE604D6CAFA43077230636EB4DED0E403F986D4747939A84AD20E17E0F2FB462129B51469E9A5F2825B2135BD0C2EE25E5C3CB3378E9D28466C62B1BC14E27F0A11DE75C3507CB93A0135F52DB85AD65F33BBB7908B09F61D37B44C903BF89ED637B6E28410D188BEDEE2AAD8E9C03DECE41626AECD8560DD0F1B919C9CA24AC1D9C901D75C75E505497A1AC096AD3BB409942ACD4B8C748048ED934163E6140116E616C8CDCB4392B825242AB68270F46B1B2B6B796927E1969B6ED0C980CE07D6B49CFC2730D05F95526A4AAA48EE2254881F5F2D06E2EDEDA3D348DEBAE8464D3ACBCACE52A3F4F5F5C6A489138C4701FEF1FA9BE2F636699F9B98E1237406F5F38123757FFEE5328DA5D0B59B3C792202859CCE07B66230598E6AAA54D4D69FAE5DA83187934125312A66A4AABD4271218E27C4A3DA38323B9545AD10EB6859BF48D4C0FC8BE71AF73A3BD84C1D337284E6D1C4279CD0B14FD8558144C1C1798AA51C51BD7A61D10D7FC282CBE7FF184C3D17328F1763C34747947C2A6A6B70E3F353E1117061EF5C567C1112F7E4AA1B4F5BE488FFD6C6B001F9FBF469194D84D5CF48E9B1DBD2F0F7BB966BFF11F6629D76ED10ED0D7760638ACE123FE1D2FED8B3F604068D0FC3AEB589689603D2FE59F871F3A371D363D35057D3888DCB8E222DBE0015A5F578E0F58BB5167FE8AA4F74EA0253710118EE603095E383729E14B61DBFB5F2267CF9F61E2C7D6F9761A01D3930678FD7CA87AA5DC8852D142DB2C8AF888CF2C5485119BB7666205B082025A5046F2CBE12FE2EB67868CA6234D5B66A6A2D512DE57870C9A570EAE781D7FFB90BFF77FF387CF5ED71F8FAD863F5C65454D43408C958EAA85FE346896F6AD681551BD3A4E6B4C6BA0F2F37C478044FBCB90719F99CEF94B107B906294B93288C1AD96FECA00084073AC1CED60A13879EFF053E19372CBA0545620094F7C3870FC5630F3D685CD375DC7EE73D2A7FD93B3632A227FEF1B7178D6BCE8C86FA46A4A4A7A901F9FAF8C0DB537C62C365FE22B0E6A4EA68E96885A39D83925EA702E8541252BF6B4571322132E8C7BFB9DEE0C29CBF10DC873912DC962D602ECE2E6A94E7836116F932254E96F7E4796ACF06AA8DDCFC7C550A6CAD62D099FBFF52F058B1B171AA5438E136E780E5B4141782556FECC5470F6F04C7E26516F6E2CCFBE0EED7B569173A11B72D1D778D7B073E5E2E6A6B8F7D770522871B72729896704BD46B2A0A9841FAC0A7F34F754F4E46FFB13DF0F69EBBB1E899E9DA99EDBD27D662DB37C7102E0A234A5440A330CF9839D1422AF57072B5C1D46B8660D153D3F0ECD26B953008469EE3F766A9B1370A8130857C87D4DA745538A319BF37280C060B20C4528B990B06A97FC5161AAA1AB22D0740E55817ECD7C10995D89AC098839DF87136E2129D905AFF9DD7B68BEF698911A26EA832D67E2F4410E18E81E2BE90213BC1710656BF770091216EF8DBCBD31112EC8207EE198D5DFBB2919EC597C84C034A541A21FE8E58BF3503D1911E1831D00FA5E2A6119C28DADCC204413E8EF0F37480AF879D2C0E08F37746FF9E9EC82BAE4190AF1396AE4D425965D7679267F43B39254D836A7C910644471BD75C18428383757F4EE0CC0C440654CF051B5B6BF4955A9DC13F2671FD1AC22068F0F6E296B8383AFFCCF855F19144847C4F5750868184E4F9CA33EF0A6110DC8706C719D3BC3C3CBB441804EF8DAF2820EED715C220E89670C0A3C103076A00F8D71006E1EFEB8B99D3A762DEC5737494F90B250C2223AE5087C264BF91F021BEDA747AA17074B38713BB2C48E5D7D2D4725E17E59CBA973D5D99F4F5D4B2EBF1D28A1B31EBC661FAA07B0F0DC645570DC2FCDB6370F1AD3178EEABEB71ED4313B50B7D70AF9F1E80A38B9DF84966F861E9617171C2A550EDD8FC350796F9A9E661B32C0BC1D803DD8839A268BEFE600F7233C475B0B712792BFE3D7D8076D624861A9D39186CC9A9AD6D1235D3A4DFB393D8813D9938202495256EC7A25B47E9F1E7FFDF281D4A908C4930269172300F8736A4C0CEE6A71B3C636A4FCC99162935A3A5D4D0ED080970D159E22F9F1585406F27A46654E0FE97B6E0B3550978EBCB58AC1676DE7E384F3BA9ED389287DD4773B12B2E1FFB8F152036A90471C9A5F2029B8ADBD2B50C4022252D55DC0AC358911C6BB577EFDEFAFB85222666B8DC9B7A35BEA2C2229414772DD3AF1BFF59A8AF6E425E5299E645913442FB79E37CB3C09F092E5E7608EAE5A1EF1C6D2B33FEDC93629D93343AE1EC6E873E234230FBA691B8ED85999875C3308408397034E390DE3EB0170571368C9D172D4AC416972C1A81551F1F405672B148294B250B064059E3B4494DC85C8F85F71A92872A8A6A1110EA2A6ECA0D98BB70B02A0506CD982549C5C13960FB0E0EC00431F28BE6F4C1745966CDED8B05B2ED1C21AE71137B225B4887F00B77C7E8CB7A8B7433D4F89C82817D58963D6798BFB3BAB6116BD625E1D57FEE444E5E35268FEFA1C1D01993C2E0266A67BD90C3CE83D9AA2EB265FDD6FDD93A0607550E7BB072FE562E36425A9CA18D04E6CF56A89452F878DAC2435CA4AE62CBB6ADDAA24137C1D3D3FD825A4E4EC6B061C3447E372AC153B227249E3F5BB31BFF7928C9AD448E9006BB68507987F6BFB0CCE34EB0853128DA5BFB74B11B46C69142B1B9B3770BE81269FC1A440D0EC45D2FCFD63E221F3EB74147F832382572724E712656C65EB67E212E9879C560BCFDEC7A24C6E662F69583E1244AE5BABBC6E2D29B8663F61503B140486BFAFCFE8888F2D666BCA2FC6A51156548901A7EFB96547CF3E511BCFFE60E7C2A4AE5D9277EC0F2A547B41975C123E361290A824C4AD0F5D9BF2B055922ED92D2CA5052560B1B295F5656053E5A7204ABD69F406D5D0BD66E4943430365BE19D88A65239F1C48884153114BAA9C7E822172CF5884AFA73D0AC4D5AAAC6ED6D695AE62F79E7D7A5F2AABAA743E13ED2FF20B400DC77E22F4BD793C1EB71BFF7D284CAB40B6284956AA8CED0544BA19D75C3882A23C34219236727C5B262A0A8CC96752B973C8090ED5590F4E37D9F6F3D693DF1A4C180B0CF7C0AAC5FB10BB3313B6F686082DC9828954FCC75EA093850CFA8F0846FCFE1CF885BA232CCA47833BE525B5F8E2AD5DD8BF231DC70E6423510822536AF182BC4A9496D4E9D48DB5E2A270B83F364F31026C6B6FA9C65227EE4B4E76A52A92C2D47224EDCF85B5A8232D57BB39D28F16E0DA07C7A1548EC1418539DD818383B5BA27CC300D0A70425246A5AA9B0E792A2C76A3105C9F080FA4E6541A5C7FFAE77A44DEDF0E6D8E1D35C05FE74519D1D71723BBC8FE6D6DAD484E4D838F97B712C6C8E1C3D1BB57A471ED85A34194065B0342434234159D6DFEDDF8EF425662319A4A9B7552E7F0813E187559F42F724F08CEED5A5DDA28C4E3AE794E232FE90D07171B55AAD90986A131BCBC5D307466CFB3B79EFC96600EC7D3377C89A2DC0A5508AA6F8430A83728E739C8CE927DF760DBEA04BCF9F85A38893B34EB1A511AE2D65455D463D907FBB4B9D4D482E6C95610A9E1A5AA67C169E034544B210BED15C86F59E38B298F9ED0035B36A6E0ED8FAE40656A251E9EF6B1F67F610B0F150107567D76ED4258063961F386147CF1F55138898A68956344F5F602F3483834E0816385B0B7B7469B1CB55DC863E2C820EC3C92A70462222E49A75C63E7B6405F7B784AB9B71DCAC3E72F4C47B04FD726FCE56360993A633DA707092F143C5EE7A3E527038CDDF8EFC28F3D95B5F2950F63CBDE2F058F6750CBF2BEC87BDD093D0FDF4B798FD838F1EBDECC2E62C3B223C8482CD20B6312155501A3B42DCDED282FAAC1C5370CD3C140367E15ABBE59CCE49E58BFFC285EBC6F05F66E4EC5A8493DC5CFE70D22D1C885D1A0C41E1807F1F275C4CC79FDF5780C9872E6341A092F8C199BCC5578E78DDDE8393200E31744A34AD409E516C7FE681417E4A3BF6E42A89F13A2FA78C2C3C3FEC7D1C639F6C6A61D19888AF094DADF5EDBD3CDE4A88C379495D523C0DB41632C1A9B11F0A3555899FD55E2D3CA71FDECA82E1306C18745C32659FC5AC22078BCCE637513C67F27D480B90859FC5AC220782C1EE764C2203ACFC14FFD5B7FFE8EA8A96CC09EB509DA2C6BEB680D3B59989D692B6E000730F60974C1823B4661EBCAE3B0B435C7DC1B86EBD080A585B5F0F67541765A29EC1DADE0EA61A7FE166F0D0DB4AABC1E4E2EB678F0B999B86AD17078783A68162A099142C44248884DB7BC4066BBB1DFC8C5F7C6207CB02F027A792030CA1311F23BB35D930FE461C4902084063133AECD7002F9EF2EF26CC50F27306A70A02A9D36F9C76629E663B0795789DEB0A91295159B6B65F71E4242375CFCCB9A4BBBD18D3F3A7E77F784929B4921741FD4BA3A21C6CD7C0B0ECBC7AEB90B635E5337E5E9C557E2E8DE4C6C59755C13B8B80BE310532F1D80CFDFDA21BF5B81B3BF47447BE3FE6767C237C030ACFFD60D27F0FCC3E2DAE808CCA67076B3D51696B5ABE2316E5284C6396EBF734CA785EB3E945D9462ECF64F6CDF9581C79ED90807676B0C88F6436A56B9E6668C1E1E846A295BACA8252689798BF288E8E18EF5BB3285F82C741EDB7A59EFED618BD9637BE09249E1BF685CD06E74E33F01BF7B20943299C119B69E309ED0B950E6337FE3C4913C6C13C33EBA3B13B73C3E056F3FB55E8D7AFCAC28241CCE57E5C04E710D421481E19EA8AE6EC00DF78EC3ED8F4CD164B14E048B11B3D973F7D634915880978F231C9DAC909F5785BEFDFCF0DD8A63484F2FC3F163F9D8BD371B3BC4E05DDD6DB176433212840CBE5F93A0EE0C07182E29AD87AFAF834E1ACDF94C720B6B103324007945B53A7646496523268F0CC6A1F822ED6CC48C42073B2BDC77ED604C1F15AA64D88D6EFCB7E277278DB38135B6A3932DAA2B840C22DC5122C6DD50D7826431EAC2EC0A9D2680533CC6EEC9D06DD971EEF2452330EB8A811830FCCC3347F51672A03F76787F964EB844C5502C6E4E5884078EC515A020B74A08A204A9C9C538129BAF81CED8238699F2BF5F73029C152D44CE939E5E0E5F219DDAFA66B0031D83ADB50DAD1831D81FC7924A8448DA1133D01F87138AC0FE369CCB756A4C302E9D72619D85BAD18DFF44FC5B5A4FBA024E0F59905589F88359A8969A9CB3D68F9C14090F76CDB7B280A30BBB10772DA0979D518655DFC4A9CAA0C2E1644699A2323A5B6E74DC53B96C27671B8C1063DF2BCA63842887152BE371E55503F0E55771888EF64171591D0AC5B5E25CB0354228532786EBDF7B8FE663DCC8203470DE9494523409A9DCB37030E6895BD28D6EFCB7E30F431ABF0798F895975B89679F58077B7191D84D8AF1070D6C88BAE04CF0D3A6478AEA2880BBB82A2666667070B0425E418DBA50B50DCDC82FAED5EEC36DE22771E0A0CBE74663A5B834754D2DB8E692BE78E38B23B011B7E6A367A722F0025A4BBAD18DFF54FC573BDF41A16EDA52C33142080EA843BED01616015B44E2138A316448000E1ECE852B9359841882039D35B5DD446E0F9B54C9AB1C5E902D27FB8FE422667080E668B03F0B6769EB27EE55376174E37F05FFF511BBFE03FCD1B3B70FAAAA0C23940B0B0871086BC887B9A50952928AB5F9D4CFD719078438CCCCCDD0BB1747A366A28B6104746D02975F2C2C4C90262E948D85B99084233272AA7454F3FBAF3BFF9813DDE8C67F0BFE27C2FCCFFE6D16BC4509D45437EB781E1C48954DC166F28FB922DFAD3A8EB9B3A390935581FCC22A9DCB64D8C0001D7884DD63D4ADE9304C914802D9B8271DE3449D5454D5E38DC726C3CFFBC2C62FE84637FE93F15F1DD338194585D5D8BB2B13E9E9A548882FD2690C6AEB5B60EF60ADAEC6C409E1422C0E183A2C10FEBE4E282CAEC57D0FAF41AD900CBBECB3058789951DF283718E6103FDF1C89F4769E7B46E74E37F09FF33A4D1095E6E4D75132ACAEB70F46801F6EFCF425A6639FCFC9DF1E273D3D53D216A6A9B448124205BC885638032C9ABACAA11CD6D1D183AC00F57CF8B4678B0AB6EDB8D6EFCEF00F87F9ED91B4B4AFAE0D90000000049454E44AE426082 WHERE `app_id`='11' and `app_name` = 'LF Acumos Marketplace';
-
-
-
restartPolicy: Never
initContainers:
- name: {{ include "common.name" . }}-init-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.readinessImage }}"
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- /root/ready.py
nodePortPrefix: 302
persistence: {}
readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
# application image
repository: nexus3.onap.org:10001
-image: onap/portal-db:2.6.0
+image: onap/portal-db:3.2.0
pullPolicy: Always
-readinessImage: readiness-check:2.0.0
+
mariadbInitImage: "mariadb-client-init:3.0.0"
# application configuration
# application's front end hostname. Must be resolvable on the client side environment
dmaapBcHostName: "dmaap-bc.simpledemo.onap.org"
# msb IAG ui assignment for port 80
- msbPort: "30280"
+ msbPort: "30283"
# application's front end hostname. Must be resolvable on the client side environment
msbHostName: "msb.api.simpledemo.onap.org"
# SO Monitoring assignment for port 30224
#cookie domain
cookie_domain = onap.org
-{{- if .Values.global.aafEnabled }}
-# External Access System Basic Auth Credentials & Rest endpoint(These credentials doesn't work as these are place holders for now)
-ext_central_access_user_name = aaf_admin@people.osaaf.org
-ext_central_access_password = thiswillbereplacedatruntime
-ext_central_access_url = {{ .Values.aafURL }}/authz/
-ext_central_access_user_domain = @people.osaaf.org
-
# External Central Auth system access
-remote_centralized_system_access = true
-{{- end }}
\ No newline at end of file
+remote_centralized_system_access = {{.Values.global.aafEnabled}}
+
+# External Access System Basic Auth Credentials & Rest endpoint
+# The credentials are placeholders as these are replaced by AAF X509 identity at runtime
+ext_central_access_user_name = portal@portal.onap.org
+ext_central_access_password = thisfakepasswordwillbereplacedbythex509cert
+ext_central_access_url = {{.Values.aafURL}}
+ext_central_access_user_domain = @people.osaaf.org
\ No newline at end of file
-Djavax.net.ssl.keyStorePassword=$cadi_keystore_password_p12\";\
/start-apache-tomcat.sh -b {{ .Values.global.env.tomcatDir }}"]
env:
- - name: _CATALINA_OPTS
+ - name: CATALINA_OPTS
value: >
-Djavax.net.ssl.keyStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.keystoreFile }}"
-Djavax.net.ssl.trustStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.truststoreFile }}"
# application image
repository: nexus3.onap.org:10001
-image: onap/portal-sdk:2.6.0
+image: onap/portal-sdk:3.2.0
pullPolicy: Always
#AAF local config
-aafURL: https://aaf-service:8100/
+aafURL: https://aaf-service:8100/authz/
aafConfig:
aafDeployFqi: deployer@people.osaaf.org
aafDeployPass: demo123456!
ingress:
enabled: false
service:
- - baseaddr: portalsdk
+ - baseaddr: portal-sdk
name: "portal-sdk"
port: 8443
config:
- ssl: "none"
+ ssl: "redirect"
# Resource Limit flavor -By Default using small
flavor: small
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/portal-wms:2.6.0
+image: onap/portal-wms:3.2.0
pullPolicy: Always
# flag to enable debugging - application support required
-Subproject commit a995fce78ae63d33a0c48d825001ed7faea3b18f
+Subproject commit c81062626b69160145baac5e6a5d670cb67211fa
ingress:
enabled: false
service:
- - baseaddr: "sdcbe"
+ - baseaddr: "sdc.api.be"
name: "sdc-be"
port: 8443
config:
ingress:
enabled: false
+ service:
+ - baseaddr: "sdc.dcae.plugin"
+ name: "sdc-dcae-be"
+ port: 8282
+ config:
+ ssl: "none"
# Resource Limit flavor -By Default using small
flavor: small
enabled: false
service:
- baseaddr: "dcaedt"
- name: "sdc-dcae-dt"
- port: 8186
- - baseaddr: "dcaedt2"
name: "sdc-dcae-dt"
port: 9446
config:
- ssl: "none"
+ ssl: "redirect"
# Resource Limit flavor -By Default using small
flavor: small
name: "sdc-dcae-fe"
port: 9444
config:
- ssl: "none"
+ ssl: "redirect"
# Resource Limit flavor -By Default using small
flavor: small
# Segregation for Different environment (Small and Large)
ingress:
enabled: false
service:
- - baseaddr: "sdcfe"
+ - baseaddr: "sdc.api.fe"
name: "sdc-fe"
port: 9443
config:
mountPath: /config-input/
- name: sdc-environments-output
mountPath: /config-output/
+ - name: volume-permissions
+ image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /bin/sh
+ - -c
+ - |
+ chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} //onboard/cert
+ securityContext:
+ runAsUser: 0
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-cert-storage
+ mountPath: "/onboard/cert"
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
volumeReclaimPolicy: Retain
mountSubPath: /sdc/onbaording/cert
+securityContext:
+ fsGroup: 35953
+ runAsUser: 352070
ingress:
enabled: false
wf_external_user_password: S3A4Yko0U1hzek0wV1hsaGFrM2VIbGNzZTJnQXc4NHZhb0dHbUp2VXkyVQ==
ubuntuInitRepository: oomk8s
ubuntuInitImage: ubuntu-init:1.0.0
+ busyboxRepository: registry.hub.docker.com
+ busyboxImage: library/busybox:latest
cassandra:
#This flag allows SDC to instantiate its own cluster, serviceName
#should be sdc-cs if this flag is enabled
DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt
sdnc.odl.user=${ODL_USER}
sdnc.odl.password=${ODL_PASSWORD}
-sdnc.odl.url-base=http://sdnc.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations
\ No newline at end of file
+sdnc.odl.url-base=http://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations
\ No newline at end of file
DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt
sdnc.odl.user=${ODL_USER}
sdnc.odl.password=${ODL_PASSWORD}
-sdnc.odl.url-base=http://sdnc.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations
+sdnc.odl.url-base=http://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations
--- /dev/null
+TransportType=HTTPNOAUTH
+Latitude =50.000000
+Longitude =-100.000000
+Version =1.0
+ServiceName=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}
+Environment =TEST
+Partner =
+routeOffer=MR1
+SubContextPath =/
+Protocol =http
+MethodType =GET
+username =UNUSED
+password =UNUSED
+contenttype =application/json
+authKey=UNUSED
+authDate=UNUSED
+host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}
+topic=CM-NOTIFICATION
+group=users
+id=sdnc1
+timeout=15000
+limit=1000
+filter=
+AFT_DME2_EXCHANGE_REQUEST_HANDLERS=com.att.nsa.test.PreferredRouteRequestHandler
+AFT_DME2_EXCHANGE_REPLY_HANDLERS=com.att.nsa.test.PreferredRouteReplyHandler
+AFT_DME2_REQ_TRACE_ON=true
+AFT_ENVIRONMENT=AFTUAT
+AFT_DME2_EP_CONN_TIMEOUT=15000
+AFT_DME2_ROUNDTRIP_TIMEOUT_MS=240000
+AFT_DME2_EP_READ_TIMEOUT_MS=50000
+sessionstickinessrequired=NO
+DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt
+sdnc.odl.user=${ODL_USER}
+sdnc.odl.password=${ODL_PASSWORD}
+sdnc.odl.url-base=https://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations
--- /dev/null
+TransportType=HTTPNOAUTH
+Latitude =50.000000
+Longitude =-100.000000
+Version =1.0
+ServiceName=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}
+Environment =TEST
+Partner =
+routeOffer=MR1
+SubContextPath =/
+Protocol =http
+MethodType =GET
+username =UNUSED
+password =UNUSED
+contenttype =application/json
+authKey=UNUSED
+authDate=UNUSED
+host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}
+topic=A1-P
+group=users
+id=sdnc1
+timeout=15000
+limit=1000
+filter=
+AFT_DME2_EXCHANGE_REQUEST_HANDLERS=com.att.nsa.test.PreferredRouteRequestHandler
+AFT_DME2_EXCHANGE_REPLY_HANDLERS=com.att.nsa.test.PreferredRouteReplyHandler
+AFT_DME2_REQ_TRACE_ON=true
+AFT_ENVIRONMENT=AFTUAT
+AFT_DME2_EP_CONN_TIMEOUT=15000
+AFT_DME2_ROUNDTRIP_TIMEOUT_MS=240000
+AFT_DME2_EP_READ_TIMEOUT_MS=50000
+sessionstickinessrequired=NO
+DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt
+sdnc.odl.user=${ODL_USER}
+sdnc.odl.password=${ODL_PASSWORD}
+sdnc.odl.url-base=https://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations
--- /dev/null
+TransportType=HTTPNOAUTH
+Latitude =50.000000
+Longitude =-100.000000
+Version =1.0
+ServiceName=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}
+Environment =TEST
+Partner =
+routeOffer=MR1
+SubContextPath =/
+Protocol =http
+MethodType =GET
+username =UNUSED
+password =UNUSED
+contenttype =application/json
+authKey=UNUSED
+authDate=UNUSED
+host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}
+topic=SDNR-CL
+group=users
+id=sdnc1
+timeout=15000
+limit=1000
+filter=
+AFT_DME2_EXCHANGE_REQUEST_HANDLERS=com.att.nsa.test.PreferredRouteRequestHandler
+AFT_DME2_EXCHANGE_REPLY_HANDLERS=com.att.nsa.test.PreferredRouteReplyHandler
+AFT_DME2_REQ_TRACE_ON=true
+AFT_ENVIRONMENT=AFTUAT
+AFT_DME2_EP_CONN_TIMEOUT=15000
+AFT_DME2_ROUNDTRIP_TIMEOUT_MS=240000
+AFT_DME2_EP_READ_TIMEOUT_MS=50000
+sessionstickinessrequired=NO
+DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt
+sdnc.odl.user=$(ODL_USER}
+sdnc.odl.password=${ODL_PASSWORD}
+sdnc.odl.url-base=https://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations
DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt
sdnc.odl.user=${ODL_USER}
sdnc.odl.password=${ODL_PASSWORD}
-sdnc.odl.url-base=http://sdnc.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations
\ No newline at end of file
+sdnc.odl.url-base=http://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations
\ No newline at end of file
- mountPath: {{ .Values.config.configDir }}/aai.properties
name: properties
subPath: aai.properties
+ - mountPath: {{ .Values.config.configDir }}/dmaap-consumer-CMNotify.properties
+ name: properties
+ subPath: dmaap-consumer-CMNotify.properties
+ - mountPath: {{ .Values.config.configDir }}/dmaap-consumer-a1Adapter-policy.properties
+ name: properties
+ subPath: dmaap-consumer-a1Adapter-policy.properties
+ - mountPath: {{ .Values.config.configDir }}/dmaap-consumer-oofpcipoc.properties
+ name: properties
+ subPath: dmaap-consumer-oofpcipoc.properties
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdnc-dmaap-listener-image:1.8.0
+image: onap/sdnc-dmaap-listener-image:1.8.2
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdnc-ansible-server-image:1.8.0
+image: onap/sdnc-ansible-server-image:1.8.2
pullPolicy: Always
# flag to enable debugging - application support required
--- /dev/null
+# Copyright © 2020 Samsung, Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.ingress" . }}
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/admportal-sdnc-image:1.8.0
+image: onap/admportal-sdnc-image:1.8.2
config:
dbFabricDB: mysql
dbFabricUser: admin
ingress:
enabled: false
+ service:
+ - baseaddr: "sdnc-portal.api"
+ name: "sdnc-portal"
+ port: 8443
+ config:
+ ssl: "redirect"
#Resource limit flavor -By default using small
flavor: small
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdnc-ueb-listener-image:1.8.0
+image: onap/sdnc-ueb-listener-image:1.8.2
pullPolicy: Always
# flag to enable debugging - application support required
version: ~6.x-0
repository: '@local'
condition: .global.mariadbGalera.localCluster
+ - name: elasticsearch
+ version: ~6.x-0
+ repository: '@local'
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Get "resources/env.yaml") . | indent 2 }}
+
+{{ if .Values.global.aafEnabled }}
+{{- if .Values.aafConfig.addconfig -}}
+---
+apiVersion: v1
+kind: ConfigMap
+{{- $suffix := "aaf-add-config" }}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }}
+data:
+ aaf-add-config.sh: |-
+ cd /opt/app/osaaf/local && /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.aafConfig.fqi}} {{ .Values.aafConfig.fqdn }} | grep cadi_keystore_password= | cut -d= -f 2 > {{ .Values.aafConfig.credsPath }}/.pass 2>&1
+{{- end -}}
+{{- end -}}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
{{ if .Values.global.aafEnabled }}
- - name: {{ include "common.name" . }}-aaf-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /root/ready.py
- args:
- - --container-name
- - aaf-locate
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- - name: {{ include "common.name" . }}-aaf
- image: {{ .Values.global.repository }}/{{ .Values.aaf_init.agentImage }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: {{ .Values.certpersistence.certPath }}
- name: {{ include "common.fullname" . }}-certs
- command:
- - bash
- - -c
- - |
- /opt/app/aaf_config/bin/agent.sh &&
- cd /opt/app/osaaf/local &&
- /opt/app/aaf_config/bin/agent.sh local showpass | grep cadi_keystore_password= | cut -d= -f 2 > /opt/app/osaaf/local/.pass 2>&1
- env:
- - name: APP_FQI
- value: "{{ .Values.aaf_init.fqi }}"
- - name: aaf_locate_url
- value: "https://aaf-locate.{{ .Release.Namespace}}:8095"
- - name: aaf_locator_container
- value: "oom"
- - name: aaf_locator_container_ns
- value: "{{ .Release.Namespace }}"
- - name: aaf_locator_fqdn
- value: "{{ .Values.aaf_init.fqdn }}"
- - name: aaf_locator_app_ns
- value: "{{ .Values.aaf_init.app_ns }}"
- - name: DEPLOY_FQI
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aaf-creds" "key" "login") | indent 12 }}
- - name: DEPLOY_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aaf-creds" "key" "password") | indent 12 }}
- - name: cadi_longitude
- value: "{{ .Values.aaf_init.cadi_longitude }}"
- - name: cadi_latitude
- value: "{{ .Values.aaf_init.cadi_latitude }}"
+{{ include "common.aaf-config" . | indent 6 }}
{{ end }}
- name: {{ include "common.name" . }}-chown
image: "busybox"
volumeMounts:
- mountPath: {{ .Values.persistence.mdsalPath }}
name: {{ include "common.fullname" . }}-data
- - mountPath: {{ .Values.certpersistence.certPath }}
- name: {{ include "common.fullname" . }}-certs
+{{- if .Values.global.aafEnabled }}
+{{ include "common.aaf-config-volume-mountpath" . | indent 10 }}
+{{- end }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- name: JAVA_HOME
value: "{{ .Values.config.javaHome}}"
volumeMounts:
+ {{- if .Values.global.aafEnabled }}
+{{ include "common.aaf-config-volume-mountpath" . | indent 10 }}
+ {{- end }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
name: {{ include "common.fullname" . }}-data
- mountPath: /var/log/onap
name: logs
- - mountPath: {{ .Values.certpersistence.certPath }}
- name: {{ include "common.fullname" . }}-certs
- mountPath: {{ .Values.config.odl.salConfigDir }}/{{ .Values.config.odl.salConfigVersion}}/sal-clustering-config-{{ .Values.config.odl.salConfigVersion}}-akkaconf.xml
name: properties
subPath: akka.conf
- name: properties
emptyDir:
medium: Memory
- - name: {{ include "common.fullname" . }}-certs
- {{ if .Values.certpersistence.enabled }}
- persistentVolumeClaim:
- claimName: {{ include "common.fullname" . }}-certs
- {{ else }}
- emptyDir: {}
- {{ end }}
{{ if not .Values.persistence.enabled }}
- name: {{ include "common.fullname" . }}-data
emptyDir: {}
{{ else }}
+ {{- if .Values.global.aafEnabled }}
+{{ include "common.aaf-config-volumes" . | indent 8 }}
+ {{- end }}
volumeClaimTemplates:
- metadata:
name: {{ include "common.fullname" . }}-data
readinessImage: readiness-check:2.0.2
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ aafAgentImage: onap/aaf/aaf_agent:2.1.15
persistence:
mountPath: /dockerdata-nfs
aafEnabled: true
password: '{{ .Values.config.odlPassword }}'
# For now this is left hardcoded but should be revisited in a future
passwordPolicy: required
- - uid: aaf-creds
+ - uid: &aaf_secret_uid aaf-creds
type: basicAuth
externalSecret: '{{ ternary (tpl (default "" .Values.aaf_init.aafDeployCredsExternalSecret) .) "aafIsDiabled" .Values.global.aafEnabled }}'
login: '{{ .Values.aaf_init.deploy_fqi }}'
# application images
repository: nexus3.onap.org:10001
pullPolicy: Always
-image: onap/sdnc-image:1.8.0
+image: onap/sdnc-image:1.8.2
# flag to enable debugging - application support required
numberGGLogFiles: 10
# dependency / sub-chart configuration
+aafConfig:
+ addconfig: true
+ fqdn: "sdnc"
+ app_ns: "org.osaaf.aaf"
+ fqi: "sdnc@sdnc.onap.org"
+ fqi_namespace: org.onap.sdnc
+ public_fqdn: "sdnc.onap.org"
+ aafDeployFqi: "deployer@people.osaaf.org"
+ aafDeployPass: demo123456!
+ cadi_latitude: "38.0"
+ cadi_longitude: "-72.0"
+ secret_uid: *aaf_secret_uid
+ credsPath: /opt/app/osaaf/local
+
aaf_init:
agentImage: onap/aaf/aaf_agent:2.1.15
app_ns: "org.osaaf.aaf"
name: sdnc-dgbuilder
nodePort: "03"
+ ingress:
+ enabled: false
+ service:
+ - baseaddr: "sdnc-dgbuilder"
+ name: "sdnc-dgbuilder"
+ port: 3000
+ config:
+ ssl: "redirect"
+
+# local elasticsearch cluster
+localElasticCluster: true
+elasticsearch:
+ nameOverride: sdnrdb
+ name: sdnrdb-cluster
+ aafConfig:
+ fqdn: "sdnc"
+ fqi_namespace: org.onap.sdnc
+ fqi: "sdnc@sdnc.onap.org"
+ service:
+ name: sdnrdb
+
+ master:
+ replicaCount: 3
+ # dedicatednode: "yes"
+ # working as master node only, in this case increase replicaCount for elasticsearch-data
+ # dedicatednode: "no"
+ # handles master and data node functionality
+ dedicatednode: "no"
+ nameOverride: sdnrdb
+
+ curator:
+ enabled: true
+ nameOverride: sdnrdb
+ data:
+ enabled: true
+ replicaCount: 1
+ nameOverride: sdnrdb
+
+
# default number of instances
replicaCount: 1
ingress:
enabled: false
service:
- - baseaddr: "sdnc"
+ - baseaddr: "sdnc.api"
name: "sdnc"
port: 8443
config:
--- /dev/null
+# Copyright © 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: v1
+appVersion: "1.0"
+description: A Helm chart for Kubernetes
+name: so-nssmf-adapter
+version: 6.0.0
\ No newline at end of file
--- /dev/null
+# Copyright © 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+aai:
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}}
+ endpoint: https://aai.{{ include "common.namespace" . }}:8443
+logging:
+ path: logs
+spring:
+ datasource:
+ jdbc-url: jdbc:mariadb://${DB_HOST}:${DB_PORT}/requestdb
+ username: ${DB_USERNAME}
+ password: ${DB_PASSWORD}
+ driver-class-name: org.mariadb.jdbc.Driver
+ jpa:
+ show-sql: false
+ hibernate:
+ dialect: org.hibernate.dialect.MySQL5Dialect
+ ddl-auto: validate
+ naming-strategy: org.hibernate.cfg.ImprovedNamingStrategy
+ enable-lazy-load-no-trans: true
+ security:
+ usercredentials:
+ - username: ${BPEL_USERNAME}
+ password: ${BPEL_PASSWORD}
+ role: BPEL-Client
+ - username: ${ACTUATOR_USERNAME}
+ password: ${ACTUATOR_PASSWORD}
+ role: ACTUATOR
+server:
+ port: {{ index .Values.containerPort }}
+ tomcat:
+ max-threads: 50
+
+mso:
+ site-name: localSite
+ logPath: ./logs/nssmf
+ msb-ip: msb-iag.{{ include "common.namespace" . }}
+ msb-port: 80
+ adapters:
+ requestDb:
+ endpoint: https://so-request-db-adapter.{{ include "common.namespace" . }}:8083
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
+#Actuator
+management:
+ endpoints:
+ web:
+ base-path: /manage
+ exposure:
+ include: "*"
+ metrics:
+ se-global-registry: false
+ export:
+ prometheus:
+ enabled: true # Whether exporting of metrics to Prometheus is enabled.
+ step: 1m # Step size (i.e. reporting frequency) to use.
--- /dev/null
+# Copyright © 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: v1
+kind: ConfigMap
+metadata: {{- include "common.resourceMetadata" (dict "dot" . "suffix" "env") | nindent 2 }}
+data:
+ LOG_PATH: {{ index .Values.logPath }}
+ APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+data:
+{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
--- /dev/null
+# Copyright © 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ index .Values.replicaCount }}
+ minReadySeconds: {{ index .Values.minReadySeconds }}
+ strategy:
+ type: {{ index .Values.updateStrategy.type }}
+ rollingUpdate:
+ maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ index .Values.updateStrategy.maxSurge }}
+ template:
+ metadata:
+ labels: {{- include "common.labels" . | nindent 8 }}
+ spec:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 8 }}
+ - name: {{ include "common.name" . }}-readiness
+ command:
+ - /root/job_complete.py
+ args:
+ - --job-name
+ - {{ include "common.release" . }}-so-mariadb-config-job
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ containers:
+ - name: {{ include "common.name" . }}
+ command:
+ - sh
+ args:
+ - -c
+ - export BPEL_PASSWORD=`htpasswd -bnBC 10 "" $BPEL_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'`; export ACTUATOR_PASSWORD=`htpasswd -bnBC 10 "" $ACTUATOR_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'`; ./start-app.sh
+ image: {{ include "common.repository" . }}/{{ .Values.image }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ ports: {{- include "common.containerPorts" . | nindent 12 }}
+ env:
+ - name: DB_HOST
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.release" . }}-so-db-secrets
+ key: mariadb.readwrite.host
+ - name: DB_PORT
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.release" . }}-so-db-secrets
+ key: mariadb.readwrite.port
+ - name: DB_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 14 }}
+ - name: DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 14 }}
+ - name: DB_ADMIN_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 14 }}
+ - name: DB_ADMIN_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 14 }}
+ - name: TRUSTSTORE
+ value: {{ .Values.global.client.certs.truststore }}
+ - name: TRUSTSTORE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: trustStorePassword
+ - name: BPEL_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-bpel-creds" "key" "login") | indent 14 }}
+ - name: BPEL_PASSWORD_INPUT
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-bpel-creds" "key" "password") | indent 14 }}
+ - name: ACTUATOR_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "login") | indent 14 }}
+ - name: ACTUATOR_PASSWORD_INPUT
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "password") | indent 14 }}
+ {{- if eq .Values.global.security.aaf.enabled true }}
+ - name: KEYSTORE
+ value: {{ .Values.global.client.certs.keystore }}
+ - name: KEYSTORE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: keyStorePassword
+ {{- end }}
+ envFrom:
+ - configMapRef:
+ name: {{ include "common.fullname" . }}-env
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 12 }}
+ - name: logs
+ mountPath: /app/logs
+ - name: config
+ mountPath: /app/config
+ readOnly: true
+ - name: {{ include "common.fullname" . }}-truststore
+ mountPath: /app/client
+ readOnly: true
+ livenessProbe:
+ httpGet:
+ path: {{ index .Values.livenessProbe.path}}
+ port: {{ index .Values.containerPort }}
+ scheme: {{ index .Values.livenessProbe.scheme}}
+ initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
+ periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
+ timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}}
+ successThreshold: {{ index .Values.livenessProbe.successThreshold}}
+ failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
+ volumes: {{ include "so.certificate.volumes" . | nindent 8 }}
+ - name: logs
+ emptyDir: {}
+ - name: config
+ configMap:
+ name: {{ include "common.fullname" . }}
+ - name: {{ include "common.fullname" . }}-truststore
+ secret:
+ secretName: {{ include "common.release" . }}-so-truststore-secret
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright © 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
--- /dev/null
+# Copyright © 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.service" . }}
--- /dev/null
+# Copyright © 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+ repository: nexus3.onap.org:10001
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.2
+ persistence:
+ mountPath: /dockerdata-nfs
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-user-creds
+ name: '{{ include "common.release" . }}-so-bpmn-infra-db-user-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ passwordPolicy: required
+ - uid: db-admin-creds
+ name: '{{ include "common.release" . }}-so-bpmn-infra-db-admin-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ passwordPolicy: required
+ - uid: "so-onap-certs"
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
+ - uid: server-bpel-creds
+ name: '{{ include "common.release" . }}-so-server-bpel-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.server.bpelCredsExternalSecret) . }}'
+ login: '{{ .Values.server.bpel.username }}'
+ password: '{{ .Values.server.bpel.password }}'
+ passwordPolicy: required
+ - uid: server-actuator-creds
+ name: '{{ include "common.release" . }}-so-server-actuator-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.server.actuatorCredsExternalSecret) . }}'
+ login: '{{ .Values.server.actuator.username }}'
+ password: '{{ .Values.server.actuator.password }}'
+ passwordPolicy: required
+
+
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+repository: nexus3.onap.org:10001
+image: onap/so/nssmf-adapter:1.6.0
+pullPolicy: Always
+
+db:
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
+server:
+ actuator:
+ username: mso_admin
+ password: password1$
+ bpel:
+ username: bpel
+ password: password1$
+
+replicaCount: 1
+minReadySeconds: 10
+containerPort: 8088
+logPath: ./logs/nssmf/
+app: nssmf-adapter
+service:
+ type: ClusterIP
+ ports:
+ - name: api
+ port: 8088
+updateStrategy:
+ type: RollingUpdate
+ maxUnavailable: 1
+ maxSurge: 1
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ memory: 4Gi
+ cpu: 2000m
+ requests:
+ memory: 1Gi
+ cpu: 500m
+ large:
+ limits:
+ memory: 8Gi
+ cpu: 4000m
+ requests:
+ memory: 2Gi
+ cpu: 1000m
+ unlimited: {}
+livenessProbe:
+ path: /manage/health
+ port: 8088
+ scheme: HTTP
+ initialDelaySeconds: 600
+ periodSeconds: 60
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+ingress:
+ enabled: false
+nodeSelector: {}
+tolerations: []
+affinity: {}
--- /dev/null
+<configuration scan="false" debug="true">
+ <!--<jmxConfigurator /> -->
+ <!-- directory path for all other type logs -->
+ <property name="logDir" value="/var/log/onap" />
+ <!-- directory path for debugging type logs -->
+ <property name="debugDir" value="/var/log/onap" />
+ <!-- specify the component name
+ <ECOMP-component-name>::= "MSO" | "DCAE" | "ASDC " | "AAI" |"Policy" | "SDNC" | "AC" -->
+ <property name="componentName" value="MSO"></property>
+ <property name="subComponentName" value="nssmfadapter"></property>
+ <!-- log file names -->
+ <property name="errorLogName" value="error" />
+ <property name="metricsLogName" value="metrics" />
+ <property name="auditLogName" value="audit" />
+ <property name="debugLogName" value="debug" />
+
+ <property name="errorPattern" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%.-5level|%X{ErrorCode}|%X{ErrorDesc}|%msg%n" />
+ <property name="debugPattern" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}|%X{RequestId}|%msg%n" />
+
+ <property name="auditPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread||%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{RemoteHost}||||||||%msg%n" />
+ <property name="metricPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread||%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{RemoteHost}||||%X{TargetVirtualEntity}|||||%msg%n" />
+ <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
+ <property name="debugLogDirectory" value="${debugDir}/${componentName}/${subComponentName}" />
+
+ <!-- ============================================================================ -->
+ <!-- EELF Appenders -->
+ <!-- ============================================================================ -->
+
+ <!-- The EELFAppender is used to record events to the general application
+ log -->
+ <!-- EELF Audit Appender. This appender is used to record audit engine
+ related logging events. The audit logger and appender are specializations
+ of the EELF application root logger and appender. This can be used to segregate
+ Policy engine events from other components, or it can be eliminated to record
+ these events as part of the application root log. -->
+ <appender name="EELFAudit"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${auditLogName}${jboss.server.name}.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${auditLogName}${jboss.server.name}.log.%d</fileNamePattern>
+ <!--<maxHistory>30</maxHistory>-->
+ </rollingPolicy>
+ <encoder>
+ <pattern>${auditPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFAudit" />
+ </appender>
+
+ <appender name="EELFMetrics"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${metricsLogName}${jboss.server.name}.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${metricsLogName}${jboss.server.name}.log.%d</fileNamePattern>
+ <!--<maxHistory>30</maxHistory>-->
+ </rollingPolicy>
+ <encoder>
+ <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} -
+ %msg%n"</pattern> -->
+ <pattern>${metricPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFMetrics"/>
+ </appender>
+
+ <appender name="EELFError"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${errorLogName}${jboss.server.name}.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${errorLogName}${jboss.server.name}.log.%d</fileNamePattern>
+ <!--<maxHistory>30</maxHistory>-->
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>INFO</level>
+ </filter>
+ <encoder>
+ <pattern>${errorPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFError"/>
+ </appender>
+
+ <appender name="EELFDebug"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${debugLogDirectory}/${debugLogName}${jboss.server.name}.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${debugLogDirectory}/${debugLogName}${jboss.server.name}.log.%d</fileNamePattern>
+ <!--<maxHistory>30</maxHistory>-->
+ </rollingPolicy>
+ <encoder>
+ <pattern>${debugPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFDebug" />
+ <includeCallerData>true</includeCallerData>
+ </appender>
+
+ <!-- ============================================================================ -->
+ <!-- EELF loggers -->
+ <!-- ============================================================================ -->
+
+ <logger name="com.att.eelf.audit" level="info" additivity="false">
+ <appender-ref ref="asyncEELFAudit" />
+ </logger>
+
+ <logger name="com.att.eelf.metrics" level="info" additivity="false">
+ <appender-ref ref="asyncEELFMetrics" />
+ </logger>
+
+ <logger name="com.att.eelf.error" level="debug" additivity="false">
+ <appender-ref ref="asyncEELFError" />
+ </logger>
+ <root level="INFO">
+ <appender-ref ref="asyncEELFDebug" />
+ </root>
+
+</configuration>
ingress:
enabled: false
service:
- - baseaddr: "so"
+ - baseaddr: "so.api"
name: "so"
port: 8080
config:
requestDb:
auth: Basic YnBlbDpwYXNzd29yZDEk
+so-nssmf-adapter:
+ certSecret: *so-certs
+ db:
+ <<: *dbSecrets
+ aaf:
+ auth:
+ username: so@so.onap.org
+ password: 8DB1C939BFC6A35C3832D0E52E452D0E05AE2537AF142CECD125FF827C05A972FDD0F4700547DA
+ aai:
+ auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
+ mso:
+ key: 07a7159d3bf51a0e53be7a8f89699be7
+ config:
+ cadi:
+ aafId: so@so.onap.org
+ aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
+ apiEnforcement: org.onap.so.nssmfAdapterPerm
+ noAuthn: /manage/health
+ adapters:
+ requestDb:
+ auth: Basic YnBlbDpwYXNzd29yZDEk
+
so-vnfm-adapter:
certSecret: *so-certs
aaf:
name: "uui-server"
port: 8082
config:
- ssl: "none"
+ ssl: "redirect"
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
ingress:
enabled: false
service:
- - baseaddr: uui
+ - baseaddr: "uui.api"
name: "uui"
port: 8443
config:
- ssl: "none"
+ ssl: "redirect"
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/gvnfmdriver:1.3.8
+image: onap/vfc/gvnfmdriver:1.3.9
pullPolicy: Always
#Istio sidecar injection policy
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/nslcm:1.3.8
+image: onap/vfc/nslcm:1.3.9
pullPolicy: Always
#Istio sidecar injection policy
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/vnflcm:1.3.8
+image: onap/vfc/vnflcm:1.3.9
pullPolicy: Always
#Istio sidecar injection policy
ingress:
enabled: false
service:
- - baseaddr: "vid"
+ - baseaddr: "vid.api"
name: "vid-http"
- port: 8080
+ port: 8443
config:
- ssl: "none"
+ ssl: "redirect"
# Resource Limit flavor -By Default using small
flavor: small
service:
- baseaddr: "refrepo"
name: "refrepo"
- port: 97
+ port: 8703
config:
- ssl: "none"
+ ssl: "redirect"